from the Hard Rock Hotel in Las Vegas it's the cube recovering no joke on 2018 brought to you by Osho okay welcome back everyone we're here live here at hosts show con in Las Vegas the first security conference for blockchain its inaugural event and we're here with Gabriel Shepherd VP of strategy at Global Strike for host show they're the hosts of the event although it's an industry conference for the entire community all coming together Gabriel thanks for coming on and spend the time yeah thanks for having me thanks for you know supporting the event and we appreciate your team coming out and covering what we're trying to build here well we think it's super important now so you guys are doing a great service for the industry and stepping up and put in the event together and so props to you guys thank you this is not a hosts show sales like conference you guys aren't selling anything you're doing the service for the community so props to you guys in the team great stuff and we know this is a kernel of all the smartest people and its really an industry event so it shows in the session so appreciate that yes we think it's important because you know we see a lot of trends the queue has a unique advantage in how we cover hundreds of events and yeah so we get to go we see a horizontal observation space from the industry and when you have formation like this with the community this is important you guys have up leveled the conversation focused the conversation around blockchain where security is the top-level conversation that's it no I feel pitches right so for the folks watch and this is really one of those events where it's not a huge number of people here like the thousands and thousands of other blockchain shows that make money off events this is about community and around getting the conversations and having substantive conversations so great job so for the folks watching the content agenda is super awesome host show con-com you go browse it but give us some color commentary on some of the types of speakers here the diversity yeah I think I think the first thing that we wanted to accomplish was with Hojo Khan was we we wanted to put front and center the conversations that were not taking place at other events there are plenty of platforms and opportunities for companies early-stage companies to go pitch there are other great conference organizers that do events and have their own wheelhouse but what we wanted to do was put together a conference that was focused around a type of conference that we ourselves would want to attend as a cybersecurity firm and you know after traveling the world I mean you know you you and artesia spoke many times and hosho has sponsored quite a few events around the world after attending by the end of 2018 will attended something like a hundred plus events in some capacity and so it was clear to us early on that companies weren't our conferences weren't going to focus on security or at least put them on the main stage where I believed that they should be at least with all the hacks happening so what we wanted to do was bring together thought leadership with respect to security technical leadership with respect to developers and security engineers and we wanted to bridge those two what I mean by that is we wanted thought leadership that could get executives to start the non-technical people so start thinking about security in the larger format and how it's applicable to their company but what we also wanted to do is we wanted to connect these non-technical people with the technical people in an intimate setting where they could learn think about the brain power that we have in this hotel for hosho Khan you've got the minds of Andre Assante innopolis Diego's LDR of RSK Michael berkland of shape-shift josub Kuan of hosho we've got Ron stone from c4 you've got an on Prakash a world-class white hat bug bounty hunter consider what he's top-5 bug bounty hunter for our top top bug bounty hunter for Facebook five years in a row the the level of the calibre of technical talent in this building has the potential to solve problems that Enterprise has been trying to solve individually for years but those conversations don't take place in earnest with the non-technical people and so the idea behind hoshikawa was to bridge those to provide education that's what we're doing things like workshops sure we have keynotes and panels but we also have the ability to teach non-technical people how to enable two-factor authentication how to set up PGP for your email how to set up your hardware wallet these things aren't these conversations are not the bridge is a clearly established we interview people from on the compliance side all the way down to custodial services which again the diversity is not a group think events just giving them more props here because I think you guys did a great job worthy of promotion because you not only bridge the communities together you're bringing people in cross functionally colonizing and the asset test for me is simple the groupthink event is when everyone's kind of rah rah each other I know this conditions we got Andre is saying hey if you put database substitute database for blockchain and it reads well it's not a real revolutionary thing and oh all you custodian services you're screwed I mean so you have perspectives on both side that's right and there's contentious conversation that's right and that to me proves it and as well as the sessions are highly attended or we don't want it we don't want a panel of everybody in agreeance because we know that's not reality i mean that you you bring up the issue of curse of custody a prime example is we had a great talk a four-person panel led by Joe Kelly who's the CEO of Unchained Capital he had a panel with traditional equities custodian Paul pooi from edge wallet Joseph Kwon is the CEO of hosho and there was clear differences of opinion with respect to custody and it got a little contentious but isn't that the point yeah it's to have these conversations in earnest and let's put them out in the public on what's right and what's wrong for the community and let the community to decide the best way forward that's the best is exactly what you want to do I gotta ask you what are the big surprises for you what have you learned what's the big reveal for you that you've super surprised you or are things you expected what were some of the things that went on here yeah I think the biggest surprise to me was the positive feedback that we received you know I understand that we know people maybe looked at how shock on year one and said hosho like they're a cybersecurity firm what are they doing running a conference right but my background is a you know I've produced conferences I have a former employee of South by Southwest I believe a big an experience and so when we started to put this together we thought we knew we would make mistakes and we certainly made mistakes with respect to programming and schedule and just things that we had didn't think about attention to detail but we had plans far in that the mistakes were mitigated that they weren't exposed to the public right there behind the scenes fires that kind like a wedding or a party but no one actually really notices sure we put them out behind the scenes nobody that the our guests don't notice and that was my biggest concern I'm pleasantly surprised at the positive feedback we've yet to get any negative feedback publicly on Twitter telegram anecdotally individually people now they made just being nice to my face but I feel good about what the response that we've got it's been good vibes here so I gotta ask you well sure the DJ's were great last night good experience yeah experience and knowledge and and networking has been a theme to correct I lost him the networking dynamics I saw a lot of people I had I had ran to some people I met for the first time we've had great outreach that with the queue was integrated in people very friendly talked about the networking and that's been going on here yeah I mean this panels are great I'd love to hear from from panels and solo presentations but a lot of work gets done in the hallways and we have a saying in the conference business hallway hustlers right the ones that are hustling in the hallways are those early stage entrepreneurs or trying to close deals trying to figure out how to get in front of the right person serendipitously are at the bar at the same time as somebody they want to meet that is to me conference 101 that is the stuff I grew up on and so we wanted to make sure that we were encouraging those interactions through traffic flow so you'll notice that they're strategically the content rooms are strategically placed so that when you're changing rooms people are forced to cross interact with each other because they're forced to bump into each other and if you look at the programming we purposefully to our demise to be honest year one put a lot of programming that was conflicted with each other we made people make a decision about what talk they wanted to go to because there were two really compelling people at the same time or 10 minutes off yeah and so you had to make a decision vote with your feet you got to vote with your feet and and and from a conference perspective we call that FOMO right we want our guests to FOMO not because we want them to miss a particular talk but because we want them to be so overwhelmed with content and opportunity with networking that they when they walk away they've had a good experience they're fulfilled but they they think I got to go back here too because that thing I missed I'm not gonna miss this yeah we will point out to you guys made a good call on film all the session everything so everything's gonna be online we'll help guys do that yep so the video is gonna be available for everyone to look on demand you also had some good broadcast here we had a couple shows the cubes been here your mobile mention the DJs yeah yeah so good stuff so okay hallway conversations our lobby con as we call it when people hang up a lot on it's always good hallway con so what Gabriel in your mind as you walked around what was some of the hallway culture that you overheard and and that you thought were interesting and what hall would cartridges were you personally involved in the personal conversations I was involved with is why isn't somebody not this station why someone not Gardens but I will tell you i from what I heard from from conference attendees the conversations that I heard taking place were and I hope Jonathan doesn't mind but Jonathan Nelson from hack fund spoke on our main stage and I hope he doesn't mind me speaking out of turn but he came to me said this is one of the best run blockchain conferences I've ever been to and to have somebody like Jonathan say that who has done hundreds of talks and thousands was really meaningful but but what was more important is to talk to him and him feel comfortable enough to sit down with me and just talk generally that's the vibe we want for every attendant we want you to feel comfortable meeting with people in the hallway who you've never met and be vulnerable from a security perspective you know Michael Turpin for example sitting down and talking proactively about being the AT&T hack great these are opportunities for people to really talk about what's happened and be vulnerable and have the opportunity to educate us all how to get better as an industry you know the other thing I want to get your thoughts on is obviously the program's been phenomenal in the content side thank you but community is really important to us we're of a community model to q you guys care about the community aspect of this and as a real event you want to have an ongoing year after year and hopefully it'll get bigger I think it will basically our results we're seeing talk about the community impact because what you're really talking about there is community that's right well I mean Vegas we talk about there's multiple communities right regionally post-show is a Vegas based company we're born here we close I think forty some employees all based here in Las Vegas which is our home so the first thing that we did with respect to community as we created a local local price if you're a Nevada resident we didn't want you to have to invest a significant amount of money to come to something in your own town the second thing we did is we've invited the local Vegas Bitcoin meet up in aetherium meet ups to come and partake and not only participate but contribute to the content and opening day in fact there was so much influx of people from those meetups it wasn't official it wasn't like a program where we had actually a VTEC set up I thought I was gonna be like a meet-up there were so many people that attended we had to on the fly provide AV because we were overwhelmed with the amount of people that showed up so that's a regional community but with respect to the community from blockchain community what we wanted to do is make sure we brought people of all ethnicities all countries we have 26 countries represented in the first blockchain security conference and you had some big-name celebrities here yeah Neil Kittleson Max Keiser you go mama Anan Prakash Yakov Prensky a layer from your side pop popcorn kochenko has some big names yeah I'll see andreas yes here keynoting yeah I'm Michel parkland andreas Diego Zaldivar I mean these lena katina Viren OVA I mean these are big names yeah these big names okay what so so what's your takeaway of you as you know my takeaway is that there's a there's a yearning for this type of event my takeaway is that we're doing something right we have the luxury as hosho and that we're not an events company people think that might be a disadvantage to run a confident you're not a cotton vent company I think it's an advantage yeah because it holds my feet to the fire yeah much closer than an event organiser who doesn't have a company reputation and brand to protect hosho as you know has a good brand in the cybersecurity world with respect to blockchain we don't have the luxury of throwing a poor event giving you a bad experience because that would tarnish house of but also your in the community so you're gonna have direct feedback that's right the other thing too I will say I'm gonna go to a lot of events and there are people who are in the business of doing events and they have a profit motive that's right so they'll know lanyards are all monetize everything is monetized yeah and that sometimes takes away from the community aspect correct and I think you guys did a good job of you know not being profligate on the events you want to yeah a little bit of cash but you didn't / yeah / focus on money-making finding people right for the cash you really needed about the content yeah and the experience for and with the community and I think that's a formula that people want yeah I would like to see the model I would like to see the model changed over time if I'm being honest a majority of crypto conferences today are paid to play so a lot of the content you're getting this sponsored so I'm okay with that but I think it should be delineated between con disclose your disclosure you don't want water down the country but but the conference circuit and crypto is not ready for that it hasn't rest in my opinion hasn't reached that level of maturation yet like I told you I I'm a former South by Southwest guy that like my belief is you create the content and the sponsors will come I don't I don't begrudge conference organizers for for for sponsoring out events because they're really really expensive a cost per attend to manage demand to this hype out there yeah hundreds of dollars per attendee I get it I understand why they do it but what I would like to see is the model change over time whereas as we get more sophisticated as a technology space we should also grow as a vent and conference circuit as well what I mean by that is let's change the model that eventually someday it's free for all attendees to come and those conferences and the costs associated with them are subsidized by companies that want access to the people that are tending them it sounds like an upstream open source project sure how open source became so popular you don't screw with the upstream yep but you have downstream opportunities so if you create a nice upstream model yep that's the cube philosophy as well we totally agree with you and I think you guys are onto something pioneering with the event I think you're motivated to do it the community needs it yeah I think that's ultimately the self governing aspect of it I think you're off to something really good co-creation yeah I'll see we believe in that and the results speak for themselves congratulations thank you so much I appreciate you guys coming here and investing your time and I hope that all our staff has been accommodated and the hard rock is treated you well you guys been great very friendly but I think again you know outside of you guys is a great company and great brand and you guys and speaks for itself and the results this is an important event I agreed because of the timing because of this focus its crypto its crypto revolution its cybersecurity and FinTech all kind of coming together through huge global demand I mean we haven't gotten into IOT and supply chain yeah all the hacks going on with China and these things being reported this is serious business is a lot on the line a lot and you guys having a clear focus on that is really a service business Thank You staff doing it alright our cube coverage here in Las Vegas for host Joe Kahn this is the first conference of its kind where security is front and center it is the conference for security and blockchain bringing the worlds together building the bridges and building the community bridges as well we love that that's our belief as well as the cube coverage here in Vegas tigress more after this short break

from the Hard Rock Hotel in Las Vegas it's the cube covering no joke on 2018 brought to you by osho everyone welcome back to our live coverage here in Las Vegas for Osho Khan's first industry security conference dedicated to security in the blockchain it's presented by ho show and also the industry it's an industry conference it's not necessarily a host show cause I'm John Ford's the cue for our coverage our next guest is Kenzie Crone and vice president of business development prime trust welcome to the cube thanks for joining us thanks for having me here so crowdsourcing and crowdfunding all this has been a big part of it I mean terrorists are funding through Bitcoin you've got all kinds of things going on in entrepreneurial spaces so it's clearly the money's flowing with with with crypto what do you guys do if we're getting into some of the things that we want to talk about what is prime trust to take a minute to explain your business business model value proposition absolutely so prime trust is a trust company so it's a regulated financial institution that holds funds between transactions between businesses you could also use prime trust to created a trust account for an individual as well so what our value is in this industry is that we hold crypto assets which very few qualified custodians like us exist to do that so that's a really important part of bringing in institutional funding because institutions are looking for qualified custodians as a regulated place to keep funds and they want to get into crypto so it's a it's a very important part of the puzzle so custody and custodial service has been a big topic here at O joke on controversial on the keynotes as well because you know the purists will say hey like Andreas why don't we need custody if it's working it's just it's the same old guard with new faces new business cards it's not really revolutionary and that's on one answer on the other inspection is there's so much growth in activity we've got a trusted partners to actually help us manage the risk and do these things so you have again two spectrums what's the story what should people understand about these two dynamics well what I think yeah what I think the key note you're talking about the the idea is we are just trading one type of banker for another type of banker right that's happening anyway so you are you're trading one type of financial system for another type of financial system the question is what does that look like and how can we be secure and safe in that space right personally I'm a big fan of anything that requires some kind of a license right and it's not because I think it's really fun to go through the bureaucratic process of getting a license or filling out paperwork but it's really because that once you have a license that license can be taken away from you if you misbehave right and that's really important so if you're following the laws that are set forth that are designed to protect people and then you break those laws then you're not you're not allowed to do that anymore right so that's what you get out of having regulation involved in this space is its protection and it's making sure that they're really by the way the regulation is happening anyway so that's another the regulation is happening anyway and that's why these very smart people who are managing billions of dollars are looking for that they're not saying oh cool you have a website that with technology that I don't understand you're telling me that you can safely hold something but there's no other protection there there's no liability you could just mount GOx me right and so there's got to be a way to get some sort of some sort of regulation in there and I know there's a lot of opinions in the space and obviously I'm very much on the side of regulation yeah and it also made some balance within the day those are polarized positions but I think the industry recognizes growth by recognizing the domicile problem of companies and governments so the question is you know really than a licenses legitimacy is people want legitimacy trust and growth yes at the same time but the other side says is hey you know who are those people making the laws so who's taking what away so again this is the ecosystem will solve these problems in my opinion and I believe that you know as much as I love the purist view and I think this architectural technical things that make that happen the end of the day is the self-governance of the community really is is what me happen here and so that's where the growth comes in because if real money is coming in to the sector you got to have parties that are trusted it's my opinion all right so what do you think about the conference here what's your take away so far I'll see its kind of diverse background you got you know people walking around with colorful costumes too you know buttoned up bankers and FBI agents and NSA agency folks yes we're in a really funny time in this space I think because you still have yet the Bitcoin garb and the like you know the flashing glasses and and then you've got people who spent 20 years on Wall Street and now they're in the space so I've seen that actually a lot lately in the last year at these conferences and it's very interesting I love when both sides can come in with an open mind to the other because you think there's something to be learned on both sides absolutely it's so for the people who have been in the traditional regulated space they are getting all this inspiration and the possibility of doing things differently the system that the financial system that we have now is one it's essentially you know a very old house that's just been added on to and built and there's corridors going into stairways that you know don't go anywhere right and that's that's something that needs to be fixed and and it is being fixed well Security's a driver in all this and I think one of the things I've observed you'd love to get your reaction to is you have the crypto world that's certainly changing a lot of in dynamics on the global scale you have a cyber security and then you have fin tech so you guys this is where everything I think is a melting pot which is interesting you have all these things happening but at the center of all this is security absolutely it's almost like we're all swimming out to the to the raft and whoever gets there first and wins a security model wins at all well I thought I think well I think this the conversations all threads through security so the cyber conversations we've had are like okay Cyrus security for individuals and nation-states crypto currency for protection and freedom and and you know in immutability Ledger's almost great supply-chain aspects and then you get the FinTech which is like hey people want to do business so you have the entire changeover on the financial services side all kind of happening yeah yeah I think that they're all gonna be contributing to a solution it's it's each one is going to learn we're really open-minded at prime trust we want to build and grow we know that this we're in the most embryonic stage of this and so we don't know exactly what's gonna come next or what's going to be down the road and we want to be informed by everybody that's around us at a place that makes sense do you have to work with with the industries so take me through I want to ask you a question about your job so we'll take me through the day in the life of what's going on in prime chess what are some of the things that you guys do customers and what are they asking for what's like what's the some of the issues you guys are solving what did some of the dynamics can you share some color around that sure so our main services are so we are a trust company so we do escrow services and we do compliance on all of the escrow that comes through our ICS and stos that come through so that's a ml and kyc that's really important what distinguishes us I think is a real a real game changer for our customers is that we're really a technology company and we have API stocks that allow for companies to build their businesses on top of integration so that they have customers coming in and making accounts on their their their website their dashboard their platform and that's all feeding directly and they're actually making an account so you're building your you're targeting folks saying hey we'll take care of the heavy lifting on kyc ma ml and all the stuff that needs to happens that's heavy lifting that's around DoDEA services custodial service all comes through you yes so it comes in we can hold it we can review it you're not having asset managers also holding funds which is a problem so you're not needing to touch the funds at all you can just you can just do you at you're trying to do in this space and we'll take care of that aspect that's entrepreneurial side that's the stos and the IC knows what's the alternative for the your customer build their own go with unknown shop of their other so what so if I if it's a great service sounds like a great service and takes a lot of pressure off the build out of a opportunity what's the alternative if someone doesn't go with you well there's a few I mean it's to hold your own funds right figure that out on your own in the case of many different types of funds and businesses their boards are not okay with that because it's it's too much risk and liability so in many cases the alternative is don't do it yet just keep watching and waiting and wanting to be in crypto but you can't yet so and when we're seeing that a lot that there's like a sigh of relief when we finally have this conversation and it turns out it's extremely easy to make an account with us and suddenly that major roadblock is just gone so that's what that's the career opportunity takes the risk off the table little bit and accelerates the opportunity when the sec bomb decrypt yesterday was reporting that the sec in the united states is actually going into IC OS and having them return their money because of of course they are like well of course they are that makes sense that's they were always going to do that just because they make a statement and slowly decide how to act because look last july is when they said we're going to do this and most of the crypto community said you can't because we really don't want you to and we are gonna tell ourselves all these excuses for why it's not possible for the US government to actually pursue this and why they won't really do it because they're dinosaurs and that's just not how the government works so the way the government does work is that they everything takes a long time and it's all thought through and there are a million different approval processes within the system and they don't tell you anything until they're really ready to stand by whatever same and they make so they leave you in the dark for eight months a year whatever well you guys have a good opportunity so I had to ask the question what's the business model how does someone engage with you guys sounds likely to go in and create an account is there a fee involved what's the fee can you share the engagement that somewhere would would engage with you young sure so they can visit our website which is prime trust com they can email me at Kinsey at prime trust pretty easy and we have different pricing for escort services versus custodial services and we actually pay interest on any Fiat that we held in custody and we charge a monthly basis point fee based on how much is in in custody with us and where's you guys located was the company located headquarters this here in Nevada in Las Vegas I'm based out of Los Angeles we've got some team members in San Francisco in New York as well that's awesome so it's a question how did you get into the space what's your story I got into the space I started out an equity crowdfunding so I was working with companies that were raising capital under A+ reg D and reg CF and I was in the trenches with them figuring out from like the very earliest days how what the laws were gonna look like you know launching companies the day the regulations came out barking into effect and then sort of working through that so it's been an adventure on that side and then my first experience in crypto was at an at a meet up in Santa Monica where companies were talking about raising 40 million dollars in ten seconds and that and they were also pitching in methods like I knew were not legal so it was it's kind of just dropping to me well one was how did you manage to get that many people to want to invest in you so quickly because it's a struggle for for many companies and then so that's amazing I want to learn more about that and then also did you know that there's a more legal way to do this and that you're putting yourself at a lot of risk so that made me really want to jump in and figure this out so you got totally intoxicated by the Wild West yeah there's a problem they gotta be solved in there it's kind of fun at the same time because you know all those those days are over thankfully so because you know it should be it should be more legitimize and it is getting there I think security tokens are a good sign that people are moving border security tokens at least in the u.s. the legal firms the service providers are starting to get hold up on some of the new things and that's good still expensive to run the run the process it's like own public almost as a start-up it's almost ridiculous and I kinda had the same view we're the gaps in your opinion so you now look at the crowdfunding which has been great you see all that stuff happening as essentially as a decentralized you know efficiency around disrupting venture capital and other fundraising which is great where are the gaps in your mind from a service provider standpoint from an ecosystem where's the to-do items what needs to get done faster where are the gaps I think everybody's building out their technology to make everything easier currently there's a lot that's done manually or just to manually and needs to be more automated and then I think there's also a lot of education on both sides that needs to be done that's that's I think a huge gap there's a tendency to create echo chambers and so you end up talking with people who just won't even consider the other side of it with the possibility for change in whichever area they're in and that is I think we are gonna see that come together but that tends to hold people back because you thanks for coming on and sharing your insights great to have you on the cube and good luck with prime trust thank you okay this is a cube live coverage here at hosts show con I'm John furrow your stay with us more live coverage after the short break

from the Hard Rock Hotel in Las Vegas it's the queue recovering the Hojo Kahn 2018 to you by Osho hello everyone welcome back to the cubes exclusive coverage here live in Las Vegas for the first ever security conference around blockchains called Osho con it's put on by host show and industry participants small but intimate and the smartest people in in the industry kind of coming together trying to solve and understand the future for security as it relates to blockchain I'm John furrow your host of the cube next guys anneal keelson who's the CEO of encrypt formerly the NSA's variety experience with security across the board from early days many waves of technology innovation had a panel here talking about you know securing the blockchain and the nuclear codes some basically implying that do you know if you had to secure it the nuclear it's welcome to the cube well thanks thanks John it's great to talk to you um that's exactly it right so the blockchain is is meant to really provide high assurance for a lot of really big transactions right so the internet evolved over time to to hold information to to share information who has ever meant to conduct transactions now we do a lot of e-commerce commerce on it but it wasn't meant to be unchanging right but the blockchain is it said that so the idea is is if we lose control of that if we don't secure it in a way that we can protect our most important digital assets and it's not good enough for anything and so that's why I compared it to you know what would it take to secure something like the nuclear launch codes on it clearly we wouldn't you know there's no reason to but some mindset it's my shift shared focus on okay think that level of impact absolutely money right these people are putting you know it doesn't matter whether you're you're 16 and you're putting your only 500 dollars in crypto or whether you're an institutional investor with five hundred million dollars in it right that that's catastrophic if you lose it right and yet we don't always treat it that way we haven't made the systems easy enough to use for the general user right yeah so we talked about adoption right I mean let's let's talk so if you don't mind let's talk about adoption Yeah right that's why we're here is we're trying to figure out what's it gonna take to get to the next billion users and crypto well it has to be easy and we don't make it easy today in a secure enough way it has to be baked in from the beginning can't be like okay I built an app I built some architecture do some blockchain well by the way security is really hard because we have to make it so complex right for users because it's complex in general right if we build the app first and we get it deployed to say even 50,000 people and then we go back and say you know what we need to build this tree it's more expensive right it's harder to do it's a lays deployment and it confuses users because now they're changing the way that they're interactive let's talk about the adoption in context to architecture it's one of the things that we've been covering certainly the cube folks know in our audience cloud computing has changed the architecture of how people deploy IT and technologies get DevOps horizontally scalable you've had a lot experience over the years and generations of computing evolving through the trend lines here the architecture is interesting so if you think about the architecture of security and blotching in general the security paradigm has to be compatible with a new architecture so it's kind of a moving train at multiple levels so what is the preferred architecture what are some of the blockchain architects and or if you're gonna have token economics you have to have certain business model and our workflows that ties into the technology enablement how should people think about an architectural view to make the adoption or user interface or user experience or where the expectation is kind of new has it all come together so I'm challenging people to think about it differently right so so the blockchain in itself is really pretty secure right it creates an immutable ledger a mutable record where we're going to get in trouble and where we do get in trouble is when you start to transact with it right where you start to actually use a device right whether it's your own phone or it's a computer right you're transacting with it and people don't have the security mechanisms built in there you know and it goes back to what we've talked about for the last 20 years whether it was with the trust computing group the global platform right they've designed the standards so you've got probably in this PC you've got the waltz I guess it's a MacBook Cermak yes yes and your phone right in most computers you've got the security primitives that you need to use hardware to secure those transactions but we're not using them yeah we've been waiting for that kind of killer app to use hardware to secure transactions and blockchain might just be that it's talked about the hard work is doesn't that conversation of kids coming up a lot here in the hallways I was the custodial services today these are two kind of the the business conversation that converts them to technology which is okay hardware is actually a good time to actually implement this Google's doing a lot of stuff with their two-factor authentication with a hardware component you hear Stephan spray get rivets talking about a solution he has it is it the time it's like the perfect storm for just a simple hardware solution I think it is and it and you're right it has to be simple right hardware solutions can get complex we can make them too difficult to use but they don't have to be we like I said we have the firm that was built into most these devices I mean in the billions of devices yeah if you thought to Steven you've heard him talking about the number of devices that are there carrying the primitives he needs needs to use for his his hardware um but if we don't make it simple enough then users won't adopt if they won't use it you know have you used a hardware wallet I'm sure you probably have it yet right it's it's not a simple process today because it requires external pieces external components it's it's it's not a workflow that we understand it's not something we can train to and grown up with it's interesting when I was also talking to Steve off-camera because he had the interviews over but we're talking about the supply chain compromise honestly Bloomberg kind of had the story they had the facts wrong but we kind of understand that that's this hack has been out there for a while around modifying and or a rootkit on the boards you have an brach cat Adam demo live demo on stage and 2015 where they actually showed malware that could not be removed from from memory so I mean it's not this is not new right so but the supply chain has always been and you've been the government you got to know where all the components are right so the old days oh hey outsourced manufacture in China build it the cheapest way possible commodity and D Ram was went down this rip path years and years ago and Japan dominated that and it was low commodity low margin or high Kimani low margin and then Pentium comes out so you're starting to see that hardware supply chain changing what's different now what do people got to do to make sure that the hardware is better what's your opinion on that I don't know if it needs to be better but wouldn't what we need to know is is where the hard work came from we need to know that the hardware is what we expected it to be right that's a really unique question you know we all buy Hardware all the time and you just expect it if it came from vendor that it's what you expected and and and let's talk about something even simpler it's not talking about maliciousness most computers you buy are built to order today right you order you order all the different components yet when you get that at home you don't check to make sure you got the actual RAM that you asked for you have no idea none of us do that right and and likely the vendor doesn't really have a great record to know that absolutely they put in there what you specifically wanted now they intend to write but there's no there's a lot of room in that for changes to be made that aren't expected I guess that for good or bad from malicious or non malicious intent so what that means is that we really need to get used to saying you know what I got this new piece of hardware I got to conduct transactions with that are really critical to my financial survival my my personal privacy and we can't trust them until we know we should be able to trust them so that's where hard work comes into play what sort of trans you're seeing in the hallway conversations you had here and your talk I see people grab you after and talk to you two hallways what are some of the hallway conversations that you've been having here at Osho con I you know the most common question has been how do you convince people that security is important I mean that which is a really really basic way and you know right now life just point them to to news after news article you know to say you know you've got the hardware were reported tax yeah you've got the privacy attacks with with a lot of social media and and and internet companies um if summary this today doesn't believe that security is important I don't know you'll have to convince them so then it becomes a question of how do you get them to adopt it and you know getting getting your your family members to adopt two-factor authentication when it's not as as easy as not adopting it yeah it's sometimes a hard place yeah one things I worry about just kind of just because I'm paranoid sometimes is that yeah what is going on in my with my kids I got four kids 16 to 23 you know I got a Wi-Fi in my house they've got a password on it I'm sure it's been hacked but they're downloading music what the movies I don't know what they're doing at gaming mean there's a service area in my house is pretty much who knows what's going on right I don't even know what's going on in my network this is kind of this in my mind will paranoid but that's what average people think about these days it's like okay I got my own home network at these things going on I'm out in the wild is it a device centric security model that we're moving to do you see it where you know hey my phone you know I don't I know when I leave my phone at home and it takes me three seconds to realize I got to turn the car right so yeah and I leave my wallet at the restaurant when I'm done my meal so these are kind of device centric philosophy is that a better direction you think so I don't know that you can yes and no right for the personal devices but now you know if you go to most networks right with IOT you may have 40 or 50 devices on your network yeah things that don't move you know you may have a light bulb that's got a key to it right it's really about making sure that you own it and then you own the keys I mean that's what it okay that's what security all comes down to you right is key ownership so when you take a look at how you do that we need the systems in place that help us understand where those keys are what they're doing and how we how we cut them off if we need to that's awesome well I was I want to get into what your company's doing but I also wanna I talked about trip I had Middle East general Keith Alexander was with us on at with Amazon almost new region I know you worked with him at the NSA and you know one of the things he's doing at his new startup is a crowdsourcing we're hearing some of that in here as well where people are using crowdsourcing as a way of the security mechanism is that something that you think is viable do you think that this crowd sourcing idea is gonna be helpful or it's just a small piece of the puzzle I think it's I think it's a small piece of the puzzle I think it's the opposite end of the spectrum then a device centric hardware component I think it takes both pieces right it's a matter of making sure you you you know what you have and they use only what you trust and that you're able to connect to the network in a way that you're comfortable and then that crowdsource piece comes in to make sure that you're monitoring kind of all those transactions so so you're a big believer I'm assuming based on the conversation that hardware and software combination is gonna be the preferred user interface I think work it has to be I think we've proven that over the last 20 years I mean cell phones are a good example of that yeah right although we do get some spoofing today and that's been a big talker this cost it's not as prevalent as it was in 1994 yeah yeah I mean I like the idea too of we mean hey if we have we want to know what's in my computer I'd love to go look at a blockchain ledger and say here's what's in my Mac right now wouldn't you that's a good use case of blockchain but but what if you didn't even have to go look at it right what if every time you booted it up it checked it against a a record that was on the blockchain that said you know this is what your Mac should look like and it said you know what you can go ahead and connect to the internet go ahead and conduct that transaction that's the great Act go ahead and that's a great use case all right so what encrypt your company what do you guys doing what's the main focus of your opportunity that you're pursuing so we formed it in May of this year to focus on blockchain security when I left the agency I realized there was this really big gap in the conversation people are having around it I think it's a transformational technology as a skills gap technology gap all the above what are you saying it's both right you've got computer science graduates that come out without a good understanding of hardware security you know it's not being taught in most curriculums it's a it's a it's a general understanding of how to apply the hardware against it it's a general under Sun derp standing of what you can trust right yeah we've got generate a generation now that have grown up with with iPhones in their hands they just assume it's it's okay to use it's just thing you mentioned the computer science programs but I would agree interview started in the 80s so we had to learn computer architectures EE class actually right and you know as gates and all that you know the hard core component stuff as well as coding systems a systems kind of programming model now it's a little bit different more diverse it'll ease a lot of you know new opportunities within computer science so it's broad and certainly in a skill gap that's what comes up a lot we hear obviously more cyber security jobs are open and ever before automation is a term that's been coming known in the cloud business where you starting to see that now a security host shows got this automation component that they're adding in for tooling is the tooling and for developers who actually building stuff out there's it early innings how would you put the progress of some of the tooling that that's reliable I mean this is you know you still got people trying to build products and companies I need help what's the status in your mind the ecosystem around platforms and tooling and open source so over the last ten years there's been a great push to to create better tools I'm a lot of it was done in the open source a lot of those done around Linux because it work Windows honestly Microsoft has done a great job in getting secure boot implemented on every on every PC they supply you know Apple does a great job with their boot security but it they're not making available and mobile is probably the worst example right that the TE the trusted execution environment which is the secure space in a mobile phone isn't open for most developers to access right so you know that hardware component isn't there it's not available so yeah I know I always get this updates when I go to China Hey Apple has an update for you it's like the download mmm is this really Apple right I mean no turn off my iPhone right I mean but this is kind of the the interception of you know the the the fraudulent some of the some of malicious things are going on and that that still is concern but I think generally speaking you got entrepreneurs here not noticed at this conference and some of the earlier investor conferences we've been to there's a ton of alpha entrepreneur activity real smart people trying to build durable technology and solutions this is the main focus so it's kind of like and the capital Mars as we know is pretty much in the toilet right now but you know it's still growth and so we're trying to unpack that what's your opinion on entrepreneurship because it every trough is always an OP tick and we'll probably see some growth and those company that survive and thrive will probably be the leaders right what are you seeing what's your opinion of the landscape event ventures out there so so the crypto markets been really interesting it's all been focused on consumer and crypto there's there and even on the floor today there's a big push into the enterprise market for blockchain and deployments you know Simba is a company that's got a great toolset here today you had to help see how big enterprises understand how to deploy smart contracts into a blockchain in the enterprise you know to me the exciting part is the use case is outside of cryptocurrency and tokens the blockchain brings two to the marketplace I think that's where we'll see the next wave entrepreneurship I'm coming to fundraise that on stage at a comments like hey you know when one of the Q&A sessions substance you think your best proposal and substitute database with blockchain if it means the same is probably not Neri absolutely I'm teasing out essentially that the you know the old guard being replaced with the new guard same same models two new faces you know taking over the industries that not only mean changing them so to speak and security kind of hence to the same way where if you're going to have a distributed and decentralized architecture with IOT with all these things connected with digital assets and digital devices this crews gonna be thought differently what's what's your current take on how to tackle that that world I mean is there a certain approach you found so so so there's I'm not sure going to answer your actual question but but there's there's this really interesting debate like you said aundrea said you know if you can replace database with with blockchain is probably not the right fit and a lot of early crypto adopters have made that argument jimmy song says that publicly all the time right there's no place for blockchain in the enterprise essentially right and and you know you can you can swing both ways but the blockchain offers something to to an enterprise that doesn't require the distribution it offers the ability to create immutability right now the inability to change that record which we don't have in most cases today yeah you know and it's fairly simple and easy to deploy and are not for smart contracts so if we go back to the the use case we talked about where every time a machine boots up and it creates a record of that machine and writes it we've never had that capability we've tried we you know when I was at the agency we built a system that sort of did that but it didn't have the same sort of underlying strength of mechanism yeah it would allow us to trust it forensic way almost you know I interviewed Jimmy song and to have consensus event and you know I don't necessarily agree with him on that point it's like I think there's use cases in the enterprise that actually make blockchain very viable and it's almost like the cloud world you have public and private hybrid coming I mean so that's kind of my take on it and because it's interesting me iBM has been advertising heavily and others are looking at supply chain is low-hanging fruit opportunities right let me talk about the computer and supply chain so supply chain is a chain it's with valued change right than value chains now are changing so you can track it in a way that's efficient that's why wouldn't that be a use case so that's kind of mind dude do you agree with that absolutely I mean I think the distributed nature for a crypto makes a lot of sense but the blockchain in a non distributed manner right in a permission to blockchain makes a lot of sense for a lot of different use cases in big organizations I I agree I've talked to different different people that have just tried to replace databases with blockchain because it sounded cool yeah raising money or want to get some attention get some momentum I want to ask you a question on your new venture and Cripps because you talk to a lot of folks out there you certainly you're historic and pedigree is amazing and security and you've seen a lot of things I'm sure what have you learn what's your observation what's the the learnings that you can take away and share from your conversations is there any patterns that you're seeing emerging that's that's that could help people either navigate understand orientate towards something that they might want to use with the what have you learned so I think the biggest thing I've learned is that this community is the most diverse community I've ever worked with in in technology right you've got people from all walks of life and it's absolutely amazing I mean just walking around the show here walking around consensus I mean it just drives diversity like you've never seen before in tech conferences and that diversity is his driven a thirst for knowledge so the people are completely open to to discussions about security that they've never had before in other realms right so when I talked to him about Harbor based security they get excited and want to learn more and and honestly in the PC community over the last 15 years I got a little pushback on that right there's a while we've heard about that we don't want to right it works the way it is people here realize they're building something brand-new yeah and it's time to build it right and that they really want this to succeed for their own reasons right whether it's a corporate enterprise or whether it's a almost a crypto anarchist right they've all got the same sorts of goals and it's and if there's a cultural thing to I think the Bitcoin money aspect of it pretty much anyone on the age of three that I kind of take a straw poll on it's like they all this is gonna change the world like rabbit knows but it's great right oh I actually heard that in the hallway earlier yes and then the phone just traveling somebody that never heard of Bitcoin how does get a revolution coming on I want to ask you a final question five years where are we in your mind shoot the arrow forward what's happening in five years how does this these dots connect in next couple years or so so I think that if we were able to lay in the groundwork today to make user accessibility to the blockchain easy enough and secure enough I think you'll see that it grows in ways that we that we really can't imagine right you know I can't predict the crypto markets but I think you'll see people starting to use tokens in different ways and I think there's some incredible use cases for tokenization for rewards programs things like that I think enterprises in the next five years are gonna start to figure out what use cases make sense I think they're gonna see great efficiency I think they'll see you know much greater scalability and ease of use the use cases really are gonna be driving all this absolutely well I want to final question since just popped in my head I want to get this out there one trend I'm hearing here at this conference and seeing it kind of boil in into this community is the conversation not just about cryptography and and security cyber security on a global scales now come in because of the hacks gives the nation-states because of the geopolitical landscape you know cyber security is a big conversation now but always probably in the wheelhouse a lot of these guys but a lot of these guys are also kind of adjacent involved with cybersecurity your view of the impact the cybersecurity pressure is gonna have on the industry this industry so I think that that you're hearing the conversation because suddenly security became really really important to people personally right in the past if if you lost money with your bank account it was refunded to you now if somebody steals your private key you're out whatever money was attached to that private key recourse right so it's very personal so people have started to think about all the different things that they need to do to really protect those keys I mean it's it's it's almost an organic conversation that we've been trying to drive for you know 40 years in the space yeah and one of things I worry about is the whole regulatory dry aspect is because it can be a driver or an enabler and a driver or it could be dampening innovation and that's always something to watch out for I think there's a Senate discussion today about it I think there's some great work going on in that space both its senior levels in the Congress as well as the regulatory commissions but it's going to take a lot of Education there's a lot of fear around this space well thanks for come on looking forward to having more conversation with you great to have you on the cube and sharing your insight give a quick plug for n Crypt what do you guys doing what's the update status of the company how do people get ahold of you why do they why should they call you what's what's the update well so like I said we formed in May we've we've grown faster than we would have expected to because there's a thirst for the sorts of things that we're doing them we're we're always happy to talk to talk to any enterprise or a consumer about the use cases around the products that they have how did it fit into the blockchain environment and how to do it securely properly so encrypt calm and kr ypt die here in Maryland we're in Maryland DC area so cool great absolutely basic appreciated live from Toshio con us two cubes coverage of the first security conference John for you watching the Q stay with us for more coverage after this short break

(Upbeat music) >> From the Hard Rock hotel in Las Vegas, its theCUBE! Covering the Hosho Con 2018, brought to you by Hosho. >> Okay, welcome back every one, this is theCUBE's exclusive coverage here live in Las Vegas for Hosho Con, the first inaugural event where security and block chain conferences is happening, it's the first of its kind where practitioners and experts get together to talk about the future, and solve some of the problems in massive growth coming they got a lot of them. Its good new and bad news but I guess the most important thing is security again, the first time ever security conference has been dedicated to all the top shelf conversations that need to be had and the news here are covering. Our next guest Greg Pinn who's the head of strategy and products for iComply Investor Services. Great to have you thanks for joining us. >> Very nice to be here >> So, we were just talking before we came on camera about you know all the kind of new things that are emerging with compliance and all these kind of in between your toes details and nuances and trip wires that have been solved in the traditional commercial world, that have gotten quite boring if you will, boring's good, boring means it works. It's a system. But the new model with Block Chain and Token Economics is, whole new models. >> Yeah I think what's so exciting about this is that in the Fiat world, from the traditional financial market, everyone is so entrenched in what they've been doing for 20, 30, 40 years. And the costs are enormous. And Block Chain, Crypto coming in now is like we don't have to do it that way. We have to do compliance. Compliance matters, it's important and it's your legal obligation. But you don't have to do it in the same sort of very expensive, very human way that people have been doing it in the past. >> And Cloud Computing, DevOps model of software proved that automations a wonderful thing >> Right >> So now you have automation and you have potentially AI opportunities to automate things. >> And what we've seen is huge increases in technology, in around machine learning and clustering of data, to eliminate a lot of the human process of doing AML, KYC verification, and that's driving down costs significantly. We can take advantage of that in the Crypto Space because we don't have thousands of people and millions of millions of dollars of infrastructure that we've built up, we're starting fresh, we can learn from the past and throw away all the stuff that doesn't work, or isn't needed anymore. >> Alright let's talk about the emerging state of regulation in the Block Chain community and industry. Where are we? What's the current state of the union? If you had to describe the progress bar you know with zero meaning negative to ten being it's working, where are we? What is the state of >> I think if you'd asked me a year ago I think negative would've been the answer. A year ago there was still a big fight in Crypto about do we even want to be part of Compliance, we don't want to have any involvement in that. Because it was still that sort of, Crypto goes beyond global borders, it goes beyond any of that. What's happened now is people have realized, it doesn't matter if you're dealing in Crypto Currency or traditional currency, or donkeys or mules or computers or whatever, if you're trading goods for value, that falls under Regulatory Landscape and that's what we're hearing from the SCC, from FinCEN, from all the regulators. It's not the form it's the function. So if you've got a security token, that's a security, whether you want it to be or not. You can call it whatever you want, but you're still going to be regulated just like a security. >> And I think most entrepreneurs welcome clarity. People want clarity, they don't want to have to be zigging when they should be zagging. And this is where we see domicile problem. Today it's Malta, tomorrow it's Bermuda. Where is it? I mean no one knows it's a moving train, the big countries have to get this right. >> A hundred percent. And beyond that what we're seeing, what's very, very frustrating for a market as global as this is it's not just country-level jurisdiction, the US you've got State-level jurisdiction as well. Makes it very, very hard when you're running a global business if you're an exchange, if you're any sort of global, with a global client reach. Managing that regulation is very, very difficult. >> You know I interviewed Grant Fondo who's with Goodwin Law Firm, Goodwin Proctor they call it Goodwin now, he's a regulatory guy, and they've been very on the right side of this whole SCC thing in the US. But it points to the issue at hand which is there's a set of people in the communities, that are there to be service providers. Law Firms, Tax, Accounting, Compliance. Then you got technology regulation. Not just financial you have GDPR, it's a nightmare! So okay, do we even need GDPR with Block Chain? So again you have this framework of this growth of internet society, now overlaid to a technical shift. That's going to impact not only technology standards and regulations but the business side of it where you have these needed service providers. Which is automated? Which isn't automated? What's your take on all of this? >> I agree with you a hundred percent, and I think what's helpful is to take a step back and realize while compliance is expensive and a pain and a distraction for a lot of businesses. The end of the day it saves people's lives. And this is what, just like if someone was shooting a gun as you were running down the street, in your house, you're going to call the police, that is what financial institutions are doing to save these industries and individuals that are impacted by this. A lot of it from a Crypto Currency perspective, we have a responsibility because so much of what the average person perception is, is Ross Ulbricht and Silk Road. And we have to dig our way out of that sort of mentality of Crypto being used for negative things. And so that makes it even more important that we are ultra, ultra compliant and what's great about this is there's a lot great opportunities for new vendors to come into the space and harness what existed whether that's harnessing data, different data channels, different IDDent verification channels and creating integrated solutions that enable businesses to just pull this in as a service. It shouldn't be your business, if you're in exchange, compliance is something you have to do. It should not become your business. >> Yeah I totally agree, and it becomes table stakes not a differentiator. >> Exactly >> That's the big thing I learned this week it's people saying security's a differentiator, compliance is a, nah, nah, I have standards. Alright so I got to ask you about the, you know I always had been on the biased side of entrepreneurship which is when you hear regulations and you go whoa, that's going to really stunt the growth of organic innovation. >> Right. But in this case the regulatory peace has been a driver for innovation. Can you share some opinions and commentary on that because I think there's a big disconnect. And I used to be the one saying regulation sucks, let the entrepreneurs do their thing. But now more than ever there's a dynamic, can you just share your thoughts on this? >> Yeah, I mean regulators are not here to drive innovation. That's not what their job is. What's been so interesting about this is that because of regulations coming to Crypto along with these other things, it's allowing businesses to solve the problem of compliance in very exciting, interesting ways. And it's driving a lot of technologies around machine learning, what people like IBM Watson are doing around machine learning is becoming very, very powerful in compliance to reduce that cost. The cost is enormous. An average financial institution is spending 15 percent. Upwards of 15 percent of their revenue per year on compliance. So anything they can do to reduce that is huge. >> Huge numbers >> And we don't want Crypto to get to that point. >> Yeah and I would also love to get the percentage of how much fraud is being eaten into the equation too. I'm sure there's a big number there. Okay so on the compliance side, what are the hard problems that the industry is solving, trying to solve? Could you stack rank the >> I think number one: complexity. Complexity is the biggest. Because you're talking about verifying against sanctions, verifying against politically exposed persons, law enforcement lists, different geographical distributions, doing address verification, Block Chain forensics. The list just stacks and stacks and stacks on the complexity >> It's a huge list. >> It's a huge list >> And it's not easy either. These are hard problems. >> Right, these are very, very difficult problems and there's no one expert for all of these things. And so it's a matter of bringing those things together, and figuring out how can you combine the different levels of expertise into a single platform? And that's where we're going. We're going to that point where it's a single shop, you want to release an ICO? You're an exchange and you need to do compliance? All of that should be able to be handled as a single interface where it takes it off of your hands. The liability is still with the issuer. It's still with the exchange, they can't step away from their regulatory liability, but there's a lot that they can do to ease that burden. And to also just ignore and down-risk people that just don't matter. So many people are in Crypto, not the people here, but there's so many people in Crypto, you buy one tenth of a Bitcoin, you buy a couple of Ether, and you're like okay that was fine. Do we really need to focus our time on those people? Probably not. And a lot of the >> There's a lot big money moving from big players acting in concert. >> And that's where we need to be focused. Is the big money, we need to be focused on where terrorists are acting within Block Chain. That's not to say that Block Chain and Crypto is a terrorist vehicle. But we can't ignore the reality. >> And I think the other thing too is also the adversary side of it is interesting because if you look at what's happening with all these hacks, you're talking about billions of dollars in the hands now of these groups that are highly funded, highly coordinated, funded basically underbelly companies. They get their hands on a quantum computer, I was just talking to another guy earlier today he's like if you don't have a sixteen character password, you're toast. And now it's twenty four so, at what point do they have the resources as the fly wheel of profit rolls in on the hacks. >> You know, one of the interesting things we talk about a lot is we have to rely on the larger community. We can't, I can't, you can't solve all of the problems. Quantum computing's a great example. That's where we look for things like two-factor authentication and other technologies that are coming out to solve those problems. And we need to, as a community, acknowledge That these are real problems and we've identified potential solutions. Whether that's in academia, whether it's in something like a foundation like the Ethereum Foundation, or in the private sector. And it's a combination of those things that are really driving a lot of it's innovation. >> Alright so what's the agenda for the industry if you had to have a list this long, how do you see this playing out tactically over the next twelve months or so as people start to get clarity. Certainly SCC is really being proactive not trying to step on everybody at the same time put some guard rails down and bumpers to let people kind of bounce around within some frame work. >> I think the SCC has taken a very cautious approach. We've seen cease and desist letters, we've seen notifications we haven't seen enormous finds like we see in Fiat. Look at HSBC, look at Deutsche Bank, billions of dollars in fines from the SCC. We're not seeing that I think the SCC understands that we're all sort of moving together. At the same time their responsibility is to protect the investor. And to make sure that people aren't being >> Duped. >> Duped. I was trying to find an appropriate term. >> Suckered >> Suckered, duped. And we've seen that a lot in ICOs but we're not seeing it, the headlines are so often wrong. You see this is an ICO scam. Often it's not a scam, it's just the project failed. Like lots of businesses fail. That doesn't mean it's a scam, it means it was a business fail. >> Well if institutional investors have the maturity to handle they can deal with failures, but not the average individual investor. >> Right, which is why in the US we have the credit investor, where you have to be wealthy enough to be able to sustain the loss. They don't have that anywhere else. So globally the SCC care and the other financial intelligence units globally are monitoring this so we make that we're protecting the investor. To get back to your question, where do I see this going? I think we're going to need to fast track our way towards a more compliant regime. And this I see as being a step-wise approach. Starting with sanctions making sure everyone is screened against the sanction list. Then we're going to start getting more into politically exposed persons, more adverse media, more enhanced due diligence. Where we really have that suite of products and identify the risk based on the type of business and the type of relationship. And that's where we need to get fast. And I don't think the SCC is going to say yeah be there by 2024, it's going to be be there by next year. I was talking to Hartej, he was one of the co founders of Hosho and we were talking on TheCUBE about self-regulation and some self-policing. I think this was self-governed, certainly in the short term. And we were talking about the hallway conversations and this is one of the things that he's been hearing. So the question for you Greg is: What hallway conversations have you overheard, that you kind of wanted to jump into or you found interesting. And what hallway conversations that you've been involved in here. >> I think the most interesting, I mentioned this on a panel and got into a great conversation afterwards, about the importance of the Crypto community reaching out to the traditional financial services community. Because it's almost like looking across the aisle, and saying look we're trying to solve real business problems, we're trying to create great innovative things, you don't have to be scared. And I was speaking at a traditional financial conference last week and there it was all people like this Crypto is scary and it's I don't understand it. >> You see Warren Buffett and Bill Gates poopooing it and freak out. >> But we have an obligation then, we can't wait for them to realize what needs to be done. We need to go to them and say, look we're not scary, look let's sit down. If you can get a seat at a table with a head of compliance at a top tier bank, sit down with them and say let me explain what my Crypto ATM is doing and why it's not a vehicle for money laundering, and how it can be used safely. Those sorts of things are so critical and as a community for us to reach across the aisle, and bring those people over. >> Yeah bridge the cultures. >> Exactly. Because it's night and day cultures but I think there's a lot more in common. >> And both need each other. >> Exactly. >> Alright so great job, thanks for coming on and sharing your insights. >> Thank you so much. >> If you have a quick plug on what you're working on, give the plug for the company. >> Sure, so iComply Investor Services is here to help people who want to issue ICOs, do that in a very compliant way. Because you shouldn't have to worry about all of your compliance and KYC and Block Chain Forensics and all that, you should be worried about raising money for your company and building a product. >> Alright final question since I got you here 'cause this is on my mind. Security token, has got traction, people like it 'cause no problem being security. What are they putting against that these days, what trend are you seeing in the security token? Are they doing equity? I'm hearing from hedge funds and other investors they'll want a little bit of equity preferred and or common, plus the token. Or should the token be equity conversion? What is some of the strings you're seeing? >> You know I think it' really just a matter of do you want paper or do you want a token? Just like a stock certificate is worth nothing without the legal framework behind it. A security token is the same way. So we're seeing where some people are wanting to do equity, where some of their investors want the traditional certificate. And some are fine with the token. We're seeing people do hybrid tokens where it morphs from security to utility or back. Where they're doing very creative things. It's what's so great about the Ethereum Network and the Smart Contracts, is there are all of these great options. The hard part then is, how do you fit those options into regular framework. >> And defending that against being a security, and this is interesting because if it converts to a utility, isn't that what security is? >> So that's the question. >> Then an IPO is an, again this is new territory. >> Right, and very exciting territory. It's an exciting time to be involved in this industry. >> In fact I just had an AE3B Election on tokens, first time ever. >> Yeah it's an amazing state that we're in. Where serious investors are saying yeah token's great for me. Give me the RC20 I'll stick it in my MetaMask Wallet, it's unbelievable where we are. And only more exciting things to come. >> Greg Pinn, thanks for coming on and sharing your insights. TheCUBE covers live here in Las Vegas, Hoshocon, the first security conference in the industry of its kind where everyone's getting together talking about security. Not a big ICO thing, in fact it's all technical, all business all people shaping the industry, it's a community it's TheCUBE coverage here in Las Vegas. Stay with us for more after this short break. (Upbeat music)

>> From the Hard Rock Hotel in Las Vegas, it's theCUBE, covering HoshoCon 2018. Brought to you by Hosho. >> Okay, welcome back everyone, we're here live with theCUBE in Las Vegas, for the first security conference. It's an inaugural event. It's called HoshoCon. This is where security experts are gathering to discuss the future. I'm John Furrier, host of theCUBE. With Joe Kelly, he's the co-founder and CEO of Unchained Capital. We were just talking about the old days, and big day, yeah? Joe good to see you, thanks for coming on theCUBE. >> Good to see you too John, thanks for being here. >> So, take a minute to explain what Unchained Capital is. We heard some people talking this morning, earlier, about your business model, love it. Take a minute to explain what your business model is, what you're doing that's different. >> Sure, so, Unchained Capital, we're really a financial services company, I'd say. Kind of in this new era where we have this challenge of users have crypto currency, they want custody of their assets themselves, they want to maintain some of the grave sovereignty over and control over their money. Not just give it, relinquish it wholly to a bank or someone else. So it's an interesting time to start a business like ours. Our first product is loans. We give out dollar loans, in U.S. dollars, to individuals or businesses who provide crypto currency as collateral. So right now, we accept Bitcoin, or Ethereum as that collateral. And we do accept it in a fully custodial manner today. When you get a loan from us you are sending us your Bitcoin, you're trusting us to keep it safe, and we do. But we also have some more multi-signature models that we'll be releasing soon, that we work with, for instance, Hosho here on getting our smart contract, and Ethereum honored it for doing such a thing with Ethereum. But we're really trying to find ways to bridge that gap of user don't have to quite give up everything , we don't have to have full control, we can still as a lender, safely extend money and know that we can. >> So you've got a lot of couple things going on. >> Yeah. >> You've been topical here at this conference, been hearing in the hallway, there's been sessions on it around custody, >> Yeah. >> So that's one big issue that everyone's talking about, but it's also now your lending. So, this collateral, that's services, financial services, so it's a little bit fin-tech meets cyber security needs. >> Yeah. >> You're in the middle of two cross-hairs. >> Yeah. (John laughs) >> How are you guys doing this? >> I mean, I think, as far we were talking about earlier, my co-founder and I kind of cut our teeth in the big data technology space, and learned a lot through that. And learned a lot especially about how easy it is to get caught up in either a hype, or a market cycle, where you don't pay as close attention as you should to customers, and what they need. We went through a pivot in that business, which was good, the right thing to do, but we wanted to start this company consciously in a way that we didn't have to pivot. So there always has been this kind of focus on the customer, the end user, and what they want. >> Hey, building a sustainable business. >> Building a sustainable business. >> With paying customers, what a great idea. >> Yeah, who would've thought. (both laughing) >> Well turns out it was a good call because with the whole bubble burst thing, you know in February really, I think February to me was the month where you saw the decline, the security token, Rightfully so is the discussion for all the utility all the stuff regulating now, so a little bit of a dark time for us, but, the winners coming out of this will be the durable real builders. >> I think so, yeah. You know we didn't, we chose not to do token sale last year, to our, maybe in the long run it could be a bad idea but we still feel pretty good about it. >> It's a good cause. >> Yeah. >> SCC reported today, I saw it today, SCC is actually having some ICO's give money back on violations. >> As they should, yeah. >> So, you would have been properly optimizing your time on other non-company building activities? >> Yeah. >> Yeah, running around Asia managing token prices >> Now, it's a shame, its like these small teams run out like 12 or 20 people almost running public companies, in terms of the demand and opinions and-- >> Yeah, and they're young, they got keep their eye on the ball, which is the value proposition evolution and also security. >> Yeah. >> Alright, so talk about how, what you're doing here? Why're you here at HOSHOCon, I see they're a supplier, a partner with you guys. >> Yeah. >> But what's, what's the story here for you guys? >> So we got to know Hosho earlier this year, we spent about six months developing a theorem smart contract. So a theorem, it doesn't have a native multi-signature mechanism, there's no way that within the protocol you can speak to the protocol in a way that says, you need multiple signatures to make this transaction valid. Unlike BitCoin that has that multi-signature spelled out. So, and we, with the way we store the currency, we store it all cold storage, we store it with multiple hardware devices, and in so, we believe the only way to do that, or the only way to store cryptocurrency is with that, and with multi-signature enabled. So, to try to-- >> To minimize the risk on the custody side. >> To minimize the risk of, yeah, on the custody side. Also, you minimize risk of theft, you also create some resiliency in the sense of maybe a key is lost, like you got some back up keys to it. So, really important to get to that multisig status but as you maybe saw last year, with hacks like there's a parody multisig wall that was hacked to the tune of some hundreds of millions of dollars. There's several of these multisig contracts people developed that were really sophisticated pieces of software allowed ownership to be transferred or things to change, within the contract that, in our opinions kind of, didn't need to be there, and put the contract at risk. And so we worked on this very simple, bare bones, smart contract that does multisig as closely as, it's already spelled out in Bitcoin. And worked with Hosho on at that, it's been since honored it twice. Both times, passed with flying colors. No issues, not a single discrepancy. >> You did the work up front? >> Did the work up front, yeah. >> That's critical. >> Really smart team of folks that put that together and so yeah we're very security conscious company. We like being present, contributing to conversations like those that are here. >> It's funny, we were talking earlier in some interviews it's like, security is a differentiated of some of these exchanges. (Joe laughs) >> We got better security >> Cheap table steaks. I mean, differentiate? That's like standard. Alright, so talk about how someone uses your service because I think this is fascinating. A lot people are holding crypto, they may or may not want to sell it. There's also fluctuation risks. >> Yeah. >> So how does this system work? I give you my crypto and you lend me money? >> Yup. >> Is it that simple? >> Yeah, so you first sign up to our website. We lend mostly in the U.S., a few international jurisdictions, but as long as you're in a jurisdiction we can lend, you finish out your profile with us. We do do a KYC email check on all folks and then you put in a loan application. And within that loan application, we can either lend you at a 35% loan to value or a 50% loan to value. You have a slightly better interest rate on the lower LTV. What that means is, if you'd like a $100,000 loan, say, you need to provide maybe $200,000 of that collateral up front, in the form of Bitcoin or Ethereum. We can fund loans and you can go from basically a new account and application to a funded loan, in like four hours even. You have that time from the client signing up to us, wiring the money and so that, that, can be a pretty fast process. Which is really unlike any other loan products. Even if you get a unsecured loan on a website, like an Earnest.com or some of these, it can take you many days, a week or more sometimes to close the loan. >> So you're taking a big risk with this, you guys do? >> Well you could say that. I mean, I mentioned that-- >> It all depends on the fluctuation, right? >> 50% on LTV. We do do margin calls, so if there's a 25% price drop, we'll issue a margin call. It means, with the client is required to post more collateral or else we can declare the loan in default. Luckily we've had no defaults, we've never had to force a liquidation over anybody-- >> So explain a margin call real slowly, so okay, it drops below a certain point percent. Let's say 25? You do a margin call, they don't come up with more collateral, to refuel essentially the collateral. You can default, which means you take ownership of the crypto? >> Yup, in that case we would take ownership of the crypto currency. We would sell what portion of it, was need to pay off the principal of interest, and then they get the remainder. But ya, thankfully nobodies ever fully bailed on us in that way. >> Ya, not yet, not yet. Well so for me this is a great service. So, great for people who get some hands on some, some fiat, some cash. Now, on the backhand, I'm only imagining just my brain spins around, you got a lot of hedging going on, you got have math, a lot of math behind it. Maybe, it's big data. How are you managing the back end, because now in your risk profile, so you the margin call, you got some mechanisms, which is great. What's going on in the background? You crunching on some cloud computing, Amazon computing, going OK, where are we with our positions? There must be some math involved. What's going on behind the curtain? Can you tell us a little bit? >> I think you'd be surprised, I think that, we've been able to manage pretty well, with just more puristic and common sense around a lot of this stuff. I think what we did up front before we even, gave our first loan, did a lot of research on historical volatility with Bitcoin. Looking at, ok, what are the most significant drops within a day, or a week long period and, based on that analysis that's where we did come up with this sort of 50% LTV ceiling for us. That says, really? You know, 9.9999 or 99.99% of the time, you will never see anything that big within a day. Maybe a week, there's been a couple of weeks where Bitcoin will go down 50%, in that period but that's, that evolves on like a human reactionalary kind of time scale. Not something that you're-- >> Well today the stock market dropped 800 points today and Bitcoin didn't move. So that's good that there's no corelation. >> Yeah. >> But the point is, you're measuring it. So, is there, the question next question I have for you, as I'm thinking about myself if I was a customer. If I was a customer, do you provide like some sort of total cost of ownership calculative, that I would have to know, okay, 'cause I want to plan, I don't want to be defaulted. Right, so I should have a good understanding of how to manage it so I give you guys some crypto, for the loan. >> Yeah. >> I got to have some reserves. You guys see a formula for that, is there benchmarks or is it more of ad hoc general. >> Yeah, it's definitely, I mean it's a case by case basis but with every client. We recommend not of course leverage all your crypto currency, you want to leave some in reserve for margin call and it just depends on personal situation and how much-- >> And the margin call too, if they give the money back, that's fine too right? So either pay back the loan-- >> Yeah, exactly. Or pay down the principal, which you can do partial payment, we have no prepayment penalty. So pay down some principal, or yeah, post more collateral. Just some way to get that ratio back. >> Got it, cool, how's business going? >> Good, yeah. We think it's been a great year for us, the first half was pretty bananas honestly, just with the kind of bull run and taxis and stuff like that. Summers been a little slower, but we're still full of-- >> Tax season, yeah roll your eyes. Hey, welcome to the tax bill. >> Yeah! >> Trading all that crypto. >> Yeah. >> People had a wake up call. >> Well, it's arguably what killed all the volumes. It's finally when people realized, oh my gosh, you know, I can't 1031 moving forward, I have to pay taxes every time I trade all client for another all client. I think that really dampened volume this year. >> Alright, so I got to ask you, what's going on here, in this event thats folks that didn't make it, what is some of the conversations, a lot of diverse, smart people here. Kind of core kernel industry security, but it's not just security nerds, it's total laid out players on the security side to business we had Andre on talking about custody. You've got you're business here, financial services chain. What's some of the hallway conversations that you're over hearing and that you're been involved in? >> Let's see. I mean, almost just been in, you characterized it pretty fairly I think, there's real engineers here. People that kind of get into base with over the pros and cons of the different programming language, or implementation for smart contracts. So, it's kind of, a definitely more nerdy conference. I haven't heard of one, like ICO I should buy into or anything like that. >> Thank God! >> Pretty nice. >> That's refreshing. >> Yeah. >> I mean an ICO converse, a little bit over, a little long on the tooth there, don't you think? >> It's a converse we deserve. (John chuckles) That's just a tagline. >> Yeah. >> Alright, so what are you seeing as the major trend that's going to bring back, not bring back, but establish more of a mainstream culture with crypto, because you're actually getting into the level of services that certainly for the early adopters and insiders that are been there from the beginning, or involved now making money and having crypto, to Joe Sixpack, out there, who's really, he's interested in, it's really the younger generation love this/ You can't pull a 16 year old away from. >> Right. >> Learning how to mine, getting involved and pretty much anyone under 30, pretty much, is on the crypto band wagon. >> Yeah. >> It's a revolutionary, kind of cultural shift. >> Especially in our customer base, very well over represented there. >> So, how does it get more mainstream? >> I mean I think speaking somewhat biasedly, you know, part of our view is that, we're a company that's here to make crypto currency more valuable in the long run, to it's holders. Not necessarily, doesn't have to be in dollar terms be more pricier, but the idea that before us, before other people doing these kind of loan business, there's really nothing else you could really do with your Bitcoin. You could buy it, you could hold it. And then go sell it later, or you can give it to someone else, kind of trade it for fact or feeling here and there. You could trade it for other off coin. >> Convoluted process though. >> Yeah, all these things. And there, don't have much to do with your daily life. Except for, if you buy a car maybe, and that person will accept Bitcoin, and things like that. But, our clients are buying homes, they're investing in real estate, they're investing in businesses, and paying off credit card debt. Things like this, so. >> What are some of the sample loan sizes? What's the average coming in? >> Well average is $120,000. >> What's the largest? >> Largest is over a million. Yeah. >> Where you guys getting the cash from? >> We have some investors, including some small credit funds, and institutions, high net worth individuals that have pledged to back loans from us. >> So financial pros would get the collateral gain? >> Yeah, totally, you really got to be comfortable with Bitcoin as an asset to then be comfortable with the kind of rates we're talking about here. 'Cause many traditional lenders, they want 20%, 30%, I don't care, it's the riskiest asset there is. Like, they just don't get it. >> So you're building a company, you're a company builder, pragmatic, which is good, but also you got to manage the waves that you're on. Which is high growth and potentially, so you're managing growth. Funding, vision, what's, how is the execution plan, what's the tactical execution plan for you guys? >> I mean, it's interesting. I think, we're talking about getting back to the big data conversation, we really started that, it's a joke that, but smartest thing we do was start that company at the time we did. That, no matter what kind of happened or steps that missed execution, we were on kind of that wave. So, in some ways that formed our philosophy here. But, so you start a business at the right time, and a good space, don't let valuable long term business and let's focus on clients. For us that meant, grow the value of, and the utility of crypto currency is that people are already holding. So, make crypto currency really into the most useful assets in the world. As they should be. They're software, we know they can do more things then what they have done for us necessarily in the last 10 years. So, going forward, I mentioned the loan products we have, we have some storage in custodial technologies we've got, that we will be releasing soon. Things that help you keep crypto currency safe, while consuming products like a loan from us, so. >> And you're based in Austin? >> Yeah, based in Austin. >> How many people on the team? >> 16. >> So a small team. >> Yeah, growing. >> Great, congratulations. >> Thanks John. >> And if I need a loan, I'll come knocking on the door. >> Give us a call >> Regrowning capital. Cube's growing like crazy, going international. >> I like it. >> Going crypto. Joe Kelly, co-founder and CEO of Unchained Capital, check him out. This is theCUBE, bringing you live coverage here at HOSHOCON in Las Vegas. The first security watching conference in the world. We'll be back with more after this short break. (digital music)

>> From the Hard Rock Hotel in Las Vegas, it's theCUBE! Covering HoshoCon 2018! Brought to you by Hosho. >> Okay, welcome back everyone, we're here live in Las Vegas for the first security blockchain conference's inaugural event, HoshoCon, and it's all about the top brains in the industry coming together, with experience and tech chops to figure out the future in security. I'm John Furrier, the host of theCUBE. Our next guest, Andre McGregor, who's the partner and head of global security for TLDR. Welcome to theCUBE, thanks for joining me. >> Thank you for having me. >> So you have a background, we were just talking off-camera, FBI, you've been doing the cyber for a long time, cyber-security, mostly enterprise-grade, large-scale. Now we're in crypto, where you have small set of teams, running massive scale, with money involved. >> Correct. So guess what, money attracts. >> Right. People who want it, want that money. Lot of hacks, $400 million in Japan, plus 60 million over here, you add it all up, there's a billion so far this year, who knows what really the number is, it's pretty big. >> It is, and what's concerning and the reason why I came over in this space was the number of hacks that were happening. My company, we get probably a call a week, whether it's high net worth individuals, CEO, exchanges, we've helped a couple, some that you'd know of if I told you who they were, trying to get out of a very bad situation. And interim response has been big, but what we've learned is that it's the same old fraud, the same old security tactics that are being used against some of these crypto-companies. >> And we've seen it all the time, everyone's had fraud alerts on their credit card, this is like classic blocking and tackling, at a whole 'nother level. >> It is, because if you think about it from, like a traditional start-up, you have a company that's small, they have time to develop their MVP, they go out and do maybe a seed round, friends and family, they're sort of ramping up over time, whereas we basically flipped the model upside-down, the same six founders now have $10 million worth of crypto, and they're not protecting it in the ways they think they should, because they're in hyper-growth mode. So the bad guys have determined that as a great place to target, and now as we see in the news, it's actually happening. >> Yeah, and Hartej, the co-founder of Hosho, was just one talking about physical security, in the sense of you got to watch out where you go too now, it's not just online security, it's physical security. So start-ups have that kind of fast and loose kind of culture. >> Well, if you think about it, traditional security in corporations, I can put everyone in a building, I have this similar or same network egress points, I can protect those, I can do the gates, guards, guns, perimeters around, but I got people working from home now in the crypto space, everyone's got their own setup. If someone's in an audience, they say oh, I've been in the blockchain space since 2010 or 11, I can make assumptions about them, about their financial worth, and other people are doing the same, but having nefarious reasons. >> Yeah, you connected the dots okay, it was $0.22 in 2011, so therefore, if they had kept a little bit of Bitcoin-- >> They would be doing very well. >> They're a target. >> Therefore, they're a target now. So when you think about it, you put all those scams together, it becomes sort of a hot topic for-- >> I just got into crypto. (laughs) >> Good answer, good answer. >> Alright, so let's talk about this security hack. Because obviously, in the enterprise tech, we cover a lot of those events across the year. IoT Edge is a huge topic, cloud computing booming, so now you have a lot of compute, which is good, and for bad actors too. So you have now a service area that's now, no perimeter, there's no egress points to manage. Is there a digital way to kind of map this out, and does blockchain give us any advantages or is there anything on the horizon that you see, where we can, in digital form? >> Well, I mean the true reason I came to the blockchain space, having worked hundreds of victim notifications and several dozen actual intrusions, from large intrusions at banks that are top five in the world, all the way down to small core defense contractors, you realize it's always a server you didn't know about, credentials that had more access than they should, obviously gaining access to a centralized server, that then gets exposed and allows that data to be leaked out. So the idea of blockchain and being able to decentralize, distribute that data, own it, and keep it cryptographically pure, and also being able to essentially remove the single source of failure that we saw in a lot of these hacks is exciting. Obviously, blockchain is also not the answer to everything. So in some ways, the spread sheet is still a spread sheet, and the MongoDB will still be the MongoDB, but-- >> The post-it next to your computer, your private key on it. >> But at the same point in time, it all comes down to cyber-hygiene, right? I mean, the stuff that we're looking at, the hacks that we're seeing, the hacks that I'm dealing with and my company dealing with, day in and day out, are not sophisticated. They may be sophisticated actors, but they're using insophisticated means, and of course, I hate to harp on it, but e-mail is still the number one intrusion vector, we all have it, we all use it. You could take stats from the FBI that says 92%, you could take stats from Verizon that says 93%, but that will be the number one way in. >> And phishing is the classic attack point. >> It will always be, because-- >> It's easy. >> I can manipulate people, I find the right opportunity, I always say even I've been phished. It happens, the way your mind is, it's just how you react, is what we need to teach people. >> It's really clicking on that one thing, that just takes one time. >> Yep. >> A PDF that you think is a document from work, or potentially a job opportunity, a new thing, sports scores, your favorite team, girlfriend, boyfriend, whatever, I mean, you don't know! >> But, I'm going to challenge you on this, you get, you click on that bad link, or you feel like your computer has been hacked, who do you call? Do you actually have someone that you can call? There's no cyber 911. Unless you are a high net worth individual, or being targeted by a nation-state, you're not calling the FBI. So who do you call? And that's a problem that we have in our industry right now. I mean, I guess I've been the person that people have been calling, which is fine, I want to help them. 12 years as a firefighter on top of my FBI career, I'm used to helping people in time of need. But really, in the grand scheme of things, there's not enough Mandiants or Verizons are too big. So for these smaller, six-person companies, that don't have $500,000 to spend on instant response, they actually have no one to call when they actually do click something bad. >> And the people they punch in a call, the ones that aren't actually there to help them. Sometimes they get honey-potted into another vector. >> Sure. >> Which is hey, how can I help you? >> Or I even challenge it a bit further. You call any of these companies when your phone has been hacked, you SIM-swap, whatever it is, and you need to sign a master services agreement, you need to go through all the legalese, while you're actively being hacked. Like, it's happening hour after hour, and you're seeing it, your accounts are being compromised and being taken over, and you're trying to find outside counsel to do redline. So in emergency services, we say, don't exchange business cards at the disaster site. It's not the time that you should be saying hi, I'm introducing myself, we should figure out all the retainers, inter-response, legal questions beforehand, so that at 2:00 in the morning, someone calls, and you have someone pick up the phone. >> Yeah, and you know what the costs are going to be, 'cause it's solve the problem at hand, put out that fire, if you will. Okay, so I got to ask you a question on how do people protect themselves? 'Cause we know Michael Terpin's doing a fireside chat, it's well known that he sued AT&T, he had his phone SIM swapped out, this is a known vector in the crypto community. Most people maybe in the mainstream might not know it. But you know, your phone can be hacked. >> Yes. >> Simple two-factor authentication's not enough. >> Correct. >> What is the state-of-the-art solution for people who want to hold crypto, any meaningful amount, could be casual money, to high net worth individual wants to have a lot of crypto. >> I mean, I spent a good amount of my time talking about custody. We've sort of pivoted off to a new part of our business line, that deals specifically around institutional custody solutions, and helping people get through this particular process. But we all know, especially from that particular case, that SMS compromises, after account takeover of a phone, is high. Hardware tokens are always going to be something that I'm going to, Harp or YubiKey, or something like that, where I'm still having the ability to keep a remote adversary away from being able to attack my system that has my private keys, or whatever high-value data I have on it. But if I think about it at the end of the day, I'm going to need to transfer that risk. I would like to say that we can transfer all risk, but instead for the people that have a lot of crypto, you're going to need to look for a good custody solution, you're going to need to look and trust the team, you're going to need to look and trust the technology they have, and you're going to have to get insurance. Because there are so many vectors, in a certain point in time, we can't go back to the wild west, where we're actually >> The insider job is, is really popular now too. >> It is, but there are ways around the collusion, counterparty, third party risk of ensuring that not one person can take the billion dollars worth of crypto and run away off to Venezuela and never appear again. But again, it comes down to basic hygiene. I ask people, I've surveyed hundreds of people in the crypto space, and I ask simple questions like VPNs, and I'm still getting a third to a half of people are using VPNS. Very simple things that people are not doing. When you looks at password for example, if anyone still has a password under 12 characters, then game over. I mean, there are a variety of ways of hacking them. I can use GPU servers to do them very quickly. I won't go into all the different options that are there. People still-- >> So 12 characters, alphanumeric obviously, with-- >> With special characters as well. >> Special characters. >> But the assumption, let's just make the assumption, that either those passwords have been cracked already, because they've already been dumped, people share passwords, they get used again, and then the entropy is exponentially higher with every single character after 12. So my password's 22 characters, sure it's a pain to type it in, but when you think about it, at the end of the day, when I combine that with a password manager that also has a YubiKey that's a hardware token, and I require that access all the time, then I don't run into the problem that someone's going to compromise a single system to get into multiple systems. >> And then also, I know there's a lot of Google people as well, they're looking at security at the hardware level, down to the firmware. >> Sure, sure. >> There's all kinds of-- >> I mean, obviously, you could use the TPM chip as well, and that's something that we should be better at, as a society. >> So while I got you here, I might as well ask you about the China super micro modchip baseboard management controller, BMC, that was reported in Bloomberg, debunked, Apple and Amazon both came out and said no, that's been confirmed. They shift their story a little bit too, the reality probably there is some mods going on, it's manufactured in China. I mean, it's a zero-margin business going to zero, why not just let the Chinese continue to develop, and have a higher-value security solution somewhere else, that's what some people are discussing, like okay, like the DRAM market was. >> Yep. >> Let the Japanese own that, they did, and then Intel makes the Pentium. Wall Street Journal reported that, Andy Kessler. So the shifts in the industry, certainly China's manufacturing the devices. There's no surprise when you go to China, and if you turn on your iPhone, it says Apple would like to push an update, but that's not Apple, it's a forged certificate, pretty much public knowledge. The DNS is controlled by China, and a certificate, these are things that they can control, that's, this is the new normal. >> It, it-- >> If you know the hardware, you can exploit it. >> We've been dealing with supply-chain issues since Maxtor hard drives in Indonesia. So was I shocked when I hear stories about that? No, I'm sort of scared myself into a corner, working in skiffs over the years and reading the various reports that come out about supply chain poisoning. >> Certainly possible. >> It's happening. I mean, it's just to what extent is still something that may or may not be known to its full extent, but it's something that will happen, always happens, and will continue to happen. And so at a certain point in time, capitalism does step in and says alright, well, guess what, China, the way I see it is, China wants to be a super-power. At a certain point, they know that people are looking at them, and saying we can't trust you. So they're going to clean up their house, just like anyone else. >> It's inevitable for them. >> It is inevitable. Because they need to show that they can be a trusting force, in the world economy. And at the same time, we're going to have competition out there that's essentially going to say, alright, we can actually prove to have a much better, stronger, validated supply chain that you'll use. >> I mean, IoT and blockchain, great solutions for supply chain. >> 100%. >> I mean, so this is where-- >> I mean, we're talking, I mean, I was actually on a plane flying from Phoenix, to Santa Fe, New Mexico, and I was sitting next to a guy, who was just like, I just want to use a blockchain to be able to deal with a supply chain around compromised food. So in the sense that if you think about it, fish for example, there's a lot of fake fish, fake type of tuna and other stuff that's out there, that people don't know the difference. But the restaurants are paying double, triple the amount of money for it. You start taking things like elephant tusks, you take things like just being able to track things that no one's really thinking about, and you're just like huh, I never thought of it that way. So at the end of the day, I still get surprised with what people are thinking about, that they can do with the blockchain. >> So Andre, question for you here, this event, what's the impact of this event and for the industry, in your opinion? Obviously, a lot of smart people here talking, candidly, sometimes maybe a little bit contentious about philosophies, regulation, no regulation, self-governance, lot of different things being discussed as exploration, to a new proficiency level that we need to get to. What are some of the hallway conversations you're hearing, and involved in? >> A lot of mine are obviously around custody. That is the topic of the moment. And for me, I'm in learning mode. I recognize that I've spent a lot of time in cyber-security. However, whereas it relates to blockchain and digital asset custody, whether it's utility tokens or security tokens, I'm on the CFTC Technology Advisory Committee, specifically, with cyber-security and custody, and so I want to take in as much information as I can, bring it back to the committee, bring it back to the commissioners, and help them create the proper regulations and standards, whether it's through an SRO, or it's through the government itself. >> For the folks that may watch this video later, that are new to the area, what does custody actually mean? Obviously, holding crypto, but define custody in context of these conversations, what is it, what's the threshold issues that are being discussed? >> Sure. I mean, to break it down, custody is very similar to a bank. So you are, you're saying I have a lot of X. It could be baseball cards, it could be gold bars, it could be fiat cash. And I want to have someone hold it, and I'm going to trust them with that. Of course, I'm transferring that risk, and with that, I have an expectation to have a qualified custodian, that has rules and regulations of how they're going to actually manage it, how they're going to control it, ensure that the risk, that people aren't going to take it. It could be, again, the Monet, it could be the Johnny Bench Ricky card, it could be 100 million blocks of gold. But I also want to have a level of insurance. That insurance could come from the insurance industry themselves, and allowing me to protect it in case something does happen to that, or the government. The FDIC, $250,000 for your bank account is a type of insurance that people are using. By the end of the day, from an institutional perspective, you want a pure custodian that takes all the risk. The government wants to say a certain point, that that custodian can allow for margin call, so that the client can't come in and say, well I'm not going to pay out $100 million worth of crypto, and I'm going to seize, or seizure of funds as well. And that's what's being set up right now. Traditional banks are not ready to handle that. Traditional auditing firms, like PWC or Ernst & Young, are still trying to figure out how they'd even be given a qualified opinion, as it relates to how-- >> So it's not so much that they are not have the appetite to do it, they don't have systems, they don't have expertise, >> They don't have systems, they don't have expertise, >> They don't have workflows. >> And right now, things are so new and so volatile, that they're sort of almost putting their toe in the water, but really not sure what the temperature is yet of the water to hop in. >> If someone wants to go to court, you say hey, prove it. Well, it's encrypted, I don't know who did it. >> Well, and the thing is is that when you have 53 states and territories with different money-transmitting laws, on top of the countless federal agencies and departments that are managing that, it is hard to come to consensus. It is much easier in a place like Bermuda, where the government is small enough where everyone can get together pretty quickly, have consensus on an opinion of how they want to deal with the crypto market, deal with custody, pass a regulation, and what's nice about Bermuda is it has crown ascendancy, so the UK government still approves it. >> And they move fast on the regulation side. They literally just passed-- >> They are the only jurisdiction that has a fully complete law surrounding cryptocurrency. >> You're bullish on Bermuda. >> I am, because I saw the efficiency there. And I expressed my same opinion with the CFTC, when I was doing my hearing last week, that it's nice to see the speed, but it's also a small island that allows for that speed. >> And they have legitimate practices that have been going on for years in other industries. >> Right, so there's no dirty money, there's no anything that people are sort of concerned with, they have the same AML, KYC, anti-money laundering and know your customer regulations that you would expect if you had your money in the United States. >> Yeah, we had a chance to interview the honorable charge there. >> Premier Burt, oh very nice. >> Yeah, he's great, and Toronto, so it's awesome. >> Nice. >> Alright, so final takeaway, for this show here, what's your takeaway about this event, the impact to the industry? >> This is a very important event, because I think people are still trying to get their footing around blockchain, they're still trying to get their footing around digital asset protections. And if we can get the smart people in one room, and they can share knowledge, and then we can come together as a community, and create some standards that make sense, then we're protecting the world. >> Well Andre, I'm glad you're in the industry, 'cause your expertise and background on the commercial side and government side certainly lend well to the needs. (laughs) So to speak. We need you, we need more of you. Thanks for coming on theCUBE, really appreciate your commentary and your insight. It's theCUBE, bringing the insights here, we are live in Las Vegas for HoshoCon, I'm John Furrier with theCUBE, we'll be back with more coverage after this short break. (upbeat music)

>> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HoshoCon 2018. Brought to you by Hosho. >> Okay, welcome back everyone. It's theCUBE live coverage here in Las Vegas for the first annual blockchain security conference. The brightest minds in the industry coming together, it's called HoshoCon, and it's presented by, and sponsored by Hosho. But it's not their event, it's an industry event. And we're here with the co-founder and president, Hartej Sawhney, who is theCUBE alumni. Great to see you. You guys are doing a great event. Thanks for coming on. >> Yeah, it's always good to see you, and I'm so glad theCUBE is here at HoshoCon. >> So you've talked with us many times, but recently in Toronto about this event. This is not your company's event. You guys are putting it together. You're holding it because there's no other conferences that do this, but it's not just you guys. You guys are bringing the industry brains together. >> Yeah, I mean, we see ourselves as being on the intersection of cybersecurity and blockchain. And (coughs) just getting over a cold, but not a lot of conferences are out there that have a open discussion about cyber security in the blockchain industry. And hundreds of millions of dollars are stolen from exchanges. And 10% of all the money in the ICO space has been lost or stolen. And there's simply not enough platforms for this to be discussed. So, we figured we'd start the first conference that solely focuses on being a blockchain security conference. We chose not to have any ICO pitch competition. And it feels like there's more and more typical blockchain conferences out there, but it's important to be home base for anyone who wants to affiliate themselves with cyber security and the blockchain industry. >> And the depth and breadth of security is changing. We are hearing talks with, unfortunately I won't be able to attend the sessions, we're interviewing people all day, but amazing talks. How to hack an exchange, all these new surface areas. I mean, people kind of generally know they're unsecure, but this growth going on. There's new things happening. This is exposing some of the security vulnerabilities. What is the hot topics in the talk tracks here at HoshoCon? >> We have Anand Prakash, who runs a company called AppSecure. He's one of the worlds best white hat hackers. Who has hacked into the likes of Linkedin, Facebook, Google, all the top names. And to have someone walk us through today, Anand Prakash said, "Here's how you hack into a crypto "currency exchange and here's how they actually did it." And to have a white hat hacker walk us through that, it opens up our eye balls as to how easy it actually was for a Japanese exchange to loose 500 million dollars. That's no small sum of money. And this industry is only going to survive if we together as a community come together and evaluate how was it that 500 million dollars got stolen? And how can we as a community of global lovers of bitcoin make sure that this does not happen moving forward? >> On that exchange hack, 500 million dollars in Japan, was that white hat done or was that black hat? >> It was black hat. Unfortunately the money's not been given back. >> So it's not given back. So that's a half a billion dollars? >> It's half a billion dollars stolen, yeah you know. How many industries are worth just about that much? >> Yes, you could feed a couple countries. This is legit, right? Obviously it's like total, you know, wild west if you want to call it. Stage coach robberies they got the mask on. No one knows who it is. This is real, this is absolutely real. What are you guys doing as an industry? What's happening here to prevent this? What are the key, you know hygiene or social, anti-social engineering? What are the key things that are going on that are solving this problem? >> So, every exchange needs to value security and get a penetration test. Every company needs to make sure that somebody at their company is in charge of their in house security practices. Most companies when you ask them, "Who's in charge of security?" They point their finger at the CTO. The CTO is in charge of architecting the software. You need to have somebody full time, in house taking care of the security. Ideally a CISO and if you can afford it, pay someone five to ten thousand dollars a month as a consultant to come in for a couple of months and take care of your in house security. These are basic things that, you know, surprisingly most bitcoin exchanges often times when they're hacked, they're hacked by a basic phishing attack. That one of your employees opened up the wrong email. They opened up a PDF and the hacker gained access to your computer and is now monitoring your keyboard strokes and stole millions of dollars. Or the exchange didn't get an actual penetration test of their exchange. Or exchanges are listing contracts that have not gone through a professional smart contract audit. These things are now, also we're seeing them service in regulation with central governments. And it seems that all the smaller island nations are spearheading the way in terms of writing clarity on regulation. In Malta, Bermuda, Gibraltar, all of them are trying to spearhead the way. I'm much more excited, to be honest, about some of the larger nations bringing clarity on regulation in the next two to three years. We all can't just move to a small island off the coast of Italy that is infamous for actually laundering money in the gaming space. Yes, now they're trying to bring clean clarity doing KYC and AML in Malta and write a actual regulation about security. And if you're domiciled in Malta and you're a exchange then you can only list a token that's been audited. It's wonderful but at the end of the day Malta is also a part of the EU and if the EU changes their mind, things can change Malta. I just feel like it shows the immaturity of the space. If very legitimate companies are all going to flee to small countries like Malta or to islands like Bermuda. Good on those island nations for being so pragmatic and forward thinking and for bringing legal clarity. I mean if I was in an exchange today, arguably yes you have to go to Malta if you want clarity on regulation and you don't want to be in the United States. Right now, Malta is your choice. I'm just personally a little bit much more excited about the next three years where, I make a joke to my co-founder and I say, "The suits are coming." That we look around these conferences and you don't see that many suits but the fortunate 500, many of them are either writing private blockchains, they're evaluating how they're going to leverage blockchain technology in their major businesses and they're going to leverage decentralized applications and tokenization for already running products that have millions of customers, that are already profitable and then when they get tokenized they're going to be up and running right away. So the next two to three years are going to be very interesting. From Hosho's perspective we've taken a big turn towards catering towards more publicly traded large sophisticated companies. We've partnered up with Telefonica. Telefonica is a Fortune 200 company. Its wonderful to be able to leverage that kind of a brand. To deal with major world wide entities that are publicly traded come to Telefonica and evaluate how they can leverage blockchain technology and get one bundled security package that includes Hosho, Rivets, and Telefonica. >> Yeah the Rivets solution is interesting. It's a hardware based solution. So the subscriber of the phone becomes the entity. It's really interesting and I think this points to new paradigms of security, which I want to get to in a second but I want to just unpack what you said about the small country, big country dynamic. Great for the small countries to be opportunistic. To be creative and capture this opportunity. But people want stability. They want clarity on regulations, yes, but also standards, technical standards. >> We can't all just move to the small country of Malta. >> Yeah I'll be in a plane the whole time. >> It just doesn't work. >> Yeah and by the way the game changes too. Whats the implications of say, Malta decides one day, "You know what?" "We're getting out, we're changing things." A company would have to move their domicile again. So it's a moving train, you don't know what you're going to get. It might be stable now but it's not a scalable opportunity. >> Yeah, people have families and they want to stay where they are. Simple as that. We have large countries that have a strong crypto community that's growing and let's see how they pan out. Singapore seems like a likely next candidate. You have Korea. I would argue to say that the worlds first decentralized application that will be massively adopted will be in Korea. Korea is going to be the place where we have the worlds first decentralized application launched with mass adoption, a paradigm shift. The kind of shift where you forgot what it was like before you used Gmail regularly. >> Yeah, total, total infrastructure change. Alright so I got to ask you the hallway conversation question. Obviously you're very popular here. It's you event, you're sponsoring with the community. I see you talking to a lot of people at the VIP dinner last night. What are some of the hallway conversations that you're having? A lot of interesting people here from diverse backgrounds, in security, technology, some policy, some regulatory, some business, and legal, but really bright minds. What's the hallway conversation like? What are you talking about? >> We're talking about how all of us are going to survive crypto winter that we just entered. We've entered a time where fund raising has become extremely difficult. A lot of funds are simply bleeding. They lost a lot of money and they're not cutting checks right now. So the companies that are going to survive and stick around through this crypto winter, they're making a strong statement and they're going to be the ones that are going to stick around. And a lot of them are here at this conference at HoshoCon. And it amazing to have discussions to see what are the problems that fellow founders are facing? Building companies that will survive this crypto winter. Another thing has been just what are we going to do as a community to self-regulate? Are we going to create self-regulatory organizations? Are we going to let another Moody's get created? What is our viewpoint on regulation in the space overall, right? We love Max Keiser. His viewpoint on regulation is very extreme where he believes bitcoin is a self-regulatory technology. And on the other hand we have people saying, "No, we need to quickly move to regulate the space. "Work with central banks, work with central governments, "and write out the regulations." That's been lot of the hallway conversation. And a lot of other ones that have been really intriguing to me has been people talking about what are things that they have done within their company to protect their employees. Because the reality is in the crypto currency space every single employee of a major company in this industry is a target by naturally being in this industry. And this includes you. We are all naturally targets. And it's not about how much bitcoin you have maybe its about how much bitcoin someone thinks you have. And all of a sudden you become a target. And we need to think about things like our physical security. So some of the more interesting conversations I've been having with people have been around, along the lines of what are you doing to protect you and your family in regards to your physical security? On top of that your online presences. >> So ransoms, people getting kidnapped and or extorted. These kinds of physical pressures? >> Yeah, like ShapeShift has a lot of great stories. Michael Perklin from, the CIS of ShapeShift is here. You should totally talk to him and get him on theCUBE. Michael Perklin has a long list of war stories that ShapeShift has been through. Some of them they went through before he was actually hired as a CISO. And ShapeShift would've also not been hacked of millions of dollars if they had brought on a CISO earlier such as Michael Perklin. I believe they had hired him as a consultant. Did not renew the contract, got hacked, and brought him on as CISO. And he was like, "If you had continued working with me "I would of, this would of been avoided." And that's really-- >> It's foolish. >> One other thing I've seen with ShapeShift actually is online you'll notice that all the employees of ShapeShift, their last names are not online. So on the website it says, their chief marketing officers name is Emily, it says "Emily Shape Shift". And their badges at conferences also says "Emily Shape Shift". These are interesting things to learn from other companies that this is what you're doing to protect your employees from them being hacked. It's very interesting for us to all exchange notes-- >> Shoot I'm out there, (mumbles) everywhere pretty much online. >> Well I'm out there as well. We just got to protect ourselves and we got to think about things like our physical security. People feel uncomfortable thinking about their physical security. They think that, "Oh no we're in America, "we'll just call the cops." What about when we travel? What about when you and I are in a village in Thailand hanging out? We are microorganisms and when microorganisms are hungry they'll do what ever it takes to eat. So if they smell abundance, you and I are in trouble. >> Yeah, we got to be careful. And this is something that you really got to worry about because there's been tons of war stories. Now ultimately when you get back down to the wallet, it's one of the things we've been talking a lot this morning on, with Rivets, was on about the notion of how hard it is for mainstream to use tokens. Where's my private key? This has always been the crypto problem, even with private key encryption. >> Yeah, or should we build a multi-sig wallet to store your tokens in a secure manner? People have been asking us for a long time, Crypto funds, ICO's, "How do we store our tokens!" And our problem was that A, we've either hacked into the other wallets that are available and we saw that they're insecure or the UI and UX completely sucks. So we said lets build our own and so we built our own. >> Are you open sourcing that, is that-- >> No, we're going to be, this is going to be a unique multi-sig wallet that we release, it's not. You're open sourcing the actual code of the wallet or else it's not going to be considered legitimate. >> Yeah, it's good, it's a goldmine. >> It's a profitable venture. >> And that's going to be 100% bullet proof? >> It's going to be very secure. >> Let's talk about Meadow Suite. >> So, we came to a point where our engineers needed better tooling to find security vulnerabilities in smart contracts. And what is available, Truffle, is weak and slow. And so we built Meadow Suite. We built in a long list of tools and a full suite of tooling that we believe are going to be used by a long list of people that are building on the Ethereum blockchain. Including a lot of our competitors. And so we've open sourced it and we're excited for people to check out Meadow Suite. It's on GitHub and our engineers have put a lot of time and effort into it. We even have our own logo for it. >> And the goal is to automate things, make it easier? What's the main, main initial goals? >> I would say, long story short, is to find security vulnerabilities in smart contracts and to build tooling around that. And to effectively build and find vulnerabilities in smart contracts. >> So they build it into their development process natively? >> Correct. >> Alright Hartej great to have you on and hey congratulations for putting on this event. I know we've talked about >> Awesome to be here. it in the past, it actually happened. It's the first inaugural one. >> We had this vision and I'm glad it came through. We had a great global events team. Gabriel Shepherd, and Ryan Shewchuk, and Brad Horspool, and Michelle Yon. And like they've put on conference's the size of Southwest by Southwest. And our vision is, look we're not in the events business. And we're a cyber security business at the end of the day. But we found it necessary that there has to be a conference where there's a platform for people to talk about cyber security intersecting with the blockchain industry. There's got to be a platform for someone to get on stage and say, "Hey here's lessons that "we learned from getting hacked" And if this industry is going to survive, this topic needs to survive. And the brands that want to affiliate themselves with blockchain security and that want to be apart of the discussion. This will be a go to conference every single year. We're going to keep doing it and I look forward to having you at every single one, coming. >> It's been great. And you know what's key is having reputable people working together in a community, building an open community, sharing data, sharing best practices, and having candid conversations. >> Yep, it's the only way to get someone as epic as Andreas Antonopoulos to your conference. I mean my co-founder and I have been looking up to Andreas for so long. Watching videos of Andreas. Watching videos of Max Keiser, Stacy Herbert. To have them here is really just truly remarkable and I'm grateful, I'm honored, I'm touched. I'm touched to have you here. I miss David Vellante, I wish he was here. >> He's in San Francisco, he says hi. He was going to fly in tonight but-- >> He texted me. >> He did, okay. >> Hartej it's great to see you. >> Great to see you >> Congratulations. as well. thank you. >> Great event. Okay we're here live with theCUBe coverage for HoshoCon 2018, the first inaugural security conference on blockchain. Industry leaders coming together. The brilliant, bright minds of the industry working out the solutions, trying to pedal faster. Better security, check it out HoshoCon.com. I'm John Furrier stay with us for more coverage after this short break. (techno music)

>> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HOSHO CON 2018. Brought to you by HOSHO. >> Hello everyone, welcome back to theCUBE special live coverage here in Las Vegas for the first ever, Blockchain Security Conference. Really discussing security as an industry, it's called HOSHO CON, put on by HOSHO. We're here with the Co-Founder and CEO of HOSHO and main supporters of sponsoring this project or event HOSHO CON. We have Yo Sub Kwon, who is the CEO and Co-Founder. Good to see you. >> Good to see you, good to be here. Hey thanks for putting this on. I've interviewed Hartej, your Co-founder, in Toronto the Futures conference. We've had many great conversations on theCUBE. But when we talked about HOSHO CON, this conference, he really wanted to do it as an industry conference. Not as just a HOSHO event. >> (Yo agrees) >> This is really key to you guys culture here at HOSHO your company. >> Yeah. >> Take a minute and explain the event. Why this event? Why the format? And that it is open? >> I mean basically, you know, like we've been to just so many events over the, like I think we've done like 80 events this year, and the topic of conversation is, you know, around investing, it's around ICO's, it's around all these things and security touches all of those and I just feel like, and we all felt it and like the other security companies felt it too, that it just wasn't a topic that was discussed in great enough depth especially given the increasing amounts of hacks and theft and all these problems that relate directly to security. And I just feel like it's really important for us as an industry to discuss, you know, what security practices are good? What should be done? How you should do them? What resources are available to companies to learn more about security? And what resources don't exist and need to be developed? And that needs to be done in a collaborative way. Well congratulations and props to you guys for really sponsoring this and taking the leadership role in the industry but again you guys are humble and it's a good way to do it. Is to have these conversations. So thank you for doing that, appreciate it and thanks for having theCUBE here. We really appreciate it. The question I want to ask you is: I've noticed a trend here, first of all a lot of smart people here, so it's like, it's not a massive, no IPO, ICO pitch competitions, this is really down and dirty security. >> Yeah. >> Okay, black hat, white hat but it's kind of a intercultural vibe it's the community. >> Yeah. >> Coming together. But also two kind of tracks are developing there's the crypto security and then there's cyber security threats coming up. Because you said it's touching on all these points. And you're hearing, even hearing a little bit of IOT and hardware, we had Rivetz on earlier the CEO Steven Sprague so a lot of different solutions and a lot of different opportunities, a lot of different vulnerabilities. Can you explain the landscape of how the players are here, where are they coming from? >> Okay, yeah. >> What's their backgrounds? >> Absolutely I mean there are definitely, a lot of brilliant minds here and that was one of the goals of HOSHO CON is to bring people that are of all different, you know, parts of the industry whether they're, they're layers or they're information security experts or they're, you now, regulators or they're it just, developers bring them all into the same room and to kind of discuss these problems that you know, plague all of us and you know a developer's going to have a much different perspective and solution than a lawyer and but those thing can work together and the problems might still be the same. And so we've been in the industry for just like, even though HOSHO's a young company, the people that are on our team, myself, I've been in, I got into Bitcoin eight years ago, like we just have this network of people that are in the industry, have seen the kind of like cyclic nature of, you know, like a gigantic influx of people come in, these problems arise where, you know, entrepreneurs are like really focused on like growing, getting traction and then they focus less on their security, it goes to the wayside and then these big hacks happen and then the industry kind of smartens up and everything you know starts getting a little bit closer to what seems you know maybe safe or like approachable for a growth trajectory and then another gigantic influx happens and then the same thing. And so what we really need to do is like when that next big influx happens is to have standards in place to have things that an entrepreneur can just turn to and be like: "Okay, this is what I need to do "if I want to be considered credible in this industry "and I want to protect my users and my investors." >> Can you talk about some of the top conversations that are going on here, because I think that's a great point? People want you know legitimacy, they want solutions that work, that are credible and then maintain kind of, I won't say enterprise grade, but commercial grade reliable so that people can focus on building up their companies and or preparing for the growth. What is some of the top conversations? >> A lot of it's just learning about what other people do, like even with like Rivetz, we're putting, they're using the trust executions based on like what's already on billions of devices and you know basically letting people know that that space exists on this hardware and that they can be used for all these different purposes to validate you know data going in. And, you know, there's been conversations around custody. I was on a panel earlier today about custody and basically the way I felt like it left off and the conclusion was that there is a long way to go on custody but it is incredibly crucial. Big institutional players that want to enter the markets and want to put their money into a regulated custodian they're, it's difficult to do so even with registered custodian's existing because the limitations that they have in understanding the technology and being able to provide support for all the different digital assets that exist. >> So we're reporting this morning the SEC herein the US has tightened the noose on the ICO-funded startups. I think the story originated out of Decrypt Media but essentially the SEC, Securities and Exchange Commission, is cracking down and they're going back and saying: "You got to refund some of that money." >> Yeah. >> Because of violations. That's one regulatory thing but there's also, there's software that writes these smart contracts. You guys are in that business. The software is software money, security is critical. How stable is this becoming in your mind? What's the to do items? How should a company who want's to either use the ICO process or and or use token economics to fuel their business model they got to be secure on the business front? >> Yeah. So basically smart contracts were so new when we first got in to it that people just didn't know how to develop securely in them and so there were just critical mistakes being made all over the place. We've seen over the last year a lot of improvement on that front, more libraries are being developed and people are writing consistently more secure contracts. But now what we're seeing is contracts are getting increasingly complex and with additional complexity, because it's software there's room for, you know more problems and I think that it's going to, it's going to be an interesting challenge going forward, there's thing like formal verification I think that has a huge place in the future regarding smart contracts but it's there's a lot of tools that need to be developed that's one of the things that we worked on and we're really excited about is Meadow Suite because that's software that let's you develop smart contracts. We built it intentionally with security analysis in mind and then we made it more full featured to become a development tool for writing smart contracts and developing a protocols. And so I think the more of those type of things that you see come out that bring it more to feature parity to what software developers are used to if they're say building a web application it makes it a lot easier to adhere to good practices and write secure code. >> And also kind a not have to do manual audits? >> Yeah. >> I mean at the end of the day you want to get to some sort of automation. >> Absolutely. >> Framework. >> I mean we've already automated a lot of the things that we do. But and there's still a lot left to do but we know that there is a lot left that can be automated and we hope that eventually the tools are just put into developers hands were they can do most of that work themselves. >> Yo Sub take your CEO hat off from HOSHO for a minute put your industry hat on. >> Okay. >> What are some of the names here that, and conversations, topics that you find interesting personally? >> Okay, I mean. >> (John laughs) >> A lot of people that we brought here are like our friends, we know them right? And so like I was talking to. >> Your kind of celebrities. >> I was talking with like TokenMarket earlier and like, you know, we're partners with them and they really, they're really great guys and like some of the stuff that they are trying to do and you know just listening to what other companies are trying to do with like security tokens that seem to be the thing that really moving forward. And I'm kind of fascinated like, we try to stay agnostic you know like when we're like looking at all these different technologies. But then like someone explains something to you and you're awe man that's really cool. >> Yeah. (both laughs) >> And there's some good minds here. What's the coolest thing you've seen so far? >> Well I've been locked in, I've been locked behind doors in a lot of meetings so far but the, let's see, I think what Unchained Capital is working on is really sweet. They basically, I mean like I think their business model makes a lot of sense. Like basically they hold your crypto's so you maintain exposure to it and then they'll issue you a loan. They can like turn around a loan like in 24 hous, you just hand then a bunch of Bitcoin and then they'll just give you cash and then you can you know you have that cash and then you still maintain exposure through crypto if you pay it all back you get your crypto back. (laughs) >> So it's collateralized crypto? >> Exactly I mean like that makes perfect sense to me. Like you know it's just like as long as you can liquidate that crypto and Bitcoin or Ethereum like those are big enough markets now where you can easily liquidate. Well that's awesome. Thanks for putting on this event and I want to get back to HOSHO. How's business going? You're the CEO, Commander in Chief, what's going on with the company? How's things going? >> Yeah. >> Quick update. >> Well everything's crazy right, like we're moving quickly and the next steps are Asia. We really want to basically penetrate those markets. Only, we don't have as much coverage there as we would like but having spent some time there earlier this year doing some reconnaissance it's a crazy, crazy space over there. There's a lot of action happening, there's a lot of adoption. People are really enthusiastic about it but security almost seems like six months to a year behind North America and Europe as far as what exchanges are requiring, what investors are demanding of their portfolio companies. And so I think that now that they've had such major hacks happen over the last six months they're starting to realize. >> Major hacks talking about 60 Million. I mean I heard numbers up to 300 plus million. >> Yeah. >> I mean these are it's not like five dollars out of your wallet. >> Yeah. >> This is massive. >> Like over a billion dollars has been stolen in some capacity and like it's been pretty crazy yeah, so. >> Where's the big vulnerability? Exchanges, is it the DApps, where's the holes? >> They're all over the place but the biggest numbers definitely come from exchanges. Exchanges just need to be far more responsible and just, I feel like a lot of it is just negligence. They're growing so quickly that they don't pay attention to, you know, putting resources into educating their staff on really simple security practices. You know things like phishing and social engineering, like things that were good security practices still are good security practices. And a lot of those attacks are not even anything like some new exploit of a new technology it's the same kind of thing of like phishing, social engineering, sims swapping, you know, poor user access control, bad passwords. >> I mean the basics. >> Yeah. >> But this is what growth does to you you've point earlier. As more people start feeling growth there's more exposure service area wise. >> Yeah. >> New dynamics are kicking in. >> Well I'm starting to see new exchanges that are popping up that are you know taking security very seriously and the way they're treating it is that is their differentiator but in my mind like security shouldn't be a differentiator. Everybody should. >> (John laughs) >> If you're an exchange and you're holding massive amounts of other people's assets you should take security very seriously. That should just be a default, a standard. >> You have to be differentiating strategy with security it's not, it doesn't make sense. >> Marketing 101 you shouldn't be different, it should be standard. (both laughs) >> I mean if that's the state of the art, this is the problem. This highlights the problem. >> It does yeah. >> Alright so what's, what's the future for this event? How do you guys see this unfolding? Obviously this is the first inaugural event here HOSHO CON, How do you see it evolving? >> I think a lot of conversations should hopefully spur from this and we want to make this a yearly event. So we're definitely going to take a lot of the feedback from people that attended and see what they want, what they really enjoyed, what they really want to talk about. And even I think, a lot, since we're recoding all of the talks we'll be putting them up online at some point and I think it'd be really good to see like what the transition is like next year from like, where we were in some of these problems and addressing those problems you know a year from now. Like I think that will be really exciting. >> You guys are expanding in Europe, HOSHO good job with that. Who's the kind of clientele that you guys have? Is it ICO's? Is it companies? It is enterprise? Who are your target customers? >> So we have a lot of companies that are ICO's for sure. We have more exchanges and protocols joining those ranks. And then we are trying to move into enterprise as well. We made a partnership with Telefónica and developed a partnership with them to be able to sell to more enterprise clients and what they need. >> And what's your value proposition that you guys are offering? >> We are, well, we do smart contract audits, we do penetration testing. Those are things that a lot of companies in this space need. And then also we've been helping with security architecture and cryptocurrency assessments. >> And tooling, tools for development. >> And tooling, yeah we're trying to do our part. I mean we can't and won't do it alone but we try to develop things that, if we develop anything that's useful from a security perspective, we try and make it available for everyone. >> Yo Sub thanks for coming on theCUBE, appreciate your time and congratulations, it's a great event. >> Thank you. >> HOSHO CON sponsored by HOSHO and other's in the industry, it's an industry event, it's not just their company, it's their friends all coming together to solve the major problems with security, making it standard, making it safe and supporting the growth with the community. It's theCUBE covering live here in Vegas. I'm John Furrier stay with us for more CUBE coverage after this short break. (upbeat electronic music)

(upbeat electronic music) >> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HoshoCon 2018 brought to you by Hosho. >> OK, welcome back everyone. We're live in Las Vegas for HoshoCon. I'm John Furrier, the host of theCUBE. This is the first inaugural security conference around blockchain. Our next guest is John Kirch, who's the Chief Evangelist for Sentinel Protocol. Great to see you, thanks for coming on. Hey, it's great to be here, John. Thank you very much for inviting me. >> I love the shirt, I got my CUBE shirt here. You got your shirt on. Cool crowd here. So, before you get into some of the things you guys are working on, what's the scene here like, for people who aren't here, this is the first ever blockchain security conference around in the industry. What are the type of people that are here? And what's going on? Why is this important? >> Well, that's a really good question. I mean, I can think back and I remember meeting the president of Hosho. For the first time back in New York at Consensus. And he was giving a presentation, and I thought it was fantastic presentation, but we broke ice, we shook hands. And then we bumped into each other again in Soul. And then I was also talking to Tim Draper not too long ago. And Tim said, he was coming out here to Las Vegas to give a presentation. And he is one of our key investors. So we thought, it would be a good idea for us to show up as well. And we believe that many times in trade shows and other types of seminar series, there's too much emphasis on fintech and not on security. And the reason why I say that, is basically in the blockchain crypto world, right now one of the major challenges holding back the growth and the success is the lack of security. Not in a core blockchain technology, but in the Dapps and in the other connected applications. People are getting hacked. And there's different types of hackings, everything from Phishing, to malware, to DNS engine hacking, to smart contracts, web applications, I mean. >> The surface area is large. >> It, many different vectors, and it's complex. Something needs to be done about it in order to unlock the potential of blockchain crypto. >> Yeah, and I also love this event because one, it's, well first of anything is always good because it's present on creation, and you don't know, there might be another one, if it's around the next year or not. But I think this one seems like it's got the right people at it that it would grow. Because, remember. >> Yeah. >> The security is the number one problem, it should be seamless, it's complicated, multiple keys to deal with, multiple chains, never mind in the surface area for hacking. So I think blockchain is going to be a sea-change. We all know that, all tech alpha entrepreneurs are getting that. The complexity around the software is the key. What do you guys, how do you guys look at this? Because you guys are in the business to solve this problem. >> Right. >> What's the answer here? >> Well, we'd look at it from a experience point of view of cybersecurity. What I mean by that is that we have a lot of people on the team that come from companies like Palo Alto Networks, and F5, and Fortinet, I come from Darktrace, and other cybersecurity companies as well. But we'd look at it from the point of view, what did we do in the past, what were the problems, how can we leverage these technologies. What's wrong with the stuff that we did before, and how can we correct those gaps and provide a better product that's more usable, easier to install, and then has the multi-vector analysis capabilities to do the, not just antivirus, for instance, but how about AI, machine learning for detecting new anomalies and behavior or newer threats and attacks, or sandboxing. But how do we solve the problem is really our main focus. >> So I got to ask you question. A lot of people in the industry that are smart or trying to attack this problem, there's two schools of thoughts. We are going to get the software, going to get to the AI, got to do all the stuff over here, and then there's radical view is, Hey, the old model isn't working for blockchain, 'cause it's a different architecture, it's decentralized, so you can't just take network protocol stacks and say, Hey this is your security stack in the old network model to decentralize. So it needs a redo. >> Right. >> A refresh or a do-over. >> Right, right. >> So, this is, seems to be tension that's productive but still contentious. >> Right. >> What's the answer, because your old Juniper, Cisco switches might not be the perimeter-based firewall model, >> I'd love that question. >> We need a do-over or not? >> So, we are the world's first crowdsourced threat intelligence platform. I didn't say product, I said platform. And that means multiple various different types of products on our platform, but in addition to that, one of the biggest problems today is the need to update. Let's say, if you're looking at things from an antivirus point of view, if you haven't updated your database, your system, then you've got vulnerabilities that you haven't addressed. And so we don't need to be updated. Our system is running on a decentralized blockchain, and therefore is connected to APIs, to different types of endpoints. We are platform-agnostic, so we could connect to IoT-type devices or, you know, other types of, mobile telephones, or to PCs, servers, and so on. And, by having this collective cybersecurity intelligence, by definition, that means we have a richer, wider database of more information, than if you license a product from, let's say, any one of the antivirus vendors. You get that company's intelligence and support services only. But we're doing it, where we're taking company A plus B, plus C, plus this white hat hacker, plus this individual here, and we're, basically, combining all that together and offering it to our clients. >> And so, is it the single source of truth or knowledge around trust, how's the trust factor come in. 'Cause, if I'm a company I want to know that everything I'm running is updated. I want to know what it is first, and then it's updated. >> And you know, in this decentralized trustless world, there is, from our point of view, a need for an organization that can be trusted by people who have been hacked or experienced suspicious activity. So, we are addressing that, so we have a team of people called the Sentinels, and they are tested and certified by our internal cybersecurity experts, as having the capabilities and the knowledge and experience to contribute. And when those people make contributions, in terms of cybersecurity intelligence, we award them with points, and those points can be converted to fiat or into other crypto tokens. >> So you're tokenizing the contribution. >> We are. >> Relative to the crowdsourcing. >> Exactly. >> So this is like CrowdStrike, or is it different? >> Oh, it's different, I think, from CrowdStrike, because CrowdStrike, while it's a very good company and very good product, what we're doing is that we're combining blacklist with whitelist and we're providing the reporting service. And so, and we're running it on a blockchain, and the blockchain has certain elements that are very very good in terms immutability, or a very high type of resilience factor, or traceability, and so we're really taking our product and focusing it on the blockchain crypto world, but quite frankly, what we're building, because we're utilizing the technology in the optimal manner, it is also applicable to the conventional cybersecurity world too. And I expect that it'll be very commonly used there tomorrow. >> So, it's portable in the sense of the function. You can actually bring this to the class of cybersecurity, known detection type identification. >> I could be using it for Goldman Sachs or Bank of America, or, let's say, this hotel. >> Some of the global cybersecurity landscape, how would you, you know, if someone's putting their toe in the water for the first time. You're obviously in the trenches doing cutting edge work, certainly folks in Washington, D.C., around the world, have cyber conversations, from general Keith Alexander, there's new companies got some interesting things going on there. To kind of grokking it, what's so this, there's crowdsourcing, how would you brake up the cybersecurity market, 'cause cyber intelligence is a big part of regional cloud deployments now, Amazon's going to have a region in the Middle East. I'm sure they got their DNS monitored well. But you have network points and you have software running on them. How is the market sliced up? Is there categories, like, that are cleanly defined? How do you view that? >> Well, you know, I look at things from a point of view of having started in the cybersecurity world, John, back in 1998. And that was when I introduced the company called WatchGuard to the Japanese market, and also did that in Korea as well. But we pioneered the use of Linux appliances. Would you believe that? (John laughing) And we also pioneered managed security services. And so, one of the things that I learned over time as the cybersecurity world increased in complexity, I mean, back there it was easy, all you needed was an antivirus and you needed network firewall. >> And you had proprietary software too, open source wasn't as prevalent. >> Exactly, but things keep on getting ratcheted up, the complexity factor is growing. And now we look at cybersecurity and there are so many different types of products and services. And so it really comes down to understanding the security policy of the end user, of the organization or the individual. What type of PC they're using? Is it IBM, is it Apple? For them putting together a security policy and then bringing in different types of products that, basically, help that individual or that organization to satisfy that policy. And then tuning that over time. Most people don't think about that part, but the tuning process is also very important. So, and then educating people too, so. >> What's a number one industry problem that industry needs to solve as an industry, and then, what is the biggest concern that end users or organizations will have? Well, I think that biggest problem out there right now that hasn't been solved, is what's going on in front of our very eyes, this, the hacking of these exchanges and wallets. I mean, those organizations have lost now over three billion dollars, cumulative over the past few years, and then over one billion dollars this year. I mean, that's a lot of money. >> It's a lot of cash. >> And somebody needs to do something. >> And nobody knows where it goes, I mean, >> Well, actually we do know where it goes. Because, actually, that's the video I wanted to show today after my presentation, but there just wasn't enough time. We analyzed the Zaif hacking that happened just a few weeks ago. >> How much did they take? >> It was about 60 million dollars. But we analyzed that, and using crowdsourced information, we analyzed the transactions and so forth, and we found, believe it or not, that a large portion of those stolen Bitcoins were washed and went through Binance, the world's largest crypto exchange. And so, if they utilized our technology, to understand that the coins that are going through them were stolen, we would do a lot to increase the cost factor for monetizing stolen Bitcoins, we would help Binance to protect themselves. >> So the laundering of the coins, >> Yes. >> You could, basically, put a penalty on that, or >> Well, I don't look at it from a penalty point of view. I look at it from the point of view of helping people to make transactions that are kosher, that meet with their corporate policy, that comply with law, that enable them to ensure, that what they are doing is correct. >> So, you tracked the address, how do you know they are being washed, from that specific >> We, basically, track the addresses, we were able to track the addresses and I can show you a video later, if you like to, where we did just that. >> Yeah, I would like to get a copy of that. >> And the information, this is on the blockchain, show that the coins went through Binance. >> So, meaning the old classic IT operations, you always had the network management's piece, this is, again, can be a big part of traceability and accountability piece of it. >> Correct. >> This is important. >> Yeah, in fact, you know, it's really important that when you think about this world. For instance, if I were to give you five dollars. >> Thanks. >> And you were to get ripped off, and somebody took that five dollars from you, how would, John, how would you trace that five dollars? >> I would track the guy around that had stole it, find out where it is, but if I don't know who's took it, then... >> If you went to the police and ask them for help, do you think they could help you analyze and trace that and audit? >> Well, in San Francisco they break into cars and just take whatever they want. The police don't even show up. >> Right, but that's relying on luck, do you know, did he open the right car, >> I wouldn't. I wouldn't know who had this. >> But, you know, that's one of the great things is that with the blockchain technology, if you use it correctly, you can trace, many times, not all the time. But it does offer us very... >> 'Cause there's a digital footprint. >> Yeah. >> There's definitely a traceability aspect. >> And that's one of the nice advantages. So, I'd rather give you Bitcoin than the five-dollar bill. >> Yeah, I'll take the Bitcoin, it probably is worth more than the five. Money is going away, paper money, I don't now have a need for. Talk about the aspect of Bitcoin in cryptocurrency, as it relates to the funding of security attacks, because that's been a big concern, people trying to figure that out. Have you guys made any progress on tracking the funding, the underground funding for security attacks. >> Well, when you think about it, and when you think about the funding of security attacks, it's now teams, and a lot of these teams are very well trained and educated. >> And they're making some good money too. >> Yeah, and so they're making good money, they've monetized this. And all it takes is one time that they break in. And, so, once they break in, and you're compromised, so you have to defend every every time, and do it well, but they only need to break in once. But in terms of that, >> One bad day. >> The one bad day. >> One bad second. >> And your company's gone. >> Yeah. >> But the funding of these endeavors is getting more and more sophisticated, the money involved is becoming much much more bigger, and we need to ratchet up our defenses, so that we can provide an adequate response. >> So, what is the answer for me, let's just say, hypothetically, you know, I get, you know, 50 million in Bitcoin for theCUBE bank, for our community, and going to use that Bitcoin to have people have flourish with content, and I got to store it somewhere. >> Yeah. >> What do I do? >> Well. >> What's my answer? Do I call Binance and say, Hey if you going to wash and launder that, I might as well put it with you, because if you're the home for all the money. >> Well, I think that the optimal solution is to get it off the network, put it into a cold wallet, and safeguard that private key in a way that is very very secure. Do not leave it, you know, on your PC, don't tape it to your screen, but basically safeguard that privat key very well. Put it into a deposit box at a bank, that might be a good idea. >> Or multiple deposit boxes spread across. >> Yeah. >> With instructions, in case, >> But don't leave it, don't leave it in your wallet >> Yeah. >> And don't leave it on, writing on the chalkboard either, above your desk. >> Yeah (chuckling). >> But, I mean, basically, >> Or don't write it down where the surveillance cameras watching you write it down. >> And you might want to use a multisig wallet as well, and that will also increase the security as well. >> All right, well, what's the story with you guys? Give us a quick update on the Sentinel Protocol, the company. How big are you guys? You mentioned Draper funded you guys. What's the status? >> Well, you know, we started earlier this year, back in January, and now we have 30 security professionals, our headquarters are in Singapore, we have another big office up in Seoul, Korea, we have a third office in Tokyo. We now have over 42 partners. I'm very proud to say that we've got, amongst those partners, at least 10 exchanges and wallets signed on with us directly, that are very interested in using our technology, integrated into their applications. >> Yeah. >> And so, >> And why they work with you, for a hedge, for security, for insurance, what's the rationale? It's forensics, for data, what's the value for them? >> Once they've been hacked, it's pretty hard to recover. A lot of these companies that are hacked, in fact, it ends with the company closing, or being sold. So, basically, what they're trying to do is leverage our security to detect the threats and the attacks, you know, in a proactive online manner before they get damaged. And then, by doing that, they can enhance their branding, that's services they're providing to their clients, and they can also help to maximize the stability and growth of their organization, as well as, >> It's a heat shield. >> The future life. >> It's a shield for them. >> It's a shield, yes. >> So they're being proactive on the security front. >> Exactly. >> So minimize any damages that potentially could get through. >> You know, right now, John, unfortunately, if you get hacked, it's a wild, wild West, it's every man up to himself. >> Yeah, it's a total stage coach. >> Nobody's going to help you. >> With the mask on, no one knows who it is. You got to do some sort of real forensics and get lucky. >> Yeah. >> Sounds like it's hit or miss, right? >> Yeah, if you get lucky, you're a lucky man, I'll tell you, because most of the people out there are not getting lucky. >> Yeah. So, we're working together with our partners to, basically, solve this problem. >> And how much money did you guys raise? >> We raised approximately eight million dollars, but it was 25,000 Ethereum. >> OK, congratulations. >> Not at all, thank you very much. >> Well thanks for coming on. Great to meet you last night at dinner. Security is at the top of the agenda. We are here, this is theCUBE coverage, part of our ongoing 2018 blockchain cryptocurrency, now digital money coverage. Of course, as you know, we've been covering Bitcoin and blockchain on our blog since 2011, and more coverage here at HoshoCon, the first security conference dedicated to discuss security on the blockchain and the new digital assets that is now money. I'm John Furrier, stay with us for more after this short break. (upbeat electronic music)

(upbeat techno music) >> From the Hard Rock Hotel in Las Vegas, It's theCUBE, covering HoshoCon 2018. Brought to you by Hosho. >> Hello everyone, welcome to this special Cube coverage. We are here, live in Las Vegas, for HoshoCon. I'm John Furrier, the host of theCUBE, and this is part of our continuing coverage and our initiating coverage of the blockchain crypto world, been doing it since January, covering it on our journal site siliconangle.com since 2011, covering Bitcoin and all blockchain stuff, but this is the first security conference dedicated around block chain and crypto put on by Hosho, and it's called HoshoCon. It's an industry conference, and we are here covering it. And this is an open, small kernel of smart people, really trying to have a top level conversation around security . And our next guest is Christopher Forte He's the CTO of 3BX, welcome to theCUBE. Thanks for joining us. >> Yeah, pleasure to be here. >> So, before we get into some questions about security, what do you guys do? What's the company do? You guys have a unique approach. Take a minute to explain what you guys do. >> 3BX is essentially a marketplace. It's a digital asset marketplace. We're trying to build a community around trading digital assets. We're really trying to focus on pulling away from the term 'cryptocurrency,' because we think it'll expand into much a much broader term. So we're structuring our platform on the support of any kind of digital asset, whether it be a cryptokitty or a an e-book, a concert ticket, you know, something that has a digital form that can be traded person to person. >> So, basically, you're expanding the definition, or actually, depositioning crypto, because it's kind of narrow, relative to how you guys see it. >> Yes, it's pretty narrow. >> Digital assets, I mean, look at gaming. >> Yep, absolutely. >> Gaming culture is not new. >> Yeah. >> I mean, they trade stuff all the time. >> Yeah, sure, even like in game tokens, they don't exist on a block chain yet. They're not cryptographically secured, so those are the types of things that I expect to see hitting a lot of these marketplaces soon. >> Well, that's smart, I mean, I think if you look at it, certainly we at (mumbles) blockchain, our entire media company's been moving to blockchain, and crypto, and token economics, but really the blockchain piece has been very limited. It's got very poor functionality, and all the top blockchain implementations are either private block chain, low latency, and fast, and developer friendly. >> Sure. so Ethereum's great for smart contracts, but just as a scale, relative to what most people need. >> Yeah. >> If you're running, you need a million IOPS, you've got a marketplace. >> Yeah. Some of these large scale, hyperscale networks, they're massive marketplaces. >> Yeah, they're huge. >> How do you guys fit in there? What problem are you trying to solve? Let me just start with that. >> You know, we're trying to pull away from the complexities of an exchange. We're trying to give the community a good tool to trade without a lot of knowledge of tokenomics. One of our unique assets, or unique features, is that you can trade with no market impact. You don't have to worry about price slippage, or the complexities behind order books, so we give a familiar interface to trading. Something you'd see on a traditional e-commerce platform. So we're trying to kind of introduce it to a wider range of people. We've talked to a lot of people who have a lot of difficulties, especially with the decentralized exchanges. >> Yeah. What are their problems? Just, like, reliability? >> Reliability. >> Black box- >> Liquidity, there's a lot of issues with liquidity around them, which causes problems when you try to trade any significant amount of coin. So, we're trying to give traders and the coin companies another outlet to trade without having to worry about liquidity. Or the risks of liquidity associated with it. >> So what's the status of the company? How many people do you guys got? What's the size? Do you have any deployments? Are you guys engaging certain communities? >> We are live. We released a kind of invite only beta about two months ago. So we've been out there having traders for about two months. We're a very small team, we're based out of Las Vegas. There's a development team of three people. We're just now broadening into more partnerships, more marketing- >> So you guys are hardening the platform, basically. >> Yep. >> By jamming and coding- >> Yeah, we went kind of product first, and then took a step back and are now approaching the market. So yeah, we're really excited. >> That's smart, you didn't hype it up first. >> Yeah, we didn't hype it up. >> But you could have definitely hyped it up, I mean, a lot of people who are winning right now are quality deals that had opportunities to do an ICO. >> Yeah. >> just, people are throwing money around. Just go back to February, the numbers are just off the charts. The, kind of, bubble burst in February, and certainly the SEC announced today, I'm covering the news, a major crackdown on all those ICOs, on violations right here in the United States, It just causes a distraction. I brought this up with Hartej last time I interviewed him in Toronto at The Futurist, which is exactly what you guys are doing, and this is the core trend and I want to get your thoughts on it. A lot of the alpha entrepreneurs, the ones that are building companies, don't want to get distracted from stuff that's not optimized on building a company. For instance, if I do an ICO, or you get involved in domicile issues outside the United States, you're optimizing all your energy, they're on an airplane, or market dynamics that aren't building a company. Yeah. >> This is kind of, almost a distinction at this point, you can almost look at opportunities, startups, entrepreneurs, inventures, and say, "Okay, we can almost see who's doing what." >> Yep. >> You do agree. >> Yeah, I think it's important to have something before you go and you spend a lot of energy raising money, building a pipe around the company. I think we're going to see a huge trend towards product first, having something, having a development team, a concept, a patent. Not just based on a theoretical white paper, so it'll be very interesting to see how it goes. We decided to go product first, so, no one had heard of us until we went live with our product. >> Good approach, I like it, I think it's solid. Good, we'll see how it turns out. I got to ask you, and I want to dig into the product a little later in this interview, but I want to ask you specifically, around some core trends I'm seeing, and patterns. >> Sure. >> It's pretty clear that when these emerging markets develop, total activity on the entrepreneurial side, a lot of people build and developing, attacking the market, but it's a trend, everyone's throwing out a common thing, I need to have community, and I need a two-sided marketplace. So the common thread's- and people don't have those- you can't just buy a community. >> Yeah. Communities aren't bought. >> Sure. You can't just say, "Hey, I need a community." Put a telegram channel, write some bots, >> Yeah. >> the next thing you know you got 25,000 people in telegram. >> Yep. >> That's not a community. >> That's not a community. >> That is AI bots looking like a community. >> Sure. >> And then a two-sided marketplace, you got to have a value proposition. So these are things that people are putting into their plans. >> Yep. >> That they don't have answers for. >> Sure. >> What's your thoughts on that, around community, 6and about marketplace? What are you seeing in the market, in market developing right now? >> I mean, building a strong community is very difficult. They have to align with your product, they have to align with your vision, they have to understand what you're doing, and at least have a use case for it. So, we're really trying to kind of have the community drive our development road map. So, we've done a lot of outreach, trying to get what people are interested in, what's lacking in the industry currently, what they want to see, what they're unhappy with. And we're trying to build a community around allowing people to have input and influence into the product that we're building. So, we're really early into the process, so it's difficult for me to really say that it's easy or difficult to build the community. >> So you're engaging the community to help. >> We are engaging the community. >> What are the number one things you guys are solving? Problems that you see are immediate, low hanging fruit that you're knocking out right away? What are the core things? >> I think some of the big things are simplicity, the usability of these interfaces. Kind of the knowledge around it, trying to do a knowledge transfer to our customer base. And trying to help people realize that there's a company behind these coins. I think that's a huge thing that we have to kind of push towards, is, it's not just a token. It's a token produced by a company with a cause. >> So how does your product work? >> It's like a basic marketplace that you would see in kind of a eBay or an Amazon, where someone posts an offer, posts a listing, and other people can buy from it. So, it's a buy and sell kind of- >> And you have your own native token? >> We have a native ERC-20 token that we use for fees. Because we're targeting the digital asset generally, we've externalized fees from traded goods. So, we want to make sure we can handle something that may not be divisible by, as Bitcoin is. So if you trade a book, for example, a lot of these exchanges would take a page out of it. If you use the current model of fees, they're kind of coin shaving off of your trades. So we're trying to eliminate that so we can expand into non-fungible, or non-breakable assets. We're also developing a wallet that basically encapsulates cryptocurrency into smaller assets to be traded off chain. So, we plan on kind of revolving around our internal token to handle fees of those assets. >> So it's a blend of on/off chain dynamics. >> Yep. >> So you can do a lot of stuff, and not have to do a lot of writing to the chain, if you're going to be doing a lot of re-re-writes. >> Yeah. >> All right, so the question I want to ask you that I think is important and in everyone's mind is, okay, Hosho Con is the first, inaugural- we love going to inaugural events because, you don't know, it could be the last one. >> Sure. >> Or, it's going to be big. I think this is a big trend, and one of the things we heard last night at dinner was, when we were having a conversation about it was, is no real conference, these conferences don't put security in the front. >> Yep. >> They really kind of have it as a side panel. It's always kind of an adjunct to something bigger, pitch competition, you know, big sponsor driven kind of programs. This is a security conference. What is the impact, in your opinion, of this Hosho Con, and security in the blockchain, that's going to shape the industry? What is your opinion? What is your commentary on that? >> I mean, obviously it's important to focus on security. I think a lot of people had a lot of, kind of assumptions that blockchain-specific, or blockchain-based technologies were unhackable. You know, the decentralization of something makes it secure, and I think that's a myth that they're going to have to debug, and we're seeing it with hacks. There's a lot of, I think, assumptions even around the hacks that are incorrect. So, bringing the idea to people that blockchain still needs to be managed, you still need to be careful. The smart contracts still have vulnerabilities and risks involved, it's not- >> Software is software. >> Software is software. It's unavoidable, when you start writing code, that there's going to be- >> You don't want a blue screen of death, certainly, you don't want to have to reboot, I mean, move fast and break stuff was great for webscale, but when you're talking about security and currency, you need rock solid, hundred percent reliability. >> Yeah. >> Otherwise, you lose your cash. Or your e-money. >> Yeah, it's something of value that you're going to lose. >> It's not a social media account, it's not something like that, you know, you're losing money. And it's very interesting, I think the more people know about the security around blockchain, cryptocurrency, the more they're going to realize that it's not an end all solution to everything. It takes time to evolve. Standards will probably have to be put in place. >> There's a lot of people, I remember when I was your age, and the web was coming around, everyone was afraid to put their credit card down on basic e-commerce transactions. >> Sure. >> And that was natural, because like, oh my god, it's online, it almost felt like a black box, and then they got over that pretty quickly, you saw PayPal and those kinds of companies came out. You mention eBay, these online sites are now secure. Crypto, there's almost like an unknown, a lack of education in the mainstream. And so we got to get to that point where, you know, wallets are wallets, and they actually do a good job, and you don't forget, and leave your wallet at the restaurant. There's some hygiene, and practices that are needed. Older generations, maybe, might not get it, but the younger generations, they're getting it, right? >> Yeah >> What's your opinion of this? Because, this is a generational shift. >> Yeah. >> This crypto, blockchain market, it's really generational. >> Sure. Anyone under the age of thirty pretty much loves it. >> Yeah. >> So, it's happening, right? >> Yep. >> So, what is the views around security, generally, in the mainstream? >> I mean, I don't think there are too many. Like I said, I think people kind of put a lot of assumptions in the inherent security of blockchain stuff. And I think they don't realize that we're trying to make it easier through mnemonic sequences, or passwords, so we're hosting wallets online now. It's not necessarily a pure wallet in the sense that it sits on a piece of paper. So we're going towards usability, which we're sacrificing security for. So the more usability we get with a lot of these mainstream products, the more we're going to have to realize we're getting back to a place of existing security vulnerabilities, with passwords, or stuff you would see with your bank account. So it'll be interesting to see the balance between the raw security inherent with Bitcoin, or a traditional cryptographic wallet, and then usability, whether it be cloud based stuff, or these exchanges. >> You know, Chris, one of things you're doing, that I think's interesting, and kind of points to the- if you connect the dots- the trend of, really, levels of granularity getting down to the micro level. >> Yeah. >> It's microeconomics. >> The beautiful thing about this market, is that, you could take a page out of a book, you can track it, and how you use that page like a pay for, all kind of digital rights stuff, digital assets. So you look at the world as a digital asset. This brings up the question of, okay, there's going to be software that's going to have to be written to manage this level of microtransaction, or microassets. So, how do you view, in your opinion, this whole notion of token economics? Because we've used tokens for years on all the stuff we program, on authentication. >> Yep. Tokens are used in computer science- not a new concept. >> Yep. But if you think about tokens as a currency, and as a mechanism for computer science, software, >> Sure. >> do you see a multi-token world? Why wouldn't everyone have their own token? >> Sure. And then there's going to have to be software- >> Sure. to manage the tokens. >> Yes. If you have a token and I have a token called a Cube Coin- >> Yeah. >> and you have your token, there's probably going to have to be some interaction between coins. Do you see that day happening sooner than later, or do you even see it happening? >> It's going to really depend on the use cases that they find. Whether a single platform is going to come out, and kind of take over the standardization of managing it, or, who knows, you see some of these transactional bridges, like between Dogecoin or Ethereum. So you can see that happening between tokens, or, everything being built on the same chain, or, having these bridges between chains, whether it be like an EOS to Ethereum token chain bridge. I don't know, I mean, we really have no idea. >> (mumbles) multichain, it's interesting, right? This is an interesting conversation. My vision is, I think multichain is a good trend. Why wouldn't you want to have multiple chains, if the use cases are not overlapping? I just don't feel comfortable about a monolithic approach of tokens. I'm just uncomfortable, generally, with that philosophy. >> I think it'll be important, and like you said, it'll be very important to have a good solution to manage them. People aren't going to want a hundred programs on their computer to manage their tokens. They're not going to want multiple apps on their phones. There's going to have to be some kind of standardization so that people can manage it easily. Otherwise, it's going to be impossible to keep up with. And kind of the interchangeability between tokens will be important. >> Chris, final question for you. What's this event like here? Describe for the folks who aren't here, what's the vibe, who are the people, what are some of the conversations in the hallways so far. What kind of person is here? What is this event about? What's the relevance of Hosho Con? >> Well, it seems like it's a lot of technically minded people, kind of hoping to push forward the security in the blockchain world. We've had conversations about everything from educating the masses, so kind of the average person, who doesn't understand the complexities of Bitcoin, and how do you inform them of what we're doing, all the way up to, what's the next step in security auditing. Hosho is really pushing forward, how do audit your code on the blockchain, or on a lot of these platforms, and I think it's really important to have these conversations, cause it's opening up new worlds of new thought habits for each of these companies. Everyone has their expertise, Hosho specializes in smart contract auditing, and we may not have that in depth knowledge of how to audit the contracts, so it's nice to kind of share the knowledge, and see that there's other solutions out there than everyone doing it on their own. >> What do you hope to be known for, for your company? If you could have that vision down the road, three years from now, when you look back, what do you want to be known for? >> I think it would be best if we were known as a platform to bring newcomers into the space. Informing, caring about the community, making sure that they understand what they're doing before they do it. As you know, Bitcoin is very unforgiving. A lot of these cryptos are very unforgiving. So I think it's very important for us to be known as someone who helps bridge that kind of intimidation. >> All right, Chris Forte, for 3BX, CTO, entrepreneur, building a company, doing it the right way, plans to use tokens, You guys, did you raise any money? >> No raised money. We're privately funded. >> Nice. >> So, we're going that route. >> Good. >> Bootstrapping, getting it done. Taking a different approach, which is the classic approach, of building a company the right way. TheCUBE, we are here in Las Vegas for Hosho Con. I'm John Furrier. Stay with us for more coverage after this short break. (upbeat techno music)

>> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HoshoCon 2018. Brought to you by Hosho. >> Over and welcome back to our live coverage here in Las Vegas for HoshoCon. I'm John Furrier host of theCUBE. The first inaugural conference on security in the blockchain security is obviously not new to the blockchain It's number one concern. Crypto is crypto, decentralized networks is what people want. Security is the only thing that matters, if you haven't been hacked, then you should know we're being hacked. This is theCUBE coverage here in Las Vegas for HoshoCon. I'm John Furrier with Steven Sprague CEO of Rivetz, who's a security and an entrepreneur I've known for almost 20 years now he has been at this all through multiple ways of innovation, multiple security paradigm stacks, not new the problem, great time for you, Welcome to theCUBE. >> Thank you for having me. >> So I've known you and knowing your father as well for almost 25 plus years, you have been at this in one form or another with security and the waves are different, I mean there's different the web wave there's different architectures I mean people call it internet 3.0 whatever they're just different evolutionary steps, now is the killer time because we're seeing the most action. You got web, internet, mobile, global, new economics, new money the stakes are higher it's not not just like some isolated box, you got cloud. This is the time to harvest the work you've been doing, give us an overview. >> Absolutely you know I've been at this my whole career, I started down this path in 1990. Doing digital rights management micro transactions and video games and was part of the formation that Trusted Computing group in the 2000s and helped shipped 1.4 billion PCs with hardware security on the motherboard of the PC that still out there today. Started with started Rivets in 2013 to really go after, how do we enable the hardware security and mobile devices? And just about instantaneously ran into the blockchain and at my first Bitcoin conference, which was the Miami Bitcoin conference about a half an hour into it, it dawned on me two things. One, we were talking a lot about crypto but nobody was talking about cybersecurity and there's a gap between those just because we talk crypto all the time doesn't mean that we know what we're doing in cyber and the other one that was true as, oh my God, I've been looking for this for the last 10 years, which is how do we enable the user to own their own keys? And I don't mean like single keys on each device. I mean, the root key that controls all the other keys on all their devices. This is a super interesting space, we're just the very beginning of it in some ways the Bitcoin side the sort of value or or money side is the demo, the real opportunity is, this is the infrastructure that's going to replace how we do normal enterprise computing. >> Yeah. >> And the end of PC computing, we're about to have a new paradigm, blockchain-- >> I agree with you as an infrastructure shift over because the efficiencies that are gained and the disruption around what's not efficient, whether it's venture capital or infrastructure, IoT, whatever the supply chain or the decentralized way is the way to make it efficient, so it's an opportunity. Every entrepreneur that I know that is licking their chops going, wow, I can come in here and and create value. The mainstream adoptions around this complexity around use to your point, and then the fear of being hacked the cybersecurity piece whether it's for money, or a a hostile actor. >> But think of it in a different way. Security, nobody cares about security, nobody buys security, nobody wants security, security is UI. So if I asked you what your favorite multi factor authentication experience, you think like fingerprints and all this kind of stuff, it's not true, the send button is your favorite one, dial the number and push then and it just works. It works everywhere in the world works every time you've taught mom how to use it and the kids how to use it. It's simple, so why, so we would never use like, dial the number and we're going to use AI and big data to determine whether your phone is in the right condition to complete the call. And then a message is going to come up and say, would you please breathe deeply and calm down, because you're clearly agitated, I can't complete your call for you at this time. (laughing) Like, you've never used that phone, so why are we going to use that for the rest of our enterprise? >> I just sent you a pin number on your phone that you can't use before you can make the call. Again, I agree, it should be under the wire. It should be transparent security should be native, always on. >> That's right. >> And that's what you're getting at, okay. In your opinion, where are we in the progress because again, I think this connects the dots for your career, what you've worked on the itch you've been scratching in security because you have the perfect storm, you have full mobility penetration, you have commerce on top of it, and you have full global connectedness those three things alone make a-- >> And we have decentralization, so the thing that's important in blockchain is it's important remember, while the data on a chain is immutable, we know we can seal inside a little envelope a message and sign it and we write it to a chain it never changes. What we don't know is whether the data written to the chain was intended so all the information on all the blockchains is fake news. It's important to understand that we, if we take a blockchain to court try and prove something, all we can prove with the data hasn't changed. I have absolutely no idea whether your private key was written on the bathroom wall or stored in Fort Knox. And so if you try and record something on chain, your defense is always ah somebody stole my private key. Or if I'm trying to defend that you didn't do it on chain, somebody stole his private key, so actually the date on the chain is fake. It's real it was signed by a private key, but we have no knowledge to the quality of the private key and if you told the blockchain community that we got to go get your Windows log files to see whether or not your key was compromised at the time and the windows log files are the way we secure all blockchains. We're not going to get there, so the problem is-- >> That's a roadblock for sure, no doubt. >> Yeah, so the problem is that blockchains, are decentralized therefore, they're censorship proof. All of network security is censorship, therefore, blockchain is network security proof. Oops. So everything we spent in the last trillion dollars in cyber security doesn't work on blockchain Unless I run private chains, all a private chain is running inside the enterprise security while using all Juniper firewalls to secure your chain. That's not what we're talking about, We're talking about a decentralized solution. >> So match the security for pro posture for the architecture that you're working on. >> So we are going to have to do for the first time something that's crazy, we're going to have to do security commerce, which is when we form an instruction 'cause blockchains aren't authentication either, this isn't about logging into a node, getting a web page and filling out a form, no this is about sending an instruction. So, a blockchain instruction, a nuclear launch code, an e-commerce transaction, an IoT instruction like turn the lights on to 50% are all the same thing, it's an instruction based paradigm so it's not only about protecting the key but also the protection of the instruction that tells the system what to do and so in order to do that, the device that creates the instruction has to be a known device. Today we run our whole world, all our critical infrastructure, everything on unknown compute. When you turn this machine on, you didn't check to see it wasn't run by the North Koreans and you can't tell. >> Yeah, they could be in there, they probably are. >> Absolutely, more so than you would want to know. >> So what whereas the answer on this so get to the, cut to the chase here in your opinion, as the people figure out okay, we have all this great hardware that was built for a certain generation, now I'm using it as mission critical in my life, it's integrated to my lifestyle with my watch, my computer, my phone, now my in house Siri, portal, Facebook thing. >> So we need to get away from Apple's embracing of the CompuServe model, where you have a mobile phone that is a terminal, when you log into apps and your identity is based on your login to your phone. We don't actually check to see if the phone is really your phone. And we need to move to the concept of mobile, where it's a device identity network where services are delivered, not based on the username and password, but based on the identity of the device and really, ultimately, we need to get to what looks like an IoT network, which is a device identity network with messaging as the primary protocol. So secure messages sent. Fundamentally, we need to demote the importance of user authentication and promote the importance of device identity, so that I have a known device and a known condition with known controls that is producing the instructions that are sent to the chain. Ideally, you'd like in every chain, a second hash. And that second hash represents a manifest of controls that were in place, so I checked to see I was in the building, I checked to see who's still an employee, I checked to see my devices working properly, I check to see the trust infrastructure in the hardware of my devices working properly, and that gives me a hash I can write that to chain with the same immutable transaction, now I can prove that John's device in this condition with these controls wrote this transaction. >> Authentication powered the last architecture blockchain to your point about being you know, you don't know what's on the data needs to have an identity model for the signatures. >> For the robot. >> For the robot. >> For the robot. So some people like oh my god, but what if I lose my phone and the most important thing is you notice. If I steal your private keys you don't notice I still your phone like I just touch your phone. It makes you feel nervous, >> Yeah. (laughing) It's a very, but that's 100,000 years. >> I know when I leave my phone home I turn around soon as am three feet the driveway I'm like, okay, go back, get the phone. >> And so that's cyber security training it starts when you're 18 months old, when somebody gives you an important object you're not supposed to forget places like heaven forbid you remove the fuzzy rabbit from the three year old, you can lose an arm, right. So that model buying device, the good news is the trusted computing standards of the world have given us embedded hardware security in the chip sets as a standard capability in every ARM processor. Now in every Intel processor, we can turn these capabilities that have been deployed in these devices. We turn them on, provide an effective hardware based wallet for all of crypto. >> How does the hardware wallet work in your vision? Because I think most people generally and me included would say, look I love crypto but I'm busy got my four kids, two are in college, two or in high school and running around you're running around, bottom line is I got my key, my cold storage, I get keys everywhere, I forgot where I put my damn keys where's my key anyway I ended up writing and I post it. Who knows? >> I want to believe your keys are your collection of devices. So we've actually just done a recent relationship with Telefonica we showed two weeks ago, a dual Root of Trust handset, so half of your key is protected by the SIM architecture in your phone, half of your key is protected by the manufactured ARM processor in your, in your handset. So I have two separate routes of trust. I'm not trusting the carrier, I'm not trusting the manufacturer, they have to work in cooperation, the owner owns the keys, then I want to backup those keys. So why not, now that I have multiple routes of trust in my device, they can talk to my other devices, So we think of your household of devices as your key, not your single super phone. So every time I make a new wallet, you're right. You're running around, you didn't think about it, You don't want to write down 12 words, you're out at Starbucks, you shouldn't be writing the 12 words down on the surveillance camera at Starbucks. That would be a bad plan, Instead, you want your device to just communicate out to your other devices. So imagine in the future I lose my phone I can shut it off by calling my carrier and then I want to Make a new phone, maybe I've got to go like push a button in my Tesla push a button on my smart refrigerator. And my wife has to push a button or my girlfriend, or whatever the complications we all have. (laughing) And that's what allows me to recreate, not just my blockchain keys, but my Marriott keys, my car keys, my refrigerator keys, my these keys and we're going to have lots of keys for all this stuff. >> And the hardware is key in your opinion, got to have the hardware. >> Right, the reason why you have hardware is because, we can measure that the hardware hasn't changed so we can have a hardware Root of Trust, something that we know is anchored in silicon, in iron and then, or really in copper, and then from that we can build a stack that says we know this hasn't changed because if it's cast in the ground now we can build up from there each step and know that this measured environment is running properly. >> So people want be concerned, obviously Bloomberg had a story this week about China putting a mod chip on super micro boxes that's hardware. How do you talk to that, because I'm now saying, hey, I love the Root of Trust concept you guys are awesome, great job, but what about being hacked by someone else-- >> Well let's assume hacks continue on in time, I think the ultimate disinfectant in this is identity of the device, so give me a list of where 100% of those computers are. And are they in any critical systems that you have? So you're running DHS, and you've got 1.2 million servers across your network? Can you tell me 100% of the machines, that have that capability on them? Now that you know that model 45 had that. So we have an example for this VIN numbers in cars have been a great example of how we've improved the quality of cars, not that we aren't stupid humans and we build stuff that breaks or doesn't work and people die, we just want to know, that if he dies in his car that I don't want to drive the same car he drove without fixing whatever it is they're broken your car. >> So unique ID for the car, an asset. >> Yeah. And so tracking that, yep, we have it for lots of things. We don't have it for PCs, if you ask the average organization, please give me a list of the software that runs your corporation, they have no idea. >> Yeah, and the same thing with data to the GDPR thing, all these regulations, >> Right, because all, so GDPR is a great example of where now I need to prove I had controls in place in order to show that my data is properly-- >> They didn't know they had a server out there. >> I don't want to audit once a year, I want to check every time I do a transaction, was the person and employee did they have data rest in their machine, did they. So we can use the concepts of GDPR regulation to press this idea that I've provable controls at a transactional level for every instruction that's done. I want to know that I have known compute, if you had to write policy for the federal government, it's only known computers connected to sensitive networks and data. That doesn't require rocket science to understand. It's like, don't hook anonymous unknown computers you picked up out in the parking lot and tie them to the nuclear launch codes, that would be a bad plan. Like, let's start with at least machines we know and that are running software we know and that we've tested them so that we know they're running what we expect and they're working correctly, then let's use them for critical systems. So let's talk about the, and want to just finish up this segment on looking at what you're saying, which is a whole new operating model is coming really fast. The old model that's being operate is run by huge companies, Apple, Amazon, IT departments all around the world, governments, so there's going to be some resistance is going to have to be some change, that change is going to be disruptive. How do you see it playing out, you see people waking up going it's inevitable or you see a train wreck or collision. >> Now I think we have to create a transition. I spent a decade trying to create the train wreck and that didn't work very well, we shipped the technology and every PC. What we've done here is we're making it possible for you measure the integrity of a device in a mobile phone, and then you can hold keys in it. But I can apply policies or rules to those keys and those policies can talk to all of my old external systems. So I can ask all my network security stack, Where is this device, is this person an employee? Is my organization feeling good today, before I let you use the key. >> You bring program ability and state into-- >> Right, it's like you drag along the whole network security stack, and all their API controls and their SIEMs and let's hook Watson up and watch the whole network and apply that as a rule to a case. So now I can sit in Starbucks, and my device checks to see my organization's good, and then logs me into Gmail. I didn't have to tell Gmail to ask whether I was an employee, so I can have a mobile phone that says only log on if you're on the nuclear submarine and it'll work and I don't have to tell GitHub that check to see whether he's on a nuclear submarine. They just have to know that this two factor authentication is external, what's making that possible is that two factor authentication and all the services is fundamentally device registration, and as we mature that as the industry matures, those standards it provides the vehicle for all the services to incorporate a device component to the authentication strategy and then we can engage the robot to make that device smarter. >> Robot being the machine. >> Our device. >> Great to have you on, give the quick plug, what's going on Rivets real give us a quick. >> So Rivets is a fun company going after building these tools, we have a great partnership with Telefonica, we're extending it to other carriers as well. And our mission here is to bring the next billion people the blockchain by giving them a hardware based wallet for crypto, for IoT, for cloud in 100% of the mobile devices that are shipped and use the carriers as a mechanism to deliver that to us. >> You bring value that carries you also help the users make that usability peace secure. If you can pull that off, man I'd have a parade on Main Street for you. We need that. >> We desperately need this. We are so ready for our digital life to become simpler and safer for the user, And really for the services, it allows them to have more valuable data. So it's the combination of those two things, it's a win both for the consumer and for the services. >> Well, let's hope it can be a seamless transition rather than a train wreck collision. I'm John Furrier we here at talking security at Hoshocon, the inaugural blockchain secure, the first blockchain security conference am here with Steven Sprague CEO Rivets, hot, hot company in the space with many, many years experience. Time is ripe, right now the time is perfect for you. Congratulations. >> Thank you. >> Thanks for coming on, we're back with more after this short break. (electronic music)

>> From the Hard Rock Hotel in Las Vegas, It's theCUBE, covering HoshoCon 2018. Brought to you by Hosho. >> Okay, welcome back everyone. We're here for CUBE's live coverage here in Las Vegas for HoshoCon. This is the first industry conference where the smartest people in security are together talking about blockchain security. That's all they're talking about here. It's a bridge between multiple diverse communities from developers, white hat hackers, technologist, the business people all kind of coming together. This is theCUBE's coverage, I'm John, for our next guest Anand Prakash, who's the founder for AppSecure. He's also the number one bounty hunter in the world. He's hacked everything you could think of; exchanges, crypto exchanges, Facebook, Twitter, Uber. Welcome to theCUBE, thanks for joining me. >> Uh, thank you John. >> So, you've hacked a lot of people, so let's, before we get started, who have you hacked? You've hacked an exchange. >> Yeah. >> Exchanges plural? >> Most of the exchanges. >> Mostly the exchanges? >> Yeah, ICOs. >> ICOs? >> Yeah, and bunch of other MNCs. >> Twitter, Facebook? >> Twitter, Uber, Facebook, and then Tinder. Yeah. >> A lot. >> Yeah, a lot. I cannot say the name. >> You're the number one bounty hunter. Just to clarify you're a white hat hacker, which means you go out and you do a service for companies. And it's well known that Facebook has put bounties out there. So, you take them up on their offer, or-- >> Yeah, so basically companies say us, hack us, and we'll pay you. So, we go and try to hack their systems, and say this is how we are able to discover a vulnerability, and this is how it can be exploited against your users to steal data, to hack your systems. And then they basically say, this is how much we are going to pay you for this exploit. How did you get into this, how did you get started? >> So, it started with a simple Phishing hack in 2008. It was an Orkut phishing hack, and one of my friend telling me to hack his Orkut account. And I Googled, how to hack Orkut account, and I wasn't having any technical knowledge at that point of time. No coding, no knowledge, nothing. I just Googled it and found ten steps, and I followed that ten steps. Created a fake page, I sent it to my friend, and he basically clicked on it, and there it is, username and password. (laughs) >> He fell for the trap >> Definitely, >> right away. >> Yeah. >> So, quick Google kiddie script kind of thing going on there, which is cool. Okay, now you're doing it full-time, and it's interesting here, this is the top security conference. Those are big names up there, Andreas was giving keynote. But I was fascinated by your two discussion panels, or sessions. Yesterday you talked about hacking an exchange, and today it was about how to hack Facebook, Twitter, these guys as part of the bounties. This is fascinating because everyone's getting hacked. I mean you see the numbers. >> Yeah. >> I mean, half a billion dollars, 60 million here, 10 million. So, people are vulnerable and it's pretty easy. So, first question for you is how easy is it these days and how hard is it to protect yourself? >> So, the attacks, the technologies, and then attacks are getting more sophisticated, and hackers are trying newer and newer exploits. So, it's good for companies and descryptpexion just to employ ethical hackers, white hat hackers, and moodapentas, and bunch of other stuff to secure their assets. So, it's, you wouldn't say for companies not doing security, then it's very easy for someone like us to hack their systems, but there were companies doing Golden Security. They are already have an internal security team, external folks securing their systems, then it's difficult. But, it's not that difficult. Let's talk about your talk yesterday about the exchange. Take us through what you talked about there that got some rave reviews. How did you attack the exchange? What did you learn? Take us through some of the exchanges you hacked and how, and why the outcome? >> Yeah, so, we have been auditing bunch of ISOs and exchanges from past two months, and quite a good number. So, what we see is most of them, don't have security, basic security text in place. So I can log into anyone's account. They have a password screen on the UA, but I can simply type it in without, without no indication or alteration, I can just log into anyone's account, and then I can get fund's out of their system. Very similar to, one issue which we found in talk in sale, was we were able to see PIA information of all the users. All the passwords details and everything, who has done KYC. So, there are lot of information disclosures in the API. And the main thing which we hackers do is we try to test this systems manually instead of going more into an automated kind of approach, running some scanner to figure out sets of hues. So, scanners are, sorry. Scanners are obviously good, but they're not that much good in finding out all the logical loopholes. >> So, you manually go in there, brute force, kind of thing? >> Yeah, not exactly, not that brute forcing, >> Not brute force. >> but of our own ways of doing things, and there are lot of good bounty hunters or white hat hackers, who are better than me and who are doing things. So, it becomes more and more sophisticated. We don't know when you get hacked. >> So, when the bounties are out there, does Facebook just say, hey, go to town? Or they give you specific guidance, so, you just, they say go at us? What do you do? >> Yeah, so basically the publicist sends some kind of legal documentation around it, and some kind of scoping on the top targets to hack. And then, they basically publish their reward size, and everything, and the policy and everything around. And then we just go through it. We try to hack it and then we report it to their team, via channel, and then they fix it, and then they come back to us saying, this is how we fixed it and this is what the impact was, and this is how much we're going to pay you. >> And then they just they pay you. >> Yeah, my yesterday's talk was mainly focused on hacking these ICOs, and descryptpexion in the past. Some of the case studies which we have done in the past, and obviously we can't disclose customer names, but we directed some of the information, and showed them how we helped them. >> What should ICO's learn, what should exchanges learn from your experience? What's the walkaway for them? Besides being focused on security. What specifically do you share? >> Yeah, so to be very frank, I know few of the companies and bunch of companies who don't appreciate white hat hackers at all. So, these are ICOs and crypexinges. So, the first and foremost thing they should do is, if they are not having any internal, external, if they are having any internal security team right now, then they should go further back down the program to make sure people like us, or people like other white hat hackers, go and hack their systems and tell them ethically. >> How does a bounty, how does someone set that up? >> So, uh-- >> Have you helped people do that? >> Yeah, so, our company does that. We help them setting up a bug bounty program from scratch, and we manage it by our typewriting platforms, and we invite private, and we do it privately, and we invite ethical hackers to hack into their systems ethically. And then we do have arguments with bunch of them, and that's how they're going to secure. >> So, how does that work, they call you up on the phone? Or they send you an email? They send you a telegram? How do they get in touch with, the website? They do face-to-face with you? They have to do it electronically? What's the process? >> For the bounty hunting? >> Yeah, for setting up a bounty program. >> Yeah, for setting up a bounty program with our company, we basically get on Skype call with them, we explain them what is going to be their budget and everything. How good their security team is, and if they are not having any internal security team, what I know, then we never suggest them going for the bounty program because they may end up paying huge amount of money. (John laughs) So, then we basically sell our pen testing services to them, and say, this is, you should go out for a pen testing service first, and then you should go for a bounty program. >> Because they could be paying way too much in bounties. >> Yeah, yeah. >> Yeah, 'cause they don't know what their exposure is. So, you do some advisory, consulting, get them set up, help them scale up their security practice basically. >> Yes, yes, yes. Their entire security team. >> So what was the questions at the sessions? What were some of the things the audience was asking you? Did any good questions come out that you were surprised by, or you expected? >> No, so, all of, so, for the very first talk, about the hacking the crypexion and all, all of them were surprised. They thought putting up a two-factor authentication, or something like that, makes their account secure. But it's not like that. (both laughing) We hack on the APIs. So, it's very, very, very super easy for us most of the time. >> So, the APIs are where the vulnerabilities are? >> Yeah. >> Mainly. >> The APIs, the URLs. >> Yeah. So, you guys use cloud computing at all? Do you use extra resource? I saw a bunch of stories out there about quantum computers, and that makes things better on the encryption side. What's your thoughts on all that, and hubbub? >> Yeah, so mainly we use anomaly intercepting proxy to intercept these calls, which are going on a straight to PS outputting, out of our own SSLP, 'cause the safety we get, and then trusting it. So, we try to plane to the APIs and them doing stuff. We don't need a big, high-end machine to hack into services. >> Gotcha, so you're dealing with them in the wire transmission. So, what do you, tell me about the conference here, what of some of the hallway conversations you've had? What's your observation? The folks that could not make it here, what's it like? What's the vibe like? What's it like here? >> So, they missed lot of things. (both laughing) And um, it was first Blockchain Security Conference, and I've been flying from all over doing the art, to just attend this conference. I was here one month back for Defcon and Black Hat, and for some other hacking event. >> So, you wanted to come here? >> Yeah. >> Yeah, I meet a lot of cool people here. I met so many great people. >> I planned it out even before Defcon Black Hat. (laughs) >> Okay, go 'head. >> I had to go to Hosho. (giggles) >> I think this is an important event 'cause I think it's like a new kind of black hat. Because it's a new culture, new architecture. Blockchain's super important, there's a lot of interest. And there's a lot of immature companies out there that are building fast, and they need to ramp up. And they're getting ICO money, which is like going public, so, it's like being grown-up before you're grown-up. And you got to get there faster. And I mean, that seems to be, do you agree with that? >> Um, yeah, definitely so. A lot of people love putting money into ICOs then what if they go tag, then people don't know about security that much, so, it's a big-- >> So, what are you excited about? Stepping back from the bounty hunter that you are, as you look at the tech industry, security, and blockchain in general, what are you most excited about? What are you working on? >> So, frankly saying, so, I'm looking forward to hack, articulately hack more and more exchanges, and uh, I believe none of them should die the legal tag, but, that's where most of the money is going to be in the future. So, that's the most interesting thing. Blockchain security is the most-- >> Yeah, that's where the money is. >> Yeah, yeah, yeah. >> The modern day bank robbery. It's happening. Global, modern, bank robbery. (Anand laughs) Andreas is right, by the way. (Anand giggles) He talked about that today. It's not like the old machine gun, give me the teller way. Give me your cash drawer, on, it's-- >> That was a very nice talk. >> It's other people from other banks with licenses. >> Yup. >> The new bank robbers. Well, thanks for coming on theCUBE, sharing your story, appreciate it. >> Thank you. >> Great to have you on. >> Thank you for inviting me. >> You're a real big celebrity in the space, and your work's awesome, and love the fact that you're ethically hacking. >> Yeah, by the way, I'm not the world's number one bounty hunter. I'm just-- >> Number two. >> Not number two, maybe, there are lot people out there. >> You're up there. >> I'm just learning and-- >> We could do a whole special or a Netflix series on the bounty hunting. >> Yeah, yeah. (laughs) >> And follow you around. (both laughing) And now, thanks for coming out, appreciate it. >> Thank you. >> Good to see you. >> Good to see-- >> All right. More CUBE coverage after this short break, stay with us. Here, live, in HoshoCon. First security conference around Blockchain. I'm John Furrier, thanks for watching. (upbeat techno music)