Friday, May 24, 2024
82.8 F

    S6E10 – Matt Wyckhouse, Finite State

     Elio:     [00:01]      This episode is brought to you by our friends at Nodis. Nodis is a fast-growing smart glass technology startup headquartered right here in Columbus, Ohio. Nodis’ TruTint technology gives you the ability to change the tint, color, and temperature characteristics of windows, which helps to make buildings more energy-efficient, and the inside of your car more comfortable. Ahead of a Series A funding round, Nodis is investing heavily in Columbus by building its commercialization, systems engineering, and sales teams here. And the company plans to build a manufacturing facility in 2020 as they ramp up production and sales of TruTint to glass manufacturers across North America. To learn more about Nodis, explore investment opportunities and browse their job openings in Advanced Materials Research, systems engineering, sales, and manufacturing, visit    

    [00:55]       614Startups Nation, welcome to another episode of the 614Startups podcast. My name is Elio Harmon, your host. I always say this, and I think I try to always deliver on this, but I have a phenomenal guest today. My guy Matt Wyckhouse of Finite State. Matt, welcome to the show.      

    Matt:  [01:14]       Thank you very much for having me.


    Elio:     [01:15]      All right, man. Well, I met Stephanie, we connected on LinkedIn, which is how I kind of get introduced to a lot of people. I had heard Finite State; I was immediately interested and so she and I connected. We had a wide-ranging conversation, and I was like, “You know what? I would love to have Matt on at some point. We have to sit down and do that. But I’m booked out all the way through the first quarter of 2021.” Well, something fell through and the first person I thought of was, hey, this is a great opportunity to get Matt on. I want to talk about the world of cybersecurity. I do not think I’ve had a guest since we started this show, who could really help the audience understand the world of cyber, the world of security, and kind of how that plays into our everyday lives. But before we get into that deep conversation, really want to get to know you. Please share a bit about your background with us.


    Matt:  [02:07]       Yeah, well, again, thanks for having me, and for all the kind words. That’s really nice. So my background, actually born and raised in Ohio. I’ve never left the state from a permanent relocation standpoint although I’ve traveled all over the world in my career. Went to Ohio State and studied computer science and engineering there. And early in my undergrad career at Ohio State, I started an internship at Battelle. So I had heard of Battelle kind of, but it was the shadowy place that no one really knew about. This going back a little bit further than I’d care to admit about 16, 17 years ago. And I knew I wanted to work in national security, met them at a career fair, and very quickly started an internship there working in software development. And so that was really early in the sophomore year of my undergrad. I decided to focus on software development because of my experience at Battelle and quickly grew into a contributing engineer on a lot of really interesting projects. Started in modeling and simulations – we were building basically video game simulators for robotic systems for people in the army and navy so that they could learn how to use the bomb disposal robots that they had to use out in Afghanistan and Iraq, which counter to what you would think, they actually break all the time because soldiers don’t know how to use them properly. And then when they break in the field, then you have to send a person and to go disarm explosive, which you really don’t want to do, so training is really important.


                [03:38]       So I started there, and then moved into high-performance computing from there where we were using the graphics cards in computers, not to render video games anymore, but to solve really complex mathematical problems. And that pulled me into what we would call signals intelligence, where we were dealing with signals that were collected somehow by an intelligence agency, and we were supporting their missions to go collect intelligence on our adversaries around the world. And then eventually, I moved into cybersecurity from there because as adversaries started changing their tactics, the intelligence community needs to keep up with those. And so that meant that we needed to find new ways to collect intelligence and new ways to also understand how adversaries might collect intelligence on us. And so that led me into the world of reverse engineering hardware and software systems, finding vulnerabilities inside of assembly code, building out systems that can do that somewhat automatically, and working with really, really interesting customers, supporting really important missions around the world, everything from counter-proliferation missions to counterterrorism.


                [04:53]       And as I was doing that, that was when the board of directors at Battelle said, “We’re on all of these other boards at other defense companies, and everyone has the cybersecurity division. Battelle, why don’t you have a cybersecurity division?” And so the executives took that as an action and went and said, “Who knows about cybersecurity at Battelle? Who knows about how to do this national security-related work?” And they pointed at me and said, “Hey, we’re going to start this new business unit, we want you to help lead it. We’re going to send you to a week of business training so that you can go beyond the engineering work that you’re doing”, And then we were off to the races. We basically started a startup company inside of an 80-year-old company at Battelle because we knew we needed to attract new talent, we needed a different style of working, they wanted to go after different types of business than what Battelle had traditionally done. And so I worked with an amazing team to get that started. We had a general manager that they paired up with me, an engineer who knew nothing about starting anything inside of a large company and had a team of about 20 people. And then over about a six-year period, that was about the remainder of my career at Battelle, we grew it from 20 people to, it was getting close to 200 people in that business that were doing really important national security work. Really advanced research and development on all aspects of cybersecurity, from understanding vulnerabilities in hardware that might come into the supply chain, to helping to secure automotive systems to continuing to help support the intelligence of defense customers we had for a long time. So I had a really amazing experience and got to see things that probably no one gets to see in their career, and learn a lot about what really happens when adversaries can attack systems, how they do that, how they find these vulnerabilities. And that’s really how I got started.


    Elio:    [06:52]       Well, listen, Ohio kid works for an Ohio company, stays in Ohio, and continues to build a company outside of that. I think that’s the kind of story, right, that kind of retention. Homegrown talent, going to a homegrown school, working for homegrown companies, spinning off a homegrown startup, so that’s amazing. Now, for us civilians, and I know you were a civilian still, but you were working with national security or on national security issues. There is this kind of “ignorance is bliss” that citizens of the country get to enjoy because folks like yourself, and companies like Battelle are engaged in the work that keeps us all safe. However, this “ignorance is bliss” allows us to really be able to point the finger and be critical. So when you start to think about an instance like Edward Snowden in mass surveillance, it’s easy to kind of point the finger at the State as it tries to make sense of everything that is changing and evolving in our world when it comes to national security. As somebody who came straight out of college with the intention of working in national security, what was it that you thought you were getting into, versus after you got into it you realized, “Oh, this is what national security is all about”?


    Matt:  [08:20]       Yeah, that’s a really interesting question. I’ll never forget the first day I actually walked into Battelle because it was, again, especially 15 years ago, they were really under the radar. It’s this campus that’s right next to Ohio State but no one goes over there. No one really knows anything about it. And it was very secretive and for good reason. Battelle has roots. They’ve done really incredible research and development, but they participated in the Manhattan Project and did that very secretly. And so that kind of foundation was institutionalized there for a long time before they started becoming a lot more public about what they did. And I remember walking in and thinking, “My God, what is this place?” It looked like it was out of a TV show, like one of those crazy, quasi-government agencies with glass all over the place. And then we were going into different buildings, and the building I was working in, or I was taken, I mean, honestly, it looked like the inside of an old submarine. It was dark. It was kind of in a basement. There were all these red doors all over the place, and gray kind of brick all over, and then you would go in and there were just all of these brilliant people working on these amazingly hard problems with whiteboards, equations all over the place. And I remember thinking, “Wow, this is my dream. This is where I need to be. This is amazing.” And it continued on that way for a very long time. There really are absolutely brilliant people working on some of the hardest problems you can imagine.


                [09:56]       I mean, there are people working on quantum key distribution systems at Battelle right now. How do you securely exchange cryptographic keys using quantum mechanics? There’s really, really crazy stuff going on there. And so that’s what I thought national security was going to be, and there are a lot of times that are like that. You see these amazing breakthroughs and you think, “Wow, I can’t believe that we figured that out.” On the other hand, you’re working for the government, and the government is a gigantic bureaucracy. And so there are times when things would be slow or maybe the government was investing in the wrong things and there’s just so much inertia that you feel like you can’t change it. And so I would say the other thing that I realized after a long career at Battelle is there’s an assumption that the government, the intelligence community knows more than everyone else, they have more advanced technology than the private sector in all cases, and the other factors. It’s just not true.


               [10:59]         I think that there are times, there are specific things that the government has historically invested in, where they have amazing capabilities that the private sector might not have but the reason that they don’t have it is because the private sector doesn’t need it, not because they can’t build it. And in cybersecurity, I’d say that there are a lot of companies in the private sector that have as good, if not better, technology than what the government has because they don’t necessarily become constrained by the bureaucracy that exists there; they can move faster. Startups are much more nimble than what the government can be. And so, I think we’ve seen the government recognize that over the last decade or so, and have done a lot of work to try to engage with startups from the In-Q-Tels of the world to the DIUx program inside of DoD and lots of other programs designed to try to get that innovation coming back into the government because they have lost some of that over time. But the bottom line, I wouldn’t trade the experience that I had at Battelle for anything. It really was an amazing place to work for a long time.


    Elio:    [12:05]       We’re going to take a quick break and be right back after this message from our sponsor.


                [12:10]       Nodis is a fast-growing smart glass technology startup headquartered right here in Columbus, Ohio. Nodis’ TruTint technology gives you the ability to change the tint, color, and temperature characteristics of windows, which helps to make buildings more energy-efficient, and the inside of your car more comfortable. Ahead of a Series A funding round, Nodis is investing heavily in Columbus by building its commercialization, systems engineering, and sales teams here. And the company plans to build a manufacturing facility in 2020 as they ramp up production and sales of TruTint to glass manufacturers across North America. To learn more about Nodis, explore investment opportunities and browse their job openings in Advanced Materials Research, systems engineering, sales, and manufacturing, visit


                [12:59]       So you saw amazing innovation happening, and that was part of the time, but what you quickly realized that this bureaucracy touches everything. There is nothing in government that goes untouched by bureaucracy is what I’m hearing, even on matters of national importance. So like, the things that citizens are most exposed to would be something like health care. We spend more than everybody else, but the bureaucracy just cannot get its hand around the issue because it moves so slowly, there are so many constituents, and for a lot of issues, it’s a jobs program, right? And so there’s always the fear that innovation is going to displace people, and then what are we going to do with all these people that the government hire, so I get it. So you must have – and I mean, you were working for a private corporation but I mean, your 200 or so employees, you’re living the life I would imagine. What would make you want to come out here and scrap for every little piece of bread that you can eat? Why would you come out and start a startup?


    Matt:  [14:05]       You know, what I loved in my career at Battelle was being able to start things, and it sounds kind of funny, but it is the truth. Each new program we would start, that was the exciting time for me. It was talking to the customers, figuring out what this hard problem was, getting that started, building out a team that can go execute it, and going. And the same thing was true when we were starting the cyber business at Battelle. It was an incredibly exciting time. It was starting a startup with a giant safety net honestly, of a lot of investment from Battelle, but it was everything from “Well, who are we going to hire? How do we want to go find those people?” to “What is our space going to look like?” Working with architects and interior designers and making sure that we could support the government programs and have a welcoming space for new employees.


               [15:00]         It was going out and figuring out how we’re going to go fight against some of the entrenched incumbents and take business and make sure that Battelle could go solve those hard problems. I loved that part of it. I loved having small teams, I loved working really collaboratively with an amazingly talented team and just whiteboarding and figuring out how we’re going to solve things. And over time, as is natural and expected, the cyber business at Battelle was absorbed into the main core business engine of Battelle and was another business unit of many. And so it started to feel a little bit less like a startup and a little bit more like I was working in, now at that point, and 90-year-old company. And I could have continued on and had a really great, enjoyable career but I guess I had that itch where I wanted to go back to the early days, the starting things, and understanding how to solve new problems. And part of it was the overall culture and environment I was in.


                [16:03]       The other part of why I left was because we were solving generally, without going into a ton of detail, we tended to keep having to solve the same problems over and over in generally the same way for our intelligence customers. Being able to find vulnerabilities, being able to help support intelligence collection is really interesting because the impact that you have, but the technology was starting to get a little bit stale. And the reason the tech was getting stale was because the defenders weren’t getting any better. And what I saw was that it was getting too easy for us to do our job, and that can be exciting but when you take a step back and think about that, even though we were phenomenal at what we did, there are other people in the world that can do that too. And I wanted to go solve the other side of that problem. How do we defend the country, the world from potentially malicious actors who want to get into these systems, who want to cause damage?


               [17:07]         And one of the big takeaways that I had in my career at Battelle is, surprisingly, the most critical types of systems, the core infrastructure, the routers that are inside of 5G networks, the PLCs that are powering power plants, those are the things that are the most vulnerable, and your home computer or your smartphone tend to be the hardest to get into. And so I just wanted to take a step back and think about how we could apply the lessons that we’ve learned, the technology, how we could apply these great minds that we had built to the defensive side of this, how we could protect our country, our customers around the world from people who might try to do the same thing that we were doing. And the combination of those two things are what led me to leave the Battelle and know that I wanted to go start a company.


    Elio:    [18:02]       Now what year was this?


    Matt:  [18:04]       So that was in 2016, I left, and I actually joined another startup company for about a year. So I knew I wanted to start a company but I had spent 13 years, my entire career at Battelle working in national security and I did not know the first thing about running a business that was – running a startup in fact. I knew how to run a business inside of a large company, but I didn’t know the market that I wanted to get into, I didn’t know how to sell to these customers,  I didn’t know what it was like to be in a startup. So I had a really unique opportunity to connect with another company, a startup called Redacted that was founded by the first chief security officer at Facebook, and he had pulled together a lot of people that were kind of like me – had been working in intelligence for a long time. He pulled them out of places like the NSA and the CIA, and put them in Redacted and said, “We’re going to go help customers defend their networks using our knowledge.” And I said, “This sounds right up my alley.” And so I went and joined that company for about a year and learned what it was like to work in a startup, learned what it was like to build product and engage in business development and sales with these types of private sector customers [who] were different than our government customers, learned what it was like when a big company had major incidents that they had to respond to and how damaging it was, and honestly was able to get exposed to the things that I was the most afraid of when it came to starting a new business.


                [19:39]       It’s so funny, and I talked to other founders who are thinking about this, but when you think about taking the leap to go start a business, there are fears that you have because you don’t know how to do certain things. And so my fears were, I don’t know how to do payroll. I don’t know how to do the legal stuff. I don’t know how to assemble a board. I don’t know how to go find an office space. And in the end, those are the easiest problems that you should not be worried about because there’s always someone to help you with that. And in fact, you can just outsource that stuff to a PEO or another company that you pay, and they’ll take care of all that stuff for you. The hard part is having a good idea, knowing a problem needs to be solved, assembling a team that can actually solve that problem, if you need to, going and raising capital, convincing investors that all of those things are important. And I knew that I had those things covered pretty well, it was all of this operational stuff that turned out to be the easy part. But I learned that in my experience at Redacted and felt much more comfortable moving forward.


    Elio:    [20:52]       So you had the experience of Battelle, you go to Redacted, get your feet wet a little bit, and then you start Finite State. And what’s the elevator pitch for Finite State?


    Matt  [21:04]        So we find vulnerabilities and identify risks inside of all of the non-traditional computers that exist. So anything that’s not a phone, that’s not a laptop, not a server is a computer that’s connected to a network. So it can be something as simple as the security camera on the front door of an office, it could be the core router in the network, it could be an infusion pump in a hospital or a robotic system. All of those things are computers. They have firmware and they have software and they have operating systems. The problem is you don’t get to look at them the same way that you look at your PC. You can’t install antivirus software on those things. And so what we were founded to do, and what we’ve continued to do is automate the process of understanding the risks inside of those devices so that teams can defend their networks appropriately.


    Elio:    [22:06]       Thank you for listening. We’re going to take a quick break and be right back after this message from our sponsor.


                [22:12]       When companies large and small need to solve technological challenges, they turn to AWH. AWH has the experience and expertise to help your company create innovative and disruptive products for the web, mobile and IoT. Leveraging a deep understanding of machine learning, artificial intelligence, and blockchain, combined with the creativity that comes from their entrepreneurial DNA, AWH gives their clients the competitive advantage. Visit today and tell them about your project.


               [22:44]        So you start this company, so this 2016 you left, you were at the other company until about 2017. So you really jump into it full time about 2017 and you waste no time taking a big swing. I’m going to read this from your website because I want to get right into this because this is the white paper heard around the world. This is June 27th, 2019. “5G promises to be the next generation of networking technology, enabling everything from autonomous vehicles and smart cities to virtual reality. A single Chinese company, Huawei, has emerged as the first and most dominant provider of 5G networking services. [There] is an ongoing global political debate…” that’s to put it lightly “…over the implementation of 5G, partially because the equipment that makes 5G possible comes from a complex supply chain involving hundreds of vendors globally.” When you guys decided to write this white paper, what were you thinking about? And then what was the aftermath of publishing this paper?


    Matt:  [23:56]       Yeah. So when we did that, we were about a 15 person company. We were still working out of Drive Capital’s space. We didn’t even have our own office. And it started about six months before we released it. And what we saw was that there was this debate happening, and you could see it almost every single day in the news, regardless of what channel you turned on, or looking at Internet news or reading print, there was something about these security issues with 5G. And the US government was saying, “We cannot allow Huawei into networks in the US or anywhere else in the world because they have backdoors.” And Huawei and the Chinese government are saying, “No, we don’t. Prove it.” And the US government’s saying, “No, you’ve got them. We know that you’ve got them.” And there was no data in this conversation whatsoever. It was just back and forth political. There was one place that was doing some interesting work on this, which was in the UK. Inside of their National Cyber Security Centre, they were evaluating the risks of Huawei equipment, but they did it in a strange collaboration with Huawei, so they were restricted from saying in detail what they were able to find. They would just put a report out every year saying, basically, “The quality of Huawei’s gear is really poor and that’s a risk.” And then that was about all they could say.


               [25:25]        So we said, “Well, we’ve built this system. We know that we can automatically analyze this.” And we had some customers around the world that had this Huawei kit. And we said, “Let’s see what we can find because this global political debate needs some data”, and so we did. We took about 10,000 firmware images, which are the– You can think of it if you opened up your computer and went to Windows Explorer, and you took everything that was in there and just zipped it up into a single file, that’s like what firmware image is. You can uncompress it, and now you can see everything that was inside of that device. So we had 10,000 of those which pretty much covered all of Huawei’s networking equipment and we analyzed it with our system. We didn’t know what we were going to find. We didn’t know if it was going to be highly insecure, we didn’t know if we would find, you know, honestly, we thought if there are going to be backdoors in here, based upon our prior experience, they are going to be very well hidden backdoors and we might not see them immediately.


                [26:35]       But what came out was really obvious patterns of major vulnerabilities and major risks and backdoors that we could see just as plain as day. It was half of the devices that we looked at had some sort of easy to spot backdoor in them. It was something like an account that was undocumented. It would be like if your PC when you got it, shipped with a secret user account in it, and you would create your own account, and you would be able to log in but if anytime the manufacturer of that device wanted to log in, they had an account on your machine that they could do that with. You definitely don’t want that from a security standpoint. And so we saw that in like half of the products that we looked at. And then we just saw across the board that there were major quality issues. And it doesn’t have to be malicious but there were so many security vulnerabilities in these devices and so many more security vulnerabilities in these than what we saw from their competitors, that it was a major problem. If you’re installing Huawei kit in your networks, you were definitely increasing your attack surface, you’re definitely putting yourself at risk by doing that.


               [27:52]        And so after we analyzed it, we thought long and hard about how we wanted to deal with this problem. Did we really want to put out a public paper like this? Because effectively this 15 person company was going toe to toe with one of the largest companies in the world that has very close ties to the Chinese government that was in a trade war with the US at the time. And we decided that we needed to do it. It was our obligation. We have a team of people that are really driven by mission. We felt that we needed to put it out there and so we did, and it got picked up very quickly by lots of major publications. It started with The Wall Street Journal, and then it was reprinted in, I don’t know, I think about 100 different publications around the world – 30 different languages are picked this up. And it had a real effect. It let people see the data and let them make their own decisions. Let these countries make their own decisions around whether they wanted to take the risks on or not.


    Elio:    [28:53]       Yeah, man, I remember kind of the – I don’t want to call it uproar but I remember, you know, like if you’re watching a trial and the prosecutor and the defense, they’re going back and forth, essentially the US government, the Chinese government, and Huawei, right. “You say there’s a backdoor; prove it.” And then all of a sudden, there comes the evidence, the evidence. That’s what that report felt like it was finally something tangible, provable, repeatable, we can show you where the backdoors are. And I always love to give my folks who are kind of, we’ll say thinkers outside of the box. So there are two things I want to address with 5G and this is just kind of to break the conversation up and have a little bit of fun. So, on one side, you know that 5G is going to propel us into a new level of connectivity, right, just hyperspeed everything. But then you got the people who are like conspiracy theorists about 5G and that these 5G towers are some kind of nefarious plot. So I got to, in the spirit of we’re talking 5G, lay that to rest. In your work, in your findings, is there a nefarious ulterior motive to 5G deployment globally?


    Matt:  [30:23]       Well, so we did find the mind control code inside of the Huawei devices, but we decided not to publish.


    Elio:    [30:29]       I knew it.


    Matt:  [30:31]       Decided not to publish it.


    Elio:    [30:32]       I knew it. You found it but you won’t say. Okay.


    Matt:  [30:39]       Yeah. I mean, that was going to be a little too controversial. You know, it’s funny because we’re surrounded by 4G cell phone towers all over the place right now. 5G is just another advancement from that. And in many ways, it is incremental in terms of how ever-present it is in our neighborhoods. The difference, the reason that it matters from a national security standpoint– So there’s the conspiracy theory side of it, it’s just another frequency of radio that’s just going to now be a little bit denser than it was with 4G. The reason that all of a sudden everyone cares about 5G from a security standpoint though, is that it’s like when we went from, I don’t know if this is exactly the right discussion, but it’s almost like when we went from dial-up to broadband in your house, right? All of a sudden, you were connected all the time and you could do things that you couldn’t do before, and your household, your technology, your lifestyle became much more dependent on the internet.


               [31:46]        With 5G, that is going to be true, but rather than for us, you know, it’s not just about being able to stream a movie faster to your phone, our devices are going to become more dependent on always having a network connection. And that’s everything from a robotic system inside of a remote factory, to wind turbine producing energy, to potentially devices in a hospital, to autonomous vehicles that are driving around the street, that all of them are going to be designed to have fail-safes in case the network goes away but the more we become dependent upon it, the more that infrastructure becomes dependent on it. And what the concern is, is that if someone has a backdoor into the infrastructure itself, if they can get in there, like into Verizon’s network, is what we’re talking about, not into your network, into the core, they could turn it off. And think about the effect that that would have in this future a few years from now where all of these devices are dependent on having that network connectivity, and all of a sudden, it just goes down and these autonomous vehicles can’t get out to the internet anymore, or the hospital devices that were dependent on it can no longer communicate. That’s the sort of scenario that would absolutely cause real damage and be a real national security threat. And that’s the difference between 5G and 4G from a security standpoint. You have things that are going to be dependent on it. You have the Internet of Things now that’s riding on top of it.


    Elio:    [33:24]       Yeah. And so when you think about World War I or World War II where there was an absolute destruction of physical infrastructure, you had to think about bombing supply routes. In this 5G near future before six and seven and 8G, in the 5G near future, the security threat isn’t necessarily that you blew up the supply line, it’s the fact that the autonomous vehicles on the supply line don’t know where to go or you could redirect them and cause chaos in that way. So I think that’s so interesting to think about. Let’s talk about the state of the business today. So 2019, the report comes out, you get national coverage, people are probably like– Your report is probably in national security briefings – everybody knows Finite State. What happened from that point to now? What’s kind of going on with Finite State? And I know you guys had a big fundraiser as well, so what’s going on?


    Matt:  [34:26]       Yeah. So obviously, the report definitely put our name on the map in really interesting ways. I’ve spent a fair amount of time briefing Congress and the White House and in other places in the US and in foreign governments on what we did. And so that was great. It made a big impact, which is really important to the team, especially when you have an early-stage startup. People want to work on things that are important. They want to change the world, that’s why they join these really small companies that are fighting against everyone else to try and make an impact. And so we were able to do that which was really rewarding. And now, what we’ve done since then is, we’ve found some really good markets for our solution, and that was with the help of some of our investors and some of our most recent investors. We’ve really focused our attention from– We were spending a lot of time in health care and dealing with this telecommunications world with the Huawei stuff, we’ve really focused our efforts now on the energy sector. So utilities, and manufacturers of devices that are supplying utilities because there’s really serious concern that in that scenario I was just talking about with 5G, well, you could do the same thing potentially, from a national security standpoint, to a power plant or to a distribution system and potentially affect the power in the country, which is– When you talk to national security experts, the number one concern is taking out communications in a country; the number two is taking out power, and both of them are very serious.


                [36:11]       And so what we’ve been doing since then is working with utilities around the country, trying to help them understand what devices they have in their network, and what risks are inside of there so that they can work with the manufacturers to fix problems before an attacker can come in and exploit vulnerabilities. And then we’re also working with the manufacturers of the devices themselves so that they can incorporate our technology into their development process, and make sure that they’re building secure devices from the outset, which is really amazing because that’s the type of impact that we want to have. That’s where we’re going to really make a dent in this problem is getting manufacturers to build secure products from the outset, and so we’re doing that. The business is going well. We’re at about 35 people today. We, like everyone else, have transitioned to a fully distributed team. We have a great base of talent in Columbus, and then we also have people all over the country now that are working with us.


    Elio:    [37:08]       So I think we definitely need to do a part two, and I think as an ecosystem, as a state, maybe even as a region, I definitely think we can lead in the area of cybersecurity. I think there’s so much opportunity there. You guys are just working on one component of it. And as with startups, you can’t do everything, you have a limited team. So you really got to focus in on the market where you can have the most impact, so that’s amazing that you’re going into the energy space. We kind of close every podcast with where you see the company over the next five, maybe 10 years or so. So if you could wave the proverbial magic wand, project out five years from now. Is 5G fully implemented? Have we solved the issues with backdoors? Are we producing our own 5G components where we don’t have to deal with those kinds of issues? And what role do you see Finite State playing in that rollout of 5G ultimately?


    Matt:  [38:04]       Yeah, I would love to be able to forecast the future and I will definitely answer your question, but I’ve got to say, the thing about startups is you kind of have a fog of water that usually is like 12 to 24 months away and it’s really hard to predict. If I could go back and think about how I would have answered this question a couple years ago, I would have been very wrong in how I answered this, but the one thing that’s constant is the mission that we have. And so I think we know a few things over the next five years. There’s going to be dramatic growth in the Internet of Things, all of these devices that aren’t traditional PCs, and mobile devices. So we know that that’s going to be pervasive and we’re going to be more dependent upon those things as a society, and businesses are going to be more dependent upon those cross sectors. So where I think that we are really well-positioned, is to help on both sides of that problem, help the device manufacturers ensure that they’re building secure products from the beginning. And I would love to see a ton of growth in that part of our business over the next five years. Because again, I think that’s starting to get to the root of the problem. And it’s not that those manufacturers are doing anything wrong today, they just don’t really know how to solve it, and we have really good technology to do that.


                [39:18]       And then on the other side, I think what we’re going to see is over the next five years, the buyers of these devices are going to be a lot smarter about security and they’re going to be smarter because of us and because of other companies like us who can help them understand the risk. And ideally, we’re helping them to make better decisions around what they’re buying instead of just buying the cheapest thing that’s available, which often has the most security vulnerabilities. And if we can make security part of the buying decision, then again, we’ll prevent the most insecure devices from even getting on to these really important networks before we have to worry about how they can be attacked. And so I think over the next five to 10 years, we’re going to see Finite State playing an increasingly important role in being an independent, trusted authority on those matters and helping to advise our customers throughout the entire supply chain on how to make really good security decisions for their organization.


    Elio:    [40:19]       Well, Matt, thank you so much for spending this time with me, man, fascinating conversation. Listen, if it were up to me, we’ll do a part two, part three, part Four. It is up to me. I guess we could do these many parts. I could do however many damn parts I want on this show. But thank you so much for spending time with me. I really appreciate that, very enlightening. And kind of my one takeaway, and I leave every podcast with a takeaway, there’s the signal, and then there’s a lot of noise. And as an entrepreneur, we’re surrounded by a lot of noise. Like Matt, like you said, initially, you were worried about things that you didn’t need to be worried about. And like Finite State’s approach to cybersecurity, you have to break through all of the noise to get to the signal, like you guys did in that report. Politics was clouding things, what we needed was data so that we could make decisions. As entrepreneurs, try to recognize what’s noise and what’s your true signal. Thank you so much for joining us on another episode. Peace.


                [41:26]       That’s a wrap. You can find this and all our episodes on our website,, Apple Podcasts, Spotify, Anchor, and all your favorite podcasting platforms. Don’t forget to subscribe and write a review. If you would like updates sent to your inbox, you can sign up for our weekly newsletter on the website. To engage in the 614Startups community, follow us on LinkedIn, Twitter, Facebook, and Instagram at 614Startups to join the conversation. For sponsorship opportunities and collaborations, email us at


               [42:03]        It takes a village to do a podcast and I would like to say a special thank you to my friends at Waveform Music Group. Andy and Carlin have been working with us to enhance the production of 614Startups and we’re so happy with the results. Outside of podcast production, Andy and Carlin are experts in sonic branding, songwriting, and music production for companies and creatives. To learn more about them go to their website, that is


    Related Podcasts