Ardan Labs Podcast: Cybersecurity, Beyond Identity, and Identity Defense with Jasson Casey
.png)
TL;DR
Full Transcript
William Kennedy (00:02.422)
Welcome to the Ardan Labs podcast. Our special guest today is Jason Casey. Jason, dude, thank you, bro, for hanging out with us for the next hour, hour and a half, man. I really appreciate it.
Jasson Casey (00:13.836)
Thanks for having me.
William Kennedy (00:15.768)
All right, so for the few people on this planet, Jason, don't know who you are, give everybody the two minute spiel on what you're doing today. But focus on today, and I you to leak anything out. This is a talk about you, your journey. So just today.
Jasson Casey (00:33.548)
So my name is Jason Casey. I'm the CEO and co-founder of a company called Beyond Identity. And yeah, what I'm focused on today is
reducing or preventing security incidents at companies by actually focusing on this thing we call identity defense. We believe 70 to 80 percent of all security incidents, some of which grow up to become breaches, are actually failures of the identity system. And when you kind of systematically look at it, you can get the data and the proof out of threat reports, whether it's Mandiant, Verizon, DBIR, or CrowdStrike. When you look at the history of identity products, you can kind of see why they were built around productivity concepts. How do I get you to work fast?
necessarily built around security concepts. again, like it doesn't take too much to peel back the onion. Think about how much a credential, whether it's a password or an access token, actually tells you not just about the person, but about the device, the workload of the device, the safety of the device, the geography of the device relative to what service or data it's asking for. I've been in security long enough to kind of get me to focus on this in the last, really since 2019. And I think this is the big
The threat to the world right now is identity related exploitation and think identity defense is the best way of solving it through 80 to 90 % prevention and 10 to 20 % detection response.
William Kennedy (01:59.897)
So before we jump into the time machine for a second, anything security-wise always drives my brain crazy because it's such a very large, almost generic sort of topic. So when you say identity, two things. The first thing that popped in my head was the way you were talking was how I'm authenticating into systems. But then my brain went into like the life lock situation where I'm trying to
keep track of anything happening on my credit report, right? So are you talking about both, one or the other, or they're just so, it's a gray area?
Jasson Casey (02:32.353)
Yeah.
Jasson Casey (02:36.108)
you
Jasson Casey (02:39.692)
So if you put on your nerd hat, clearly it's all black and white and there's identity assurance, there's authentication assurance, there's authorization and there's audit and these are three very different things. But if you switch out for the pragmatist hat, they're highly related and if you're not thinking about all of them when you're kind of building out your architecture or whether you're building your product or your company, you're very likely going to not leave the window open but build a hole in your building that
that people and things can come straight in through.
William Kennedy (03:13.294)
See, I hate OAuth. I hate it. I hate it. Anytime that comes up and it's my only option, I get very angry. Like I just don't want to use that for authentication. And then a lot of times I go back into whether it's Google or GitHub and I remove it because it's, I don't know why. And I've coded it. I've had to, like I've been asked to do it and I hate it. I like having a separate username or password for everything. But at the, sort of at the same time,
Jasson Casey (03:15.723)
Ha ha.
Yeah.
Jasson Casey (03:38.365)
Mm-hmm.
William Kennedy (03:43.823)
I love the ideas that Blue Sky are putting forward with this sort of single identity that was tied to DNS. like nobody could really spoof who I am because unless obviously anytime you get my email address you can change everything on the planet. Which was a hard lesson I had to teach my daughter one day. But I kind of like that idea that your identity is in one place, maybe decentralized and
Jasson Casey (03:52.801)
Mm-hmm.
Jasson Casey (04:01.537)
Mm-hmm.
William Kennedy (04:13.25)
You can sort of carry it yourself. Have you looked at what Blue Sky is doing with that protocol?
Jasson Casey (04:18.188)
I haven't the the the ideas that we're really kind of wedded to is Around authentication assurance should be what we call device bound and hardware backed
And these ideas are 30 to 40 years old. They got their start originally in DRM, digital rights management, whether it was for gaming or for media. But at the end of the day, they've had a resurgence in trusted computing. And the idea is really, how do I know what, if I'm software, how do I know what hardware I'm running on?
If I'm hardware, how do I make sure I only authorize the correct software to use these certain hardware capabilities? And we're not a big believer in kind of like, what's the word?
probabilistic controls as a primary defense. We're a big believer in deterministic controls. So when we talk about authentication assurance, we're not saying we know who you are with respect to some government entity. What we're saying is I know exactly that you are the same device and user on that device that visited me yesterday is visiting me now.
William Kennedy (05:27.299)
Mmm.
Jasson Casey (05:32.765)
under the assumption that the hardware manufacturer of this Infineon chip has not been, their supply chain has not been compromised. Like that's the level of hardware assurance that we're looking for. And so we say hardware backed device bound. What we really mean is hardware backed is you're using these special co-processors to manage these signing keys for authentication. And when you move from secrets that have to be shared to signing keys, you don't have to move or copy a piece of data around. If you don't copy it around, you're actually drastically
reducing what is one of the big root causes for compromise. And then when we say device bound, what we really mean is flipping that switch in the hardware that guarantees that key can't actually be read off that crypto processor. will never end up in memory. Like it's literally not readable. So it's hardware backed and device bound. It's a very concrete thing. And we think, at least for authentication assurance, that is the only gold standard because it gives you provability back to a manufacturer.
William Kennedy (06:05.996)
Yeah.
William Kennedy (06:31.586)
Gotcha. Yeah. What's interesting to me about security is that the more secure you want to be, the more inconvenienced you have to be. Right?
Jasson Casey (06:41.324)
Now, I would argue this to, yes, historically that's true. I would argue that's changed. Do you have an Apple phone or an Android phone?
William Kennedy (06:45.921)
You
William Kennedy (06:50.456)
I have Apple, MacBook, and phone.
Jasson Casey (06:52.862)
Okay, so do you ever use Apple Pay?
William Kennedy (06:57.024)
I do occasionally, when I have to, when it's, maybe in the apps I've been using it more because it's a double click, right?
Jasson Casey (07:03.948)
So maybe this is more of a good story for the audience then. If you have Android phone or an Apple phone and you ever use Google Pay or Apple Pay at the coffee shop to buy a cup of coffee or a cup of tea, you never do that.
William Kennedy (07:15.542)
yeah, I never do that. Never.
I feel like I'm aging out a little bit, but my wife does it all the time. My wife does that all
Jasson Casey (07:23.424)
Well, your wife is actually using a hardware-backed, device-bound, high-security mechanism to do something called single-device, multi-factor authentication to pay for a cup of coffee. And for her, it's seamless. It's effortless. But from a technology perspective, it's way more secure than the password manager you probably have and that second-factor device that you have.
William Kennedy (07:46.959)
But you're saying it's more secure because nobody could really steal that signal or take a picture of the card. There's no way to basically reproduce the transaction in some form or another.
Jasson Casey (08:04.178)
Exactly. it's the same concepts exist in blockchain. The reason I'm saying it's secure is ultimately so let's back up a little bit. If we want to talk about the fundamentals of security. So let's go to the fundamentals of security.
When I authenticate traditionally, I do it with a shared secret, right? A password is fundamentally a shared secret. You know the password ahead of time, I know the password. Same thing with like a TOTP fob, right? There's this thing called a seed and the seed is a pre-shared secret. That's how, you know, we rotate and we're taking a random walk, but we're taking it together. That's kind of how we're able to kind of prove that we possess the same thing.
These secrets, we argue, are actually one of the root causes of today's security incidents. And our argument is, by definition, a symmetric secret has to be shared. And the act of sharing leaves a shadow in memory of every device I ever talk to or every device I go through. And that is an indefensible surface area.
that has to be protected that adversaries can basically just hoover up credentials from and that's why the bad guy generally logs in today. They don't break in and if you could move from a shared secret to an asymmetric secret where it doesn't have to move right the secret thing doesn't have to move I could shrink that surface area right I could really eliminate that attack surface if I could do it provably right this hardware bound hardware back device bound method
I could do it under hardware level guarantees that that key can't move. That is a level of kind of assurance and trust that actually is kind of gold standard in high defense applications. the mobile payments industry is kind of spoon-fed it to us with sugar through mobile payments.
William Kennedy (09:55.799)
I can't disagree with you because I have a password manager and I make sure that no account is using the same credentials. So if something gets leaked there, right, the surface area of what they can get to is so, but I'm a, at that point, I'm an expert user. Nobody does that, right? Everybody's got maybe three passwords. Even the 17 year old just went to college. I had to put her on a password manager because I was like, you can't do this. Right.
Jasson Casey (10:24.204)
So I would argue even then, you're containing the blast radius, but you still have a significant problem. Like right now, we see a lot of threat actors man in the middle in connections, and they're doing it in very, various different ways. Some of them using kind of the high levels of sophistication of they control a telco and they can interdict the TLS connection, but others are actually doing it through fairly low tech applications. They're compromising a third party that you're using as a third party load balancer or content distribution network.
or a third party managed message bus, or a third party managed service mesh for your Kubernetes cluster. So modern developers today essentially open their TLS connection four to five times to third parties in almost every application they build.
yet still treat that connection as if it's supplied end-to-end trust. So in that scenario where they have a password manager, you have a unique password for each service, that password for some of those services actually still does exist on the dark web in certain access brokers and can be purchased. And you ask, how in the world I use a password manager, I never share it anywhere.
Well, the fact is it has to be shared through usage and it's not actually going between you and the service. It's going through a ton of services to get to that service, all of which can be attacked, all of which have insider threats. like things that move are actually the problem when it comes to authentication.
William Kennedy (11:51.033)
So Jen Jason, how do you sleep at night or let's say it make it worse. How do you log into your bank at home with your brain sort of probably like, right? You start to visualize everything that's happening at the moment you sort of log into the bank, right? Like how do you sleep at night at that point, dude? Because I think it could be overwhelming for somebody like you that like has a visualization of this.
Jasson Casey (12:03.659)
Yeah.
Jasson Casey (12:13.44)
The, well, there's two things, right? Like number one, you could focus on all the bad things in the world and essentially never get out of bed. Or you could take what you can control and get out of bed and get excited to go do that, right? And that's kind of like our mission here.
William Kennedy (12:17.006)
You
Jasson Casey (12:34.218)
Whether it's with us at Beyond Identity or another company, we feel very strongly the whole world needs to move to identity defense. And identity defense really at the center has this concept of this hardware-backed, device-bound credential management. There's a couple other concepts there as well, but by doing these things...
You're not going to eliminate all incidents, but for the modern organization, you're going to eliminate 70 to 80 % of the SOC ticket workload, right? And that is actually absolutely doable.
And maybe you're thinking, hey, I work more on the product side. I don't really have to worry about this. You do as well, right? Think about that access token that you're sharing out. Like, is it really a shared secret? Are you really doing proper HMAC on that access token? Or is the service that you probably included by doing 30 minutes of research really doing the right thing?
Because again, like the adversary doesn't have to break in, they can log in. A lot of these initial access brokers will actually sell these access tokens. In fact, this big activity with SalesLoft and Drift that we've been reading about in the news over the last two weeks is in fact exactly that. Compromised access tokens basically being reused to access Salesforce accounts and where organizations had kept proprietary information, sometimes even secrets,
William Kennedy (13:57.262)
Bye!
Jasson Casey (13:59.487)
It's just getting kind of hoovered up.
William Kennedy (14:01.954)
Yeah, no, no, no. I hate security, man. Boy, do I hate security. I try to tell everybody, don't write your own. You got to find the things out there that are certified and work. Don't write your own. The last thing you want is somebody walking in going, all where'd you get this from? I wrote it. Yeah, no. No, not going to work. All right. We want Casey writing them is what I was about to say. Jason Casey wrote this. We're fine.
Jasson Casey (14:04.563)
Hahaha
Jasson Casey (14:19.884)
Yeah, it's a sorry.
Jasson Casey (14:31.404)
Yeah, I don't know about that. I haven't put code in production in a few years, you definitely want security protocol professionals, crypto protocol professionals. That is a discipline, that is an area of training. don't just wake up one morning and start doing it. You get mentorship, you do studying, and you practice.
William Kennedy (14:31.598)
You
William Kennedy (14:53.582)
All right, this was awesome. We're going to come back to this, but I got to get you into the time machine, Jason. So a couple of questions before we start here. What year did you graduate from high school and where were you on the planet?
Jasson Casey (14:58.73)
Okay.
Jasson Casey (15:09.26)
Oh wow, high school. I graduated from high school in 1997 and I was in northern Houston, Texas.
William Kennedy (15:19.342)
Houston, Texas. Okay, perfect. 97. I graduated in 87, so I got 10 years on here. All right. Now, I want you to clear your mind, clear your head. Don't think too hard. I want that first memory of you sort of working on a computer, making the... That first memory you have of making the computer do something and you were like, wow, this is cool.
Jasson Casey (15:22.892)
Thank you.
Jasson Casey (15:40.013)
First memory of working on a computer was probably in the 80s. My dad brought home what he called a laptop. He worked in the oil industry. This laptop was a, it was the size of a toaster oven, like a large toaster oven, and the keyboard flipped out of the front face. I don't, I don't.
William Kennedy (16:02.466)
Was this a K Pro? Was this a luggage, like a suitcase? This might have been a K Pro, man. I had one of those, dude. The keyboard locked in and it came off. Orange? Mine might have been green, but yeah. I can imagine exactly what your dad just came home with.
Jasson Casey (16:07.084)
Yeah, it looked it looked like a suitcase it looked like us
Orange screen.
Jasson Casey (16:17.953)
Yeah.
Jasson Casey (16:21.746)
And you basically booted with the floppy and it had the classics, right? had Oregon Trail. It had some card game. then it had an operating system, which I really don't remember.
William Kennedy (16:24.674)
Yep.
William Kennedy (16:39.042)
Was it CPM? Was it CPM? I watched it, write down K Pro 2. They used the Roman numerals for that. I just looked that up later. I'm sure there were a couple companies that were doing it, but that would have been like 85, 86. K Pro was putting out those portable machines.
Jasson Casey (16:45.42)
All right, K Pro 2.
Jasson Casey (16:50.014)
Okay.
Jasson Casey (17:01.578)
I remember that, then I remember getting into simulation games, and then I remember someone introducing me to this concept called a modem. And you could hook your computer up to your phone line, which was a sure way of getting your mom to yell at you.
William Kennedy (17:11.662)
William Kennedy (17:16.75)
When she picked up the phone, because all moms lived, all those landlines had that device on the back of it so they could go like this all day and yeah.
Jasson Casey (17:25.876)
Yep. Yeah. The, and there was nothing worse than being in the middle. Actually, this is later. This is in the nineties, but I'm in a dog fight with a buddy and my mom picks up the and it all, it all, it all goes south from there. But yeah, the earliest memories with the computer were, honestly discovering games. I just, I explored some of the games on my dad's computer. thought the, the concept of the operating system and the organization of it was fascinating.
William Kennedy (17:37.228)
Hahaha!
Jasson Casey (17:54.829)
First time I learned a program was on one of those, it was slightly more advanced machine, but it was still like an orange monitor machine and the language was like Pascal. Yeah. Yeah.
William Kennedy (18:01.294)
What was that? Pascal. Okay, that's fair. I never got into gaming, even though I was programming in the 80s. I was writing games I couldn't even play. I'm just not a gamer. So even as this whole revolution of games, you my kids got into it. It's not me. But did you, even at your age today, do you still, do you enjoy playing those games on the whatever it is today, the Xbox, PlayStation, whatever?
Jasson Casey (18:11.819)
Mm-hmm.
Jasson Casey (18:23.916)
I love the nostalgia and the idea of playing games. don't have a lot of time for it. in high school for me, the computer games I loved the most were like simulations. It was like F-19 and...
William Kennedy (18:31.918)
you
Jasson Casey (18:49.58)
It was a bad simulator, but it F-19 Strike Fighter, I think it was called. And then there was another one called Falcon 3.0 and then later Falcon 4.0. But I did get into things like Police Quest and King's Quest. there's another example of something they would have never made today. Larry the Lounge Suit Lizard. They were Sierra games. They were Sierra games. But this also from maybe like the...
William Kennedy (19:09.784)
Yeah,
Jasson Casey (19:16.788)
either the really early 90s or the late 80s.
William Kennedy (19:20.366)
So that means, you going, did you have like the arcade in the community? Because I wasn't even into the arcades, honestly. I don't know why, it just never appealed to me. Were you doing that stuff too?
Jasson Casey (19:32.193)
I love the arcades, but honestly the arcades required money. Whereas my buddy lived down the street. I had a, he was like the friend whose dad was rich and well traveled. And I think his, I don't, can't remember if he worked for a Japanese company or if he serviced a Japanese company, but he would go to Japan on a fairly regular basis and come back with all of these exotic toys.
William Kennedy (19:36.31)
Yeah.
Jasson Casey (20:01.13)
And they were games, but they were also ways of like ripping games. And let's see, I lived in like Lafayette, Louisiana at the time. So this would have been like sixth grade, seventh grade. I don't even know what year that would have been. Early 90s.
William Kennedy (20:05.55)
William Kennedy (20:16.974)
That would have been like 93 maybe, 92, 93, six years prior to graduation. Maybe, oh no, yeah maybe.
Jasson Casey (20:23.274)
Yeah, probably earlier than that, because in 94 I was already back to Houston and I lived in Corpus Christi and then Victoria, Texas before then. But yeah, we moved a lot. yeah, gaming today, it's maybe a fantasy that I have in a moment when I'm thinking about what would I do if I actually have time. Also games today are very different, right? Like games today are like these massive movie style experiences.
William Kennedy (20:51.414)
Yeah, yeah, yeah.
Jasson Casey (20:52.052)
I mean, they're fun. Every now and then over the last decade, I'd buy a game around Thanksgiving and I'd play it for a week or two with my nieces and nephews when they would visit. But my adult gaming is kind of limited to that.
William Kennedy (21:06.062)
See, I'm not a gamer, but what is fascinating to me now is the leveraging of the AI for the, what do they call them? NPCs, non-player characters or something, I don't know. But the idea now that you run a model now there and let, that takes on a right? Like the game now just takes on a real life of its own once you can sort of leverage that, especially with the way these models are reasoning today.
Jasson Casey (21:14.506)
Non player.
Jasson Casey (21:27.795)
yeah.
William Kennedy (21:33.544)
It's almost like you're coding a game and there's nothing deterministic about it, almost at all at some level.
Jasson Casey (21:39.853)
You'd probably get a different experience every time. You know, there's an author, Neil Stevenson. He wrote... What book did he write? There was a book that he wrote maybe 15 years ago where he went into a lot of depth about the NPCs. okay, I remember. It's called Reamde. R-E-A-M-D-E. And he goes into this elaborate depth of the NPCs in the game and how...
that they actually were, how they were actually coding it up, how they were using certain things, and this was all backstory to the real story that he was telling, but it was incredibly prescient in terms of the art of what's possible in kind of these massive multiplayer online games where you need to bring kind of artificial constructs to interact with real people in a way that makes them feel like they're getting something out of it, but still scales to make a business work.
William Kennedy (22:38.99)
It's wild to me. What's... No, no, yeah, again, and that's a whole nother level of programming too. People are like, they talk to me about games. I'm like, yeah, no, that's another, whole nother genre of software development that you kind of have to learn. All right, but let's talk about high school just a tiny bit. What else were you doing in high, like, right? So from 94, let's say to 97...
Jasson Casey (22:40.555)
Yeah.
Jasson Casey (22:55.51)
Yeah.
William Kennedy (23:06.552)
What are you into in high school? You playing sports, you're band, you're like, what are you doing?
Jasson Casey (23:13.572)
I was on the tennis team. played tennis competitively, least until I got to the Woodlands. And then I ran into people that were ranked in the nation, like top 50 sort of thing. And I realized I wasn't that good.
William Kennedy (23:32.385)
Isn't it crazy when you meet somebody like that? You're playing competitively. feel like, you know you're not there, but you don't feel like you're that far off. And then you meet somebody like that and they just kick your ass. Like with no effort. And you're just like, okay. It's happened to me a couple times in ping pong or racquetball or basketball where it's just so humbling, man.
Jasson Casey (23:37.803)
Yeah.
Jasson Casey (23:43.147)
Yeah.
Jasson Casey (23:54.059)
Yeah.
Jasson Casey (24:00.307)
It's also incredible to see someone play at that level from an inspiration perspective, right? That like the art of what's possible. But then you peel back the onion and you learn a little bit about them and they've, you know, they've been doing, they've been...
They were almost born with a racket in their hand. Their parents sent them to live away camps once they were about six to seven years old. Like it's a very different childhood. It's a very different experience. So like they're, they're certainly freaks of nature and talent, but they've also made some very, or at least someone's made some of these choices for them, very conscious trades to get to that point. But yeah, we had a couple of those. for sure. For sure.
William Kennedy (24:35.95)
But you still need the DNA. Like, I don't care. You still need the DNA to be able to play it that know, hours and practice. You understand what I'm saying. Yeah.
Jasson Casey (24:50.348)
You've got to be in the right place, you've got to have the innate capability and you've got to pretty much give it everything you have.
William Kennedy (24:56.568)
But you lose your childhood. I had some friends who lost their childhood and the parents would never accept that they weren't going to get to that level. Like at some point you, even with my son playing ball, like at some point I looked at him and I said, I'm glad we're playing at this level, like, you know, travel teams and all that. we have to, reality is now setting in, right? Like these kids are maturing faster than you. They're doing more than you.
I don't mind doing this, but, right? And he even turns around and says, yeah, you know what? I'd like my life back. Good. You know, it's tough.
Jasson Casey (25:27.788)
Yeah.
Jasson Casey (25:33.429)
Yeah. Well, that, I mean, that was kind of the moment for me, right? I got to that unit. So I moved a lot as a kid. And so we moved to this new high school, I think right in the middle of 10th grade between fall and spring.
And I get there and I had been, you I wasn't the best, but I was decent on the tennis team from the place I was coming from. And I get to this place, it's very obvious that like, I'm not gonna, I'm not gonna improve fast enough to compete at the level of these people. And so I took the moment and actually kind of dropped out of the tennis program and decided, well, this is a high school that's kind of set up like a university. There's a fall and spring.
Classes only run for a semester at a time. You only take three or four per semester. And they had a really big catalog. I was a big reader. I was into learning things. I really liked science. I liked math. And so I took the extra time because I didn't have to take athletics or tennis as a course anymore. And I took chemistry, and I took geometry, and I took physics.
William Kennedy (26:17.326)
Wow.
Jasson Casey (26:42.826)
That, I would say, kind of got me excited and interested in these other things.
Coming into that high school, I wasn't really on the advanced track, right? Like I hadn't, I hadn't taken, the geometry and I was a sophomore and generally like that's if you're, if generally you do that either your eighth grade or ninth grade, if you're on the more advanced track. But by the time I graduated, I, I had taken like, two, two courses in biology, two courses in chemistry, molecular genetics, two courses in calculus, two courses in physics, placed out of all of them from.
from an AP perspective and all in a of a short period of time and that was afforded partly by kind of realizing, hey, I can't compete with tennis, what else is there to offer?
William Kennedy (27:32.568)
But I'm kind of curious when you go back to your parents and say, I don't want to play tennis anymore. Were they the cattle? They were, right? OK. that wasn't going to be a fun conversation to have.
Jasson Casey (27:39.68)
they were disappointed.
Jasson Casey (27:46.891)
Yeah, but I mean, when you're 14, 15 years old, like how much are you actually thinking? You're not that empathetic. In fact, you're probably more of a psychopath. I didn't... Really?
William Kennedy (27:56.899)
I don't know about that. I don't know about that. mean, I could, I don't know about that. Especially if this is something that your parents are pushing, right? You just don't want to be in trouble or you don't want to be disappointed. You just don't want to be bothered, right? That's why you do things sometimes as a teenager, because you just don't want to be bothered.
Jasson Casey (28:15.04)
Yeah, I guess for me it was, knew I was gonna, I knew it was gonna disappoint them, but I didn't care.
William Kennedy (28:23.414)
No, that's good. That was fair, right? That was good. But it ended up, but it's interesting that you, you had it. What I want to explore there for a few minutes is was your ability to do all of that in two years, discipline or passion? Because that's hard for somebody that age to be that sort of mature, sort of rip through all that material in two years, especially now you got your freedom.
Jasson Casey (28:25.857)
Yeah.
Jasson Casey (28:51.21)
I would say it was a mix. So some of those courses I didn't want to take and my parents forced it on me, like English, the advanced English courses and literature courses. growing up, my experience was very much, you're going to, there were always high expectations and you...
there was always more on the table for you to achieve. So why weren't you doing that? like some of it was, was that some of it was passion. So like I was introduced to the concept of physics. I didn't really understand it. I took a physics course, my first physics course. Actually, I'll never forget the teacher is Ms. Monroe. And I thought the class was the coolest thing ever. Like, wait, what do you mean? I could actually predict.
Where this car is going to stop? What do mean? I could predict the flight of a ball What do you mean? There's a there's a model for reality Like these concepts kind of blew my mind and so that was absolutely a passion I would say math I I didn't have a great pre-cal teacher and so I rolled into calc almost as an obligation I don't think I did that well for the first semester
And then I realized, oh, wait a minute, the physics stuff I'm really interested in requires me to actually have a really good grounding in calculus. And so actually, I'll never forget the story. My calculus teacher, my senior in high school, called my parents suggesting I drop out of the class. And I don't think I was doing well that first of all. think was getting like a C or something. And I basically just taught myself the course in the spring.
William Kennedy (30:25.23)
Yeah.
Jasson Casey (30:33.876)
And I aced that exam. Like I actually got a perfect score at the end of the year on it. But it was motivation. And it was because I realized I needed this to do this other thing that I really got excited by. And that really excited by thing was physics.
William Kennedy (30:48.664)
See, I love that, right? Because this is the, from a parenting perspective, right? When you have kids at that age, if, till they find the thing they want to do, they're just not going to be motivated to do anything. My girls found early, like near the end of high school, what they wanted to do and have excelled ever since. My boys didn't find it in high school and they're just sort of finding it now at 21, 22.
Which thank God they're finding it because now they're stable and now they're right. have that, that goal. So anytime I hear a story about somebody in high school, sort of finding that thing they want to do or passionate, it's for me, it's a beautiful thing because it allows that person to kind of get on that road a little sooner. You seem to have found it in physics. So then I imagine that when you're going to graduate high school, you want to sort of pursue the physics. that like, where's your head?
Jasson Casey (31:30.7)
Mm-hmm.
Jasson Casey (31:43.117)
Yeah, that actually was it when I.
So when I, when I applied to college, I applied to the physics and engineering programs and my thought process was, Hey, I love physics. I've been, and you know, my, my, my, my second physics teacher also loaded me up with all these books. so I'd read, you know, everything written about Feynman written by Feynman. I had the Feynman lectures that I would listen to in the mornings when I was, you know, had an hour or two before class. So I was all in for physics, but at the same time, I didn't know a lot of physicists and it didn't seem like
they got jobs outside of university.
And so I thought I needed a backup. And so my plan was to double major and I'll do this thing called electrical engineering because from what I can tell, my dad was a double E and it seems like double E's can get jobs and double E seems like the most physics oriented engineering program I could, I could go to. So it kind of felt like I was not necessarily stepping too far away from the thing that was truly fascinating to me.
Yeah, that was how it started.
William Kennedy (32:52.558)
That's interesting. So what universities end up going to, or at starting at?
Jasson Casey (32:57.868)
University of Texas. I applied to a handful of universities. I got into a subset of them. And then I was faced with the cold hard reality of like university costs money. I was a Texas resident and UT Austin was like a top 10 school for what I wanted to do. And it was also like, I know it's more expensive today, but even
Even then it was, I think it was like $5,000 for the entire year. Like it felt like a steal. I could get a subsidized or I could get some sort of government loan to like pay for half of it. I could get a job to pay for the other half. It wasn't going to be complicated to figure out how to pay for it. And it was again, like a top 10 school. And the other thought process was,
It's a big enough university where if I screw up and this isn't really what I want, there are other things there.
William Kennedy (33:57.689)
Yeah. Yeah. Plus they got a hell of a football program. So you're to have some fun on Saturday.
Jasson Casey (34:01.822)
yeah, we walked into some pretty epic football. I'll never forget. I'm not a huge football guy, but I did go to almost all the home games that first year. Saw Ricky Williams play. Saw Major Applewhite step in off the bench and just literally right off the bench throw a long, long pass for a touchdown. I saw some really, really great college players then.
William Kennedy (34:28.696)
Yeah, don't know. When my daughter, number six, my stepdaughter was looking at colleges, we were kind of nudging her towards Notre Dame. She's at St. Mary's now. But I kept telling her, you want that football experience. You need that school that has that sports, because I feel like it adds another sort of dimension of getting everybody sort of together, right? Now you've got alumni. Anywhere you go on the planet, right?
Jasson Casey (34:51.222)
Mm-hmm.
William Kennedy (34:55.284)
And you sort of have that. I don't know. I think it's an important part of that, being part of that university, having that connection with others that you've never met. You walk by the airport, you're wearing the colors, right? Yeah.
Jasson Casey (35:06.89)
It's instant community. It really is.
William Kennedy (35:12.29)
So you go there, what was your, I'm assuming that you graduated from there, you finished that four year degree. So one of my favorite questions is always like thinking back on those four years and I'm assuming you got your, majored in electrical and you got a minor in physics or you did both?
Jasson Casey (35:36.275)
I realized I couldn't do both and swing a job. And so I gave up on the physics double major. I did the double E. My focus was on computer engineering, I think like micro architecture, embedded systems, that sort of thing. And yeah, I worked at a
I worked writing software at the same time as a way of kind of helping pay for things as well.
William Kennedy (36:07.712)
I was going to ask you that too, like was the job on campus or were you able to get something related in the field?
Jasson Casey (36:11.678)
No.
So I, through a friend of the family, worked at an oil company. Actually, it wasn't an oil company. It was a geoscience company. And they sold software into the oil industry. they offered, he told me about an internship program they had. And so I ended up getting an internship there my first summer.
And the gist of the internship was, hey, you know math, right? And I was like, yeah. And he's like, all right, you know how to write code in C, right? And I was like, yeah. Because I'd done a bunch of robotics projects in high school. I'd learned how to write in C. And they're like, all right, well, this job is really just geometry in C. It's not that hard. You'll figure it out. And.
William Kennedy (36:55.372)
You
Jasson Casey (36:56.875)
I guess I didn't screw it up. So they actually made me a part-time employee for my first two years of school. So I used that to help pay for school, but it was fun. I was exposed to Unix at school, but this was legit. You have to learn what LibC does. You have to actually learn how the Unix operating system works. had a Solaris on my, I think a Spark 2 on my desk, and I also had a SGI Onyx on my desk.
William Kennedy (37:03.118)
around.
Jasson Casey (37:26.37)
I had to make sure my software ran properly on both. Ultimately, I was working in the research group, so my job was to kind of help. My job was literally to be the LLM for my boss around like skeleton code. That was too trivial for him, but still requiring some level of about 20 on average.
William Kennedy (37:49.411)
How many hours a week did you work on average? that's a lot, dude. Full course load, 20 hours a week. I guess they allowed you to work around your schedule, which is good.
Jasson Casey (38:01.868)
Oh yeah, they were super flexible. All they cared about was eventual progress. They were incredibly generous.
William Kennedy (38:10.562)
Did you ever once think, I'll just do this full time, I don't need to finish my degree, I'm already in industry?
Jasson Casey (38:15.308)
The absolute fear of my parents, So actually it was a pretty funny story there. I finished most of my coursework inside of three years and actually went full time. And the courses that I was left with were the ones that I was highly, highly uninterested in. So like a government course, a...
William Kennedy (38:19.102)
hahahaha
William Kennedy (38:24.75)
you
William Kennedy (38:38.126)
Hmm.
Jasson Casey (38:44.926)
Fine arts elective. feel bad. Yeah. And I feel bad saying this out loud because I love the arts. love, I, I do actually like going, to shows and museums and I love history, but at the time I couldn't be bothered. I wanted to just be working. And, yeah, I think, there was one particular course that I, I didn't fail it, but I wasn't going to pass. So I dropped it like three times.
William Kennedy (38:46.23)
your liberal arts, like you had some liberal art classes left that you had to fulfill.
William Kennedy (39:12.811)
You
Jasson Casey (39:13.452)
And the last semester of that fourth year where I was literally just working on two courses over three semesters over and over and over again, I took a job in another city and I was literally just flying in on a Southwest plane to take the exam and then fly back. So yeah, I almost did not finish my undergraduate.
William Kennedy (39:24.546)
Wow.
William Kennedy (39:32.012)
Wow. Wow.
William Kennedy (39:36.888)
Wow. That's interesting. Yeah. It makes sense to me, right? Like you're just like, you're done with school. I'm already making money. This is a pain in my ass. Like, but you got it done, right? That's good.
Jasson Casey (39:49.325)
I... It's hard to put myself back in my mindset from back then. I don't know how much of it was obligation versus desire, but yeah, I eventually figured it out.
William Kennedy (40:01.71)
Because I still have, I was, okay, just real quick. I was never, I never had the status of senior in my undergraduate. I was, it was so cold outside and I hated going to class. I never went to class. And it was like, I finished my four years and I still had like 28 credits left. And my mom sat me down and she said, you're going to get it done now or it's over.
Jasson Casey (40:16.651)
Yeah.
Jasson Casey (40:23.841)
Yeah.
William Kennedy (40:30.058)
And I somehow did 28 credits in this one lot. And it had the best, I had a B that, it was my best semester ever. Right? And I got it done, but I'm not in, I made it my job to just get that done in any way possible. So somebody a long time ago was like, Bill, we can't find you in the yearbook. I'm like, yeah, I never got invited to be in the yearbook because I was never a senior.
Jasson Casey (40:37.963)
Yeah.
Jasson Casey (40:41.302)
You made it your job.
Jasson Casey (40:46.56)
Yeah.
Jasson Casey (40:57.995)
Yeah.
William Kennedy (40:58.166)
I just went from one status to ... But I still wake up sometimes with nightmares thinking I didn't graduate and I got to go look at the diploma on the
Jasson Casey (41:07.628)
I had nightmares about missing my final exam until I was 30, early 30s.
William Kennedy (41:14.774)
It's interesting, Wow.
Jasson Casey (41:16.426)
The anxiety dreams follow you for quite some time.
William Kennedy (41:19.758)
Yeah, I haven't had that in a while, but yeah, I would say for good 20 years, would have that anxiety dream. I like that. I like the way you labeled that. I would have that anxiety dream that I really didn't graduate because I was messing around. But your parents must have been ... My mom wasn't ... Well, like I said, she lectured me and then I got it done, so it happened very quickly. But yours is over three semesters, so that's almost like a year and a half where your parents must have been just on you a little bit at a time.
Jasson Casey (41:48.493)
Each year they thought I wasn't going to finish. Because yeah, was doing my own thing. I kept enrolling. I kept trying to take that class. honestly, I think in the end I actually depend. So this one particular class, it's like a D is technically not failing and you can get your degree for it. And I think I got a D in that class. And I finally said, I don't care. I'm done. This is enough. They'll check the box. Don't let perfect be the enemy of good.
William Kennedy (42:18.658)
You know, we had really bad attitudes. We were like, our GPA isn't on the diploma. We just got to pass. That was like the attitude. Just got to pass. Just got to pass. Just get this thing done. Just got to pass.
Jasson Casey (42:27.755)
Yeah.
Jasson Casey (42:31.54)
Yeah, my GPA inversely correlated to my work status. So when I went from part-time to full-time, it definitely took a dive. But I was also done with all, like, if you looked at the courses I really got into, like, did pretty well in them because I used them. Like, microarchitecture design, graphics, operating systems, like, that kind of stuff. Like, that was really, really exciting.
The signal processing and circuits courses, I wish I spent more time paying attention to them, but I knew I wasn't going to work in that area at least initially. The reason I say I wish is there are some projects I'm working now where I'm finding myself actually going back and teaching myself the materials so I can kind of understand a little bit about what's going on. But I guess the benefit of a foundational education is you can teach yourself.
William Kennedy (43:29.102)
Yeah, I wouldn't even have expected you to remember that completely, right? But it's like riding the... So my wife, who has an industrial engineering degree, her math is so much better than mine. I did the Calc 1, the Calc 2, I stopped there. I was honestly very immature at the time I was going to school, really immature. But now what...
Jasson Casey (43:33.014)
Yeah.
Jasson Casey (43:42.836)
Mm-hmm.
Jasson Casey (43:49.1)
I feel like you're saying a late teenager, early 20-year-old is immature. That's shocking.
William Kennedy (43:53.751)
No, I was super mature, And I think maturity has a lot to do with your ability to learn and have that discipline. But my wife's math skills are just way beyond mine. Like when the kids have the math they're doing today now, or even like trigonometry and the geometry and some of the higher end. Like I could open up the book and I know I can learn it. It's a relearn it at some level, but she still to this day has it in her head.
It's mind-blowing to me sometimes where I'm like, she doesn't even have to, or she'll skim a page and then she'll sit down and start doing it. And I'm just like, if I could have your brain for just a couple days, what I could do, because I feel like I'm doing pretty good with this brain, but it's not even close to what your brain is right now, right? It's just, it's just, yeah, it's mind-blowing to me that she, she has that. I imagine that even with you, you probably just have to...
Jasson Casey (44:32.086)
Yeah.
Jasson Casey (44:43.594)
Yeah, that's our fundamentals.
William Kennedy (44:53.484)
you know, even less than an hour, just absorb it and then it all sort of comes back.
Jasson Casey (44:58.518)
Some of it does, some of it I question whether I ever had it. So for instance, I can flip through microarchitecture stuff and that comes back pretty quick because I knew it pretty well and it doesn't take much. But then on the flip side, I may be looking at some complex analysis stuff. So this turns out to be really important in signal processing.
And I'm kind of convinced I never really learned it. And it takes a bit, right? And the good news is, like most things, there are a few fundamental principles that once you really understand them, you can kind of compose them in different ways and kind of get what you need. But yeah, some of it is you're just scraping the cobble-ups off. And some of it I honestly question if I ever truly knew it.
William Kennedy (45:54.745)
So how long were you with this company? Because you started working, you did get to graduate, you're doing this work. How long were you with them?
Jasson Casey (46:01.201)
yeah.
Jasson Casey (46:04.576)
So that part-time company that helped me get through first two years, I was with them for two years. Then a body of mine.
William Kennedy (46:13.358)
So what year is that then? Like you finished with them in like 2003? Oh, in 99. So you graduated high school in 97. You would have graduated on time if it were like in 91, right?
Jasson Casey (46:16.588)
99. That was 99.
Mm-hmm.
Jasson Casey (46:28.076)
So I graduated high school in 97. I started college in the fall of 97. When I showed up, was qualified as a junior. I had 60-some-odd hours of credits. Yeah. So I didn't really have to take any of the, what do they call them, leveling courses. I could jump straight into my material. So by the first two years, I was kind of done with
William Kennedy (46:38.83)
nice nice
Jasson Casey (46:55.436)
most of my engineering curriculum. And I still had a lot of stuff that I was deferring. And then I had some of the engineering courses that are just required for you to take but aren't necessarily germane to your focus area. And that kind of described my last few years. So a buddy of mine worked at a startup at the time. And I have always been fascinated with the idea of startup companies. And he's like, hey man, you can code.
and you understand systems and you should come work for us. And it was a bizarre thing for me. I walked in, I interviewed with a guy, asked me what kind of work I'd worked on. I showed him a little bit. He did the technical screen and they gave me a job. I was 19 years old and they gave me a full-time job.
William Kennedy (47:46.51)
How did you know this guy at 19? Because you don't really have a network yet.
Jasson Casey (47:50.705)
I had a network. It's called the NerdNet. I want say my first or second week in college, I went to my first party and I ended up talking with a dude in the corner and we spent most of our time talking about
We were comparing AP tests and scores and the nuances of Linux versus Solaris. what's that meme where there's the guy in the corner and the couple dancing and the guy in the corner is thinking, I bet they're thinking about such and such. Yeah, so at a place like UT, it's almost like nerds magnet to each other.
And so yeah, I met this guy first year. were, we were friends, but all we would ever talk about was technical things. He was a sys admin. He had, he had built with a buddy of his, like a little ISP in Fort Worth, Texas, when he was in high school. And so he, you know, he was a sys admin with like four or five years experience, adminning Solaris and he understood gate D and he could configure BGP and.
And so like he taught me networking things and I would do software things for him and he got hired as a network admin for the startup and they needed someone who had some software skills to work on the protocol side of things because it was a voice over IP company. And the people were all telco engineers. They weren't necessarily like software engineers. And it was also, you know, the wild, wild west of the late nineties, Austin, Texas. So, yeah, they hired me. I was radically unqualified.
But I bought a bunch of books in a cot and I slept at the office and I figured it out.
William Kennedy (49:41.901)
VoIP was really brand new in the early 90s. I was working for a company that were building inbound, outbound systems for call centers trying to compete with the big telcos. And I remember we were trying to introduce VoIP as a way of not having to pay for the big telco, right? Million dollar telco system that was, I mean, those systems were solid, dude, like no doubt. just the computing wasn't...
Jasson Casey (49:43.916)
Yeah.
Jasson Casey (49:52.522)
Yeah.
Jasson Casey (50:04.747)
Arbitrary.
William Kennedy (50:10.522)
The processors really made that hard because of the... Though again, again, it's voice, right? you have some... Somebody cuts out, you don't have to go back, right? You could just keep going. But no, there were real challenges just with the power of the computing we had. I remember.
Jasson Casey (50:19.777)
Yeah.
Jasson Casey (50:27.094)
Yeah, no, was fun and it was fascinating. I didn't really know telco systems. The company kind of taught me telco systems, but I did understand the basics of socket programming and I understood the basics of networking. And yeah, their insight was like, it wasn't just theirs, a couple people had this, but the human can tolerate a lot of error in audio.
It's cheaper to build a packet-based network than a circuit switch network. And the future is going to be packet-based networks anyway. So if you have a way of running voice on a packet network, you're going to have a cheaper operation and you're going to able to grow faster and capture new markets versus old stodgy telco.
And so that was their insight. So they raised all in, I think they raised like $300 million between like financing and cap cash. And we built a nationwide US network. We leased our IP or we leased our optics. We ran our own IP network over an optical backplane, like a sonnet backhaul network.
And they bought these voice over AP gateways and we would buy trunks from the local telco in large, large quantities, like bundles of DS3s. A DS3 is like 700-ish calls per DS3 and we would just buy big, big chunks of them in all these markets. And because of how regulation worked at the time, we would just pay a flat fee.
William Kennedy (51:57.807)
That's wild. Yeah, yeah, yeah. I think if I remember when we were playing with it, for where we were at, like compression allowed you to win or lose that game or something, right? Being able to compress it.
Jasson Casey (52:09.6)
So for us, was that that makes sense in the enterprise.
We were operating in the carrier space, so compression existed. So, phone call uses something called G7.11. They're not really compressing the audio. What they're doing is they're quantizing the audio. So it turns out for human speech, linear sampling isn't optimal. You actually want non-linear sampling to reproduce a slightly better audio signal. Then there is compression codecs called G729.
William Kennedy (52:16.686)
Hmm.
Jasson Casey (52:40.268)
And G729 could take like a 64 kilobit audio stream and shrink it down to nine. But when you look at the bandwidth savings that that gives you versus the cost of bandwidth, right? So like I just talked about a 64 kilobit audio connection, but we were buying gigabit or we were buying OC12 and OC48 connectivity. So we were buying in the gigabit to multi gigabit range.
putting kilobits on top of it, yeah, I could spend extra money and go buy this fancy hardware to do the compression, or I could just buy more bandwidth. And so we went the buy more bandwidth route.
William Kennedy (53:20.428)
Nice, Interesting. So how long are you with this company? Because that's pretty technical work. I mean, that's really technical.
Jasson Casey (53:28.446)
I was with that company for two years. It was like dog years. I married the company. literally lived in the office. There were several periods of time where I would sleep with the office. We had a shower. It was fascinating. Anything, any project you were willing to like embark on, the company would support you. Like it was too many. It was an environment of too many problems, not enough people, not enough money. If you want to go tackle one, have at it.
just prove to us you're not going to be reckless. And so it was my grad school, even though I technically hadn't graduated yet. But it was amazing. I learned a ton.
William Kennedy (54:03.992)
So then why leave after two years?
Jasson Casey (54:06.088)
we ran through the business field. Yeah. So the business fell in a really interesting way too. So the telcos at the time, they were all customers of each other and competitors of each other.
William Kennedy (54:10.623)
okay. Ran through the money.
Jasson Casey (54:22.524)
And so we kind of mismanaged our cash a little bit. Like we used cash or we should have used some debt financing. So we may have had like a low cash volume in our bank account. And one of our competitors who was also giving us traffic, they realized that we had screwed up our routing. And so they were giving us traffic to terminate that we were turning around and giving back to them. We were charging them less than they were charging us to re-terminate that traffic. They realized that and they didn't tell us, they just turned the dial up.
William Kennedy (54:46.03)
my god.
Jasson Casey (54:52.952)
And then they waited for us to catch up, catch on. And the minute we catched on, they filed an injunction for payment and that forced us to lock up the cash we had on hand and we had to file chapter 11. That was, yeah, Quest Communications did that to us. That was that world. so...
William Kennedy (55:08.29)
That's evil, That's evil.
William Kennedy (55:13.986)
That's evil. Wow.
Jasson Casey (55:18.924)
I didn't know, again, I didn't know what any of this meant at the time. had to have it all explained to me. I stayed on a little bit during the chapter 11 to kind of help run things.
But I had a girlfriend at the time and she had moved to Dallas when she graduated for a teaching job and I decided I wanted to find a way to get to Dallas. So one of the vendors that was calling on me, I called them up and said, hey, I need a reason to be in Dallas. I have an idea for how you can use your product. I'll introduce you to these three prospects that might buy your product. Would you hire me as a software engineer?
and they ended up hiring me, not as a software engineer, that's kind of why I ended up leaving that company and moving to North Texas.
William Kennedy (56:02.956)
Wow. Nice. now you move. You had to move in with your girlfriend though. That's a big change there, Jason.
Jasson Casey (56:09.516)
yeah. It felt, it felt, it felt, it felt normal. By the way, we're now married. but yeah, but.
William Kennedy (56:19.502)
that's good. You never know where these stories are going to go when you don't know. Okay, so that's good. You ended up marrying this girl.
Jasson Casey (56:23.5)
Yeah, it worked out. It worked out. And that company worked out too. That company ended up being the next ride in the journey.
William Kennedy (56:34.968)
So how long are you at this next company then? You're there for?
Jasson Casey (56:38.508)
I was at this next company for about three years. Yeah, so this company had, they were a startup that were a chip manufacturer and they built this thing that was very early version of software-defined networking. And one of their co-founders was a guy who invented this thing called the FPP and RRSP, this guy named Vic Bennett.
William Kennedy (56:41.582)
And you weren't doing software development? What were you doing over there?
Jasson Casey (57:05.368)
And it was a network processor. And it turns out it's the gear network processor that almost all the heavy equipment kind of used in their high-end network processing cards, right? So think like ATM switches, edge routers that hang off ATM networks at the time, that sort of thing. And they had built a version of the chip that could do essentially regular expressions at line rate.
So over to it, it's a big deal at the time. It could load a pattern and do pattern matching and substitution at one to two gigabits with minimal latency or the latency you would actually expect for a switch. the problem I was working on at that the Austin field startup was a firewall problem. How do I take my VoIP network and someone else's VoIP network and peer them?
without exposing the fact they're on a private network, I'm on a private network, so have to remap, right? I have a security domain, they have a security domain, I don't want to allow like just pure access. And voice over IP has a signaling protocol and a data protocol or immediate protocol. And a lot of the voice over IP protocols at the time, have what they create all these layer violations, which is a fancy way of saying, deep inside of the packet, it talks about IP and port and protocol information about another thing that's going to show up.
crosses a NAT boundary kind of invalidates itself. The minute it crosses a firewall, it kind of invalidates itself. So I was trying to figure out how do I get a firewall and a NAT that are VoIP smart, right, and can kind of handle this. And I called this company and they had been thinking about maybe they could solve that problem and I pitched them on my version of how they could build a voice over IP firewall, at least what it would look like from a customer's perspective and what the state of the art was.
given alternative equipment and it turns out because I had been working on this problem, I knew my counterparts at level three and global crossing and a few other companies and so was more than happy to make the introduction. So yeah, they hired me but they said, hey, we want you to become this thing called a product manager. And it's like, I don't know what that is. And they're like, don't worry about it. Just show up. So yeah, that was, I got that job. I loved it.
William Kennedy (59:12.762)
Wow.
William Kennedy (59:20.43)
Did you enjoy that though? Did you enjoy getting, getting your hands off it? You did. You enjoyed that. Why? What was it about that? They enjoyed. You're still young dude. Wait, wait a second. You're still young, right? We're talking about 2000. You're 21 years old. You've got five years of sort of industry experience already, right? We're talking about 2005 right now. 2000. Oh, 2001. Man.
Jasson Casey (59:26.538)
Well, the product manager has 21.
Yeah.
Jasson Casey (59:45.548)
2001. Yeah.
William Kennedy (59:49.506)
You are doing so much so quickly. can't even do the math on the years anymore. This is 2001.
Jasson Casey (59:54.423)
the yeah yeah I guess technically I was 22 I would have been 22 in 2001 but yeah I was 22 I had this this job that I didn't really understand but again I you know I knew what the product needed to look like
And it turns out that's really what the job of product manager is. And in a highly technical business like ours, or this company's at the time, the company's called NetRake. It's since been bought and sold. But in a highly technical business, product manager has to be respected by both customers, engineers, marketing, kind of everybody. And your customers are highly technical, right? Your customers are also representing their companies at the standards bodies, like IETF, arguing over
for like BGP extensions. So your customers are highly technical, your engineers by definition are highly technical, and you've got to sit in the middle of them. So if you're not technical, you're not going to work out. But also you've got to figure out what's the straightest line to revenue, what's the straightest line to what will work for these people, not what's ideal.
William Kennedy (01:01:02.542)
But how could you know that at 22 or I guess for the next 20 years now, this is what you're sort of perfecting this sort of role.
Jasson Casey (01:01:09.12)
yeah. mean, I'm giving you the 46 year old's version. I don't think I would have liked this at that time. No, the woman I worked with was a very seasoned product manager. She also grew up from the engineering route. She was a long-term kind of telco engineer, telco into product management. So like she was a great mentor.
And, you know, it was a startup environment. like the great thing about startups that at least I've been part of and like generally why I tell people if they should go to a startup is...
If you have the ability to work a problem, startup can almost never say no because they never have enough time and they never have enough people and they never have enough money. And if you have the understanding and if you're going to act responsibly and if you have some ability of tackling the problem, you're going to be let loose. And that was the environment. I had good mentorship and so yeah, we just did it.
William Kennedy (01:02:12.334)
I think that role is also critically important if you have somebody who can talk tech, but also talk non-tech. You got to be able to do that translation. But at 22, I don't imagine you have that ability like you obviously have today.
Jasson Casey (01:02:22.546)
Yeah.
Jasson Casey (01:02:30.43)
No, not at all. I had the benefit of the fact that my customers were engineers. So the first customer of that company was actually Japanese telco. And I'll never forget the way we landed them. So the protocol that was all the rage at the time for Voice over IP was called SIP, Session Initiation Protocol.
And I was kind of like an auto didact with all the RFCs related to SIP. Like I knew it inside and out. I had written all my own custom implementations of the protocol just to, this is kind of how I learned. Like if I don't build, don't, can't prove to myself I know a thing. And so I knew this protocol inside and out. And you know, I'm also building out the roadmap for the company. I'm a good product manager is always ahead of the engineering team in terms of what they're working on thinking about. And the Japanese customer was really
interested in solving this problem, they wanted to solve it on a time frame and their first gate to just moving into a POC was, well we want to see these three scenarios, can you show us log trace output of what your product looks like in those three scenarios? And so I stayed up one night and I just hand cranked it all out myself.
William Kennedy (01:03:38.51)
Wow.
Jasson Casey (01:03:39.628)
And there was another engineer, he was like a chip architect who he was also incredibly diligent. And so I used him as like my checker and then we gave them that output and they invited us to Japan for a POV. Yeah.
William Kennedy (01:03:55.727)
Wow, that's awesome. Wow, that was mind blowing. Everybody must, you must have felt great at that point. mean.
Jasson Casey (01:04:03.236)
I felt great, another way of thinking about it too is you're just raising the stakes, right? Because you're clearly showing what the product could do, not what the product did do. We go to Japan, and it was me, a sales engineer that I just hired, and a head of customer success. And this was our first customer deployment. anyone who's done business around the world already understands this, but I didn't.
William Kennedy (01:04:08.375)
Yeah.
Jasson Casey (01:04:29.452)
People behave differently around the world, people run networks differently around the world, cultures and customs are just different. So we show up in Japan and I had traveled through Europe and thought I was well traveled. So I experienced my first culture shock. It's like stepping off the rocket ship on Mars in a good way, but still like eyes wide, right? I was probably 23 at the time.
And I thought I was really adventurous from a food perspective. Turns out I wasn't. So all I would eat was rice for that first week. And so I was like losing weight. I was tired.
And also we built our product, at least the operating system of our product was built on BSD. And BSD had a lot of networking bugs around things like memory protection in the kernel on DHCP. it was before the era of things like CDP and L, what was it called? Link layer control protocol, LCP. Long story short, Japan liked to build really, really big subnets, like thousands of hosts on one broadcast away. And the rate
of ARPs and reverse ARPs was faster than the little kernel thread in our OS could handle. And so I'll never forget, I took the team, the Japanese team into a room to train them on how to design with our product. Well, my sales engineer was gonna hook it up and get the first demo running. And we come out an hour later and Gabe turns to me, he's like, Jason, oh boy, you got a really thick Cajun accent. can't do it.
William Kennedy (01:05:42.894)
you
Jasson Casey (01:06:03.746)
justice. It's like Jason boy this shit don't work. And so I sit down at the terminal and I see DB greater than and it's like well I've never seen that before and this is essentially what a BSD kernel panic looks like. And you know the so like the level of stress is through the roof and and the head of customer success like he's fundamentally a salesperson he's like Jason I I can't do anything here I'm going home.
And the SE also is still more of a sales person. Like I can't do anything either. I'm going to go home. So I ended up staying. They left.
fish out of water and then the Japanese like they're great culture they're super detail focused and their whole gist is if you give them everything they'll reciprocate and so every day we would work on this every day we'd go out to dinner every dinner we'd drink too much and then I'd go back to the hotel and dry and write up a big trip report and attach core dumps
And the goal was I provided enough information in a lucid way along for the team to diagnose the problem and give me a hot patch along with instructions on how to use it so that when I woke up the next day at 6 a.m. I could be prepared enough to go back into the office and kind of at least move the ball yard down the field. We did this iteratively but over the course of two weeks we got it up and running. We got invited to.
You know, we got hosted at like the big bosses fancy restaurant. I had a breakdown moment where I was so hungry that I just started eating everything they put in front of me. And then I realized, holy shit, this food's actually really good. And so that started my food adventurism, which has since gotten even bigger. But yeah, we got a check from them a couple of weeks later, $600,000. It was our first paying customer.
William Kennedy (01:07:45.46)
Hahaha!
William Kennedy (01:07:49.793)
You
William Kennedy (01:08:02.478)
So this is a theme with so many... ignorance is bliss, right? You're 22, ignorance is bliss. Those two other guys just go home because they're too seasoned. And you're like, I ain't giving up. Like today you would have just went home. But ignorance is bliss, man. It allows you to do things you never in a million years would sort of do if you knew better.
Jasson Casey (01:08:07.442)
Ha ha ha.
Jasson Casey (01:08:14.22)
Yeah.
Jasson Casey (01:08:26.454)
There are so many things about that initial trip that I'll remember till I die, right? Like made some really good friends, learned an incredible amount, built real partnership with our Japanese partners and customers, learned about a truly different culture.
And then the food thing, like, you know, I joke about it, but like food is very important to me. And I think it actually probably, at least one of the big parts started on that trip. Just eating over myself and tasting things.
William Kennedy (01:09:04.174)
But I imagine that when you saved that account, you made that happen because you stayed and you did that. I'm kind of curious, did they just pat you on the back when you got home or did they give you something for that work that you pulled off?
Jasson Casey (01:09:18.806)
Well, so in fairness, there was definitely a team that was being whipped daily behind the scenes to make sure that I did have a patch for when I woke up. So it certainly wasn't all me. But yeah, no, we won that account. We used that money to show progress. We used that to actually raise our next round.
I mean yeah, that company let me as a 23 year old essentially help set direction of the product. That company is a major reason, or at least a major pillar of who I am today. yeah, no, they definitely, they treated me very well.
William Kennedy (01:09:59.663)
So we've been talking for like over an hour and you're only 22 right now in this story. So I can't even imagine how much time we need to get through all of it. So we don't have time. So got like 20 minutes left with you. We got to sort of fast track between now and sort of where you are today. So when did you start with this company? The company that you're with today? What year did you start? 2019, okay.
Jasson Casey (01:10:04.383)
Hahaha.
Jasson Casey (01:10:16.437)
Yeah.
Jasson Casey (01:10:24.748)
2019.
William Kennedy (01:10:27.95)
And we're only in like 2002, three. Okay, so you got five minutes to like tell me how we get to 2019 from here. I feel like you're staying every couple of years. Like how many jobs are we talking about over this next 18 years or whatever?
Jasson Casey (01:10:30.476)
2003.
Jasson Casey (01:10:39.596)
All right, I'll give you.
Jasson Casey (01:10:45.356)
So I'll give you the cliff notes and then we can kind of drill in. So at the end of 2003, I started to become more wise and understanding of financing of startups and how that works. And while the company had been great to me in terms of learning and education, I learned about the preference stack and ultimately how that really meant that we would, the company would eventually get bought, but no one would ever make any money.
And once I kind of had that realization, one of my customers called and said, hey, we want you to come work for us. All these things you've been telling us we could do with your product, we want you to come help us make that a reality. So I went to work for a company called Level 3.
From there, ultimately that didn't really work out. Like the whole business unit that I was part of was speculative and that business unit got cut. And so at the same time I needed a reason to move to Austin, right? My then wife wanted to go back to grad school. And a friend of mine from NetRake was working for Alcatel and he was like, well, we always need a good solutions architect. Just come work for us, it'll be easy.
I went to work for him. I was involved on the periphery in some big deals with AT &T. I didn't really do anything to deserve any of this, but they treated me like I did. And I learned pretty quickly that I need technical excitement. Money's not enough.
And the former boss from level three went to another telco and said, hey, all those plans you built for us at level three, how would you like to execute them? So I went from there and I joined him at a company called Sentry Tel. Now they're called Sentry Link. And that was my first real executive job. I was 26. We did that for about...
William Kennedy (01:12:30.434)
That's crazy how young you are in these positions. It's mind blowing to me.
Jasson Casey (01:12:36.886)
So I built a team in Austin, Texas for this Louisiana based company. We built this product, launched it really fast. Culturally, I would say we weren't really that great of a fit with the telco, because we were kind of this startup group of pirates that we didn't really care what the rules were. We were going to get stuff done.
You know, we got stuff done, but we definitely rubbed a few people the wrong way. And ultimately the product we were building probably wasn't right for the market of that particular business. And from there, I ended up kind of getting into just doing my own thing. So I started working on the software to find networking stuff and it was super fascinating, super fulfilling. Didn't make a ton of money at it, but developed a huge amount of relationships with
company called Bel Air Networks at the Synthagoppa by Erickson, as well as Aruba Networks and a few others. At that point, I was feeling a little bit burnt out because all of these jobs, while I kind of shifted every two to three years, I was putting, you know, everything I had was going into them. And so my wife had just taken a position as a professor at Texas A
And so I've been trying to convince a professor to work on a technical project for me. And he's like, hey, you seem to be free. Why don't you do a PhD? So I did a PhD. I wouldn't have been able to do that without finishing my undergrad. And I'm
William Kennedy (01:13:58.223)
Wow.
Jasson Casey (01:14:03.306)
Yeah, that brought me back to that work that I had been doing just before the PhD in software defined networking, started this nonprofit called Flow Grammable. We ended up being kind one of the landing spots for people to kind of truly understand what this protocol called OpenFlow, how it works, how things changed across variations. Dell actually took almost all of our material. We made it open source, but they took all of our material and basically stapled it as an appendix to all of their switch manuals. So that was pretty cool.
And yeah, that brought me to the attention of a certain General Keith Alexander and I joined him in, this is 2014, to run engineering for his private endeavor, company called IronNet Cyber. In 2016, I was recruited to be the CTO of a company called Security Scorecard, run the whole R &D effort up in New York. And...
William Kennedy (01:14:58.702)
So let me pause you for a second because the 2014 job is the first time you're not doing telco, per se. Because everything up to there is, OK, go on.
Jasson Casey (01:15:07.168)
Yes or no?
Yeah. So, reason why I say yes and no is everything that I've always done in telco has always been at the IP layer. So I never really worked on ATM or cell or those other protocols. I was always working kind of packet-based networking. And when you go back to the fundamentals of what I was doing in NetRake, we were basically doing kind of packet capture and manipulation at line rate at gigabit. And in 2001, 2003, a gigabit was state of the art.
the software-defined networking work that I was doing had moved into the range of 10 gig and 25 gig and 40 gig and like the 2010-2011 timeframe and When you look at what General Alexander was doing with IronNet He was basically doing behavioral analytics Which is line rate packet capture in a large data center environment
And you're basically trying to do real-time metadata analysis to find kind of the needle in the needle stack, right? Where is somebody running a C2 channel? Where is somebody doing this? So it's all the same techniques. And the other interesting thing is we had to do it on commodity hardware. We weren't allowed to design or build our own hardware.
And so now you're like, all right, how do I squeeze everything out of the computer I have? And so you're thinking about like, cache line misses and branch predictors and cache line predictors. And how do I structure my algorithms in a way to where the hardware is going to achieve maximal, both parallelism, but also like all the prefetching and pre-caching stuff. Like, how do I make that, how do I make sure that I'm not getting in the way of all of that magic? And it turns out.
William Kennedy (01:16:52.994)
Yeah, you're staying mechanically sympathetic with the hardware and networks and yeah.
Jasson Casey (01:16:56.172)
Exactly. So that was the commonality. And then I also found myself being drawn more towards problem sets of, I don't want someone to tell me what the network looks like. I want to discover what the network looks like with some level of certainty. And it turns out that's an intelligence problem. And so yeah, for most of the 2010s, I basically worked big data network intelligence. But it was kind of a natural follow on from the 20 aughts.
William Kennedy (01:17:23.47)
And then tell me how Beyond Identity sort of comes calling. How does that come? Are you going after that? Are they coming after you? You're a very mature man at this point. You know what you want. Like to get Jason to work with you, you really have to make sure that he's going to be super excited and interesting in it, right? So I want to hear about the recruiting of Jason for Beyond Identity.
Jasson Casey (01:17:44.938)
Yeah, so my wife.
Jasson Casey (01:17:49.933)
My wife and friends would debate the mature property. So 2019, I resigned from Security Scorecard and I wanted to start my own company. And I was going down this road of security analytics. And some of the observations I had taken with me coming out of Security Scorecard was,
William Kennedy (01:17:53.887)
Hahaha!
Jasson Casey (01:18:11.18)
The most likely indicators of whether a company will suffer a breach have to do with how do they manage passwords? How do they manage second factor? How do they manage endpoint patch management? Like those three things is really what the cyber insurers were deciding whether they were going to underwrite or not at least a mid-market company
And so I had a large amount of analytic ideas kind of cooking around from my experience of the past decade. And I was thinking about starting a company in that area, but I also needed a break, right? Scorecard was intense. I gave them three years. So I took a trip to Greece. wanted to sail a sailboat around the island. So we rented this 40 foot sailboat. was just me and the wife and a bucket of books. And we hired a captain because we didn't want to do it all the time. And I got an email while I was on that
trip saying, hey, this is Jim Clark. I want to meet you. I live in New York. And it's like one of the first books I read back way in Austin when I was at that telecom company, Point One, was a Michael Lewis book called The New New Thing. And it was about Jim Clark, the guy who created Silicon Graphics, the guy who created Netscape, the guy who created Healthion, which then became WebMD, along with some other things. And my initial response is, no, you're not. Delete.
William Kennedy (01:19:26.19)
Right, right, right, right. Like you see that email, you're like, you do a little bit of work, right? You view the source, you're trying to figure out is this legit? But at end of the day, you're like, this is phishing.
Jasson Casey (01:19:28.458)
Yeah.
Jasson Casey (01:19:34.229)
Yeah, was, well, it was also like, represent Jim Clark and those emails are usually just garbage, right? But the dude's persistent and I get a couple more during the trip and finally I just out of, I don't even know why I replied, but I replied saying, all right, sure, I'll meet you. And I'm back in New York next week.
William Kennedy (01:19:42.254)
Yeah
Jasson Casey (01:19:55.485)
And the other kind of prophetic thing about this like Jim is famous for being like super sailor, right? Like he's built some of the world's largest sailboat sailed around the world and done these Massive underwater productions and whatnot. So like it's it's I guess there are moments of what's going on at the time that like make me a little bit more sympathetic is like, alright, maybe I will respond
So get back to New York and I take a meeting with this guy and this guy works for this guy works for Jim and Jim Sirius is a heart attack and him and his business partner and two of his engineers have are wanting to start an authentication company. And they have a lot of experience with authentication around a system they had built for houses houses and boats. Like when I say houses I mean like really big houses. And when I say boats I mean like really big boats. And
And, you know, Jim's whole take is like, Hey, you know, we invented SSL back at Netscape and, you know, we solved the server authentication problem. We never solved the client authentication problem. And man, is it a pain in the ass. And I want to do that again. And I was thinking about it and it is techniques that he, that he devised. They felt very clever. But the thing that really did it for me was, wait a minute. From all the knowledge that I have, I know for a fact.
that if you can manage credentials.
In a way where they can't be stolen if you can ensure the device that's asking for access whether it's service or data Is safe enough for the access that is being asked for you can actually prevent most most incidents You can actually make an uninsurable company insurable and that was the thing that clicked for me that made it kind of exciting and So yeah, we joined forces when I say we joined forces clearly Jim's the big partner in this and I'm the pipsqueak but But yeah, we started originally the name was zero PW. We we
Jasson Casey (01:21:48.694)
created an office like two weeks after that first meeting. Eventually we changed the name to Beyond Identity, but yeah that was 2019.
William Kennedy (01:21:58.895)
I'm curious, did you ever ask them how they found out about you? Do have any idea why your name ends up on his desk?
Jasson Casey (01:22:06.988)
Yeah, I think it's actually just a coincidence, right? They described their search as they wanted to build a New York based company and they wanted someone who was in New York. They wanted someone who had a deep security experience, right? I run engineering for a couple of fairly sophisticated security outfits.
And they wanted someone who had actually worked at startups and not like any old startup, but kind of like tier one VC backed startups that kind of understood what that means, the good and the bad, right? And apparently that list is not very big. At least in 2019, apparently that list is like six people. And yeah, I got the, what is it? The short rows or the long rows in the dating game? Yeah, we had the best chemistry.
William Kennedy (01:22:54.066)
You got the rose. That's awesome, man. you basically, now I'm curious, right? It's 2019. Is everything just sort of like a white paper right now? Has anything been built? Are you walking into a green field or are you walking into we've got prototypes and now we got to figure out how to productize this?
Jasson Casey (01:23:17.612)
Well, Nelson, so the engineers Nelson and Mike, they had come from a previous company named Commandscape. And so they had worked this problem from a different angle for years. So they were very experienced and knowledgeable. But we basically clean room to the product. So we started, we started.
In 2019, now Nelson and Mike already had quite a few things laid down because I think they got started in like March of that year. Whereas I didn't really join the effort until September of that year. But we ran fast. We had our first POV in November.
And when I say POV, we deployed at a customer for a proof of concept in November of 2019. We had our first paid customer in March of the next year. We raised our first financing, I want to say, in like...
actually March of the following year. Now that was a friends and family customer. What I mean by that is everybody who's done startup probably knows what that means. But you know it's a company that's predisposed to like you because you've worked with them before or you're friends with them in some way. We landed our first non friends and family customer with Snowflake.
in like the third quarter of 2000. So that was our first legitimate win and they did it during their IPO process to help them with an audit finding, right? Like they, their developers were exporting certificates from their development machines to work on their gaming rigs and Snowflake, they had, you know, they wanted to always know what person on what machine with what security controls at what time.
Jasson Casey (01:25:01.58)
And so we helped them solve that problem in a way where the developers couldn't work around us. And yeah, it was a great relationship with them. They helped us build out other parts of the product with real operational user feedback. And yeah, that was the beginning of the race. We just ran fast.
William Kennedy (01:25:22.958)
So what I'm curious about from a business perspective is what is the cost of deploying this type of technology? And I know you're to say, if you don't do it, the cost is higher. But forget about that for a second. What's the real cost of hard cost of deploying this? And what kind of companies should be? I have a sp-
Jasson Casey (01:25:36.607)
Ha ha.
William Kennedy (01:25:49.423)
45 person consulting company we work for clients. Some clients send us machines because their security levels are high, right? So, you know, should a $5 million company be looking at this, a $20 million? What is the profile of someone who has to now seriously, take this seriously.
Jasson Casey (01:25:53.547)
Yeah.
Jasson Casey (01:26:09.866)
Yeah, so the generic answer, there's a version of this available for everybody. But let me talk about the profile of our customer, because that'll probably be more germane to your question. We focus on regulated companies that are generally regulated, critical infrastructure, defense, defense tech, governments, and big tech. So anyone who's the target of intellectual property theft, anyone who's the target
of kind of organized campaigns of extortion. Anyone who's the target of nation states, which turns out to be a lot of critical infrastructure, banking logistics. So, you know, there's a big war going on in Europe right now, right? That is producing a lot of cyber activity around critical infrastructure. There's the threat of encirclement and a war over in Asia, right, with China and Taiwan. That is...
producing a lot of kind of early reconnaissance and kind of like prepping the battlefield if you will. And then there's everything in between in terms of crimes of opportunity as well as crimes of let's go get some money. Our customer is typically, you know, they have a good security program, they have an EDR, they have an MDM.
they have a mature business and what we provide for them is a way to kind of leverage their existing security framework into their identity stack. So we'll plug into their Okta, we'll plug into their Microsoft Intra, we'll also plug into their existing EDR, Sentinel-1, CrowdStrike, Microsoft Defender. We'll tie all that together in what we call identity defense and the impact we'll bring to them is no more...
No more phishing-based attacks for anything that's access-based. Session hijacking prevention, man in the middle prevention for the purposes of session hijacking. And they'll see a reduction in security incidents. They'll see a reduction in help desk tickets. Like these are quantifiable. We see them in our existing customers. Our customers will reference this on calls. But yeah, our customer is typically someone who...
Jasson Casey (01:28:28.436)
already has a security architecture and either is compelled to operate in a certain way because of certain compliance or they sell into a marketplace that is and therefore they take some of that burden on themselves.
William Kennedy (01:28:43.724)
I feel like some of the biggest, I feel like the biggest threat is not from the outside, but from the inside. Like that employee that gets disgruntled, that had access to this or that, and now decides that they're going to do something like retaliatory, right? Whatever that is, right? I always feel like the the biggest jobs I've ever seen have come from the inside. so it seems like you're also able to monitor on the inside who's doing what at some level.
Jasson Casey (01:29:13.388)
So here's a way of thinking about it. When you have a system that's based on passwords and tokens or symmetric secrets, there's nothing about that token that tells you about the device someone's working from. So you have to assume possession equals authorization. So like, hey, this credential was used to access these documents. All right, from what device? Well, I have no idea.
Generally, it should only be these devices because we have these profiles in place, but I can't really say. So you have to take this conservative blast radius. When you're using a technology like ours that's hardware-backed and device-bound, just because someone's enrolled doesn't mean they have access to anything. You actually split the concept of enrollment and authorization. This gives you an ability to understand precisely, at the time of access request, what person, on what device, and what geography
with what workload on that device, right? So in the AI world, the question becomes like, what user authorized what agent running what model on what machine and what geography with what permissions for what time period. In a non-human world, it's kind of like what operator authorized what payload on what drone.
with what identity to go where, right? And in a workforce, it's all right, what worker on what computer with what existing security controls in what geography, right? Because GDPR and some of these national edicts are starting to kind of have teeth, is allowed to access what and for how long? So we can answer that precisely in a fine-grain way. And also produce an audit after the fact that's tamper-resistant.
William Kennedy (01:30:50.262)
No, it makes total sense, right? Like, there's a lot of companies that won't let you use your own hardware. There are some that do, but regardless, Knowing what machine it was done on, and it could only have been done on that machine, it almost doesn't even matter if it was me doing it because I've allowed my machine to be compromised. So it's still my responsibility at the end of the day, right?
Jasson Casey (01:31:13.952)
And the great, 100%, and that's one of the things with insider threat. Insider threat is a little easier to handle just because for the most part, the long arm of the law is always available for you on insider threat. As an insider, if you do something, you're eventually gonna be found out and you're gonna go to jail. When we're talking about general cybercrime,
Our chances of sending that person to jail from Minsk or St. Peter's is zero, right?
William Kennedy (01:31:45.504)
Yeah, yeah, yeah, you're right. North Korea or whatever, you're never getting to that person.
Jasson Casey (01:31:49.833)
Exactly. like there is no...
crime and punishment when it comes to some of this international activity. Insider threat by definition applies. They have a relationship with your business in some way, shape or form. That's not to say that it's not going to happen and you don't need to protect against it, but there's a lot more controls that you have on insider threat. We've actually seen a lot of companies focus less on prevention of insider threat and more on audit because if they can always guarantee a tamper-proof audit, they can always guarantee that that person is going to
to jail.
William Kennedy (01:32:25.112)
See, I don't know why, I know there's aspects of the blockchain where you want to be anonymous, right? But when crime happens there, you have no recourse, like you're done. But if the blockchain had this, where we're validating not just that you have a private key, but a private key also tied to this machine, and nobody else can use that wallet unless they're on this machine. Like that too would reduce sort of somebody stealing.
Jasson Casey (01:32:52.479)
100%.
William Kennedy (01:32:54.348)
your key and using it somewhere, right?
Jasson Casey (01:32:56.46)
You can see this kind of starting. I read an article the other day, so there's a video game called Battlefield 6 and there's a big controversy around it right now because the latest release wants you to run Microsoft Secure Boot. And the reason it wants you to run Microsoft Secure Boot is they're leveraging technologies very similar to what I've just described. Slightly different application, but they're using the same building blocks as cheat prevention.
Because when you do it this way, right, and you know what person on what device, you can also add in a couple things that basically say, this key will only work for this person on this device and also if the hardware or operating system drivers haven't been modified in a specific way, which is how some of these more advanced cheats work. So yeah, I think it could work on the blockchain. I think it could work in a lot of applications.
William Kennedy (01:33:45.007)
Yeah, yeah, I see it. seeing, I'm seeing it. It took me an hour and half, but I'm starting to see it now. Like why, why wouldn't you as an individual not want to do this? Especially where, like I go back to, if somebody steals your email, you're cooked, you're done. They reset everything in 10 minutes and you have no recourse. But if every one of those authentications was tied to the machine,
Jasson Casey (01:33:50.241)
Yeah.
Jasson Casey (01:34:02.157)
Mm-hmm.
William Kennedy (01:34:13.408)
And you could even geo-fence that.
You wouldn't panic when your password got compromised because it's not enough.
Jasson Casey (01:34:23.648)
The other crazy thing, or not crazy thing, but like really interesting thing, they're deterministic controls. They're not probabilistic. I'm not saying with 90 % certainty you're operating from this machine. I'm saying with 100 % certainty, under the only assumption that the manufacturer of this chip hasn't been compromised, it is in fact the exact same machine that enrolled this key.
William Kennedy (01:34:45.646)
Yeah. All right. I got one last question for you. love asking people of all sort of levels this question. It might be interesting to ask this question to some people over there as well. What keeps you up at night? As it relates to the business, right? What keeps you up at night today?
Jasson Casey (01:35:07.683)
Let's see, we protect some pretty high for a vile customers, so we're a target. And just like anyone, there's always things we could be doing better. There's always things we could start doing that we're not. I'm always thinking through those scenarios. From a business perspective,
You know, this is my first time being a CEO. I'm two years in the job now. So, you know, I'm operating a bit differently than I was a year ago, or certainly two years ago. But, you know, what do I not know? What am I missing? I certainly have instincts that I trust on anything that is infrastructure, tech, tech, defense related. But there's certainly areas where my instincts just aren't as developed, right? Like,
When you're pitching to an organization that doesn't value technology at all How do you how do you connect is? I shouldn't say it doesn't value technology at all But like it's not tech or security driven or or compliance driven like like that is You know, that's a harder thing for me and I definitely rely Rely on you know, pretty good team to kind of to help me and then also short short some things up there
William Kennedy (01:36:29.538)
Have you ever thought of joining one of these, I don't know if they still do it, but they were companies that started bringing CEOs together in small groups to mentor each other. Have you ever thought about that?
Jasson Casey (01:36:42.666)
Yeah. I think that's called group therapy. The funny thing is it kind of happens impromptu. So as a VC back tech startup that sells to the enterprise, you're obliged to go to the certain events throughout the calendar year. And at these events,
Everyone is trying to of vie for your attention to buy their stuff, right? Whether it's banking products, be let them invest in you in the next round or trying to sell you something. One of the fringe benefits of these get togethers is at some point in the evening, usually you're...
there's six or seven of you around the table. See, just CEOs and startups, right? And you're all slightly different shades of the same problem, or you're all suffering from slightly different shades of the same problem. And so yeah, these kind of group therapy things do show up. Yeah. I try to talk to as many CEOs and founders as I can, just because it's, you know, it's like reading, right? Like you're...
William Kennedy (01:37:36.854)
Yeah, no, it's good. It's good to have that.
Jasson Casey (01:37:50.389)
Life is short, your time is limited, you're never going to meet everyone, you're never going to see the world. So there are these other avenues to try and extend your experience or at least get proxy experience. And talking to other people in your role is a great way for that. It's also hard though, right? Because your role by definition is almost all consuming. And so you almost have to make time and seek some of these people out sometime.
William Kennedy (01:38:15.544)
So I'll tell you this, have, at a much smaller scale, I have the same problem. And I haven't been able to fix it at a small scale. I hate when I go to a website. Again, I am putting myself in this category, a company website, and I can't within like 30 seconds know what you do. My website is bad, dude. I look at it and I...
Jasson Casey (01:38:21.804)
Mm-hmm.
Jasson Casey (01:38:37.238)
Ha ha.
William Kennedy (01:38:42.604)
I started A-B testing at conferences asking people, which one do you like better? Because I can't figure it out. And I'm in the industry. And you have this word identity-based attacks. And it's taken me an hour, I think, understand what that means. so these are the things that drive me. You don't want to be in a place where you have to educate people. You want to somehow get them to click on.
I'm looking at your homepage and my brain's going, I wish there was some sentence about what identity-based meant to help me read the rest of this homepage so I could now really appreciate that I need this. I have the same sort of problem. I think lots of companies have this problem, especially with all the products that you have and all the different things that you're doing.
Jasson Casey (01:39:18.636)
Mm-hmm.
Jasson Casey (01:39:24.128)
Yeah.
Jasson Casey (01:39:32.321)
Yeah.
Yeah, for us, it's definitely, so message and positioning is hard no matter who you are. For us, we're definitely in the evangelism phase of what we do. Like what we do is not, we're not a category that already exists. Like we're just not.
And, you know, the simplest thing that I've come up with or that we've come up with that tends to resonate, because we do the same thing at the conferences, like, tell us which of this lands more, is it really just comes back to 70 to 80 % of the security incidents your SOC deals with today are actually preventable. You don't have to suffer letting them happen and then spend time chasing them down. You can actually prevent them by just plugging us into your identity stack. Like that's what identity defense is about.
If we want to double click a couple layers down, can tell you all about how it happens, how it comes about. We can take you through the MITRE ATT &CK framework and what are all the variations. But at the end of the day, really is about 70 to 80 % of what brings risk to your organization and where you spend time could actually go away.
William Kennedy (01:40:43.374)
It's almost like you have to meet somebody who recently had the pain because, right? Because think about it, like again, I'm a small company, right? And I don't have this pain. So it doesn't resonate with me as much as it should after talking to you for an hour and a half, right? And so you almost have to convince somebody that there's pain here, even though you're not feeling it yet, I guess. So comp, it's interesting, right?
Jasson Casey (01:40:59.404)
Yeah.
Jasson Casey (01:41:07.02)
So, yeah, so for the folks that we target, they almost all have SOCs, security operations. And so that number is quantified. Like their CIO or CFO signs off on a budget in both headcount and tooling and time and materials for third parties to come in and help. So like it's very quantified.
There's also a help desk angle. Like when you think about old school identity access systems, a certain amount of the help desk is always working on account lockouts and resets. And so that number is usually known at a large organization as well. Like in the companies that we deal with, that in itself is usually a million dollars a year in expense, just dealing with account lockouts and password resets.
William Kennedy (01:41:58.798)
Yeah.
Jasson Casey (01:41:59.564)
And it gets even higher in businesses that use like outsourced consultants and contractors and whatnot. So there's ways of quantifying it, but you're right. You have to be a certain level below a certain size organization or below a certain kind of security risk. It ends up being more around good hygiene.
Right? So like we have a, we have this thing called an accelerator program where we'll let like pre-financed startups or essentially people with real risk, but without any sort of material budget, we'll let them have access to the product, essentially gratis. But they also know they're a target, right? They're like an NGO and they do, they do reporting in hostile areas or, or they're a defense tech or defense accelerators or that sort of thing.
William Kennedy (01:42:54.872)
So I have a client who's, really in the AI platform business, companies that don't want to run in the cloud. They want their own stack. They want to be SOC 2 compliant. They make me run that Drata software. But between you, me and the wall, Jason, okay, I have to make sure my hard drive is encrypted and I have to do, like, it didn't give me the warm and fuzzy that I'm like, like doing anything real to earn SOC 2.
Jasson Casey (01:43:15.094)
Yeah.
Jasson Casey (01:43:23.685)
Welcome to Checklist Driven Security.
William Kennedy (01:43:25.742)
You know, like, just, it just, whatever you need, man. I'll do these things, right? But I, like, I, yeah, I'll do whatever you want. But I don't know, dude. It didn't make me like want to go to sleep. I didn't sleep better. Let me just say that.
Jasson Casey (01:43:42.39)
You
Jasson Casey (01:43:46.349)
The, yeah, so security compliance is interesting, right? But SOC specifically, like if you ask yourself, how many, do companies who have SOC two not get breached? And there's a very clear answer to that, right? With that said, this is just how compliance works the world over. If you want to do business with someone who falls under a certain regiment, you have to follow that regiment if you want to work with them, which you experienced. Yeah, so there are things.
William Kennedy (01:44:12.172)
Yeah, yeah. I don't know. Some of it makes me laugh.
Jasson Casey (01:44:16.542)
Yeah, there are things that we actually one of my funnest interactions and I say this facetiously with an auditor was we're going through an audit and they were getting to like the password management section of the audit. They're like, well, show us how you rotate your passwords. And I'm like, well, we don't have passwords in our system. They're like, well, I guess you're failing this finding. And I'm like,
William Kennedy (01:44:36.184)
Hahaha!
Jasson Casey (01:44:39.41)
And you'll get people that, and this happens in all industries, right? But you get people who follow a checklist that don't really remember the root cause of why the checklist exists in the first place. And that can be quite frustrating at times.
William Kennedy (01:44:52.984)
Yeah. All right, dude, we are like so out of time. I just couldn't, I couldn't cut us off early. And yeah, we could have, we could keep talking. I'm really enjoying the conversation, but we're out of time. for the people that have been listening, we'll get this in the show notes. If somebody wanted to reach out and talk to you about the product or had a question from what they heard, what's the best way for somebody to reach out to you?
Jasson Casey (01:44:56.268)
Alright.
Jasson Casey (01:45:03.232)
Cool.
Jasson Casey (01:45:18.592)
Yeah, so a couple different ways. You can hit the company in general on the website. I'm on LinkedIn and post fairly regularly. You can hit me directly on there. I'm on Twitter, I guess X. I'm more of a lurker. I don't really post a lot, but you're welcome to kind of hit me up there too. And yeah, we come to most of the security shows and we have a heavy presence in New York and the Bay and Texas and DC.
William Kennedy (01:45:48.408)
Brilliant. You don't get out to the shows though, right? have people doing the conferences? you do. Okay.
Jasson Casey (01:45:52.98)
I do. I'm dialing it back a little bit, like, think, yeah, this summer was crazy. was home. I was only home for like three weekends the entire summer. Combination like customer travel, show travel.
William Kennedy (01:46:03.596)
Yeah, just, I did three weeks straight recently and I used to live on the road, but now it just burns me out, man. just, three weeks is, I get it. You just want some time home. I totally get it. All right. So this is the OnLabs Podcast signing off. Jason and Bill hope to see everybody again real soon. Thanks, Jason.
Jasson Casey (01:46:16.32)
and
Jasson Casey (01:46:26.359)
Thanks for having me.
TL;DR
Full Transcript
William Kennedy (00:02.422)
Welcome to the Ardan Labs podcast. Our special guest today is Jason Casey. Jason, dude, thank you, bro, for hanging out with us for the next hour, hour and a half, man. I really appreciate it.
Jasson Casey (00:13.836)
Thanks for having me.
William Kennedy (00:15.768)
All right, so for the few people on this planet, Jason, don't know who you are, give everybody the two minute spiel on what you're doing today. But focus on today, and I you to leak anything out. This is a talk about you, your journey. So just today.
Jasson Casey (00:33.548)
So my name is Jason Casey. I'm the CEO and co-founder of a company called Beyond Identity. And yeah, what I'm focused on today is
reducing or preventing security incidents at companies by actually focusing on this thing we call identity defense. We believe 70 to 80 percent of all security incidents, some of which grow up to become breaches, are actually failures of the identity system. And when you kind of systematically look at it, you can get the data and the proof out of threat reports, whether it's Mandiant, Verizon, DBIR, or CrowdStrike. When you look at the history of identity products, you can kind of see why they were built around productivity concepts. How do I get you to work fast?
necessarily built around security concepts. again, like it doesn't take too much to peel back the onion. Think about how much a credential, whether it's a password or an access token, actually tells you not just about the person, but about the device, the workload of the device, the safety of the device, the geography of the device relative to what service or data it's asking for. I've been in security long enough to kind of get me to focus on this in the last, really since 2019. And I think this is the big
The threat to the world right now is identity related exploitation and think identity defense is the best way of solving it through 80 to 90 % prevention and 10 to 20 % detection response.
William Kennedy (01:59.897)
So before we jump into the time machine for a second, anything security-wise always drives my brain crazy because it's such a very large, almost generic sort of topic. So when you say identity, two things. The first thing that popped in my head was the way you were talking was how I'm authenticating into systems. But then my brain went into like the life lock situation where I'm trying to
keep track of anything happening on my credit report, right? So are you talking about both, one or the other, or they're just so, it's a gray area?
Jasson Casey (02:32.353)
Yeah.
Jasson Casey (02:36.108)
you
Jasson Casey (02:39.692)
So if you put on your nerd hat, clearly it's all black and white and there's identity assurance, there's authentication assurance, there's authorization and there's audit and these are three very different things. But if you switch out for the pragmatist hat, they're highly related and if you're not thinking about all of them when you're kind of building out your architecture or whether you're building your product or your company, you're very likely going to not leave the window open but build a hole in your building that
that people and things can come straight in through.
William Kennedy (03:13.294)
See, I hate OAuth. I hate it. I hate it. Anytime that comes up and it's my only option, I get very angry. Like I just don't want to use that for authentication. And then a lot of times I go back into whether it's Google or GitHub and I remove it because it's, I don't know why. And I've coded it. I've had to, like I've been asked to do it and I hate it. I like having a separate username or password for everything. But at the, sort of at the same time,
Jasson Casey (03:15.723)
Ha ha.
Yeah.
Jasson Casey (03:38.365)
Mm-hmm.
William Kennedy (03:43.823)
I love the ideas that Blue Sky are putting forward with this sort of single identity that was tied to DNS. like nobody could really spoof who I am because unless obviously anytime you get my email address you can change everything on the planet. Which was a hard lesson I had to teach my daughter one day. But I kind of like that idea that your identity is in one place, maybe decentralized and
Jasson Casey (03:52.801)
Mm-hmm.
Jasson Casey (04:01.537)
Mm-hmm.
William Kennedy (04:13.25)
You can sort of carry it yourself. Have you looked at what Blue Sky is doing with that protocol?
Jasson Casey (04:18.188)
I haven't the the the ideas that we're really kind of wedded to is Around authentication assurance should be what we call device bound and hardware backed
And these ideas are 30 to 40 years old. They got their start originally in DRM, digital rights management, whether it was for gaming or for media. But at the end of the day, they've had a resurgence in trusted computing. And the idea is really, how do I know what, if I'm software, how do I know what hardware I'm running on?
If I'm hardware, how do I make sure I only authorize the correct software to use these certain hardware capabilities? And we're not a big believer in kind of like, what's the word?
probabilistic controls as a primary defense. We're a big believer in deterministic controls. So when we talk about authentication assurance, we're not saying we know who you are with respect to some government entity. What we're saying is I know exactly that you are the same device and user on that device that visited me yesterday is visiting me now.
William Kennedy (05:27.299)
Mmm.
Jasson Casey (05:32.765)
under the assumption that the hardware manufacturer of this Infineon chip has not been, their supply chain has not been compromised. Like that's the level of hardware assurance that we're looking for. And so we say hardware backed device bound. What we really mean is hardware backed is you're using these special co-processors to manage these signing keys for authentication. And when you move from secrets that have to be shared to signing keys, you don't have to move or copy a piece of data around. If you don't copy it around, you're actually drastically
reducing what is one of the big root causes for compromise. And then when we say device bound, what we really mean is flipping that switch in the hardware that guarantees that key can't actually be read off that crypto processor. will never end up in memory. Like it's literally not readable. So it's hardware backed and device bound. It's a very concrete thing. And we think, at least for authentication assurance, that is the only gold standard because it gives you provability back to a manufacturer.
William Kennedy (06:05.996)
Yeah.
William Kennedy (06:31.586)
Gotcha. Yeah. What's interesting to me about security is that the more secure you want to be, the more inconvenienced you have to be. Right?
Jasson Casey (06:41.324)
Now, I would argue this to, yes, historically that's true. I would argue that's changed. Do you have an Apple phone or an Android phone?
William Kennedy (06:45.921)
You
William Kennedy (06:50.456)
I have Apple, MacBook, and phone.
Jasson Casey (06:52.862)
Okay, so do you ever use Apple Pay?
William Kennedy (06:57.024)
I do occasionally, when I have to, when it's, maybe in the apps I've been using it more because it's a double click, right?
Jasson Casey (07:03.948)
So maybe this is more of a good story for the audience then. If you have Android phone or an Apple phone and you ever use Google Pay or Apple Pay at the coffee shop to buy a cup of coffee or a cup of tea, you never do that.
William Kennedy (07:15.542)
yeah, I never do that. Never.
I feel like I'm aging out a little bit, but my wife does it all the time. My wife does that all
Jasson Casey (07:23.424)
Well, your wife is actually using a hardware-backed, device-bound, high-security mechanism to do something called single-device, multi-factor authentication to pay for a cup of coffee. And for her, it's seamless. It's effortless. But from a technology perspective, it's way more secure than the password manager you probably have and that second-factor device that you have.
William Kennedy (07:46.959)
But you're saying it's more secure because nobody could really steal that signal or take a picture of the card. There's no way to basically reproduce the transaction in some form or another.
Jasson Casey (08:04.178)
Exactly. it's the same concepts exist in blockchain. The reason I'm saying it's secure is ultimately so let's back up a little bit. If we want to talk about the fundamentals of security. So let's go to the fundamentals of security.
When I authenticate traditionally, I do it with a shared secret, right? A password is fundamentally a shared secret. You know the password ahead of time, I know the password. Same thing with like a TOTP fob, right? There's this thing called a seed and the seed is a pre-shared secret. That's how, you know, we rotate and we're taking a random walk, but we're taking it together. That's kind of how we're able to kind of prove that we possess the same thing.
These secrets, we argue, are actually one of the root causes of today's security incidents. And our argument is, by definition, a symmetric secret has to be shared. And the act of sharing leaves a shadow in memory of every device I ever talk to or every device I go through. And that is an indefensible surface area.
that has to be protected that adversaries can basically just hoover up credentials from and that's why the bad guy generally logs in today. They don't break in and if you could move from a shared secret to an asymmetric secret where it doesn't have to move right the secret thing doesn't have to move I could shrink that surface area right I could really eliminate that attack surface if I could do it provably right this hardware bound hardware back device bound method
I could do it under hardware level guarantees that that key can't move. That is a level of kind of assurance and trust that actually is kind of gold standard in high defense applications. the mobile payments industry is kind of spoon-fed it to us with sugar through mobile payments.
William Kennedy (09:55.799)
I can't disagree with you because I have a password manager and I make sure that no account is using the same credentials. So if something gets leaked there, right, the surface area of what they can get to is so, but I'm a, at that point, I'm an expert user. Nobody does that, right? Everybody's got maybe three passwords. Even the 17 year old just went to college. I had to put her on a password manager because I was like, you can't do this. Right.
Jasson Casey (10:24.204)
So I would argue even then, you're containing the blast radius, but you still have a significant problem. Like right now, we see a lot of threat actors man in the middle in connections, and they're doing it in very, various different ways. Some of them using kind of the high levels of sophistication of they control a telco and they can interdict the TLS connection, but others are actually doing it through fairly low tech applications. They're compromising a third party that you're using as a third party load balancer or content distribution network.
or a third party managed message bus, or a third party managed service mesh for your Kubernetes cluster. So modern developers today essentially open their TLS connection four to five times to third parties in almost every application they build.
yet still treat that connection as if it's supplied end-to-end trust. So in that scenario where they have a password manager, you have a unique password for each service, that password for some of those services actually still does exist on the dark web in certain access brokers and can be purchased. And you ask, how in the world I use a password manager, I never share it anywhere.
Well, the fact is it has to be shared through usage and it's not actually going between you and the service. It's going through a ton of services to get to that service, all of which can be attacked, all of which have insider threats. like things that move are actually the problem when it comes to authentication.
William Kennedy (11:51.033)
So Jen Jason, how do you sleep at night or let's say it make it worse. How do you log into your bank at home with your brain sort of probably like, right? You start to visualize everything that's happening at the moment you sort of log into the bank, right? Like how do you sleep at night at that point, dude? Because I think it could be overwhelming for somebody like you that like has a visualization of this.
Jasson Casey (12:03.659)
Yeah.
Jasson Casey (12:13.44)
The, well, there's two things, right? Like number one, you could focus on all the bad things in the world and essentially never get out of bed. Or you could take what you can control and get out of bed and get excited to go do that, right? And that's kind of like our mission here.
William Kennedy (12:17.006)
You
Jasson Casey (12:34.218)
Whether it's with us at Beyond Identity or another company, we feel very strongly the whole world needs to move to identity defense. And identity defense really at the center has this concept of this hardware-backed, device-bound credential management. There's a couple other concepts there as well, but by doing these things...
You're not going to eliminate all incidents, but for the modern organization, you're going to eliminate 70 to 80 % of the SOC ticket workload, right? And that is actually absolutely doable.
And maybe you're thinking, hey, I work more on the product side. I don't really have to worry about this. You do as well, right? Think about that access token that you're sharing out. Like, is it really a shared secret? Are you really doing proper HMAC on that access token? Or is the service that you probably included by doing 30 minutes of research really doing the right thing?
Because again, like the adversary doesn't have to break in, they can log in. A lot of these initial access brokers will actually sell these access tokens. In fact, this big activity with SalesLoft and Drift that we've been reading about in the news over the last two weeks is in fact exactly that. Compromised access tokens basically being reused to access Salesforce accounts and where organizations had kept proprietary information, sometimes even secrets,
William Kennedy (13:57.262)
Bye!
Jasson Casey (13:59.487)
It's just getting kind of hoovered up.
William Kennedy (14:01.954)
Yeah, no, no, no. I hate security, man. Boy, do I hate security. I try to tell everybody, don't write your own. You got to find the things out there that are certified and work. Don't write your own. The last thing you want is somebody walking in going, all where'd you get this from? I wrote it. Yeah, no. No, not going to work. All right. We want Casey writing them is what I was about to say. Jason Casey wrote this. We're fine.
Jasson Casey (14:04.563)
Hahaha
Jasson Casey (14:19.884)
Yeah, it's a sorry.
Jasson Casey (14:31.404)
Yeah, I don't know about that. I haven't put code in production in a few years, you definitely want security protocol professionals, crypto protocol professionals. That is a discipline, that is an area of training. don't just wake up one morning and start doing it. You get mentorship, you do studying, and you practice.
William Kennedy (14:31.598)
You
William Kennedy (14:53.582)
All right, this was awesome. We're going to come back to this, but I got to get you into the time machine, Jason. So a couple of questions before we start here. What year did you graduate from high school and where were you on the planet?
Jasson Casey (14:58.73)
Okay.
Jasson Casey (15:09.26)
Oh wow, high school. I graduated from high school in 1997 and I was in northern Houston, Texas.
William Kennedy (15:19.342)
Houston, Texas. Okay, perfect. 97. I graduated in 87, so I got 10 years on here. All right. Now, I want you to clear your mind, clear your head. Don't think too hard. I want that first memory of you sort of working on a computer, making the... That first memory you have of making the computer do something and you were like, wow, this is cool.
Jasson Casey (15:22.892)
Thank you.
Jasson Casey (15:40.013)
First memory of working on a computer was probably in the 80s. My dad brought home what he called a laptop. He worked in the oil industry. This laptop was a, it was the size of a toaster oven, like a large toaster oven, and the keyboard flipped out of the front face. I don't, I don't.
William Kennedy (16:02.466)
Was this a K Pro? Was this a luggage, like a suitcase? This might have been a K Pro, man. I had one of those, dude. The keyboard locked in and it came off. Orange? Mine might have been green, but yeah. I can imagine exactly what your dad just came home with.
Jasson Casey (16:07.084)
Yeah, it looked it looked like a suitcase it looked like us
Orange screen.
Jasson Casey (16:17.953)
Yeah.
Jasson Casey (16:21.746)
And you basically booted with the floppy and it had the classics, right? had Oregon Trail. It had some card game. then it had an operating system, which I really don't remember.
William Kennedy (16:24.674)
Yep.
William Kennedy (16:39.042)
Was it CPM? Was it CPM? I watched it, write down K Pro 2. They used the Roman numerals for that. I just looked that up later. I'm sure there were a couple companies that were doing it, but that would have been like 85, 86. K Pro was putting out those portable machines.
Jasson Casey (16:45.42)
All right, K Pro 2.
Jasson Casey (16:50.014)
Okay.
Jasson Casey (17:01.578)
I remember that, then I remember getting into simulation games, and then I remember someone introducing me to this concept called a modem. And you could hook your computer up to your phone line, which was a sure way of getting your mom to yell at you.
William Kennedy (17:11.662)
William Kennedy (17:16.75)
When she picked up the phone, because all moms lived, all those landlines had that device on the back of it so they could go like this all day and yeah.
Jasson Casey (17:25.876)
Yep. Yeah. The, and there was nothing worse than being in the middle. Actually, this is later. This is in the nineties, but I'm in a dog fight with a buddy and my mom picks up the and it all, it all, it all goes south from there. But yeah, the earliest memories with the computer were, honestly discovering games. I just, I explored some of the games on my dad's computer. thought the, the concept of the operating system and the organization of it was fascinating.
William Kennedy (17:37.228)
Hahaha!
Jasson Casey (17:54.829)
First time I learned a program was on one of those, it was slightly more advanced machine, but it was still like an orange monitor machine and the language was like Pascal. Yeah. Yeah.
William Kennedy (18:01.294)
What was that? Pascal. Okay, that's fair. I never got into gaming, even though I was programming in the 80s. I was writing games I couldn't even play. I'm just not a gamer. So even as this whole revolution of games, you my kids got into it. It's not me. But did you, even at your age today, do you still, do you enjoy playing those games on the whatever it is today, the Xbox, PlayStation, whatever?
Jasson Casey (18:11.819)
Mm-hmm.
Jasson Casey (18:23.916)
I love the nostalgia and the idea of playing games. don't have a lot of time for it. in high school for me, the computer games I loved the most were like simulations. It was like F-19 and...
William Kennedy (18:31.918)
you
Jasson Casey (18:49.58)
It was a bad simulator, but it F-19 Strike Fighter, I think it was called. And then there was another one called Falcon 3.0 and then later Falcon 4.0. But I did get into things like Police Quest and King's Quest. there's another example of something they would have never made today. Larry the Lounge Suit Lizard. They were Sierra games. They were Sierra games. But this also from maybe like the...
William Kennedy (19:09.784)
Yeah,
Jasson Casey (19:16.788)
either the really early 90s or the late 80s.
William Kennedy (19:20.366)
So that means, you going, did you have like the arcade in the community? Because I wasn't even into the arcades, honestly. I don't know why, it just never appealed to me. Were you doing that stuff too?
Jasson Casey (19:32.193)
I love the arcades, but honestly the arcades required money. Whereas my buddy lived down the street. I had a, he was like the friend whose dad was rich and well traveled. And I think his, I don't, can't remember if he worked for a Japanese company or if he serviced a Japanese company, but he would go to Japan on a fairly regular basis and come back with all of these exotic toys.
William Kennedy (19:36.31)
Yeah.
Jasson Casey (20:01.13)
And they were games, but they were also ways of like ripping games. And let's see, I lived in like Lafayette, Louisiana at the time. So this would have been like sixth grade, seventh grade. I don't even know what year that would have been. Early 90s.
William Kennedy (20:05.55)
William Kennedy (20:16.974)
That would have been like 93 maybe, 92, 93, six years prior to graduation. Maybe, oh no, yeah maybe.
Jasson Casey (20:23.274)
Yeah, probably earlier than that, because in 94 I was already back to Houston and I lived in Corpus Christi and then Victoria, Texas before then. But yeah, we moved a lot. yeah, gaming today, it's maybe a fantasy that I have in a moment when I'm thinking about what would I do if I actually have time. Also games today are very different, right? Like games today are like these massive movie style experiences.
William Kennedy (20:51.414)
Yeah, yeah, yeah.
Jasson Casey (20:52.052)
I mean, they're fun. Every now and then over the last decade, I'd buy a game around Thanksgiving and I'd play it for a week or two with my nieces and nephews when they would visit. But my adult gaming is kind of limited to that.
William Kennedy (21:06.062)
See, I'm not a gamer, but what is fascinating to me now is the leveraging of the AI for the, what do they call them? NPCs, non-player characters or something, I don't know. But the idea now that you run a model now there and let, that takes on a right? Like the game now just takes on a real life of its own once you can sort of leverage that, especially with the way these models are reasoning today.
Jasson Casey (21:14.506)
Non player.
Jasson Casey (21:27.795)
yeah.
William Kennedy (21:33.544)
It's almost like you're coding a game and there's nothing deterministic about it, almost at all at some level.
Jasson Casey (21:39.853)
You'd probably get a different experience every time. You know, there's an author, Neil Stevenson. He wrote... What book did he write? There was a book that he wrote maybe 15 years ago where he went into a lot of depth about the NPCs. okay, I remember. It's called Reamde. R-E-A-M-D-E. And he goes into this elaborate depth of the NPCs in the game and how...
that they actually were, how they were actually coding it up, how they were using certain things, and this was all backstory to the real story that he was telling, but it was incredibly prescient in terms of the art of what's possible in kind of these massive multiplayer online games where you need to bring kind of artificial constructs to interact with real people in a way that makes them feel like they're getting something out of it, but still scales to make a business work.
William Kennedy (22:38.99)
It's wild to me. What's... No, no, yeah, again, and that's a whole nother level of programming too. People are like, they talk to me about games. I'm like, yeah, no, that's another, whole nother genre of software development that you kind of have to learn. All right, but let's talk about high school just a tiny bit. What else were you doing in high, like, right? So from 94, let's say to 97...
Jasson Casey (22:40.555)
Yeah.
Jasson Casey (22:55.51)
Yeah.
William Kennedy (23:06.552)
What are you into in high school? You playing sports, you're band, you're like, what are you doing?
Jasson Casey (23:13.572)
I was on the tennis team. played tennis competitively, least until I got to the Woodlands. And then I ran into people that were ranked in the nation, like top 50 sort of thing. And I realized I wasn't that good.
William Kennedy (23:32.385)
Isn't it crazy when you meet somebody like that? You're playing competitively. feel like, you know you're not there, but you don't feel like you're that far off. And then you meet somebody like that and they just kick your ass. Like with no effort. And you're just like, okay. It's happened to me a couple times in ping pong or racquetball or basketball where it's just so humbling, man.
Jasson Casey (23:37.803)
Yeah.
Jasson Casey (23:43.147)
Yeah.
Jasson Casey (23:54.059)
Yeah.
Jasson Casey (24:00.307)
It's also incredible to see someone play at that level from an inspiration perspective, right? That like the art of what's possible. But then you peel back the onion and you learn a little bit about them and they've, you know, they've been doing, they've been...
They were almost born with a racket in their hand. Their parents sent them to live away camps once they were about six to seven years old. Like it's a very different childhood. It's a very different experience. So like they're, they're certainly freaks of nature and talent, but they've also made some very, or at least someone's made some of these choices for them, very conscious trades to get to that point. But yeah, we had a couple of those. for sure. For sure.
William Kennedy (24:35.95)
But you still need the DNA. Like, I don't care. You still need the DNA to be able to play it that know, hours and practice. You understand what I'm saying. Yeah.
Jasson Casey (24:50.348)
You've got to be in the right place, you've got to have the innate capability and you've got to pretty much give it everything you have.
William Kennedy (24:56.568)
But you lose your childhood. I had some friends who lost their childhood and the parents would never accept that they weren't going to get to that level. Like at some point you, even with my son playing ball, like at some point I looked at him and I said, I'm glad we're playing at this level, like, you know, travel teams and all that. we have to, reality is now setting in, right? Like these kids are maturing faster than you. They're doing more than you.
I don't mind doing this, but, right? And he even turns around and says, yeah, you know what? I'd like my life back. Good. You know, it's tough.
Jasson Casey (25:27.788)
Yeah.
Jasson Casey (25:33.429)
Yeah. Well, that, I mean, that was kind of the moment for me, right? I got to that unit. So I moved a lot as a kid. And so we moved to this new high school, I think right in the middle of 10th grade between fall and spring.
And I get there and I had been, you I wasn't the best, but I was decent on the tennis team from the place I was coming from. And I get to this place, it's very obvious that like, I'm not gonna, I'm not gonna improve fast enough to compete at the level of these people. And so I took the moment and actually kind of dropped out of the tennis program and decided, well, this is a high school that's kind of set up like a university. There's a fall and spring.
Classes only run for a semester at a time. You only take three or four per semester. And they had a really big catalog. I was a big reader. I was into learning things. I really liked science. I liked math. And so I took the extra time because I didn't have to take athletics or tennis as a course anymore. And I took chemistry, and I took geometry, and I took physics.
William Kennedy (26:17.326)
Wow.
Jasson Casey (26:42.826)
That, I would say, kind of got me excited and interested in these other things.
Coming into that high school, I wasn't really on the advanced track, right? Like I hadn't, I hadn't taken, the geometry and I was a sophomore and generally like that's if you're, if generally you do that either your eighth grade or ninth grade, if you're on the more advanced track. But by the time I graduated, I, I had taken like, two, two courses in biology, two courses in chemistry, molecular genetics, two courses in calculus, two courses in physics, placed out of all of them from.
from an AP perspective and all in a of a short period of time and that was afforded partly by kind of realizing, hey, I can't compete with tennis, what else is there to offer?
William Kennedy (27:32.568)
But I'm kind of curious when you go back to your parents and say, I don't want to play tennis anymore. Were they the cattle? They were, right? OK. that wasn't going to be a fun conversation to have.
Jasson Casey (27:39.68)
they were disappointed.
Jasson Casey (27:46.891)
Yeah, but I mean, when you're 14, 15 years old, like how much are you actually thinking? You're not that empathetic. In fact, you're probably more of a psychopath. I didn't... Really?
William Kennedy (27:56.899)
I don't know about that. I don't know about that. mean, I could, I don't know about that. Especially if this is something that your parents are pushing, right? You just don't want to be in trouble or you don't want to be disappointed. You just don't want to be bothered, right? That's why you do things sometimes as a teenager, because you just don't want to be bothered.
Jasson Casey (28:15.04)
Yeah, I guess for me it was, knew I was gonna, I knew it was gonna disappoint them, but I didn't care.
William Kennedy (28:23.414)
No, that's good. That was fair, right? That was good. But it ended up, but it's interesting that you, you had it. What I want to explore there for a few minutes is was your ability to do all of that in two years, discipline or passion? Because that's hard for somebody that age to be that sort of mature, sort of rip through all that material in two years, especially now you got your freedom.
Jasson Casey (28:25.857)
Yeah.
Jasson Casey (28:51.21)
I would say it was a mix. So some of those courses I didn't want to take and my parents forced it on me, like English, the advanced English courses and literature courses. growing up, my experience was very much, you're going to, there were always high expectations and you...
there was always more on the table for you to achieve. So why weren't you doing that? like some of it was, was that some of it was passion. So like I was introduced to the concept of physics. I didn't really understand it. I took a physics course, my first physics course. Actually, I'll never forget the teacher is Ms. Monroe. And I thought the class was the coolest thing ever. Like, wait, what do you mean? I could actually predict.
Where this car is going to stop? What do mean? I could predict the flight of a ball What do you mean? There's a there's a model for reality Like these concepts kind of blew my mind and so that was absolutely a passion I would say math I I didn't have a great pre-cal teacher and so I rolled into calc almost as an obligation I don't think I did that well for the first semester
And then I realized, oh, wait a minute, the physics stuff I'm really interested in requires me to actually have a really good grounding in calculus. And so actually, I'll never forget the story. My calculus teacher, my senior in high school, called my parents suggesting I drop out of the class. And I don't think I was doing well that first of all. think was getting like a C or something. And I basically just taught myself the course in the spring.
William Kennedy (30:25.23)
Yeah.
Jasson Casey (30:33.876)
And I aced that exam. Like I actually got a perfect score at the end of the year on it. But it was motivation. And it was because I realized I needed this to do this other thing that I really got excited by. And that really excited by thing was physics.
William Kennedy (30:48.664)
See, I love that, right? Because this is the, from a parenting perspective, right? When you have kids at that age, if, till they find the thing they want to do, they're just not going to be motivated to do anything. My girls found early, like near the end of high school, what they wanted to do and have excelled ever since. My boys didn't find it in high school and they're just sort of finding it now at 21, 22.
Which thank God they're finding it because now they're stable and now they're right. have that, that goal. So anytime I hear a story about somebody in high school, sort of finding that thing they want to do or passionate, it's for me, it's a beautiful thing because it allows that person to kind of get on that road a little sooner. You seem to have found it in physics. So then I imagine that when you're going to graduate high school, you want to sort of pursue the physics. that like, where's your head?
Jasson Casey (31:30.7)
Mm-hmm.
Jasson Casey (31:43.117)
Yeah, that actually was it when I.
So when I, when I applied to college, I applied to the physics and engineering programs and my thought process was, Hey, I love physics. I've been, and you know, my, my, my, my second physics teacher also loaded me up with all these books. so I'd read, you know, everything written about Feynman written by Feynman. I had the Feynman lectures that I would listen to in the mornings when I was, you know, had an hour or two before class. So I was all in for physics, but at the same time, I didn't know a lot of physicists and it didn't seem like
they got jobs outside of university.
And so I thought I needed a backup. And so my plan was to double major and I'll do this thing called electrical engineering because from what I can tell, my dad was a double E and it seems like double E's can get jobs and double E seems like the most physics oriented engineering program I could, I could go to. So it kind of felt like I was not necessarily stepping too far away from the thing that was truly fascinating to me.
Yeah, that was how it started.
William Kennedy (32:52.558)
That's interesting. So what universities end up going to, or at starting at?
Jasson Casey (32:57.868)
University of Texas. I applied to a handful of universities. I got into a subset of them. And then I was faced with the cold hard reality of like university costs money. I was a Texas resident and UT Austin was like a top 10 school for what I wanted to do. And it was also like, I know it's more expensive today, but even
Even then it was, I think it was like $5,000 for the entire year. Like it felt like a steal. I could get a subsidized or I could get some sort of government loan to like pay for half of it. I could get a job to pay for the other half. It wasn't going to be complicated to figure out how to pay for it. And it was again, like a top 10 school. And the other thought process was,
It's a big enough university where if I screw up and this isn't really what I want, there are other things there.
William Kennedy (33:57.689)
Yeah. Yeah. Plus they got a hell of a football program. So you're to have some fun on Saturday.
Jasson Casey (34:01.822)
yeah, we walked into some pretty epic football. I'll never forget. I'm not a huge football guy, but I did go to almost all the home games that first year. Saw Ricky Williams play. Saw Major Applewhite step in off the bench and just literally right off the bench throw a long, long pass for a touchdown. I saw some really, really great college players then.
William Kennedy (34:28.696)
Yeah, don't know. When my daughter, number six, my stepdaughter was looking at colleges, we were kind of nudging her towards Notre Dame. She's at St. Mary's now. But I kept telling her, you want that football experience. You need that school that has that sports, because I feel like it adds another sort of dimension of getting everybody sort of together, right? Now you've got alumni. Anywhere you go on the planet, right?
Jasson Casey (34:51.222)
Mm-hmm.
William Kennedy (34:55.284)
And you sort of have that. I don't know. I think it's an important part of that, being part of that university, having that connection with others that you've never met. You walk by the airport, you're wearing the colors, right? Yeah.
Jasson Casey (35:06.89)
It's instant community. It really is.
William Kennedy (35:12.29)
So you go there, what was your, I'm assuming that you graduated from there, you finished that four year degree. So one of my favorite questions is always like thinking back on those four years and I'm assuming you got your, majored in electrical and you got a minor in physics or you did both?
Jasson Casey (35:36.275)
I realized I couldn't do both and swing a job. And so I gave up on the physics double major. I did the double E. My focus was on computer engineering, I think like micro architecture, embedded systems, that sort of thing. And yeah, I worked at a
I worked writing software at the same time as a way of kind of helping pay for things as well.
William Kennedy (36:07.712)
I was going to ask you that too, like was the job on campus or were you able to get something related in the field?
Jasson Casey (36:11.678)
No.
So I, through a friend of the family, worked at an oil company. Actually, it wasn't an oil company. It was a geoscience company. And they sold software into the oil industry. they offered, he told me about an internship program they had. And so I ended up getting an internship there my first summer.
And the gist of the internship was, hey, you know math, right? And I was like, yeah. And he's like, all right, you know how to write code in C, right? And I was like, yeah. Because I'd done a bunch of robotics projects in high school. I'd learned how to write in C. And they're like, all right, well, this job is really just geometry in C. It's not that hard. You'll figure it out. And.
William Kennedy (36:55.372)
You
Jasson Casey (36:56.875)
I guess I didn't screw it up. So they actually made me a part-time employee for my first two years of school. So I used that to help pay for school, but it was fun. I was exposed to Unix at school, but this was legit. You have to learn what LibC does. You have to actually learn how the Unix operating system works. had a Solaris on my, I think a Spark 2 on my desk, and I also had a SGI Onyx on my desk.
William Kennedy (37:03.118)
around.
Jasson Casey (37:26.37)
I had to make sure my software ran properly on both. Ultimately, I was working in the research group, so my job was to kind of help. My job was literally to be the LLM for my boss around like skeleton code. That was too trivial for him, but still requiring some level of about 20 on average.
William Kennedy (37:49.411)
How many hours a week did you work on average? that's a lot, dude. Full course load, 20 hours a week. I guess they allowed you to work around your schedule, which is good.
Jasson Casey (38:01.868)
Oh yeah, they were super flexible. All they cared about was eventual progress. They were incredibly generous.
William Kennedy (38:10.562)
Did you ever once think, I'll just do this full time, I don't need to finish my degree, I'm already in industry?
Jasson Casey (38:15.308)
The absolute fear of my parents, So actually it was a pretty funny story there. I finished most of my coursework inside of three years and actually went full time. And the courses that I was left with were the ones that I was highly, highly uninterested in. So like a government course, a...
William Kennedy (38:19.102)
hahahaha
William Kennedy (38:24.75)
you
William Kennedy (38:38.126)
Hmm.
Jasson Casey (38:44.926)
Fine arts elective. feel bad. Yeah. And I feel bad saying this out loud because I love the arts. love, I, I do actually like going, to shows and museums and I love history, but at the time I couldn't be bothered. I wanted to just be working. And, yeah, I think, there was one particular course that I, I didn't fail it, but I wasn't going to pass. So I dropped it like three times.
William Kennedy (38:46.23)
your liberal arts, like you had some liberal art classes left that you had to fulfill.
William Kennedy (39:12.811)
You
Jasson Casey (39:13.452)
And the last semester of that fourth year where I was literally just working on two courses over three semesters over and over and over again, I took a job in another city and I was literally just flying in on a Southwest plane to take the exam and then fly back. So yeah, I almost did not finish my undergraduate.
William Kennedy (39:24.546)
Wow.
William Kennedy (39:32.012)
Wow. Wow.
William Kennedy (39:36.888)
Wow. That's interesting. Yeah. It makes sense to me, right? Like you're just like, you're done with school. I'm already making money. This is a pain in my ass. Like, but you got it done, right? That's good.
Jasson Casey (39:49.325)
I... It's hard to put myself back in my mindset from back then. I don't know how much of it was obligation versus desire, but yeah, I eventually figured it out.
William Kennedy (40:01.71)
Because I still have, I was, okay, just real quick. I was never, I never had the status of senior in my undergraduate. I was, it was so cold outside and I hated going to class. I never went to class. And it was like, I finished my four years and I still had like 28 credits left. And my mom sat me down and she said, you're going to get it done now or it's over.
Jasson Casey (40:16.651)
Yeah.
Jasson Casey (40:23.841)
Yeah.
William Kennedy (40:30.058)
And I somehow did 28 credits in this one lot. And it had the best, I had a B that, it was my best semester ever. Right? And I got it done, but I'm not in, I made it my job to just get that done in any way possible. So somebody a long time ago was like, Bill, we can't find you in the yearbook. I'm like, yeah, I never got invited to be in the yearbook because I was never a senior.
Jasson Casey (40:37.963)
Yeah.
Jasson Casey (40:41.302)
You made it your job.
Jasson Casey (40:46.56)
Yeah.
Jasson Casey (40:57.995)
Yeah.
William Kennedy (40:58.166)
I just went from one status to ... But I still wake up sometimes with nightmares thinking I didn't graduate and I got to go look at the diploma on the
Jasson Casey (41:07.628)
I had nightmares about missing my final exam until I was 30, early 30s.
William Kennedy (41:14.774)
It's interesting, Wow.
Jasson Casey (41:16.426)
The anxiety dreams follow you for quite some time.
William Kennedy (41:19.758)
Yeah, I haven't had that in a while, but yeah, I would say for good 20 years, would have that anxiety dream. I like that. I like the way you labeled that. I would have that anxiety dream that I really didn't graduate because I was messing around. But your parents must have been ... My mom wasn't ... Well, like I said, she lectured me and then I got it done, so it happened very quickly. But yours is over three semesters, so that's almost like a year and a half where your parents must have been just on you a little bit at a time.
Jasson Casey (41:48.493)
Each year they thought I wasn't going to finish. Because yeah, was doing my own thing. I kept enrolling. I kept trying to take that class. honestly, I think in the end I actually depend. So this one particular class, it's like a D is technically not failing and you can get your degree for it. And I think I got a D in that class. And I finally said, I don't care. I'm done. This is enough. They'll check the box. Don't let perfect be the enemy of good.
William Kennedy (42:18.658)
You know, we had really bad attitudes. We were like, our GPA isn't on the diploma. We just got to pass. That was like the attitude. Just got to pass. Just got to pass. Just get this thing done. Just got to pass.
Jasson Casey (42:27.755)
Yeah.
Jasson Casey (42:31.54)
Yeah, my GPA inversely correlated to my work status. So when I went from part-time to full-time, it definitely took a dive. But I was also done with all, like, if you looked at the courses I really got into, like, did pretty well in them because I used them. Like, microarchitecture design, graphics, operating systems, like, that kind of stuff. Like, that was really, really exciting.
The signal processing and circuits courses, I wish I spent more time paying attention to them, but I knew I wasn't going to work in that area at least initially. The reason I say I wish is there are some projects I'm working now where I'm finding myself actually going back and teaching myself the materials so I can kind of understand a little bit about what's going on. But I guess the benefit of a foundational education is you can teach yourself.
William Kennedy (43:29.102)
Yeah, I wouldn't even have expected you to remember that completely, right? But it's like riding the... So my wife, who has an industrial engineering degree, her math is so much better than mine. I did the Calc 1, the Calc 2, I stopped there. I was honestly very immature at the time I was going to school, really immature. But now what...
Jasson Casey (43:33.014)
Yeah.
Jasson Casey (43:42.836)
Mm-hmm.
Jasson Casey (43:49.1)
I feel like you're saying a late teenager, early 20-year-old is immature. That's shocking.
William Kennedy (43:53.751)
No, I was super mature, And I think maturity has a lot to do with your ability to learn and have that discipline. But my wife's math skills are just way beyond mine. Like when the kids have the math they're doing today now, or even like trigonometry and the geometry and some of the higher end. Like I could open up the book and I know I can learn it. It's a relearn it at some level, but she still to this day has it in her head.
It's mind-blowing to me sometimes where I'm like, she doesn't even have to, or she'll skim a page and then she'll sit down and start doing it. And I'm just like, if I could have your brain for just a couple days, what I could do, because I feel like I'm doing pretty good with this brain, but it's not even close to what your brain is right now, right? It's just, it's just, yeah, it's mind-blowing to me that she, she has that. I imagine that even with you, you probably just have to...
Jasson Casey (44:32.086)
Yeah.
Jasson Casey (44:43.594)
Yeah, that's our fundamentals.
William Kennedy (44:53.484)
you know, even less than an hour, just absorb it and then it all sort of comes back.
Jasson Casey (44:58.518)
Some of it does, some of it I question whether I ever had it. So for instance, I can flip through microarchitecture stuff and that comes back pretty quick because I knew it pretty well and it doesn't take much. But then on the flip side, I may be looking at some complex analysis stuff. So this turns out to be really important in signal processing.
And I'm kind of convinced I never really learned it. And it takes a bit, right? And the good news is, like most things, there are a few fundamental principles that once you really understand them, you can kind of compose them in different ways and kind of get what you need. But yeah, some of it is you're just scraping the cobble-ups off. And some of it I honestly question if I ever truly knew it.
William Kennedy (45:54.745)
So how long were you with this company? Because you started working, you did get to graduate, you're doing this work. How long were you with them?
Jasson Casey (46:01.201)
yeah.
Jasson Casey (46:04.576)
So that part-time company that helped me get through first two years, I was with them for two years. Then a body of mine.
William Kennedy (46:13.358)
So what year is that then? Like you finished with them in like 2003? Oh, in 99. So you graduated high school in 97. You would have graduated on time if it were like in 91, right?
Jasson Casey (46:16.588)
99. That was 99.
Mm-hmm.
Jasson Casey (46:28.076)
So I graduated high school in 97. I started college in the fall of 97. When I showed up, was qualified as a junior. I had 60-some-odd hours of credits. Yeah. So I didn't really have to take any of the, what do they call them, leveling courses. I could jump straight into my material. So by the first two years, I was kind of done with
William Kennedy (46:38.83)
nice nice
Jasson Casey (46:55.436)
most of my engineering curriculum. And I still had a lot of stuff that I was deferring. And then I had some of the engineering courses that are just required for you to take but aren't necessarily germane to your focus area. And that kind of described my last few years. So a buddy of mine worked at a startup at the time. And I have always been fascinated with the idea of startup companies. And he's like, hey man, you can code.
and you understand systems and you should come work for us. And it was a bizarre thing for me. I walked in, I interviewed with a guy, asked me what kind of work I'd worked on. I showed him a little bit. He did the technical screen and they gave me a job. I was 19 years old and they gave me a full-time job.
William Kennedy (47:46.51)
How did you know this guy at 19? Because you don't really have a network yet.
Jasson Casey (47:50.705)
I had a network. It's called the NerdNet. I want say my first or second week in college, I went to my first party and I ended up talking with a dude in the corner and we spent most of our time talking about
We were comparing AP tests and scores and the nuances of Linux versus Solaris. what's that meme where there's the guy in the corner and the couple dancing and the guy in the corner is thinking, I bet they're thinking about such and such. Yeah, so at a place like UT, it's almost like nerds magnet to each other.
And so yeah, I met this guy first year. were, we were friends, but all we would ever talk about was technical things. He was a sys admin. He had, he had built with a buddy of his, like a little ISP in Fort Worth, Texas, when he was in high school. And so he, you know, he was a sys admin with like four or five years experience, adminning Solaris and he understood gate D and he could configure BGP and.
And so like he taught me networking things and I would do software things for him and he got hired as a network admin for the startup and they needed someone who had some software skills to work on the protocol side of things because it was a voice over IP company. And the people were all telco engineers. They weren't necessarily like software engineers. And it was also, you know, the wild, wild west of the late nineties, Austin, Texas. So, yeah, they hired me. I was radically unqualified.
But I bought a bunch of books in a cot and I slept at the office and I figured it out.
William Kennedy (49:41.901)
VoIP was really brand new in the early 90s. I was working for a company that were building inbound, outbound systems for call centers trying to compete with the big telcos. And I remember we were trying to introduce VoIP as a way of not having to pay for the big telco, right? Million dollar telco system that was, I mean, those systems were solid, dude, like no doubt. just the computing wasn't...
Jasson Casey (49:43.916)
Yeah.
Jasson Casey (49:52.522)
Yeah.
Jasson Casey (50:04.747)
Arbitrary.
William Kennedy (50:10.522)
The processors really made that hard because of the... Though again, again, it's voice, right? you have some... Somebody cuts out, you don't have to go back, right? You could just keep going. But no, there were real challenges just with the power of the computing we had. I remember.
Jasson Casey (50:19.777)
Yeah.
Jasson Casey (50:27.094)
Yeah, no, was fun and it was fascinating. I didn't really know telco systems. The company kind of taught me telco systems, but I did understand the basics of socket programming and I understood the basics of networking. And yeah, their insight was like, it wasn't just theirs, a couple people had this, but the human can tolerate a lot of error in audio.
It's cheaper to build a packet-based network than a circuit switch network. And the future is going to be packet-based networks anyway. So if you have a way of running voice on a packet network, you're going to have a cheaper operation and you're going to able to grow faster and capture new markets versus old stodgy telco.
And so that was their insight. So they raised all in, I think they raised like $300 million between like financing and cap cash. And we built a nationwide US network. We leased our IP or we leased our optics. We ran our own IP network over an optical backplane, like a sonnet backhaul network.
And they bought these voice over AP gateways and we would buy trunks from the local telco in large, large quantities, like bundles of DS3s. A DS3 is like 700-ish calls per DS3 and we would just buy big, big chunks of them in all these markets. And because of how regulation worked at the time, we would just pay a flat fee.
William Kennedy (51:57.807)
That's wild. Yeah, yeah, yeah. I think if I remember when we were playing with it, for where we were at, like compression allowed you to win or lose that game or something, right? Being able to compress it.
Jasson Casey (52:09.6)
So for us, was that that makes sense in the enterprise.
We were operating in the carrier space, so compression existed. So, phone call uses something called G7.11. They're not really compressing the audio. What they're doing is they're quantizing the audio. So it turns out for human speech, linear sampling isn't optimal. You actually want non-linear sampling to reproduce a slightly better audio signal. Then there is compression codecs called G729.
William Kennedy (52:16.686)
Hmm.
Jasson Casey (52:40.268)
And G729 could take like a 64 kilobit audio stream and shrink it down to nine. But when you look at the bandwidth savings that that gives you versus the cost of bandwidth, right? So like I just talked about a 64 kilobit audio connection, but we were buying gigabit or we were buying OC12 and OC48 connectivity. So we were buying in the gigabit to multi gigabit range.
putting kilobits on top of it, yeah, I could spend extra money and go buy this fancy hardware to do the compression, or I could just buy more bandwidth. And so we went the buy more bandwidth route.
William Kennedy (53:20.428)
Nice, Interesting. So how long are you with this company? Because that's pretty technical work. I mean, that's really technical.
Jasson Casey (53:28.446)
I was with that company for two years. It was like dog years. I married the company. literally lived in the office. There were several periods of time where I would sleep with the office. We had a shower. It was fascinating. Anything, any project you were willing to like embark on, the company would support you. Like it was too many. It was an environment of too many problems, not enough people, not enough money. If you want to go tackle one, have at it.
just prove to us you're not going to be reckless. And so it was my grad school, even though I technically hadn't graduated yet. But it was amazing. I learned a ton.
William Kennedy (54:03.992)
So then why leave after two years?
Jasson Casey (54:06.088)
we ran through the business field. Yeah. So the business fell in a really interesting way too. So the telcos at the time, they were all customers of each other and competitors of each other.
William Kennedy (54:10.623)
okay. Ran through the money.
Jasson Casey (54:22.524)
And so we kind of mismanaged our cash a little bit. Like we used cash or we should have used some debt financing. So we may have had like a low cash volume in our bank account. And one of our competitors who was also giving us traffic, they realized that we had screwed up our routing. And so they were giving us traffic to terminate that we were turning around and giving back to them. We were charging them less than they were charging us to re-terminate that traffic. They realized that and they didn't tell us, they just turned the dial up.
William Kennedy (54:46.03)
my god.
Jasson Casey (54:52.952)
And then they waited for us to catch up, catch on. And the minute we catched on, they filed an injunction for payment and that forced us to lock up the cash we had on hand and we had to file chapter 11. That was, yeah, Quest Communications did that to us. That was that world. so...
William Kennedy (55:08.29)
That's evil, That's evil.
William Kennedy (55:13.986)
That's evil. Wow.
Jasson Casey (55:18.924)
I didn't know, again, I didn't know what any of this meant at the time. had to have it all explained to me. I stayed on a little bit during the chapter 11 to kind of help run things.
But I had a girlfriend at the time and she had moved to Dallas when she graduated for a teaching job and I decided I wanted to find a way to get to Dallas. So one of the vendors that was calling on me, I called them up and said, hey, I need a reason to be in Dallas. I have an idea for how you can use your product. I'll introduce you to these three prospects that might buy your product. Would you hire me as a software engineer?
and they ended up hiring me, not as a software engineer, that's kind of why I ended up leaving that company and moving to North Texas.
William Kennedy (56:02.956)
Wow. Nice. now you move. You had to move in with your girlfriend though. That's a big change there, Jason.
Jasson Casey (56:09.516)
yeah. It felt, it felt, it felt, it felt normal. By the way, we're now married. but yeah, but.
William Kennedy (56:19.502)
that's good. You never know where these stories are going to go when you don't know. Okay, so that's good. You ended up marrying this girl.
Jasson Casey (56:23.5)
Yeah, it worked out. It worked out. And that company worked out too. That company ended up being the next ride in the journey.
William Kennedy (56:34.968)
So how long are you at this next company then? You're there for?
Jasson Casey (56:38.508)
I was at this next company for about three years. Yeah, so this company had, they were a startup that were a chip manufacturer and they built this thing that was very early version of software-defined networking. And one of their co-founders was a guy who invented this thing called the FPP and RRSP, this guy named Vic Bennett.
William Kennedy (56:41.582)
And you weren't doing software development? What were you doing over there?
Jasson Casey (57:05.368)
And it was a network processor. And it turns out it's the gear network processor that almost all the heavy equipment kind of used in their high-end network processing cards, right? So think like ATM switches, edge routers that hang off ATM networks at the time, that sort of thing. And they had built a version of the chip that could do essentially regular expressions at line rate.
So over to it, it's a big deal at the time. It could load a pattern and do pattern matching and substitution at one to two gigabits with minimal latency or the latency you would actually expect for a switch. the problem I was working on at that the Austin field startup was a firewall problem. How do I take my VoIP network and someone else's VoIP network and peer them?
without exposing the fact they're on a private network, I'm on a private network, so have to remap, right? I have a security domain, they have a security domain, I don't want to allow like just pure access. And voice over IP has a signaling protocol and a data protocol or immediate protocol. And a lot of the voice over IP protocols at the time, have what they create all these layer violations, which is a fancy way of saying, deep inside of the packet, it talks about IP and port and protocol information about another thing that's going to show up.
crosses a NAT boundary kind of invalidates itself. The minute it crosses a firewall, it kind of invalidates itself. So I was trying to figure out how do I get a firewall and a NAT that are VoIP smart, right, and can kind of handle this. And I called this company and they had been thinking about maybe they could solve that problem and I pitched them on my version of how they could build a voice over IP firewall, at least what it would look like from a customer's perspective and what the state of the art was.
given alternative equipment and it turns out because I had been working on this problem, I knew my counterparts at level three and global crossing and a few other companies and so was more than happy to make the introduction. So yeah, they hired me but they said, hey, we want you to become this thing called a product manager. And it's like, I don't know what that is. And they're like, don't worry about it. Just show up. So yeah, that was, I got that job. I loved it.
William Kennedy (59:12.762)
Wow.
William Kennedy (59:20.43)
Did you enjoy that though? Did you enjoy getting, getting your hands off it? You did. You enjoyed that. Why? What was it about that? They enjoyed. You're still young dude. Wait, wait a second. You're still young, right? We're talking about 2000. You're 21 years old. You've got five years of sort of industry experience already, right? We're talking about 2005 right now. 2000. Oh, 2001. Man.
Jasson Casey (59:26.538)
Well, the product manager has 21.
Yeah.
Jasson Casey (59:45.548)
2001. Yeah.
William Kennedy (59:49.506)
You are doing so much so quickly. can't even do the math on the years anymore. This is 2001.
Jasson Casey (59:54.423)
the yeah yeah I guess technically I was 22 I would have been 22 in 2001 but yeah I was 22 I had this this job that I didn't really understand but again I you know I knew what the product needed to look like
And it turns out that's really what the job of product manager is. And in a highly technical business like ours, or this company's at the time, the company's called NetRake. It's since been bought and sold. But in a highly technical business, product manager has to be respected by both customers, engineers, marketing, kind of everybody. And your customers are highly technical, right? Your customers are also representing their companies at the standards bodies, like IETF, arguing over
for like BGP extensions. So your customers are highly technical, your engineers by definition are highly technical, and you've got to sit in the middle of them. So if you're not technical, you're not going to work out. But also you've got to figure out what's the straightest line to revenue, what's the straightest line to what will work for these people, not what's ideal.
William Kennedy (01:01:02.542)
But how could you know that at 22 or I guess for the next 20 years now, this is what you're sort of perfecting this sort of role.
Jasson Casey (01:01:09.12)
yeah. mean, I'm giving you the 46 year old's version. I don't think I would have liked this at that time. No, the woman I worked with was a very seasoned product manager. She also grew up from the engineering route. She was a long-term kind of telco engineer, telco into product management. So like she was a great mentor.
And, you know, it was a startup environment. like the great thing about startups that at least I've been part of and like generally why I tell people if they should go to a startup is...
If you have the ability to work a problem, startup can almost never say no because they never have enough time and they never have enough people and they never have enough money. And if you have the understanding and if you're going to act responsibly and if you have some ability of tackling the problem, you're going to be let loose. And that was the environment. I had good mentorship and so yeah, we just did it.
William Kennedy (01:02:12.334)
I think that role is also critically important if you have somebody who can talk tech, but also talk non-tech. You got to be able to do that translation. But at 22, I don't imagine you have that ability like you obviously have today.
Jasson Casey (01:02:22.546)
Yeah.
Jasson Casey (01:02:30.43)
No, not at all. I had the benefit of the fact that my customers were engineers. So the first customer of that company was actually Japanese telco. And I'll never forget the way we landed them. So the protocol that was all the rage at the time for Voice over IP was called SIP, Session Initiation Protocol.
And I was kind of like an auto didact with all the RFCs related to SIP. Like I knew it inside and out. I had written all my own custom implementations of the protocol just to, this is kind of how I learned. Like if I don't build, don't, can't prove to myself I know a thing. And so I knew this protocol inside and out. And you know, I'm also building out the roadmap for the company. I'm a good product manager is always ahead of the engineering team in terms of what they're working on thinking about. And the Japanese customer was really
interested in solving this problem, they wanted to solve it on a time frame and their first gate to just moving into a POC was, well we want to see these three scenarios, can you show us log trace output of what your product looks like in those three scenarios? And so I stayed up one night and I just hand cranked it all out myself.
William Kennedy (01:03:38.51)
Wow.
Jasson Casey (01:03:39.628)
And there was another engineer, he was like a chip architect who he was also incredibly diligent. And so I used him as like my checker and then we gave them that output and they invited us to Japan for a POV. Yeah.
William Kennedy (01:03:55.727)
Wow, that's awesome. Wow, that was mind blowing. Everybody must, you must have felt great at that point. mean.
Jasson Casey (01:04:03.236)
I felt great, another way of thinking about it too is you're just raising the stakes, right? Because you're clearly showing what the product could do, not what the product did do. We go to Japan, and it was me, a sales engineer that I just hired, and a head of customer success. And this was our first customer deployment. anyone who's done business around the world already understands this, but I didn't.
William Kennedy (01:04:08.375)
Yeah.
Jasson Casey (01:04:29.452)
People behave differently around the world, people run networks differently around the world, cultures and customs are just different. So we show up in Japan and I had traveled through Europe and thought I was well traveled. So I experienced my first culture shock. It's like stepping off the rocket ship on Mars in a good way, but still like eyes wide, right? I was probably 23 at the time.
And I thought I was really adventurous from a food perspective. Turns out I wasn't. So all I would eat was rice for that first week. And so I was like losing weight. I was tired.
And also we built our product, at least the operating system of our product was built on BSD. And BSD had a lot of networking bugs around things like memory protection in the kernel on DHCP. it was before the era of things like CDP and L, what was it called? Link layer control protocol, LCP. Long story short, Japan liked to build really, really big subnets, like thousands of hosts on one broadcast away. And the rate
of ARPs and reverse ARPs was faster than the little kernel thread in our OS could handle. And so I'll never forget, I took the team, the Japanese team into a room to train them on how to design with our product. Well, my sales engineer was gonna hook it up and get the first demo running. And we come out an hour later and Gabe turns to me, he's like, Jason, oh boy, you got a really thick Cajun accent. can't do it.
William Kennedy (01:05:42.894)
you
Jasson Casey (01:06:03.746)
justice. It's like Jason boy this shit don't work. And so I sit down at the terminal and I see DB greater than and it's like well I've never seen that before and this is essentially what a BSD kernel panic looks like. And you know the so like the level of stress is through the roof and and the head of customer success like he's fundamentally a salesperson he's like Jason I I can't do anything here I'm going home.
And the SE also is still more of a sales person. Like I can't do anything either. I'm going to go home. So I ended up staying. They left.
fish out of water and then the Japanese like they're great culture they're super detail focused and their whole gist is if you give them everything they'll reciprocate and so every day we would work on this every day we'd go out to dinner every dinner we'd drink too much and then I'd go back to the hotel and dry and write up a big trip report and attach core dumps
And the goal was I provided enough information in a lucid way along for the team to diagnose the problem and give me a hot patch along with instructions on how to use it so that when I woke up the next day at 6 a.m. I could be prepared enough to go back into the office and kind of at least move the ball yard down the field. We did this iteratively but over the course of two weeks we got it up and running. We got invited to.
You know, we got hosted at like the big bosses fancy restaurant. I had a breakdown moment where I was so hungry that I just started eating everything they put in front of me. And then I realized, holy shit, this food's actually really good. And so that started my food adventurism, which has since gotten even bigger. But yeah, we got a check from them a couple of weeks later, $600,000. It was our first paying customer.
William Kennedy (01:07:45.46)
Hahaha!
William Kennedy (01:07:49.793)
You
William Kennedy (01:08:02.478)
So this is a theme with so many... ignorance is bliss, right? You're 22, ignorance is bliss. Those two other guys just go home because they're too seasoned. And you're like, I ain't giving up. Like today you would have just went home. But ignorance is bliss, man. It allows you to do things you never in a million years would sort of do if you knew better.
Jasson Casey (01:08:07.442)
Ha ha ha.
Jasson Casey (01:08:14.22)
Yeah.
Jasson Casey (01:08:26.454)
There are so many things about that initial trip that I'll remember till I die, right? Like made some really good friends, learned an incredible amount, built real partnership with our Japanese partners and customers, learned about a truly different culture.
And then the food thing, like, you know, I joke about it, but like food is very important to me. And I think it actually probably, at least one of the big parts started on that trip. Just eating over myself and tasting things.
William Kennedy (01:09:04.174)
But I imagine that when you saved that account, you made that happen because you stayed and you did that. I'm kind of curious, did they just pat you on the back when you got home or did they give you something for that work that you pulled off?
Jasson Casey (01:09:18.806)
Well, so in fairness, there was definitely a team that was being whipped daily behind the scenes to make sure that I did have a patch for when I woke up. So it certainly wasn't all me. But yeah, no, we won that account. We used that money to show progress. We used that to actually raise our next round.
I mean yeah, that company let me as a 23 year old essentially help set direction of the product. That company is a major reason, or at least a major pillar of who I am today. yeah, no, they definitely, they treated me very well.
William Kennedy (01:09:59.663)
So we've been talking for like over an hour and you're only 22 right now in this story. So I can't even imagine how much time we need to get through all of it. So we don't have time. So got like 20 minutes left with you. We got to sort of fast track between now and sort of where you are today. So when did you start with this company? The company that you're with today? What year did you start? 2019, okay.
Jasson Casey (01:10:04.383)
Hahaha.
Jasson Casey (01:10:16.437)
Yeah.
Jasson Casey (01:10:24.748)
2019.
William Kennedy (01:10:27.95)
And we're only in like 2002, three. Okay, so you got five minutes to like tell me how we get to 2019 from here. I feel like you're staying every couple of years. Like how many jobs are we talking about over this next 18 years or whatever?
Jasson Casey (01:10:30.476)
2003.
Jasson Casey (01:10:39.596)
All right, I'll give you.
Jasson Casey (01:10:45.356)
So I'll give you the cliff notes and then we can kind of drill in. So at the end of 2003, I started to become more wise and understanding of financing of startups and how that works. And while the company had been great to me in terms of learning and education, I learned about the preference stack and ultimately how that really meant that we would, the company would eventually get bought, but no one would ever make any money.
And once I kind of had that realization, one of my customers called and said, hey, we want you to come work for us. All these things you've been telling us we could do with your product, we want you to come help us make that a reality. So I went to work for a company called Level 3.
From there, ultimately that didn't really work out. Like the whole business unit that I was part of was speculative and that business unit got cut. And so at the same time I needed a reason to move to Austin, right? My then wife wanted to go back to grad school. And a friend of mine from NetRake was working for Alcatel and he was like, well, we always need a good solutions architect. Just come work for us, it'll be easy.
I went to work for him. I was involved on the periphery in some big deals with AT &T. I didn't really do anything to deserve any of this, but they treated me like I did. And I learned pretty quickly that I need technical excitement. Money's not enough.
And the former boss from level three went to another telco and said, hey, all those plans you built for us at level three, how would you like to execute them? So I went from there and I joined him at a company called Sentry Tel. Now they're called Sentry Link. And that was my first real executive job. I was 26. We did that for about...
William Kennedy (01:12:30.434)
That's crazy how young you are in these positions. It's mind blowing to me.
Jasson Casey (01:12:36.886)
So I built a team in Austin, Texas for this Louisiana based company. We built this product, launched it really fast. Culturally, I would say we weren't really that great of a fit with the telco, because we were kind of this startup group of pirates that we didn't really care what the rules were. We were going to get stuff done.
You know, we got stuff done, but we definitely rubbed a few people the wrong way. And ultimately the product we were building probably wasn't right for the market of that particular business. And from there, I ended up kind of getting into just doing my own thing. So I started working on the software to find networking stuff and it was super fascinating, super fulfilling. Didn't make a ton of money at it, but developed a huge amount of relationships with
company called Bel Air Networks at the Synthagoppa by Erickson, as well as Aruba Networks and a few others. At that point, I was feeling a little bit burnt out because all of these jobs, while I kind of shifted every two to three years, I was putting, you know, everything I had was going into them. And so my wife had just taken a position as a professor at Texas A
And so I've been trying to convince a professor to work on a technical project for me. And he's like, hey, you seem to be free. Why don't you do a PhD? So I did a PhD. I wouldn't have been able to do that without finishing my undergrad. And I'm
William Kennedy (01:13:58.223)
Wow.
Jasson Casey (01:14:03.306)
Yeah, that brought me back to that work that I had been doing just before the PhD in software defined networking, started this nonprofit called Flow Grammable. We ended up being kind one of the landing spots for people to kind of truly understand what this protocol called OpenFlow, how it works, how things changed across variations. Dell actually took almost all of our material. We made it open source, but they took all of our material and basically stapled it as an appendix to all of their switch manuals. So that was pretty cool.
And yeah, that brought me to the attention of a certain General Keith Alexander and I joined him in, this is 2014, to run engineering for his private endeavor, company called IronNet Cyber. In 2016, I was recruited to be the CTO of a company called Security Scorecard, run the whole R &D effort up in New York. And...
William Kennedy (01:14:58.702)
So let me pause you for a second because the 2014 job is the first time you're not doing telco, per se. Because everything up to there is, OK, go on.
Jasson Casey (01:15:07.168)
Yes or no?
Yeah. So, reason why I say yes and no is everything that I've always done in telco has always been at the IP layer. So I never really worked on ATM or cell or those other protocols. I was always working kind of packet-based networking. And when you go back to the fundamentals of what I was doing in NetRake, we were basically doing kind of packet capture and manipulation at line rate at gigabit. And in 2001, 2003, a gigabit was state of the art.
the software-defined networking work that I was doing had moved into the range of 10 gig and 25 gig and 40 gig and like the 2010-2011 timeframe and When you look at what General Alexander was doing with IronNet He was basically doing behavioral analytics Which is line rate packet capture in a large data center environment
And you're basically trying to do real-time metadata analysis to find kind of the needle in the needle stack, right? Where is somebody running a C2 channel? Where is somebody doing this? So it's all the same techniques. And the other interesting thing is we had to do it on commodity hardware. We weren't allowed to design or build our own hardware.
And so now you're like, all right, how do I squeeze everything out of the computer I have? And so you're thinking about like, cache line misses and branch predictors and cache line predictors. And how do I structure my algorithms in a way to where the hardware is going to achieve maximal, both parallelism, but also like all the prefetching and pre-caching stuff. Like, how do I make that, how do I make sure that I'm not getting in the way of all of that magic? And it turns out.
William Kennedy (01:16:52.994)
Yeah, you're staying mechanically sympathetic with the hardware and networks and yeah.
Jasson Casey (01:16:56.172)
Exactly. So that was the commonality. And then I also found myself being drawn more towards problem sets of, I don't want someone to tell me what the network looks like. I want to discover what the network looks like with some level of certainty. And it turns out that's an intelligence problem. And so yeah, for most of the 2010s, I basically worked big data network intelligence. But it was kind of a natural follow on from the 20 aughts.
William Kennedy (01:17:23.47)
And then tell me how Beyond Identity sort of comes calling. How does that come? Are you going after that? Are they coming after you? You're a very mature man at this point. You know what you want. Like to get Jason to work with you, you really have to make sure that he's going to be super excited and interesting in it, right? So I want to hear about the recruiting of Jason for Beyond Identity.
Jasson Casey (01:17:44.938)
Yeah, so my wife.
Jasson Casey (01:17:49.933)
My wife and friends would debate the mature property. So 2019, I resigned from Security Scorecard and I wanted to start my own company. And I was going down this road of security analytics. And some of the observations I had taken with me coming out of Security Scorecard was,
William Kennedy (01:17:53.887)
Hahaha!
Jasson Casey (01:18:11.18)
The most likely indicators of whether a company will suffer a breach have to do with how do they manage passwords? How do they manage second factor? How do they manage endpoint patch management? Like those three things is really what the cyber insurers were deciding whether they were going to underwrite or not at least a mid-market company
And so I had a large amount of analytic ideas kind of cooking around from my experience of the past decade. And I was thinking about starting a company in that area, but I also needed a break, right? Scorecard was intense. I gave them three years. So I took a trip to Greece. wanted to sail a sailboat around the island. So we rented this 40 foot sailboat. was just me and the wife and a bucket of books. And we hired a captain because we didn't want to do it all the time. And I got an email while I was on that
trip saying, hey, this is Jim Clark. I want to meet you. I live in New York. And it's like one of the first books I read back way in Austin when I was at that telecom company, Point One, was a Michael Lewis book called The New New Thing. And it was about Jim Clark, the guy who created Silicon Graphics, the guy who created Netscape, the guy who created Healthion, which then became WebMD, along with some other things. And my initial response is, no, you're not. Delete.
William Kennedy (01:19:26.19)
Right, right, right, right. Like you see that email, you're like, you do a little bit of work, right? You view the source, you're trying to figure out is this legit? But at end of the day, you're like, this is phishing.
Jasson Casey (01:19:28.458)
Yeah.
Jasson Casey (01:19:34.229)
Yeah, was, well, it was also like, represent Jim Clark and those emails are usually just garbage, right? But the dude's persistent and I get a couple more during the trip and finally I just out of, I don't even know why I replied, but I replied saying, all right, sure, I'll meet you. And I'm back in New York next week.
William Kennedy (01:19:42.254)
Yeah
Jasson Casey (01:19:55.485)
And the other kind of prophetic thing about this like Jim is famous for being like super sailor, right? Like he's built some of the world's largest sailboat sailed around the world and done these Massive underwater productions and whatnot. So like it's it's I guess there are moments of what's going on at the time that like make me a little bit more sympathetic is like, alright, maybe I will respond
So get back to New York and I take a meeting with this guy and this guy works for this guy works for Jim and Jim Sirius is a heart attack and him and his business partner and two of his engineers have are wanting to start an authentication company. And they have a lot of experience with authentication around a system they had built for houses houses and boats. Like when I say houses I mean like really big houses. And when I say boats I mean like really big boats. And
And, you know, Jim's whole take is like, Hey, you know, we invented SSL back at Netscape and, you know, we solved the server authentication problem. We never solved the client authentication problem. And man, is it a pain in the ass. And I want to do that again. And I was thinking about it and it is techniques that he, that he devised. They felt very clever. But the thing that really did it for me was, wait a minute. From all the knowledge that I have, I know for a fact.
that if you can manage credentials.
In a way where they can't be stolen if you can ensure the device that's asking for access whether it's service or data Is safe enough for the access that is being asked for you can actually prevent most most incidents You can actually make an uninsurable company insurable and that was the thing that clicked for me that made it kind of exciting and So yeah, we joined forces when I say we joined forces clearly Jim's the big partner in this and I'm the pipsqueak but But yeah, we started originally the name was zero PW. We we
Jasson Casey (01:21:48.694)
created an office like two weeks after that first meeting. Eventually we changed the name to Beyond Identity, but yeah that was 2019.
William Kennedy (01:21:58.895)
I'm curious, did you ever ask them how they found out about you? Do have any idea why your name ends up on his desk?
Jasson Casey (01:22:06.988)
Yeah, I think it's actually just a coincidence, right? They described their search as they wanted to build a New York based company and they wanted someone who was in New York. They wanted someone who had a deep security experience, right? I run engineering for a couple of fairly sophisticated security outfits.
And they wanted someone who had actually worked at startups and not like any old startup, but kind of like tier one VC backed startups that kind of understood what that means, the good and the bad, right? And apparently that list is not very big. At least in 2019, apparently that list is like six people. And yeah, I got the, what is it? The short rows or the long rows in the dating game? Yeah, we had the best chemistry.
William Kennedy (01:22:54.066)
You got the rose. That's awesome, man. you basically, now I'm curious, right? It's 2019. Is everything just sort of like a white paper right now? Has anything been built? Are you walking into a green field or are you walking into we've got prototypes and now we got to figure out how to productize this?
Jasson Casey (01:23:17.612)
Well, Nelson, so the engineers Nelson and Mike, they had come from a previous company named Commandscape. And so they had worked this problem from a different angle for years. So they were very experienced and knowledgeable. But we basically clean room to the product. So we started, we started.
In 2019, now Nelson and Mike already had quite a few things laid down because I think they got started in like March of that year. Whereas I didn't really join the effort until September of that year. But we ran fast. We had our first POV in November.
And when I say POV, we deployed at a customer for a proof of concept in November of 2019. We had our first paid customer in March of the next year. We raised our first financing, I want to say, in like...
actually March of the following year. Now that was a friends and family customer. What I mean by that is everybody who's done startup probably knows what that means. But you know it's a company that's predisposed to like you because you've worked with them before or you're friends with them in some way. We landed our first non friends and family customer with Snowflake.
in like the third quarter of 2000. So that was our first legitimate win and they did it during their IPO process to help them with an audit finding, right? Like they, their developers were exporting certificates from their development machines to work on their gaming rigs and Snowflake, they had, you know, they wanted to always know what person on what machine with what security controls at what time.
Jasson Casey (01:25:01.58)
And so we helped them solve that problem in a way where the developers couldn't work around us. And yeah, it was a great relationship with them. They helped us build out other parts of the product with real operational user feedback. And yeah, that was the beginning of the race. We just ran fast.
William Kennedy (01:25:22.958)
So what I'm curious about from a business perspective is what is the cost of deploying this type of technology? And I know you're to say, if you don't do it, the cost is higher. But forget about that for a second. What's the real cost of hard cost of deploying this? And what kind of companies should be? I have a sp-
Jasson Casey (01:25:36.607)
Ha ha.
William Kennedy (01:25:49.423)
45 person consulting company we work for clients. Some clients send us machines because their security levels are high, right? So, you know, should a $5 million company be looking at this, a $20 million? What is the profile of someone who has to now seriously, take this seriously.
Jasson Casey (01:25:53.547)
Yeah.
Jasson Casey (01:26:09.866)
Yeah, so the generic answer, there's a version of this available for everybody. But let me talk about the profile of our customer, because that'll probably be more germane to your question. We focus on regulated companies that are generally regulated, critical infrastructure, defense, defense tech, governments, and big tech. So anyone who's the target of intellectual property theft, anyone who's the target
of kind of organized campaigns of extortion. Anyone who's the target of nation states, which turns out to be a lot of critical infrastructure, banking logistics. So, you know, there's a big war going on in Europe right now, right? That is producing a lot of cyber activity around critical infrastructure. There's the threat of encirclement and a war over in Asia, right, with China and Taiwan. That is...
producing a lot of kind of early reconnaissance and kind of like prepping the battlefield if you will. And then there's everything in between in terms of crimes of opportunity as well as crimes of let's go get some money. Our customer is typically, you know, they have a good security program, they have an EDR, they have an MDM.
they have a mature business and what we provide for them is a way to kind of leverage their existing security framework into their identity stack. So we'll plug into their Okta, we'll plug into their Microsoft Intra, we'll also plug into their existing EDR, Sentinel-1, CrowdStrike, Microsoft Defender. We'll tie all that together in what we call identity defense and the impact we'll bring to them is no more...
No more phishing-based attacks for anything that's access-based. Session hijacking prevention, man in the middle prevention for the purposes of session hijacking. And they'll see a reduction in security incidents. They'll see a reduction in help desk tickets. Like these are quantifiable. We see them in our existing customers. Our customers will reference this on calls. But yeah, our customer is typically someone who...
Jasson Casey (01:28:28.436)
already has a security architecture and either is compelled to operate in a certain way because of certain compliance or they sell into a marketplace that is and therefore they take some of that burden on themselves.
William Kennedy (01:28:43.724)
I feel like some of the biggest, I feel like the biggest threat is not from the outside, but from the inside. Like that employee that gets disgruntled, that had access to this or that, and now decides that they're going to do something like retaliatory, right? Whatever that is, right? I always feel like the the biggest jobs I've ever seen have come from the inside. so it seems like you're also able to monitor on the inside who's doing what at some level.
Jasson Casey (01:29:13.388)
So here's a way of thinking about it. When you have a system that's based on passwords and tokens or symmetric secrets, there's nothing about that token that tells you about the device someone's working from. So you have to assume possession equals authorization. So like, hey, this credential was used to access these documents. All right, from what device? Well, I have no idea.
Generally, it should only be these devices because we have these profiles in place, but I can't really say. So you have to take this conservative blast radius. When you're using a technology like ours that's hardware-backed and device-bound, just because someone's enrolled doesn't mean they have access to anything. You actually split the concept of enrollment and authorization. This gives you an ability to understand precisely, at the time of access request, what person, on what device, and what geography
with what workload on that device, right? So in the AI world, the question becomes like, what user authorized what agent running what model on what machine and what geography with what permissions for what time period. In a non-human world, it's kind of like what operator authorized what payload on what drone.
with what identity to go where, right? And in a workforce, it's all right, what worker on what computer with what existing security controls in what geography, right? Because GDPR and some of these national edicts are starting to kind of have teeth, is allowed to access what and for how long? So we can answer that precisely in a fine-grain way. And also produce an audit after the fact that's tamper-resistant.
William Kennedy (01:30:50.262)
No, it makes total sense, right? Like, there's a lot of companies that won't let you use your own hardware. There are some that do, but regardless, Knowing what machine it was done on, and it could only have been done on that machine, it almost doesn't even matter if it was me doing it because I've allowed my machine to be compromised. So it's still my responsibility at the end of the day, right?
Jasson Casey (01:31:13.952)
And the great, 100%, and that's one of the things with insider threat. Insider threat is a little easier to handle just because for the most part, the long arm of the law is always available for you on insider threat. As an insider, if you do something, you're eventually gonna be found out and you're gonna go to jail. When we're talking about general cybercrime,
Our chances of sending that person to jail from Minsk or St. Peter's is zero, right?
William Kennedy (01:31:45.504)
Yeah, yeah, yeah, you're right. North Korea or whatever, you're never getting to that person.
Jasson Casey (01:31:49.833)
Exactly. like there is no...
crime and punishment when it comes to some of this international activity. Insider threat by definition applies. They have a relationship with your business in some way, shape or form. That's not to say that it's not going to happen and you don't need to protect against it, but there's a lot more controls that you have on insider threat. We've actually seen a lot of companies focus less on prevention of insider threat and more on audit because if they can always guarantee a tamper-proof audit, they can always guarantee that that person is going to
to jail.
William Kennedy (01:32:25.112)
See, I don't know why, I know there's aspects of the blockchain where you want to be anonymous, right? But when crime happens there, you have no recourse, like you're done. But if the blockchain had this, where we're validating not just that you have a private key, but a private key also tied to this machine, and nobody else can use that wallet unless they're on this machine. Like that too would reduce sort of somebody stealing.
Jasson Casey (01:32:52.479)
100%.
William Kennedy (01:32:54.348)
your key and using it somewhere, right?
Jasson Casey (01:32:56.46)
You can see this kind of starting. I read an article the other day, so there's a video game called Battlefield 6 and there's a big controversy around it right now because the latest release wants you to run Microsoft Secure Boot. And the reason it wants you to run Microsoft Secure Boot is they're leveraging technologies very similar to what I've just described. Slightly different application, but they're using the same building blocks as cheat prevention.
Because when you do it this way, right, and you know what person on what device, you can also add in a couple things that basically say, this key will only work for this person on this device and also if the hardware or operating system drivers haven't been modified in a specific way, which is how some of these more advanced cheats work. So yeah, I think it could work on the blockchain. I think it could work in a lot of applications.
William Kennedy (01:33:45.007)
Yeah, yeah, I see it. seeing, I'm seeing it. It took me an hour and half, but I'm starting to see it now. Like why, why wouldn't you as an individual not want to do this? Especially where, like I go back to, if somebody steals your email, you're cooked, you're done. They reset everything in 10 minutes and you have no recourse. But if every one of those authentications was tied to the machine,
Jasson Casey (01:33:50.241)
Yeah.
Jasson Casey (01:34:02.157)
Mm-hmm.
William Kennedy (01:34:13.408)
And you could even geo-fence that.
You wouldn't panic when your password got compromised because it's not enough.
Jasson Casey (01:34:23.648)
The other crazy thing, or not crazy thing, but like really interesting thing, they're deterministic controls. They're not probabilistic. I'm not saying with 90 % certainty you're operating from this machine. I'm saying with 100 % certainty, under the only assumption that the manufacturer of this chip hasn't been compromised, it is in fact the exact same machine that enrolled this key.
William Kennedy (01:34:45.646)
Yeah. All right. I got one last question for you. love asking people of all sort of levels this question. It might be interesting to ask this question to some people over there as well. What keeps you up at night? As it relates to the business, right? What keeps you up at night today?
Jasson Casey (01:35:07.683)
Let's see, we protect some pretty high for a vile customers, so we're a target. And just like anyone, there's always things we could be doing better. There's always things we could start doing that we're not. I'm always thinking through those scenarios. From a business perspective,
You know, this is my first time being a CEO. I'm two years in the job now. So, you know, I'm operating a bit differently than I was a year ago, or certainly two years ago. But, you know, what do I not know? What am I missing? I certainly have instincts that I trust on anything that is infrastructure, tech, tech, defense related. But there's certainly areas where my instincts just aren't as developed, right? Like,
When you're pitching to an organization that doesn't value technology at all How do you how do you connect is? I shouldn't say it doesn't value technology at all But like it's not tech or security driven or or compliance driven like like that is You know, that's a harder thing for me and I definitely rely Rely on you know, pretty good team to kind of to help me and then also short short some things up there
William Kennedy (01:36:29.538)
Have you ever thought of joining one of these, I don't know if they still do it, but they were companies that started bringing CEOs together in small groups to mentor each other. Have you ever thought about that?
Jasson Casey (01:36:42.666)
Yeah. I think that's called group therapy. The funny thing is it kind of happens impromptu. So as a VC back tech startup that sells to the enterprise, you're obliged to go to the certain events throughout the calendar year. And at these events,
Everyone is trying to of vie for your attention to buy their stuff, right? Whether it's banking products, be let them invest in you in the next round or trying to sell you something. One of the fringe benefits of these get togethers is at some point in the evening, usually you're...
there's six or seven of you around the table. See, just CEOs and startups, right? And you're all slightly different shades of the same problem, or you're all suffering from slightly different shades of the same problem. And so yeah, these kind of group therapy things do show up. Yeah. I try to talk to as many CEOs and founders as I can, just because it's, you know, it's like reading, right? Like you're...
William Kennedy (01:37:36.854)
Yeah, no, it's good. It's good to have that.
Jasson Casey (01:37:50.389)
Life is short, your time is limited, you're never going to meet everyone, you're never going to see the world. So there are these other avenues to try and extend your experience or at least get proxy experience. And talking to other people in your role is a great way for that. It's also hard though, right? Because your role by definition is almost all consuming. And so you almost have to make time and seek some of these people out sometime.
William Kennedy (01:38:15.544)
So I'll tell you this, have, at a much smaller scale, I have the same problem. And I haven't been able to fix it at a small scale. I hate when I go to a website. Again, I am putting myself in this category, a company website, and I can't within like 30 seconds know what you do. My website is bad, dude. I look at it and I...
Jasson Casey (01:38:21.804)
Mm-hmm.
Jasson Casey (01:38:37.238)
Ha ha.
William Kennedy (01:38:42.604)
I started A-B testing at conferences asking people, which one do you like better? Because I can't figure it out. And I'm in the industry. And you have this word identity-based attacks. And it's taken me an hour, I think, understand what that means. so these are the things that drive me. You don't want to be in a place where you have to educate people. You want to somehow get them to click on.
I'm looking at your homepage and my brain's going, I wish there was some sentence about what identity-based meant to help me read the rest of this homepage so I could now really appreciate that I need this. I have the same sort of problem. I think lots of companies have this problem, especially with all the products that you have and all the different things that you're doing.
Jasson Casey (01:39:18.636)
Mm-hmm.
Jasson Casey (01:39:24.128)
Yeah.
Jasson Casey (01:39:32.321)
Yeah.
Yeah, for us, it's definitely, so message and positioning is hard no matter who you are. For us, we're definitely in the evangelism phase of what we do. Like what we do is not, we're not a category that already exists. Like we're just not.
And, you know, the simplest thing that I've come up with or that we've come up with that tends to resonate, because we do the same thing at the conferences, like, tell us which of this lands more, is it really just comes back to 70 to 80 % of the security incidents your SOC deals with today are actually preventable. You don't have to suffer letting them happen and then spend time chasing them down. You can actually prevent them by just plugging us into your identity stack. Like that's what identity defense is about.
If we want to double click a couple layers down, can tell you all about how it happens, how it comes about. We can take you through the MITRE ATT &CK framework and what are all the variations. But at the end of the day, really is about 70 to 80 % of what brings risk to your organization and where you spend time could actually go away.
William Kennedy (01:40:43.374)
It's almost like you have to meet somebody who recently had the pain because, right? Because think about it, like again, I'm a small company, right? And I don't have this pain. So it doesn't resonate with me as much as it should after talking to you for an hour and a half, right? And so you almost have to convince somebody that there's pain here, even though you're not feeling it yet, I guess. So comp, it's interesting, right?
Jasson Casey (01:40:59.404)
Yeah.
Jasson Casey (01:41:07.02)
So, yeah, so for the folks that we target, they almost all have SOCs, security operations. And so that number is quantified. Like their CIO or CFO signs off on a budget in both headcount and tooling and time and materials for third parties to come in and help. So like it's very quantified.
There's also a help desk angle. Like when you think about old school identity access systems, a certain amount of the help desk is always working on account lockouts and resets. And so that number is usually known at a large organization as well. Like in the companies that we deal with, that in itself is usually a million dollars a year in expense, just dealing with account lockouts and password resets.
William Kennedy (01:41:58.798)
Yeah.
Jasson Casey (01:41:59.564)
And it gets even higher in businesses that use like outsourced consultants and contractors and whatnot. So there's ways of quantifying it, but you're right. You have to be a certain level below a certain size organization or below a certain kind of security risk. It ends up being more around good hygiene.
Right? So like we have a, we have this thing called an accelerator program where we'll let like pre-financed startups or essentially people with real risk, but without any sort of material budget, we'll let them have access to the product, essentially gratis. But they also know they're a target, right? They're like an NGO and they do, they do reporting in hostile areas or, or they're a defense tech or defense accelerators or that sort of thing.
William Kennedy (01:42:54.872)
So I have a client who's, really in the AI platform business, companies that don't want to run in the cloud. They want their own stack. They want to be SOC 2 compliant. They make me run that Drata software. But between you, me and the wall, Jason, okay, I have to make sure my hard drive is encrypted and I have to do, like, it didn't give me the warm and fuzzy that I'm like, like doing anything real to earn SOC 2.
Jasson Casey (01:43:15.094)
Yeah.
Jasson Casey (01:43:23.685)
Welcome to Checklist Driven Security.
William Kennedy (01:43:25.742)
You know, like, just, it just, whatever you need, man. I'll do these things, right? But I, like, I, yeah, I'll do whatever you want. But I don't know, dude. It didn't make me like want to go to sleep. I didn't sleep better. Let me just say that.
Jasson Casey (01:43:42.39)
You
Jasson Casey (01:43:46.349)
The, yeah, so security compliance is interesting, right? But SOC specifically, like if you ask yourself, how many, do companies who have SOC two not get breached? And there's a very clear answer to that, right? With that said, this is just how compliance works the world over. If you want to do business with someone who falls under a certain regiment, you have to follow that regiment if you want to work with them, which you experienced. Yeah, so there are things.
William Kennedy (01:44:12.172)
Yeah, yeah. I don't know. Some of it makes me laugh.
Jasson Casey (01:44:16.542)
Yeah, there are things that we actually one of my funnest interactions and I say this facetiously with an auditor was we're going through an audit and they were getting to like the password management section of the audit. They're like, well, show us how you rotate your passwords. And I'm like, well, we don't have passwords in our system. They're like, well, I guess you're failing this finding. And I'm like,
William Kennedy (01:44:36.184)
Hahaha!
Jasson Casey (01:44:39.41)
And you'll get people that, and this happens in all industries, right? But you get people who follow a checklist that don't really remember the root cause of why the checklist exists in the first place. And that can be quite frustrating at times.
William Kennedy (01:44:52.984)
Yeah. All right, dude, we are like so out of time. I just couldn't, I couldn't cut us off early. And yeah, we could have, we could keep talking. I'm really enjoying the conversation, but we're out of time. for the people that have been listening, we'll get this in the show notes. If somebody wanted to reach out and talk to you about the product or had a question from what they heard, what's the best way for somebody to reach out to you?
Jasson Casey (01:44:56.268)
Alright.
Jasson Casey (01:45:03.232)
Cool.
Jasson Casey (01:45:18.592)
Yeah, so a couple different ways. You can hit the company in general on the website. I'm on LinkedIn and post fairly regularly. You can hit me directly on there. I'm on Twitter, I guess X. I'm more of a lurker. I don't really post a lot, but you're welcome to kind of hit me up there too. And yeah, we come to most of the security shows and we have a heavy presence in New York and the Bay and Texas and DC.
William Kennedy (01:45:48.408)
Brilliant. You don't get out to the shows though, right? have people doing the conferences? you do. Okay.
Jasson Casey (01:45:52.98)
I do. I'm dialing it back a little bit, like, think, yeah, this summer was crazy. was home. I was only home for like three weekends the entire summer. Combination like customer travel, show travel.
William Kennedy (01:46:03.596)
Yeah, just, I did three weeks straight recently and I used to live on the road, but now it just burns me out, man. just, three weeks is, I get it. You just want some time home. I totally get it. All right. So this is the OnLabs Podcast signing off. Jason and Bill hope to see everybody again real soon. Thanks, Jason.
Jasson Casey (01:46:16.32)
and
Jasson Casey (01:46:26.359)
Thanks for having me.
TL;DR
Full Transcript
William Kennedy (00:02.422)
Welcome to the Ardan Labs podcast. Our special guest today is Jason Casey. Jason, dude, thank you, bro, for hanging out with us for the next hour, hour and a half, man. I really appreciate it.
Jasson Casey (00:13.836)
Thanks for having me.
William Kennedy (00:15.768)
All right, so for the few people on this planet, Jason, don't know who you are, give everybody the two minute spiel on what you're doing today. But focus on today, and I you to leak anything out. This is a talk about you, your journey. So just today.
Jasson Casey (00:33.548)
So my name is Jason Casey. I'm the CEO and co-founder of a company called Beyond Identity. And yeah, what I'm focused on today is
reducing or preventing security incidents at companies by actually focusing on this thing we call identity defense. We believe 70 to 80 percent of all security incidents, some of which grow up to become breaches, are actually failures of the identity system. And when you kind of systematically look at it, you can get the data and the proof out of threat reports, whether it's Mandiant, Verizon, DBIR, or CrowdStrike. When you look at the history of identity products, you can kind of see why they were built around productivity concepts. How do I get you to work fast?
necessarily built around security concepts. again, like it doesn't take too much to peel back the onion. Think about how much a credential, whether it's a password or an access token, actually tells you not just about the person, but about the device, the workload of the device, the safety of the device, the geography of the device relative to what service or data it's asking for. I've been in security long enough to kind of get me to focus on this in the last, really since 2019. And I think this is the big
The threat to the world right now is identity related exploitation and think identity defense is the best way of solving it through 80 to 90 % prevention and 10 to 20 % detection response.
William Kennedy (01:59.897)
So before we jump into the time machine for a second, anything security-wise always drives my brain crazy because it's such a very large, almost generic sort of topic. So when you say identity, two things. The first thing that popped in my head was the way you were talking was how I'm authenticating into systems. But then my brain went into like the life lock situation where I'm trying to
keep track of anything happening on my credit report, right? So are you talking about both, one or the other, or they're just so, it's a gray area?
Jasson Casey (02:32.353)
Yeah.
Jasson Casey (02:36.108)
you
Jasson Casey (02:39.692)
So if you put on your nerd hat, clearly it's all black and white and there's identity assurance, there's authentication assurance, there's authorization and there's audit and these are three very different things. But if you switch out for the pragmatist hat, they're highly related and if you're not thinking about all of them when you're kind of building out your architecture or whether you're building your product or your company, you're very likely going to not leave the window open but build a hole in your building that
that people and things can come straight in through.
William Kennedy (03:13.294)
See, I hate OAuth. I hate it. I hate it. Anytime that comes up and it's my only option, I get very angry. Like I just don't want to use that for authentication. And then a lot of times I go back into whether it's Google or GitHub and I remove it because it's, I don't know why. And I've coded it. I've had to, like I've been asked to do it and I hate it. I like having a separate username or password for everything. But at the, sort of at the same time,
Jasson Casey (03:15.723)
Ha ha.
Yeah.
Jasson Casey (03:38.365)
Mm-hmm.
William Kennedy (03:43.823)
I love the ideas that Blue Sky are putting forward with this sort of single identity that was tied to DNS. like nobody could really spoof who I am because unless obviously anytime you get my email address you can change everything on the planet. Which was a hard lesson I had to teach my daughter one day. But I kind of like that idea that your identity is in one place, maybe decentralized and
Jasson Casey (03:52.801)
Mm-hmm.
Jasson Casey (04:01.537)
Mm-hmm.
William Kennedy (04:13.25)
You can sort of carry it yourself. Have you looked at what Blue Sky is doing with that protocol?
Jasson Casey (04:18.188)
I haven't the the the ideas that we're really kind of wedded to is Around authentication assurance should be what we call device bound and hardware backed
And these ideas are 30 to 40 years old. They got their start originally in DRM, digital rights management, whether it was for gaming or for media. But at the end of the day, they've had a resurgence in trusted computing. And the idea is really, how do I know what, if I'm software, how do I know what hardware I'm running on?
If I'm hardware, how do I make sure I only authorize the correct software to use these certain hardware capabilities? And we're not a big believer in kind of like, what's the word?
probabilistic controls as a primary defense. We're a big believer in deterministic controls. So when we talk about authentication assurance, we're not saying we know who you are with respect to some government entity. What we're saying is I know exactly that you are the same device and user on that device that visited me yesterday is visiting me now.
William Kennedy (05:27.299)
Mmm.
Jasson Casey (05:32.765)
under the assumption that the hardware manufacturer of this Infineon chip has not been, their supply chain has not been compromised. Like that's the level of hardware assurance that we're looking for. And so we say hardware backed device bound. What we really mean is hardware backed is you're using these special co-processors to manage these signing keys for authentication. And when you move from secrets that have to be shared to signing keys, you don't have to move or copy a piece of data around. If you don't copy it around, you're actually drastically
reducing what is one of the big root causes for compromise. And then when we say device bound, what we really mean is flipping that switch in the hardware that guarantees that key can't actually be read off that crypto processor. will never end up in memory. Like it's literally not readable. So it's hardware backed and device bound. It's a very concrete thing. And we think, at least for authentication assurance, that is the only gold standard because it gives you provability back to a manufacturer.
William Kennedy (06:05.996)
Yeah.
William Kennedy (06:31.586)
Gotcha. Yeah. What's interesting to me about security is that the more secure you want to be, the more inconvenienced you have to be. Right?
Jasson Casey (06:41.324)
Now, I would argue this to, yes, historically that's true. I would argue that's changed. Do you have an Apple phone or an Android phone?
William Kennedy (06:45.921)
You
William Kennedy (06:50.456)
I have Apple, MacBook, and phone.
Jasson Casey (06:52.862)
Okay, so do you ever use Apple Pay?
William Kennedy (06:57.024)
I do occasionally, when I have to, when it's, maybe in the apps I've been using it more because it's a double click, right?
Jasson Casey (07:03.948)
So maybe this is more of a good story for the audience then. If you have Android phone or an Apple phone and you ever use Google Pay or Apple Pay at the coffee shop to buy a cup of coffee or a cup of tea, you never do that.
William Kennedy (07:15.542)
yeah, I never do that. Never.
I feel like I'm aging out a little bit, but my wife does it all the time. My wife does that all
Jasson Casey (07:23.424)
Well, your wife is actually using a hardware-backed, device-bound, high-security mechanism to do something called single-device, multi-factor authentication to pay for a cup of coffee. And for her, it's seamless. It's effortless. But from a technology perspective, it's way more secure than the password manager you probably have and that second-factor device that you have.
William Kennedy (07:46.959)
But you're saying it's more secure because nobody could really steal that signal or take a picture of the card. There's no way to basically reproduce the transaction in some form or another.
Jasson Casey (08:04.178)
Exactly. it's the same concepts exist in blockchain. The reason I'm saying it's secure is ultimately so let's back up a little bit. If we want to talk about the fundamentals of security. So let's go to the fundamentals of security.
When I authenticate traditionally, I do it with a shared secret, right? A password is fundamentally a shared secret. You know the password ahead of time, I know the password. Same thing with like a TOTP fob, right? There's this thing called a seed and the seed is a pre-shared secret. That's how, you know, we rotate and we're taking a random walk, but we're taking it together. That's kind of how we're able to kind of prove that we possess the same thing.
These secrets, we argue, are actually one of the root causes of today's security incidents. And our argument is, by definition, a symmetric secret has to be shared. And the act of sharing leaves a shadow in memory of every device I ever talk to or every device I go through. And that is an indefensible surface area.
that has to be protected that adversaries can basically just hoover up credentials from and that's why the bad guy generally logs in today. They don't break in and if you could move from a shared secret to an asymmetric secret where it doesn't have to move right the secret thing doesn't have to move I could shrink that surface area right I could really eliminate that attack surface if I could do it provably right this hardware bound hardware back device bound method
I could do it under hardware level guarantees that that key can't move. That is a level of kind of assurance and trust that actually is kind of gold standard in high defense applications. the mobile payments industry is kind of spoon-fed it to us with sugar through mobile payments.
William Kennedy (09:55.799)
I can't disagree with you because I have a password manager and I make sure that no account is using the same credentials. So if something gets leaked there, right, the surface area of what they can get to is so, but I'm a, at that point, I'm an expert user. Nobody does that, right? Everybody's got maybe three passwords. Even the 17 year old just went to college. I had to put her on a password manager because I was like, you can't do this. Right.
Jasson Casey (10:24.204)
So I would argue even then, you're containing the blast radius, but you still have a significant problem. Like right now, we see a lot of threat actors man in the middle in connections, and they're doing it in very, various different ways. Some of them using kind of the high levels of sophistication of they control a telco and they can interdict the TLS connection, but others are actually doing it through fairly low tech applications. They're compromising a third party that you're using as a third party load balancer or content distribution network.
or a third party managed message bus, or a third party managed service mesh for your Kubernetes cluster. So modern developers today essentially open their TLS connection four to five times to third parties in almost every application they build.
yet still treat that connection as if it's supplied end-to-end trust. So in that scenario where they have a password manager, you have a unique password for each service, that password for some of those services actually still does exist on the dark web in certain access brokers and can be purchased. And you ask, how in the world I use a password manager, I never share it anywhere.
Well, the fact is it has to be shared through usage and it's not actually going between you and the service. It's going through a ton of services to get to that service, all of which can be attacked, all of which have insider threats. like things that move are actually the problem when it comes to authentication.
William Kennedy (11:51.033)
So Jen Jason, how do you sleep at night or let's say it make it worse. How do you log into your bank at home with your brain sort of probably like, right? You start to visualize everything that's happening at the moment you sort of log into the bank, right? Like how do you sleep at night at that point, dude? Because I think it could be overwhelming for somebody like you that like has a visualization of this.
Jasson Casey (12:03.659)
Yeah.
Jasson Casey (12:13.44)
The, well, there's two things, right? Like number one, you could focus on all the bad things in the world and essentially never get out of bed. Or you could take what you can control and get out of bed and get excited to go do that, right? And that's kind of like our mission here.
William Kennedy (12:17.006)
You
Jasson Casey (12:34.218)
Whether it's with us at Beyond Identity or another company, we feel very strongly the whole world needs to move to identity defense. And identity defense really at the center has this concept of this hardware-backed, device-bound credential management. There's a couple other concepts there as well, but by doing these things...
You're not going to eliminate all incidents, but for the modern organization, you're going to eliminate 70 to 80 % of the SOC ticket workload, right? And that is actually absolutely doable.
And maybe you're thinking, hey, I work more on the product side. I don't really have to worry about this. You do as well, right? Think about that access token that you're sharing out. Like, is it really a shared secret? Are you really doing proper HMAC on that access token? Or is the service that you probably included by doing 30 minutes of research really doing the right thing?
Because again, like the adversary doesn't have to break in, they can log in. A lot of these initial access brokers will actually sell these access tokens. In fact, this big activity with SalesLoft and Drift that we've been reading about in the news over the last two weeks is in fact exactly that. Compromised access tokens basically being reused to access Salesforce accounts and where organizations had kept proprietary information, sometimes even secrets,
William Kennedy (13:57.262)
Bye!
Jasson Casey (13:59.487)
It's just getting kind of hoovered up.
William Kennedy (14:01.954)
Yeah, no, no, no. I hate security, man. Boy, do I hate security. I try to tell everybody, don't write your own. You got to find the things out there that are certified and work. Don't write your own. The last thing you want is somebody walking in going, all where'd you get this from? I wrote it. Yeah, no. No, not going to work. All right. We want Casey writing them is what I was about to say. Jason Casey wrote this. We're fine.
Jasson Casey (14:04.563)
Hahaha
Jasson Casey (14:19.884)
Yeah, it's a sorry.
Jasson Casey (14:31.404)
Yeah, I don't know about that. I haven't put code in production in a few years, you definitely want security protocol professionals, crypto protocol professionals. That is a discipline, that is an area of training. don't just wake up one morning and start doing it. You get mentorship, you do studying, and you practice.
William Kennedy (14:31.598)
You
William Kennedy (14:53.582)
All right, this was awesome. We're going to come back to this, but I got to get you into the time machine, Jason. So a couple of questions before we start here. What year did you graduate from high school and where were you on the planet?
Jasson Casey (14:58.73)
Okay.
Jasson Casey (15:09.26)
Oh wow, high school. I graduated from high school in 1997 and I was in northern Houston, Texas.
William Kennedy (15:19.342)
Houston, Texas. Okay, perfect. 97. I graduated in 87, so I got 10 years on here. All right. Now, I want you to clear your mind, clear your head. Don't think too hard. I want that first memory of you sort of working on a computer, making the... That first memory you have of making the computer do something and you were like, wow, this is cool.
Jasson Casey (15:22.892)
Thank you.
Jasson Casey (15:40.013)
First memory of working on a computer was probably in the 80s. My dad brought home what he called a laptop. He worked in the oil industry. This laptop was a, it was the size of a toaster oven, like a large toaster oven, and the keyboard flipped out of the front face. I don't, I don't.
William Kennedy (16:02.466)
Was this a K Pro? Was this a luggage, like a suitcase? This might have been a K Pro, man. I had one of those, dude. The keyboard locked in and it came off. Orange? Mine might have been green, but yeah. I can imagine exactly what your dad just came home with.
Jasson Casey (16:07.084)
Yeah, it looked it looked like a suitcase it looked like us
Orange screen.
Jasson Casey (16:17.953)
Yeah.
Jasson Casey (16:21.746)
And you basically booted with the floppy and it had the classics, right? had Oregon Trail. It had some card game. then it had an operating system, which I really don't remember.
William Kennedy (16:24.674)
Yep.
William Kennedy (16:39.042)
Was it CPM? Was it CPM? I watched it, write down K Pro 2. They used the Roman numerals for that. I just looked that up later. I'm sure there were a couple companies that were doing it, but that would have been like 85, 86. K Pro was putting out those portable machines.
Jasson Casey (16:45.42)
All right, K Pro 2.
Jasson Casey (16:50.014)
Okay.
Jasson Casey (17:01.578)
I remember that, then I remember getting into simulation games, and then I remember someone introducing me to this concept called a modem. And you could hook your computer up to your phone line, which was a sure way of getting your mom to yell at you.
William Kennedy (17:11.662)
William Kennedy (17:16.75)
When she picked up the phone, because all moms lived, all those landlines had that device on the back of it so they could go like this all day and yeah.
Jasson Casey (17:25.876)
Yep. Yeah. The, and there was nothing worse than being in the middle. Actually, this is later. This is in the nineties, but I'm in a dog fight with a buddy and my mom picks up the and it all, it all, it all goes south from there. But yeah, the earliest memories with the computer were, honestly discovering games. I just, I explored some of the games on my dad's computer. thought the, the concept of the operating system and the organization of it was fascinating.
William Kennedy (17:37.228)
Hahaha!
Jasson Casey (17:54.829)
First time I learned a program was on one of those, it was slightly more advanced machine, but it was still like an orange monitor machine and the language was like Pascal. Yeah. Yeah.
William Kennedy (18:01.294)
What was that? Pascal. Okay, that's fair. I never got into gaming, even though I was programming in the 80s. I was writing games I couldn't even play. I'm just not a gamer. So even as this whole revolution of games, you my kids got into it. It's not me. But did you, even at your age today, do you still, do you enjoy playing those games on the whatever it is today, the Xbox, PlayStation, whatever?
Jasson Casey (18:11.819)
Mm-hmm.
Jasson Casey (18:23.916)
I love the nostalgia and the idea of playing games. don't have a lot of time for it. in high school for me, the computer games I loved the most were like simulations. It was like F-19 and...
William Kennedy (18:31.918)
you
Jasson Casey (18:49.58)
It was a bad simulator, but it F-19 Strike Fighter, I think it was called. And then there was another one called Falcon 3.0 and then later Falcon 4.0. But I did get into things like Police Quest and King's Quest. there's another example of something they would have never made today. Larry the Lounge Suit Lizard. They were Sierra games. They were Sierra games. But this also from maybe like the...
William Kennedy (19:09.784)
Yeah,
Jasson Casey (19:16.788)
either the really early 90s or the late 80s.
William Kennedy (19:20.366)
So that means, you going, did you have like the arcade in the community? Because I wasn't even into the arcades, honestly. I don't know why, it just never appealed to me. Were you doing that stuff too?
Jasson Casey (19:32.193)
I love the arcades, but honestly the arcades required money. Whereas my buddy lived down the street. I had a, he was like the friend whose dad was rich and well traveled. And I think his, I don't, can't remember if he worked for a Japanese company or if he serviced a Japanese company, but he would go to Japan on a fairly regular basis and come back with all of these exotic toys.
William Kennedy (19:36.31)
Yeah.
Jasson Casey (20:01.13)
And they were games, but they were also ways of like ripping games. And let's see, I lived in like Lafayette, Louisiana at the time. So this would have been like sixth grade, seventh grade. I don't even know what year that would have been. Early 90s.
William Kennedy (20:05.55)
William Kennedy (20:16.974)
That would have been like 93 maybe, 92, 93, six years prior to graduation. Maybe, oh no, yeah maybe.
Jasson Casey (20:23.274)
Yeah, probably earlier than that, because in 94 I was already back to Houston and I lived in Corpus Christi and then Victoria, Texas before then. But yeah, we moved a lot. yeah, gaming today, it's maybe a fantasy that I have in a moment when I'm thinking about what would I do if I actually have time. Also games today are very different, right? Like games today are like these massive movie style experiences.
William Kennedy (20:51.414)
Yeah, yeah, yeah.
Jasson Casey (20:52.052)
I mean, they're fun. Every now and then over the last decade, I'd buy a game around Thanksgiving and I'd play it for a week or two with my nieces and nephews when they would visit. But my adult gaming is kind of limited to that.
William Kennedy (21:06.062)
See, I'm not a gamer, but what is fascinating to me now is the leveraging of the AI for the, what do they call them? NPCs, non-player characters or something, I don't know. But the idea now that you run a model now there and let, that takes on a right? Like the game now just takes on a real life of its own once you can sort of leverage that, especially with the way these models are reasoning today.
Jasson Casey (21:14.506)
Non player.
Jasson Casey (21:27.795)
yeah.
William Kennedy (21:33.544)
It's almost like you're coding a game and there's nothing deterministic about it, almost at all at some level.
Jasson Casey (21:39.853)
You'd probably get a different experience every time. You know, there's an author, Neil Stevenson. He wrote... What book did he write? There was a book that he wrote maybe 15 years ago where he went into a lot of depth about the NPCs. okay, I remember. It's called Reamde. R-E-A-M-D-E. And he goes into this elaborate depth of the NPCs in the game and how...
that they actually were, how they were actually coding it up, how they were using certain things, and this was all backstory to the real story that he was telling, but it was incredibly prescient in terms of the art of what's possible in kind of these massive multiplayer online games where you need to bring kind of artificial constructs to interact with real people in a way that makes them feel like they're getting something out of it, but still scales to make a business work.
William Kennedy (22:38.99)
It's wild to me. What's... No, no, yeah, again, and that's a whole nother level of programming too. People are like, they talk to me about games. I'm like, yeah, no, that's another, whole nother genre of software development that you kind of have to learn. All right, but let's talk about high school just a tiny bit. What else were you doing in high, like, right? So from 94, let's say to 97...
Jasson Casey (22:40.555)
Yeah.
Jasson Casey (22:55.51)
Yeah.
William Kennedy (23:06.552)
What are you into in high school? You playing sports, you're band, you're like, what are you doing?
Jasson Casey (23:13.572)
I was on the tennis team. played tennis competitively, least until I got to the Woodlands. And then I ran into people that were ranked in the nation, like top 50 sort of thing. And I realized I wasn't that good.
William Kennedy (23:32.385)
Isn't it crazy when you meet somebody like that? You're playing competitively. feel like, you know you're not there, but you don't feel like you're that far off. And then you meet somebody like that and they just kick your ass. Like with no effort. And you're just like, okay. It's happened to me a couple times in ping pong or racquetball or basketball where it's just so humbling, man.
Jasson Casey (23:37.803)
Yeah.
Jasson Casey (23:43.147)
Yeah.
Jasson Casey (23:54.059)
Yeah.
Jasson Casey (24:00.307)
It's also incredible to see someone play at that level from an inspiration perspective, right? That like the art of what's possible. But then you peel back the onion and you learn a little bit about them and they've, you know, they've been doing, they've been...
They were almost born with a racket in their hand. Their parents sent them to live away camps once they were about six to seven years old. Like it's a very different childhood. It's a very different experience. So like they're, they're certainly freaks of nature and talent, but they've also made some very, or at least someone's made some of these choices for them, very conscious trades to get to that point. But yeah, we had a couple of those. for sure. For sure.
William Kennedy (24:35.95)
But you still need the DNA. Like, I don't care. You still need the DNA to be able to play it that know, hours and practice. You understand what I'm saying. Yeah.
Jasson Casey (24:50.348)
You've got to be in the right place, you've got to have the innate capability and you've got to pretty much give it everything you have.
William Kennedy (24:56.568)
But you lose your childhood. I had some friends who lost their childhood and the parents would never accept that they weren't going to get to that level. Like at some point you, even with my son playing ball, like at some point I looked at him and I said, I'm glad we're playing at this level, like, you know, travel teams and all that. we have to, reality is now setting in, right? Like these kids are maturing faster than you. They're doing more than you.
I don't mind doing this, but, right? And he even turns around and says, yeah, you know what? I'd like my life back. Good. You know, it's tough.
Jasson Casey (25:27.788)
Yeah.
Jasson Casey (25:33.429)
Yeah. Well, that, I mean, that was kind of the moment for me, right? I got to that unit. So I moved a lot as a kid. And so we moved to this new high school, I think right in the middle of 10th grade between fall and spring.
And I get there and I had been, you I wasn't the best, but I was decent on the tennis team from the place I was coming from. And I get to this place, it's very obvious that like, I'm not gonna, I'm not gonna improve fast enough to compete at the level of these people. And so I took the moment and actually kind of dropped out of the tennis program and decided, well, this is a high school that's kind of set up like a university. There's a fall and spring.
Classes only run for a semester at a time. You only take three or four per semester. And they had a really big catalog. I was a big reader. I was into learning things. I really liked science. I liked math. And so I took the extra time because I didn't have to take athletics or tennis as a course anymore. And I took chemistry, and I took geometry, and I took physics.
William Kennedy (26:17.326)
Wow.
Jasson Casey (26:42.826)
That, I would say, kind of got me excited and interested in these other things.
Coming into that high school, I wasn't really on the advanced track, right? Like I hadn't, I hadn't taken, the geometry and I was a sophomore and generally like that's if you're, if generally you do that either your eighth grade or ninth grade, if you're on the more advanced track. But by the time I graduated, I, I had taken like, two, two courses in biology, two courses in chemistry, molecular genetics, two courses in calculus, two courses in physics, placed out of all of them from.
from an AP perspective and all in a of a short period of time and that was afforded partly by kind of realizing, hey, I can't compete with tennis, what else is there to offer?
William Kennedy (27:32.568)
But I'm kind of curious when you go back to your parents and say, I don't want to play tennis anymore. Were they the cattle? They were, right? OK. that wasn't going to be a fun conversation to have.
Jasson Casey (27:39.68)
they were disappointed.
Jasson Casey (27:46.891)
Yeah, but I mean, when you're 14, 15 years old, like how much are you actually thinking? You're not that empathetic. In fact, you're probably more of a psychopath. I didn't... Really?
William Kennedy (27:56.899)
I don't know about that. I don't know about that. mean, I could, I don't know about that. Especially if this is something that your parents are pushing, right? You just don't want to be in trouble or you don't want to be disappointed. You just don't want to be bothered, right? That's why you do things sometimes as a teenager, because you just don't want to be bothered.
Jasson Casey (28:15.04)
Yeah, I guess for me it was, knew I was gonna, I knew it was gonna disappoint them, but I didn't care.
William Kennedy (28:23.414)
No, that's good. That was fair, right? That was good. But it ended up, but it's interesting that you, you had it. What I want to explore there for a few minutes is was your ability to do all of that in two years, discipline or passion? Because that's hard for somebody that age to be that sort of mature, sort of rip through all that material in two years, especially now you got your freedom.
Jasson Casey (28:25.857)
Yeah.
Jasson Casey (28:51.21)
I would say it was a mix. So some of those courses I didn't want to take and my parents forced it on me, like English, the advanced English courses and literature courses. growing up, my experience was very much, you're going to, there were always high expectations and you...
there was always more on the table for you to achieve. So why weren't you doing that? like some of it was, was that some of it was passion. So like I was introduced to the concept of physics. I didn't really understand it. I took a physics course, my first physics course. Actually, I'll never forget the teacher is Ms. Monroe. And I thought the class was the coolest thing ever. Like, wait, what do you mean? I could actually predict.
Where this car is going to stop? What do mean? I could predict the flight of a ball What do you mean? There's a there's a model for reality Like these concepts kind of blew my mind and so that was absolutely a passion I would say math I I didn't have a great pre-cal teacher and so I rolled into calc almost as an obligation I don't think I did that well for the first semester
And then I realized, oh, wait a minute, the physics stuff I'm really interested in requires me to actually have a really good grounding in calculus. And so actually, I'll never forget the story. My calculus teacher, my senior in high school, called my parents suggesting I drop out of the class. And I don't think I was doing well that first of all. think was getting like a C or something. And I basically just taught myself the course in the spring.
William Kennedy (30:25.23)
Yeah.
Jasson Casey (30:33.876)
And I aced that exam. Like I actually got a perfect score at the end of the year on it. But it was motivation. And it was because I realized I needed this to do this other thing that I really got excited by. And that really excited by thing was physics.
William Kennedy (30:48.664)
See, I love that, right? Because this is the, from a parenting perspective, right? When you have kids at that age, if, till they find the thing they want to do, they're just not going to be motivated to do anything. My girls found early, like near the end of high school, what they wanted to do and have excelled ever since. My boys didn't find it in high school and they're just sort of finding it now at 21, 22.
Which thank God they're finding it because now they're stable and now they're right. have that, that goal. So anytime I hear a story about somebody in high school, sort of finding that thing they want to do or passionate, it's for me, it's a beautiful thing because it allows that person to kind of get on that road a little sooner. You seem to have found it in physics. So then I imagine that when you're going to graduate high school, you want to sort of pursue the physics. that like, where's your head?
Jasson Casey (31:30.7)
Mm-hmm.
Jasson Casey (31:43.117)
Yeah, that actually was it when I.
So when I, when I applied to college, I applied to the physics and engineering programs and my thought process was, Hey, I love physics. I've been, and you know, my, my, my, my second physics teacher also loaded me up with all these books. so I'd read, you know, everything written about Feynman written by Feynman. I had the Feynman lectures that I would listen to in the mornings when I was, you know, had an hour or two before class. So I was all in for physics, but at the same time, I didn't know a lot of physicists and it didn't seem like
they got jobs outside of university.
And so I thought I needed a backup. And so my plan was to double major and I'll do this thing called electrical engineering because from what I can tell, my dad was a double E and it seems like double E's can get jobs and double E seems like the most physics oriented engineering program I could, I could go to. So it kind of felt like I was not necessarily stepping too far away from the thing that was truly fascinating to me.
Yeah, that was how it started.
William Kennedy (32:52.558)
That's interesting. So what universities end up going to, or at starting at?
Jasson Casey (32:57.868)
University of Texas. I applied to a handful of universities. I got into a subset of them. And then I was faced with the cold hard reality of like university costs money. I was a Texas resident and UT Austin was like a top 10 school for what I wanted to do. And it was also like, I know it's more expensive today, but even
Even then it was, I think it was like $5,000 for the entire year. Like it felt like a steal. I could get a subsidized or I could get some sort of government loan to like pay for half of it. I could get a job to pay for the other half. It wasn't going to be complicated to figure out how to pay for it. And it was again, like a top 10 school. And the other thought process was,
It's a big enough university where if I screw up and this isn't really what I want, there are other things there.
William Kennedy (33:57.689)
Yeah. Yeah. Plus they got a hell of a football program. So you're to have some fun on Saturday.
Jasson Casey (34:01.822)
yeah, we walked into some pretty epic football. I'll never forget. I'm not a huge football guy, but I did go to almost all the home games that first year. Saw Ricky Williams play. Saw Major Applewhite step in off the bench and just literally right off the bench throw a long, long pass for a touchdown. I saw some really, really great college players then.
William Kennedy (34:28.696)
Yeah, don't know. When my daughter, number six, my stepdaughter was looking at colleges, we were kind of nudging her towards Notre Dame. She's at St. Mary's now. But I kept telling her, you want that football experience. You need that school that has that sports, because I feel like it adds another sort of dimension of getting everybody sort of together, right? Now you've got alumni. Anywhere you go on the planet, right?
Jasson Casey (34:51.222)
Mm-hmm.
William Kennedy (34:55.284)
And you sort of have that. I don't know. I think it's an important part of that, being part of that university, having that connection with others that you've never met. You walk by the airport, you're wearing the colors, right? Yeah.
Jasson Casey (35:06.89)
It's instant community. It really is.
William Kennedy (35:12.29)
So you go there, what was your, I'm assuming that you graduated from there, you finished that four year degree. So one of my favorite questions is always like thinking back on those four years and I'm assuming you got your, majored in electrical and you got a minor in physics or you did both?
Jasson Casey (35:36.275)
I realized I couldn't do both and swing a job. And so I gave up on the physics double major. I did the double E. My focus was on computer engineering, I think like micro architecture, embedded systems, that sort of thing. And yeah, I worked at a
I worked writing software at the same time as a way of kind of helping pay for things as well.
William Kennedy (36:07.712)
I was going to ask you that too, like was the job on campus or were you able to get something related in the field?
Jasson Casey (36:11.678)
No.
So I, through a friend of the family, worked at an oil company. Actually, it wasn't an oil company. It was a geoscience company. And they sold software into the oil industry. they offered, he told me about an internship program they had. And so I ended up getting an internship there my first summer.
And the gist of the internship was, hey, you know math, right? And I was like, yeah. And he's like, all right, you know how to write code in C, right? And I was like, yeah. Because I'd done a bunch of robotics projects in high school. I'd learned how to write in C. And they're like, all right, well, this job is really just geometry in C. It's not that hard. You'll figure it out. And.
William Kennedy (36:55.372)
You
Jasson Casey (36:56.875)
I guess I didn't screw it up. So they actually made me a part-time employee for my first two years of school. So I used that to help pay for school, but it was fun. I was exposed to Unix at school, but this was legit. You have to learn what LibC does. You have to actually learn how the Unix operating system works. had a Solaris on my, I think a Spark 2 on my desk, and I also had a SGI Onyx on my desk.
William Kennedy (37:03.118)
around.
Jasson Casey (37:26.37)
I had to make sure my software ran properly on both. Ultimately, I was working in the research group, so my job was to kind of help. My job was literally to be the LLM for my boss around like skeleton code. That was too trivial for him, but still requiring some level of about 20 on average.
William Kennedy (37:49.411)
How many hours a week did you work on average? that's a lot, dude. Full course load, 20 hours a week. I guess they allowed you to work around your schedule, which is good.
Jasson Casey (38:01.868)
Oh yeah, they were super flexible. All they cared about was eventual progress. They were incredibly generous.
William Kennedy (38:10.562)
Did you ever once think, I'll just do this full time, I don't need to finish my degree, I'm already in industry?
Jasson Casey (38:15.308)
The absolute fear of my parents, So actually it was a pretty funny story there. I finished most of my coursework inside of three years and actually went full time. And the courses that I was left with were the ones that I was highly, highly uninterested in. So like a government course, a...
William Kennedy (38:19.102)
hahahaha
William Kennedy (38:24.75)
you
William Kennedy (38:38.126)
Hmm.
Jasson Casey (38:44.926)
Fine arts elective. feel bad. Yeah. And I feel bad saying this out loud because I love the arts. love, I, I do actually like going, to shows and museums and I love history, but at the time I couldn't be bothered. I wanted to just be working. And, yeah, I think, there was one particular course that I, I didn't fail it, but I wasn't going to pass. So I dropped it like three times.
William Kennedy (38:46.23)
your liberal arts, like you had some liberal art classes left that you had to fulfill.
William Kennedy (39:12.811)
You
Jasson Casey (39:13.452)
And the last semester of that fourth year where I was literally just working on two courses over three semesters over and over and over again, I took a job in another city and I was literally just flying in on a Southwest plane to take the exam and then fly back. So yeah, I almost did not finish my undergraduate.
William Kennedy (39:24.546)
Wow.
William Kennedy (39:32.012)
Wow. Wow.
William Kennedy (39:36.888)
Wow. That's interesting. Yeah. It makes sense to me, right? Like you're just like, you're done with school. I'm already making money. This is a pain in my ass. Like, but you got it done, right? That's good.
Jasson Casey (39:49.325)
I... It's hard to put myself back in my mindset from back then. I don't know how much of it was obligation versus desire, but yeah, I eventually figured it out.
William Kennedy (40:01.71)
Because I still have, I was, okay, just real quick. I was never, I never had the status of senior in my undergraduate. I was, it was so cold outside and I hated going to class. I never went to class. And it was like, I finished my four years and I still had like 28 credits left. And my mom sat me down and she said, you're going to get it done now or it's over.
Jasson Casey (40:16.651)
Yeah.
Jasson Casey (40:23.841)
Yeah.
William Kennedy (40:30.058)
And I somehow did 28 credits in this one lot. And it had the best, I had a B that, it was my best semester ever. Right? And I got it done, but I'm not in, I made it my job to just get that done in any way possible. So somebody a long time ago was like, Bill, we can't find you in the yearbook. I'm like, yeah, I never got invited to be in the yearbook because I was never a senior.
Jasson Casey (40:37.963)
Yeah.
Jasson Casey (40:41.302)
You made it your job.
Jasson Casey (40:46.56)
Yeah.
Jasson Casey (40:57.995)
Yeah.
William Kennedy (40:58.166)
I just went from one status to ... But I still wake up sometimes with nightmares thinking I didn't graduate and I got to go look at the diploma on the
Jasson Casey (41:07.628)
I had nightmares about missing my final exam until I was 30, early 30s.
William Kennedy (41:14.774)
It's interesting, Wow.
Jasson Casey (41:16.426)
The anxiety dreams follow you for quite some time.
William Kennedy (41:19.758)
Yeah, I haven't had that in a while, but yeah, I would say for good 20 years, would have that anxiety dream. I like that. I like the way you labeled that. I would have that anxiety dream that I really didn't graduate because I was messing around. But your parents must have been ... My mom wasn't ... Well, like I said, she lectured me and then I got it done, so it happened very quickly. But yours is over three semesters, so that's almost like a year and a half where your parents must have been just on you a little bit at a time.
Jasson Casey (41:48.493)
Each year they thought I wasn't going to finish. Because yeah, was doing my own thing. I kept enrolling. I kept trying to take that class. honestly, I think in the end I actually depend. So this one particular class, it's like a D is technically not failing and you can get your degree for it. And I think I got a D in that class. And I finally said, I don't care. I'm done. This is enough. They'll check the box. Don't let perfect be the enemy of good.
William Kennedy (42:18.658)
You know, we had really bad attitudes. We were like, our GPA isn't on the diploma. We just got to pass. That was like the attitude. Just got to pass. Just got to pass. Just get this thing done. Just got to pass.
Jasson Casey (42:27.755)
Yeah.
Jasson Casey (42:31.54)
Yeah, my GPA inversely correlated to my work status. So when I went from part-time to full-time, it definitely took a dive. But I was also done with all, like, if you looked at the courses I really got into, like, did pretty well in them because I used them. Like, microarchitecture design, graphics, operating systems, like, that kind of stuff. Like, that was really, really exciting.
The signal processing and circuits courses, I wish I spent more time paying attention to them, but I knew I wasn't going to work in that area at least initially. The reason I say I wish is there are some projects I'm working now where I'm finding myself actually going back and teaching myself the materials so I can kind of understand a little bit about what's going on. But I guess the benefit of a foundational education is you can teach yourself.
William Kennedy (43:29.102)
Yeah, I wouldn't even have expected you to remember that completely, right? But it's like riding the... So my wife, who has an industrial engineering degree, her math is so much better than mine. I did the Calc 1, the Calc 2, I stopped there. I was honestly very immature at the time I was going to school, really immature. But now what...
Jasson Casey (43:33.014)
Yeah.
Jasson Casey (43:42.836)
Mm-hmm.
Jasson Casey (43:49.1)
I feel like you're saying a late teenager, early 20-year-old is immature. That's shocking.
William Kennedy (43:53.751)
No, I was super mature, And I think maturity has a lot to do with your ability to learn and have that discipline. But my wife's math skills are just way beyond mine. Like when the kids have the math they're doing today now, or even like trigonometry and the geometry and some of the higher end. Like I could open up the book and I know I can learn it. It's a relearn it at some level, but she still to this day has it in her head.
It's mind-blowing to me sometimes where I'm like, she doesn't even have to, or she'll skim a page and then she'll sit down and start doing it. And I'm just like, if I could have your brain for just a couple days, what I could do, because I feel like I'm doing pretty good with this brain, but it's not even close to what your brain is right now, right? It's just, it's just, yeah, it's mind-blowing to me that she, she has that. I imagine that even with you, you probably just have to...
Jasson Casey (44:32.086)
Yeah.
Jasson Casey (44:43.594)
Yeah, that's our fundamentals.
William Kennedy (44:53.484)
you know, even less than an hour, just absorb it and then it all sort of comes back.
Jasson Casey (44:58.518)
Some of it does, some of it I question whether I ever had it. So for instance, I can flip through microarchitecture stuff and that comes back pretty quick because I knew it pretty well and it doesn't take much. But then on the flip side, I may be looking at some complex analysis stuff. So this turns out to be really important in signal processing.
And I'm kind of convinced I never really learned it. And it takes a bit, right? And the good news is, like most things, there are a few fundamental principles that once you really understand them, you can kind of compose them in different ways and kind of get what you need. But yeah, some of it is you're just scraping the cobble-ups off. And some of it I honestly question if I ever truly knew it.
William Kennedy (45:54.745)
So how long were you with this company? Because you started working, you did get to graduate, you're doing this work. How long were you with them?
Jasson Casey (46:01.201)
yeah.
Jasson Casey (46:04.576)
So that part-time company that helped me get through first two years, I was with them for two years. Then a body of mine.
William Kennedy (46:13.358)
So what year is that then? Like you finished with them in like 2003? Oh, in 99. So you graduated high school in 97. You would have graduated on time if it were like in 91, right?
Jasson Casey (46:16.588)
99. That was 99.
Mm-hmm.
Jasson Casey (46:28.076)
So I graduated high school in 97. I started college in the fall of 97. When I showed up, was qualified as a junior. I had 60-some-odd hours of credits. Yeah. So I didn't really have to take any of the, what do they call them, leveling courses. I could jump straight into my material. So by the first two years, I was kind of done with
William Kennedy (46:38.83)
nice nice
Jasson Casey (46:55.436)
most of my engineering curriculum. And I still had a lot of stuff that I was deferring. And then I had some of the engineering courses that are just required for you to take but aren't necessarily germane to your focus area. And that kind of described my last few years. So a buddy of mine worked at a startup at the time. And I have always been fascinated with the idea of startup companies. And he's like, hey man, you can code.
and you understand systems and you should come work for us. And it was a bizarre thing for me. I walked in, I interviewed with a guy, asked me what kind of work I'd worked on. I showed him a little bit. He did the technical screen and they gave me a job. I was 19 years old and they gave me a full-time job.
William Kennedy (47:46.51)
How did you know this guy at 19? Because you don't really have a network yet.
Jasson Casey (47:50.705)
I had a network. It's called the NerdNet. I want say my first or second week in college, I went to my first party and I ended up talking with a dude in the corner and we spent most of our time talking about
We were comparing AP tests and scores and the nuances of Linux versus Solaris. what's that meme where there's the guy in the corner and the couple dancing and the guy in the corner is thinking, I bet they're thinking about such and such. Yeah, so at a place like UT, it's almost like nerds magnet to each other.
And so yeah, I met this guy first year. were, we were friends, but all we would ever talk about was technical things. He was a sys admin. He had, he had built with a buddy of his, like a little ISP in Fort Worth, Texas, when he was in high school. And so he, you know, he was a sys admin with like four or five years experience, adminning Solaris and he understood gate D and he could configure BGP and.
And so like he taught me networking things and I would do software things for him and he got hired as a network admin for the startup and they needed someone who had some software skills to work on the protocol side of things because it was a voice over IP company. And the people were all telco engineers. They weren't necessarily like software engineers. And it was also, you know, the wild, wild west of the late nineties, Austin, Texas. So, yeah, they hired me. I was radically unqualified.
But I bought a bunch of books in a cot and I slept at the office and I figured it out.
William Kennedy (49:41.901)
VoIP was really brand new in the early 90s. I was working for a company that were building inbound, outbound systems for call centers trying to compete with the big telcos. And I remember we were trying to introduce VoIP as a way of not having to pay for the big telco, right? Million dollar telco system that was, I mean, those systems were solid, dude, like no doubt. just the computing wasn't...
Jasson Casey (49:43.916)
Yeah.
Jasson Casey (49:52.522)
Yeah.
Jasson Casey (50:04.747)
Arbitrary.
William Kennedy (50:10.522)
The processors really made that hard because of the... Though again, again, it's voice, right? you have some... Somebody cuts out, you don't have to go back, right? You could just keep going. But no, there were real challenges just with the power of the computing we had. I remember.
Jasson Casey (50:19.777)
Yeah.
Jasson Casey (50:27.094)
Yeah, no, was fun and it was fascinating. I didn't really know telco systems. The company kind of taught me telco systems, but I did understand the basics of socket programming and I understood the basics of networking. And yeah, their insight was like, it wasn't just theirs, a couple people had this, but the human can tolerate a lot of error in audio.
It's cheaper to build a packet-based network than a circuit switch network. And the future is going to be packet-based networks anyway. So if you have a way of running voice on a packet network, you're going to have a cheaper operation and you're going to able to grow faster and capture new markets versus old stodgy telco.
And so that was their insight. So they raised all in, I think they raised like $300 million between like financing and cap cash. And we built a nationwide US network. We leased our IP or we leased our optics. We ran our own IP network over an optical backplane, like a sonnet backhaul network.
And they bought these voice over AP gateways and we would buy trunks from the local telco in large, large quantities, like bundles of DS3s. A DS3 is like 700-ish calls per DS3 and we would just buy big, big chunks of them in all these markets. And because of how regulation worked at the time, we would just pay a flat fee.
William Kennedy (51:57.807)
That's wild. Yeah, yeah, yeah. I think if I remember when we were playing with it, for where we were at, like compression allowed you to win or lose that game or something, right? Being able to compress it.
Jasson Casey (52:09.6)
So for us, was that that makes sense in the enterprise.
We were operating in the carrier space, so compression existed. So, phone call uses something called G7.11. They're not really compressing the audio. What they're doing is they're quantizing the audio. So it turns out for human speech, linear sampling isn't optimal. You actually want non-linear sampling to reproduce a slightly better audio signal. Then there is compression codecs called G729.
William Kennedy (52:16.686)
Hmm.
Jasson Casey (52:40.268)
And G729 could take like a 64 kilobit audio stream and shrink it down to nine. But when you look at the bandwidth savings that that gives you versus the cost of bandwidth, right? So like I just talked about a 64 kilobit audio connection, but we were buying gigabit or we were buying OC12 and OC48 connectivity. So we were buying in the gigabit to multi gigabit range.
putting kilobits on top of it, yeah, I could spend extra money and go buy this fancy hardware to do the compression, or I could just buy more bandwidth. And so we went the buy more bandwidth route.
William Kennedy (53:20.428)
Nice, Interesting. So how long are you with this company? Because that's pretty technical work. I mean, that's really technical.
Jasson Casey (53:28.446)
I was with that company for two years. It was like dog years. I married the company. literally lived in the office. There were several periods of time where I would sleep with the office. We had a shower. It was fascinating. Anything, any project you were willing to like embark on, the company would support you. Like it was too many. It was an environment of too many problems, not enough people, not enough money. If you want to go tackle one, have at it.
just prove to us you're not going to be reckless. And so it was my grad school, even though I technically hadn't graduated yet. But it was amazing. I learned a ton.
William Kennedy (54:03.992)
So then why leave after two years?
Jasson Casey (54:06.088)
we ran through the business field. Yeah. So the business fell in a really interesting way too. So the telcos at the time, they were all customers of each other and competitors of each other.
William Kennedy (54:10.623)
okay. Ran through the money.
Jasson Casey (54:22.524)
And so we kind of mismanaged our cash a little bit. Like we used cash or we should have used some debt financing. So we may have had like a low cash volume in our bank account. And one of our competitors who was also giving us traffic, they realized that we had screwed up our routing. And so they were giving us traffic to terminate that we were turning around and giving back to them. We were charging them less than they were charging us to re-terminate that traffic. They realized that and they didn't tell us, they just turned the dial up.
William Kennedy (54:46.03)
my god.
Jasson Casey (54:52.952)
And then they waited for us to catch up, catch on. And the minute we catched on, they filed an injunction for payment and that forced us to lock up the cash we had on hand and we had to file chapter 11. That was, yeah, Quest Communications did that to us. That was that world. so...
William Kennedy (55:08.29)
That's evil, That's evil.
William Kennedy (55:13.986)
That's evil. Wow.
Jasson Casey (55:18.924)
I didn't know, again, I didn't know what any of this meant at the time. had to have it all explained to me. I stayed on a little bit during the chapter 11 to kind of help run things.
But I had a girlfriend at the time and she had moved to Dallas when she graduated for a teaching job and I decided I wanted to find a way to get to Dallas. So one of the vendors that was calling on me, I called them up and said, hey, I need a reason to be in Dallas. I have an idea for how you can use your product. I'll introduce you to these three prospects that might buy your product. Would you hire me as a software engineer?
and they ended up hiring me, not as a software engineer, that's kind of why I ended up leaving that company and moving to North Texas.
William Kennedy (56:02.956)
Wow. Nice. now you move. You had to move in with your girlfriend though. That's a big change there, Jason.
Jasson Casey (56:09.516)
yeah. It felt, it felt, it felt, it felt normal. By the way, we're now married. but yeah, but.
William Kennedy (56:19.502)
that's good. You never know where these stories are going to go when you don't know. Okay, so that's good. You ended up marrying this girl.
Jasson Casey (56:23.5)
Yeah, it worked out. It worked out. And that company worked out too. That company ended up being the next ride in the journey.
William Kennedy (56:34.968)
So how long are you at this next company then? You're there for?
Jasson Casey (56:38.508)
I was at this next company for about three years. Yeah, so this company had, they were a startup that were a chip manufacturer and they built this thing that was very early version of software-defined networking. And one of their co-founders was a guy who invented this thing called the FPP and RRSP, this guy named Vic Bennett.
William Kennedy (56:41.582)
And you weren't doing software development? What were you doing over there?
Jasson Casey (57:05.368)
And it was a network processor. And it turns out it's the gear network processor that almost all the heavy equipment kind of used in their high-end network processing cards, right? So think like ATM switches, edge routers that hang off ATM networks at the time, that sort of thing. And they had built a version of the chip that could do essentially regular expressions at line rate.
So over to it, it's a big deal at the time. It could load a pattern and do pattern matching and substitution at one to two gigabits with minimal latency or the latency you would actually expect for a switch. the problem I was working on at that the Austin field startup was a firewall problem. How do I take my VoIP network and someone else's VoIP network and peer them?
without exposing the fact they're on a private network, I'm on a private network, so have to remap, right? I have a security domain, they have a security domain, I don't want to allow like just pure access. And voice over IP has a signaling protocol and a data protocol or immediate protocol. And a lot of the voice over IP protocols at the time, have what they create all these layer violations, which is a fancy way of saying, deep inside of the packet, it talks about IP and port and protocol information about another thing that's going to show up.
crosses a NAT boundary kind of invalidates itself. The minute it crosses a firewall, it kind of invalidates itself. So I was trying to figure out how do I get a firewall and a NAT that are VoIP smart, right, and can kind of handle this. And I called this company and they had been thinking about maybe they could solve that problem and I pitched them on my version of how they could build a voice over IP firewall, at least what it would look like from a customer's perspective and what the state of the art was.
given alternative equipment and it turns out because I had been working on this problem, I knew my counterparts at level three and global crossing and a few other companies and so was more than happy to make the introduction. So yeah, they hired me but they said, hey, we want you to become this thing called a product manager. And it's like, I don't know what that is. And they're like, don't worry about it. Just show up. So yeah, that was, I got that job. I loved it.
William Kennedy (59:12.762)
Wow.
William Kennedy (59:20.43)
Did you enjoy that though? Did you enjoy getting, getting your hands off it? You did. You enjoyed that. Why? What was it about that? They enjoyed. You're still young dude. Wait, wait a second. You're still young, right? We're talking about 2000. You're 21 years old. You've got five years of sort of industry experience already, right? We're talking about 2005 right now. 2000. Oh, 2001. Man.
Jasson Casey (59:26.538)
Well, the product manager has 21.
Yeah.
Jasson Casey (59:45.548)
2001. Yeah.
William Kennedy (59:49.506)
You are doing so much so quickly. can't even do the math on the years anymore. This is 2001.
Jasson Casey (59:54.423)
the yeah yeah I guess technically I was 22 I would have been 22 in 2001 but yeah I was 22 I had this this job that I didn't really understand but again I you know I knew what the product needed to look like
And it turns out that's really what the job of product manager is. And in a highly technical business like ours, or this company's at the time, the company's called NetRake. It's since been bought and sold. But in a highly technical business, product manager has to be respected by both customers, engineers, marketing, kind of everybody. And your customers are highly technical, right? Your customers are also representing their companies at the standards bodies, like IETF, arguing over
for like BGP extensions. So your customers are highly technical, your engineers by definition are highly technical, and you've got to sit in the middle of them. So if you're not technical, you're not going to work out. But also you've got to figure out what's the straightest line to revenue, what's the straightest line to what will work for these people, not what's ideal.
William Kennedy (01:01:02.542)
But how could you know that at 22 or I guess for the next 20 years now, this is what you're sort of perfecting this sort of role.
Jasson Casey (01:01:09.12)
yeah. mean, I'm giving you the 46 year old's version. I don't think I would have liked this at that time. No, the woman I worked with was a very seasoned product manager. She also grew up from the engineering route. She was a long-term kind of telco engineer, telco into product management. So like she was a great mentor.
And, you know, it was a startup environment. like the great thing about startups that at least I've been part of and like generally why I tell people if they should go to a startup is...
If you have the ability to work a problem, startup can almost never say no because they never have enough time and they never have enough people and they never have enough money. And if you have the understanding and if you're going to act responsibly and if you have some ability of tackling the problem, you're going to be let loose. And that was the environment. I had good mentorship and so yeah, we just did it.
William Kennedy (01:02:12.334)
I think that role is also critically important if you have somebody who can talk tech, but also talk non-tech. You got to be able to do that translation. But at 22, I don't imagine you have that ability like you obviously have today.
Jasson Casey (01:02:22.546)
Yeah.
Jasson Casey (01:02:30.43)
No, not at all. I had the benefit of the fact that my customers were engineers. So the first customer of that company was actually Japanese telco. And I'll never forget the way we landed them. So the protocol that was all the rage at the time for Voice over IP was called SIP, Session Initiation Protocol.
And I was kind of like an auto didact with all the RFCs related to SIP. Like I knew it inside and out. I had written all my own custom implementations of the protocol just to, this is kind of how I learned. Like if I don't build, don't, can't prove to myself I know a thing. And so I knew this protocol inside and out. And you know, I'm also building out the roadmap for the company. I'm a good product manager is always ahead of the engineering team in terms of what they're working on thinking about. And the Japanese customer was really
interested in solving this problem, they wanted to solve it on a time frame and their first gate to just moving into a POC was, well we want to see these three scenarios, can you show us log trace output of what your product looks like in those three scenarios? And so I stayed up one night and I just hand cranked it all out myself.
William Kennedy (01:03:38.51)
Wow.
Jasson Casey (01:03:39.628)
And there was another engineer, he was like a chip architect who he was also incredibly diligent. And so I used him as like my checker and then we gave them that output and they invited us to Japan for a POV. Yeah.
William Kennedy (01:03:55.727)
Wow, that's awesome. Wow, that was mind blowing. Everybody must, you must have felt great at that point. mean.
Jasson Casey (01:04:03.236)
I felt great, another way of thinking about it too is you're just raising the stakes, right? Because you're clearly showing what the product could do, not what the product did do. We go to Japan, and it was me, a sales engineer that I just hired, and a head of customer success. And this was our first customer deployment. anyone who's done business around the world already understands this, but I didn't.
William Kennedy (01:04:08.375)
Yeah.
Jasson Casey (01:04:29.452)
People behave differently around the world, people run networks differently around the world, cultures and customs are just different. So we show up in Japan and I had traveled through Europe and thought I was well traveled. So I experienced my first culture shock. It's like stepping off the rocket ship on Mars in a good way, but still like eyes wide, right? I was probably 23 at the time.
And I thought I was really adventurous from a food perspective. Turns out I wasn't. So all I would eat was rice for that first week. And so I was like losing weight. I was tired.
And also we built our product, at least the operating system of our product was built on BSD. And BSD had a lot of networking bugs around things like memory protection in the kernel on DHCP. it was before the era of things like CDP and L, what was it called? Link layer control protocol, LCP. Long story short, Japan liked to build really, really big subnets, like thousands of hosts on one broadcast away. And the rate
of ARPs and reverse ARPs was faster than the little kernel thread in our OS could handle. And so I'll never forget, I took the team, the Japanese team into a room to train them on how to design with our product. Well, my sales engineer was gonna hook it up and get the first demo running. And we come out an hour later and Gabe turns to me, he's like, Jason, oh boy, you got a really thick Cajun accent. can't do it.
William Kennedy (01:05:42.894)
you
Jasson Casey (01:06:03.746)
justice. It's like Jason boy this shit don't work. And so I sit down at the terminal and I see DB greater than and it's like well I've never seen that before and this is essentially what a BSD kernel panic looks like. And you know the so like the level of stress is through the roof and and the head of customer success like he's fundamentally a salesperson he's like Jason I I can't do anything here I'm going home.
And the SE also is still more of a sales person. Like I can't do anything either. I'm going to go home. So I ended up staying. They left.
fish out of water and then the Japanese like they're great culture they're super detail focused and their whole gist is if you give them everything they'll reciprocate and so every day we would work on this every day we'd go out to dinner every dinner we'd drink too much and then I'd go back to the hotel and dry and write up a big trip report and attach core dumps
And the goal was I provided enough information in a lucid way along for the team to diagnose the problem and give me a hot patch along with instructions on how to use it so that when I woke up the next day at 6 a.m. I could be prepared enough to go back into the office and kind of at least move the ball yard down the field. We did this iteratively but over the course of two weeks we got it up and running. We got invited to.
You know, we got hosted at like the big bosses fancy restaurant. I had a breakdown moment where I was so hungry that I just started eating everything they put in front of me. And then I realized, holy shit, this food's actually really good. And so that started my food adventurism, which has since gotten even bigger. But yeah, we got a check from them a couple of weeks later, $600,000. It was our first paying customer.
William Kennedy (01:07:45.46)
Hahaha!
William Kennedy (01:07:49.793)
You
William Kennedy (01:08:02.478)
So this is a theme with so many... ignorance is bliss, right? You're 22, ignorance is bliss. Those two other guys just go home because they're too seasoned. And you're like, I ain't giving up. Like today you would have just went home. But ignorance is bliss, man. It allows you to do things you never in a million years would sort of do if you knew better.
Jasson Casey (01:08:07.442)
Ha ha ha.
Jasson Casey (01:08:14.22)
Yeah.
Jasson Casey (01:08:26.454)
There are so many things about that initial trip that I'll remember till I die, right? Like made some really good friends, learned an incredible amount, built real partnership with our Japanese partners and customers, learned about a truly different culture.
And then the food thing, like, you know, I joke about it, but like food is very important to me. And I think it actually probably, at least one of the big parts started on that trip. Just eating over myself and tasting things.
William Kennedy (01:09:04.174)
But I imagine that when you saved that account, you made that happen because you stayed and you did that. I'm kind of curious, did they just pat you on the back when you got home or did they give you something for that work that you pulled off?
Jasson Casey (01:09:18.806)
Well, so in fairness, there was definitely a team that was being whipped daily behind the scenes to make sure that I did have a patch for when I woke up. So it certainly wasn't all me. But yeah, no, we won that account. We used that money to show progress. We used that to actually raise our next round.
I mean yeah, that company let me as a 23 year old essentially help set direction of the product. That company is a major reason, or at least a major pillar of who I am today. yeah, no, they definitely, they treated me very well.
William Kennedy (01:09:59.663)
So we've been talking for like over an hour and you're only 22 right now in this story. So I can't even imagine how much time we need to get through all of it. So we don't have time. So got like 20 minutes left with you. We got to sort of fast track between now and sort of where you are today. So when did you start with this company? The company that you're with today? What year did you start? 2019, okay.
Jasson Casey (01:10:04.383)
Hahaha.
Jasson Casey (01:10:16.437)
Yeah.
Jasson Casey (01:10:24.748)
2019.
William Kennedy (01:10:27.95)
And we're only in like 2002, three. Okay, so you got five minutes to like tell me how we get to 2019 from here. I feel like you're staying every couple of years. Like how many jobs are we talking about over this next 18 years or whatever?
Jasson Casey (01:10:30.476)
2003.
Jasson Casey (01:10:39.596)
All right, I'll give you.
Jasson Casey (01:10:45.356)
So I'll give you the cliff notes and then we can kind of drill in. So at the end of 2003, I started to become more wise and understanding of financing of startups and how that works. And while the company had been great to me in terms of learning and education, I learned about the preference stack and ultimately how that really meant that we would, the company would eventually get bought, but no one would ever make any money.
And once I kind of had that realization, one of my customers called and said, hey, we want you to come work for us. All these things you've been telling us we could do with your product, we want you to come help us make that a reality. So I went to work for a company called Level 3.
From there, ultimately that didn't really work out. Like the whole business unit that I was part of was speculative and that business unit got cut. And so at the same time I needed a reason to move to Austin, right? My then wife wanted to go back to grad school. And a friend of mine from NetRake was working for Alcatel and he was like, well, we always need a good solutions architect. Just come work for us, it'll be easy.
I went to work for him. I was involved on the periphery in some big deals with AT &T. I didn't really do anything to deserve any of this, but they treated me like I did. And I learned pretty quickly that I need technical excitement. Money's not enough.
And the former boss from level three went to another telco and said, hey, all those plans you built for us at level three, how would you like to execute them? So I went from there and I joined him at a company called Sentry Tel. Now they're called Sentry Link. And that was my first real executive job. I was 26. We did that for about...
William Kennedy (01:12:30.434)
That's crazy how young you are in these positions. It's mind blowing to me.
Jasson Casey (01:12:36.886)
So I built a team in Austin, Texas for this Louisiana based company. We built this product, launched it really fast. Culturally, I would say we weren't really that great of a fit with the telco, because we were kind of this startup group of pirates that we didn't really care what the rules were. We were going to get stuff done.
You know, we got stuff done, but we definitely rubbed a few people the wrong way. And ultimately the product we were building probably wasn't right for the market of that particular business. And from there, I ended up kind of getting into just doing my own thing. So I started working on the software to find networking stuff and it was super fascinating, super fulfilling. Didn't make a ton of money at it, but developed a huge amount of relationships with
company called Bel Air Networks at the Synthagoppa by Erickson, as well as Aruba Networks and a few others. At that point, I was feeling a little bit burnt out because all of these jobs, while I kind of shifted every two to three years, I was putting, you know, everything I had was going into them. And so my wife had just taken a position as a professor at Texas A
And so I've been trying to convince a professor to work on a technical project for me. And he's like, hey, you seem to be free. Why don't you do a PhD? So I did a PhD. I wouldn't have been able to do that without finishing my undergrad. And I'm
William Kennedy (01:13:58.223)
Wow.
Jasson Casey (01:14:03.306)
Yeah, that brought me back to that work that I had been doing just before the PhD in software defined networking, started this nonprofit called Flow Grammable. We ended up being kind one of the landing spots for people to kind of truly understand what this protocol called OpenFlow, how it works, how things changed across variations. Dell actually took almost all of our material. We made it open source, but they took all of our material and basically stapled it as an appendix to all of their switch manuals. So that was pretty cool.
And yeah, that brought me to the attention of a certain General Keith Alexander and I joined him in, this is 2014, to run engineering for his private endeavor, company called IronNet Cyber. In 2016, I was recruited to be the CTO of a company called Security Scorecard, run the whole R &D effort up in New York. And...
William Kennedy (01:14:58.702)
So let me pause you for a second because the 2014 job is the first time you're not doing telco, per se. Because everything up to there is, OK, go on.
Jasson Casey (01:15:07.168)
Yes or no?
Yeah. So, reason why I say yes and no is everything that I've always done in telco has always been at the IP layer. So I never really worked on ATM or cell or those other protocols. I was always working kind of packet-based networking. And when you go back to the fundamentals of what I was doing in NetRake, we were basically doing kind of packet capture and manipulation at line rate at gigabit. And in 2001, 2003, a gigabit was state of the art.
the software-defined networking work that I was doing had moved into the range of 10 gig and 25 gig and 40 gig and like the 2010-2011 timeframe and When you look at what General Alexander was doing with IronNet He was basically doing behavioral analytics Which is line rate packet capture in a large data center environment
And you're basically trying to do real-time metadata analysis to find kind of the needle in the needle stack, right? Where is somebody running a C2 channel? Where is somebody doing this? So it's all the same techniques. And the other interesting thing is we had to do it on commodity hardware. We weren't allowed to design or build our own hardware.
And so now you're like, all right, how do I squeeze everything out of the computer I have? And so you're thinking about like, cache line misses and branch predictors and cache line predictors. And how do I structure my algorithms in a way to where the hardware is going to achieve maximal, both parallelism, but also like all the prefetching and pre-caching stuff. Like, how do I make that, how do I make sure that I'm not getting in the way of all of that magic? And it turns out.
William Kennedy (01:16:52.994)
Yeah, you're staying mechanically sympathetic with the hardware and networks and yeah.
Jasson Casey (01:16:56.172)
Exactly. So that was the commonality. And then I also found myself being drawn more towards problem sets of, I don't want someone to tell me what the network looks like. I want to discover what the network looks like with some level of certainty. And it turns out that's an intelligence problem. And so yeah, for most of the 2010s, I basically worked big data network intelligence. But it was kind of a natural follow on from the 20 aughts.
William Kennedy (01:17:23.47)
And then tell me how Beyond Identity sort of comes calling. How does that come? Are you going after that? Are they coming after you? You're a very mature man at this point. You know what you want. Like to get Jason to work with you, you really have to make sure that he's going to be super excited and interesting in it, right? So I want to hear about the recruiting of Jason for Beyond Identity.
Jasson Casey (01:17:44.938)
Yeah, so my wife.
Jasson Casey (01:17:49.933)
My wife and friends would debate the mature property. So 2019, I resigned from Security Scorecard and I wanted to start my own company. And I was going down this road of security analytics. And some of the observations I had taken with me coming out of Security Scorecard was,
William Kennedy (01:17:53.887)
Hahaha!
Jasson Casey (01:18:11.18)
The most likely indicators of whether a company will suffer a breach have to do with how do they manage passwords? How do they manage second factor? How do they manage endpoint patch management? Like those three things is really what the cyber insurers were deciding whether they were going to underwrite or not at least a mid-market company
And so I had a large amount of analytic ideas kind of cooking around from my experience of the past decade. And I was thinking about starting a company in that area, but I also needed a break, right? Scorecard was intense. I gave them three years. So I took a trip to Greece. wanted to sail a sailboat around the island. So we rented this 40 foot sailboat. was just me and the wife and a bucket of books. And we hired a captain because we didn't want to do it all the time. And I got an email while I was on that
trip saying, hey, this is Jim Clark. I want to meet you. I live in New York. And it's like one of the first books I read back way in Austin when I was at that telecom company, Point One, was a Michael Lewis book called The New New Thing. And it was about Jim Clark, the guy who created Silicon Graphics, the guy who created Netscape, the guy who created Healthion, which then became WebMD, along with some other things. And my initial response is, no, you're not. Delete.
William Kennedy (01:19:26.19)
Right, right, right, right. Like you see that email, you're like, you do a little bit of work, right? You view the source, you're trying to figure out is this legit? But at end of the day, you're like, this is phishing.
Jasson Casey (01:19:28.458)
Yeah.
Jasson Casey (01:19:34.229)
Yeah, was, well, it was also like, represent Jim Clark and those emails are usually just garbage, right? But the dude's persistent and I get a couple more during the trip and finally I just out of, I don't even know why I replied, but I replied saying, all right, sure, I'll meet you. And I'm back in New York next week.
William Kennedy (01:19:42.254)
Yeah
Jasson Casey (01:19:55.485)
And the other kind of prophetic thing about this like Jim is famous for being like super sailor, right? Like he's built some of the world's largest sailboat sailed around the world and done these Massive underwater productions and whatnot. So like it's it's I guess there are moments of what's going on at the time that like make me a little bit more sympathetic is like, alright, maybe I will respond
So get back to New York and I take a meeting with this guy and this guy works for this guy works for Jim and Jim Sirius is a heart attack and him and his business partner and two of his engineers have are wanting to start an authentication company. And they have a lot of experience with authentication around a system they had built for houses houses and boats. Like when I say houses I mean like really big houses. And when I say boats I mean like really big boats. And
And, you know, Jim's whole take is like, Hey, you know, we invented SSL back at Netscape and, you know, we solved the server authentication problem. We never solved the client authentication problem. And man, is it a pain in the ass. And I want to do that again. And I was thinking about it and it is techniques that he, that he devised. They felt very clever. But the thing that really did it for me was, wait a minute. From all the knowledge that I have, I know for a fact.
that if you can manage credentials.
In a way where they can't be stolen if you can ensure the device that's asking for access whether it's service or data Is safe enough for the access that is being asked for you can actually prevent most most incidents You can actually make an uninsurable company insurable and that was the thing that clicked for me that made it kind of exciting and So yeah, we joined forces when I say we joined forces clearly Jim's the big partner in this and I'm the pipsqueak but But yeah, we started originally the name was zero PW. We we
Jasson Casey (01:21:48.694)
created an office like two weeks after that first meeting. Eventually we changed the name to Beyond Identity, but yeah that was 2019.
William Kennedy (01:21:58.895)
I'm curious, did you ever ask them how they found out about you? Do have any idea why your name ends up on his desk?
Jasson Casey (01:22:06.988)
Yeah, I think it's actually just a coincidence, right? They described their search as they wanted to build a New York based company and they wanted someone who was in New York. They wanted someone who had a deep security experience, right? I run engineering for a couple of fairly sophisticated security outfits.
And they wanted someone who had actually worked at startups and not like any old startup, but kind of like tier one VC backed startups that kind of understood what that means, the good and the bad, right? And apparently that list is not very big. At least in 2019, apparently that list is like six people. And yeah, I got the, what is it? The short rows or the long rows in the dating game? Yeah, we had the best chemistry.
William Kennedy (01:22:54.066)
You got the rose. That's awesome, man. you basically, now I'm curious, right? It's 2019. Is everything just sort of like a white paper right now? Has anything been built? Are you walking into a green field or are you walking into we've got prototypes and now we got to figure out how to productize this?
Jasson Casey (01:23:17.612)
Well, Nelson, so the engineers Nelson and Mike, they had come from a previous company named Commandscape. And so they had worked this problem from a different angle for years. So they were very experienced and knowledgeable. But we basically clean room to the product. So we started, we started.
In 2019, now Nelson and Mike already had quite a few things laid down because I think they got started in like March of that year. Whereas I didn't really join the effort until September of that year. But we ran fast. We had our first POV in November.
And when I say POV, we deployed at a customer for a proof of concept in November of 2019. We had our first paid customer in March of the next year. We raised our first financing, I want to say, in like...
actually March of the following year. Now that was a friends and family customer. What I mean by that is everybody who's done startup probably knows what that means. But you know it's a company that's predisposed to like you because you've worked with them before or you're friends with them in some way. We landed our first non friends and family customer with Snowflake.
in like the third quarter of 2000. So that was our first legitimate win and they did it during their IPO process to help them with an audit finding, right? Like they, their developers were exporting certificates from their development machines to work on their gaming rigs and Snowflake, they had, you know, they wanted to always know what person on what machine with what security controls at what time.
Jasson Casey (01:25:01.58)
And so we helped them solve that problem in a way where the developers couldn't work around us. And yeah, it was a great relationship with them. They helped us build out other parts of the product with real operational user feedback. And yeah, that was the beginning of the race. We just ran fast.
William Kennedy (01:25:22.958)
So what I'm curious about from a business perspective is what is the cost of deploying this type of technology? And I know you're to say, if you don't do it, the cost is higher. But forget about that for a second. What's the real cost of hard cost of deploying this? And what kind of companies should be? I have a sp-
Jasson Casey (01:25:36.607)
Ha ha.
William Kennedy (01:25:49.423)
45 person consulting company we work for clients. Some clients send us machines because their security levels are high, right? So, you know, should a $5 million company be looking at this, a $20 million? What is the profile of someone who has to now seriously, take this seriously.
Jasson Casey (01:25:53.547)
Yeah.
Jasson Casey (01:26:09.866)
Yeah, so the generic answer, there's a version of this available for everybody. But let me talk about the profile of our customer, because that'll probably be more germane to your question. We focus on regulated companies that are generally regulated, critical infrastructure, defense, defense tech, governments, and big tech. So anyone who's the target of intellectual property theft, anyone who's the target
of kind of organized campaigns of extortion. Anyone who's the target of nation states, which turns out to be a lot of critical infrastructure, banking logistics. So, you know, there's a big war going on in Europe right now, right? That is producing a lot of cyber activity around critical infrastructure. There's the threat of encirclement and a war over in Asia, right, with China and Taiwan. That is...
producing a lot of kind of early reconnaissance and kind of like prepping the battlefield if you will. And then there's everything in between in terms of crimes of opportunity as well as crimes of let's go get some money. Our customer is typically, you know, they have a good security program, they have an EDR, they have an MDM.
they have a mature business and what we provide for them is a way to kind of leverage their existing security framework into their identity stack. So we'll plug into their Okta, we'll plug into their Microsoft Intra, we'll also plug into their existing EDR, Sentinel-1, CrowdStrike, Microsoft Defender. We'll tie all that together in what we call identity defense and the impact we'll bring to them is no more...
No more phishing-based attacks for anything that's access-based. Session hijacking prevention, man in the middle prevention for the purposes of session hijacking. And they'll see a reduction in security incidents. They'll see a reduction in help desk tickets. Like these are quantifiable. We see them in our existing customers. Our customers will reference this on calls. But yeah, our customer is typically someone who...
Jasson Casey (01:28:28.436)
already has a security architecture and either is compelled to operate in a certain way because of certain compliance or they sell into a marketplace that is and therefore they take some of that burden on themselves.
William Kennedy (01:28:43.724)
I feel like some of the biggest, I feel like the biggest threat is not from the outside, but from the inside. Like that employee that gets disgruntled, that had access to this or that, and now decides that they're going to do something like retaliatory, right? Whatever that is, right? I always feel like the the biggest jobs I've ever seen have come from the inside. so it seems like you're also able to monitor on the inside who's doing what at some level.
Jasson Casey (01:29:13.388)
So here's a way of thinking about it. When you have a system that's based on passwords and tokens or symmetric secrets, there's nothing about that token that tells you about the device someone's working from. So you have to assume possession equals authorization. So like, hey, this credential was used to access these documents. All right, from what device? Well, I have no idea.
Generally, it should only be these devices because we have these profiles in place, but I can't really say. So you have to take this conservative blast radius. When you're using a technology like ours that's hardware-backed and device-bound, just because someone's enrolled doesn't mean they have access to anything. You actually split the concept of enrollment and authorization. This gives you an ability to understand precisely, at the time of access request, what person, on what device, and what geography
with what workload on that device, right? So in the AI world, the question becomes like, what user authorized what agent running what model on what machine and what geography with what permissions for what time period. In a non-human world, it's kind of like what operator authorized what payload on what drone.
with what identity to go where, right? And in a workforce, it's all right, what worker on what computer with what existing security controls in what geography, right? Because GDPR and some of these national edicts are starting to kind of have teeth, is allowed to access what and for how long? So we can answer that precisely in a fine-grain way. And also produce an audit after the fact that's tamper-resistant.
William Kennedy (01:30:50.262)
No, it makes total sense, right? Like, there's a lot of companies that won't let you use your own hardware. There are some that do, but regardless, Knowing what machine it was done on, and it could only have been done on that machine, it almost doesn't even matter if it was me doing it because I've allowed my machine to be compromised. So it's still my responsibility at the end of the day, right?
Jasson Casey (01:31:13.952)
And the great, 100%, and that's one of the things with insider threat. Insider threat is a little easier to handle just because for the most part, the long arm of the law is always available for you on insider threat. As an insider, if you do something, you're eventually gonna be found out and you're gonna go to jail. When we're talking about general cybercrime,
Our chances of sending that person to jail from Minsk or St. Peter's is zero, right?
William Kennedy (01:31:45.504)
Yeah, yeah, yeah, you're right. North Korea or whatever, you're never getting to that person.
Jasson Casey (01:31:49.833)
Exactly. like there is no...
crime and punishment when it comes to some of this international activity. Insider threat by definition applies. They have a relationship with your business in some way, shape or form. That's not to say that it's not going to happen and you don't need to protect against it, but there's a lot more controls that you have on insider threat. We've actually seen a lot of companies focus less on prevention of insider threat and more on audit because if they can always guarantee a tamper-proof audit, they can always guarantee that that person is going to
to jail.
William Kennedy (01:32:25.112)
See, I don't know why, I know there's aspects of the blockchain where you want to be anonymous, right? But when crime happens there, you have no recourse, like you're done. But if the blockchain had this, where we're validating not just that you have a private key, but a private key also tied to this machine, and nobody else can use that wallet unless they're on this machine. Like that too would reduce sort of somebody stealing.
Jasson Casey (01:32:52.479)
100%.
William Kennedy (01:32:54.348)
your key and using it somewhere, right?
Jasson Casey (01:32:56.46)
You can see this kind of starting. I read an article the other day, so there's a video game called Battlefield 6 and there's a big controversy around it right now because the latest release wants you to run Microsoft Secure Boot. And the reason it wants you to run Microsoft Secure Boot is they're leveraging technologies very similar to what I've just described. Slightly different application, but they're using the same building blocks as cheat prevention.
Because when you do it this way, right, and you know what person on what device, you can also add in a couple things that basically say, this key will only work for this person on this device and also if the hardware or operating system drivers haven't been modified in a specific way, which is how some of these more advanced cheats work. So yeah, I think it could work on the blockchain. I think it could work in a lot of applications.
William Kennedy (01:33:45.007)
Yeah, yeah, I see it. seeing, I'm seeing it. It took me an hour and half, but I'm starting to see it now. Like why, why wouldn't you as an individual not want to do this? Especially where, like I go back to, if somebody steals your email, you're cooked, you're done. They reset everything in 10 minutes and you have no recourse. But if every one of those authentications was tied to the machine,
Jasson Casey (01:33:50.241)
Yeah.
Jasson Casey (01:34:02.157)
Mm-hmm.
William Kennedy (01:34:13.408)
And you could even geo-fence that.
You wouldn't panic when your password got compromised because it's not enough.
Jasson Casey (01:34:23.648)
The other crazy thing, or not crazy thing, but like really interesting thing, they're deterministic controls. They're not probabilistic. I'm not saying with 90 % certainty you're operating from this machine. I'm saying with 100 % certainty, under the only assumption that the manufacturer of this chip hasn't been compromised, it is in fact the exact same machine that enrolled this key.
William Kennedy (01:34:45.646)
Yeah. All right. I got one last question for you. love asking people of all sort of levels this question. It might be interesting to ask this question to some people over there as well. What keeps you up at night? As it relates to the business, right? What keeps you up at night today?
Jasson Casey (01:35:07.683)
Let's see, we protect some pretty high for a vile customers, so we're a target. And just like anyone, there's always things we could be doing better. There's always things we could start doing that we're not. I'm always thinking through those scenarios. From a business perspective,
You know, this is my first time being a CEO. I'm two years in the job now. So, you know, I'm operating a bit differently than I was a year ago, or certainly two years ago. But, you know, what do I not know? What am I missing? I certainly have instincts that I trust on anything that is infrastructure, tech, tech, defense related. But there's certainly areas where my instincts just aren't as developed, right? Like,
When you're pitching to an organization that doesn't value technology at all How do you how do you connect is? I shouldn't say it doesn't value technology at all But like it's not tech or security driven or or compliance driven like like that is You know, that's a harder thing for me and I definitely rely Rely on you know, pretty good team to kind of to help me and then also short short some things up there
William Kennedy (01:36:29.538)
Have you ever thought of joining one of these, I don't know if they still do it, but they were companies that started bringing CEOs together in small groups to mentor each other. Have you ever thought about that?
Jasson Casey (01:36:42.666)
Yeah. I think that's called group therapy. The funny thing is it kind of happens impromptu. So as a VC back tech startup that sells to the enterprise, you're obliged to go to the certain events throughout the calendar year. And at these events,
Everyone is trying to of vie for your attention to buy their stuff, right? Whether it's banking products, be let them invest in you in the next round or trying to sell you something. One of the fringe benefits of these get togethers is at some point in the evening, usually you're...
there's six or seven of you around the table. See, just CEOs and startups, right? And you're all slightly different shades of the same problem, or you're all suffering from slightly different shades of the same problem. And so yeah, these kind of group therapy things do show up. Yeah. I try to talk to as many CEOs and founders as I can, just because it's, you know, it's like reading, right? Like you're...
William Kennedy (01:37:36.854)
Yeah, no, it's good. It's good to have that.
Jasson Casey (01:37:50.389)
Life is short, your time is limited, you're never going to meet everyone, you're never going to see the world. So there are these other avenues to try and extend your experience or at least get proxy experience. And talking to other people in your role is a great way for that. It's also hard though, right? Because your role by definition is almost all consuming. And so you almost have to make time and seek some of these people out sometime.
William Kennedy (01:38:15.544)
So I'll tell you this, have, at a much smaller scale, I have the same problem. And I haven't been able to fix it at a small scale. I hate when I go to a website. Again, I am putting myself in this category, a company website, and I can't within like 30 seconds know what you do. My website is bad, dude. I look at it and I...
Jasson Casey (01:38:21.804)
Mm-hmm.
Jasson Casey (01:38:37.238)
Ha ha.
William Kennedy (01:38:42.604)
I started A-B testing at conferences asking people, which one do you like better? Because I can't figure it out. And I'm in the industry. And you have this word identity-based attacks. And it's taken me an hour, I think, understand what that means. so these are the things that drive me. You don't want to be in a place where you have to educate people. You want to somehow get them to click on.
I'm looking at your homepage and my brain's going, I wish there was some sentence about what identity-based meant to help me read the rest of this homepage so I could now really appreciate that I need this. I have the same sort of problem. I think lots of companies have this problem, especially with all the products that you have and all the different things that you're doing.
Jasson Casey (01:39:18.636)
Mm-hmm.
Jasson Casey (01:39:24.128)
Yeah.
Jasson Casey (01:39:32.321)
Yeah.
Yeah, for us, it's definitely, so message and positioning is hard no matter who you are. For us, we're definitely in the evangelism phase of what we do. Like what we do is not, we're not a category that already exists. Like we're just not.
And, you know, the simplest thing that I've come up with or that we've come up with that tends to resonate, because we do the same thing at the conferences, like, tell us which of this lands more, is it really just comes back to 70 to 80 % of the security incidents your SOC deals with today are actually preventable. You don't have to suffer letting them happen and then spend time chasing them down. You can actually prevent them by just plugging us into your identity stack. Like that's what identity defense is about.
If we want to double click a couple layers down, can tell you all about how it happens, how it comes about. We can take you through the MITRE ATT &CK framework and what are all the variations. But at the end of the day, really is about 70 to 80 % of what brings risk to your organization and where you spend time could actually go away.
William Kennedy (01:40:43.374)
It's almost like you have to meet somebody who recently had the pain because, right? Because think about it, like again, I'm a small company, right? And I don't have this pain. So it doesn't resonate with me as much as it should after talking to you for an hour and a half, right? And so you almost have to convince somebody that there's pain here, even though you're not feeling it yet, I guess. So comp, it's interesting, right?
Jasson Casey (01:40:59.404)
Yeah.
Jasson Casey (01:41:07.02)
So, yeah, so for the folks that we target, they almost all have SOCs, security operations. And so that number is quantified. Like their CIO or CFO signs off on a budget in both headcount and tooling and time and materials for third parties to come in and help. So like it's very quantified.
There's also a help desk angle. Like when you think about old school identity access systems, a certain amount of the help desk is always working on account lockouts and resets. And so that number is usually known at a large organization as well. Like in the companies that we deal with, that in itself is usually a million dollars a year in expense, just dealing with account lockouts and password resets.
William Kennedy (01:41:58.798)
Yeah.
Jasson Casey (01:41:59.564)
And it gets even higher in businesses that use like outsourced consultants and contractors and whatnot. So there's ways of quantifying it, but you're right. You have to be a certain level below a certain size organization or below a certain kind of security risk. It ends up being more around good hygiene.
Right? So like we have a, we have this thing called an accelerator program where we'll let like pre-financed startups or essentially people with real risk, but without any sort of material budget, we'll let them have access to the product, essentially gratis. But they also know they're a target, right? They're like an NGO and they do, they do reporting in hostile areas or, or they're a defense tech or defense accelerators or that sort of thing.
William Kennedy (01:42:54.872)
So I have a client who's, really in the AI platform business, companies that don't want to run in the cloud. They want their own stack. They want to be SOC 2 compliant. They make me run that Drata software. But between you, me and the wall, Jason, okay, I have to make sure my hard drive is encrypted and I have to do, like, it didn't give me the warm and fuzzy that I'm like, like doing anything real to earn SOC 2.
Jasson Casey (01:43:15.094)
Yeah.
Jasson Casey (01:43:23.685)
Welcome to Checklist Driven Security.
William Kennedy (01:43:25.742)
You know, like, just, it just, whatever you need, man. I'll do these things, right? But I, like, I, yeah, I'll do whatever you want. But I don't know, dude. It didn't make me like want to go to sleep. I didn't sleep better. Let me just say that.
Jasson Casey (01:43:42.39)
You
Jasson Casey (01:43:46.349)
The, yeah, so security compliance is interesting, right? But SOC specifically, like if you ask yourself, how many, do companies who have SOC two not get breached? And there's a very clear answer to that, right? With that said, this is just how compliance works the world over. If you want to do business with someone who falls under a certain regiment, you have to follow that regiment if you want to work with them, which you experienced. Yeah, so there are things.
William Kennedy (01:44:12.172)
Yeah, yeah. I don't know. Some of it makes me laugh.
Jasson Casey (01:44:16.542)
Yeah, there are things that we actually one of my funnest interactions and I say this facetiously with an auditor was we're going through an audit and they were getting to like the password management section of the audit. They're like, well, show us how you rotate your passwords. And I'm like, well, we don't have passwords in our system. They're like, well, I guess you're failing this finding. And I'm like,
William Kennedy (01:44:36.184)
Hahaha!
Jasson Casey (01:44:39.41)
And you'll get people that, and this happens in all industries, right? But you get people who follow a checklist that don't really remember the root cause of why the checklist exists in the first place. And that can be quite frustrating at times.
William Kennedy (01:44:52.984)
Yeah. All right, dude, we are like so out of time. I just couldn't, I couldn't cut us off early. And yeah, we could have, we could keep talking. I'm really enjoying the conversation, but we're out of time. for the people that have been listening, we'll get this in the show notes. If somebody wanted to reach out and talk to you about the product or had a question from what they heard, what's the best way for somebody to reach out to you?
Jasson Casey (01:44:56.268)
Alright.
Jasson Casey (01:45:03.232)
Cool.
Jasson Casey (01:45:18.592)
Yeah, so a couple different ways. You can hit the company in general on the website. I'm on LinkedIn and post fairly regularly. You can hit me directly on there. I'm on Twitter, I guess X. I'm more of a lurker. I don't really post a lot, but you're welcome to kind of hit me up there too. And yeah, we come to most of the security shows and we have a heavy presence in New York and the Bay and Texas and DC.
William Kennedy (01:45:48.408)
Brilliant. You don't get out to the shows though, right? have people doing the conferences? you do. Okay.
Jasson Casey (01:45:52.98)
I do. I'm dialing it back a little bit, like, think, yeah, this summer was crazy. was home. I was only home for like three weekends the entire summer. Combination like customer travel, show travel.
William Kennedy (01:46:03.596)
Yeah, just, I did three weeks straight recently and I used to live on the road, but now it just burns me out, man. just, three weeks is, I get it. You just want some time home. I totally get it. All right. So this is the OnLabs Podcast signing off. Jason and Bill hope to see everybody again real soon. Thanks, Jason.
Jasson Casey (01:46:16.32)
and
Jasson Casey (01:46:26.359)
Thanks for having me.
Trending Resources
Machine Credentials Are Identities, It's Time to Treat Them That Way
September 23, 2025
.png)
Universal Identity Defense for Legacy and On-Prem Applications with Beyond Identity and CrowdStrike
September 15, 2025
.jpg)
The Unseen Threat: Why Non-Human Identity (NHI) is the Next Frontier in Security
September 3, 2025
Secret Blizzard: A Russian MITM Operation Targeting Embassies (and Why Modern Identity Security Matters)
August 21, 2025
.png)
CrowdStrike Warns: Identity Is the Fastest Moving Threat Vector
August 12, 2025
Introducing the New Beyond Identity: Dare to Do Identity Differently
August 12, 2025
.png)
Hiring Fraud Is Costing You More Than You Think
July 22, 2025
.jpeg)
What Is Push Bombing? And How Beyond Identity Makes It Impossible
July 8, 2025
Make Identity-Based Attacks Impossible
August 11, 2025
Meeting CJIS Compliance with WDL
May 27, 2025
PCI DSS Compliance with Beyond Identity
March 6, 2025
.jpeg)
Online Job Board Safety: How and Why To Avoid a Scam
March 7, 2024
ChatGPT's Dark Side: Cyber Experts Warn AI Will Aid Cyberattacks in 2023
February 29, 2024
Improving User Access and Identity Management to Address Modern Enterprise Risk
February 20, 2024
Okta Cyber Trust Report
January 5, 2024
Securing Remote Work: Insights into Cyber Threats and Solutions
October 30, 2023
GuidePoint Security Movie Premeire of Wicked
November 19, 2025
GuidePoint Security 3rd Annual Houston Golf Outing
November 13, 2025
GuidePoint Security's Pinehurst Golf Outing
November 12, 2025
GuidePoint Security Public Sector Vendor Fair
November 5, 2025
The Red Carpet Breach: An Immersive Experience & Dinner
October 22, 2025
Happy Hour during Gartner IT Symposium with GuidePoint Security
October 20, 2025
GuidePoint Security Hershey Park Event
October 11, 2025
GuidePoint Security Racing Day
October 10, 2025
