Episode 50 - Special Edition: In the 909Studio with Den Jones and Aaron Wurthmann

Narrator:

Welcome to 909 Exec, your source for wit and wisdom in cybersecurity and beyond. On this podcast, your host, veteran chief security officer and cyber aficionado, Den Jones, Taps' vast network to bring you guests, stories, opinions, predictions, and analysis you won't get anywhere else. Join us for 909 Exec Special Edition episode number 50 with Den Jones and Aaron Wurthmann.

Den:

Well, folks, welcome to another episode of 99 Exec. You're a source for some executive journey and wisdom. And this is a special episode because we're on episode number 50. And we are joined today with Mr. Aaron Wurthmann, advisory CISO, my right-hand guy because he is on the right and left-hand guy when he needs to help me out even more, I guess. So Aaron, thanks for coming into the studio, actually. This is our rare occurrence.

Aaron:

Yeah, I love being in the studio. By the way, did we lose two episodes somewhere? Is that where 50 and not 52?

Den:

No? No, we should have done 52.

Aaron:

Yeah, whatever.

Den:

But I think, yeah- I'm

Aaron:

Just going to go with last two. You know what? We edited two episodes out. I

Den:

Think your point is we are recording this in December and we're almost at the end of the year. And so we should have had 52, right?

Aaron:

Actually, if you pay for the subscription, you could have the last two episodes. You

Den:

Can get the two lost episodes from beyond the- In

Aaron:

All seriousness.

Den:

We've got a little cider or beer.

Aaron:

Or maybe it's apple juice.

Den:

Who knows? It's apple juice. Who knows? Yeah. So yeah, we'll do the happy hour edition. So Aaron, thanks for coming on. And man, so December, we're recording this and for us, it's been a year to celebrate and look back at and think, wow, I remember this time last year we'd talked about, oh my God, what's happening? This business needs to get moving and stuff. And it was brand new. Now the company's just over a year old. We've got a bunch of clients and we keep picking up some nice new ones. And I look back and I'm like, wow, this has been ... I think it's funny, everyone's been talking about AI all year. We went from zero trust for a few years to now AI. And then we just pick up these clients. And I think there's a couple of things that I think of as I look back at the year.

One was we've got a nice diversity of clients from manufacturing to software from startups to well established and invested companies from five people to 500. And in all fairness, I don't do jack shit really. You do most of the work, if not all the work. But let's talk about, give me a couple of highlights from the year.

What sticks out in your mind?

Aaron:

I mean, first of all, what a difference a year makes.

Den:

Yeah. Well, you didn't have that sweater last

Aaron:

Year. I actually I did. Well, no. And I got this Christmas Eve last year. And it picks up on the camera, but of course you got your unicorn here because you one cannot have a sweater without a unicorn on it, I feel like. Swear, right? A company sweater almost. Almost a company sweater. No, seriously, what a difference a year makes. I mean, a year ago, we maybe had one or two clients. We were doing primarily assessment work, if not purely compliance work. And here we are now with, I mean, short of a dozen clients.

We still do assessment work, still do compliance work, and we have the VCSO work, we have some security engineering work, we have some placement work. We have a lot of work to complete and do. And so it's the opposite problem now. It's the, we have a lot of work, we have a lot going on. We have to start thinking about scale. We have to start thinking about, is it more VCSOs on the bench? Is it more security engineers? How do we look at this business going forward? And great problems to have. I think anybody starting or us a year ago certainly would've traded the problems we have today for the problems then.

Den:

Yeah. I remember the conversation. Yeah, the conversation was how are we going to build business? How are we going to get new clients? Our problem, I mean, I still think that is still top of mind.

Aaron:

That's not going away. We still need to continue to bring in new clients.That certainly can't go away. And you certainly can't take your eye off the ball because your current clients could churn for whatever reason. They could be going through their own struggles, their own market struggles, their own budget cycles or what have you. And so we have to replace those clients as they churn for their own reasons as well.

Den:

But I think the conversation did twist from a, where do we get clients to know who are we bringing in? And then a couple of other big things for us, we became a bit of a reseller. So we've got reseller agreements in place and we have done, I think, three or four software license deals so far with another couple in the works. And then we also launched 99 Protect, which for me is, it was something last year. I mean, I didn't think this year we'd get into the reseller or the software game, but 99 Protect was really a great set of products. So for us, it's white labeled. We are partnered in with a company we trust. It's a twenty four seven SOC. It's endpoint protection, email protection, DNS, I mean a whole bunch of stuff. But what I was always looking for was security in a box and we deployed our first client.

So for us, that was great.

Aaron:

And I think all of that is ... It's important to know that all of that comes out of feedback from our customers. Our customers saying, "Hey, go help us purchase this. We're not a reseller." Or, "Hey, we need a 24 by seven SOC, help us do that. " And us saying, "We'll go do that for you. Trust us." I

Den:

Mean, so you're working almost all of our clients. What do you think has been the most impressive piece of client work? I mean, they're most exciting, I think. I want to prize out what's been fun and exciting, and then what's been challenging?

Aaron:

Yeah, I think renewals for me are the most exciting. When you get that client who says something like, "Oh, I just need some compliance work and that's all I need." And then you finish that compliance work and they say, "You know what? We really liked you. We'd like to re-up and we'd like to do this next project with you. " And then you finish that with them and you think that's going to be it because they indicated that's all they had in their budget and we're not hard salespeople, right? We respect their budget. When they tell us that's all the money there is to spend, we respect that. But then a second renewal, third renewal, when those things come, that excites me because it means that we're doing good work, that they see the value of our work and that despite the fact that they, not necessarily scraping pennies together, obviously, but despite the fact that money is a finite resource for them, they see our value and they continue to keep us on board.

Den:

But I mean, I think that's the thing for you and I, I mean, we've been practitioners our whole career and we're still practitioners, you more than me, but we are still there. And there was never a time in their career where money and budget wasn't a thing. We always had to try and reduce risk and deliver services and do stuff with a finite amount of resources. So when we talk to our clients, I mean, we know the struggle. It's not like we don't understand it. And then I think to your point, we're not salespeople. We don't really want to do a hard sell with anybody. If anything, it's a, "Hey, how can we

Aaron:

Help?"

Den:

And to your point, I was really excited when ... I mean, I like the money, so I was very excited when our clients said, "Hey, can you do more?" But for me, what was really interesting was the ability for us to go in there, do some compliance work. And while you're doing the compliance work, you're also giving them a device and guidance on their security risk

And not trying to upsell them on, "Hey, we can do more here," but part of doing the compliance work is compliance a checkbox, right? So at the end of it, I think that for us is really just one of the kind of pleasurable parts of this where we're walking away with, "Oh shit, that's been a really good outcome." I think another one was we haven't lost a client. We had a client that we were their field CSO, they were going through a renaming and to be all honesty, we're not trying to be field CISOs really because we're not trying to become known within our CISO friends as just salespeople. So field CISO work isn't our bread and butter really, but they were changing their name and we're like, "Okay, cool. Well, we'll catch you later guys. That was fun." And then the other piece was one of our earlier clients, they were like, "Hey, when I get more funding, I'll come back." And they were like a seed round company and we helped them do their SOC two type one in I think six weeks.

Wow. And then you've done what, type two plus HIPAA and GDPR in a further seven weeks or something? Correct. Yeah. Yeah. And

Aaron:

So you just hit exactly on the challenges. The challenges are around some of those early stage companies and their funding rounds.

Den:

So just from a security perspective, what do you feel the smaller startups struggle with from a security and a risk perspective or do you think they care? They just really want to do the compliance stuff?

Aaron:

So I think they care. I think they have an idea of what that looks like. I think that given the right pressure usually from customers, et cetera, they can quickly move into a compliance framework. I think as always, it is the, they don't know what they don't know. And so bringing in someone like us who says, "Compliance is great, however, have you thought about X, Y, and Z? Go look at those things. So we're here to help you. "

Den:

Especially while we're there, right?

Aaron:

Especially while we're

Den:

There. Yeah.

Aaron:

Right.

Den:

Yeah. And as I look back in the year, there's a couple of things, highlights for me where we had the FBI event where they invited us in as one of three outside companies and we led a session on best practices in the enterprise. So I felt that that was a privilege for us to be invited and then be get to lead a session. I thought that was a really cool event. We sponsored the packet capture village at DevCon. So DevCon normally is very new for DevCon to sponsors, but for us to weasel our way in there, and I think it's more a case of just trying to raise the brand awareness that we are a credible brand, that we are practitioners as well. So for me, that was probably one of the cooler highlights.

Aaron:

And mental health kits at B-sides too.

Den:

Mental health kits with Dr. Sarah, that was great. Shout out to

Aaron:

Dr. Sarah.

Den:

Yeah, shout out. And we also, from a podcast perspective, our number one podcast from a listening or viewership was with Nada Securi and she's also in wellness. So I kind of look at this like the whole topic of cyber wellness, mental health, I still think that that's a big thing for people in the industry.

And I have conversations regularly just about how as an industry goes, we're not doing a very good job at looking after people and their health. I mean, I think there's a lot of work to be done there. Absolutely. So yeah, we'll probably have a few more podcasts on that stuff as we get into 26. Now, let's just jump into security programs and big key themes of 2025, right? So we're wrapping up the year. What do you think ... I mean, AI has obviously been the biggest thing to be talked about in 2025 and will be next year. Your clients security, and what advice are you giving them on that?

Aaron:

So if they're building AI into their product, which we're seeing across the board, if they're not already an AI company, right? So if they're already an AI company, it's sort of obvious. If they're building AI into their product, we're starting to explain to them the risks there and how they might position themselves to their customers to look more secure. So if that's ISO 4301 or if that's GDPR or whatever it is that their customers might be looking for, we're starting to help with that work beyond just the normal basic controls around access controls or security. But we've started to see more and more of that. It's, "Hey, I have this product, whatever the product is, we think there's an AI component to it. " And so we have to have this discussion with them about, okay, we get it, you want to be relevant, you're going to add an AI component to your product.

Here's what that might mean from a security standpoint, and here's how your customer might perceive that to mean that from a security standpoint, here's how when you bring that to market, here's how you might mitigate some of your customer's concerns around adding an AI component to your product.

Den:

Yeah. And one of our clients, I know because I've had this conversation, there's 500 people in their company, they're highly concerned about what their employees are doing with AI and they've got very little visibility. So as people, I mean, I look at this like every security issue anyway, you can't protect what you don't know about. So I mean, are you hearing a lot of people talk about lack of visibility and how to

Aaron:

Solve that? What's interesting there and a couple other places too is these are fundamental controls that we've lost sight of as we've become more of a cloud world. So you and I have had this discussion about a particular Cisco product originally called Umbrella and I don't know what they call it now, but if you take something like that, sort of DNS filtering or DNS monitoring or filtering on the endpoint, you do get a observability capability of what AI people are using. Is it foolproof? No, it's not, but you would get an idea of who's going to ChatGPT, who's using Cloud, et cetera.

Den:

What you would know is, are they using a personal instance or a company instance? Now, the good thing is that bundle called 909 Protect actually includes umbrella. Shameless plus. Yeah. Shameless. Not so

Aaron:

Shameless. Not so shameless. No,

Den:

So shameless. You're watching our podcast. Yeah. But our friends at Harmonic Security, they've got a little plugin thing or agent, I can't remember quite what it is, but from speaking with Alistair and his team, really, really exciting product work that they're doing, because I look at that as step one. Let's know we're protecting and what they can do is put policies in place and save clients from uploading sensitive information. And I

Aaron:

Would say less intrusive than DNSLyer two.

Den:

Yeah, very much so. And because of where it sits, then it has the visibility into which instance, and I think that's vital. So yeah, so I look at this for next year as being probably one of the biggest challenges that need to be addressed because I don't think any companies are really on top of how people are using AI for their business. So I see that as being like the holy shit moment, like someone's going to end up uploading a whole bunch of personal or PII in there and then all of a sudden if it's available publicly, then there might be some issues caused by that.

Aaron:

Yeah. The ability to share content out of say ChatGPT is not talked about, I think enough, like the little share button right there and what that does. They have shared a few things, to be honest. Somebody puts something personal in there and they hit that share button that's available. That's out of control, just like it were in a personal Google drive.

Den:

Yeah. Now two years ago, I did say, I was at an event in Canada actually in Vancouver and I was a CDW event and I was talking about, we were talking about AI security and I did say that within two years, I think one of these AI companies are going to be breached.

Aaron:

Well, you did make a prediction last year, which I think we should get into maybe in our next episode when we do 2026 predictions. If we decide to do that episode, we should revisit 2025 predictions because that was a prediction.

Den:

Yeah, we have to revisit that.

Aaron:

We have to keep ourselves

Den:

Humble, honestly. Honest and humble. Well, I'm not honest. No, I am. I'm just not humble. Sometimes, sometimes. So talking about 2026 and predictions, obviously we expect AI to continue to be the dominant topic. So if you kind of play this forward from a security perspective, what do you think is going to be ... And this, I don't want to jump into predictions, but I think from a theme perspective, what do you think the big AI themes are going to be?

Aaron:

Yeah. So I did say this as a prediction in 2025, and you're starting to see it now, so maybe I'll still take credit for it, but I think you'll see it more as a theme, and that is AI as a defense mechanism. So AI as scanning code for vulnerabilities, AI as rearranging firewall rules when it's under attack or when something's under attack, those sort of defenses, I think you're going to see a lot more of in 2026.

Den:

Yeah. And I saw a post recently about on LinkedIn, and it was just talking about how the hackers, it's become so consumerized as a service for the last five years, but now with AI, that entry level for people to get in is so low. The bar is so low, you don't need any technical ability at all. And you can use AI as a service, and then before long you can be a tech and anybody. And I think that means ... We used to say to clients that you got to be better than the other people, just be more- All the time. ... more secure all the time than your peers in your industry, and then hopefully they'll be attacked and not you. But I think the reality now is I think there's going to be such an influx of attackers because the bar is so low to get in and the skill level is not as high now, that I think every company's at risk.

Aaron:

Do you think the term script kitty will just drop away because now

Den:

There's

Aaron:

No such thing?

Den:

No script kitties. They're just talking into the AI platform.

Aaron:

ScriptGPT. Yeah, probably. Yeah, I think so. And then the other thing I think we're going to see more and more of AI, we're already seeing it too, is the big compliance platforms are leveraging AI in order to either do compliance wholly. Either maybe the whole platform might be just AI in the backend that writes all of your policy just based on AI and does all of your work in AI, or it leverages AI in order to look at your policy and look at your controls and say, "Hey, you're deficient in these areas." We're saying that too.

Den:

No, we did have a company that was almost a client, but then they decided that they were going to go down that whole AI route. I still get concerned, I'd love your thought on this. I still get concerned that AI doesn't have good business context. And if you don't have professional people that know the thing, know the subjects or subject matter expert, then the AI is still going to spit shit out with the confidence of a teenager that just watched an Instagram reel.

Aaron:

Yeah, I do have concerns around exactly that, that it gets abused. I mean, let's say that the customers of that product are just not taking it seriously. They're just giving the AI the answers that it needs to get in order to achieve their compliance SOC two or ISO 27,001 or whatever they need. And then what could happen for those customers or for that company that's achieving that compliance is somebody on the buyer on the other end might look at their certificate and go like, "Hey, this looks like boilerplate." This looks like this doesn't look real. This has way too many double dashes, M dashes in it. I

Den:

Mean, they're still going to have to go through an audit and I fear that the auditors are going to come in and look at that stuff and ask questions that the business isn't in a position to answer.

Aaron:

But what we're seeing though is the number of auditors is going up and there is a number of less than reputable auditors. And so the big auditing firms are still reputable. You still want to see those certificates. So that could mean at some point that there's almost like an auditor rating, right?

Den:

Yeah.

Aaron:

Whereas a buyer, you're like, "Yeah, you have your SOC two, Google, but I don't know this auditor." Which I do a bit of now. If I see a reputable auditor on there, I'm like, "Okay, this is a legit SOC two, but if it's not a reputable auditor, sometimes I dig into it a little bit."

Den:

Yeah. I mean, I look at that, and because we have clients who are small companies where you're like, maybe you're not quite ready, you're not quite large enough yet, your separation of duties. And sometimes we have to have those tough conversations because we'd rather be honest with our clients. And then when we speak with audit firms, I know that we've got about, I think now half a dozen audit firms that we pull in for bids and stuff when we're working with our clients. And I think there is a variance of quality and price like there is with everything, but I do hope in the future that companies look at that audit firm and decide what matters, right? I mean, I think to your point, right, if it's a less reputable firm, then maybe we're doing some extra due diligence on the backend. I wanted to just cut over to something less work related.

So what are your plans for the holidays? What are you going to do? What's the Worthaman household up to? Now you got a new dog recently because you didn't like my dog or some shit. Did I give you a dog and you said, "No, I'll get my own one."

Aaron:

Yeah. So let's see, how old is Bennington now? Bennington will be 10 months at about Christmas. Wow. So not quite a year. He's house trained. He's had all the operations. He's had all the operations. He's got four legs. He is very much a teenager. We have learned he is a Chihuahua Shih Tzu mix. I'm sure there's pics on my socials, follow me, follow me, link, share, I don't know, et cetera. I need to create a social account for him, I'm sure.

Den:

Yeah, you should do the Follow Benny. We are going to end up doing a unicorn social account

Aaron:

For like- We should do that, but also we should get Benny a ... He needs a unicorn outfit. That's what I should have done for Halloween.

Den:

That would have been it.

Aaron:

Missed opportunity. That would have been it. All rig. We'll order that for next year. With all

Den:

Over the unicorn business. So what are you guys doing for holidays?

Aaron:

Yeah. So we celebrate both Christmas Eve, which we do. We call them reindeer games. So people come over to the house, we do fun games. They'll be drinking involved. You are invited, of course. Oh, I do like the drink then. And then Christmas day is everybody comes over to the house. We do, of course, presents and dinner. This year, the wife will be making a filet mignon roast. Oh, wow. Again, you are welcome. Because

Den:

You've done the turkey thing, right? Thanksgiving. So Thanksgiving, yeah, business.

Aaron:

Thanksgiving, we do turkey. Usually for Christmas, she does Prime Rib. Prime River. So this year she wants to switch it up and do a flammin restaurant. Yeah.

Den:

Well, I've got my mom in town, as you know, because she's through there creating havoc. And yeah, I decided, so this year we're going to volunteer at a food bank or shelter or feed the homeless or something. Is that because you don't want to cook? No, it's funny. So my kids are going out of town and stuff, so I'll end up doing Christmas here a little dinner earlier, like a Christmas dinner. Harry, our friend is going out of town, so he normally joins us for Christmas dinner as well. So he's going to go away. And so I figured, yeah, we'll do a Christmas dinner earlier. Second Harvest Food Bank? Something like that. Yeah. I've still got to organize that.

Aaron:

Okay.

Den:

That's on my to- do list for tomorrow actually.

Aaron:

I am a big fan of Second Harvest Food Bank. Some years ago at Marketo, the company that brought us together, of course, Marketo Adobe, we had the opportunity to donate 50,000 to Second Harvest Food Bank, and it was an honor to do so. Yeah.

Den:

You know when I was at Banyan Security, right? I was doing a lot of the evangelism work and it has to be known that I swear now and again, you may have picked up on that

Aaron:

Show. You?

Den:

Yeah, now and again. But I was on stage and somebody posted on Twitter that this guy, very good, content's great, but he does swear a lot. He needs a swear jar. And then I was like, "Well, I'll do one better." Every city that I'll go to, I'll donate money for every cuss word I use. And I think it was about $5 a swear word, and it was a 30 minute presentation and people were counting up the swear word And I think it was about a shit a minute or something. I don't know. But I ended up donating almost a thousand dollars every bloody visit. But now I get mail. I get mail from the Atlanta Food Bank and Children's are this and blah, blah. So I'd have somebody in the audience pick their charity of choice for that local city. But in the end, I had to not do that because I was spending too much money.

My paycheck wasn't really covering the money so well. So yeah, so I stopped that. I was like, fuck, I can't do that any longer. Well,

Aaron:

Now you can donate your time.

Den:

Now I'll donate my time. So yeah, no, so I'm excited about next year. Obviously for you and I, we still feel the pressure. We're building this new business. We're building the client base. The pressure subsides every time we get a little cha-ching and somebody comes in and signs up with us. Because I think one thing that I feel proud of is when we do work with clients, their desire to expand what we're doing and have us do more work with them. And that is brilliant because most of our clients, they're coming back. They want more. Excuse me. They see the value in what we're delivering. So yeah, I mean, I think next year for me, if we continue quarter over quarter, the way we're growing and our projection is you and I'll have a helicopter in 10 years or five years or something, unless we win the lotto tonight.

Aaron:

Can you put a horn on a helicopter?

Den:

I think you can. Yeah. I think you could get a unicorn

Aaron:

Helicopter.

Den:

Yeah. Yeah. But because the other diverse business interest of the airplane, which our friend Near shot down actually, he didn't shoot down the airplane. He shot down the idea. Just to be clear, near. Sorry, man. Yeah, 99 planes, I think that's a-

Aaron:

Yeah,

Den:

Near. Yeah. I can't remember, man. Yeah, something like that.

Aaron:

We're getting 909 planes you watch.

Den:

Yeah, just wait for ... Well, watch this space. So yeah, anyway, I've ran out of drink. We

Aaron:

Still want to talk about our other ... Oh, shit. Yeah, yeah, yeah. We do.

Den:

RCS, right?

Aaron:

RCS.

Den:

Well, we're not ... I mean- Name pending. Name pending. The main name Bob. Name pending. Yeah. So it's interesting actually. So one of the things I was proud of last year was the creation of 99IC, which is a platform where we connect cyber students with employers for part-time work while they study. So across between an internship and an apprenticeship. And I think that's great, but during the journey, as we build it, it's pretty hard to convince employers to go pull some students and do work. And the thing that overlapped on top of that was this concept where after COVID and with the advancement of AI, I think there's going to be a need for more freelancers in the industry. And so I think there's going to be a need for freelancers because I think some companies, rather than hiring a full-time person, they'll use AI for a bunch of stuff, but they'll still need some expertise and they'll just not need it 40 hours a week.

So if we think of us doing fractional or virtual CISO work, I think it's the same thing with pen testers or engineers or whatever, whatever. So yeah, so RCS is the evolution of 909IC because really students are also just a different type of freelancer. So we'll launch, I think, the middle to end of January. And our goal is that we deliver a trusted platform with trusted and vetted people on the platform. We're partnering with EnTrust actually on this thing as well. So the identity of the people who are freelancers is vetted and validated. We'll go through with many of them in an interview process. So we'll phone screen, we'll meet, we'll interview, we'll vet people. If they are people from within our network or referral network, we'll have that highlighted as well. And then it's their hourly rate plus our platform fee. So we'll be really transparent.

Yeah. So I'm excited because the student thing I think is still valuable and still valid, but I then think on top of it, we can really step this up a notch. And this industry is a $1.6 billion industry. So this whole gig economy and tech is huge. And there's Upwork and there's other platforms that do stuff like this, but we're focused squarely on cyber.

Aaron:

It'll work.

Den:

Should work, right?

Aaron:

That's sure. Fuck. We got it. If it doesn't work,

Den:

Then yeah.

Aaron:

Then

Den:

We'll send our friend

Aaron:

A cake or something

Den:

Like that. Cookies or something. Yeah, something like that. I don't know. But yeah, I mean, I look at this like it's a huge thing. And what's really funny, right? So 99 Cyber, I remember when we launched and we had some friends around and I had some slides up talking about a five-year plan. So year one was meant to be just CISO subscription, a subscription service only. And then year two was more consulting with year two introducing some resale of product and then our resale of like the Vantas Nadratas that we're doing already now. And then year three was we'll build our own product based on the consultancy business needing to have become more efficient, so we'll do stuff in house. We seem to have done all of that in the first year and now it's a case of, holy shit, we've got all these things moving, but they're all beginning to pick up steam, which is really fun.

Now actually, and I forgot to cover this. So one thing for me, you've been playing around with AI tools and platforms and stuff through the Wisi. So was that a pen testing thing you were playing around with?

Aaron:

Yeah, we haven't run that yet. I was actually going to talk about that earlier today.

Den:

But you did use what was a tabletop exercise. I did. You leveraged AI for that.

Aaron:

Yep.

Den:

And funnily enough, then somebody tried to introduce us to a company.

Aaron:

That was interesting. I was like, yeah.

Den:

But you've had a couple of those conversations actually where there's some AI companies like AI security companies where they've got a product ready to go to market with VC funding and you're like, "Well, I actually built that. "

Aaron:

You've

Den:

Got a couple of them already,

Aaron:

Right? I've had a few of those conversations now where I am on the phone or in person with the VC and they are asking me if they should invest in a company and I have to explain that I don't think the idea is unique at all because I accidentally did it yesterday and using a foundational model where I think ideas are unique is when they're not using foundational models, when they're not using ChatGPT or Clog and when they're optimized models and run faster than those things,

Den:

I

Aaron:

Will give credit where credit is due on those things. When we see them. And I have seen them and I have seen them, but I've also seen quite a bit of using the foundation models to create products, vibe coding, et cetera, and then going to get VC funding or going to collect VC funding and then that ends exactly how you would expect it to

Den:

End. Yeah. No, yeah. Now talking about VC funding, there's a lot of funding going into this AI business. Maybe more funding than there is in the business. I don't know.

Aaron:

Yeah, I would say that the VCs are starting to wake up though. I'd say in the beginning, there were certainly a lot of money to go around. And I'm sure there's still money left to be invested. I forgot the exact term, but there's a ... When you raise a fund, you do need to invest the money. And so I'm sure there's still money that's sitting on the table that needs to be invested still, but VCs are starting to wake up and realize that there's a lot of fluff out there.

Den:

Yeah, there is a lot of fluff we've seen. I mean, it's funny though, because as practitioners, we get those calls all the time. And I think, I don't know, we're trying to not do many product demos or stuff like that, but we do quite a lot of them and we see a lot of products. And sometimes I just sit there, it's like, are you solving a problem?

Is it a problem that needs solved? And then all fairness, actually, you can say the same with me about 99RCS, right? I mean, I sit there and I'm like, I think this is a problem need solves. I've done some research, so I think there's a market and we are actually, we do have AI inside their platform for some cool widgets, which we're going to demo to you in early January. So yeah, the team and I, we're going to pull in some smart people for our little demo and we'll demo to our own team and get feedback and then iterate on that.

Aaron:

And the great thing about this relationship is it will be like honest feedback for me. Feedback, it will be. And there might be swear words. And there'll definitely be swear words. What the fuck? It'll either be, holy fuck, I was wrong. Yeah. It might be. It might. It might could happen. It could happen. It'll be next year. So if you think about it, if I am wrong once a year- That's fine. Yeah.

Den:

Once a year's good. But you don't want to be wrong in January. No, that's fine. No, because then the whole rest of the year you've got to be on your A game.

Aaron:

No, but I will be.

Den:

Okay.

Aaron:

So it'll be okay. So that way you just get me being wrong out of the way earlier in the year and then for the rest of the year- You're going to be great. I can only be right. You're going to nail it.

Den:

Nail it. Let's nail 2026. Anyway, cheers to that. I've got a dribble. Cheers, bud. Thank you. Appreciate your support and here's to 2026. 2026. Everybody, thanks for listening to some of our spitballing a guest because really this was just, let's just have a sit down, a conversation. Aaron Wurthmann, thank you very much, man, for your support, your partnership, and helping make 99 Cyber be the company that we're building. Appreciate it.

Aaron:

Thank you all for joining.

Den:

Thanks everybody. Have a great day. And thank you for your viewership in 2025. And please, if you love this conversation or all the others, share, like, subscribe and do all that usual stuff. Thank you, everybody. Take it easy.

Narrator:

Thanks for listening to 909 Exec. Don't miss an episode of your source for wit and wisdom in cybersecurity and beyond.

‍