(upbeat music) >> Hey everyone, welcome to this CUBE conversation. I'm John Furrier, your host of theCUBE here in Palo Alto, California. We've got Sam Kassoumeh, co-founder and chief operating office at SecurityScorecard here remotely coming in. Thanks for coming on Sam. Security, Sam. Thanks for coming on. >> Thank you, John. Thanks for having me. >> Love the security conversations. I love what you guys are doing. I think this idea of managed services, SaaS. Developers love it. Operation teams love getting into tools easily and having values what you guys got with SecurityScorecard. So let's get into what we were talking before we came on. You guys have a unique solution around ratings, but also it's not your grandfather's pen test want to be security app. Take us through what you guys are doing at SecurityScorecard. >> Yeah. So just like you said, it's not a point in time assessment and it's similar to a traditional credit rating, but also a little bit different. You can really think about it in three steps. In step one, what we're doing is we're doing threat intelligence data collection. We invest really heavily into R&D function. We never stop investing in R&D. We collect all of our own data across the entire IPV force space. All of the different layers. Some of the data we collect is pretty straightforward. We might crawl a website like the example I was giving. We might crawl a website and see that the website says copyright 2005, but we know it's 2022. Now, while that signal isn't enough to go hack and break into the company, it's definitely a signal that someone might not be keeping things up to date. And if a hacker saw that it might encourage them to dig deeper. To more complex signals where we're running one of the largest DNS single infrastructures in the world. We're monitoring command and control malware and its behaviors. We're essentially collecting signals and vulnerabilities from the entire IPV force space, the entire network layer, the entire web app player, leaked credentials. Everything that we think about when we talk about the security onion, we collect data at each one of those layers of the onion. That's step one. And we can do all sorts of interesting insights and information and reports just out of that thread intel. Now, step two is really interesting. What we do is we go identify the attack surface area or what we call the digital footprint of any company in the world. So as a customer, you can simply type in the name of a company and we identify all of the domains, sub domains, subsidiaries, organizations that are identified on the internet that belong to that organization. So every digital asset of every company we go out and we identify that and we update that every 24 hours. And step three is the rating. The rating is probabilistic and it's deterministic. The rating is a benchmark. We're looking at companies compared to their peers of similar size within the same industry and we're looking at how they're performing. And it's probabilistic in the sense that companies that have an F are about seven to eight times more likely to experience a breach. We're an A through F scale, universally understood. Ds and Fs, more likely to experience a breach. A's we see less breaches now. Like I was mentioning before, it doesn't mean that an F is always going to get hacked or an A can never get hacked. If a nation state targets an A, they're going to eventually get in with enough persistence and budget. If the pizza shop on the corner has an F, they may never get hacked because no one cares, but natural correlation, more doors open to the house equals higher likelihood someone unauthorized is going to walk in. So it's really those three steps. The collection, we map it to the surface area of the company and then we produce a rating. Today we're rating about 12 million companies every single day. >> And how many people do you have as customers? >> We have 50,000 organizations using us, both free and paid. We have a freemium tier where just like Yelp or a LinkedIn business profile. Any company in the world has a right to go claim the score. We never extort companies to fix the score. We never charge a company to see the score or fix it. Any company in a world without paying us a cent can go in. They can understand what we're seeing about them, what a hacker could see about their environment. And then we empower them with the tools to fix it and they can fix it and the score will go up. Now companies pay us because they want enterprise capabilities. They want additional modules, insights, which we can talk about. But in total, there's about 50,000 companies that at any given point in time, they're monitoring about a million and a half organizations of the 12 million that we're rating. It sounds like Google. >> If you want to look at it. >> Sounds like Google Search you got going on there. You got a lot of search and then you create relevance, a score, like a ranking. >> That's precisely it. And that's exactly why Google ventures invested in us in our Series B round. And they're on our board. They looked and they said, wow, you guys are building like a Google Search engine over some really impressive threat intelligence. And then you're distilling it into a score which anybody in the world can easily understand. >> Yeah. You obviously have page rank, which changed the organic search business in the late 90s, early 2000s and the rest is history. AdWords. >> Yeah. >> So you got a lot of customer growth there potentially with the opt-in customer view, but you're looking at this from the outside in. You're looking at companies and saying, what's your security posture? Getting a feel for what they got going on and giving them scores. It sounds like it's not like a hacker proof. It's just more of a indicator for management and the team. >> It's an indicator. It's an indicator. Because today, when we go look at our vendors, business partners, third parties were flying blind. We have no idea how they're doing, how they're performing. So the status quo for the last 20 years has been perform a risk assessments, send a questionnaire, ask for a pen test and an audit evidence. We're trying to break that cycle. Nobody enjoys it. They're long tail. It's a trust without verification. We don't really like that. So we think we can evolve beyond this point in time assessment and give a continuous view. Now, today, historically, we've been outside in. Not intrusive, and we'll show you what a hacker can see about an environment, but we have some cool things percolating under the hood that give more of a 360 view outside, inside, and also a regulatory compliance view as well. >> Why is the compliance of the whole third party thing that you're engaging with important? Because I mean, obviously having some sort of way to say, who am I dealing with is important. I mean, we hear all kinds of things in the security landscape, oh, zero trust, and then we hear trust, supply chain, software risk, for example. There's a huge trust factor there. I need to trust this tool or this container. And then you got the zero trust, don't trust anything. And then you've got trust and verify. So you have all these different models and postures, and it just seems hard to keep up with. >> Sam: It's so hard. >> Take us through what that means 'cause pen tests, SOC reports. I mean the clouds help with the SOC report, but if you're doing agile, anything DevOps, you basically would need to do a pen test like every minute. >> It's impossible. The market shifted to the cloud. We watched and it still is. And that created a lot of complexity, not to date myself. But when I was starting off as a security practitioner, the data center used to be in the basement and I would have lunch with the database administrator and we talk about how we were protecting the data. Those days are long gone. We outsource a lot of our key business practices. We might use, for example, ADP for a payroll provider or Dropbox to store our data. But we've shifted and we no longer no who that person is that's protecting our data. They're sitting in another company in another area unknown. And I think about 10, 15 years ago, CISOs had the realization, Hey, wait a second. I'm relying on that third party to function and operate and protect my data, but I don't have any insight, visibility or control of their program. And we were recommended to use questionnaires and audit forms, and those are great. It's good hygiene. It's good practice. Get to know the people that are protecting your data, ask them the questions, get the evidence. The challenge is it's point in time, it's limited. Sometimes the information is inaccurate. Not intentionally, I don't think people intentionally want to go lie, but Hey, if there's a $50 million deal we're trying to close and it's dependent on checking this one box, someone might bend a rule a little bit. >> And I said on theCUBE publicly that I think pen test reports are probably being fudged and dates being replicated because it's just too fast. And again, today's world is about velocity on developers, trust on the code. So you got all kinds of trust issues. So I think verification, the blue check mark on Twitter kind of thing going on, you're going to see a lot more of that and I think this is just the beginning. I think what you guys are doing is scratching the surface. I think this outside in is a good first step, but that's not going to solve the internal problem that still coming and have big surface areas. So you got more surface area expanding. I mean, IOT's coming in, the Edge is coming fast. Never mind hybrid on-premise cloud. What's your organizations do to evaluate the risk and the third party? Hands shaking, verification, scorecards. Is it like a free look here or is it more depth to it? Do you double click on it? Take us through how this evolves. >> John it's become so disparate and so complex, Because in addition to the market moving to the cloud, we're now completely decentralized. People are working from home or working hybrid, which adds more endpoints. Then what we've learned over time is that it's not just a third party problem, because guess what? My third parties behind the scenes are also using third parties. So while I might be relying on them to process my customer's payment information, they're relying on 20 vendors behind the scene that I don't even know about. I might have an A, they might have an A. It's really important that we expand beyond that. So coming out of our innovation hub, we've developed a number of key capabilities that allow us to expand the value for the customer. One, you mentioned, outside in is great, but it's limited. We can see what a hacker sees and that's helpful. It gives us pointers where to maybe go ask double click, get comfort, but there's a whole nother world going on behind the firewall inside of an organization. And there might be a lot of good things going on that CISO security teams need to be rewarded for. So we built an inside module and component that allows teams to start plugging in the tools, the capabilities, keys to their cloud environments. And that can show anybody who's looking at the scorecard. It's less like a credit score and more like a social platform where we can go and look at someone's profile and say, Hey, how are things going on the inside? Do they have two-factor off? Are there cloud instances configured correctly? And it's not a point in time. This is a live connection that's being made. This is any point in time, we can validate that. The other component that we created is called an evidence locker. And an evidence locker, it's like a secure vault in my scorecard and it allows me to upload things that you don't really stand for or check for. Collateral, compliance paperwork, SOC 2 reports. Those things that I always begrudgingly email. I don't want to share with people my trade secrets, my security policies, and have it sit on their exchange server. So instead of having to email the same documents out, 300 times a month, I just upload them to my evidence locker. And what's great is now anybody following my scorecard can proactively see all the great things I'm doing. They see the outside view. They see the inside view. They see the compliance view. And now they have the holy grail view of my environment and can have a more intelligent conversation. >> Access to data and access methods are an interesting innovation area around data lineage. Tracing is becoming a big thing. We're seeing that. I was just talking with the Snowflake co-founder the other day here in theCUBE about data access and they're building a proprietary mesh on top of the clouds to figure out, Hey, I don't want to give just some tool access to data because I don't know what's on the other side of those tools. Now they had a robust ecosystem. So I can see this whole vendor risk supply chain challenge around integration as a huge problem space that you guys are attacking. What's your reaction to that? >> Yeah. Integration is tricky because we want to be really particular about who we allow access into our environment or where we're punching holes in the firewall and piping data out out of the environment. And that can quickly become unwieldy just with the control that we have. Now, if we give access to a third party, we then don't have any control over who they're sharing our information with. When I talk to CISOs today about this challenge, a lot of folks are scratching their head, a lot of folks treat this as a pet project. Like how do I control the larger span beyond just the third parties? How do I know that their software partners, their contractors that they're working with building their tools are doing a good job? And even if I know, meaning, John, you might send me a list of all of your vendors. I don't want to be the bad guy. I don't really have the right to go reach out to my vendors' vendors knocking on their door saying, hi, I'm Sam. I'm working with John and he's your customer. And I need to make sure that you're protecting my data. It's an awkward chain of conversation. So we're building some tools that help the security teams hold the entire ecosystem accountable. We actually have a capability called automatic vendor discovery. We can go detect who are the vendors of a company based on the connections that we see, the inbound and outbound connections. And what often ends up happening John is we're bringing to the attention to our customers, awareness about inbound and outbound connections. They had no idea existed. There were the shadow IT and the ghost vendors that were signed without going through an assessment. We detect those connections and then they can go triage and reduce the risk accordingly. >> I think that risk assessment of vendors is key. I was just reading a story about this, about how a percentage, I forget the number. It was pretty large of applications that aren't even being used that are still on in companies. And that becomes a safe haven for bad actors to hang out and penetrate 'cause they get overlooked 'cause no one's using them, but they're still online. And so there's a whole, I called cleaning up the old dead applications that are still connected. >> That happens all the time. Those applications also have applications that are dead and applications that are alive may also have users that are dead as well. So you have that problem at the application level, at the user level. We also see a permutation of what you describe, which is leftover artifacts due to configuration mistakes. So a company just put up a new data center, a satellite office in Singapore and they hired a team to go install all the hardware. Somebody accidentally left an administrative portal exposed to the public internet and nobody knew the internet works, the lights are on, the office is up and running, but there was something that was supposed to be turned off that was left turned on. So sometimes we bring to company's attention and they say, that's not mine. That doesn't belong to me. And we're like, oh, well, we see some reason why. >> It's his fault. >> Yeah and they're like, oh, that was the contractor set up the thing. They forgot to turn off the administrative portal with the default login credentials. So we shut off those doors. >> Yeah. Sam, this is really something that's not talked about a lot in the industry that we've become so reliant on managed services and other people, CISOs, CIOs, and even all departments that have applications, even marketing departments, they become reliant on agencies and other parties to do stuff for them which inherently just increases the risk here of what they have. So there inherently could be as secure as they could be, but yet exposed completely on the other side. >> That's right. We have so many virtual touch points with our partners, our vendors, our managed service providers, suppliers, other third parties, and all the humans that are involved in that mix. It creates just a massive ripple effect. So everybody in a chain can be doing things right. And if there's one bad link, the whole chain breaks. I know it's like the cliche analogy, but it rings true. >> Supply chain trust again. Trust who you trust. Let's see how those all reconcile. So Sam, I have to ask you, okay, you're a former CISO. You've seen many movies in the industry. Co-founded this company. You're in the front lines. You've got some cool things happening. I can almost imagine the vision is a lot more than just providing a rating and score. I'm sure there's more vision around intelligence, automation. You mentioned vault, wallet capabilities, exchanging keys. We heard at re:Inforce automated reasoning, metadata reasoning. You got all kinds of crypto and quantum. I mean, there's a lot going on that you can tap into. What's your vision where you see SecurityScorecard going? >> When we started the company, the rating was the thing that we sold and it was a language that helped technical and non-technical folks alike level the playing field and talk about risk and use it to drive their strategy. Today, the rating just opens the door to that discussion and there's so much additional value. I think in the next one to two years, we're going to see the rating becomes standardized. It's going to be more frequently asked or even required or leveraged by key decision makers. When we're doing business, it's going to be like, Hey, show me your scorecard. So I'm seeing the rating get baked more and more the lexicon of risk. But beyond the rating, the goal is really to make a world a safer place. Help transform and rise the tide. So all ships can lift. In order to do that, we have to help companies, not only identify the risk, but also rectify the risk. So there's tools we build to really understand the full risk. Like we talked about the inside, the outside, the fourth parties, fifth parties, the real ecosystem. Once we identified where are all the Fs and bad things, will then what? So couple things that we're doing. We've launched a pro serve arm to help companies. Now companies don't have to pay to fix the score. Anybody, like I said, can fix the score completely free of charge, but some companies need help. They ask us and they say, Hey, I'm looking for a trusted advisor. A Sherpa, a guide to get me to a better place or they'll say, Hey, I need some pen testing services. So we've augmented a service arm to help accelerate the remediation efforts. We're also partnered with different industries that use the rating as part of a larger picture. The cyber rating isn't the end all be all. When companies are assessing risk, they may be looking at a financial ratings, ESG ratings, KYC AML, cyber security, and they're trying to form a complete risk profile. So we go and we integrate into those decision points. Insurance companies, all the top insurers, re-insurers, brokers are leveraging SecurityScorecard as an ingredient to help underwrite for cyber liability insurance. It's not the only ingredient, but it helps them underwrite and identify the help and price the risk so they can push out a policy faster. First policy is usually the one that's signed. So time to quote is an important metric. We help to accelerate that. We partner with credit rating agencies like Fitch, who are talking to board members, who are asking, Hey, I need a third party, independent verification of what my CISO is saying. So the CISO is presenting the rating, but so are the proxy advisors and the ratings companies to the board. So we're helping to inform the boards and evolve how they're thinking about cyber risk. We're helping with the insurance space. I think that, like you said, we're only scratching the surface. I can see, today we have about 50,000 companies that are engaging a rating and there's no reason why it's not going to be in the millions in just the next couple years here. >> And you got the capability to bring in more telemetry and see the new things, bring that into the index, bring that into the scorecard and then map that to potential any vulnerabilities. >> Bingo. >> But like you said, the old days, when you were dating yourself, you were in a glass room with a door lock and key and you can see who's two folks in there having lunch, talking database. No one's going to get hurt. Now that's gone, right? So now you don't know who's out there and machines. So you got humans that you don't know and you got machines that are turning on and off services, putting containers out there. Who knows what's in those payloads. So a ton of surface area and complexity to weave through. I mean only is going to get done with automation. >> It's the only way. Part of our vision includes not attempting to make a faster questionnaire, but rid ourselves of the process all altogether and get more into the continuous assessment mindset. Now look, as a former CISO myself, I don't want another tool to log into. We already have 50 tools we log into every day. Folks don't need a 51st and that's not the intent. So what we've done is we've created today, an automation suite, I call it, set it and forget it. Like I'm probably dating myself, but like those old infomercials. And look, and you've got what? 50,000 vendors business partners. Then behind there, there's another a hundred thousand that they're using. How are you going to keep track of all those folks? You're not going to log in every day. You're going to set rules and parameters about the things that you care about and you care depending on the nature of the engagement. If we're exchanging sensitive data on the network layer, you might care about exposed database. If we're doing it on the app layer, you're going to look at application security vulnerabilities. So what our customers do is they go create rules that say, Hey, if any of these companies in my tier one critical vendor watch list, if they have any of these parameters, if the score drops, if they drop below a B, if they have these issues, pick these actions and the actions could be, send them a questionnaire. We can send the questionnaire for you. You don't have to send pen and paper, forget about it. You're going to open your email and drag the Excel spreadsheet. Those days are over. We're done with that. We automate that. You don't want to send a questionnaire, send a report. We have integrations, notify Slack, create a Jira ticket, pipe it to ServiceNow. Whatever system of record, system of intelligence, workflow tools companies are using, we write in and allow them to expedite the whole. We're trying to close the window. We want to close the window of the attack. And in order to do that, we have to bring the attention to the people as quickly as possible. That's not going to happen if someone logs in every day. So we've got the platform and then that automation capability on top of it. >> I love the vision. I love the utility of a scorecard, a verification mark, something that could be presented, credential, an image, social proof. To security and an ongoing way to monitor it, observe it, update it, add value. I think this is only going to be the beginning of what I would see as much more of a new way to think about credentialing companies. >> I think we're going to reach a point, John, where and some of our customers are already doing this. They're publishing their scorecard in the public domain, not with the technical details, but an abstracted view. And thought leaders, what they're doing is they're saying, Hey, before you send me anything, look at my scorecard securityscorecard.com/securityrating, and then the name of their company, and it's there. It's in the public domain. If somebody Googles scorecard for certain companies, it's going to show up in the Google Search results. They can mitigate probably 30, 40% of inbound requests by just pointing to that thing. So we want to give more of those tools, turn security from a reactive to a proactive motion. >> Great stuff, Sam. I love it. I'm going to make sure when you hit our site, our company, we've got camouflage sites so we can make sure you get the right ones. I'm sure we got some copyright dates. >> We can navigate the decoys. We can navigate the decoys sites. >> Sam, thanks for coming on. And looking forward to speaking more in depth on showcase that we have upcoming Amazon Startup Showcase where you guys are going to be presenting. But I really appreciate this conversation. Thanks for sharing what you guys are working on. We really appreciate. Thanks for coming on. >> Thank you so much, John. Thank you for having me. >> Okay. This is theCUBE conversation here in Palo Alto, California. Coming in from New York city is the co-founder, chief operating officer of securityscorecard.com. I'm John Furrier. Thanks for watching. (gentle music)

>> Narrator: Live from Miami, Florida, it's The Cube. Covering IBM's Data in AI Forum, brought to you by IBM. >> Welcome back to Miami, everybody. You're watching The Cube, the leader in live tech coverage. We're here covering the IBM Data and AI Forum. Scott Buckles is here to my right. He's the business unit executive at IBM and long time Cube alum, Daniel Hernandez is the Vice President of Data and AI group. Good to see you guys, thanks for coming on. >> Thanks for having us. >> Good to see you. >> You're very welcome. We're going to talk about data ops, kind of accelerating the journey to AI around data ops, but what is data ops and how does it fit into AI? Daniel, we'll start with you. >> There's no AI without data. You've got data science to help you build AI. You've got dev ops to help you build apps. You've got nothing to basically help you prepare data for AI. Data ops is the equivalent of dev ops, but for delivering AI ready data. >> So, how are you, Scott, dealing with this topic with customers, is it resonating? Are they leaning into it, or are they saying, "what?" >> No, it's absolutely resonating. We have a lot of customers that are doing a lot of good things on the data science side. But, trying to get the right data at the right people, and do it fast, is a huge problem. They're finding they're spending too much time prepping data, getting the data into the models, and they're not spending enough time failing fast with some of those models, or getting the models that they need to put in production into production fast enough. So, this absolutely resonates with them because I think it's been confusing for a long time. >> So, AI's scary to a lot of people, right? It's a complicated situation, right? And how do you make it less scary? >> Talk about problems that can be solved with it, basically. You want a better customer experience in your contact center, you want a similarly amazing experience when they're interacting with you on the web. How do you do that? AI is simply a way to get it done, and a way to get it done exceptionally well. So, that's how I like to talk about it. I don't start with here's AI, tell me what problems you can solve. Here are the problems you've got, and where appropriate, here's where AI can help. >> So what are some of your favorite problems that you guys are solving with customers. >> Customer and employee care, which, basically, is any business that does business has customers. Customer and employee care are huge a problem space. Catching bad people, financial crimes investigation is a huge one. Fraud, KYC AML as an example. >> National security, things like that, right? >> Yeah. >> You spend all your time with customers, what else? >> Well, customer experience is probably the one that we're seeing the most. The other is being more efficient. Helping businesses solve those problems quicker, faster. Try to find new avenues for revenue. How to cut costs out of their organization, out of their run time. Those are the ones that we see the most. >> So when you say customer experience, immediately chat bots jumps into my head. But I know we're talking more than, sort of a, transcends chat bots, but double click on customer experience, how are people applying machine intelligence to improve customer experience? >> Well, when I think of it, I think about if you call in to Delta, and you have one bad experience, or your airline, whatever that airline may be, that that customer experience could lead to losing that customer forever, and there used to be an old adage that you have one bad experience and you tell 10 people about it, you have a good one, and you tell one person, or two peoples. So, getting the right data to have that experience is where it becomes a challenge and we've seen instances where customers, or excuse me, organizations are literally trying to find the data on the screen while the customer is on hold. So, they're saying, "can I put you on hold?" and they're trying to go out and find it. So, being able to automate finding that data, getting it in the right hands, to the right people, at the right time, in moment's notice, is a great opportunity for AI and machine learning, and that's an example of how we do it. >> So, from a technical standpoint, Daniel, you guys have this IBM Cloud Pak for Data that's going to magic data virtualization thing. Let's take an example that Scott just gave us, think of an airline. I love my mobile app, I can do everything on my mobile app, except there are certain things I can't do, I have to go to the website. There are certain things I have to do with e-commerce that I have to go to the website that I can't do. Sometimes watching a movie, I can't order a movie from the app, I have to go to website, the URL, and order it there and put it on my watch list. So, I presume that there's some technical debt in each of those platforms, and there's no way to get the data from here, and the data from here talking to each other. Is that the kind of problem that you're solving? >> Yes, and in this particular case, you're actually touching on what we mean by customer and employee care everywhere. The interaction you have on your phone should be the same as the interaction and the kind of response on the web, which should be the same, if not better, when you're talking to a human being. How do you have the exceptional customer and employee care, all channels. Today, say the art is, I've got a specific experience for my phone, a specific experience for my website, a specific, different experience in my contact center. The whole work we're doing around Watson Assistant, and it as a virtual assistant, is to be that nervous system that underpins all channels, and with Cloud Pak for Data, we can deliver it anywhere. You want to run your contact center on an IBM Cloud? Great. You want to run it on Amazon, Azure, Google, your own private center, or everything in between, great. Cloud Pak for Data is how you get Watson Assistant, the rest of Watson and our data stack anywhere you want, so you can deliver that same consistent, amazing experience, all channels, anywhere. >> And I know the tone of my question was somewhat negative, but I'm actually optimistic, and there's a couple examples I'll give. I remember Bill Belichick one time said, "Agh, the weather, it can't ever get the weather right," this is probably five, six years ago. Actually, they do pretty well with the weather compared to 10 or 15 years ago. The other is fraud detection. In the last 10 years, fraud detection has become so much better in terms of just the time it takes to identify a fraud, and the number of false positives. Even in the last, I'd say, 12 to 18 months, false positives are way down. I think that's machine intelligence, right? >> I mean, if you're using business rules, they're not way down. They're still way up. If you're using more sophisticated techniques, that are depending upon the operational data to be trained, then they should be way down. But, there is still a lot of these systems that are based on old school business rules that can't keep up. They're producing alerts that, in many cases, are ignored, and because they're ignored, you're susceptible to bad issues. With, especially AI based techniques for fraud detection, you better have good data to train this stuff, which gets back to the whole data ops thing, and training those with good data, which data ops can help you get done. >> And a key part to data ops is the people and the process. It's not just about automating things and automating the data to get it in the right place. You have to modernize those business processes and have the right skills to be able to do that as well. Otherwise, you're not going to make the progress. You're not going to reap the benefits. >> Well, that was actually my next question. What about the people and the process? We were talking before, off camera, about our PA, and he's saying "pave the cow path." But sometimes you actually have to re-engineer the process and you might not have the skill set. So it's people and process, and then technology you lay in. And we've always talked about this, technology is always going to change. Smart technologists will figure it out. But, the people and the process, that's the hardest part. What are you seeing in the field? >> We see a lot of customers struggling with the people and process side, for a variety of reasons. The technology seems to be the focus, but when we talk to customers, we spend a lot of time saying, "well, what needs to change in your business process "when this happens? "How do those business rules need to change "so you don't get those false positives?" Because it doesn't matter at the end of the day. >> So, can we go back to the business rules thing? So, it sounds like the business rules are sort of an outdated, policy based, rigid sort of structure that's enforced no matter what. Versus machine intelligence, which can interpret situations on the fly, but can you add some color to that and explain the difference between what you call sort of business rules based versus AI based. >> So the AI based ones, in this particular case, probably classic statistical machine learning techniques, to do something like know who I am, right? My name is Danny Hernandez, if you were to Google Danny Hernandez, the number one search result is going to be a rapper. There is a rapper that actually just recently came out, he's not even that good, but he's a new one. A statistical machine learning technique would be able to say, "all right, given Daniel "and the context information I know about him, "when I look for Daniel Hernandez, "and I supplement the identity with that "contextual information, it means it's one of "the six that work at IBM." Right? >> Not the rapper. >> Not the rapper. >> Not the rapper. >> Exactly. I don't mind being matched with a rapper, but match me with a good rapper. >> All you've got to do is search Daniel Hernandez and The Cube and you'll find him. >> Ha, right. Bingo. Actually that's true. So, in any case, the AI based techniques basically allow you to isolate who I am, based on more features that you know about me, so that you get me right. Because if you can't even start there, with whom are you transacting, you're not going to have any hope of detecting fraud. Either that, or you're going to get false positives because you're going to associate me with someone that I'm not, and then it's just going to make me upset, because when you should be transacting with me, you're not because you're saying I'm someone I'm not. >> So, that ties back to what we were saying before, know you're customer and anti money laundering. Which, of course, was big, and still is, during the crypto craze. Maybe crypto is not as crazy, but that was a big deal when you had bitcoin at whatever it was. What are some practical applications for KYC AML that you're seeing in the field today? >> I think that what we see a lot of, what we're applying in my business is automating the discovery of data and learning about the lineage of that data. Where did it come from? This was a problem that was really hard to solve 18 months ago, because it took a lot of man power to do it. And as soon as you did it once, it was outdated. So, we've recently released some capabilities within Watson Knowledge Catalog that really help automate that, so that as the data continues to grow, and continues to change, as it always does, that rather than having two, three hundred business analysts or data stewards trying to go figure that out, machine learning can go do that for you. >> So, all the big banks are glomming on to this? >> Absolutely. >> So think about any customer onboarding, right? You better know who your customer is, and you better have provisions around anti money laundering. Otherwise, there's going to be some very serious downside risk. It's just one example of many, for sure. >> Let's talk about some of the data challenges because we talked a lot about digital, digital business, I've always said the difference between a business and a digital business is how they use data. So, what are some of the challenging issues that customers are facing, and particularly, incumbents, Ginni Rometty used the term a couple of events ago, and it might have even been World of Watson, incumbent disruptors, maybe that was the first think, which I thought was a very poignant term. So, what are some of the data challenges that these incumbents are facing, and how is IMB helping solve them? >> For us, one of them that we see is just understanding where their data is. There is a lot of dark data out there that they haven't discovered yet. And what impact is that having on their analytics, what opportunities aren't they taking advantage of, and what risks are they being exposed to by that being out there. Unstructured data is another big part of it as well. Structured data is sort of the easy answer to solving the data problem, >> [Daniel Hernandez] But still hard. >> But still hard. Unstructured data is something that almost feels like an afterthought a lot of times. But, the opportunities and risks there are equally, if not greater, to your business. >> So yeah, what you're saying it's an afterthought, because a lot of times people are saying, "that's too hard." >> Scott Buckles: Right. >> Forget it. >> Scott Buckles: Right. Right. Absolutely. >> Because there's gold in them there hills, right? >> Scott Buckles: Yeah, absolutely. >> So, how does IBM help solve that problem? Is it tooling, is it discovery tooling? >> Well, yeah, so we recently released a product called InstaScan, that helps you to go discover unstructured data within any cloud environment. So, that was released a couple months ago, that's a huge opportunity that we see where customers can actually go and discover that dark data, discover those risks. And then combine that with some of the capabilities that we do with structured data too, so you have a holistic view of where your data is, and start tying that together. >> If I could add, any company that has any operating history is going to have a pretty complex data environment. Any company that wants to employ AI has a fundamental choice. Either I bring my AI to the data, or I bring my data to the AI. Our competition demand that you bring your data to the AI, which is expensive, hard, often impossible. So, if you have any desire to employ this stuff, you had better take the I'm going to bring my AI to the data approach, or be prepared to deal with a multi-year deployment for this stuff. So, that principle difference in how we think about the problem, means that we can help our customers apply AI to problem sets that they otherwise couldn't because they would have to move. And in many cases, they're just abandoning projects all together because of that. >> So, now we're starting to get into sort of data strategy. So, let's talk about data strategy. So, it starts with, I guess, understanding the value of your data. >> [Daniel Hernandez] Start with understanding what you got. >> Yeah, what data do I have. What's the value of that data? How do I get to that data? You just mentioned you can't have a strategy that says, "okay, move all the data into some God box." >> Good luck. >> Yeah. That won't work. So, do customers have coherent data strategies? Are they formulating? Where are we on that maturity curve? >> Absolutely, I think the advent of the CDO role, as the Chief Data Officer role, has really helped bring the awareness that you have to have that enterprise data strategy. >> So, that's a sign. If there's a CDO in the house. >> There's someone working on enterprise, yeah, absolutely. >> So, it's really their role, the CDO's role, to construct the data strategy. >> Absolutely. And one of the challenges that we see, though, in that, is that because it is a new role, is like going back to Daniel's historical operational stuff, right? There's a lot of things you have to sort out within your data strategy of who owns the data, right? Regardless of where it sits within an enterprise, and how are you applying that strategy to those data assets across the business. And that's not an easy challenge. That goes back to the people process side of it. >> Well, right. I bet you if I asked Jim Cavanaugh what's IBM's data strategy, I bet you he'd have a really coherent answer. But I bet you if I asked Scott Hebner, the CMO of the data and AI group, I bet you I'd get a somewhat different answer. And so, there's multiple data strategies, but I guess it's (mumbles) job to make sure that they are coherent and tie in, right? >> Absolutely. >> Am I getting this? >> Absolutely. >> Quick study. >> So, what's IBM's data strategy? (laughs) >> Data is good. >> Data is good. Bring AI to the data. >> Look, I mean, data and AI, that's the name of the business, that's the name of the portfolio that represents our philosophy. No AI without data, increasingly, not a lot of value of data without AI. We have to help our customers understand this, that's a skill, education, point of view problem, and we have to deliver technology that actually works in the wild, in their environment, not as we want them to be, but as they are. Which is often messy. But I think that's our fun. It's the reason we've been here for a while. >> All right, I'll give you guys a last word, we got to run, but both Scott and Daniel, take aways from the event today, things that you're excited about, things that you learned. Just give us the bumper sticker. >> For me, you talk about whether people recognize the need for a data strategy in their role. For me, it's people being pumped about that, being excited about it, recognizing it, and wanting to solve those problems and leverage the capabilities that are out there. >> We've seen a lot of that today. >> Absolutely. And we're at a great time and place where the capabilities and the technologies with machine learning and AI are applicable and real, that they're solving those problems. So, I think that gets everybody excited, which is cool. >> Bring it home, Daniel. >> Excitement, a ton of experimentation with AI, some real issues that are getting in the way of full-scale deployments, a methodology data ops, to deal with those real hardcore data problems in the enterprise, resonating, a technology stack that allows you to implement that as a company is, through Cloud Pak for Data, no matter where they want to run is what they need, and I'm happy we're able to deliver it to them. >> Great. Great segment, guys. Thanks for coming. >> Awesome. Thank you. >> Data, applying AI to that data, scaling with the cloud, that's the innovation cocktail that we talk about all the time on The Cube. Scaling data your way, this is Dave Vellante and we're in Miami at the AI and Data Forum, brought to you by IBM. We'll be right back right after this short break. (upbeat music)

>> From the Hard Rock Hotel in Las Vegas, it's theCUBE! Covering HoshoCon 2018! Brought to you by Hosho. >> Okay, welcome back everyone, we're here live in Las Vegas for the first security blockchain conference's inaugural event, HoshoCon, and it's all about the top brains in the industry coming together, with experience and tech chops to figure out the future in security. I'm John Furrier, the host of theCUBE. Our next guest, Andre McGregor, who's the partner and head of global security for TLDR. Welcome to theCUBE, thanks for joining me. >> Thank you for having me. >> So you have a background, we were just talking off-camera, FBI, you've been doing the cyber for a long time, cyber-security, mostly enterprise-grade, large-scale. Now we're in crypto, where you have small set of teams, running massive scale, with money involved. >> Correct. So guess what, money attracts. >> Right. People who want it, want that money. Lot of hacks, $400 million in Japan, plus 60 million over here, you add it all up, there's a billion so far this year, who knows what really the number is, it's pretty big. >> It is, and what's concerning and the reason why I came over in this space was the number of hacks that were happening. My company, we get probably a call a week, whether it's high net worth individuals, CEO, exchanges, we've helped a couple, some that you'd know of if I told you who they were, trying to get out of a very bad situation. And interim response has been big, but what we've learned is that it's the same old fraud, the same old security tactics that are being used against some of these crypto-companies. >> And we've seen it all the time, everyone's had fraud alerts on their credit card, this is like classic blocking and tackling, at a whole 'nother level. >> It is, because if you think about it from, like a traditional start-up, you have a company that's small, they have time to develop their MVP, they go out and do maybe a seed round, friends and family, they're sort of ramping up over time, whereas we basically flipped the model upside-down, the same six founders now have $10 million worth of crypto, and they're not protecting it in the ways they think they should, because they're in hyper-growth mode. So the bad guys have determined that as a great place to target, and now as we see in the news, it's actually happening. >> Yeah, and Hartej, the co-founder of Hosho, was just one talking about physical security, in the sense of you got to watch out where you go too now, it's not just online security, it's physical security. So start-ups have that kind of fast and loose kind of culture. >> Well, if you think about it, traditional security in corporations, I can put everyone in a building, I have this similar or same network egress points, I can protect those, I can do the gates, guards, guns, perimeters around, but I got people working from home now in the crypto space, everyone's got their own setup. If someone's in an audience, they say oh, I've been in the blockchain space since 2010 or 11, I can make assumptions about them, about their financial worth, and other people are doing the same, but having nefarious reasons. >> Yeah, you connected the dots okay, it was $0.22 in 2011, so therefore, if they had kept a little bit of Bitcoin-- >> They would be doing very well. >> They're a target. >> Therefore, they're a target now. So when you think about it, you put all those scams together, it becomes sort of a hot topic for-- >> I just got into crypto. (laughs) >> Good answer, good answer. >> Alright, so let's talk about this security hack. Because obviously, in the enterprise tech, we cover a lot of those events across the year. IoT Edge is a huge topic, cloud computing booming, so now you have a lot of compute, which is good, and for bad actors too. So you have now a service area that's now, no perimeter, there's no egress points to manage. Is there a digital way to kind of map this out, and does blockchain give us any advantages or is there anything on the horizon that you see, where we can, in digital form? >> Well, I mean the true reason I came to the blockchain space, having worked hundreds of victim notifications and several dozen actual intrusions, from large intrusions at banks that are top five in the world, all the way down to small core defense contractors, you realize it's always a server you didn't know about, credentials that had more access than they should, obviously gaining access to a centralized server, that then gets exposed and allows that data to be leaked out. So the idea of blockchain and being able to decentralize, distribute that data, own it, and keep it cryptographically pure, and also being able to essentially remove the single source of failure that we saw in a lot of these hacks is exciting. Obviously, blockchain is also not the answer to everything. So in some ways, the spread sheet is still a spread sheet, and the MongoDB will still be the MongoDB, but-- >> The post-it next to your computer, your private key on it. >> But at the same point in time, it all comes down to cyber-hygiene, right? I mean, the stuff that we're looking at, the hacks that we're seeing, the hacks that I'm dealing with and my company dealing with, day in and day out, are not sophisticated. They may be sophisticated actors, but they're using insophisticated means, and of course, I hate to harp on it, but e-mail is still the number one intrusion vector, we all have it, we all use it. You could take stats from the FBI that says 92%, you could take stats from Verizon that says 93%, but that will be the number one way in. >> And phishing is the classic attack point. >> It will always be, because-- >> It's easy. >> I can manipulate people, I find the right opportunity, I always say even I've been phished. It happens, the way your mind is, it's just how you react, is what we need to teach people. >> It's really clicking on that one thing, that just takes one time. >> Yep. >> A PDF that you think is a document from work, or potentially a job opportunity, a new thing, sports scores, your favorite team, girlfriend, boyfriend, whatever, I mean, you don't know! >> But, I'm going to challenge you on this, you get, you click on that bad link, or you feel like your computer has been hacked, who do you call? Do you actually have someone that you can call? There's no cyber 911. Unless you are a high net worth individual, or being targeted by a nation-state, you're not calling the FBI. So who do you call? And that's a problem that we have in our industry right now. I mean, I guess I've been the person that people have been calling, which is fine, I want to help them. 12 years as a firefighter on top of my FBI career, I'm used to helping people in time of need. But really, in the grand scheme of things, there's not enough Mandiants or Verizons are too big. So for these smaller, six-person companies, that don't have $500,000 to spend on instant response, they actually have no one to call when they actually do click something bad. >> And the people they punch in a call, the ones that aren't actually there to help them. Sometimes they get honey-potted into another vector. >> Sure. >> Which is hey, how can I help you? >> Or I even challenge it a bit further. You call any of these companies when your phone has been hacked, you SIM-swap, whatever it is, and you need to sign a master services agreement, you need to go through all the legalese, while you're actively being hacked. Like, it's happening hour after hour, and you're seeing it, your accounts are being compromised and being taken over, and you're trying to find outside counsel to do redline. So in emergency services, we say, don't exchange business cards at the disaster site. It's not the time that you should be saying hi, I'm introducing myself, we should figure out all the retainers, inter-response, legal questions beforehand, so that at 2:00 in the morning, someone calls, and you have someone pick up the phone. >> Yeah, and you know what the costs are going to be, 'cause it's solve the problem at hand, put out that fire, if you will. Okay, so I got to ask you a question on how do people protect themselves? 'Cause we know Michael Terpin's doing a fireside chat, it's well known that he sued AT&T, he had his phone SIM swapped out, this is a known vector in the crypto community. Most people maybe in the mainstream might not know it. But you know, your phone can be hacked. >> Yes. >> Simple two-factor authentication's not enough. >> Correct. >> What is the state-of-the-art solution for people who want to hold crypto, any meaningful amount, could be casual money, to high net worth individual wants to have a lot of crypto. >> I mean, I spent a good amount of my time talking about custody. We've sort of pivoted off to a new part of our business line, that deals specifically around institutional custody solutions, and helping people get through this particular process. But we all know, especially from that particular case, that SMS compromises, after account takeover of a phone, is high. Hardware tokens are always going to be something that I'm going to, Harp or YubiKey, or something like that, where I'm still having the ability to keep a remote adversary away from being able to attack my system that has my private keys, or whatever high-value data I have on it. But if I think about it at the end of the day, I'm going to need to transfer that risk. I would like to say that we can transfer all risk, but instead for the people that have a lot of crypto, you're going to need to look for a good custody solution, you're going to need to look and trust the team, you're going to need to look and trust the technology they have, and you're going to have to get insurance. Because there are so many vectors, in a certain point in time, we can't go back to the wild west, where we're actually >> The insider job is, is really popular now too. >> It is, but there are ways around the collusion, counterparty, third party risk of ensuring that not one person can take the billion dollars worth of crypto and run away off to Venezuela and never appear again. But again, it comes down to basic hygiene. I ask people, I've surveyed hundreds of people in the crypto space, and I ask simple questions like VPNs, and I'm still getting a third to a half of people are using VPNS. Very simple things that people are not doing. When you looks at password for example, if anyone still has a password under 12 characters, then game over. I mean, there are a variety of ways of hacking them. I can use GPU servers to do them very quickly. I won't go into all the different options that are there. People still-- >> So 12 characters, alphanumeric obviously, with-- >> With special characters as well. >> Special characters. >> But the assumption, let's just make the assumption, that either those passwords have been cracked already, because they've already been dumped, people share passwords, they get used again, and then the entropy is exponentially higher with every single character after 12. So my password's 22 characters, sure it's a pain to type it in, but when you think about it, at the end of the day, when I combine that with a password manager that also has a YubiKey that's a hardware token, and I require that access all the time, then I don't run into the problem that someone's going to compromise a single system to get into multiple systems. >> And then also, I know there's a lot of Google people as well, they're looking at security at the hardware level, down to the firmware. >> Sure, sure. >> There's all kinds of-- >> I mean, obviously, you could use the TPM chip as well, and that's something that we should be better at, as a society. >> So while I got you here, I might as well ask you about the China super micro modchip baseboard management controller, BMC, that was reported in Bloomberg, debunked, Apple and Amazon both came out and said no, that's been confirmed. They shift their story a little bit too, the reality probably there is some mods going on, it's manufactured in China. I mean, it's a zero-margin business going to zero, why not just let the Chinese continue to develop, and have a higher-value security solution somewhere else, that's what some people are discussing, like okay, like the DRAM market was. >> Yep. >> Let the Japanese own that, they did, and then Intel makes the Pentium. Wall Street Journal reported that, Andy Kessler. So the shifts in the industry, certainly China's manufacturing the devices. There's no surprise when you go to China, and if you turn on your iPhone, it says Apple would like to push an update, but that's not Apple, it's a forged certificate, pretty much public knowledge. The DNS is controlled by China, and a certificate, these are things that they can control, that's, this is the new normal. >> It, it-- >> If you know the hardware, you can exploit it. >> We've been dealing with supply-chain issues since Maxtor hard drives in Indonesia. So was I shocked when I hear stories about that? No, I'm sort of scared myself into a corner, working in skiffs over the years and reading the various reports that come out about supply chain poisoning. >> Certainly possible. >> It's happening. I mean, it's just to what extent is still something that may or may not be known to its full extent, but it's something that will happen, always happens, and will continue to happen. And so at a certain point in time, capitalism does step in and says alright, well, guess what, China, the way I see it is, China wants to be a super-power. At a certain point, they know that people are looking at them, and saying we can't trust you. So they're going to clean up their house, just like anyone else. >> It's inevitable for them. >> It is inevitable. Because they need to show that they can be a trusting force, in the world economy. And at the same time, we're going to have competition out there that's essentially going to say, alright, we can actually prove to have a much better, stronger, validated supply chain that you'll use. >> I mean, IoT and blockchain, great solutions for supply chain. >> 100%. >> I mean, so this is where-- >> I mean, we're talking, I mean, I was actually on a plane flying from Phoenix, to Santa Fe, New Mexico, and I was sitting next to a guy, who was just like, I just want to use a blockchain to be able to deal with a supply chain around compromised food. So in the sense that if you think about it, fish for example, there's a lot of fake fish, fake type of tuna and other stuff that's out there, that people don't know the difference. But the restaurants are paying double, triple the amount of money for it. You start taking things like elephant tusks, you take things like just being able to track things that no one's really thinking about, and you're just like huh, I never thought of it that way. So at the end of the day, I still get surprised with what people are thinking about, that they can do with the blockchain. >> So Andre, question for you here, this event, what's the impact of this event and for the industry, in your opinion? Obviously, a lot of smart people here talking, candidly, sometimes maybe a little bit contentious about philosophies, regulation, no regulation, self-governance, lot of different things being discussed as exploration, to a new proficiency level that we need to get to. What are some of the hallway conversations you're hearing, and involved in? >> A lot of mine are obviously around custody. That is the topic of the moment. And for me, I'm in learning mode. I recognize that I've spent a lot of time in cyber-security. However, whereas it relates to blockchain and digital asset custody, whether it's utility tokens or security tokens, I'm on the CFTC Technology Advisory Committee, specifically, with cyber-security and custody, and so I want to take in as much information as I can, bring it back to the committee, bring it back to the commissioners, and help them create the proper regulations and standards, whether it's through an SRO, or it's through the government itself. >> For the folks that may watch this video later, that are new to the area, what does custody actually mean? Obviously, holding crypto, but define custody in context of these conversations, what is it, what's the threshold issues that are being discussed? >> Sure. I mean, to break it down, custody is very similar to a bank. So you are, you're saying I have a lot of X. It could be baseball cards, it could be gold bars, it could be fiat cash. And I want to have someone hold it, and I'm going to trust them with that. Of course, I'm transferring that risk, and with that, I have an expectation to have a qualified custodian, that has rules and regulations of how they're going to actually manage it, how they're going to control it, ensure that the risk, that people aren't going to take it. It could be, again, the Monet, it could be the Johnny Bench Ricky card, it could be 100 million blocks of gold. But I also want to have a level of insurance. That insurance could come from the insurance industry themselves, and allowing me to protect it in case something does happen to that, or the government. The FDIC, $250,000 for your bank account is a type of insurance that people are using. By the end of the day, from an institutional perspective, you want a pure custodian that takes all the risk. The government wants to say a certain point, that that custodian can allow for margin call, so that the client can't come in and say, well I'm not going to pay out $100 million worth of crypto, and I'm going to seize, or seizure of funds as well. And that's what's being set up right now. Traditional banks are not ready to handle that. Traditional auditing firms, like PWC or Ernst & Young, are still trying to figure out how they'd even be given a qualified opinion, as it relates to how-- >> So it's not so much that they are not have the appetite to do it, they don't have systems, they don't have expertise, >> They don't have systems, they don't have expertise, >> They don't have workflows. >> And right now, things are so new and so volatile, that they're sort of almost putting their toe in the water, but really not sure what the temperature is yet of the water to hop in. >> If someone wants to go to court, you say hey, prove it. Well, it's encrypted, I don't know who did it. >> Well, and the thing is is that when you have 53 states and territories with different money-transmitting laws, on top of the countless federal agencies and departments that are managing that, it is hard to come to consensus. It is much easier in a place like Bermuda, where the government is small enough where everyone can get together pretty quickly, have consensus on an opinion of how they want to deal with the crypto market, deal with custody, pass a regulation, and what's nice about Bermuda is it has crown ascendancy, so the UK government still approves it. >> And they move fast on the regulation side. They literally just passed-- >> They are the only jurisdiction that has a fully complete law surrounding cryptocurrency. >> You're bullish on Bermuda. >> I am, because I saw the efficiency there. And I expressed my same opinion with the CFTC, when I was doing my hearing last week, that it's nice to see the speed, but it's also a small island that allows for that speed. >> And they have legitimate practices that have been going on for years in other industries. >> Right, so there's no dirty money, there's no anything that people are sort of concerned with, they have the same AML, KYC, anti-money laundering and know your customer regulations that you would expect if you had your money in the United States. >> Yeah, we had a chance to interview the honorable charge there. >> Premier Burt, oh very nice. >> Yeah, he's great, and Toronto, so it's awesome. >> Nice. >> Alright, so final takeaway, for this show here, what's your takeaway about this event, the impact to the industry? >> This is a very important event, because I think people are still trying to get their footing around blockchain, they're still trying to get their footing around digital asset protections. And if we can get the smart people in one room, and they can share knowledge, and then we can come together as a community, and create some standards that make sense, then we're protecting the world. >> Well Andre, I'm glad you're in the industry, 'cause your expertise and background on the commercial side and government side certainly lend well to the needs. (laughs) So to speak. We need you, we need more of you. Thanks for coming on theCUBE, really appreciate your commentary and your insight. It's theCUBE, bringing the insights here, we are live in Las Vegas for HoshoCon, I'm John Furrier with theCUBE, we'll be back with more coverage after this short break. (upbeat music)

>> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HoshoCon 2018. Brought to you by Hosho. >> Okay, welcome back everyone. It's theCUBE live coverage here in Las Vegas for the first annual blockchain security conference. The brightest minds in the industry coming together, it's called HoshoCon, and it's presented by, and sponsored by Hosho. But it's not their event, it's an industry event. And we're here with the co-founder and president, Hartej Sawhney, who is theCUBE alumni. Great to see you. You guys are doing a great event. Thanks for coming on. >> Yeah, it's always good to see you, and I'm so glad theCUBE is here at HoshoCon. >> So you've talked with us many times, but recently in Toronto about this event. This is not your company's event. You guys are putting it together. You're holding it because there's no other conferences that do this, but it's not just you guys. You guys are bringing the industry brains together. >> Yeah, I mean, we see ourselves as being on the intersection of cybersecurity and blockchain. And (coughs) just getting over a cold, but not a lot of conferences are out there that have a open discussion about cyber security in the blockchain industry. And hundreds of millions of dollars are stolen from exchanges. And 10% of all the money in the ICO space has been lost or stolen. And there's simply not enough platforms for this to be discussed. So, we figured we'd start the first conference that solely focuses on being a blockchain security conference. We chose not to have any ICO pitch competition. And it feels like there's more and more typical blockchain conferences out there, but it's important to be home base for anyone who wants to affiliate themselves with cyber security and the blockchain industry. >> And the depth and breadth of security is changing. We are hearing talks with, unfortunately I won't be able to attend the sessions, we're interviewing people all day, but amazing talks. How to hack an exchange, all these new surface areas. I mean, people kind of generally know they're unsecure, but this growth going on. There's new things happening. This is exposing some of the security vulnerabilities. What is the hot topics in the talk tracks here at HoshoCon? >> We have Anand Prakash, who runs a company called AppSecure. He's one of the worlds best white hat hackers. Who has hacked into the likes of Linkedin, Facebook, Google, all the top names. And to have someone walk us through today, Anand Prakash said, "Here's how you hack into a crypto "currency exchange and here's how they actually did it." And to have a white hat hacker walk us through that, it opens up our eye balls as to how easy it actually was for a Japanese exchange to loose 500 million dollars. That's no small sum of money. And this industry is only going to survive if we together as a community come together and evaluate how was it that 500 million dollars got stolen? And how can we as a community of global lovers of bitcoin make sure that this does not happen moving forward? >> On that exchange hack, 500 million dollars in Japan, was that white hat done or was that black hat? >> It was black hat. Unfortunately the money's not been given back. >> So it's not given back. So that's a half a billion dollars? >> It's half a billion dollars stolen, yeah you know. How many industries are worth just about that much? >> Yes, you could feed a couple countries. This is legit, right? Obviously it's like total, you know, wild west if you want to call it. Stage coach robberies they got the mask on. No one knows who it is. This is real, this is absolutely real. What are you guys doing as an industry? What's happening here to prevent this? What are the key, you know hygiene or social, anti-social engineering? What are the key things that are going on that are solving this problem? >> So, every exchange needs to value security and get a penetration test. Every company needs to make sure that somebody at their company is in charge of their in house security practices. Most companies when you ask them, "Who's in charge of security?" They point their finger at the CTO. The CTO is in charge of architecting the software. You need to have somebody full time, in house taking care of the security. Ideally a CISO and if you can afford it, pay someone five to ten thousand dollars a month as a consultant to come in for a couple of months and take care of your in house security. These are basic things that, you know, surprisingly most bitcoin exchanges often times when they're hacked, they're hacked by a basic phishing attack. That one of your employees opened up the wrong email. They opened up a PDF and the hacker gained access to your computer and is now monitoring your keyboard strokes and stole millions of dollars. Or the exchange didn't get an actual penetration test of their exchange. Or exchanges are listing contracts that have not gone through a professional smart contract audit. These things are now, also we're seeing them service in regulation with central governments. And it seems that all the smaller island nations are spearheading the way in terms of writing clarity on regulation. In Malta, Bermuda, Gibraltar, all of them are trying to spearhead the way. I'm much more excited, to be honest, about some of the larger nations bringing clarity on regulation in the next two to three years. We all can't just move to a small island off the coast of Italy that is infamous for actually laundering money in the gaming space. Yes, now they're trying to bring clean clarity doing KYC and AML in Malta and write a actual regulation about security. And if you're domiciled in Malta and you're a exchange then you can only list a token that's been audited. It's wonderful but at the end of the day Malta is also a part of the EU and if the EU changes their mind, things can change Malta. I just feel like it shows the immaturity of the space. If very legitimate companies are all going to flee to small countries like Malta or to islands like Bermuda. Good on those island nations for being so pragmatic and forward thinking and for bringing legal clarity. I mean if I was in an exchange today, arguably yes you have to go to Malta if you want clarity on regulation and you don't want to be in the United States. Right now, Malta is your choice. I'm just personally a little bit much more excited about the next three years where, I make a joke to my co-founder and I say, "The suits are coming." That we look around these conferences and you don't see that many suits but the fortunate 500, many of them are either writing private blockchains, they're evaluating how they're going to leverage blockchain technology in their major businesses and they're going to leverage decentralized applications and tokenization for already running products that have millions of customers, that are already profitable and then when they get tokenized they're going to be up and running right away. So the next two to three years are going to be very interesting. From Hosho's perspective we've taken a big turn towards catering towards more publicly traded large sophisticated companies. We've partnered up with Telefonica. Telefonica is a Fortune 200 company. Its wonderful to be able to leverage that kind of a brand. To deal with major world wide entities that are publicly traded come to Telefonica and evaluate how they can leverage blockchain technology and get one bundled security package that includes Hosho, Rivets, and Telefonica. >> Yeah the Rivets solution is interesting. It's a hardware based solution. So the subscriber of the phone becomes the entity. It's really interesting and I think this points to new paradigms of security, which I want to get to in a second but I want to just unpack what you said about the small country, big country dynamic. Great for the small countries to be opportunistic. To be creative and capture this opportunity. But people want stability. They want clarity on regulations, yes, but also standards, technical standards. >> We can't all just move to the small country of Malta. >> Yeah I'll be in a plane the whole time. >> It just doesn't work. >> Yeah and by the way the game changes too. Whats the implications of say, Malta decides one day, "You know what?" "We're getting out, we're changing things." A company would have to move their domicile again. So it's a moving train, you don't know what you're going to get. It might be stable now but it's not a scalable opportunity. >> Yeah, people have families and they want to stay where they are. Simple as that. We have large countries that have a strong crypto community that's growing and let's see how they pan out. Singapore seems like a likely next candidate. You have Korea. I would argue to say that the worlds first decentralized application that will be massively adopted will be in Korea. Korea is going to be the place where we have the worlds first decentralized application launched with mass adoption, a paradigm shift. The kind of shift where you forgot what it was like before you used Gmail regularly. >> Yeah, total, total infrastructure change. Alright so I got to ask you the hallway conversation question. Obviously you're very popular here. It's you event, you're sponsoring with the community. I see you talking to a lot of people at the VIP dinner last night. What are some of the hallway conversations that you're having? A lot of interesting people here from diverse backgrounds, in security, technology, some policy, some regulatory, some business, and legal, but really bright minds. What's the hallway conversation like? What are you talking about? >> We're talking about how all of us are going to survive crypto winter that we just entered. We've entered a time where fund raising has become extremely difficult. A lot of funds are simply bleeding. They lost a lot of money and they're not cutting checks right now. So the companies that are going to survive and stick around through this crypto winter, they're making a strong statement and they're going to be the ones that are going to stick around. And a lot of them are here at this conference at HoshoCon. And it amazing to have discussions to see what are the problems that fellow founders are facing? Building companies that will survive this crypto winter. Another thing has been just what are we going to do as a community to self-regulate? Are we going to create self-regulatory organizations? Are we going to let another Moody's get created? What is our viewpoint on regulation in the space overall, right? We love Max Keiser. His viewpoint on regulation is very extreme where he believes bitcoin is a self-regulatory technology. And on the other hand we have people saying, "No, we need to quickly move to regulate the space. "Work with central banks, work with central governments, "and write out the regulations." That's been lot of the hallway conversation. And a lot of other ones that have been really intriguing to me has been people talking about what are things that they have done within their company to protect their employees. Because the reality is in the crypto currency space every single employee of a major company in this industry is a target by naturally being in this industry. And this includes you. We are all naturally targets. And it's not about how much bitcoin you have maybe its about how much bitcoin someone thinks you have. And all of a sudden you become a target. And we need to think about things like our physical security. So some of the more interesting conversations I've been having with people have been around, along the lines of what are you doing to protect you and your family in regards to your physical security? On top of that your online presences. >> So ransoms, people getting kidnapped and or extorted. These kinds of physical pressures? >> Yeah, like ShapeShift has a lot of great stories. Michael Perklin from, the CIS of ShapeShift is here. You should totally talk to him and get him on theCUBE. Michael Perklin has a long list of war stories that ShapeShift has been through. Some of them they went through before he was actually hired as a CISO. And ShapeShift would've also not been hacked of millions of dollars if they had brought on a CISO earlier such as Michael Perklin. I believe they had hired him as a consultant. Did not renew the contract, got hacked, and brought him on as CISO. And he was like, "If you had continued working with me "I would of, this would of been avoided." And that's really-- >> It's foolish. >> One other thing I've seen with ShapeShift actually is online you'll notice that all the employees of ShapeShift, their last names are not online. So on the website it says, their chief marketing officers name is Emily, it says "Emily Shape Shift". And their badges at conferences also says "Emily Shape Shift". These are interesting things to learn from other companies that this is what you're doing to protect your employees from them being hacked. It's very interesting for us to all exchange notes-- >> Shoot I'm out there, (mumbles) everywhere pretty much online. >> Well I'm out there as well. We just got to protect ourselves and we got to think about things like our physical security. People feel uncomfortable thinking about their physical security. They think that, "Oh no we're in America, "we'll just call the cops." What about when we travel? What about when you and I are in a village in Thailand hanging out? We are microorganisms and when microorganisms are hungry they'll do what ever it takes to eat. So if they smell abundance, you and I are in trouble. >> Yeah, we got to be careful. And this is something that you really got to worry about because there's been tons of war stories. Now ultimately when you get back down to the wallet, it's one of the things we've been talking a lot this morning on, with Rivets, was on about the notion of how hard it is for mainstream to use tokens. Where's my private key? This has always been the crypto problem, even with private key encryption. >> Yeah, or should we build a multi-sig wallet to store your tokens in a secure manner? People have been asking us for a long time, Crypto funds, ICO's, "How do we store our tokens!" And our problem was that A, we've either hacked into the other wallets that are available and we saw that they're insecure or the UI and UX completely sucks. So we said lets build our own and so we built our own. >> Are you open sourcing that, is that-- >> No, we're going to be, this is going to be a unique multi-sig wallet that we release, it's not. You're open sourcing the actual code of the wallet or else it's not going to be considered legitimate. >> Yeah, it's good, it's a goldmine. >> It's a profitable venture. >> And that's going to be 100% bullet proof? >> It's going to be very secure. >> Let's talk about Meadow Suite. >> So, we came to a point where our engineers needed better tooling to find security vulnerabilities in smart contracts. And what is available, Truffle, is weak and slow. And so we built Meadow Suite. We built in a long list of tools and a full suite of tooling that we believe are going to be used by a long list of people that are building on the Ethereum blockchain. Including a lot of our competitors. And so we've open sourced it and we're excited for people to check out Meadow Suite. It's on GitHub and our engineers have put a lot of time and effort into it. We even have our own logo for it. >> And the goal is to automate things, make it easier? What's the main, main initial goals? >> I would say, long story short, is to find security vulnerabilities in smart contracts and to build tooling around that. And to effectively build and find vulnerabilities in smart contracts. >> So they build it into their development process natively? >> Correct. >> Alright Hartej great to have you on and hey congratulations for putting on this event. I know we've talked about >> Awesome to be here. it in the past, it actually happened. It's the first inaugural one. >> We had this vision and I'm glad it came through. We had a great global events team. Gabriel Shepherd, and Ryan Shewchuk, and Brad Horspool, and Michelle Yon. And like they've put on conference's the size of Southwest by Southwest. And our vision is, look we're not in the events business. And we're a cyber security business at the end of the day. But we found it necessary that there has to be a conference where there's a platform for people to talk about cyber security intersecting with the blockchain industry. There's got to be a platform for someone to get on stage and say, "Hey here's lessons that "we learned from getting hacked" And if this industry is going to survive, this topic needs to survive. And the brands that want to affiliate themselves with blockchain security and that want to be apart of the discussion. This will be a go to conference every single year. We're going to keep doing it and I look forward to having you at every single one, coming. >> It's been great. And you know what's key is having reputable people working together in a community, building an open community, sharing data, sharing best practices, and having candid conversations. >> Yep, it's the only way to get someone as epic as Andreas Antonopoulos to your conference. I mean my co-founder and I have been looking up to Andreas for so long. Watching videos of Andreas. Watching videos of Max Keiser, Stacy Herbert. To have them here is really just truly remarkable and I'm grateful, I'm honored, I'm touched. I'm touched to have you here. I miss David Vellante, I wish he was here. >> He's in San Francisco, he says hi. He was going to fly in tonight but-- >> He texted me. >> He did, okay. >> Hartej it's great to see you. >> Great to see you >> Congratulations. as well. thank you. >> Great event. Okay we're here live with theCUBe coverage for HoshoCon 2018, the first inaugural security conference on blockchain. Industry leaders coming together. The brilliant, bright minds of the industry working out the solutions, trying to pedal faster. Better security, check it out HoshoCon.com. I'm John Furrier stay with us for more coverage after this short break. (techno music)

(electronic music) >> Live from Toronto, Canada it's The Cube covering Blockchain Futurist Conference 2018. Brought to you by The Cube. >> Hello everyone, welcome back to The Cube live coverage here in Toronto, Canada Ontario for Untraceable presents Blockchain Futurist Conference. Two days we've been here. We're on day two, amazing event here, great community, I'm John Furrier your host. Dave Vellante went back east so he was here yesterday. Our next guest Pablo Gonzales is the Founder and CEO of Genesis Blockchain Technologies, welcome to The Cube thanks for joining me. >> Thank you for having me. >> So I'm glad to have you on. First of all when Bradley Rodder says oh watch out for that guy, you must be smart because we trust Bradley so but you're doing something really cool. The future of trading and exchanges has been a topic that everyone's been talking about but not a lot of people have been actually moving the needle on. You've got some movement here, people doing here but no one's actually had the full package and they're running as fast as they can to do it. You guys have done it. >> We have. >> How? Take a minute, what have you guys done? What is the product? How did you guys do it and what can people use today? >> Thank you. So it's no longer hot air, as you said. A lot of people are saying what they're going to do. We're here to say what we have done which is very different. Yesterday up at the main stage we launched the world's first decentralized exchange on a mobile platform. We're fully licensed by the Costa Rican Commodities Exchange, we have brokerage license, a currency exchange license and a money remittance license. We already possess the licenses, we're not in pursuit of the licenses we have them. What we did obviously we pursued an MNA strategy, we acquired companies that were over a decade in the business and we just transformed them and cryptomized them, as I use the term and launched the exchange with those licenses and platforms. We listed the exchange with over 40 coins. Over four billion dollars of shared market cap and over half a million dollars of daily trading and liquidity. >> So this is right now going on in Costa Rica, mainly if stable. Is it stable? How's the stability there? >> So Costa Rica is extremely stable, they haven't had an army for over 50 years, it's considered a world-class country for banking, for international businesses so much so. Amazon, HP, Intel, all these humongous companies have large operations in the country. >> And their posture to crypto is they've come out formally. >> Yes. >> To state well what's the posture from Costa Rica? >> So they consider cryptocurrencies a commodity and not a security and that's why went on to pursue a commodities exchange license. >> So that opens up doors for you to do this. >> Of course it opens up the doors, think about it. So you can now trade Bitcoin with gold. In our exchange, not as of today we're going to launch that in January, so now you can trade cryptocurrencies with commodities and cryptocurrencies with fiat currencies. >> So I'm just kind of speculating here in terms of my mind where I'm going with this. Almost imagine the shakeup that's coming. It's like a blender, we trading gold and Bitcoin it's just like who would have thought that was possible a year ago? >> That's correct. >> They've been compared, people compare Bitcoin to new digital gold but actually comparing them this is going to shakeup like a blender. >> That's correct. >> Blend up the commodities market. >> Disrupt it. >> What's your vision? What do you see happening? >> I just think that a lot of people are focusing on they say on one of the interviews earlier today, one of the interviewers was asking me is that Bitcoin to the moon? I'm like guys we need to stop. If we want this industry to really grow and develop stop using those analogies. We need to create a community that's larger, we need mass adoption and I think by including the commodities into the equation you're catering to the traditional investors that are a little bit uncomfortable with cryptocurrencies because they don't know about them but they know about gold and then all of a sudden now you compare gold with Bitcoin. >> It brings retail into it. >> Yes. >> It brings a real retail market. >> That's correct. >> You know I just want to say something. I agree with you 100%. These news outlets out there, these other people they tend to focus on the price of Bitcoin and it's almost like okay can we get over that? Yes it's going to go up and down, if you're in the long game it should be 20,000. Okay we can buy that but let's talk about what people are doing. Who's building something? >> Yes. >> That's the focus. So if I ask you now that question, hey Pablo what have you built and what you you going to continue to build if this is a foundational product, what are you guys going to do on top of it? What's the build plan? >> Thank you. So yesterday we launched the decentralized exchange with 40 coins. We're going to add probably between now and December another 110 different tokens. We're doing 20 for now and in January we're launching a centralized exchange so that's where we're going to add the fiat currencies and the commodities. >> What date again? >> End of January. >> Okay got it. >> Then we're going to make an announcement in November at one of the conferences in Malta and so we're reserving the date and everything else for that but in May of next year we're launching over the counter trading desk with full KYC AML you know counter terrorism financing, all of the world class policies and by this time next year we're going to be launching our institutional platform. So we want to be a one stop shop via the currency exchange that we own. We already have the ability from the Central Bank of Costa Rica which is amazing to issue Visa cards. So now our users, besides trading, they can take their crypto with them from their mobile phone, convert it to fiat and pay, you know, for gasoline, buy groceries. >> So I'm an entrepreneur, I got my own cube coin coming out, cube token, security token or utility, what's in it for me? If I asked you Pablo what's in it for me? What do I get out of it as a business? Are people going to start trading my coins? Am I instantly going to have an over the counter so as a business what do I have to worry about? What's the benefit? What matters to me? What's the impact? >> So if you were to be a coin to list on our exchange you mean? Well first of all we all know exchanges now to list on them you know they're changing, some of them I'm not going to say the name. >> They're charging a lot of money. >> Yeah 400 BTC and crazy amounts like this. We are going to charge. It's a business at the end of the day but what we're looking for with the coins that we're going to list is partnerships and seeing what ways we can do more entrepreneurial projects to change the landscape of the industry together as an exchange and a coin because potentially what a coin is is a company. You know what's behind the coin is what's important to us and not the coin itself. As the company develops and progresses so will the coin's price appreciated value or depreciated value and so yes, besides facilitating trading fees and lowering that, up listing and so forth what we're bringing to the table wants to be much more dynamic. >> You got to balance you know business that you got to do with infrastructure build out. It's like the old telecom days you got to build some cell towers before you roll out mobile. You got to build this entire retail global fabric. >> Yes. How does community play in for it? Obviously community is very important. I agree with you that's big time. How are you guys building your community? Tapping into anything else? Obviously Untraceable has got a great community. How are you going to grow your community. >> So as an exchange there could be a conflict of interest we have to be really careful how we get involved in the community but what we want to do is by selected partnerships with projects and coins. The coins are already doing their work. They are appealing to a community. They are raising the money from that community what we want to do is we want to partner up with those coins, the coins that are worth partnering up with and that way our reach automatically will multiply. On top of that of course we want to work with government and banks and institutions. We believe, it may not be popular what I'm about to say, you know the good old honor kids that came to the hardcore crypto, forget about central banks and centralization, I don't think that that's ever going to happen. I think the more we cooperate with government, that the more we work with them, we together can shape the industry and the landscape for good. I do believe in that. It's a collaboration and cooperation with governments and banks to us is pivotal. >> I mean you can be a coach to the regulatory. >> Absolutely. >> You can be an advocate and partner. >> We are being. >> And not an enemy. >> In Costa Rica, so before they considered and they took a position on whether is was a commodity or not you know they approached us and we were teaching them so much so that a congressman that was going to be at the conference and couldn't make it, he's the founder of the Libertarian movement in Costa Rica he created a think tank of crypto because of us that now has Latin America reach. Think about it, there are 1.3 billion people in Latin America. >> They have mobile phones. >> Exactly. That can now learn about crypto and so we're going to capitalize on this. >> It's a real democratization, what you do is change a society. If you continue to get this right this is really key. Congratulations. Now I want to ask you personal questions so I love the hat, you look great. >> Thank you. >> How did you get here? Were you scratching an itch that was around this? Was it, how did you get to the point where you said hey I'm going to go out and build the first exchange. I'm going to roll up the companies, wire them together, cryptotize them and go nuts and build an exchange. I mean how did you get here? What's the story? >> Thank you well, it's a story. I began entrepreneurial projects over 10 years ago, been in the private sector, because Costa Rica is a services company we put together a call center. Took it from like four people to 4000 people in four years. I went on to like building my own sports brand in over 10 countries but then about two years ago a few companies from Canada they called me from here, they called me to help them go public in the Canadian Securities Exchange. I took two companies public last year and after that I was saying to myself and the crew guys what do we do next? How can we really disrupt the industry? And one of the things we were talking about was man, we're in a decentralized community that brags about decentralization, trading and centralized exchanges. How ironic is that? >> Yeah it's got to change. >> So we said you know what let's be the pioneers, let's head out on a quest to build the world's first mobile decentralized exchange and we achieved that. It's unbelievable. Now you hear all the big guys, the whales talking about we're going to come up with a decentralized exchange because that's what people want at the end of the day and we were able to be the first ones ever to give that. >> And stability is critical. I mean I was just at a bank starting up a new account for a new startup that we're doing and they're like is this a blockchain company? I'm like no, no God no, no, no we're a media business. >> Those are bad guys. >> So you can't even open a bank account some places. So this has really got to get fixed and I got liquid, I got fiat currency, I got to make movements around. The retail market, whether it's trading, investing, it's got to be converted over to the new world. >> Yes, yes. >> I mean it's almost like a full changeover. >> That's correct. Obviously I think that it'll be a transition process. It'll take some time. There are some banks that already getting more involved into the process. What's interesting in our case is we even got the Costa Rican Central Bank to be our bank. Think about it, we're not banking with any private bank or public bank but the Costa Rican Central Bank and I think that more and more banks will follow suit as they see good use cases. The ICO craze of last year, I don't think that it did any good to the greater good of the community. If anything it brought a lot of prejudice. >> It's a black eye. They'll be a hangover on that but that's like the dotcom bubble. All those things on the dotcom bubble actually happened so I think you're going to just see get that jested out of the system. >> Inevitable. >> And focus on quality. That's what happening now. >> Inevitable. >> Pablo thanks for coming on. Pablo Gonzales who is the Founder and CEO of Genesis Blockchain Technologies. First ever exchange bringing all new magic to the marketplace. This is The Cube bringing you the content magic here in Toronto, Canada. I'll be right back with more. Stay with us. Live coverage after this short break. (electronic music)

(techy music) >> Live from Toronto, Canada, it's theCUBE covering Blockchain Futurist Conference 2018, brought to you by theCUBE. (techy music) >> Hello, everyone, and welcome back. This is the live CUBE coverage here in Toronto, Ontario here in Canada for the Untraceable Blockchain Futurist Conference. This is day two of wall-to-wall CUBE coverage. We've got great presentations going on, live content here on theCUBE as well as in the sessions, great networking, but more important all the thought leaders in the industry around the world are coming together to try to set the standards and set up a great future for cryptocurrency and blockchain in general. Our next two guests are very special guests for theCUBE and we're excited to have them on, the Honorable Wayne Caines, Minister of National Security for the government of Bermuda, and Kevin Richards, concierge on the Fintech business development manager, part of the Bermuda Business Development Agency. Thank you guys for coming on, really appreciate the time. >> Thanks very much. >> Thank you for having us. >> Why this is so important is that we heard your presentation onstage, for the folks, they can catch it online when they film it and record it, but the Bermuda opportunity has really emerged as a shining light around the world, specifically in the United States. In California, where I live, Silicon Valley, you guys are now having great progress in hosting companies and being crypto-friendly. Take a minute to explain what's happening, what's the current situation, why Bermuda, why now, what's developing? >> This has all happened over the last eight months. We were looking in November of 2017 to go in the space. In January we went to the World Economic Forum in Davos in Switzerland. When we went to Davos in Switzerland something very interesting happened. People kept coming up to us, I was like the Hound of the Baskerville, or the Pied Piper if you please, and so, so many people were coming up to us finding out more information about Bermuda. We realized that our plan that we thought we could phase in over 18 months, that it had to be accelerated. So, whilst we were at the World Economic Forum in Davos we said to people, "Listen, if you want to change the world, "if you want to help Bermuda to grow, if you're serious," this is a Thursday, "Meet us in Bermuda on the Monday morning." On the Monday morning there are 14 different people in the room. We sat in the room, we talked about what we wanted the world to be, how could Bermuda be in place, what are the needs in this industry, and by the Wednesday we had a complete and total framework, and so we split up into industries. Number one was ICOs, we wanted to look at how to regulate the ICO market. Number two, we wanted to look at digital asset exchanges or cryptocurrencies or how do we regulate security tokens and utility tokens and what do exchanges look like, how do we do exchanges in Bermuda, and then we wanted to talk about education and setting up incubators. And so, come fast forward to July, August, we have an ICO bill in place that allows us to look at setting up ICOs in Bermuda. We wanted to focus on the legal and the regulatory framework, so this is a nascent space. A number of people are concerned about the dark actors, and so we wanted to set up a jurisdiction that traded on our international reputation. Now, remember for the last 60 years reinsurance, finance, captives, hedge funds, people in the financial services market have been coming to Bermuda because that's what we do well. We were trading on the reputation of our country, and so we couldn't do anything to jeopardize that. And so, when we put in place the ICO legislation we had consultants from all over the world, people that were bastions and beasts in industry, in the ICO industry and in the crypto world came to Bermuda and helped us to develop the legislation around setting up an ICO. So, we passed the ICO legislation. The next phase was regulating cryptocurrencies, regulating digital assets, and we set up a piece of legislation called the Digital Asset Business Act, and that just regulates the digital asset space exchanges, and the last piece we wanted to do was a banking piece, and this is the last and we believe the most significant piece. We were talking to people and they were not able to open up bank accounts and they were not able to do, so we said, "Listen, "the Bermuda banking environment is very strong." Our banking partners were like, "Listen, "we love what you guys are doing, "but based on our corresponding banking relationships "we don't want to do anything to jeopardize that space," but how could we tell people to come to Bermuda, set up your company, and they can't open bank accounts? And so, we looked at, we just recently passed creating a new banking license that allows people to set up their business in Bermuda and set up banking relationships and set up bank accounts. That simply has to receive the governor's Royal Assent. As you know, Bermuda's still a British pan-territory, and financial matters have to get the okay of the Queen, and so that is in the final stages, but we're excited, we're seeing an influx, excuse me, a deluge of people coming to Bermuda to set up their companies in Bermuda. >> So, the first two pieces are in place, you have the legislation... >> Mm-hm. >> Mm-hm. >> You have the crypto piece, and now the banking's not yet, almost approved, right? >> It's there, it simply has to get the final sign-off, and we believe that it should take place within the next two weeks. So, by the time this goes to air and people see it we believe that piece will be in place. >> So, this is great news, so the historical perspective is you guys had a good reputation, you have things going on, now you added on a new piece not to compromise your existing relationships and build it on. What have you guys learned in the process, what did you discover, was it easy, was it hard, what are some of the learnings? >> What we've learnt is that KYC, know your customers, and the AML, anti-money laundering, and terrorist financing pieces, those are the critical pieces. People are looking in this space now for regulatory certainty, so when you're talking about people that are in the space that are doing ICOs of $500 million or exchanges that are becoming unicorns, a billion dollar entity in three months, they want a jurisdiction that has regulatory certainty. Not only do they want a jurisdiction with regulatory certainty, they want to open up the kimono. What has this country done in the past, what do they have to trade on? We're saying you can go to a number of countries in the world, but look at our reputation, what we're trading on, and so we wanted to create a space with regulatory certainty, and so we have a regulatory body in Bermuda called the Bermuda Monetary Authority, and they are an independent regulator that they penned the Digital Asset Business Act, and so the opportunity simply for people around the world saying, "Listen, we want to do an ICO, "we want to set up an exchange. "Where's a country that we can go to that has a solid reputation? Hold on, how many countries have law surrounding"-- >> Yeah. >> "The Digital Asset Business Act, how many ICO countries have laws. Guess what, Bermuda becomes a standout jurisdiction in that regard. >> Having a regulation signaling is really important, stability or comfort is one, but the one concern that we hear from entrepreneurs, including, you know, ourselves when we look at the market is service providers. You want to have enough service providers around the table so when I come in and domicile, say, in Bermuda you want to have the banking relationships, you want to have the fiduciary-- >> Yes. >> You want to have service providers, law firms and other people. >> Yes. >> How are you guys talking about that, is that already in place? How does that fit into the overall roadmap for your vision? >> I don't want to beat a horse (laughs) or beat a drum too much, that is what we do as a country. So, we have set up, whether it's a group of law firms and the Bermuda, excuse me, the Bermuda Monetary Authority, the Bermuda that's the register of companies that sets up the companies. We have Kevin, and Kevin will tell you about it, he leads our concierge team. So, it's one throat to choke, one person that needs, so when you come to really understand that the ease of business, a county that's business-friendly with a small country and with a small government it's about ease of reference. Kevin, tell us a little about the concierge team. >> It's like the Delaware of the glove, right? >> Absolutely. >> Come in, domicile, go and tell us how it works. >> I'll give you a little bit of background on what we do on the concierge side. So, one thing that we identified is that we want to make sure that we've got a structure and a very clearly defined roadmap for companies to follow so that process from when they first connect with the BDA in Bermuda to when they're incorporated and set up and moved to Bermuda to start running their business is a seamless process that has very clearly identifiable road marks of different criteria to get through. So, what I do as a concierge manager is I will identify who that company needs to connect with when they're on the ground in Bermuda, get those meetings set up for when they come down so that they have a very clearly mapped out day for their trip to Bermuda. So, they meet with the regulator, they meet with the government leaders, they meet with the folks who've put together legislation that, obviously you mentioned the service providers, so identifying who's the right law firm, corporate service provider, advisory firm on the ground in Bermuda, compliance company, and then making sure that depending on what that company wants to achieve out of their operation in Bermuda they've got an opportunity to connect with those partners on their first trip so that they can put that road map together for-- >> So, making it easy... >> Making it very easy to set up in Bermuda. >> So, walk me through, I want to come down, I want to do business-- >> Yeah. >> Like what I hear, what do I do? >> So, you send me an email and you say, "Listen, Wayne, we're looking at "doing an ICO launch in Bermuda. "I would like to meet with the regulator. "Can you put a couple law firms in place," in an email. I zip that over to Kevin or you go on our Fintech.bm website-- >> Yeah, I was going to say... >> Fintech.bm website, and Kevin literally organizes a meeting. So, when you come to Bermuda for your meeting you have a boardroom and all the key players will be in the boardroom. >> Got it. >> If you need somebody to pick you up at the airport, if you need a hotel, whatever you need from soup to nuts our team actually makes that available to you, so you're not running around trying to find different people to meet, everyone's there in the room. >> And the beauty of Bermuda is that, you know, the city of Hamilton's two square kilometers, so your ability to get a lot done in one day is, I think, second to nowhere else on the planet, and working with the BDA concierge team you're, you know, we connect with the client before they come down and make sure we identify what their needs are. >> The number one question I have to ask, and this is probably the most important for everyone, is do they have to wear Bermuda shorts? (laughs) >> When you come you tell us your size, you tell us what size and what color you want and we'll make sure, so the... I tell this story about the Bermuda shorts. The Bermuda shorts, Bermuda's always had to adapt and overcome. Bermuda, we have something called the Bermuda sloop and it's a sailing rig, and so we... The closest port to Bermuda is Cape Hatteras in North Carolina and we wanted to cut down the time of their voyage, so we created a sailing rig called the Bermuda rig or the Bermuda sloop. Over the years that has become the number one adopted rig on sailing boats. We've always had to adapt and become innovative. The Bermuda shorts were a way to adapt and to get through our very hot climate, and so if you look at just keep that in mind, the innovation of the Bermuda sloop and the Bermuda shorts. Now, this Fintech evolution is another step in that innovation and a way that we take what's going on in the world and adapt it to make it palatable for everyone. >> What's the brand promise for you guys when you look at when entrepreneurs out there and other major institutions, especially in the United States, again, Silicon Valley's one of the hottest issues around-- >> Yes. >> Startups for expansion, right now people are stalled, they don't know what to do, they hear Malta, they hear other things going on. What's the promise that you guys are making to the law firms and the people, entrepreneurs out there trying to establish and grow? >> The business proposition is this, you want a jurisdiction that is trading on years of solid regulation, a country and a government that understands business, how to be efficacious in business. When you come to Bermuda you are trading on a country that this is what we've done for a living. So, you don't have to worry about ethical government, is your money going to be safe. We have strong banking relationships, strong law firms, top tier law firms in Bermuda, but more importantly, we have legislation that is in place that allow you to have a secure environment with a clear regulatory framework. >> What should people look for as potentially might be gimmicks for other countries to promote that, you know, being the Delaware for the globe and domiciling, and what are some of the requirements? I mean, some have you've got to live there, you know, what are some of the things that are false promises that you hear from other potential areas that you guys see and don't have to require and put the pressure on someone? >> When you hear the people say, "We can turn your company around in the next day." That we don't require significant KYC and AML. Red flags immediately go up with the global regulatory bodies. We want when a person comes to Bermuda to know that we have set what we believe is called the Bermuda Standard. When you come to Bermuda you're going to have to jump through some legal and regulatory hoops. You can see regulation, the ICO regulation and the Digital Asset Business Act on BermudaLaws.bm. BermudaLaws.bm, and you can go through the legislation clause by clause to see if this meets your needs, how it will affect your business. It sets up clearly what the requirements are to be in Bermuda. >> What's the feedback from business, because you know, when you hear about certain things, that's why Delaware's so easy, easy to set up, source price all know how to do in a corporation, let's say in the United States-- >> We don't have the SEC handicaps that they have in America, going from jurisdiction to jurisdiction. You're dealing with a colony that allows you to be in a domicile that all of the key players finances... We have a number of the key elements that are Bermuda. We're creating a biosphere that allows a person to be in a key space, and this is, you have first move as advantage in Bermuda. We have a number of things that we're working on, like the Estonia model of e-residency, which we will call EID, that creates a space that you are in Bermuda in a space that is, it's protected, it's governed. We believe that when companies set up in Bermuda they are getting the most secure, the strongest business reputation that a country could have. >> The other thing I would add, I'll just say, you know, quality, certainty, and community is what that brand represents. So, you know, you've got that historical quality of what Bermuda brings as a business jurisdiction, you have the certainty of the regulation and that pathway to setting your company up and incorporating in Bermuda, and then the community piece is something that we've been working on to make sure that any of the players that are coming to Bermuda and connecting with Bermuda and setting up there, they feel like they're really integrated into that whole community in Bermuda, whether it be from the government side, the private sector side. You can see it with the companies that have set up that are here today, you know, they really have embraced that Bermuda culture, the Bermuda shorts, and what we're really trying to do as a jurisdiction in the tech space. >> What can I expect if I domicile in Bermuda from a company perspective, what do I have to forecast? What's the budget, what do I got to do, what's my expectation? Allocate resources, what's going to be reporting, can you just give us some color commentary? >> So, with reference, it depends what you're trying to do, and so there will be different requirements for the ICO legislation. For the ICO legislation a key piece of the document actually is the whitepaper. Within the whitepaper you will settle what your scope of business is, what do you want to do, what you know, everything, everything that you require will be settled in your whitepaper. After the whitepaper is approved and if it is indeed successful, you go to the Bermuda Monetary Authority and they will outline what they require of you, and very shortly thereafter you will able to set up and do business in Bermuda. With reference to the digital asset exchanges, the Digital Asset Business Act, such a clear guideline, so you're going to need to have a key man in Bermuda, a key woman in Bermuda. >> Yeah. >> You're going to need to have a place of presence in Bermuda, so there are normal requirements-- >> There's levels of requirements based upon the scope. >> Absolutely. >> So, if you run an exchange it has to be like ghosting there. >> Yeah, yeah, you need boots on the ground. >> And that's why the AML and the KYC piece is so important. >> Yeah. Well, I'm super excited, I think this is a great progress and this has been a big uncertainty, you know, what does this signal. People have, you know, cognitive dissonance around some-- >> Yes. >> Of the decisions they're making, and I've seen entrepreneurs flip flop between Liechtenstein, Malta, Caymans. >> Right. >> You know, so this is a real concern and you guys want to be that place. >> Not only, we will say this, Bermuda is open for business, but remember, when you see the requirements that we have some companies won't meet the standard. We're not going to alter the standard to accommodate a business that might not be what we believe is best for Bermuda, and we believe that once people see the standard, the Bermuda Standard, it'll cascade down and we believe that high tides raises all boats. >> Yeah. >> We have a global standard, and if a company meets it we will be happy for them to set up and do business in Bermuda. >> Well, I got to say, it's looking certainly that leaders like Grant Fondo in Silicon Valley and others have heard good things. >> Yeah. >> How's been the reaction for some of the folks on the East Coast, in New York and around the United States and around the world? What has been some of the commentary, what's been the anecdotal feedback that you've heard? >> We're meeting three and four companies every day of the week. Our runway is full of Fintech companies coming to Bermuda, from... We have insurtech companies that are coming in Bermuda, people are coming to Bermuda for think tanks, to set up incubators and to do exploratory meetings, and so we're seeing a huge interest in Bermuda the likes have not been seen in the last 20 years in Bermuda. >> Well, it's been a pleasure chatting with you and thanks for sharing the update and congratulations. We'll keep in touch, we're following your progress from California, we'll follow up again. The Honorable Wayne Caines, the Minister of National Security of the government of Bermuda, and Kevin Richards, concierge taking care of business, making it easy for people. >> Oh, yeah, oh, yeah. >> We'll see, I'm going to come down, give me the demo. >> We're open for business and we're looking forward to seeing everybody. (laughs) >> Thank you for the opportunity. >> Thank you very much. >> Thank you. >> Major developments happening in the blockchain, crypto space. We're starting to see formation clarity around, standards around traditional structures but not so traditional. It's not your grandfather's traditional model. This is what's great about blockchain and crypto. CUBE coverage here, I'm John Furrier, thanks for watching, stay with us. More day two coverage after this short break. (techy music)

>> Live, from Toronto Canada, it's the CUBE! Covering Blockchain Futurist Conference 2018. Brought to you by the CUBE. >> Hello everyone and welcome back. This is the CUBE's exclusive coverage here in Toronto for the Blockchain Futurist Conference, we're here all week. Yesterday we were at the Global Cloud and Blockchain Summit put on by DigitalBits and the community, here is the big show around thought leadership around the future of blockchain and where it's going. Certainly token economics is the hottest thing with blockchain, although the markets are down the market is not down when it comes to building things. I'm John Furrier with Dave Vellante, here with CUBE alumni and special guest Hartej Sawhney who is the founder of Hosho doing a lot of work on security space and they have a conference coming up that the CUBE will be broadcasting live at, HoshoCon this coming fall, it's in October I believe, welcome to the CUBE. >> Thank you so much for having me. >> Always great to see you man. >> What's the date of the event, real quick, what's the date on your event? >> It's October 9th to the 11th, Hard Rock Hotel & Casino, we rented out the entire property, we want everyone only to bump into the people that we're inviting and they're coming. And the focus is blockchain security. We attend over 130 conferences a year, and there's never enough conversation about blockchain security, so we figured, y'know, Defcon is still pure cybersecurity, Devcon from Ethereum is more for Ethereum developers only, and every other conference is more of a traditional blockchain conference with ICO pitch competitions. We figured we're not going to do that, and we're going to try to combine the worlds, a Defcon meets Devcon vibe, and have hackers welcome, have white hat hackers host a bug bounty, invite bright minds in the space like Max Keiser and Stacy Herbert, the founder of the Trezor wallet, RSA, y'know we've even invited everyone from our competitors to everyone in the media, to everyone that are leading the blockchain whole space. >> That's the way to run an event with community, congratulations. Mark your calendar we've got HoshoCon coming up in October. Hartej, I want to ask you, I know Dave wants to ask you your trip around the world kind of questions, but I want to get your take on something we're seeing emerging, and I know you've been talking about, I want to get your thoughts and reaction and vision on: we're starting to see the world, the losers go out of the market, and certainly prices are down on the coins, and the coins are a lot of tokens out there, >> Too many damn tokens! (laughing) >> The losers are the only ones who borrowed money to buy bitcoin. >> (laughs) Someone shorted bitcoin. >> That's it. >> But there's now an emphasis on builders and there's always been an entrepreneurial market here, alpha entrepreneurs are coming into the space you're starting to see engineers really building great stuff, there's an emphasis on builders, not just the quick hit ponies. >> Yep. >> So your thoughts on that trend. >> It's during the down-market that you can really focus on building real businesses that solve problems, that have some sort of foresight into how they're going to make real money with a product that's built and tested, and maybe even enterprise grade. And I also think that the future of fundraising is going to be security tokens, and we don't really have a viable security exchange available yet, but giving away actual equity in your business through a security token is something very exciting for sophisticated investors to participate in this future tokenized economy. >> But you're talking about real equity, not just percentage of coin. >> Yeah, y'know, actual equity in the business, but in the form of a security token. I think that's the future of fundraising to some extent. >> Is that a dual sort of vector, two vectors there, one is the value of the token itself and the equity that you get, right? >> Correct, I mean you're basically getting equity in the company, securitized in token form, and then maybe a platform like Securitize or Polymath, the security exchanges that are coming out, will list them. And so I think during the down-markets, when prices are down, again I said before the joke but it's also the truth: the only people losing in this market are the ones who borrowed to buy bitcoin. The people who believe in the technology remain to ignore the price more or less. And if you're focused on building a company this is the time to focus on building a real business. A lot of times in an up-market you think you see a business opportunity just because of the amount of money surely available to be thrown at any project, you can ICO just about any idea and get a couple a million dollars to work on it, not as easy during a down-market so you're starting to take a step back, and ask yourself questions like how do we hit $20,000 of monthly recurring revenue? And that shouldn't be such a crazy thing to ask. When you go to Silicon Valley, unless you're two-time exited, or went to Stanford, or you were an early employee at Facebook, you're not getting your first million dollar check for 15 or 20 percent of your business, even, until you make 20, 25K monthly recurring revenue. I say this on stage at a lot of my keynotes, and I feel like some people glaze their eyes over like, "obviously I know that", the majority are running an ICO where they are nowhere close to making 20K monthly recurring and when you say what's your project they go, "well, our latest traction is that we've closed about "1.5 million in our private pre-sale." That's not traction, you don't have a product built. You raised money. >> And that's a dotcom bubble dynamic where the milestone of fundraising was the traction and that really had nothing to do with building a viable business. And the benefit of blockchain is to do things differently, but achieve the same outcome, either more efficient or faster, in a new way, whether it's starting a company or achieving success. >> Yep, but at the same time, blockchain technology is relatively immature for some products to go, at least for the Fortune 500 today, for them to take a blockchain product out of R&D to the mainstream isn't going to happen right now. Right now the Fortune 500 is investing into blockchain tech but it's in R&D, and they're quickly training their employees to understand what is a smart contract?, who is Nick Szabo?, when did he come up with this word smart contracts? I was just privy to seeing some training information for multiple Fortune 500 companies training their employees on what are smart contracts. Stuff that we read four or five years ago from Nick Szabo's essays is now hitting what I would consider the mainstream, which is mid-level talent, VP-level talent at Fortune 500 companies, who know that this is the next wave. And so when we're thinking about fundraising it's the companies who raise enough money are going to be able to survive the storm, right? In this down-market, if you raised enough money in your ICO, for this vision that you have that's going to be revolutionary, a lot of times I read an ICO's white paper and all I can think is well I hope this happens, because if it does that's crazy. But the question is, did they raise enough money to survive? So that's kind of another reason why people are raising more money than they need. Do people need $100 million to do the project? I don't know. >> It's an arm's race. >> But they need to last 10 years to make this vision come true. >> Hey, so, I want to ask you about your whirlwind tour. And I want to ask in the context of something we've talked about before. You've mentioned on the CUBE that Solidity, very complex, there's a lot of bugs and a lot of security flaws as a result in some of the code. A lot of the code. You're seeing people now try to develop tooling to open up blockchain development to Java programmers, for example, which probably exacerbates the problem. So, in that context, what are you seeing around the world, what are you seeing in terms of the awareness of that problem, and how are you helping solve it? >> So, starting with Fortune 500 companies, they have floors on floors around the world full of Java engineers. Full Stack Engineers who, of course, know Java, they know C#, and they're prepared to build in this language. And so this is why I think IBM's Hyperledger went in that direction. This is why even some people have taken the Ethereum virtual machine and tried to completely rebuild it and rewrite it into functional programming languages like Clojure and Scala. Just so it's more accessible and you can do more with the functional programming language. Very few lines of code are equivalent to hundreds of lines of code in linear languages, and in functional programming languages things are concurrent and linear and you're able to build large-scale enterprise-grade solutions with very small lines of code. So I'm personally excited, I think, about seeing different types of blockchains cater more towards Fortune 500 companies being able to take advantage, right off the bat, of rooms full of Java engineers. The turn to teaching of Solidity, it's been difficult, at least from the cybersecurity perspective we're not looking for someone who's a software engineer who can teach themselves Solidity really fast. We're looking for a cybersecurity, QA-minded, quality-assurance mindset, someone who has an OPSEC mindset to learn Solidity and then audit code with the cybersecurity mindset. And we've found that to be easier than an engineer who knows Java to learn Solidity. Education is hard, we have a global shortage of qualified engineers in this space. >> So cybersecurity is a good cross-over bridge to Solidity. Skills matters. >> If you're in cybersecurity and you're a full sec engineer you can learn just about any language like anyone else. >> The key is to start at the core. >> The key is to have a QA mindset, to have the mindset of actually doing quality assurance, on code and finding vulnerabilities. >> Not as an afterthought, but as a fundamental component of the development process. >> I could be a good engineer and make an app like Angry Birds, upload it, and even before uploading it I'll get it audited by some third party professional, and once it's uploaded I can fix the bugs as we go and release another version. Most smart contracts that have money behind them are written to be irreversible. So if they get hacked, money gets stolen. >> Yeah, that's real. >> And so the mindset is shifting because of this space. >> Alright, so on your tour, paint a picture, what did you see? >> First of all, how many cities, how long? Give us the stats. >> I just did about 80 days and I hit 10 countries. Most of it was between Europe and Asia. I'll start with saying that, right now, there's a race amongst smaller nations, like Malta, Bermuda, Belarus, Panama, the island nations, where they're racing to say that "we have clarity on regulation when it comes to "the blockchain cryptocurrency industries," and this is a big deal, I'd say, mainly for cryptocurrency exchanges, that are fleeing and navigating global regulation. Like in India, Unocoin's bank has been shutdown by the RBI. And they're going up against the RBI and the central government of India because, as an exchange, their banks have been shut down. And they're being forced to navigate waters and unique waves around the world globally. You have people like the world's biggest exchange, at least by volume today is Binance. Binance has relocated 100 people to the island of Malta. For a small island nation that's still technically a part of the European Union, they've made significant progress on bringing clarity on what is legal and what is not, eventually they're saying they want to have a crypto-bank, they want to help you go from IPO to ICO from the Maltese stock exchange. Similarly also Gibraltar, and there's a law firm out there, Hassans, which is like the best law firm in Gibraltar, and they have really led the way on helping the regulators in Gibraltar bring clarity. Both Gibraltar and Malta, what's similar between them is they've been home to online gambling companies. So a lot of online casinos have been in both of their markets. >> They understand. >> They've been very innovative, in many different ways. And so even conversations with the regulators in both Malta and Gibraltar, you can hear their maturity, they understand what a smart contract is. They understand how important it is to have a smart contract audited. They already understand that every exchange in their jurisdiction has to go through regular penetration testing. That if this exchange changes its code that the code opens it up to vulnerabilities, and is the exchange going through penetration testing? So the smaller nations are moving fast. >> But they're operationalizing it faster, and it's the opportunity for them is the upside. >> My only fear is that they're still small nations, and maybe not what they want to hear but it's the truth. Operating in larger nations like the United States, Canada, Germany, even Japan, Korea, we need to see clarity in much larger nations and I think that's something that's exciting that's going to happen possibly after we have the blueprint laid out by places like Malta and Gibraltar and Bermuda. >> And what's the Wild West look like, or Wild East if you will in Asia, a lot of activity, it's a free-for-all, but there's so much energy both on the money-making side and on the capital formation side and the entrepreneurial side. Lay that out, what's that look like? >> By far the most exciting thing in Asia was Korea, Seoul, out of all the Asian tiger countries today, in August 2018, Seoul, Korea has a lot of blockchain action going on right now. It feels like you're in the future, there's actually physical buildings that say Blockchain Academy, and Blockchain Building and Bitcoin Labs, you feel like you're in 2028! (laughs) And today it's 2018. You have a lot of syndication going on, some of it illegal, it's illegal if you give a guarantee to the investor you're going to see some sort of return, as a guarantee. It's not illegal if you're putting together accredited investors who are willing to do KYC and AML and be interested in investing a couple of hundred ETH in a project. So, I would say today a lot of ICOs are flocking to Korea to do a quick fundraising round because a lot of successful syndication is happening there. Second to Korea, I would say, is a battle between Singapore and Hong Kong. They're both very interesting, It's the one place where you can find people who speak English, but also all four of the languages of the tiger nations: Japanese, Mandarin, Cantonese, Korean, all in one place in Hong Kong and Singapore. But Singapore, you still can't get a bank account as an ICO. So they're bringing clarity on regulation and saying you can come here and you can get a lawyer and you can incorporate, but an ICO still has trouble getting a bank account. Hong Kong is simply closer in proximity to China, and China has a lot of ICOs that cannot raise money from Chinese citizens. So they can raise from anybody that's not Chinese, and they don't even have a white paper, a website, or even anybody in-house that can speak English. So they're lacking English materials, English websites, and people in their company that can communicate with the rest of the world in other languages other than Mandarin or Cantonese. And that's a problem that can be solved and bridges need to be built. People are looking in China for people to build that bridge, there's a lot of action going on in Hong Kong for that reason since even though technically it's a part of China it's still not a part of China, it's a tricky gray line. >> Right, in Japan a lot going on but it's still, it's Japan, it's kind of insulated. >> The Japanese government hasn't provided clarity on regulation yet. Just like in India we're waiting for September 11th for some clarity on regulation, same way in Japan, I don't know the exact date but we don't have enough clarity on regulation. I'm seeing good projects pop up in Korea, we're even doing some audits for some projects out of Japan, but we see them at other conferences outside of Japan as well. Coming up in Singapore is consensus, I'm hoping that Singapore will turn into a better place for quality conferences, but I'm not seeing a lot of quality action out of Singapore itself. Y'know, who's based in Singapore? Lots of family funds, lots of new exchanges, lots of big crypto advisory funds have offices there, but core ICOs, there was still a higher number of them in Korea, even in Japan, even. I'm not sure about the comparison between Japan and Singapore, but there is definitely a lot more in Korea. >> What about Switzerland, do you have any visibility there? Did you visit Switzerland? >> I was Zug, I was in Crypto Valley, visited Crypto Valley labs... >> What feels best for you? >> I don't know, Mother Earth! (laughs) >> All of the above. >> The point of bitcoin is for us to start being able to treat this earth as one, and as you navigate through the crypto circuit one thing as that is becoming more visible is the power of China partnering up with the Middle East and building a One Belt, One Road initiative. I feel like One Belt, One Road ties right into the future of crypto, and it's opening up the power of markets like the Philippines, Thailand, Malaysia, Singapore. >> What Gabriel's doing in the Caribbean with Barbados. >> Gabriel from Bit, yeah. >> Yeah, Bit, he's bringing them all together. >> Yeah, I mean the island nations are open arms to companies, and I think they will attract a lot of American companies for sure. >> So you're seeing certainly more, in some pockets, more advanced regulatory climates, outside of the United States, and the talent pool is substantial. >> So then, when it comes to talent pools, I believe it was in global commits for the language of Python, China is just on the verge of surpassing the United States, and there's a lot of just global breakthroughs happening, there's a large number of Full Stack engineers at a very high level in countries like China, India, Ukraine. These are three countries that I think are outliers in that a Full Stack Engineer, at the highest level in a country like India or Ukraine for example, would cost a company between $2,000 to $5,000 a month, to employ full time, in a country where they likely won't take stock to work for your company. >> Fifteen years ago those countries were outsource, "hey, outsource some cheap labor," no, now they're product teams or engineers, they're really building value. >> They're building their own things, in-house. >> And the power of new markets are opening up as you said, this is huge, huge. OK, Hartej, thanks so much for coming on, I know you got to go, you got your event October 9th to 11th in Las Vegas, Blockchain Security Conference. >> The CUBE will be there. >> I look forward to having you there. >> You guys are the leader in Blockchain security, congratulations, hosho.io, check it out. Hosho.io, October 9th, mark your calendars. The CUBE, we are live here in Toronto, for the Blockchain Futurist Conference, with our good friend, CUBE alumni Hartej. I'm John Furrier, Dave Vellante, be right back with more live coverage from the Untraceable event here in Toronto, after this short break.

(upbeat music) >> Narrator: Live from Nassau, in the Bahamas it's theCUBE. Covering POLYCON18. >> Hello welcome back everyone this is theCUBE's exclusive coverage from the Bahamas, we are here at POLYCON18 Put on by Polymath and Grit Capital This is an amazing event, it's really the cryptocurrency, blockchain, token economics, the decentralized future-internet is happening now. The industry if forming, CUBE is starting its 2018 run. We'll cover all the top events this year, in the cryptos. As you know, we know cloud, big data, we do all those other events, we'll start covering in a big way because the ecosystem is formed, you're seeing people making money. The early whales, the big guys, now you've got institutional investors coming in, a real ecosystem dynamic. This is what industries look like when they're formed. Our next guest is Carlos Domingo, founder of and managing partner at SPiCE VC, and the founder and chairman at Securitize. One of the tell-signs of a maturing ecosystem that's growing very fast is companies that are adding value. You're one of them, Carlos. >> Thank you. >> Welcome to theCUBE. >> Thank you, thank you guys for having me here. >> So, you know Dave Vellante who just had to jump on a plane 'cause the snowstorm in Boston would comment, he would say, 'cause we talk about this all the time, "You know you look "for the big waves, and you see what's happening. "But How do you know when there's a tipping point "in a new industry?" And that when there's stuff being created, value being captured, industry being formed with an ecosystem, and a community, this is absolutely happening. >> Correct. >> You're bringing a very valuable service to market. You guys self-funded this operation, Securitize. You're automating other value chains that were old guard businesses in a new way. >> Correct. >> Take a minute to explain Securitize, why the idea, what you guys have built, what you've got going on, and, What's the disruption of that product? >> Good, so the idea came originally 'cause last year me and my partners, we wanted to tokenize a VC fund. And basically show a security token that contains the economic rights of the fund as a way to provide liquidity to the investors because liquidity on the VC space is one of the biggest problems, right, you invest money and it takes like seven to 10 years and then you can actually get your money back. So we had that idea, at that time Blockchain Capital had done one security token, was the first security token, for a 10 million dollar offering, and we wanted to kind of build on that, so we went out and looked for people that could actually do the issuance of the security token in a regulated way, so the KYC, the AML, the accreditation process per country, not just for the US. And basically ran the ICO in a secure way with secure wallets for different cryptocurrencies, and then also have the smart contract issuing the token, but also smart contract managing what happens with the token on the secondary market, which is very important, right? 'Cause see, in the secondary market the tokens can actually move from a wallet to a wallet, and suddenly you're outside the regulatory framework that you protected at the beginning Right, so we went out and talked to Polymath and many, the few companies that were doing that and no one was actually ready with a platform last year, so, we are all tech entrepreneurs and product people, so we did what we know how to do, we hire a CTO, hire engineers and went and built our own platform for SPiCE VC, for tokenizing the fund. And then when we announced the project around September, October last year, I posted a Medium about the investment process, and the screenshots of the path and how it works, all the features that it has, we also integrated Bancorp as the central exchange to provide liquidity. And then started of getting flooded with people saying, wow, this is very cool yeah, we wanted to do security tokens, think this is the future, and no one actually is ready with the platform and you guys seem to have one, so who has built it? And I told people, we built it, this is our platform. And then we took the decision last year to basically separate the platform from the fund. And the fund becoming the first customer, and we created Securitize. Which is basically an end-to-end issuance platform for security tokens. >> And so this is really filling a void for people who want to either raise money for a startup-like venture, And then also maybe want to raise cryptocurrency in capital for growing a business that they're tokenizing. That's a big trend, so you've got the startup, hey I've got a great idea with a whitepaper, we're going to revolutionize the world, People are interested, some people call it the dumbest idea they've ever seen, which turns into a billion-dollar idea, because that's the way it works. (laughs) So got to raise some cash. And then there's the businesses that are growing saying, you know, I can grow with working capital in a tokenized environment, 'cause the business model shifts for that. >> Correct, I think that what people don't realize is that you know, getting actual liquidity in a market, like doing an IPO is either very difficult, or very expensive, or both things. >> John: Yeah, and the hurdle's very high. >> Yeah, the hurdle is very high, the cost could be like 10 to 12% of the money you raise you know paying the underwriters and paying everyone to get it done, so I think that what tokenizing real assets, like asset-backed tokens or security tokens, this basically allows for two things. One is the network of investors you can actually reach is anyone with an internet connection that within the regulation in their country are allowed to invest. So suddenly you've multiplied by 100 the reach you have of potentially finding investors. And second, is it's cheaper to do it. There's less friction. Third, is managing all of these thousands of investors would not be possible in the traditional financial system, right? Because you have investors from many countries, with different currencies, different bank accounts, different banks, and with the smart contract and tokens you can automate the entire process, >> And from your accent you're obviously not in the US, not an american but you're from? >> I'm from Barcelona. >> Barcelona, so you're really laid back, you're chill about this, but you're hardcore techie, right? >> (laughs) Yes. >> Okay, so let me just go through the process here, so what's interesting to me is, first of all, I love cloud computing and I think what DevOps has done in software with open-source that's clearly, in line with crypto market scene, mission. Automation is a really big deal, when you can automate something down to efficient process, you're doing it, you guys are doing this different, it's well not different it's automated, great, but the investment piece is accredited investors, right? Am I getting it right? >> It depends on the jurisdiction. So, most countries have security laws, so what our platform does, is we'll actually identify through the KYC on the name of the investor, and depending on the jurisdiction where you're from, we will apply a different rule, because in the US it is accredited investors only but in other countries you can take the small portion of retail. Also the meaning of accredited investor is different, how you actually comply with that, the documentation you need to collect or not collect for validating that someone's an accredited investor is not the same in the US and in other jurisdictions. >> Alright so, here's the problem that I see you solving, correct me if I'm wrong, if I'm a company XYZ Corporation, we're growing like crazy and we can tokenize our business, and we say hey, we could raise a token, 'cause we actually have a product and security token is a great vehicle, and so they go their lawyer well you're in the US, you can only use accredited investors, if you want to go outside the US you got to go to the Cayman Islands or somewhere else, set up a new company and do all that stuff, 'cause they have to manage the process, and they got to go find investors, that's hard! >> That's hard. >> Okay, do you solve that problem for them? >> We streamline the problem, so basically, first the fact that you setup a company in Cayman doesn't actually prevent you from, you know, the regulations in each country because the regulators care about where the investor sits, not where the company is. So what we solve the problem, is basically allow them to provide a liquidity event through fundraising and provide liquidity for the investors on the secondary market, so we basically will save them the trouble of having to figure out how to do all these processes country-by-country. >> So it's a liquidity value, too, so it's also getting the process done, streamlined, and then managing some liquidity challenges that the company would have to put cycles into managing it. >> Exactly. >> Okay so here's a question, so this is like a consulting hour for the people watching. I'm a company, XYZ Corporation I want to tokenize my business, now, we've been up and running for a few years and say hey, Securitize is really interesting, these guys are amazing, the same ethos as us, they're cloud guys, they're automating. Let's just go through them. We sign up, we apply to yo. What we do, do we have to set up a new company, is there risk issues, what's your advice on the playbook? >> So the fact, because you're using a security you don't actually have to go through all the jurisdictions, right? You can just do it from wherever you are, because you're issuing a security that assigns some economic interest on you your business, right? Now in terms of us, we're trying to become kind of like a quality security token ICO place, so we create a lot and decide which ones we bring on board or not, first, because we have so many, we have hundreds of leads coming to us all the time. And secondly, because we want to make sure that people who we're securitizing, that those are quality companies that we've vetted, and our lawyers have checked that the company's interesting, that the company is going to do well not only and the fundraising, but later down the road, so, >> What about the legal and regulatory challenges? So again, most people do a new code because they want to protect their corporate shield, there's a corporate shield to protect themselves, you know investors are always are gun-shy or trigger-happy when it comes to suing people. Especially in this economy. How does an entrepreneur or business manager protect against that, do you guys handle some of that, or is it just a buyer beware kind of thing? >> No, so we work with our attorneys, Colten in New York they specialize in securities, and we basically will advise the customer that actually uses our attorneys because they are very experienced in doing this, and in terms of protection, in a security token you're not just getting the token, you're actually signing a subscription agreement which is a legal binding document that explains exactly what the token is going to do, and there's and information memorandum which is basically describing what the business is going to do. So there's a legal framework, off-chain if you want alongside the on-chain token and the smart contract side. >> So all that stuff's happened, so awesome. Alright so we're going to change gears here, Carlos. Talk about, talk about you, why, why do this? What drove you here, are you scratching an itch or are you serial entrepreneur, how did you get here, what's the story? >> So the story is I've been, this is like the third phase of my career. My first 10 years of career, I was at the middle of the dot-com boom, I took company public in Inashik, Japan. And then went through years of corporate companies and then everything crashed so I lived both the up and the down. The second part of my career started in 2006 and then lasted another 10 years, which is during Telefonica, one of the largest telcos in the world, and I lived through all the mobile boom with the iPhone coming out in 2007 and 2008 and all the excitement happening in the industry but to me it was the opposite, I was looking for what is the next thing I do, because all these industries are now not as exciting anymore. So I came across blockchain and crypto, two things. One is I was doing a project in small cities and Dubai, where I live, where we started looking at blockchain and ran some pilots and then one of my colleagues, and friend, Brendan Eich who is the founder of Mozilla and he actually did an ICO for a company called Brave in March last year, when I saw that-- >> Brave browser? >> Yeah, yeah. >> Very familiar, great, great offering. >> He's a great entrepreneur, the guy's invented JavaScript and when I saw he did that, I met him actually a year ago and I met him this week as well in Barcelona at Mobile World Congress and when I say what he did I was like wow this is very revolutionary, right, so this is a completely different way of raising money and it's also a great way for investors because you get liquidity so why not get there and find a project. So, I started with one and then-- >> Serial entrepreneur, great story, lot of experience coming into cryptos, you got some young guns who are inventing, and making some cash, and doing well, also starting funds. You've got developers and business entrepreneurs who are successful and they're becoming investors and then you got the pros coming in, alpha geeks, serial entrepreneurs, pros on the banking side, all think differently, and they see the vision, so I got to ask you, what is your vision of the decentralized internet? You've seen how telcos work and you know their challenge is over the top content, centralized organization, you see what Brave's doing, you've lived the dot-com up and down, what's your vision of decentralized internet, how would you describe how big the wave is, and what's the opportunity? >> So I think that if you think of why people were excited in 1994 1995 over the internet, it was precisely because the internet promised decentralization back then, right? So there were all these protocols that allow you to move voice, move data, move webpages that we're going to disintermediate people. And what happened is that a lot of traditional players got disintermediated but then the weight shifted into players which are now high concentrated and centralized, right, everything on Facebook or Google. So I think that the excitement around crypto's about making a reality, the decentralized internet that didn't happen the first time. And I think that because the protocols have a way to monetize, and there's an economic incentive to be part of the network, this time will be different. >> Cloud computing has also helped a little bit, too. Because with open source and cloud computing you have a great creative environment on technology's side. >> Correct, this is like open-source money if you want to think about like crypto. So I think yes, the fact that the maturity of some adjacent technologies is helping this move faster. >> And open-source has been a proven formula, one, second tier citizen when I was growing up in the open-source community, I remember people were poo-pooing Linux back in the day, and all of the sudden now it's tier one powering the world, and now you have community modeling around how that worked, how would you compare and contrast? And you have other things coming into this, too. You've got cryptography systems you've got gamers and cryptocurrency and you got cloud, how would you tease out the industry and describe the cryptocurrency and the blockchain communities, I mean it's kind of a confluence of a lot of-- >> I think it's a very interesting industry and it has forced myself also to have to learn about adjacent topics, right, because you've got to understand about technology, but you've got to understand about software, cryptography, you've got to understand about finance and economy to understand what a monetary policy is and how you're going to define that into your token. You've got to understand about finance if you do security tokens, you know securities laws, so it is fascinating because of this confluence of different things. >> We were having a joke on one of our broadcasts, I said to my co-host, these startups will soon have a CTO, a CEO, and a Chief Economic Officer, I mean this is kind of token economics! >> Makes all the sense. >> I mean you're going to have to say, hey do we increase the coin rate, do we drop this down? >> A legal counselor. >> I mean it's a big human dynamic there. >> I think this is for me why I am so excited about it. 'cause I was kind of bored of being in an industry for 10 years, you feel that you already know more or less everything, and yet there's new things coming, but are kind of like incremental improvements. This feels like an exponential improvement, something is going to really change things, and as you said it forces you to understand more disciplines than just software technology. >> I mean to use a California example, to end the segment, you know you see the waves coming and the surfers grabbing their boards, and they're on the wave hangin' 10. And that's what's going on, you see the best people attracted to this space because there's problems or opportunities, there's challenges and there's a social impact, mission-driven impact. And I think people are seeing that, and it's attracting new entrants into the space, from banking, all sectors now coming in, they're seeing the ecosystem develop, how would you see that going, because, you do agree that the ecosystem is forming pretty quickly. >> It is forming very, very quickly, surprisingly quickly. And I think that one of the things you mentioned is the fact that, people like me or other people that come from you know long-standing backgrounds in tech are moving into this industry who are also making the industry kind of grow faster, because the industry is a bit immature if you want, in terms of everything technology. This is why there's so many hacks, the usability of the products is still not there, so as more people from a traditional tech industry move here, and start building good products, this will actually change very quickly. >> Great leadership, Carlos, on your end, congratulations. You're seeing an opportunity and you're making a difference. You're putting out a great product service I think people are going to use a lot of, and looking forward to chatting more about it and of course you got to VC fund, and you're doing some investments, you put some skin in the game as well, with your companies, congratulations. This is theCUBE live coverage we'll be back with more, here in the Bahamas, and our friend from Barcelona here. Great entrepreneur, looking forward to chatting more about the decentralized economics, the technology, how the value will be captured, the technology that's going to enable that and the impact to society. It's theCUBE, more live coverage after this short break. (upbeat music)

>> Narrator: Live from Nassau in the Bahamas. It's The Cube! Covering PolyCon 18. Brought to you by PolyMath. >> Welcome back everyone, we're live here in the Bahamas with The Cube's exclusive coverage of PolyCon 18, I'm John Furrier with my co-host Dave Vellante, both co-founders of SiliconANGLE. We start our coverage of the crypto-currency ICO, blockchain, decentralized world internet that it is becoming. It's the beginning of our tour, 2018. Our next guest is Hartej Sawhney who's the advisor at Pink Sky Capital, but also the co-founder of Hosho.io. Welcome to The Cube. >> Thank you so much. >> Hey thanks for coming on. Thanks for coming on. >> Thanks guys. >> We had a great chat last night, and you do some real good work. You're one of the smartest guys in the business. Got a great reputation. A lot of good stuff going on. So, take a minute to talk about who you are, what you're working on, what you're doing, and the projects you're involved in. >> So first of all, thank you so much for having me, it's really exciting to see the progress of high-quality content being created in the space. So my name is Hartej Sawhney. We have a team based in Las Vegas. I've been based in Las Vegas for about five years. But I was born and raised in central New Jersey, in Princeton. And my co-founder is Yo Sup Quan. We started this company about seven months ago and my co-founder's background was he's the co-founder of Coin Sighter in Exchange out of New York, which exited to Kraken. After that he started Launch Key which exited to Iovation. And prior to this company, my previous company was Zuldi, Z-U-L-D-I .com where we had a mobile point of sale system specifically for high volume food and beverage companies and businesses. So we were focused on Fintech and mobile point of sale and payment processing. So both of us have a unique background in both Fintech and cyber-security and my co-founder Yo, he's a managing partner of a crypto hedge fund named Pink Sky Capital. And he was doing diligence for Pink Sky, and he realized that the quality of the smart contracts he was seeing for deals that he wanted to participate as an investor in, and I'm an advisor in that hedge fund, we both realized that essentially the quality of these smart contracts is extremely low. And that there was nobody in this space that we saw laser focused on just blockchain security. And all the solutions that would be entailed in there. And so we began focusing on just auditing smart contracts, doing a line-by-line code review of each smart contract that's written, conducting a GAS analysis, and conducting a static analysis, making sure that the smart contract does what the white paper says, and then putting a seal of approval on that smart contract to mitigate risk. So that the code has not been changed once we've done an analysis of it, that there's no security vulnerabilities in this code, and that we can mitigate the risks for exchanges and for investors that someone has done a thorough code analysis of this. That there's no chance that this is going to be hacked, that money won't be stolen, money won't be lost, and that there's no chance of a security vulnerability on this. And we put our company's name and reputation on this. >> And what was the problem that is the alternative to that? Was there just poorly written code? Was it updated code? Was it gas was too expensive? They were doing off-chain transactions. I mean what are some of the dynamics that lead you guys down this path? I mean this makes sense. You're kind of underwriting the code, or you're ensuring it or I don't know what you call it, but essentially verifying it. What was the problem? And what were some of the use cases of problems? >> I would say that the underlying problem today in this whole industry, of the blockchain space, is that the most commonly found blockchain is Ethereum. The language behind Ethereum is called Solidity. Solidity is a brand new software language that very few people in the world are sufficient programmers in Solidity. On top of that, Solidity is updated, as a language on a weekly basis. So there are a very limited number of engineers in the world who are full-stack engineers, that have studied and understand Solidity, that have a security background, and have a QA mindset. Everything that I just said does exist on this Earth today and if it does, there's a chance that that person has made too much money to want to get out of bed. Because Ethereum's price has gone up. So the quality of smart contracts that we're seeing being written by even development shops, the developers building them are actually not full-stack engineers, they're web developers who have learned the language Solidity and so thus we believe that the quality of the code has been significantly low. We're finding lots of critical vulnerabilities. In fact, 100% of the time that Hosho has audited code for a smart contract, we have found at least a couple of vulnerabilities. Even as a second or the third auditor after other companies conduct an audit, we always find a vulnerability. >> And is it correct that Solidity is much more easy to work with than say, Bitcoin scripting language, so you can do a lot more with it, so you're getting a lot more, I don't want to say rogue code, but maybe that's what it is. Is that right? Is that the nature of the theory? >> Compared to Bitcoin script, yes. But compared to JavaScript, no. Because Fortune 500 companies have rooms full of Java engineers, Java developers. And now the newer blockchains are being written, are being written on in block JavaScript, right? So you have IBM's Hyperledger program, you have EOS, you have ICX, Cardano, Stellar, Waves, Neo, there's so many new projects that are coming, that all of them are flexing about the same thing. Including Rootstock, RSK. RSK is a project where they're allowing smart contracts to be tied to the Bitcoin blockchain for the first time ever. Right, so Fortune 500 companies may take advantage of the fact that they have Java developers to take advantage of already, that already work for them, who could easily write to a new blockchain, and possibly these new blockchains are more enterprise grade and able to take more institutional capital. But only time will tell. And us as the auditor, we want to see more code from these newer blockchains, and we want to see more developers actually put in commits. Because it's what matters the most, is where are the developers putting in commits and right now maximum developers are on the Ethereum blockchain. >> Is that, the numbers I mean. Just take a step there. So the theory of blockchain. Percentage of developers vis-a-vis other platforms percentages-- >> By far the most is on developed on Ethereum. >> And in terms of code, obviously the efficiencies that are not yet realized, 'cause there's not enough cycles of coding going on, it's evolution, right? >> Yes. >> Seems to be the problem, wouldn't you say? So a combination of full-stack developer requirements, >> Yes. >> To people who aren't proficient in all levels of the stack. >> Yes. >> Just are inefficient in the coding. It's not a ding on the developers, it's just they're writing code and they miss something, right? Or maybe they're not sufficient in the language-- >> It's a new language. The functions are being updated on a weekly basis, so sometimes you copied and pasted a part of another contract, that came from a very sophisticated project, so they'll say to us, well we copied and pasted this portion from EOS, so it should be great. But what that's leading to is either A, they're using a function that's now outdated, or B, by copying and pasting someone else's code from their smart contract, this smart contract is no longer doing what you intended it to do. >> So now Hartej, how much of your capability is human versus machine? >> Yeah I was going to ask that. >> ML, AI type stuff? >> So we're increasingly becoming automated, but because of the over, there's so much demand in the space. And we've had so much demand to consistently conduct audits, it's tough to pull my engineers away from conducting an audit to work on the tooling to automate the audit, right? And so we are building a lot of proprietary tooling to speed up the process, to automate conducting a GAS analysis, where we make sure you're not clogging up the blockchain by using too much GAS. Static analysis, we're trying to automate that as fast as possible. But what's a bit more difficult to automate, at least right now, is when we have a qualified full-stack engineer read the white paper or the source of truth and make sure the smart contract actually does it, that is, it's a bit longer tail where you're leveraging machine learning and AI to make that fully automated. (talking over each other) >> But maybe is that, I'm sorry John. Is that the long term model or do you think you can actually, I mean there's people that say augmented intelligence is going to be a combination of humans and machines, what do you think? >> I think it's going to be a combination for a long time. Every single day that we audit code, our process gets faster and faster and faster because once we find a vulnerability, finding that same vulnerability next time will be faster and easier and faster and easier. And so as time goes on, we see it as, since the bundle of our work today is ICOs, token generation events, there are ERC 20 tokens on the Ethereum blockchain. And we don't know how long this party will last. Like maybe in a couple years or a couple months, we have a big twist in the ICO space that the numbers will drastically go down. The long tail of Hosho's business for us, is to keep track of people writing smart contracts, period. But we think they are going to become more functional smart contracts where the entire business is on a smart contract and they've cut out sophisticated middle men. Right and it may be less ICOs, and in those cases I mean, if you're a publicly traded company, and you're going from R&D phase where you wrote a smart contract and now actually going to deploy it, I think the publicly traded company's going to do three to five audits. They're going to do multiple audits and take security as a very major concern. And in the space today, security is not being discussed nearly as much as it should. We have the best hedge funds cutting checks into companies, before the smart contract is even written, let alone audited. And so we're trying to partner with all the biggest hedge funds and tell the hedge funds to mandate that if you cut a check into a company that is going to do a token generation event, that they need to guarantee that they're going to at least value security, both in-house for the company and for the smart contract that's going to be written. >> How much do you charge for this? I mean just ballpark. Is it a range of purchase price, sales price? What's the average engagement go for, is it on a scope of work? Statement of work? Or is it license? I mean how does it work? >> So first it depends is it a penetration test of the website or the exchange? Penetration testing of exchanges are far more complex than just a website. Or if it's a smart contract audit, is it an ICO or is it a functional smart contract? In either case for the smart contract audit, we have to build a long set of custom tooling to attack each and every smart contract. So it's definitely very case-by-case. But a ballpark that we could maybe give is somewhere around the lines of 10 to 15 thousand dollars per 100 lines of functional code. And we ask for about three weeks of lead time for both a smart contract audit and a penetration test. And surprisingly in this space, some of the highest caliber companies and high caliber projects with the best teams, are coming to us far too late to get a security audit and a penetration test. So after months of fundraising and a private pre-sale and another pre-sale, and going and throwing parties and events and conferences to increase the excitement for participating in their token sale, what we think is the most important part, the security audit for a smart contract is left to the last week before your ICO. And a ridiculous number of companies are coming to us within seven days of the token sale, >> John: Scrambling. >> Scrambling, and we're saying but we've seen you at seven conferences, I think that we need to delay your ICO by two or three weeks. We can assure you that all of your investors will say thank you for valuing security, because this is irreversible. Once this goes live and the smart contract is deployed. >> Horse is out of the barn. >> It's irreversible. >> Right right. >> And once we seal the code, no one should touch it. >> It's always the case with security, it's bolted on at the last minute. >> It's like back road recovery too, oh we'll just back it up. It's an architectural decision we should have made that months ago. So question for you, the smart contract, because again I'm just getting my wires crossed, 'cause there's levels of smart contracts. So if we, hypothetical ICO or we're doing smart contracts for our audience that's going to come out soon. But see that's more transactional. There's security token sales, >> Yes. >> That are essentially, can be ERC 20 tokens, and that's not huge numbers. It could be big, but not massive. Not a lot transaction costs. That's a contract, right? That's a smart contract? >> People are writing smart contracts to conduct a token generational event, most commonly for an ERC 20 token, that's correct. >> Okay so that's the big, I call that the big enchilada. That's the big-- >> Right now that is the most important, the most common. >> Okay so as you go in the future, I can envision a day where in our community, people going to be doing smart contracts peer-to-peer. >> Sure. >> How does that work? Is that a boiler plate? Is is audited, then it's going to be audited every time? Do the smart contracts get smaller? I mean what's your vision on that? Because we are envisioning a day where people in our audience will say hey Hartej, let's do a white paper together, let's write it together, have a handshake, do a smart contract click, click. Lock it in. And charge a dollar a download, get a million downloads, we split it. >> I envision a day where you can have a more drag and drop smart contract and not need a technical developer to be a full-stack engineer to have to write your smart contract. Yes I totally envision that day. >> John: But that's not today. >> We are very far from that today. >> Dave, kill that project. >> We're so far, we're very far from that. We're light years far from that. >> Okay well look. If we can't eliminate the full-stack engineers, I'm okay with that. Can we eliminate the lawyers? At least minimize them. >> We can minimize them possibly, but we have five stacks of lawyers for our company, I don't see them going anywhere. We need lawyers all the time. >> I see that in the press sometimes, yeah it's going to get disrupted. I don't see it happening. Okay we were having a great conversation off-camera about what makes a good ICO. You see, you have a huge observation space. And you were very opinionated. A lot of companies are out there just floating a token because they're trying to raise money. And they could do the same thing with Ethereum or Bitcoin. >> That's correct. >> Your thoughts? >> My thoughts are that it's very important for companies who are sophisticated, I think, to start by giving away a little bit of equity in the business. And that if you want to be in the blockchain space, and you really firmly believe you have a model to have a token within a decentralized application, I would still start by finding quality investors in the space, in the world. They might be still in Silicon Valley. Silicon Valley didn't just disappear overnight now that the blockchain is out. I am all for the fact that Silicon Valley no longer has as much of a grip on tech because of their blockchain world. And they're not seeing as much deal flow, and there's not as much reliance on venture capitalists, that's exciting to me. But let's not forget the value, that top-tier VCs like Andreessen Horowitz and Vinod Khosla. and Fintech VCs like Commerce Ventures and Nyca Partners in New York, Propel VC, these are good Fintech VC arms that continue to time and time again add immense value to companies. >> And they have networks. They add value. >> They have strong-valued networks, but they're just not going to disappear. And those VCs, if they've invested into a company, took a board seat, fostered their growth, taught them what it means to actually be a real business that's growing at 7-15% week over week, maybe two years down the line, after they've given away a board seat to someone like Nyca Partners, I would be interested in understanding what your token economics look like. Now that you have a revenue generating business, how you've placed a token model into this already running business that makes 25 to 50 grand a month and you have a team of 10, self-sustaining themselves off of revenue. Much more intriguing of a conversation. What's happening today in the space is, hey my buddy Jim and Steve and I came up with an idea for this business. There's going to be a token, and we're starting a private pre-sale tomorrow. I'm going to give you 300% bonus and will you be my advisor? And they're going to start raising capital because of an idea. You know what we used to say in the Silicon Valley startup world, you can raise on just a PowerPoint. I think in the blockchain world, you could raise on just an idea? And then maybe a white paper? And the white paper is one page? And so you've raised a bunch of capital, you have a white paper. >> Now you got to build it. >> Now you got to build, you got to write a smart contract, you got to build it, you got to do it, and then everyone loses excitement and it goes back to our previous conversation the development talent. So, another thing not being discussed in the space is company employee retention, right? So if you have a growing number of ICOs, that have very large budgets because investors have found a way to sink millions of dollars into a company early, you've got $5 million in the hands of a company to start, well this company can afford to pay someone a very ridiculous salary to come join them to write the smart contract now. So they could offer an engineer 500 Eth a month to come join them for three months. So you have good engineers just bouncing from one ICO to the next and as soon as the ICO goes live, they quit. This is a problem to companies who are-- >> It's migration, out migration. >> How do you retain, even capital? >> Companies like Hosho, ShapeShift, companies that are selling picks and shovels of the industry, that want to be household names in the space, we have to really think about how we're going to retain our employees in the space. >> So the recruitment and bringing on the new generation, we were also talking off camera about Bill Tye and the younger generation and kind of riffing on the notion that, because there is a new set of mission-driven developers and builders, on the business side as well. Your thoughts and reaction to what you see and what you see that's good and what you see that we need more of? >> So the most powerful thing in the blockchain space that I think is so exciting is that you have a lot of people between the age of 25 and 35 that don't come from money, that didn't go to Stanford, didn't go to Y Combinator, they're probably not white, from-- >> John: Ivy League schools. >> Ivy League schools. I'm not trying to make it about race, but if you're a white male and went to Stanford and went to Y Combinator, chances of you raising VC money on sand hill are a lot higher, right? And you have a guy looking like me who didn't go to Stanford, doesn't come from money, running up and down sand hill, I have personally faced that battle and it wasn't easy. And we were based in Vegas and so being based in Vegas, I'd also have to deal with so why do you live in Vegas? When are you going to move to Silicon Valley? And if we invest in you, you're going to open an office in sand hill right? And now in the blockchain world, what's exciting is you have so many heavy-hitters running as founders, some of the most successful companies in the space, who don't come from money and a big prestigious background, but they're honest, they're hard-working, they're putting in 12 to 15 hours of work every single day, seven days a week. And to space, six weeks is like six years. And we all have a level of trust that goes back to times when we were all running struggling startups. And so our bond is, to me, even more significant than what must have been between Keith Rabois and Peter Thiel in the PayPal Mafia. We have our own mafias being formed of much stronger bonds of younger people who will be able to share much more significant deal flow so if the PayPal Mafia was able to join forces to punch out companies like eBay and Square, wait 'til companies in this space, we have young, heavy-hitters right now who are non-reliant on some of the more traditional older folks. Wait 'til you see what happens in the next couple years. >> Hartej, great conversation. And I want to get one more question in. We've seen Keiretsu Forum, mafias, teams more than ever as community becomes an integral part of vetting and by the way trust, you have unwritten rules. I mean baseball, Dave and I used to do sports analogies. >> Self-governance. >> Reggie Jackson talked about unwritten rules and it works. If you beam the batter, the other guy, your best star, your side's going to get beamed. That's an unwritten rule. These are what keeps things going, balanced through the course of a season. What are the unwritten rules in the Ethos right now? >> Honesty, transparency, and that's the key. We need self-governance. This is a very unregulated market. There's rules being broken by people who are ignorant to the rules. The most common rule I've seen being broken is by people who are not broker dealers, running around fundraising capital, they don't even know what an institutional advisor license is. They don't know what a Series 7 and a Series 63 is. I asked a guy just last night, he said I'm pooling capital, I'm syndicating, let me know if you want in on the deal. And I said when did you take your Series 7? He goes what's that? Get away from me. You're an American, you need to look up what US securities laws are and make sure that you're playing by the rules and if someone who doesn't know the rules has entered our inner circle of investors, of advisors, of people sharing deal flow, we have a good network of people that are closing the loop for companies, whether it's lawyers, investors, exchanges, security auditors, people who write smart contracts, dev shops, people who write white papers, PR marketing, people who do the road show, there's a full circle-- >> So people are actually doing work to put into the community, to know your neighbor if you will, know the deals that are going down, to identify potential trip wires that are being established by either bad actors or-- >> KYC, AML, this is a new space that's also attracting people that have a criminal background. Right? And that's just a harsh reality of the space. That in the United States if you have a felony on your record, maybe getting a job has become really difficult and you figured let's do an ICO, no one's going to check my record. That is a reality of the space. Another reality is the money that was invested into this entire ICO clean. Right, that's a massive issue for the US government right now. It's been less than 15 hours since the SEC has issued actually subpoenas to people on this exact topic, today. >> This is a great topic, we'd like to do more on. >> Dozens of them. >> We'd like to continue to keep in touch with you on The Cube. Obviously you're welcome anytime, loved your insight. Certainly we'd love to have you be an advisor on our mission, you're welcome anytime. >> For sure, let's talk about it. Come out to Las Vegas. Hosho's always happy to host you. >> John And Dave: We're there all the time. >> The Cube lives at the sands. >> It's our second home. >> Come by Hosho's office and let us know. Vegas is our home. We are hosting a conference in Vegas after DEFCON. So DEFCON is the biggest security conference in the world. You have the best black hats and white hats show up as security experts in Vegas and right on the tail end of it, Hosho's going to host a very exclusive invite-only conference. >> What's it called? Just Hosho Conference? >> Just Blockchain. It'll be called the just, it'll be by the Just Blockchain Group and Hosho's the main backer behind it. >> Well we appreciate your integrity and your sharing here on The Cube, and again you're paying it forward in the community, that's great. Ethos we love that. That's our mission here, paying it forward content. Here in the Bahamas. Live coverage here at PolyCon 18. We're talking about securitized token, a decentralized future for awesome things happening. I'm Jeff Furrier, Dave Vellante. We'll be back with more after this short break. (upbeat music)

(upbeat dramatic music) >> Hello, everyone, welcome to the Cube Conversation, here in Palo Alto Studios, for The Cube. I'm John Furrier, the cohost of The Cube, co-founder of Silicon Angle Media. We are here for Thought Leader Thursday, with Mitzi Chang. She's a securities attorney and partner at Goodwin. Formerly Goodwin Proctor, Goodwin Proctor's the name. Again, great to have you on. Thanks for coming in and talking about some of the securities around Blockchain ICO's. You guys doing a lot of work, thanks for coming in. >> Thanks for having me. >> So, obviously, Blockchain is the hottest thing we're seeing. AI, obviously, is hot as well, IOT, all of this about a new, decentralized internet. And it's the wild west. And we know because we're looking at doing our Blockchain and tokens for The Cube and all that good stuff. So we're totally love the new environment. Everyone, all the light tier one entrepreneurs are licking their chops and going, ah, man, good action. And a lot of the thought leaders are saying this is a fundamental shift. So it's cool, we get that. But now, okay, is the technology ahead of the law? And, just today, the news is breaking that the SEC is now putting a clampdown on a new thing, celebrity endorsements, into ICO's initial coin offering. So, yeah, you're a securities attorney. You have to sit back there and, like, wire these deals together. >> Right. >> What's going on, I mean, is the law behind the tech? How are you guys managing it, what's the flow look like for you? >> Yeah, I mean, I think that the law is almost always behind the technology, right. That's just how it works. I mean, from our perspective, you know, we represent tons of companies on normal securities law, or securities issuances. And this can be similar, depending on how the token is structured. So, you know, the SEC said in its July guidance that tokens can be securities, depending on the facts. A part of what we do, as lawyers, is review the facts of the token, right. What does the token do, how do you treat the token, how are you issuing the token, how are you marketing the token? Are there securities-like features of the token? So, for example. Does it have profit sharing features? Does it have voting features? Those are pretty obviously more security-like features. But, also, you know, in the token ecosystem, are you treating it like you would equity? So, for example, you know, are you putting vesting conditions on there? Are you marketing it to VC's who may never use your network? Those are some factors that make it look like more security. Versus a utility. >> You guys also, I mean, I've been in Silicon Valley now 18 years, and been an entrepreneur for longer, and entrepreneurs are always three feet in a cloud of dust, breaking things in the bowl in the China shop, as they say, and have to get the lawyers to kind of clean things up or set things straight. Securities is a known practice, but now there's some kind of bumps in the road but still people are moving forward. So I got to ask you, what's the test? I mean, we hear things like the Howey Test. >> Mm hmm. >> What are some of the things that entrepreneurs should know around where to pay attention? Kind of where to put their head down and drive because there are known practices, on the security site you mentioned, a few of them, but where's the test? What's the one thing, is it the Howey Test? What is this Howey Test concept? And what other things should entrepreneurs know about? >> Right, so I think, you know, the Howey Test is a test that was in CaseLab that basically explains what is an investment contract. And an investment contract is what is considered a security. So, basically, the payment of money, you know, based on the efforts of others, where you kind of have the reasonable expectation of obtaining profits, right, from those efforts of others, versus yourself. So that's the general gist of it. So I think, from a securities law perspective, that's really important. Because there has been so much focus from the SEC. But there's also other regulatory agencies who are focused on this. Some of those are, you know, money transmitter laws. You know, there's potential commodities law issues. So there's definitely other regulatory regimes that could implicate the token. Or the token could be implicated in that regime. But I think the securities law one is one that I focus on. >> Yeah. >> And it's important to look at. >> Alright, so the first test is, okay, obviously, new internet infrastructure, different conversation, but the real law test is, is this token going to be an investment making money. >> Right. >> Or is it going to be a utility. One that provides values to the participants. Did I get that right? >> Yes, I would say, generally speaking, right. Is the token, you know, is it a use case? Or is it an investment? Am I expecting profits from that token? Or am I using it like an access fee or a membership? Or to obtain services. >> An arcade game, as Grant Fonda would say. >> Exactly. An arcade game is probably your best example. >> Yeah. Okay, so then the next test is I've heard of some things I'd like to get you to explain. What anti-money laundering or AML is. And KYC, Know Your Customer. And, obviously, Bitcoin has been kind of, you know, we've heard Silk Road stories, underbelly, a lot of bad things are happening, but anonymous is good. But here, financially, Know Your Customer is a specific thing that means something and then AML, anti-money laundering, how does that factor into this whole thing? >> Yeah, so I think for, you know, when you open a bank account, for example, right, your bank wants to know who you are. They'll obtain certain information from you. Whether it's your drivers license or passport. Where you obtained your funds. I mean, that's part of the Know Your Customer, anti-money laundering activity, right. >> And identity behind the, before you sign the thing. >> Right. So part of it is because cryptocurrency can be very anonymous, right. There are anonymous wallets that you're sending cryptocurrency to and from, you don't know who these people are. So part of it is making sure that you understand who your purchasers are. You don't want to run afoul of, you know, an anti-terrorist type, you know, regulations. The US government has several lists that they have online that you can search for names of folks that you don't need to be doing business with. So there's a lot of structures already in place. And part of that is just understanding who your purchasers are. >> And these are requirements on certain things, and the anti-money laundering exposes just audit trailing and certain things that you got to have as compliance things. >> Correct, correct. And so I think, in America, we don't normally, I would say if you were kind of outside of the US, this is probably a little bit more normal, right. People are used to doing it. I think, in America, maybe we're not as used to it. But these are not kind of new guidelines. This has always existed. >> Alright, so sometimes entrepreneurs are fast and loose with their, ah, screw the anti-money laundering thing. Or they get, I don't understand, that's too much work, I don't understand it. >> Yeah. >> So they blow it off. When do they have to not blow it off? When do you have to worry about, like, all these anti-money laundering things? Cause you have to, obviously, do more work. >> Right. >> Got to make sure you're checking the boxes, complying. That probably has overhead, costs money, or maybe write some new software. So we've been recommending that all of our clients who are in the token space and kind of obtaining, you know, digital currency, go through KYC and AML. Some of the digital currency exchanges, right. So in order, when you're receiving your digital currency and you need an account, >> Mm hmm. >> in order to exchange the digital currency into US dollars, for example, it's essentially like opening a bank account. So they're going to ask for all of the information with respect to how did you receive your digital currency. So part of that is you need to have that in place prior to actually launching your token sale so that you can kind of follow the flow of funds. >> So I was trying to find this image I would put up but I can't find it cause I'm on this computer, but I saw a thing on a conference, might have been Block Con, that you guys were at. I think you guys sponsored that event. Where the cost of doing an ICO can range from, they said, on the cheap end, they use the word cheap, not inexpensive, cheap, probably implying not get a good lawyer, a hundred K up to 750 thousand dollars. So, range of cost between hundred thousand and 750 thousand. From cheap to done right. >> Right. Right. >> Or expensive. Is that right or is that, what's the cost ranges? >> Yeah, I mean, I think there's a lot of players in the ecosystem, right. So there's the lawyers. And typically lawyers bill by the hour, so that's kind of how much time, you know, we're kind of looking at documents and things and helping you structure. There's the tax accountants. So part of that is also, you know, how much time they're spending. But some of it can be very complicated from a tax structuring perspective. Then there's the technical people, right. Unless you have that in house. To actually build your Blockchain network. Kind of help you with all of that, you know, the technical aspects of it. So software engineers, for example. Then there's the ICO consultants. Someone to kind of help you manage, quarterback the process, maybe help you with marketing the tokens to certain different websites, or help you with that. So, all of those together, I mean, yes, it can be very expensive, it kind of depends on how much of that you want to outsource. And how much of that you can do yourself. Obviously, you can't really do all that stuff yourself. >> So it's in the ranges. It could be in the ranges. >> Yeah. I mean, tax alone could kill you if you're looking at all kinds of complicated schemes or licensing agreements. >> Right. >> I mean. >> So all that, you want to make sure you're structuring the entity appropriately before you start it. >> Okay, so where do you get involved? So let's just say that, let's just walk through the day and day operations of, say, Goodwin. Okay, I've got to client. >> Yep. >> And, okay, you come in for the securities component. What does that mean? You just make sure they're incorporated properly? All the laws on the stock and then the tokens treatment? What specific things do you do? >> Sure, so, you know, once we kind of have brought the client in, after our conflicts procedures, and we've agreed to the engagement, part of depends on where they are. If they don't have a company, we'll help you form the company, right. And make sure that all of those startup documents have been appropriately done. Sometimes people have already, they're, you know, an actual company, right. We don't need to form them, they're already in existence. So then we look at pass the formation items and we look at the token issuance. So we'll look at your white paper. The white paper typically describes how the token works in the ecosystem and kind of what the company. >> You get involved in that, just to kind of check if it sounds. >> From a structuring perspective, right. Do we think this is a security? Or do we think it is leaning towards utility? And the SEC obviously has not said, what is a utility and what is a security. >> So that's the gray area? >> Yes. >> So the gray area is watch the language, be careful what you say. >> But also what you do, right. It's not just what you say, it's also what you do. So part of it is talking to the clients about what are you thinking, how are you envisioning this? Where can we help you kind of restructure or decrease your risks? >> And you guys become a safety net and help defend that too, obviously, as attorneys. But the clients still own, >> Correct. I mean, part of it is we give you advice. And the clients can take or not take our advice. But that's what we're here for. >> Do you guys offer a legal opinions behind these? I'm sure you don't. (laughs) >> We don't offer legal opinions. You know, we do do research memos on kind of where we think your token lies. But we don't do legal opinions. >> So have you guys talked to the SEC at Goodwin? I mean, do you guys have conversations? I don't know what goes on behind the curtain of the big law firms but I'm assuming that you guys are up to speed on all the notes and everything, but do you guys actually talk to people at the SEC? Is that how it works? Cause this is a cutting edge area, I'm sure you guys have to be on the cutting edge. >> Yeah, I mean we haven't had any clients, knock on wood, that have had to go through any of the SEC investigations on this. So, you know, we have not had, on behalf of our clients, had to talk to them about it. >> So that's good news, you guys doing good. >> Yeah. >> I know you guys doing over close to 30 plus ICO's, so congratulations. Is there a pattern that you've seen, from a legal standpoint, that you've seen emerging? Obviously, it's pretty clear, out in the market place, certainly the celebrity endorsement, Paris Hilton to the boxer dude and all kinds of stuff was going on where people were endorsing >> Right. >> things, so. Kind of, I don't want to say pump and dump, but that's a word that's been used in the dot com bubble, but people are saying a lot of these things are scams. And the majority of them aren't going to work out. So we've said, editorially here on The Cube and Silicon Angle, that failure doesn't mean scams. We had some failures, but certainly there are some scams. So has that caused people to pull back a little bit? And say, whoa, we're not going to go forward fast enough? Or is nothing stopping this, what's the pattern? >> Yeah, I would say, compared to a year ago, where there was no SEC guidance, right, there was no guidance from other regulator agencies, people were definitely going very quickly. I think now what we're seeing are more sophisticated clients. Clients who really want to make sure that they're following all of the legal requirements to the best that they can, given the grayness in the securities laws and other regimes. And a lot more of a thoughtfulness about, well, let's make sure that this works, right, we're not going to get into trouble. >> Have you seen any co-mingling between some of the traditional VC, venture capital investors or hedge funds, they're emerging, who want to come in and participate on the pure equity side, or the preferred stock or, more common, mostly prefer we see them. But, also, play in the tokens. Is there co-existence between participation? Or is it mostly they line up on the preferred and then let the tokens go here? Is there a pattern there that you see around how those securities are playing out? >> Yeah, I think a lot of people see value in the token ecosystem and they want to participate in that. And a lot of our venture capital clients, or our token clients who have VC investors, they want to participate. So we are definitely seeing people are very excited about it and want to kind of be a part of it. >> What about the presale concept? We're seeing a lot of people jump on the presale bandwagon because it allows them to, you know. It's not an inexpensive process. You guys, obviously, don't work for free. You guys have deals where, obviously, startups can come in. And you guys have a great startup program, I could testify that. You guys do have a good community participation there. But, at the end of the day, this is a legitimate process now. >> Mm Hmm. >> It costs money. You guys have to get paid. And service provides, like the tax attorneys got to get paid. So there's a lot, we see a lot of entrepreneurs doing that's presale. Where they try to offer this kind of discount. How is that working out and has that been going well? >> Yeah, I mean I think, you know, while the SEC has not commented on this, the practitioners and kind of the ecosystem, most people, I think, are considering that presale agreement prior to a network actually being live as a security. And, so, people are going out to accredited investors, sometimes that's VC, sometimes that's high net worth individuals. That's usually done through a SAFT, which is, it stands for Simple Agreement for Future Tokens, or a presale contribution agreement. So part of that is it's like a, you can liken it to a preferred stock financing. >> It's a known process. >> But it's not preferred stock. >> But it's a known vehicle for financing. >> Correct. >> It's not like it's tied to the ICO in a new vehicle. It's just like, okay, we're going to do something down the road, there's risks associated, all that stuff. >> Right, it's an investment contract. I'm giving you a million dollars to invest, to build up the platform. At the end of, when the platform launches, and, hopefully, when the network has utility and your token has utility, then you'll receive tokens. >> And this is good for innovation, because it gets everyone rolling a little bit. Is that, that kind of seems to be the pattern that I'm seeing. It's like, you know. >> It's basically like a seed round, alright. That's probably a really good example, is it's a seed round to get something started. That thing is not your company, it is your network. >> And it also sets the community. I've noticed on the Blockchain, these ICO communities are a very bit part of it. Goodwin's got a great reputation, certainly here in Silicon Valley, and around the world, as a law firm. This is a big part of it. So the presale's also kind of a gesture of credibility for the opportunity and I think, I mean, you know, people I talk to are like, hey, I look at what's going on in the presale, kind of as an indicator of who's involved, judged by the company that you keep kind of thing. So that's interesting. Have you seen that presale dominating more than just going right to the ICO, given the market conditions of all the ICO's? >> Yeah, I mean I think it depends, right. Some of our clients have existing businesses, right. Where this is very complimentary. The Blockchain network is complimentary to their existing business and, so, they may not need to have this big presale, right. Part of the presale could be two weeks before your general crowd sale. You have folks who kind of get in early. To me, that is not necessarily, I mean, it really depends, obviously, fact-specific, but that's a little big different that doing a, quote, presale agreement. Like a year before or six months before your token launch. That's a little bit different. >> Yeah, so also you brought up a good point. Existing businesses versus kind of like people who just need the cash to get going. >> Right. >> We're seeing a lot of companies that either have a successful business, like Kik and then Kik Kin Token was once example, we talk about all the time. The other one is pivots. We're seeing a lot of entrepreneurs take companies that were pivots, AKA, going out of business, where the token timing of a token in decentralized Blockchain actually is great for their business model. And they have to, essentially, go recap or do some securities, you know, resetting. That's your world, right? You got to get involved in those areas. >> Yeah, I mean, I think anything that has to do with kind of changing your capital structure, right, you should have your securities lawyer or your corporate lawyer involved. Because that'll obviously impact your securities law. You know, exemptions that you're taking, you know, typically from a private placement exemption, for most of our private company clients. >> Is there any new trends that are popping out of that kind of pivot or, wow, this is really, you know, I was out there, I got some funding from Y Combinator, or some sort of venture, and we're kind of just barely staying alive. This Blockchain could really accelerate, there's now momentum. Is there any trends that you see, from your work standpoint, where you have, that are happen, that are obvious new things that are coming out of this? Or is it a standard recap to cap table, normal corporate work? >> I think there is a tension, right, between doing a normal stock finance, preferred stock, or common stock financing that, you know, whatever you would typically do. Whether that's a convertible security or a convertible note. And then raising funds through a token sale. And so, from my perspective, it's obviously cleaner to do it the traditional way. Because you're not dealing with unclear SEC rules, right. It's very clear how you do a preferred stock financing. We do that every day. So to the extent that companies are in that position where they can choose, it's certainly cleaner to do it the traditional way. >> If you pull off an ICO, god bless you. It's certainly equity-free, tokens. There's no equity to token, if you're a utility token. >> Right. >> Okay, so I was reading about the Delaware, Delaware was allowing companies to use Blockchain. >> Mm hmm. >> This is right up your alley. So, they're not doing ICO's. So can you clarity the Delaware situation relative to Blockchain, cause they're using a Blockchain from a ledger standpoint, but it's not an ICO haven yet. So talk about the Delaware situation. >> Correct, so the Delaware amendments, which I believe are now approved, as of a couple of months ago, over the summer, essentially allow the cap table ledger to be on the Blockchain. So they're kind of ahead of everything, right. Because, you know. So, for like, for example, a few years ago, no one had uncertificated stock certificates. Everybody wanted the physical stock certificates. And now most companies, that we represent, >> They want digital. >> Exactly, digital, uncertificated stock certificates. But there is a ledger and there is a record of it. You just don't have the fancy paper with the pretty legend on it. So I think technology is moving and the law needs to as well. So part of that is Delaware kind of getting onboard. >> Delaware's got a great opportunity, they can nail the ICO's. Well, Mitzi, thanks for coming, I really appreciate it. Any other observations that you'd like, that you see in the market that you'd like to share? Take a minute to talk about what you're doing at Goodwin, as well. What's going on, what's happening? >> Yeah, I mean I think it's a really exciting time, we're really excited to be a part of it. It's cutting edge work. I think that there's a lot of, I guess, what I would call kind of your more traditional clients that we have, that we take calls from every day. Whether that's investment banks, or VC funds, private equity funds, or just our venture backed companies that are curious as to what is this all about. >> Yeah. >> So I think it's really exciting and I'm glad to be a part of it. I don't think that it is going to stop. I think that certainly there's likely to be more regulation about how you do one of these ICO's, one of these token generation events, you know, within the confines of the law. But I don't see it stopping. >> You don't see it stopping at all? >> No, I mean I think once there's more regulation, there'll be more clarity about how to do it. And how to do it within the confines of the law, which we try to do, obviously, you know, given that there's not a ton of clear guidance. But I think that, I think the ship has sailed. >> Yeah, well this is a great conversation here with Goodwin, formerly Goodwin Proctor, Mitzi Chang, partner, she's a securities attorney. We should call this show Billable Hours. Because we're getting some free legal opinions and conversations, thanks for coming on, appreciate it. >> Thanks for having me. >> Blockchain is hot, entrepreneurs are using it. All the top tier one entrepreneurs are looking at this. Great opportunity, similar with the Web One dato, the TC IP era of the internet, Blockchain. It's fundamental infrastructure for the future of decentralization, so. Great opportunities, causing lots of innovation. Check with your attorneys, obviously Goodwin, and a few others all doing great ICO's. Great potential fundraising, but also great business opportunities. Thanks again, appreciate it. >> Thank you. >> So Cube Conversations here, in Palo Alto, I'm John Furrier, thanks for watching. (electronic music)