No Priors Ep. 38 | With Material Security Co-Founder Ryan Noon

So this week I'm joined by Ryan Noone. He's the co-founder and chairman of Material Security, the cyber security company making cloud-based email a safe place for sensitive data. He previously started Parastructure, which was acquired by Dropbox, where he was an engineering manager prior to starting Material Security. Ryan, welcome to No Priors.

Hey. It's g- it's great to be here, man. Always lovely to talk to you.

Ah, yeah, it's always fun to chat with you. Um, so one of the reasons I was excited to be chatting with you today is, I feel like you have such a great perspective on, uh, both the broader security industry, various tech topics, et cetera, but also specifically how this all starts to tie into AI. And I know that at Material you were, um, a very fast adopter actually of, um, AI-related technologies as the first sort of APIs really came out, and you started playing around with them quite early and doing interesting things with them. Do you wanna first talk a little bit about how you started Material, and then maybe we can touch on how you started getting involved with the AI side of it?

Yeah, sure. Um, so we started Material, I guess, 2016, 2017 or so. Uh, I had left Dropbox and, um, you know, was living in Europe, and fell in love with, uh, all the election hacking that happened year, um, you know, that year was pretty nasty (laughs) . Like, every random Gmail account kept getting, like, dumped on the internet. So, I, I had an idea for, like, you know, how to protect a Gmail account, you know, just an ordinary personal one in, like, a fairly novel way. Uh, I coded it. It shockingly worked, the Gmail API let you do it. I brought it back home and, and showed it to some friends, and, uh, we realized this is actually a special case of a broader way of thinking. Now, seven years later, it's a, you know, whatever cyber security unicorn thing, and we get to work with the coolest companies, you know, in the world by far, and the stuff that you get to do at- at this scale is just mind-blowing. It's (laughs) , it's wild to think just where it started and- and- and where it's come.

And what- what are the main products that Material focuses on? Just for the- the audience, so they have a better sense.

Yeah, so, um, the- the broad thesis is basically we've all kind of got these Google and Microsoft accounts. Um, you know, email is- is sort of where we started, but, you know, since then we've kind of, uh, just went deeper and deeper and deeper into sort of everything that you can use, uh, you know, a Gmail account or a Microsoft account for. Uh, the bread and butter of the business is selling, you know, to- to companies, you know, mid-size and up, uh, with these kind of, these big Google Workspace and Office 365 deployments. Uh, the product has a bunch of different modules that are all kind of based around the- the main things people worry about. Um, the- the kind of, the first big product that you mentioned, you know, in the intro was, people have years and years of sensitive information sitting in these accounts. If somebody, you know, gets into your Google account, they're just gonna download all of your email, uh, and go through it later, and your whole life is in there. It's even worse, you know, in- in a corporate environment. And so that product, what it can do actually is, uh, it finds, you know, sensitive stuff that's just sitting around, kind of just sitting in your inbox, uh, in your archive, whatever, and then it can basically redact it and then replace it with a clean copy so that if somebody gets in and downloads the whole thing, they don't get anything good. Uh, but then if you happen to need it, like I- I- I like having all this information at my fingertips, you can just press a button and you have an extra face ID or a touch ID or, you know, more advanced policies and- and- and work, but just something that's easy for you but hard for the attacker. So we started there, and then we expanded into anti-phishing. You know, people can send you tricky emails and get you to do things and steal money from you. Uh, we expanded into account takeover protection which is, you know, more of the things that people do, uh, after they compromise the account, and you know, I try to reset all your other accounts and steal your bank account and all of that. Just, the- the operative concept is defense in depth, which is just, you know, like, just assume that the bad guy got in, like, what do they want, you know? Like, they got over the wall, there should be another wall and a machine gun. You know, it's like history has all these fairly basic lessons about resiliency (laughs) that, uh, never really always get applied the right way when it comes to computers. So...