However, since then, things have changed. Let’s revisit those predictions and make some new ones.

1. The Threat Landscape is Changing

2023: Not really.
2026: AI has entered the chat. 

For 2023 I wrote, “everybody will experience the same quality and quantity of attacks that we did in 2022. The technologies, personnel, and practices may change causing us to perceive security differently. However, the actual threats we face will remain mostly the same.”

For the most part, this prediction remains the same. The threat landscape in 2026 will be about the same as 2025, 2024, 2023, and so on. Malware is still a threat. Credential theft remains the primary focus of attackers. And hackers still have the upper hand in every way.

However, when we look at AI systems, there are tremendous changes in the threat landscape. Perhaps the most interesting of these threats are data poisoning attacks. These specifically target AI systems and large language models (LLMs) to produce flawed or misleading output. In 2024, NIST released an advisory about this kind of attack based on a study they conducted titled Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. This study is an interesting read. It is extremely thorough and even identifies some lingering cybersecurity challenges such as the dilemma of open versus closed systems.

The mitigating factor with this kind of treat is that it targets the AI platforms, and not the end users of those platforms. This limits the scope of this threat to a handful of AI platform providers, such as OpenAI, Google, Microsoft, etc. Furthermore, I could not to locate any confirmed instance of a data poisoning attack, however that does not mean it has not happened.

What is a larger issue are employees sending company data into AI platforms with no regard to the sensitivity of that data. This poses a complex challenge for organizations who want to enjoy the benefits of AI but need to protect sensitive data. It also poses a massive challenge for regulated systems under standards such as FedRAMP, CMMC, etc.

Fortunately, the industry is responding to this with ample technologies to manage, monitor, and control AI access as well as model context protocol (MCP) servers. Some examples of AI security providers in this space include Obsidian, Zenity, and Cyberhaven.

2. Executives Will Start Taking Security Seriously

2023: Probably not.
2026: No, and you can turn in your badge with security. 

For 2023, I wrote, “Information security is an esoteric threat to executives. They know it exists, but they cannot quantify it with clear consequences. They know it is serious, but they do not know how to dimmish the threat. They know harm is possible, but it is easy to dismiss it as somebody else’s problem.”

Around 2016 or so, I noticed that many executives would tune out the moment cybersecurity was mentioned. I had CEOs once tell me he was sick of security slowing down his company. Here we are a decade later and this attitude has only become more prevalent. A recent example of this attitude happened in early 2025 when the Trump administration wiped out the entire Department of Homeland Security’s Cyber Safety Review board. The message was unambiguous: security is unimportant. 

Executive indifference to security is a massive barrier for security startups. Leaders only care about security when it becomes a catastrophe. And all they really want is to find somebody to blame.

3. Companies will Commit to Stronger Security Defenses

2023: No, they will stick with “good enough” security
2026: Good enough is pretty good.

What I wrote for 2023 remains relevant. “It is not that executives do not care at all about security. They care up until the exact point they are on par with everybody else. This is the “good enough” approach to cybersecurity. Companies focus on doing what is an “industry standard” rather than doing what is necessary.”

Fortunately, “good enough” security is getting pretty good. One example of this was AWS’s recent announcement of their security agent product. This is a cool new AI technology that can scan an environment, locate vulnerabilities, and suggest improvements. While no AI agent will ever be as good as a skilled human penetration tester, for most organization, this agent is all they really need.

Another good example of how “good enough” has improved is Azure Sentinel. What used to be a mediocre SIEM and endpoint product, has evolved into a respectable security platform. Azure environments have Sentinel built-in, so Azure customers can access and use it easily.

4. We Will See a Megabreach that Cannot be Ignored

2023: We are already ignoring them.
2026: Megabreaches, what’s that?

I cannot even think of a megabreach from 2025 that had any significant impact. Apparently, Verizon had a massive leak in August, which they denied. Whatever. This is a classic “boy cried wolf” problem.

5. Security Staffing will See Improvements

2023: Not likely.
2026: Define “improvements.”  

For 2023 I said, “Cybersecurity does not have a staffing problem; it has a staffing crappy jobs problem. There are ample people out there who want to pontificate about all their grand theories of security. What nobody wants to do is actually run anything.”

The most significant change for 2026 is that AI is changing who companies are hiring. AI can do what a lot of security analysts and engineers once did. It even can write NGINX config scripts, which is something nobody can successfully do. (Yes, that’s a nerdy joke.)

AI can also do a lot of the grunt work industry analysts do, as Richard Stiennon has proved with his IT Harvest platform.

None of this is good news for job seekers. While the cratering US economy accounts for a lot the downsizing, AI is only making it worse. AI will never entirely replace humans, but organizations are testing the limits of that. Teams are being shrunk, and the remaining staff is expected to fill the gaps with AI tools.

This adds up to a bleak outlook for security staffing in 2026.

6. Cloud Eats Security

However, the ultimate prediction for 2026 is that security is everywhere, integrated into everything. In 2021, I identified a growing cybersecurity trend: Cloud Eats Security (also called “platformization”.) Cloud providers, like AWS, Azure, and GCP, and SaaS providers like Salesforce or ServiceNow, were (are) slowly consuming many of the traditional security capabilities (firewall, intrusion detection, vulnerability management, web-application firewalls, etc.)

The impact of this trend is that security is now integrated into the platforms companies use. Companies do not need to purchase individual point-solutions which demand complex and expensive integration efforts. However, even the point solutions are getting on board with this trend, making their products much simpler to roll out and fully integrated into cloud and SaaS offerings.

This was one of the reasons why Google paid $32B for Wiz in 2025. Wiz is a powerful platform that simplifies a lot of cloud security functions. Cloud security providers, like Cloudflare, are also rolling out new capabilities practically everyday. And some of those are free, such as Cloudflare Tunnels which allows anybody to securely host anything on the Internet.

To help monitor all these integrated systems, there are emerging AI-powered security operations products from companies such as AI Strike, Torq, and Dropzone AI.

If all this AI stuff seems unstoppable, and wildly insecure, well, it is. However, there are promising emerging technologies such as Automated Moving Target Defense.

And the final piece of this trend is the rise of automated, integrated managed security providers who can keep an eye on everything. In early 2025, I worked on an MSSP analysis project. I was stunned at how many MSSPs had fully embraced automation, AI, and the cloud in their offerings. Unless your organization is gigantic or a government agency, there is no reason to do security internally. Hire an MSSP. There are a lot of great ones out there that can further simplify security.

Conclusion

For 2026, I predict cybersecurity will continue down the path of more integration, more platformization, and more simplicity. This will not stop attackers, but it does swing the odds of success toward the defenders.

As for the attackers, like the rest of us, they are going to use AI to do their dirty work. And like the rest of us, they are going to generate a lot of pictures of cats playing pickleball. Which means defenders do not need some whiz-bang quantum oscillating over-thruster to stop them. They merely need to make the most of the security tools they already have.

NOTE: The companies mentioned in this blog are for examples only. I received no compensation for mentioning them nor do I endorse them or their technologies. 

The post 2026 Cybersecurity Predictions appeared first on Zenaciti.

Check out the full story at the Stack.

The post Is Microsoft About to Kick Security Vendors Out of the Kernel? appeared first on Zenaciti.

NOTE: I was recently quoted in a story for NPR’s Marketplace regarding this issue.

For clarity, a software monoculture is when an organization uses a small, standardized set of software, service providers, and/or hardware. The most obvious example is the dominance of Microsoft Windows on desktop and laptop computers. Software monocultures extend to security technologies as well, which is why the CrowdStrike outage was so widespread.

Like it or not, the software monoculture is here to stay. Standardized compute environments are preferred as they are easier to monitor, manage, and secure. The recent uproar over monoculture due to the CrowdStrike incident is a distraction. It avoids the real problem that organizations are unprepared for systemic outages and looking to blame somebody else for their problems.

Marge vs. the Monoculture*

In the early 2000s, my company was conducting a penetration test on a client. One of our scans crashed the customer’s network. After a tense 30 minutes, we got them back online. However, the CIO was enraged and demanded to know why we did this. When I explained that the firewall had a bug that made it crash when scanned, he persisted with his complaints. I reminded the CIO that discovering this kind of flaw is why you conduct penetration tests.

This incident was an opportunity to build resilience into the organization. However, this immature CIO was more interested in who he could blame for the outage rather than how to recover from it. Similarly, every time there is a large outage, social media fills with “thought-leaders” whining about how evil Microsoft is and that we need the government to intervene. The recent CrowdStrike debacle is no different.

Microsoft is not evil. CrowdStrike is not incompetent. Bugs like this are not indicative of some systemic failure. Mistakes happen. The mistake is not as important as how we react to it. Either you view an outage as an opportunity to improve or as an opportunity to blame.

Blaming others for the outage does nothing of value. It merely allows people to feel better about the situation. An outage should be seen as a chance to review response, recovery, and contingency plans. Organizations that had reliable plans breezed through the latest outage. Those that did not struggled to come back online.

More is Worse

Ultimately, monocultures are a net positive. A standardized, uniform, consistent environment is immensely easier to manage, monitor, and secure. This is not a new idea. Standardization has been a driving force in technology since the dawn of civilization. The entire Internet is built on standards. The benefits of a monoculture far outweigh the negatives.

This reminds me of another immature CIO I encountered. The CIO’s security team was struggling to operate their next-generation firewall (NGFW), resulting in numerous outages and security incidents. Consequently, the CIO wanted to purchase a competitive NGFW and run them both, believing that one could monitor the other. In a moment of brutal honesty, I replied: “You cannot effectively run one firewall; why do you think running two will be better?”

This CIO believed that the firewall (or monoculture) was the problem. He also believed that adding more technologies to the environment would compensate for this perceived weakness. Of course, the problem was him (and his team). They were blaming the technology for their own inexperience and ignorance. Unsurprisingly, the new firewall they installed caused additional problems and more outages.

Single Point of Fail

This CIO was consumed with preventing a “single point of failure.” The single point of failure issue is often applied to Microsoft Windows since a single flaw in Windows can lead to systemic outages. There is truth to this. However, it is not a justification for adding complexity to the environment. Making an environment more complex with a diverse set of technologies merely to avoid a possible single-point of failure only creates lots of points of failure. At least with a single point of failure you can identify, remediate, and recover more quickly.

When redundancy is necessary, it must extend to all dimensions of the environment. This is why containerization and cloud technologies are ideal for resilience. They have redundancy integrated into the platforms.

It does not make sense to spend millions building redundancy into a cloud architecture only to entrust its successful operation to a single overworked IT person or single piece of security software (like CrowdStrike). For redundancy to truly work, it must extend to all dimensions of the environment. This becomes an immensely expensive proposition, which makes it unreasonable for all but the largest organizations.

Every organization has single points of failure. They are unavoidable. It is useful to know where they are, but it is not always useful to mitigate them. Rather than implement complex redundant systems, have a robust set of contingency plans to rapidly recover in the event of an outage.

Overcoming Monoculture Anxiety

The CrowdStrike incident added a lot of stress and anxiety to already overworked IT teams.  It is natural to seek out ways to prevent the next incident.  However, the answer is not to deploy more technology (necessarily.)  CrowdStrike is an effective security control.  It is effective a lot more than it crashes.

A more reasoned response to this (or any other outage) would be:

• Review your system backup and recovery processes. You should be able to restore any system, anywhere in your network to a previous state on a moment’s notice.
• Consider technologies that provide rapid recovery. Microsoft has many of these embedded into the operating system.  There are plenty of third-party tools as well.
• Have a contingency plan for effected workers. One suggestion is to quickly spin up cloud-workstations in AWS or Azure that employees can use to continue working.
• Have a communications plan. When systems are offline, employees, customers, and partners need to know what is going on.  Have a way to contact everybody with a unified message.  This message should come from senior leadership (like the CEO).
• Perform an annual “table top” exercises with your teams on how they would respond to an outage. This prepares people to handle the situation.
• For mission critical systems, migrate them to containerized platforms that can automatically reset to a known good state. For security, consider moving target defense technologies.

Conclusion

Outages are inevitable. No amount of technology, people, or processes can overcome this. Rather than complain about Microsoft’s dominance, work on ensuring that when those Microsoft systems go down, they can be recovered and reset quickly. Microsoft already has integrated functions in Windows to support this. Moreover, numerous third-party companies provide rapid recovery software.

This most recent outage demonstrated clearly which organizations had dependable contingency plans. Those that did were up and running in a few hours. Those that did not spent time blaming others rather than fixing their problems.

The monoculture is here to stay. How we react to it can change.

* This is a reference to the Simpson’s episode, Marge vs. the Monorail.

The post The Software Monoculture Is Here to Stay appeared first on Zenaciti.

PAN is not the first to try this strategy. Cisco, Symantec, and McAfee all tried, and all failed at building a platform of security products. Microsoft (MS) is well on their way toward a single security platform as well.

PAN’s strategy may be flawed, but the idea is not.

PAN correctly identifies that companies can benefit from a single, unified interface for security monitoring and management. However, their execution is the problem. PAN and MS are both building a Platform for Products. The PAN platform only manages other PAN products, and likewise for Microsoft. This makes these platforms limited and constrained.

What the security industry really needs is a Platform of Platforms (PoP).

What is a Platform of Platforms?

In an ideal world, cybersecurity teams would have a single portal where they could go to interact with their entire information security environment. This is a Platform of Platforms. A PoP would not necessarily manage every aspect of all those disparate products, but rather provide a simplified way to see their status, access key data, and perform routine functions. A PoP unites the entire security infrastructure into a single portal.

With a PoP, security teams could integrate any security product, whether it is PAN, Cisco, Wiz, MS, Crowdstrike, etc. into the platform. Those products would then publish a set of capabilities to the platform.

For example, the PoP would not manage an endpoint security product like Sentinel One. Yet, it could show a list of endpoints not secured along with other useful reports, such as malware blocked. It might also perform some common management functions, like kicking off a network-wide scan or search for a specific file-hash value.

The PoP is a window into endpoint security, but does not replace Sentinel One’s native management tools.

Now before you dismiss this idea, have you looked at ServiceNow or SalesForce lately? They are essentially PoPs.

PoP Drop

Naturally, you are shaking your head saying this is impossible. Ten years ago the management portals companies built for their products were completely closed. Now everybody uses an API, and those APIs are published (some publicly.) APIs are insanely powerful. They open up a product’s possibilities in ways most vendors cannot even imagine.

PoPs could use these APIs to interact with each product, to obtain data and execute functions. SIEM and XDR platforms have been building huge databases of functionality to accommodate a vast library of third party tools. This effort would only be slightly more complex than those efforts. Moreover, this is exactly the kind of problem AI could help solve.

Sounds like a SIEM

SIEMs are the closest relative to a PoP. The challenge with SIEMs is that they are focused exclusively on managing data from products. A PoP would go a step further to actually interact with a product’s native API. However, a SIEM would make a logical starting point to build a PoP. Some of the larger SIEM products are rapidly approaching a PoP-like functionality.

Who Runs PoP Town?

Naturally, the question is who owns or runs this PoP. No single security vendor could do this. Building a PoP would require a company with vast resources and a reasonably neutral position to the vast set of security products on the market.

This is why PAN’s platform is unlikely to succeed. It demands you buy completely into the Cult of Palo Alto Networks. PAN has made it clear they are not going to sell a platform that manages non-PAN products.

The obvious answer to who could do this is the cloud service providers: AWS, Microsoft, and GCP. They have the resources and are reasonably neutral to security products. AWS is already partially there with their Security Hub product. Azure has a security console now, but it is a clunky mess. And GCP has not been acquiring security companies for fun. They obviously have big ideas as well.

A PoP was part of my own vision for a product years ago. I envisioned a platform that could not only build itself but configure a disparate set of tools and provide a single management interface. My vision was too big for my funding, so I downgraded it into a compliance product.

PoP Benefits

The single greatest challenge in cybersecurity is and always has been complexity. The more complex a system is, the more difficult it is to protect it. Modern enterprise environments are insanely complex and insanely complex to secure.

The ultimate purpose of a PoP: create a simpler, more streamlined way to interact with the security architecture. Provide a single place where a diverse group of people, from leadership down to operations can access and interact with the security environment.

A PoP would not replace existing management consoles. Those would still have a place in a PoP environment. There are plenty of use-cases where administrators would need to drop down into a native console to perform administrative functions.

I fully admit that a PoP is a bit of a pipe-dream at this point. The effort necessary to build a viable, working PoP is extreme. However, this is yet another way that cloud providers could continue their consumption of the security industry (see Cloud Eats Security.)

NOTE: Since writing this blog in February of 2024 I have started seeing actual products making a run at this concept. Google’s acquisition of Wiz and Zscaler’s acquisition of Red Canary are two prominent examples of consolidation in the pursuit of an “all in one” style platform.

The post Platform of Platforms appeared first on Zenaciti.

A few years ago, I predicted that the large cloud service providers (CSP), like Azure, are slowly consuming security products and offering them as services.  This was not a prediction, but rather pointing out the obvious. This had been going on for years, starting with AWS offering web application firewall as a service.  With each passing year, the CSPs have expanded their security services.  For example, Microsoft added Sentinel, GCP built Chronicle, and AWS added GuardDuty.  Microsoft is particularly aggressive in bundling their security tools and capabilities into Azure and Office 365 platforms.

The CSPs already have the tools. They have the knowledge. They have the ability. Why not give customers free security as part of their hosting costs?

The free offering should be a complete defense in depth platform: endpoint security, vulnerability management, network firewall, intrusion detection, web application firewall, data encryption, identity management, and centralized log monitoring.  Unite them into a single console, offer them for free to any customer hosting workloads on the platform.

Why should they do this?

A Case for Free Cloud Security

While there are many reasons for free cloud security, there are three compelling ones that deserve attention:

1. It Would Show a Commitment to Security

CSPs are increasingly entangled in the security of their customers.  When there is a breach, customers are quick to blame the CSP.  AWS for example has a long history of being blamed for leaky data buckets, which is entirely unfair since they do not control the access rights.  Offering a complete suite of security tools, for free, would demonstrate a commitment to ensuring customers host their workloads securely. It also would allow the CSPs to integrate security tools into their templates and blueprints.

2. It Will Accelerate Cloud Adoption

Large and small companies routinely cite security concerns as a primary reason for not migrating to the cloud.  This 2019 story validates that thesis.  Offering free security would encourage a lot of companies (even enterprise sized ones) to move to the cloud.  Free security lowers the burden of relocating workloads to the cloud. It allows companies to more quickly build secure environments that can host sensitive workloads.  It may also convince companies that fear cloud adoption that it is safe.

3. It is Good Business

Free security would not come cheap for the CSPs but it would increase billings.  One of the things I noticed when I helped customers move workloads to the cloud, was that security drove additional spending.  Once an organization was comfortable with the security of their platform, they were comfortable moving more workloads into the cloud.  Moreover, there was a natural sprawl of usage. In one customer, I recall their AWS billings more than quadruped when we deployed strong security controls.

Free security makes cloud hosting more attractive to customers.  It also reduces a customer’s expenses. That frees up budget for more cloud spending on instances, databases, and other services.

Drawbacks

What about the existing security vendors?

Their business would erode.  Stand-alone security vendors like Crowdstrike, Qualys, or Palo Alto Networks would see some lost business. This means they would need to adapt to offer more advanced security capabilities beyond the baseline.  That is still good for the rest of us.

Can we trust CSPs with security?

We already do.  Our data is already at these CSPs.  You think all those SaaS application subscriptions you purchased are running on some Dell server in a data center?  They are running at AWS or Azure.  I have seen the security operations at these CSPs. They do a significantly better job at security than 99% of the organizations out there.  They have to, otherwise customers would abandon them.

It Creates Platform Lock-in

That already exists. For all the talk of “multi-cloud” strategies, extremely few organizations implement them.  Multi-cloud strategies are insanely expensive.  This would not fundamentally alter the lock-in issue.

There is No Way AWS Could Compete with the Likes of Palo Alto Networks

They do not have to. This is not about building the best security tool possible. This is about building a capable set of tools that can deliver a reasonably acceptable security baseline. Again, think Microsoft Defender. Is it the best AV on the market? No, but it is better than nothing.  For smaller to mid-sized organizations, it is completely adequate.  A free cloud security platform would offer an adequate set of tools, not top-of-the-line stuff.

What is Good for One, Is Good for All

There is one more compelling reason for cloud providers to offer security for free – it is the right thing to do.

Decades ago, the Bill and Melinda Gates Foundation began funding immunization efforts in developing nations.  Eliminating curable diseases was not only good for the people, it was good for all of us.

Microsoft did something similar.  It began bundling Defender Antivirus with Windows. Initially the product may have had weaknesses, but it spread anti-virus to the masses.  Entire strains of common malware disappeared.

Cloud providers are in a similar position.  They could make their platforms stronger and more desirable with a complete, bundled security platform.  Then small businesses, non-profits, and governments world-wide could operate more securely.  Which is good for us all.

AWS, Microsoft, and Google, you can make this happen.  Do it.  Do it for your own interests.  Do it for ours.

The post AWS, Azure, and Google: Make Security Free for All appeared first on Zenaciti.

These are all reasonable explanations, yet they ignore the most obvious one: outlandish valuations. Is a startup with $5M in revenue worth a billion?

No…and to think otherwise is outright delusional insanity. However, I do not fully understand the absurd valuation math of Silicon Valley. It seems that if an investor believes a valuation is true, then it is.

Keep in mind, this is the place that minted valuation absurdities like Theranos, Webvan, and (here is an oldie but a goodie) Cue Cat. Yes, that Cue Cat. In fairness, for every Cue Cat that Silicon Valley funded, there are dozens of genuinely innovative companies that contribute to the forward progress of humanity.

Whether it is absurd valuations or the lack of baby formula, a reset for startups seems inevitable. So, what kind of evasive maneuvers can startups take to weather the coming dark times?

Vision

To paraphrase the great philosopher Freewheelin’ Franklin: vision will get you through times of no customers better than customers will get you through times of no vision.

Vision is a description of the future. A well-defined, well-articulated bright future inspires hope. Hope that the company will successfully navigate through the darkness. Hope that rewards are attainable. Hope that all the struggle, toil, and stress will be worth it and have meaning.

To paraphrase Jyn Erso, startups are built on hope.

To promote a brighter future, startup leaders must emphatically promote the company’s vision. To do that, answer four questions:

1. Why does the company exist?
2. What problem(s) does the company solve?
3. What are the values of the company and its people?
4. How can people find meaning and relate to those values?
5. Where is the company going?

Do not make your vision about money — ever. Money is a weak motivator. Moreover, nobody cares about making money for the investors or founders. Vision must be about something people can genuinely care about. Money must be the result of staying true to the company’s vision, values, and mission.

Vision gives people purpose. Without purpose, employees invariably ask themselves “why am I here?” It does not matter how smart you are, or how many big shots you know, or how much money you have in the bank, without purpose people have no reason to stick with the company.

Vision will get you through the downturn. However, words alone will not solve everything. There are some other ways to stay on target.

Automate

One of the many ways we sap meaning from people is to put them into roles with repetitive, boring work. Automate repetitive tasks and promote the people into more meaningful work.

The mere act of shifting people’s focus from performing a repetitive task to automating that task, provides a more satisfying job. Moreover, one a task is automated, your products and services become more reliable, scalable, and valuable.

Put that Coffee Down

Maybe you need Alec Baldwin to yell this at you: Always Be Closing. You need to sell, sell, and sell some more. To do this, you must arm your sales team with the resources they need to effortlessly demonstrate your company’s value.

For example, all salespersons must be able to expertly demo your products at a moment’s notice. If you sell services, you must have a library of sample output (reports, content, etc.) that demonstrate your capabilities and expertise. Demos and samples are effective ways to communicate your company’s competitive advantages.

In my experience, the only way out of a hole, is to sell your way out. There are only so many cuts you can make to staff or spending before the company becomes ruined. Investing in sales and marketing is the ticket out of the dark times.

However, before you charge ahead, be clear with your sales and marketing teams that results are the only metric that truly matters. Effort is expected, but results are what they are measured on.

Product Improvements

You know the next valuation is going to be low(er). So why not actually improve your app and have something more valuable? Downturns are an excellent time to clean up all the crap in your app that is holding you back. Quit dickering around with every dumb customer feature request and go back and fix the big stuff.

Emerge from the darkness with products and services that are more valuable, and therefore can command reasonable valuations.

Repackage

When times are tight, buyers go bargain hunting. They expect every app, service agreement, and subscription to go farther, offer more, and solve more problems. If you are a special little unicorn app that only works in a narrowly defined set of requirements, then it is time to repackage yourself and broaden your appeal.

Build packages that solve entire business problems all in one. Moreover, reprice everything into monthly subscriptions, usage-based billing, or extended terms to make payment easier on customers.

Partner Up

Rather than be a lone sinking ship, partner up with other sinking ships. This also can help with repackaging. If you can bring partners to the table that fill gaps in your offerings, then you have more to offer.

However, before you sign up a bunch of partners, make sure you understand how each partner makes money. Each partner must be able to see how they can benefit, otherwise it is not a real partership.

However, be honest with your scale. A $5M startup is not going to have the market reach of a titan like Cisco or Microsoft. If you partner with a bigger player, then you need to accept the inherent unequalness of the partnership.

Be Brutally Honest

Unfortunately, tough times mean doing more with less people, resources, and time. Layoffs, cutbacks, and delays always feel bad.

Do not sugar coat the unwelcome news. This only makes you look foolish and desperate. Also do not make it about you. Be honest about the changes. Show remorse but show resolve as well.

The intent is to show you care about people, but you are committed to staying the course and seeing the bad times through. This is why vision is so desperately important in bad times. Layoffs and lost deals are the ideal time to double down on the company vision, values, and mission. It pulls everybody back together and recenters them on why the company exists.

Conclusion

Do not give up. Downturns are inevitable. Yet, nothing bad lasts forever. Startups can survive (even thrive) in bad times. Moreover, as the Wired article points out, troubled times can mint stronger companies. The key to coming out of this storm is keeping your eyes on the prize.

To quote one of the greatest philosophers I knew: perseverance furthers.

The post Surviving the Startup Crash appeared first on Zenaciti.

It is all those things and more.

Just because the Metaverse is overhyped does not mean we should dismiss it. If you look at the Metaverse in the context of its closest cousin, immersive, online, interactive games, such as Fortnite or Minecraft, then its success seems pre-ordained. For example, Fortnite has over 350 million users and generates billions in revenue. Is the Metaverse Fortnite Next?

The Metaverse is a combination of grand promises and formidable obstacles. While it promises to deliver an immersive and engaging way to interact with people and companies, it faces enormous technical, structural, and social impediments. Let’s look at some of these obstacles and one notion of how they might get fixed.

Interoperability

Among all the monsters that lurk among the Metaverses, interoperability is the most difficult kraken to slay. Currently, Metaverse worlds do not seamlessly interact with each other. If you buy something on one site, it does not (easily) transfer to any other sites. There are no agreed-upon standards for how information is stored, exchanged, or secured. There are no standards to protect children from adult content.

The Metaverse is currently a collection of isolated worlds (like online games) that need to work together. The only way that can happen is if all the sites standardize around a common set of protocols.

Blockchains

Part of the reason for the lack of Metaverse standards is its reliance on Blockchain technologies to store and distribute data. Blockchain is a decentralized transactional system. Cryptocurrencies are the most popular implementation of blockchains. The use of blockchains means no single authority controls the transactional database (or chain.)

However, the lack of central authority has failed to make cryptocurrencies safer, freer, or more accessible. Instead, it has given fertile ground to scammers and criminals who can manipulate the lack of central authority to inject false information or steal blocks.

In response, most blockchain-based systems are transitioning to hybrid or closed systems, where there is a central authority to arbitrate transactions. When there is a central authority, there can be certainty and the enforcement of standards. However, this unleashes another kraken.

Zuckerberg

Nobody exerts more gravitational pull in the Metaverses quite like Meta (aka Facebook) and its CEO Mark Zuckerberg. He sees the Metaverse as the next big thing and wants to dominate it. Zuckerberg’s influence is simultaneously the best and worst thing for the Metaverse.

On one hand, Meta and Zuckerberg have the influence, power, and scale to promote and expand the Metaverse like nobody else. One way Meta does this is with the Occulus headset, which is widely regarded as the gold standard for VR headsets. To his credit, Zuckerberg is a technically skilled leader who understands the problems of interoperability and genuinely wants to fix them.

On the other hand, it is Meta’s control that makes people nervous. The more control Meta gets, the more the Metaverse may feel like Facebook Next rather than Fortnite Next.

Hardware

To really get into the Metaverse, you need a virtual reality headset. Fortunately, these are becoming more affordable. Also, headsets are not necessarily required. Most operating systems and web browsers now include VR rendering libraries. It is possible to experience the Metaverse without a headset; however, the experience is less engaging.

Nevertheless, VR hardware is not widespread yet. Also, VR technologies have extreme bandwidth demands, which leaves people with slower connections behind. Among all the Metaverse impediments, hardware is one of the easiest to overcome.

Security

The lack of standards in the Metaverse also means there is a lack of security. These security problems exist at multiple levels. Many of the headsets require wide-open network connections. The application programming interfaces (API) that fuel the data exchange of the Metaverse are equally unsecured. Metaverse databases or blockchains contain not only your identity but also virtual items of value, including an immense amount of data on your personal behaviors. If Facebook is a gold mine of metadata about you, the Metaverse is a whole universe filled with exotic treasures.

Creeps

It is not hyperbole to say the gaming world is filled with creeps. A whole subculture of gaming men genuinely believes that harassing women, people of color, and other marginalized communities is not merely acceptable, but is somehow a free-speech birthright. The lack of moderation in online games and social media has fueled the growth of self-defending communities of creeps who empower, validate, and protect bad behaviors.

The Metaverse will supercharge these creeps. It provides them with a whole new dimension of ways to harass people with images, objects, and behaviors.

Decades of research have shown that if gamers do not face consequences for bad behavior, they will not self-correct. Of course, when the creeps are confronted, they quickly hide behind the banner of free speech. This entangles all the other Metaverse obstacles with the sticky moral quandaries of free speech and censorship.

If interoperability is the most significant technical impediment for the Metaverse, the creeps and their free-speech claims are the largest social ones.

Conclusion

If the Metaverse is going to live up to its promises of a new way for people to interact, it must resolve these obstacles. While there are many ways these could be handled independently, there is only one universal solution. The Metaverse desperately needs one or more standards bodies to regulate these issues and enforce standards. For this body to work, it must be internationally accepted and not under the dominance of any single commercial entity. However, it must involve key commercial players, like Meta, Epic, and Microsoft, to name a few.

There are some existing logical bodies, such as the United Nation’s ITU or World Wide Web Consortium. Regardless of which body takes on this task, with the right standards-based regulation, the Metaverse is far more likely to fulfill its promises.

Originally published at https://www.nasdaq.com on April 28, 2022.

The post Can the Metaverse Overcome Its Obstacles? appeared first on Zenaciti.