The Found team recorded this episode live from TechCrunch Disrupt. Dom and Becca sat down with Window Snyder, a trailblazer in the cyber security industry who has dedicated her decades-long career to ensuring the internet and our devices are secure. Snyder talked about why after years of working at companies like Apple, Microsoft, Fastly, and Square, now was the right time to launch her startup, Thistle, which looks to build the security infrastructure needed to keep internet-connected smart devices safe. Check out the UpFlip Podcast where you get to unravel how great businesses are built, how they are run behind the scenes and how their success can be replicated.
The Found team recorded this episode live from TechCrunch Disrupt. Dom and Becca sat down with Window Snyder, a trailblazer in the cybersecurity industry who has dedicated her decades-long career to ensuring the internet and our devices are secure. Snyder talked about why after years of working at companies like Apple, Microsoft, Fastly, and Square now was the right time to launch her startup, Thistle, which looks to build the security infrastructure needed to keep internet-connected smart devices safe.
They also covered:
Check out the UpFlip Podcast where you get to unravel how great businesses are built, how they are run behind the scenes and how their success can be replicated. We think you'll love episode 79 where they featured this guest who transformed his passion for gardening into a $7.3 million-a-year venture. You can find the podcast on Youtube or where ever you listen to podcasts.
Subscribe to Found to hear more stories from founders each week.
Connect with us:
Becca Szkutak 0:02
Hello, and welcome to the live recording of found at TechCrunch. Disrupt bound is TechCrunch this podcast where we bring you the stories behind the startups from the folks that are building them. And today I'm joined as always by the fabulous, my co host, Dominic, Midori, Davis,
Dom, how's your disrupt been?
Dom Davis 0:19
Not bad. What about for you?
Becca Szkutak 0:20
It's been great. I've been loving all of the panels. I've also been loving all of your outfits that you've been wearing this whole time. And Don, tell us a little bit about what we're doing today.
Dom Davis 0:33
Oh, yes, we are interviewing the amazing when the Snyder here from digital technologies. And for those of you who might not know, give you some background, she has like an insanely amazing career in security. Let's see, I'm gonna read off the rap sheet. Yes. Okay. The senior security strategist at Microsoft, where she is credited with pushing to take cybersecurity seriously, building it into Windows software. Directly. She managed the security and privacy team at Apple and was instrumental in lobbying Apple to encrypt all of its devices. She also served as security officer for companies including fastly, and was chief software security at Intel. Amazing window. Thank you so much for being here today. How was disrupting treating you?
Window Snyder 1:11
It's been great.
Becca Szkutak 1:12
What's been your favorite part?
Window Snyder 1:13
I met a robot dog and that was
Dom Davis 1:16
robot dog.
Becca Szkutak 1:17
That sounds pretty good. Oh,
Dom Davis 1:18
my goodness, was it on the leash?
Becca Szkutak 1:21
We can try to top that with what we're doing today. But we're here to talk about this little technologies. And maybe that's a good place to start. Tell us a little bit about the company.
Window Snyder 1:30
Absolutely. So at this old technologies, we're building security infrastructure for device makers. And the idea is to take these security capabilities that are hard to do, right, really easy to get wrong, and generalize them across lots of different kinds of devices to make it really easy for device developers to incorporate it into their projects.
Becca Szkutak 1:46
I know DOM read off a lot of your past work and sort of maybe the journey that led you to the company, but maybe to hear it a bit in your own words, how did you get interested in the cybersecurity space to begin with?
Window Snyder 1:57
So when I was at university, I was studying math and computer science. And I was really excited about cryptography, which led to an interest in crypt analysis. And at the same time, I was introduced to multiuser operating systems. And I was wondering, what's keeping my data separate from everyone else's with keeping my process space separate from the kernel? And back in those days, this is the mid 90s, the answer, maybe even the early 90s, the answer was not very much. And so between those two interests, it kind of led me to building tools to demonstrate how to undermine these security mechanisms within the system and met some other folks who had similar interests. And the Boston community had a very robust hacker community. So it wasn't long before I started meeting other people with similar interests. This is long before we had a security industry, there were no books to go read on this topic. There was absolutely the Wild West. But you know, a lot of those folks are still in my world today. They're still working in security and leveraging the things we discovered, developed, identified back in those days to build more robust systems today.
Dom Davis 2:56
Our colleague, Lorenzo did an amazing profile on you. And you spoke a little bit about how you were exposed to coding and computer science kind of, at a really early age. What impact did that early exposure have on you and your career? Oh,
Window Snyder 3:09
absolutely. I remember my mom sitting at the dining table, she was a programmer, she started off as a tester, she became a programmer, she would be sitting at the dining room table with the stacks of green bar. And she was a programmer who worked in COBOL. And she would be debugging with a pencil at the table, her programs, which are these, these stacks of green bar continuous feed sheets, and trying to, you know, tell me, I was interested in like, what, what does this do? What does that do, and she would tell me, but I also remember, you know, if you left it, like, stacked in the corner, I would like pick up one and, and, and spin around and like make a dress out of it. It was I was I was fascinated by but also it's, you know, huge ream of paper, kids love that. But then she also bought a ti 99 for a and it came with a book TI Basic. And I would copy in those programs, and then change things to see what would happen. And that was a lot of fun, really interesting. And yeah, that's that's how I started to learn programming.
Becca Szkutak 4:02
It sounds like your mother probably had a pretty big influence on your career. And maybe if you want to talk about that, and sort of what about what she taught, you sort of inspired you to get to where you are now? Yeah, she
Window Snyder 4:12
actually really wanted me to learn how to program computers. And at the time, I kind of, you know, as kids do, I was kind of like, no, that's not for me, I wanted, I was very interested in the humanities, I was very, I wanted to be a writer, I really liked performing I loved literature. And I thought, you know, this was boring, this is uninteresting. But she really thought that it was kind of like a second language that it would be useful in any, whatever you want to go do with your life that it would be a useful skill to have. And the way I try to explain to my kids now is kind of the way she that she explained it to me that you can learn how to use computers, and then you'd be constrained by the things that the computers already know how to do or how other people have set up the environment for you. Or you can learn how to program computers, and then you tell the computers what to do, and then possibly, of course, are endless and so that was kind of in the back of my head as I was growing up that This is, and this is always a possibility that for whatever I wanted to do that this is going to be something that I would die.
Dom Davis 5:06
What was it like navigating, learning about or teaching yourself like how to code and the world of computers and all these things back in an era where that information wasn't as accessible as it is now? Because you kind of mentioned how like, you couldn't guess you couldn't just Google something back then?
Window Snyder 5:21
No, you definitely could not. I had that one book TI Basic, which they covered programming basic, but that was very limiting. But I used to make little quizzes for the neighborhood kids like that was my idea of creating games. And then in school, we had access to these Apple twos. And remember, there's this game that had like these, it was it was all asking had pipes, and you are driving a car through a road that was constructed of ASCII pipes. And so you're trying to navigate and not hit the barriers, you hit the barriers, the game ends, and you can actually go in and edit it. And so I learned I can edit the check that determined whether or not you hit one of these barriers, and then discovered I could get to the end of the game and win by by eliminating the check for it. So this is this is my first experience with like any sort of hack that, you know, once you know how things work, you can change how they work and you know, maybe to your advantage. Now winning this way is not very compelling. But that was, you know, an area where where I was starting to realize like what the what the value of being able to understand how everything worked would open up different
Becca Szkutak 6:23
opportunities. And fast forwarding to when you decided to launch your company most curious, because you did have this long career in the space prior to that you worked multiple different companies held multiple different roles. And what made you decide to take the plunge to become an entrepreneur yourself.
Window Snyder 6:39
So I actually started companies in between, that's one of the founders at Mount Asana, which was later sold to NCC group. I did a consulting company a long time ago, even before that season, it was something that always made sense to me as kind of like I wanted to, but also having been early on it fastly haven't been early on at Mozilla, I love that environment. And I've found myself going back and forth between the companies and in startups, startups, because of course, you get to have a huge impact in the organization and potentially leverage that well beyond the organization. And then large companies again, because they have all the resources that you need in order to get something done. So there was always that kind of back and forth for me, but this company, it was because I had recently been the the seaso at Square. And prior to that fastly, the chief cybersecurity officer at Intel, and I was getting this industry scale perspective of the device space, and how all this work that we have done in the security industry, just for general purpose operating systems had not really made their way over to devices. And so I had this growing unease about how insecure devices were. And the deeper I looked, the worse it got. And so I realized that the way that we couldn't wait around, you know, decades for the devices space to catch up, because that was going to that was gonna be the painful road. And the other way that things change and security is when it gets easy enough to be able to incorporate it because it's not like we don't know what to do we know how to make these systems more resilient. But doing the work is hard. It takes a lot of time. It requires a specialized skill set that not every development organization has. So what would it take to make it easy for the devices space to catch up to the degree of security resilience that was not just appropriate for today, the threats that we see today. But these devices have incredibly long lives, they're deployed and they're in the field for a long time, like you buy a car, you drive it for 10 years, you sell it, someone else drives it for 10 years, and someone else drives over 10 years that that cars on the road for a really long time. How long is the MRI in place at the county hospital, or those systems that control power and water or Telecom, those are in place for decades. So getting to a place where we've got the security resilience we need for today is not enough, we also need to make sure that we've got the capability that allows us to maintain security resilience long term because these devices are in place for so long. So making it easy to incorporate those robust security capabilities into devices seemed to be the best way to make a significant impact on what I saw as the largest security problem out there.
Dom Davis 9:03
Why are a lot of these devices so unsecure? Well, again, it's
Window Snyder 9:07
hard to do well, it takes a lot of time, it takes the right security engineering skill set, which not every organization has on board. And also there's a gap between even if you do make space and make the effort to create the security functionality. Building a security capability from a functional perspective is really different than building it to resilience. So for example, if your security feature is encrypt the thing, you encrypt the thing, and now the thing is encrypted and you think you're done, but building it so that someone cannot easily undermine your security mechanism. The reason you're encrypting the thing is a whole other skill set. Right, you're thinking about how are the keys generated? And what's your source of randomness and where are the keys stored and how to access it like it's a set of security considerations that go well beyond the spec of you know, I encrypted the thing and the thing is done. It's it's a completely different skill set. So making space for both building the feature but also developing the capability within the engineering organization that allows you to build it to resilience is incredibly difficult. And for having worked on and built a lot of these capabilities into the Windows operating system and into iOS and OS 10. It is incredibly time intensive resource intensive. So yeah, I wanted to make sure that we could build those capabilities generalize across lots of different devices and make it easy for folks to incorporate it into their devices.
Becca Szkutak 10:21
And thinking back to when you did take the plunge to launch this whole technologies. What was the timing? Like? Why was that the right time to sort of leave what you were doing and start something new?
Window Snyder 10:31
Well, it probably wasn't the right time, it was right in the middle of the pandemic. And it was, it felt like an insane time to go go do something new. But it also felt like this was the right time in terms of the problem was painful enough that it felt like the industries that made devices have high security requirements. So like industrial manufacturing, and automotive aviation, space, power and water telecom. Well, this industry, as I mentioned before, medical devices, financial transaction systems, they recognize that they have high security requirements, but they also need to have enough of an incentive to make that investment in improving the security of these devices. So it's both seeing that the there's a growing number of attacks on these systems, and a lot of security researchers who are invested in demonstrating vulnerability on these systems so that we, as an industry recognized there's a problem recognize the impact of these problems. So those kinds of things were developing at the same time. For me personally, I was trying to figure out how to make a significant impact on something I thought was going to be the most significant security problem out there. So those kinds of things converged from from I was like, this is the right time, I've got the right skill set for this. I want to make a meaningful impact on this problem.
Dom Davis 11:36
I imagine because of you know, your amazing career, fundraising was probably easy. But also during the pandemic, it was probably how was fundraising,
Window Snyder 11:44
Nothing's easy. No, I don't like fundraising is easy for anyone. I hear people saying like, Oh, in 2021, you could have stumbled into the wrong conference room. And like, walked out with a term sheet like that was not how it was for me. But fortunately, I did have, you know, an amazing introduction to True Ventures, and they've been an amazing partner. So I would say like convincing folks that this is a big problem, that was not hard, convincing folks that I had the right skill set that was required to go and do this, that was not hard. But demonstrating that this is a problem that the rest of the industry recognizes that they're going to want to leverage these capabilities in order to improve the security of their products. That's been the place where I needed to, you know, help folks recognize that that the industry is ready for this. And so that's been the challenge. But it's gets easier and easier every day, as as well. First of all, as the company gets larger. And second of all, as the industry demonstrates, daily, how important it is this capability for these kinds of devices.
Becca Szkutak 12:44
And you've worked at companies of all different sizes. And as you mentioned a little bit earlier, obviously working at a startup, it's very different than working out one of those larger companies that has resources and other things available. What's one thing you learned working at, say, Apple, or Microsoft, or one of those big companies with a lot of resources that you hope to sort of implement with this old technologies?
Window Snyder 13:05
Absolutely. So one of the things that I learned at Apple is how important it is for things to be easy, and how to make things easy and easy as hard, easy as the hardest thing, you have no idea how much work goes into making something easy until you attempt to do it yourself. And so all these security capabilities that we incorporated into Apple devices are incredibly sophisticated, but require very little user interaction or very little user investment, right, they just kind of happen underneath the surface. And so trying to figure out how to do that, for developers how to make it easy to incorporate the security capabilities is a huge challenge. But it's been something that is core to what we're doing that we want to make it well easy in order to bring these really sophisticated capabilities into the product. So that's something I brought along with me and then from fastly, their developer community is the reason that fastly is so successful, being able to support developers and solve a problem for them, make it easy for them to get their job done to solve a problem. For them. That's been an issue. We want to build that developer community want to solve a real problem for developers, we want to make it easy for them to both test their devices and also incorporate these capabilities, and build a developer community that supports each other and gives us the feedback we need in order to continue to deliver a great experience for them.
Becca Szkutak 14:21
And what's the challenge you've come across so far in building this technology is that you feel like you've really been able to overcome and can look back on when you sort of hit those hurdles on the line
Window Snyder 14:31
will go to market is a bit of a challenge, especially for devices because in any space, even if folks need this, they don't necessarily, you know, sort of encountered them at the exact right moment when they need it. So we're having conversation. They're like, this is fantastic. We love this. Let's go talk about this and nine months. I'm like, Okay, we'll talk to you for nine months, but nine months is not ideal for a seed stage startup. So trying to figure out like how to find folks at the right time, how to make sure we're delivering something that they need was a challenge that we had early on, but recognizing that were small, they were excited about it was a really compelling point. But trying to figure out how to get in at the right time was difficult. So we decided to go hardware first. So instead of, let's say, going through a specific industry where they may or may not have, they would have like, let's say, like a single industry, like industrial manufacturing, they are all using different hardware platforms. So even though we can really easily port what we're doing to lots of different kinds of hardware platforms, that's a kind of big step for them to take that, indeed, we want this capability. But also we are willing to take, you know, wait for you to move it over to port it over to our platform. That's a little bit of a leap that they have to take, whereas going hardware first through our partnership with Infineon were able to build specifically to this chip the Infineon optical trust em, and the folks who are using this chip have already made a decision to incorporate some security capabilities, because that's why you buy this chip. And then being able to deliver a software capability that's, that works for them off the shelf with a part that they've already incorporated into their project means that it's really easy for them to then then say, Okay, well, we this is on our roadmap, and you're cutting out a significant amount of developer time for us, that's a really easy transition, compared to all the steps you'd have to make otherwise, if it's, if it's not already on your on your platform. And how big
Dom Davis 16:13
is your team right now?
Window Snyder 16:15
We're six people, six people, yeah,
Dom Davis 16:18
oh, my goodness, how would you describe your leadership style,
Window Snyder 16:22
I would say there's a lot of trust involved. I mean, we're all very senior folks, there's a lot of autonomy, and there has to be because we're a really small team, that making sure that folks have what they need in order to be successful, and then letting them be successful. Like I'm trying to remove obstacles for them, I'm trying to give them the resources that they need. But they're all very senior folks. So they operate a lot of autonomy. And I trust that they are able to do what they need to do that they have ownership over certain components, that they make technical decisions within their sphere. And, you know, it's it's working well, for us, I feel like we've got an amazing team. This is, I mean, some of the folks that I get to work with, I'm just so amazed that they decided to get in the boat with me on this journey. And it's, it's been an amazing experience.
Dom Davis 17:05
Yeah, and kind of on that, is there any particular way in which you mapped out the company culture you want it to have and foster and to keep employees motivated?
Window Snyder 17:13
Yeah, I would describe this as respect. It's kind of just the other that that we don't send mail, after work hours, we don't have meetings late or early, someone says, I need this time blocked out because I do pick up. We respect it. And I think I've been in, especially startups where it's been kind of grind all the time, like 50 6070 hours. It's, it's soul crushing, and it's not sustainable. And I know that this is a long road. So making sure that I was building a company that was going to be able to sustain the work that we needed meant that we were creating a culture where we weekends, or weekends and evenings are are not for work, it's demonstrating that I have respect for you that I'm not trying to engage with you, at six o'clock, seven o'clock in the evening. And so that's something that we've really held as a critical boundary. And I feel like it's been a key part of our success.
Becca Szkutak 18:11
And something I'm always curious about is more of the personal journey involved with being an entrepreneur. Obviously, working in building a startup is so much different on a personal level, and sort of the toll it takes on a person than it is working at a company that has systems. You don't have to wear 10,000 hats when you are working at a big company with a specific role in a way that startups you do. And how has it been building physical technologies for you more on that personal side,
Window Snyder 18:36
it's been really gratifying to see that like something you build come together, it starts off as an idea. And maybe it keeps coming back up so that for me, it's like I had this idea, but it kept coming back to the foreground. And as I saw more and more about the devices space, it developed a sense of urgency around it. And then I started talking to a bunch of developers and saying, like, hey, is this something that would help you with this something that you'd value, and then talking to investors about what I thought the industry needed and how I wanted to go about it. And then talking to engineers, about joining the company and getting folks on board and seeing what they got excited about the the journey of turning it from something that that you recognize as a problem to an idea to manifesting it in the world, to an actual product that actually is solving a problem for a customer that has been incredibly satisfying. And you own every roll, you own every hat until you manage to, you know, hire someone and hand it off. So it's, it's incredibly stressful, and you spend a lot more time doing things that you don't realize are going to occupy all of your time, like fundraising. But it's so gratifying to have it exist in the world. What was previously just a pain point, and then an idea, and now an actual company and a product.
Becca Szkutak 19:52
I think we just have time for one last quick question, but what are you most excited about for the future of this whole Technologies?
Window Snyder 19:58
I'm excited for Getting our product into developer hands getting more and more feedback, refining the product, finding more ways to make these security capabilities easier bringing more and more security capabilities to these device makers so that we can build security resilience across lots of different kinds of devices and make it so easy that becomes the default to have these kinds of security capabilities in your products.
Becca Szkutak 20:22
Definitely. And that pretty much puts us at time so everyone joined me and thinking Windows better for joining us today. Founders hosted by myself. TechCrunch Senior Reporter Becca Skuta, alongside Senior Reporter Dominique Midori Davis founders produced by Maggie Stamets with editing by Cal our Illustrator is Bryce Durbin phones, audience development and social media is managed by Morgan Liddell Alisa stringer and Natalie Kreisman TechCrunch is audio products are managed by Henry pic of it. Thanks for listening, and we'll be back next week.
Transcribed by https://otter.ai