Nick Sanchez
Los Angeles, California, United States
2K followers
500+ connections
About
My professional background is focused on enterprise-level project architecture and…
Experience
-
-
-
-
-
-
-
Other similar profiles
Explore more posts
-
Cole Grolmus
The Alphabet-Wiz deal would have the highest revenue multiple in the history of large cybersecurity M&A... ...but it's not entirely in a class of its own. Wiz would fall somewhere between a 45-65x multiple on current revenue (current revenue is estimated, most recent disclosure was $350M). There's one other cybersecurity transaction with a pretty similar profile: Okta's acquisition of Auth0 in 2021. The Okta-Auth0 deal had a 42.7x revenue multiple, which is easily the highest among large ($2.5B+) cybersecurity acquisitions that have actually closed. Auth0 was a clear leader in the Customer Identity (CIAM) market, which Okta estimates to have a $30B TAM. Leading the CIAM market was one of their highest strategic priorities — so they paid a 42.7x multiple to buy the emerging market leader. Sound familiar? Leading the cloud security market is one of Alphabet's highest strategic priorities — so they're willing to pay a 45x+ multiple to buy the emerging market leader. --- Situations like this are similar to CrowdStrike or Okta being taken off the board right before they went public. That didn't happen, obviously — but Wiz is the closest example we have in the industry today. Alphabet is betting they are acquiring a future CrowdStrike or Okta, and they know it takes a heavy premium to do it.
24 Comments -
Logan Bartlett
Before Andrew Bialecki took Klaviyo public and scaled it to a business currently worth over $6B, he operated with very little capital in the early days and principals around being cash flow positive. He is a first principles thinker that is both a brilliant mind and a tactical operator. Some highlights: → Hiring Entrepreneurial People Andrew prioritizes hiring curious, problem-solving individuals who take ownership. In interviews, he starts by exploring a candidate's journey from the beginning of their career - right after college - to get a comprehensive understanding of their past behaviors and skills. This provides more context than focusing solely on recent experience, which might represent less than 10% of a person's life. → Promoting Intrapreneurship Klaviyo fosters a startup-like culture by enabling employees to launch new projects, almost as mini-startups, within the company. These teams operate autonomously, with periodic reviews based on core metrics, and each team’s P&L is made visible internally. By allowing employees to sink or swim, the approach creates a sense of motivation and fast-paced innovative culture. → Klaviyo University Since employees should be invested in learning, Klaviyo provides the resources. Klaviyo started with a free-book policy and has since escalated to a full blown course catalog of core classes and electives. Every employee completes two key training sessions: one class focuses on understanding Klaviyo's users, and a writing class breaks down business jargon and reinforces effective and clear communication. Klaviyo University now offers a growing selection of electives, enabling employees to explore their interests—from machine learning to marketing—while gaining skills to level up their work. On top of Klaviyo’s pursuit to build up entrepreneurial talent internally, Klaviyo prioritizes a “eat your vegetables” philosophy. They celebrate things that suck and dive in to fix hard problems fast instead of pushing them off for later after the cool stuff gets addressed. They also take on a ship-quick mentality, as teams that do the highest quality work often launch things and get feedback most frequently. More stories from Klaviyo’s growth + insights on building culture in the full episode: https://lnkd.in/dwEbfxEE
5 Comments -
Roman Cinkais
💡 How does my PKI’s status compare to that of others? Understanding where your Public Key Infrastructure (PKI) stands compared to others can be a game-changer. It’s not just about identifying benchmarks and best practices but also uncovering areas ripe for improvement. 🌟 While it’s crucial to tailor your PKI evaluation to fit your organization’s unique needs and constraints, benchmarking against industry reports, case studies, and peer-reviewed publications can offer invaluable insights into your PKI’s performance. 📊✨ Though the PKI Consortium doesn’t publish individual maturity assessment results, we provide a vibrant community where you can exchange experiences and learn from others. Join our working groups and tap into a wealth of shared knowledge! 🤝🌐 Learn more about PKI Maturity Model: https://pkic.org/pkimm/ #pki #pkimm #pkic #maturity #improvement #assessment #benchmark #guidance PKI Consortium
-
Jacob Boggess
Based off the last couple days what I have thought for awhile is coming true... Payment orchestration is outdated😰 Don't get me wrong, orchestration is here to stay and a vital piece of payments It's simply a piece of the larger puzzle when it comes to truly owning and capitalizing on the capability of what payments can do Which makes payment optimization a much more applicable term in today's market Payment orchestration involves managing multiple payment methods, gateways, and providers in a unified manner to streamline the payment process Payment optimization focuses on maximizing the efficiency and cost-effectiveness of the payment process It involves strategies to reduce transaction costs, minimize payment failures, mitigate fraud risks, and improve authorization rates Just simply having routing logic or multiple APM's will not suffice in an ever-changing market You need data analysis, machine learning algorithms, and A/B testing to identify trends, and fine-tune payment acceptance strategies Payment orchestration and payment optimization may sound and look the same, but once you truly break it down you can see the full picture of what your payments should look like
10 Comments -
Christopher Puderbaugh
Sandboxed recommendations that are prioritized by their risk-reduction potential are part of the foundation for strategic and programmatic cyber decisions, such as those made during risk committee meetings. The outcomes of those decisions can either be technically observed (i.e., implemented and validated via integration) or provided via user feedback (i.e., silencing because of control sustainability within a given business environment). The ultimate success story for this type of capability is enabling decision-analysis across business quarters, where three very simple questions can be answered: 1) What have we done? 2) What do we need to do? 3) How are we trending? #pelloniumriskintelligence
-
Melanie Ensign
I’ve been telling folks for years to prepare for DPIAs to become public one way or another. It’s not a secret filing. Shrewd privacy and communication professionals will recognize the opportunity to counsel organizations on how to stop creating & hiding skeletons in the closet. Because when DPIAs become public, everyone will know what you know, including: - how honest & thorough you were from the jump (or did it take 5 versions to meet the requirements?) - known risks you haven’t told them about yet - how transparent you are with regulators - how you evaluate tradeoffs - if you have command of both technical & legal controls
-
Bojan Simic
For well over a decade every cyber report we see from Verizon, IBM or otherwise, it's obvious that hackers don't break in, they log in. So why do security teams continue to invest in technology and tools that protect surface areas that have a far lower likelihood of actually being exploited? The answer is obvious but not simple. Only about half of the time is the security leadership in an organization responsible for identity. Even then, change management is often times daunting for any IT or security team which results in identity security improvements being delayed time and time again. That's a big part of the reason why we continue to see massive identity security breaches. The trick is to make sure that identity security controls deliver a much better user experience than legacy methods that are being used. This is why we at HYPR have been laser focused on providing a world class user experience that results in a massive win for everyone within the organization. The HYPR solution is empirically proven to provide a massive Return on Investment (ROI) from a productivity perspective. Check our the report here - https://lnkd.in/ec2Fby8a
6 Comments -
Rick Lane
NameCheap, along with other ICANN registrar/registry contracted parties like Verisign, GoDaddy, and Tucows, filed for an exception to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which requires covered entities that are deemed critical infrastructure to report covered cyber incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA). https://lnkd.in/g2c2HUud However, as the New York Times reported, Namecheap is already putting US national security at risk and housing domain names designed to interfere with the 2024 election. Some of the Web’s Sketchiest Sites Share an Address in Iceland https://lnkd.in/eXZ-U-NP As reported by the NYT, "Because Withheld for Privacy [owned by NameCheap] uses the building’s address as a default for its clients, Kalkofnsvegur 2 has been linked to online forums used by a white supremacist group in the United States, Patriot Front, to sell counterfeit hormone drugs to trans women; to phishing sites posing as companies such as Amazon, Coinbase and Spotify to steal money and personal information from visitors; and to Russian influence campaigns intended to spread fake narratives to unsuspecting Americans. The Russian efforts, which the United States has linked to the administration of President Vladimir V. Putin, include more than 130 fake news outlets registered this year by a former deputy sheriff in Florida now living in Moscow, John Mark Dougan. Among Mr. Dougan’s latest efforts was a staged interview on the website for KBSF-TV in San Francisco — a channel that does not exist — making a bogus claim that Vice President Kamala Harris injured a girl in a hit-and-run accident in 2011." How can we give entities already undermining our national security an exception that would further damage our national security? Congress needs to investigate the current practice of ICANN and its contracted parties. #nationalsecurity #consumerharm #childsafety #fentanyl #illegaldrugs #phishing #icann #namecheap #godaddy #pir #isoc #tucows #donuts #icann
-
Anthony DeLise
Finite State's SBOM generation could help in several ways: Vulnerability Identification: Finite State’s platform creates detailed SBOMs listing all software components, including third-party libraries. Kia could have used it to identify vulnerable components earlier through Finite State’s automated analysis of known flaws and threats. Incident Response: Finite State’s SBOMs provide immediate visibility into affected software. Kia could have quickly located vulnerable components and used the platform to prioritize patches or mitigations. Patch Management: Finite State’s continuous monitoring of SBOMs enables proactive vulnerability tracking. Kia could have kept software secure by addressing newly discovered risks promptly. Compliance: Finite State’s SBOMs help meet cybersecurity standards and demonstrate compliance with regulations like the U.S. Cyber EO, building trust and accountability. Future Prevention: With Finite State’s continuous monitoring, Kia would have a clear, up-to-date view of their software supply chain, preventing similar vulnerabilities. In short, Finite State’s SBOMs offer Kia improved visibility, faster response, and enhanced security to protect against future attacks. Finite State #kia #sbom #compliance
1 Comment -
Deepfactor
🔥 Tomorrow night at 6 pm PDT, join us at the OWASP Orange County #meetup where Mike Larkin, CTO and co-founder of Deepfactor will lead the 90-minute hands-on live #workshop "Vulnerability Reachability Analysis Using OSS Tools” and will dive into: ✅ What vulnerability reachability is and why it is important ✅ Two main ways of understanding reachability (static call graphs and runtime analysis) ✅ Two short exercises for the attendees to gain hands-on experience using both types of tools against real applications with real vulnerabilities We look forward to seeing you there. Check the link in the comments for sign-ups! #AppSec #Security #Deepfactor
2 Comments -
Dorian Cougias
A new AD is available for public comments: 3946: NIST SP 800-171 Rev. 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations To post comments, create a FREE account and add comments in the box with the red balloon https://hubs.la/Q02J94Vh0 #unifiedcompliance #cybersecurity #authoritydocuments #riskmanagement
-
Stamus Networks
[From Stamus Labs] We just posted the weekly Declaration of Compromise™ (DoC) threat detection update for Clear NDR (formally Stamus Security Platform, SSP). This week there are 4 new named threat detections and enhanced detection coverage for 15 named threats. See the full list of improvements: https://hubs.la/Q031mczd0
-
Cole Grolmus
Wiz has now raised more venture capital than any cybersecurity startup in history. You probably heard the news about their $1 billion round already. It's even more significant when you zoom out and put it in historical context: → Their $1.9 billion of total financing is easily the highest amount of venture capital a cybersecurity startup has raised other than Lacework. Netskope is a distant ~$500 million behind those two. → $1 billion is the second largest individual venture round raised by a cybersecurity startup, again after Lacework's (now ominous) $1.3 billion Series D round in 2021. → This round alone was more money than any other public cybersecurity company raised *in total* before IPO. SentinelOne raised a total of $696.5 million before it went public in 2021. --- I don't know if this was part of their strategy or not, but you might have spotted a couple subtle digs at competitors with yesterday's announcement: → They raised exactly $1 million more than the total capital Lacework has raised to date. → They announced this round on the same day as the Palo Alto Networks AI security event. Gamesmanship and hype aside, this saga is really entertaining to watch if you're into the business and strategy of cybersecurity.
27 Comments -
Cole Grolmus
Everywhere you look in (and around) the cybersecurity industry right now, there's a billion-dollar-something event happening. We've had seven cybersecurity-related M&A transactions over a billion dollars already this year. Wiz raised a billion-dollar financing round. Cyera became our first new unicorn since 2022. We finally had a cybersecurity-related IPO with Rubrik going public at a $6.6 billion valuation. (Emphasis "related." Not pure cybersecurity, I know. Still worth noting, and more cybersecurity companies to come this year.) There are more companies with a billion dollars of cybersecurity revenue than ever. And the year isn't even half over yet. Each of these billion-dollar events and milestones are significant by themselves, but I think they're a sign of something more for the rest of cybersecurity industry. We're functioning in "billions" now. Billion-dollar financing rounds. Billion-dollar acquisitions. Billion-dollar revenue. There's room for the entire spectrum of companies, of course. Plenty of smaller private companies have and will keep doing just fine at the thousands-to-millions scale. But for cybersecurity companies who either are big or aspire to be, the new scale is going to be billions, capital B. There's a lot to unpack here...so I did. My latest article is about the new significance of billion-dollar scale in cybersecurity. Link in bio.
12 Comments -
David Homoney
If you or your company don't do any business selling software or hardware with embedded software to the federal government, you can be forgiven for not knowing about this. With that said, you should because, like all major regulations, they tend to get adopted elsewhere. What I am talking about is the SSDAF. This is the Secure Software Development Attestation Form put out by Cybersecurity and Infrastructure Security Agency last month. This is a sea change in how Cybersecurity is handled with the business, in the form of the CEO (or delegate), must sign the form attesting that the software developed followed secure coding practices. Check out my article that goes in-depth on the SSDAF. #wwt #wwtatc #globalcyber #appsecurity #appsec #apisecurity #aisecurity #devsecops https://lnkd.in/gZ-6MD6U
-
Tom K.
Interesting to see that not only is this company being sued for allegedly violating Texas' data privacy law, but as part of this lawsuit, it was alleged that the data broker in question did not register as a data broker in Texas [full disclosure: this is a law - SB 2105 - that I was an advisor on]. It should also be noted that the same company appears not to be registered in California as a data broker.
2 Comments -
Vladyslav Podoliako
Folderly was approved for ISO 27001 and SOC 2 Certifications 😱 Why is this an important step in email deliverability? ❗️ Unlike popular email warmup tools banned by Google, Folderly has NEVER used client data to send emails between clients to build domain reputation. Our approach that goes beyond warmup meets Google’s requirements and shows commitment to ethical and responsible data handling. By earning these certifications, Folderly assures you that: 1️⃣ We handle your data securely and responsibly. We follow strict industry-standard policies and procedures to safeguard your information from unauthorized access, misuse, or loss. 2️⃣ We are transparent and accountable. Independent auditors have examined our practices to ensure we meet the highest security expectations. 3️⃣ We have all the appropriate documentation that proves our high-security standards. 4️⃣ We assure a systematic approach to identifying, assessing, and mitigating security risks. Folderly & Google OAuth 🤝 Most email marketing solutions can access clients’ email boxes to send email interactions. It’s not secure because users give access to their login information after signing up. We’re proud to say that Folderly has the Industry-Standard Protocol For Authorization. Folderly doesn’t use clients’ mailboxes for email interactions and doesn’t have access to login data. Folderly’s users can officially use Google OAuth to grant access to their information without giving passwords. Connecting Gmail mailboxes to Folderly is now 100% safe (and hassle-free). What does it mean for Folderly users? ➡️ Streamlined authorization process. The authorization process takes 20 seconds. Once users sign in with a Google account, there’s no need to enter the app password again to access the Folderly account. With Google OAuth, it is possible in a matter of seconds. ➡️ An extra layer of security. Now, Folderly users can share specific data with the tool while keeping their sign-in information, such as usernames and passwords, private. In simple words, connecting Gmail mailboxes to Folderly is now 100% safe. I am very proud of the entire Folderly team; special thanks to Dmitry Dvornitsky for technically creating it, as this is the statement of the correct vector they have taken, although it meant losing some market share to those companies that offer a $10/warm-up tool.
3 Comments
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Nick Sanchez in United States
637 others named Nick Sanchez in United States are on LinkedIn
See others named Nick Sanchez