Cybersecurity, the moveable feast
Post #75; launching premium subscriptions!
Friends, what to get as a gift for an author? Why, another book of course?
Moderating a discussion with author Jake Adelstein (Tokyo Vice, The Devil Takes Bitcoin) was a blast. We covered the you-really-can’t-make-this-up throughline from the Mt Gox hacking, the Silk Road, chain analysis (the technique, not the company), up to Ross Ulbricht (and CZ) getting pardoned. You really can’t make it up, and very grateful Jake took the time to chronicle it and then release an updated version with strange-but-true coda to the story.
And yes, I gave Jake a copy of Longevity Hubs to take on the rest of his book tour!
The Covid-19 pandemic changed a lot of things - how we teach, how and where we work. For example, since spring 2024, I’ve been teaching in the Flex MBA program at the Haas School of Business - a remote-first cohort within the EWMBA program that itself is a great positive by-product of our learned experience teaching remotely. It turns out we could indeed develop a program to meet people where they are …and also integrate in-person community and culture-building events. (Or, to paraphrase how Cal Henderson, CTO of Slack put it in a fireside conversation on the future of work a few years back, what’s Possible, what’s Productive, and what’s Pleasant, are not synonymous and they form a Venn diagram. With the Flex program, we’re hitting the intersection of those.)
Another pandemic-era realization, and one I’ve written about in this space before - to teach Strategy for the Networked Economy (S4NE) in this connected (but not fully connected) era, I really had to integrate cybersecurity and the topic of trust (generalized, particularized) into the course. I pair these with the statistician/author Nassim Nicholas Taleb’s concept of antifragility, i.e., that which gets stronger for the stressor. Some past posts on the topic of antifragility are below:
and
As I wrote then:
Taleb provides examples from a variety of systems, most notably, entrepreneurs, to show how the failures of one venture can be used to make the overall collective stronger.
As a class, we paired the concept of antifragility with a discussion of the Target hacking case (Cyber Breach at Target; HBS, and recent SEC regulations requiring that public companies provide an 8-K within 4 days of determining a cyber incident to be material.
Why the Target case? The lessons and impacts are known and measured and quantified. We can see the earnings impact, and the various costs. So it provides a clear, well-qualified data set.
With my undergrads, I usually cover cybersecurity and trust on Election Day, because, well, Election Day, and trust! What better timing to talk about cyber-preparedness with group of thoughtful undergrads?
There is another, more entrepreneurial and pragmatic reason, of course, to cover cybersecurity in S4NE - as an investor friend will say, cybersecurity is the moveable feast. The problem is never solved - attack (and defense) vectors are ever-evolving.
This year we hosted a special guest: my Berkeley Law colleague Chris Hoofnagle, co-author of the recent, excellent Cybersecurity in Context. Chris was also faculty director at the UC-Berkeley Center for Long-Term Cybersecurity when I was working on my Open RAN report, published in January 2025 by CTLC.
Last year, Chris had joined class literally on the fly - he hopped in after walking by while I was discussing OSINT with last year’s S4NE undergrads. Campus serendipity at its best! Glad to have him back on a scheduled basis 🕰️ this year.
Our students prepared a host of great questions for discussion. Does AI favor attackers or defenders? Will individuals ever have more control over what data they share (an oldie but a goodie)? Where does quantum fit into all this?
Recent SEC rules around reporting cyber incident (developed after our Target case) are simultaneously stringent (publish an 8-K within 4 days) and leave room for discretion (companies must disclose if the incident is judged material). The case is also an excellent proxy for discussion of vehicles for antifragility: who collects the lessons from incidents, and how are they disseminated to industry? I really enjoyed having this discussion with Chris and a group of (hopefully more antifragile) students.
On the topic of readiness - I really enjoyed joining an event on dual-use technology at the Japan Innovation Campus in Palo Alto a few weeks back.
Dual-use as a term is rather malleable -I have students to whom it means UAx, and others to whom it means energetics, and our friends at Defense Innovation Unit (DIU) have convened challenges around the theme of biodefense. At this particular event, dual-use meant spacetech. Very excited to see companies taking advantage of the decline in component costs driven by the smartphone market (e.g. PlanetLabs) and companies developing opportunities that harness the decline in launch costs as measured by cost/kg (e.g. Gitai, Astroscale). Gitai’s tale of moving HQ from Japan to SoCal so that it could become a US contractor was particularly riveting. That is commitment.
Friends, I’m happy to share that this blog is 75 posts old! 🎂
I’ve enjoyed my three-plus years on Substack. The most enjoyable form of platform serendipity has been interaction with other creators. (To wit: Yes, that was Jon Y on campus for a meetup! Yes, that was Austin Lyons making a guest appearance in Opportunity Recognition class! Yes, Kevin Xu and I might have connected before I went to Kumamoto! Yep, Digits to Dollars was back on campus for a meetup with my students! Yes, I assign an article by Chris Dalla Riva on Spotify revenue share economics! And, yes, Jake Adelstein and I finally met IRL. Babbage, someday we will make this happen 😉. Not to mention, Vikram Sekar, whose posts have helped me prepare. And Burcu Basar, whose posts have inspired me to take a moment to breathe when traveling.) I have really enjoyed getting to know, and learning from, a host of contributors on the platform.
The decision I made in 2022 (leaving the too-hinky combo of Wordpress + Mailchimp) definitely has worked out, in serendipitous ways.
I am commemorating my blogiversary by launching premium subscriptions. I will continue community posts like this, at a 1-2x/month frequency. Going forward, I will reserve the following for premium subscribers:
screen caps from instructional materials
the occasional downloadable
previews from in-progress research
backstage-y stuff: insights from interviews, events, etc
Upcoming topics that will have a premium component:
AI-RAN (or, why NVIDIA seems so fixated on network operators)
Measuring Netflix (given they don’t publish subscribers any more)
More in-depth posts about Japan’s semiconductor industry (spillover discoveries from my research and more)
Thanks for the support! Comments, questions and suggestions are very much welcome. (Looking at you, Babbage.)
Onward and upward! 🚀
Jon
“cybersecurity is the moveable feast. The problem is never solved - attack (and defense) vectors are ever-evolving.”
Absolutely. Great article. Thanks
Excellent analisis; thank you for expertly highlighting how the 'you-really-can’t-make-this-up' narrative of cybersecurity, from Mt Gox to chain analysis, is essential for comprehending the dynamic nature of our digital infrastructure.