To help members optimize opportunities and reduce risk, OODA hosts a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs.

To encourage openness of discussion, these sessions take place with Chatham House rules, where participants are free to use the information in the meeting but are asked not to directly quote or identify other participants (we also keep privacy in mind when preparing summaries of these sessions, like the one that follows).

The June call was held on Friday, June 17th.   The call began with an announcement by OODA CEO Matt Devost about OODAcon 2022 in the fall:

OODAcon 2022 | The Future of Exponential Innovation & Disruption

About this event:

Topics of discussion on the June monthly call

• Is the World Going into an Economic Slowdown?
• Cybersecurity and Innovation during an Economic Downturn
• Cybersecurity:  Entrepreneurial Management and Business Model Innovation
• The Quantum Computing, Quantum Communications, and Quantum Security Markets
• General Feedback from the OODA Network on Topics, Filtering, and Curation of OODA Loop Research
• Links and Resources from the Meeting Chat

Is the World going into an Economic Slowdown?

A general discussion of the topic ensued with the following highlights:

• Most recently the President of the World Bank said a global economic slowdown in many countries will fuel a recession.
• Is the U.S. headed for an economic downturn? Will it be a recession?
• From a business perspective, whether the country’s going to be in a recession or not, is your market going to be in a recession?  If so, what segments of your market will be in a recession?
• Many great companies were created and founded during economic downturns (including Fusion X that’s Matt built and started Fusion X during an economic downturn).  Is there something there about economic downturns that fuel more creativity or more entrepreneurship, or is it just a coincidence?
• Is there more choice and selection of talent in part because of an economic downturn?
• A Network Member was asked to give a broad overview based on experience to set levels for the conversation:

“I think the numbers clearly state that we will move into a recession, but I think what’s important in the context of the ramp-up that we had because of COVID and the rally after the post-March crash. So I think there was a lot of momentum built into the system that maybe wasn’t justified. So on a longer-term basis, if we move into a recession, we need to account for that ramp-up.  I think it remains to be seen as it relates to opportunity. I think it is it is important from a creative destruction perspective.

I think we are seeing that in the cryptocurrency and Web3 areas right now, there was so much flow of ideas and money and associated fraud  – what we are seeing right now is the house burning down. It does not mean that we can’t rebuild some of those essential technologies on top of the foundation that exists, which is blockchain.

And maybe there are some of these cryptocurrencies in general (Bitcoin, Ethereum, Chainlink – which provides third-party Oracle services to other blockchains and smart contracts):  I think the approaches are still viable, but we needed to kind of wash all the fluff out of the system. And every week we are seeing some sort of mass destruction of a major player in that space, whether it is a stable coin or whether it’s one of these blockchain facilitators or cross-chain facilitators.  There’s just a tremendous amount of activity there.

I think in the tech space that plays out as well. It remains to be seen what the VC investment cycle looks like for a new company and existing company investments – from the period of last month through the next six months.  But what we saw and what we experienced when there was the 2000 crash or right after the 2008 crash – what you see is the people have to refine their business models. The stuff that actually gets funded by VCs is a little bit more viable, a little bit saner, with operating and growth models that are a little bit saner. And as a result, I think there’s a higher probability for those businesses to be successful. So we may see the same thing coming out of this economic downturn if that is what we are in.”

• What we tend to see is that innovation increases because people must figure out new ways of bringing in income.
• At a more micro level, we see this in government all the time when, when times are tough and Congress cuts the agency’s budgets they tend to double down and innovate around things to make it even better and more efficient. And so you just expand that out to the global economy.  The same thing happens there.

Cybersecurity and Innovation during an Economic Downturn

• We have to describe what areas of the economy we are talking about. There are certain elements of the economy that have much more elasticity and are much more recession-proof. And those will be the opportunities.
• Cybersecurity is increasingly one of those recession-proof things. That’s not discretionary, there are a lot of regulatory requirements for cyber security measures. Whether there is a recession or a boom – cyber-attacks, ransomware and all the other threats that surround cyber will be ongoing.
• A network member pushed back:  “I don’t see innovation in cyber as being one of those areas. So innovation across the board, we may have to specify what we’re talking about, but anytime you can come up with something better, faster, cheaper, simpler on a per unit basis and save time, all those things – regardless of where we are on the cycle- are going to be attractive to enterprises.”
• Another trend in cyber that seemed apparent at RSA:  there are hundreds and hundreds of companies on the expo floor.   Many of them were laying people off and about 30% of the companies are aggressively hiring and can’t find the talent they need and are doing anything possible to find the sharpest possible thought leaders and engineers. Those companies that really didn’t have a differentiator or didn’t have good finances and financial management are going to have a hard time and may just go away.
• That is probably going to result in more consolidation in the industry, which is not a bad thing right now given the number of players.
• It is great if you have a shopping list and you’re on the hunt for M&A activity.  Over the next year, there is going to be a lot of movement in that space.

Cybersecurity:  Entrepreneurial Management and Business Model Innovation

• A network member offered some context for the discussion:   “In 2001, in the postmortem of the dot-com crash, the lean startup model came out of that and the phases through which everyone evaluates phases (the management team, traction, and customer development). Well, I’m wondering:  in cyber If there is a traditional cycle of M&A that consolidates everything – after that cycle (and 9 out of 10 startups fail) I’m intuiting some step function or some innovation in the way the entire ecosystem is structured that moves away from the lean startup model. For example, does cyber need to throw the baby out with the bath water and step up to a new architecture of the entire innovation ecosystem – and how would that innovation work? I think that’s true of a lot of spaces. There is the role of platform-as-a-service ecosystems and how the business model architecture enables exponential growth. That’s what I’m tracking: innovation and business model cycling out of the lean startup model.”
• A network member responded: “My last company was services, but coming into a product company, I read Lean Startup. And I then also read Zero to One. And when I look at cyber, when you talk to the CISOs and the ability to even survive in that lean startup model, it requires early adopters and very engaged decision-makers. And there are so many companies that are asking for that type of model from the customer base. I think they [the customer base] is tired. And so we went more toward the Zero to One model with the idea that we have a big vision. It’s going to take a while. And as we get the right partners, they will hopefully help us make good roadmap decisions, but it’s not anywhere near the lean startup model.
• Steve Blank’s Four Steps to the Epiphany was also recommended to complement The Lean Startup and Zero to One.
• A question was asked on the call: “Has anybody done a cohort analysis on lean startups versus remaining chubby or fat ones and seen if the lean ones did better?”
• When we think about lean startup, there are different talents and skill sets that are required as you mature an organization: some people can have the ego that, that allows them to move away if they’re not the right fit and some founders don’t.  There are so many different variables that can determine that long-term success story. A network member added: “I have not come across a book with that research to date.”
• We are seeing that perspective in some of the Venture Capital (VC) and Private Equity (PE) space – where they are wrapping a methodology around the investments: active involvement, not just on the board, but active involvement in how the company grows. Where do you need to bring in “advisory services” and get an independent view of what’s happening across the portfolio? Within each company, those things are things that pop up:  that startup CEO is going to be good for the first million. And then we know they’re not going to get there. Who’s the next person that we start to bring in so that they can learn the business?
• If you don’t have a holistic story and if somebody is not providing the right guidance – you’re going to have an exit ramp somewhere, right? Something will happen and off you go.
• In an early stage having advisors who tell you not to take the cheap money just because of the cheaper money, you take the more moderate deal with the partner that has the Rolodex in your space, so that you’re actually opening up customer development through the partnership and they want to be hands-on. The instinct during the nineties was the cheap money – and let’s not worry about what they’re bringing to the table.
• A network member offered some experiential learnings: “Two axes in response to that: On the involvement of the VCs. I’ve seen both sides of that. I know we easily assumed, working for a Sequoia-funded company, that we would get some sort of help or other from Sequoia other than the cash. They were less than useless. And the other is the staging of CEOs as you progress. I just have one anecdotal example where it worked rather poorly where they felt they needed to bring in a big banner CEO for the next level of growth. And another one where it did seem to work out. So I can see that going either way.”
• Steve Blank in The Four Steps to the Epiphany completely debunked the notion of first-mover advantage. Startup teams still talk about first-mover as fundamentally an advantage. He completely debunks it. It can be completely shifted to another phase: you don’t have to get into the groupthink or dedicate your burn rate to maintaining a first-mover advantage.
• To return to the initial question: Avoiding groupthink during product development is the basis of the lean startup model.  Now, has the lean startup model atrophied? Is it too democratized? It is not just that there is going to be a consolidation, but what next on the model of how it’s all done? And how does that play into innovation in the general economy during an economic downturn?
  A network member offered early-stage experience at FireEye (now Trellix): “At FireEye, before we did our IPO, what people talked about all the time was what a disruptor the company was in its early days. And, in that same period, in talking to the sales leaders around the globe, they all suffered from the same problem. And that was because CISOs did not have anything in their budget. There was no specific line item that the sales team could go after to replace. It was new and additive. So the point is: Today, I think disrupting is more about finding stuff in the CISO stack that you can go after and replace, and that’s probably not a well-thought-out model, but nevertheless it is important for a successful startup in selling into any space. It’s something that somebody is already buying and you’re making it better or much better. You must show the value – versus something new and innovative that no one is willing to be your guinea pig to test out.”
• Find something where you can improve to get a toe hold. And if you’re good enough, you’ll expand over time. And then you can displace. and then you will be good enough. And you’ll be the extra thing that gets added to some core component in the ecosystem. Or you have the opportunity for a liquidity event. And that will be your exit.
• A network member offered experience from a recent exit: “My last company, Attivo Networks, now we are a part of Sentinel one. We were acquired. But we were focused on deception for a very long period of time. The company started in 2011 and started shipping products in 2014. And NIST has deception in the Cybersecurity Framework. Gartner started talking about it three years ago. And we had lots and lots of coverage. MITRE has a whole new organization focused on it. And yet it was a hard-fought battle to get anybody to acquire that product. So instead, we thought about focusing on problems that existed that weren’t being broadly covered and ones that were well recognized by CISOs. And we went after the problems with active directory and identity. Our Annual Recurring Revenue (ARR) blew up and we were acquired last month. So now we are a part of Sentinel One. But it is focusing on a challenge, a problem that CISOs either understand – and it could be in any industry as well – the buyer is in that space or something that they already have with a dramatic improvement that they already understand as well. So I agree with you completely on that. And I, I think that our case is one that is at least one success story.”
• When we are talking about cyber specifically: not only are cyber products in the cloud, but most companies mostly have a cloud presence to begin with.  That is an advantage for cyber companies. You don’t have the harder work of trying to get into a data center or get into a rack or get into a spanning port. Some of that is simplified in some cases, right? Lots of caveats. Companies have moved to cloud standardization and a whole host of things. So, the general migration to the cloud may be helpful for cyber startups too.
• There are 3000 VC-funded security firms out there – and all of them would like one minute on your schedule.  How do you deal with that?
• A network member offered his modus operandi:  “I try to get curated views. And, and I, and sometimes I go shopping in the Business Development (BD) and PE space with people who I have spent time with: they have a portfolio say of 10% of the 3000 companies, maybe more, but they may have 10% of the portfolio view of what’s going on. I believe that they’ve curated that somewhat. I can do five minutes without even talking to a human at that company, getting a very quick view of whether something’s good or bad or something I’d like more information or not like really quick a bit of a view or quick enough for me. What kind of slot does the CISO, or the tech lead have for a proper evaluation? We don’t want to waste time. We don’t just randomly put people into the breach and say, ‘Hey look at 50 or 60 or a hundred things, it’s impractical to do those things.’ We’ve got a prioritized list of things that we care about.”
• We just need a 10% enhancement on this area or this function. We don’t need the big bang and we’re not looking for anyone to displace company X through 1, 2, 3, 4, and 5. Part of it is do the business development teams, the sales teams, and others, do they really have a view of the market?
• A network member discussed Clubhouse and the importance of doing your homework: “For example, we don’t know what’s going to happen with Clubhouse but talk about something that just shot out of a cannon and then has come back down to earth because I just don’t think they followed the lean startup model and listened to what the customers were wanting. But what we just discussed and what I believe in cyber or other more mature industries: you have got to do the homework upfront and do the hard work – so that when you get that one minute with decision-makers and buyers, you’re going to strike a chord because you’ve done all the homework and we’re not looking for them to build out your product. You want to make it easy to make a buying decision. And that is where I think it is slightly different than the lean startup model.”
• A couple of follow-on comments from members on Clubhouse: “Clubhouse was interesting. We were participants in that when it was just a few thousand people and we would say, “this is really cool. We had a lot of fun.” And then in the next sentence we would say “this does not scale at all” – because the thing that makes it fun is the exclusivity. So by its very nature, you can’t have a lot of people. And then back to the comment about first-mover advantage. I think Clubhouse had a first-mover advantage, but a few lines of code and Twitter can field their own capability like that Twitter spaces. But is Twitter Spaces working?”

The Quantum Computing, Quantum Communications, and Quantum Security Markets

The meeting transitioned to a broad discussion of Quantum: We need to understand the quantum computing market and quantum communications and quantum security because there’s some great capabilities out there, but there are also a few that are kind of Theranos-level frauds.  We need to really scrutinize that segment of the market.  Is there anything we could summarize when it comes to quantum?

The following site was then shared with the membership for discussion:   Mergeflow | Quantum computing

General Feedback from the OODA Network on Future Topics, Filtering, and Curation of OODA Loop Research

• A major advance recently was Japanese research on signaling fiber signaling increases on existing fiber. The kind of performance increases they could get so huge. It appears to be a huge innovation and an interesting topic and it uses the existing infrastructure. You add high-performance computing to high-performance fiber signaling and what are the implications for that?
• What is the next big, high economic value from increased throughput across the network? The broad suggestion is the metaverse quote unquote – and whatever that is per se. But solutions for the parallel crises of climate change, disinformation, et cetera? Does it help with carbon capture?
• The future of personalized healthcare was also offered as a topic for exploration.
• Rural high-speed broadband was also discussed: High-speed broadband from your cell phone from a satellite could change the game completely around the planet.
• What role will space communications play in terrestrial connectivity innovation moving forward?
• Connectivity innovation is definitely a huge driver. It will also drive mobile devices as the connectivity platform, but mobile devices as the compute platform for AR and VR. Upgrading your phone every year: the new compute power is not adding any value. So we need that next generation of the value proposition that will justify advances at least on mobile platforms re: speed and compute.
• Different frameworks for how to quantify inflation and risk awareness during an economic downturn were also discussed.
• The supply chain is the potential as a strategic lever for adversaries that want to negatively impact or distract the U.S. economy or disrupt our innovation. An adversary could use the supply chain in the future as a tool of influence. The weaponization of the supply chain is something that we’ll see in the future.
• Continuing to provide research and analysis of everything cyber, including recent cyber legislation, incident reporting bill for critical infrastructure, the new SEC bill requiring companies to disclose cyber, state-level legislation information assurance policy, federal privacy mandates and security mandates, requirement, compliance requirements, state and federal policy conflicts, state-level data breach notification laws and international incident reporting laws.

Links and Resources from the Chat

Per a network member’s request at the end of the call, the URLs shared in the chat have been compiled here:

• Cockroaches Versus Unicorns: The Golden Age Of Cybersecurity Startups | TechCrunch
• OODA Loop – By Design, The Quantum List Companies are Strategically Structured for Exponential Speed and Scale
• OODA Loop – People, Culture, Organizations, Cybersecurity, and Technology
• Mergeflow | Quantum computing
• Japan sets a new record, bringing the world closer to the internet 100,000 times faster than current speeds (yahoo.com)
• https://scorpioncapital.s3.us-east-2.amazonaws.com/reports/IONQ.pdf
• IonQ, Inc. (IONQ) Stock Price, News, Quote & History – Yahoo Finance
• Arqit
• RealLifeLore | Nebula
• Steve Blank: Innovation and Entrepreneurship
• National Technology Security Coalition the CISO Advocacy Voice (ntsc.org)
• BreachRx – Dynamic Privacy Incident Readiness & Response

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community