Jam collaborative software launches Jam Genies to give small startups access to experts

As the world moves towards remote work, the collaborative tools market continues to expand. Jam, a platform for editing and improving your company’s website, is adding to the trend by introducing a new arm to its product today called Jam Genies.

Jam Genies is a network of highly experienced product experts that Jam users can tap for guidance and advice around their specific issue or challenge.

Cofounder Dani Grant explained to TechCrunch that many small and early-stage companies don’t have the deep pockets to hire a consultant when they run into a challenge, as many charge exorbitant rates and they often have a minimum time requirement. It can be incredibly difficult to get bite-sized advice at a reasonable cost.

That’s where Jam Genies comes in.

Genies hail from a variety of ‘verticals’, such as investors, designers, brand people, and growth hackers. The list includes:

  • Brianne Kimmel – Angel investor and founder of Worklife VC. Investor in Webflow, Hopin & 40+ software companies building the future of work.
  • Erik Torenberg – Partner at Village Global, a fund backed by Bill Gates, Jeff Bezos, Mark Zuckerberg and others. Founding team at Product Hunt.
  • Sahil Lavingia – Founder & CEO of Gumroad, first engineer at Pinterest, and angel investing $10 million a year via shl.vc.
  • Iheanyi Ekechukwu – Engineer turned angel investor, and scout investor for Kleiner Perkins.
  • Soleio – Facebook’s second product designer, former head of design at Dropbox, and advisor at Figma. Invests in design-focused founders at Combine.
  • Dara Oke – Product design lead at Netflix, formerly designed and built products at Microsoft, Twitter, and Intel.
  • Katie Suskin – Designed many products you know and love like Microsoft Calendar, OkCupid, Tia, and … Jam.
  • Julius Tarng – Helped scale design at Webflow and led design tooling at Facebook.
  • Abe Vizcarra – Currently leading brand at Fast, former Global Design Director at Snap Inc.
  • Tiffany Zhong – CEO, Zebra IQ. Recognized by Forbes as one of the Top 10 Gen Z Experts.
  • Nicole Obst – Former Head of Web Growth (B2C) at Dropbox and Head of Growth at Loom
  • James Sherrett – 9th employee at Slack, led the original marketing and sales of Slack.
  • Asher King Abramson – CEO at Got Users, a growth marketing platform widely used by startups around Silicon Valley.

Users on the Jam platform can choose a Genie and set an appointment through Calendly. The sessions last half an hour and cost a flat fee of $250, all of which goes to the Genie.

Jam raised $3.5 million in October, from firms like Union Square Ventures, Version One Ventures, BoxGroup, Village Global and a variety of angel investors, to fuel growth and further build out the product. Jam Genies is, in many respects, a growth initiative for the company to better acquaint early-stage startups with the platform.

The main Jam product lets groups of developers and designers work collaboratively on a website, leaving comments, discuss changes and create and assign tasks. The platform integrates with all the usual suspects, such as Jira, Trello, Github, Slack, Figma, and more.

Since its launch in October 2020, the company has signed up 4,000 customers for its private beta waitlist, with 14,000 Jam comments created on the platform. The introduction of Jam Genies could add momentum to this growth push.

Vectorized announces $15.5M investment to build simpler streaming data tool

Streaming data is not new. Kafka has existed as an open source tool for a decade. Vectorized was founded on the premise that the existing tools were too complex and not designed for today’s streaming requirements. Today the company released its first product, Redpanda, an open source tool designed to make it easier for developers to build streaming data applications.

While it was at it, the startup announced a $15.5 million funding round, which is actually a combination of a previously unannounced $3 million seed round led by Lightspeed Venture Partners and a $12.5 million Series A, which was also from Lightspeed with help from Google Ventures.

Redpanda is an open source tool that is delivered as an “intelligent API” to help “turn data streams into products,” company founder and CEO Alexander Gallego explained. It’s built to be a Kafka replacement, while remaining Kafka-compatible to help deal with backwards compatibility.

At the same time, it takes a more modern approach. Gallego points out that teams building data streaming applications have been getting lost in the complexity and he recognized an opportunity to build a company to simplify that.

“People are drowning in complexity today managing Kafka, ZooKeeper (an open source configuration management tool) and the data lake,” he said, adding “We enable new things that couldn’t be done before for several reasons: one is performance, one is simplicity and the other one is this store procedures.”

He says that the key to developer adoption is making the product free through open source, and having Kafka compatibility so that developers don’t feel like they have to just dump existing projects and start from scratch. While the company is launching with an open source tool, it plans to use the funding to build a hosted version of Redpanda to put it within reach of more organizations. “This funding round in particular is to power our cloud,” he said.

Arif Janmohamed, a partner at Lightspeed Ventures who is leading the investment in Vectorized sees a company looking to improve upon an existing technology with a better approach. “With a simple, elegant solution that doesn’t require any changes to an existing application’s code, Vectorized delivers 10x better performance, a much simpler management paradigm, and new functionality that will unleash the next set of real-time applications for the next decade,” Janmohamed said.

The company has 22 employees today with plans to add another 8 in the first half of this year, mostly engineers to help build the hosted version. As a Latino founder, Gallego is acutely aware of the need for a diverse and inclusive workforce. “What I have found is that being a [Latino] CEO, it attracts more people that look like me, and so that’s been a big thing, and it’s made a difference [in attracting diverse candidates],” he said.

One concrete thing he has done is start a scholarship to encourage under represented groups to become developers. “I started a scholarship where we just give money and mentorship to communities of Latino, Black and female developers, or people that want to transition to software engineering,” he said. While he says he does it without strings attached, he does hope that some of these folks could become part of the tech industry eventually, and perhaps even work at his company.

SetSail nabs $26M Series A to rethink sales compensation

SetSail wants to upend the way sales people get compensated by paying them throughout the sales cycle, rather than a single commission after the sale closes. Today, the startup announced a $26 million Series A.

Insight Partners led the round with participation from existing investors Wing Venture Capital, Team8 and Operator Collective. Today’s investment brings the total raised to $37 million, according to the company.

SetSail connects to your CRM, email, calendar and other systems that have signals about the progress of a particular sale, and then using machine learning looks at points in the sales cycle where it would make sense to reward the sales person for the progress they are making.

As CEO and co-founder Haggai Levi told me at the time of the startup’s $7 million seed round in July, the single commission system discourages risk taking:

“If I’m closing the deal, I’m getting my commission. If I’m not closing the deal, I’m getting nothing. That means from a behavioral point of view, I would take the shortest path to win a deal, and I would take the minimum risk possible. So if there’s a competitive situation I will try to avoid that,” he said in July.

He said the idea of changing the way we think about compensation resonated with sales executives during the pandemic, especially as everyone’s role got altered and teams became distributed because of COVID, but he says while rethinking compensation was certainly a big factor so was SetSail’s ability to connect to all of the sales systems to help build these new approaches to pay.

“I think it’s even beyond just compensation. […] It’s also connecting to all of your data using an end-to-end platform that helps you understand what’s happening between you, your reps and your customers and allowing you to tie that back in using behavioral science to machine learning-based compensation,” he explained.

The company began 2020 with five customers, a reasonable start for an early stage startup, but it ended the year with more than 20 including Cisco, Dropbox and HubSpot. It now has over 5000 sales reps using the platform.

In spite of the growing number of users, Levi says they have no plans to aggregate data, leaving each customer’s data as distinct to build the compensation packages that make sense to them. “We try not to play kind of the data, aggregator role because we want to make sure that every customer’s data is encrypted and secured in a completely different container. The trade off between getting knowledge between customers versus receiving their data is is too high in our opinion,” he said.

The company now has 35 employees with five more hired who will be starting in the next several weeks and plans to reach 70 by the end of the year. They are thinking hard about how to hire a diverse workforce. For starters, Levi says that the company board has two female members. He says hiring in general is a challenge for every CEO, especially early on, and hiring a diverse group even more so, but he says it’s important to be thinking about this from the start because from a gender perspective at least, you are losing half the talent pool if you ignore it.

When the pandemic is over, he sees having at least some in-person office presence in spite of being spread out across San Francisco, New York and Tel Aviv, but it will be probably be a hybrid approach and not require as much office space as they might have rented prior to COVID.

How Atlanta’s Calendly turned a scheduling nightmare into a $3B startup

One big theme in tech right now is the rise of services to help us keep working through lockdowns, office closures, and other Covid-19 restrictions. The “future of work” — cloud services, communications, productivity apps — has become “the way we work now.” And companies that have identified ways to help with this are seeing a boom.

Today comes news from a startup that has been a part of that trend: Calendly, a popular cloud-based service that people use to set up and confirm meeting times with others, has closed an investment of $350 million from OpenView Venture Partners and Iconiq.

The funding round includes both primary and secondary money (slightly more of the latter than the former, from what I understand) and values the Atlanta-based startup at over $3 billion.

Not bad for a company that before now had raised just $550,000, including the life savings of the founder and CEO, Tope Awotona, to initially get off the ground.

Calendly is a freemium software-as-a-service, built around what is essentially a very simple piece of functionality.

It’s a platform that provides a quick way to manage open spaces in your calendar for people to book appointments with you in those spaces, which then also books out the time in calendars like Google’s or Microsoft Outlook — with a growing number of tools to enhance that experience, including the ability to pay for a service in the event that your appointment is not a business meeting but, say, a yoga class. Pricing ranges from free (one calendar/one user/one event) to premium ($8/month) and pro ($12/month) for more calendars, events, integrations and features, with bigger packages for enterprises also available.

Its growth, meanwhile, has to date been based mostly around a very organic strategy: Calendly invites become links to Calendly itself, so people who use it and like it can (and do) start to use it, too.

The wide range of its use cases, and the virality of that growth strategy, have been winners. Calendly is already profitable, and it has been for years. And more recently, it has seen a boost, specifically in the last twelve months, as new Calendly users have emerged, as a result of how we are living.

We may not be doing more traditional “business meetings” per week, but the number of meetings we now need to set up, has gone up.

All of the serendipitous and impromptu encounters we used to have around an office, or a neighborhood coffee shop, or the park? Those are now scheduled. Teachers and students meeting for a remote lesson? Those also need invitations for online meetings.

And so do sessions with therapists, virtual dinner parties, and even (where they can still happen) in-person meetings, which are often now happening with more timed precision and more record-keeping, to keep social distancing and potential contact tracing in better order.

Currently, some 10 million of us are using Calendly for all of this on a monthly basis, with that number growing 1,180% last year. The army of business users from companies like Twilio, Zoom, and UCSF has been joined by teachers, contractors, entrepreneurs, and freelancers, the company says.

The company last year made about $70 million annually in subscription revenues from its SaaS-based business model and seems confident that its aggregated revenues will not long from now get to $1 billion.

So while the secondary funding is going towards giving liquidity to existing investors and early employees, Awotona said the plan will be to use the primary capital to invest in the company’s business.

That will include building out its platform with more tools and integrations — it started with and still has a substantial R&D operation in Kiev, Ukraine — expanding its operations with more talent (it currently has around 200 employees and plans to double headcount), further business development and more.

Two notable moves on that front are also being announced with the funding: Jeff Diana is coming on as chief people officer with a mission to double the company’s employee base. And Patrick Moran — formerly of Quip and New Relic — is joing as Calendly’s first chief revenue officer. Notably, both are based in San Francisco — not Atlanta.

That focus for building in San Francisco is already a big change for Calendly. The startup, which is going on eight years old, has been somewhat off the radar for years.

That is in part due to the fact that it raised very little money up to now (just $550,000 from a handful of investors that include OpenView, Atlanta Ventures, IncWell and Greenspring Associates).

It’s also based in Atlanta, an increasingly notable city for technology startups and other companies but more often than not short on being credited for its heft in that department (SalesLoft, Amex-acquired Kabbage, OneTrust, Bakkt, and many others are based there, with others like Mailchimp also not too far away).

And perhaps most of all, proactively courting publicity did not appear to be part of Calendly’s growth playbook.

In fact, Calendly might have closed this big round quietly and continued to get on with business, were it not for a short Tweet last autumn that signaled the company raising money and shaping up to be a quiet giant.

“The company’s capital efficiency and what @TopeAwotona has built deserve way more credit than they get,” it read. “Perhaps this will start to change that recognition.”

After that short note on Twitter — flagged on TechCrunch’s internal message board — I made a guess at Awotona’s email, sent a note introducing myself, and waited to see if I would get a reply.

I eventually did get a response, in the form of a short note agreeing to chat, with a Calendly link (naturally) to choose a time.

(Thanks, unnamed TC writer, for never writing about Calendly when Tope originally pitched you years ago: you may have whet his appetite to respond to me.)

In that first chat over Zoom, Awotona was nothing short of wary.

After years of little or no attention, he was getting cold-contacted by me and it seems others, all of us suddenly interested in him and his company.

“It’s been the bane of my life,” he said to me with a laugh about the calls he’s been getting.

Part of me thinks it’s because it can be hard and distracting to balance responding to people, but it’s also because he works hard, and has always worked hard, so doesn’t understand what the new fuss is about.

A lot of those calls have been from would-be investors.

“It’s been exorbitant, the amount of interest Calendly has been getting, from backers of all shapes and sizes,” Blake Bartlett, a partner at OpenView, said to me in an interview.

From what I understand, it’s had inbound interest from a number of strategic tech companies, as well as a long list of financial investors. That process eventually whittled down to just two backers, OpenView and Iconiq.

From Lagos to fixing cash registers

Yet even putting the rumors of the funding to one side, Calendly and Awotona himself have been a remarkable story up to now, one that champions immigrants as well as startup grit.

Tope comes from Lagos, Nigeria, part of a large, middle class household. His mother had been the chief pharmacist for the Nigerian Central Bank, his father worked for Unilever.

The family may have been comfortable, but growing up in Lagos, a city riven by economic disparity and crime, brought its share of tragedies. When he was 12, Awotona’s father was murdered in front of him during a carjacking. The family moved to the U.S. some time after that, and since then his mother has also passed away.

A bright student who actually finished high school at 15, Awotona cut his teeth in the world of business first by studying it — his major at the University of Georgia was management information systems — and then working in it, with jobs after college including periods at IBM and EMC.

But it seems Awotona was also an entrepreneur at heart — if one that initially was not prepared for the steps he needed to take to get something off the ground.

He told me a story about what he describes as his “first foray into business” at age 18, which involved devising and patenting a new feature for cash registers, so that they could use optical character recognition recognize which bills and change were being used for, and dispense the right amount a customer might need in return after paying.

At the time, he was working at a pharmacy while studying and saw how often the change in the cash registers didn’t add up correctly, and his was his idea for how to fix it.

He cold-contacted the leading cash register company at the time, NCR, with his idea. NCR was interested, offering to send him up to Ohio, where it was headquartered then, to pitch the idea to the company directly, and maybe sell the patent in the process. Awotona, however, froze.

“I was blown away,” he said, but also too surprised at how quickly things escalated. He turned down the offer, and ultimately let his patent application lapse. (Computer-vision-based scanning systems and automatic dispensers are, of course, a basic part nowadays of self-checkout systems, for those times when people pay in cash.)

There were several other entrepreneurial attempts, none particularly successful and at times quite frustrating because of the grunt work involved just to speak to people, before his businesses themselves could even be considered.

Eventually, it was the grunt work that then started to catch Awotona’s attention.

“What led me to create a scheduling product” — Awotona said, clear not to describe it as a calendaring service — “was my personal need. At the time wasn’t looking to start a business. I just was trying to schedule a meeting, but it took way too many emails to get it done, and I became frustrated.

“I decided that I was going to look for scheduling products that existed on the market that I could sign up for,” he continued, “but the problem I was facing at the time was I was trying to arrange a meeting with, you know, 10 or 20 people. I was just looking for an easy way for us to easily share our availability and, you know, easily find a time that works for everybody.”

He said he couldn’t really see anything that worked the way he wanted — the products either needed you to commit to a subscription right away (Calendly is freemium) or were geared at specific verticals such as beauty salons. All that eventually led to a recognition, he said, “that there was a big opportunity to solve that problem.”

The building of the startup was partly done with engineers in Kiev — a drama in itself that pivoted at times on the political situation at times in Ukraine (you can read a great unfolding of that story here).

Awotona says that he admired the new guard of cloud-based services like Dropbox and decided that he wanted Calendly to be built using “the Dropbox approach” — something that could be adopted and adapted by different kinds of users and usages.

Simplicity in the frontend, strategy at the backend

On the surface, there is a simplicity to the company’s product: it’s basically about finding a time for two parties to meet. Awotona notes that behind the scenes the scheduling help Calendly provides is the key to what it might develop next.

For example, there are now tools to help people prepare for meetings — specifically features like being able to, say, pay for something that’s been scheduled on Calendly in order to register. A future focus could well be more tools for following up on those meetings, and more ways to help people plan recurring individual or group events.

One area where it seems Calendly does not want to dabble are those meetings themselves — that is, hosting meetings and videoconferencing itself.

“What you don’t want is to start a world war three with Zoom,” Awotona joked. (In addition to becoming the very verb-ified definition of video conferencing, Zoom is also a customer of Calendly’s.)

“We really see ourselves as a leading orchestration platform. What that means is that we really want to remain extensible and flexible. We want our users to bring their own best in class products,” he said. “We think about this in an agnostic way.”

But in a technology world that usually defaults back to the power of platforms, that position is not without its challenges.

“Calendly has a vision increasingly to be a central part of the meeting life cycle. What happens before, during and after the meeting. Historically, the obvious was before the meeting, but now it’s looking at integrations, automations and other things, so that it all magically happens. But moving into the rest of the lifecycle is a lot of opportunity but also many players,” admitted Bartlett, with others including older startups like X.ai and Doodle (owned by Swiss-based Tamedia) or newer entrants like Undock but also biggies like Google and Microsoft.

“It will be an interesting task to see where there are opportunities to partner or build or buy to build out its competitive position.”

You’ll notice that throughout this story I didn’t refer to Awotona’s position as a black founder — still very much a rarity among startups, and especially those valued at over $1 billion.

That is partly because in my conversations with him, it emerged that he saw it as just another detail. Still, it is one that is brought up a lot, he said, and so he understands it is important for others.

“I don’t spend a lot of time thinking about being black or not black,” he said. “It doesn’t change how I approach or built Calendly. I’m not incredibly conscious of my race or color, except for the last few years through he growth of Calendly. I find that more people approach me as a black tech founder, and that there is young black people who are inspired by the story.”

That is something he hopes to build on in the near future, including in his home country.

Pending pandemic chaos, he has plans to try to visit Nigeria later this year and to get more involved in the ecosystem in that country, I’m guessing as a mentor if not more.

“I just know the country that produced me,” he said. “There are a million Topes in Nigeria. The difference for me was my parents. But I’m not a diamond in the rough, and I want to get involved in some way to help with that full potential.”

Google’s BeyondCorp Enterprise security platform is now generally available

Google today announced that BeyondCorp Enterprise, the zero trust security platform modeled after how Google itself keeps its network safe without relying on a VPN, is now generally available. BeyondCorp Enterprise builds out Google’s existing BeyondCorp Remote Access offering with additional enterprise features. Google describes it as “a zero trust solution that enables secure access with integrated threat and data protection.”

Over the course of the last few years, Google — and especially its Cloud unit — has evangelized the zero trust model and built a large partner network around this idea. Those partners include the likes of Check Point, Citrix, CrowdStrike, Symantec and VMWare.

As part of BeyondCorp Enterprise, businesses get an end-to-end zero trust solution that includes everything from DDoS protection and phishing-resistant authentication, to the new security features in the Chrome browser and the core continuous authorization features that protect every interaction between users and resources protected by BeyondCorp.

“The rapid move to the cloud and remote work are creating dynamic work environments that promise to drive new levels of productivity and innovation. But they have also opened the door to a host of new security concerns and sparked a significant increase in cyberattacks,” said Fermin Serna, chief information security officer at Citrix. “To defend against them, enterprises must take an intelligent approach to workspace security that protects employees without getting in the way of their experience following the zero trust model.”

Top 10 Telegram Cybersecurity Groups You Should Join

Social media has long been a great way to keep up to date with breaking news and the latest innovations in special interest areas, and this is especially true in cybersecurity. While you’ll find Twitter a great resource, there are other platforms, from the giants like Facebook, Reddit and LinkedIn to the comparatively niche such as Discord, Slack and Telegram, where you can also find special interest pages, channels, and groups dedicated to the latest in cyber-related events.

Telegram in particular has seen a lot of rapid growth recently in light of media attention focusing on data sharing between rival messaging platform WhatsApp and WhatsApp’s parent company Facebook. If you are one of those that has recently chosen to leap onto Telegram for this or some other reason, or you’re already a Telegram user but haven’t thought about how it can help you keep up with your cybersecurity interests, then this is the post for you.

Below, we highlight ten of the most useful cybersecurity groups we follow on Telegram. Whether you’re interested in penetration testing, red teaming, blue teaming, malware research, reverse engineering, bug hunting, vulnerability research, network security or anything else to do with cyber or enterprise security, if you’ve been wondering what are some good channels to join on Telegram for cybersecurity, these ten groups should help ensure you never miss a thing.

1. Cyber Security News (11k+ members)


Cyber Security News is a feed channel for links to breaking news stories across the internet, everything from TechCrunch and the Washington Post to Portswigger and Security Boulevard. In other words, it’s a one-stop shop for cyber-related news that should be your first port of call along with your morning coffee.

2. Cyber Security Experts (3k+ members)



Cyber Security Experts
is a great channel for exchanging information about cyber, IT, and security. This channel was set up for security professionals that want to contribute to the wider security community, get answers to questions directly from security experts and leaders from across the world and help other security experts to enhance their security maturity.

However, as can be seen from our screen capture above, new users are wont to get into hot water if they don’t read the rules! These are conveniently (and obviously) pinned at the top, and yet some folks still seemingly miss them! If you want to join this group and benefit from getting involved in the chat, remember:

🚨Important rules 🚨

  1. No illegal stuff (links, offers etc)
  2. No advertisement (zero tolerance)
  3. No links to other Telegram channels
  4. No racism, bad language or destructive behavior
  5. Be kind and help others. Don’t just consume, and ask if you have a question!

3. Cloud & Cybersecurity (~2k members)

Cloud and Cybersecurity is a unique group that we feel far more people in Infosec would benefit from being a member of. This channel offers career advice, daily quizzes, tips and useful resources that can provide real material benefit and learning no matter what level you’re currently at. If you’re looking to improve on what you know and develop your career (and who isn’t?), then this is a great channel to join.

4. Cybersecurity & Privacy News (~3k members)


Cybersecurity & Privacy News offers daily news about cyber security and privacy. In this channel, you’ll find everything from alerts on the latest security vulnerabilities to all the latest news you might have missed elsewhere. Chatter is limited, but if you need a notification on what is happening in security vulns, this group is ideal for that.

5. Android Security & Malware (12k+ members)

Android Security & Malware is a channel for all things Android, discussing vulnerabilities, fuzzing techniques, guides and much more. On here you’ll find great questions and answers to real Android security problems, links to open source tools, malware analyses, new CVEs, and a plethora of tips and guides. And if you have something to share, that’s more than welcome, too. If you’re into Android security, this is a community you will definitely want to join.

6. Malware Research (4k+ members)

Malware Research is a channel for all malware practitioners, and you will come across many articles and useful Github repos that you would likely not come across if it wasn’t for being a member of this channel. This is an essential join if you’re a malware analyst, researcher, or reverse engineer.

7. BugCrowd (~3k members)

The BugCrowd channel has almost 3000 bug bounty hackers discussing topics like HackerOne, Intigriti, Cobalt Strike, Yogosha and more. Here you will also learn of new bug bounty programs and platforms. Anyone interested in finding and responsibly disclosing security vulnerabilities will find plenty of value in the discussions in this channel. Expect to learn a lot and don’t be afraid to contribute back to the community when you have something interesting to share.

8. Red Team Alerts (1k+ members)


Red Team Alerts is a dedicated channel for, you guessed it, all things red teaming! From beginners guides and hardware how-tos, this channel will provide help to expand your awareness of what’s going on in, and how to get involved with, the fascinating world of offensive security testing, role playing and attack modelling.

9. APT Intelligence (1k+ members)


APT Intelligence is a recent but growing channel that serves up links and news on topics related to advanced threat actors, tools, techniques and procedures.

Despite the focused name, the nature of APT tradecraft means there’s inevitably wide coverage of many other cybersecurity topics of interest, particularly tools for things like OSINT, pen testing, password cracking and so on. We’ve found a number of interesting tools through this channel recently and it promises to be an extremely useful resource.

10. Reverse Engineering Hangout (~300 members)

Reverse Engineering Hangout is a small but useful place to learn more and share knowledge about reverse engineering. You can also ask questions about assembly, opcodes, x86 and anything else if you need help understanding how a sample works. Ideal for beginners who want to learn, or experts willing to share, you’ll also find plenty of links to free online resources on topics like binary exploitation, reverse engineering and CTF challenges. Unlike some of the other groups in our list, REH doesn’t mind links to other relevant Telegram groups, so you can also use this channel as a jumping board to discover other channels related to RE such as the much larger but single-focus channel for Frida.

Are There Other Good Cybersecurity Channels on Telegram?

Of course! There are many, and you can use the search tool in your Telegram client to discover channels by keyword or tag. Note that in our selection, we’ve specifically avoided groups that share prohibited copyright material, that publish stolen credentials or that explore the less seemly side of cybersecurity. Such groups certainly exist and can be useful to researchers with specialist interest.

We’ve also focused on broad-interest groups rather than special interest groups dedicated to particular security tools or security software, but again, these can also be found through a bit of searching. Finally, we limited our choice to English language only (or mainly) channels, but there is a wide variety of other channels on Telegram that cater to other languages, not least of course, Russian!


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

The Good, the Bad and the Ugly in Cybersecurity – Week 4

With the U.S. 2020 election behind us and a new administration now in place, the good news this week is the announcement of four new appointments to federal cybersecurity positions and $10 billion in spending plans to help beef up the nation’s cybersecurity.

Rob Joyce has been picked by the Biden administration to be the next NSA Cyber Director, while Anne Neuberger, who formerly spearheaded the NSA’s effort to counter Russian election interference, has been tapped for a new position as Deputy National Security Adviser for Cyber and Emerging Technology. Michael Sulmeyer has also been named for the National Security Council’s position of Senior Director of Cyber, though it’s unclear as yet what his duties will be.

On Wednesday, Avril Haines was approved as Director of National Intelligence. Haines, who in 2013 became the first woman to serve as Deputy Director of the CIA, has spoken previously on the need for better basic cybersecurity training as well as better coordination on cybersecurity across the public and private sectors. In her confirmation hearing this week, Haines pointedly stated that “When it comes to intelligence, there is simpy no place for politics, ever”.

The good news for cyber continued with the announcement of ambitious plans to spend $9 billion to help CISA and GSA complete and modernize cybersecurity and IT projects. A further $1 billion has been earmarked for several projects including hiring additional cybersecurity experts and improving CISA’s ability to provide monitoring and incident response across federal agencies.

The Bad

Researchers this week disclosed details of a long-running phishing campaign that not only stole victims’ credentials but left them stored on public-facing internet sites for anyone else to discover and use.

Thought to have begun in August 2020, the campaign lured victims with fake Xerox (or Xeros) scan notifications that led to a spoofed Office 365 login page. Scraped credentials were then uploaded to legitimate but compromised websites and stored as text files. Apparently unknowing or uncaring, the attackers who set up the infrastructure failed to mark the text files in a way that would prevent them from being indexed by search engines. Consequently, the stolen credentials could easily be found by anyone through a simple internet search query.

Aside from this apparent carelessness, the campaign was sophisticated enough to bypas MS Office 365 Advanced Threat Protection and harvested credentials from over a thousand corporate employees. Due to the public nature of the stored credentials, the researchers were able to offer a breakdown of industries targeted:

  • Construction 16%
  • Energy 10.7%
  • IT 6%
  • Healthcare 4.5%
  • Real Estate 4.3%
  • Manufacturing 4.3%
  • Education 2.8%
  • Transport 2.4%
  • Finance 2.1%
  • Retail 2.1%

The Ugly

Data belonging to around 2 million Premium members of popular adult chat and streaming platform MyFreeCams has been stolen and sold on a hacker forum, reports confirmed this week. The stolen data includes usernames, email addresses and passwords in clear text.

The hacker, who apparently used an SQL injection attack, offered batches of 10,000 user records at a time for $1500 in Bitcoin and promised to only sell each batch once, meaning buyers were guaranteed to get unique data. The wallet used by the criminal to receive funds had amassed just over $22,000 from 49 transactions before being emptied.


Source

Buyers of the data could use it to potentially extort users or gain access to other accounts that used the same password via credential stuffing attacks.

For their part, MyFreeCams confirmed the attack was genuine and had already notified affected users and reset their passwords. They also say the vulnerability that made the attack possible had been rectified and that no credit card details had been compromised by the breach. However, it is not clear at this point in time whether the hackers obtained details of other MyFreeCams users along with Premium members, so all users are advised to change their passwords. The site, ranked 619th most visited website on the internet and 335th most visited site in the U.S., receives over 70 million visitors each month.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Drupal’s journey from dorm-room project to billion-dollar exit

Twenty years ago Drupal and Acquia founder Dries Buytaert was a college student at the University of Antwerp. He wanted to put his burgeoning programming skills to work by building a communications tool for his dorm. That simple idea evolved over time into the open-source Drupal web content management system, and eventually a commercial company called Acquia built on top of it.

Buytaert would later raise over $180 million and exit in 2019 when the company was acquired by Vista Equity Partners for $1 billion, but it took 18 years of hard work to reach that point.

When Drupal came along in the early 2000s, it wasn’t the only open-source option, but it was part of a major movement toward giving companies options by democratizing web content management.

Many startups are built on open source today, but back in the early 2000s, there were only a few trail blazers and none that had taken the path that Acquia took. Buytaert and his co-founders decided to reduce the complexity of configuring a Drupal installation by building a hosted cloud service.

That seems like a no-brainer now, but consider at the time in 2009, AWS was still a fledgling side project at Amazon, not the $45 billion behemoth it is today. In 2021, building a startup on top of an open-source project with a SaaS version is a proven and common strategy. Back then nobody else had done it. As it turned out, taking the path less traveled worked out well for Acquia.

Moving from dorm room to billion-dollar exit is the dream of every startup founder. Buytaert got there by being bold, working hard and thinking big. His story is compelling, but it also offers lessons for startup founders who also want to build something big.

Born in the proverbial dorm room

In the days before everyone had internet access and a phone in their pockets, Buytaert simply wanted to build a way for him and his friends to communicate in a centralized way. “I wanted to build kind of an internal message board really to communicate with the other people in the dorm, and it was literally talking about things like ‘Hey, let’s grab a drink at 8:00,’” Buytaert told me.

He also wanted to hone his programming skills. “At the same time I wanted to learn about PHP and MySQL, which at the time were emerging technologies, and so I figured I would spend a few evenings putting together a basic message board using PHP and MySQL, so that I could learn about these technologies, and then actually have something that we could use.”

The resulting product served its purpose well, but when graduation beckoned, Buytaert realized if he unplugged his PC and moved on, the community he had built would die. At that point, he decided to move the site to the public internet and named it drop.org, which was actually an accident. Originally, he meant to register dorp.org because “dorp” is Dutch for “village or small community,” but he mistakenly inverted the letters during registration.

Buytaert continued adding features to drop.org like diaries (a precursor to blogging) and RSS feeds. Eventually, he came up with the idea of open-sourcing the software that ran the site, calling it Drupal.

The birth of web content management

About the same time Buytaert was developing the basis of what would become Drupal, web content management (WCM) was a fresh market. Early websites had been fairly simple and straightforward, but they were growing more complex in the late 90s and a bunch of startups were trying to solve the problem of managing them. Buytaert likely didn’t know it, but there was an industry waiting for an open-source tool like Drupal.

Extra Crunch roundup: Digital health VC survey, edtech M&A, deep tech marketing, more

I had my first telehealth consultation last year, and there’s a high probability that you did, too. Since the pandemic began, consumer adoption of remote healthcare has increased 300%.

Speaking as an unvaccinated urban dweller: I’d rather speak to a nurse or doctor via my laptop than try to remain physically distanced on a bus or hailed ride traveling to/from their office.

Even after things return to (rolls eyes) normal, if I thought there was a reliable way to receive high-quality healthcare in my living room, I’d choose it.

Clearly, I’m not alone: a May 2020 McKinsey study pegged yearly domestic telehealth revenue at $3 billion before the coronavirus, but estimated that “up to $250 billion of current U.S. healthcare spend could potentially be virtualized” after the pandemic abates.

That’s a staggering number, but in a category that includes startups focused on sexual health, women’s health, pediatrics, mental health, data management and testing, it’s clear to see why digital-health funding topped more than $10 billion in the first three quarters of 2020.

Drawing from The TechCrunch List, reporter Sarah Buhr interviewed eight active health tech VCs to learn more about the companies and industry verticals that have captured their interest in 2021:

  • Bryan Roberts and Bob Kocher, partners, Venrock
  • Nan Li, managing director, Obvious Ventures
  • Elizabeth Yin, general partner, Hustle Fund
  • Christina Farr, principal investor and health tech lead, OMERS Ventures
  • Ursheet Parikh, partner, Mayfield Ventures
  • Nnamdi Okike, co-founder and managing partner, 645 Ventures
  • Emily Melton, founder and managing partner, Threshold Ventures

Full Extra Crunch articles are only available to members
Use discount code ECFriday to save 20% off a one- or two-year subscription


Since COVID-19 has renewed Washington’s focus on healthcare, many investors said they expect a friendly regulatory environment for telehealth in 2021. Additionally, healthcare providers are looking for ways to reduce costs and lower barriers for patients seeking behavioral support.

“Remote really does work,” said Elizabeth Yin, general partner at Hustle Fund.

We’ll cover digital health in more depth this year through additional surveys, vertical reporting, founder interviews and much more.

Thanks very much for reading Extra Crunch this week; I hope you have a relaxing weekend.

Walter Thompson
Senior Editor, TechCrunch
@yourprotagonist

8 VCs agree: Behavioral support and remote visits make digital health a strong bet for 2021

Woman having a medicine video conferencing with her doctor using digital tablet. Senior woman on a video call with a doctor using her tablet computer at home.

Image Credits: Luis Alvarez (opens in a new window) / Getty Images

Lessons from Top Hat’s acquisition spree

Image Credits: Bryce Durbin

In the last year, edtech startup Top Hat acquired three publishing companies: Fountainhead Press, Bludoor and Nelson HigherEd.

Natasha Mascarenhas interviewed CEO and founder Mike Silagadze to learn more about his content acquisition strategy, but her story also discussed “some rumblings of consolidation and exits in edtech land.”

How VCs invested in Asia and Europe in 2020

Last year, U.S.-based VCs invested an average of $428 million each day in domestic startups, with much of the benefits flowing to fintech companies.

This morning, Alex Wilhelm examined Q4 VC totals for Europe, which had its lowest deal count since Q1 2019, despite a record $14.3 billion in investments.

Asia’s VC industry, which saw $25.2 billion invested across 1,398 deals is seeing “a muted recovery,” says Alex.

“Falling seed volume, lots of big rounds. That’s 2020 VC around the world in a nutshell.”

Decrypted: With more SolarWinds fallout, Biden picks his cybersecurity team

Image Credits: Treedeo (opens in a new window) / Getty Images

In this week’s Decrypted, security reporter Zack Whittaker covered the latest news in the unfolding SolarWinds espionage campaign, now revealed to have impacted the U.S. Bureau of Labor Statistics and Malwarebytes.

In other news, the controversy regarding WhatsApp’s privacy policy change appears to be driving users to encrypted messaging app Signal, Zack reported. Facebook has put changes at WhatsApp on hold “until it could figure out how to explain the change without losing millions of users,” apparently.

Hot IPOs hang onto gains as investors keep betting on tech

A big IPO debut is a juicy topic for a few news cycles, but because there’s always another unicorn ready to break free from its corral and leap into the public markets, it doesn’t leave a lot of time to reflect.

Alex studied companies like Lemonade, Airbnb and Affirm to see how well these IPO pop stars have retained their value. Not only have most held steady, “many have actually run up the score in the ensuing weeks,” he found.

Dear Sophie: What are Biden’s immigration changes?

lone figure at entrance to maze hedge that has an American flag at the center

Image Credits: Bryce Durbin / TechCrunch

Dear Sophie:

I work in HR for a tech firm. I understand that Biden is rolling out a new immigration plan today.

What is your sense as to how the new administration will change business, corporate and startup founder immigration to the U.S.?

—Free in Fremont

Hello, Extra Crunch community!

Hello in Different Languages

Image Credits: atakan (opens in a new window) / Getty Images

I began my career as an avid TechCrunch reader and remained one even when I joined as a writer, when I left to work on other things and now that I’ve returned to focus on better serving our community.

I’ve been chatting with some of the folks in our community and I’d love to talk to you, too. Nothing fancy, just 5-10 minutes of your time to hear more about what you want to see from us and get some feedback on what we’ve been doing so far.

If you would be so kind as to take a minute or two to fill out this form, I’ll drop you a note and hopefully we can have a chat about the future of the Extra Crunch community before we formally roll out some of the ideas we’re cooking up.

Drew Olanoff
@yoda

In 2020, VCs invested $428m into US-based startups every day

Last year was a disaster across the board thanks to a global pandemic, economic uncertainty and widespread social and political upheaval.

But if you were involved in the private markets, however, 2020 had some very clear upside — VCs flowed $156.2 billion into U.S.-based startups, “or around $428 million for each day,” reports Alex Wilhelm.

“The huge sum of money, however, was itself dwarfed by the amount of liquidity that American startups generated, some $290.1 billion.”

Using data sourced from the National Venture Capital Association and PitchBook, Alex used Monday’s column to recap last year’s seed, early-stage and late-stage rounds.

How and when to build marketing teams at deep tech companies

Pole lifting rubber duck with hook in its head

Image Credits: Andy Roberts (opens in a new window) / Getty Images

Building a marketing team is one of the most opaque parts of spinning up a startup, but for a deep tech company, the stakes couldn’t be higher.

How can technical founders working on bleeding-edge technology find the right people to tell their story?

If you work at a post-revenue, early-stage deep tech startup (or know someone who does), this post explains when to hire a team, whether they’ll need prior industry experience, and how to source and evaluate talent.

Bustle CEO Bryan Goldberg explains his plans for taking the company public

Bustle Digital Group CEO Bryan Goldberg

Bustle Digital Group CEO Bryan Goldberg. Image Credits: Bustle Digital Group

Senior Writer Anthony Ha interviewed Bustle Digital Group CEO Bryan Goldberg to get his thoughts on the state of digital media.

Their conversation covered a lot of ground, but the biggest news it contained focuses on Goldberg’s short-term plans.

“Where do I want to see the company in three years? I want to see three things: I want to be public, I want to see us driving a lot of profits and I want it to be a lot bigger, because we’ve consolidated a lot of other publications,” he said.

It may not be as glamorous as D2C, but beauty tech is big money

Directly Above Shot Of Razors On Green Background

Image Credits: Laia Divols Escude/EyeEm (opens in a new window) / Getty Images

The U.S. Federal Trade Commission is not a huge fan of personal-care D2C brands merging with traditional consumer product companies.

This month, razor startup Billie and Proctor & Gamble announced they were calling off their planned merger after the FTC filed suit.

For similar reasons, Edgewell Personal Care dropped its plans last year to buy Harry’s for $1.37 billion.

In a harsher regulatory environment, “the path to profitability has become a more important part of the startup story versus growth at all costs,” it seems.

Twilio CEO says wisdom lies with your developers

SAN FRANCISCO, CA – SEPTEMBER 12: Founder and CEO of Twilio Jeff Lawson speaks onstage during TechCrunch Disrupt SF 2016 at Pier 48 on September 12, 2016 in San Francisco, California. Image Credits: Steve Jennings/Getty Images for TechCrunch

Companies that build their own tools “tend to win the hearts, minds and wallets of their customers,” according to Twilio CEO Jeff Lawson.

In an interview with enterprise reporter Ron Miller for his new book, “Ask Your Developer,” Lawson says founders should use developer teams as a sounding board when making build-versus-buy decisions.

“Lawson’s basic philosophy in the book is that if you can build it, you should,” says Ron.

Stopping Cyberattacks on Remote Workers Starts at the Endpoint

The sudden shift to remote work turned our previously embedded assumptions about how work should be done upside down — and cybercriminals noticed. With many companies forced to suddenly embrace work-from-home on a condensed timeline, security fell to the backburner because a.) organizations assumed this would be short-lived, and b.) they figured they could circle back to security once everything was up and running.

During this time, we have observed a significant number of malware campaigns, spam campaigns, and outright scams that preyed on the fears and uncertainties of the global population. These ranged from fraud schemes related to economic stimulus programs offered by the U.S. Small Business Administration to the Maze ransomware hacking group attacking a British research company that was preparing to conduct trials of a COVID-19 vaccine. Throughout COVID-19, cybercriminals have continued to capitalize on unsecured work-from-home computing to deliver new malware and test new techniques.

Many company leaders intend to permit remote working some of the time as employees return to the workplace. As we continue to embrace working from home, here are a few tips to ensure you keep your people, data, customers and organization safe.

1. It All Starts at the Endpoint

In simple terms, an endpoint is one end of a communications channel – it’s any device that is physically an “end point” on a network. It refers to parts of a network that don’t simply relay communications along its channels or switch those communications from one channel to another. An endpoint is the place where communications originate, and where they are received. Endpoints can be anything from desktops, laptops, servers, and virtual environments, to IoT devices like wearable fitness devices, printers, smart TVs and even toaster ovens.

Today’s challenge is that everything is digital, and protecting the endpoint isn’t as easy as it used to be. Virtually any device can be connected to your network. And therefore, just as physical items can be stolen or broken, today’s precious assets are increasingly susceptible to cybercrime that seeks to halt business activity, steal data, and steal money – all digitally.

2. Understand What Is On Your Network

Protecting the endpoint is your primary task, but ask yourself this question: do you know how many devices are connected to your network? You may be surprised to learn that beyond traditional endpoints (think desktops, laptops, and servers), most organizations are running completely blind. It doesn’t have to be that way.

You can’t protect what you can’t see, so it’s imperative for organizations to be able to map what is on a network and fingerprint devices to see what is connected — and more importantly, unprotected. With the help of an AI-driven endpoint protection platform, organizations can easily identify and see each and every device connected to the network.

3. Secure Company Devices

Even though employees won’t be working out of the office, it doesn’t mean they’ll necessarily always be working from home. We’re seeing employees take their work with them, whether that means working in a socially distanced park or working out of their hotel on vacation. When choosing to work from any public network, employees are exposing themselves to the risk of potentially exposing company data that resides on their laptop locally.

Here’s a few tips to help keep your company devices secure:

  • Make sure all company devices use full disk encryption so that if a laptop happens to get lost or stolen, the data on the device will not be accessible to thieves.
  • Use password management so that all accounts on the device require unique login credentials.
  • Remind employees to log out whenever the system is not in use, even at home.

While these may seem like basic security practices, it’s always a good idea to remind your employees not to be that Starbucks customer who goes to the counter for a refill while leaving an open laptop on the table.

Cybersecurity for the remote workforce
Every threat. Every device. Every second.

4. Be Smart When Accessing Company Networks

Providing remote access to your corporate network always increases the risk of your organization’s data getting into the wrong hands. This often happens when employees let their guard down and engage in behaviors they normally wouldn’t at the office, such as using their company device for personal activities.

To better protect your data, use a zero-trust security solution to connect remote employees to your organization’s networks and servers. A zero-trust solution creates a direct connection as if the device were connected to the organization’s LAN. And, don’t be afraid to remind employees that a laptop used at home is still company property, and should only be used by the employee themselves for work-related activities. Any non-work-related activity should be conducted on the employee’s own devices.

5. Beware of Phishing Campaigns and Malware

With the increase in email and other text-based communications to stay connected while working remotely, it can be hard for employees to differentiate what emails and communications are legitimate, and what are not.

As phishing and malware campaigns continue to rise, be sure to remind your employees to inspect links before clicking by hovering over them with the pointer to see the actual URL destination. Another easy way to help your employees protect themselves from falling victim to such campaigns is to use an automated endpoint detection and response security solution that can block malicious content if it is executed by the user.

Conclusion

With the vast majority of the workforce changing its habits, securing the world’s commerce, communications, and precious digital assets has never been more critical. As we embrace our new normal, enterprises can secure work-from-home computers and ensure that all surrounding IoT devices are prohibited from communication with enterprise assets — by having the correct tools and strategies in place to defend every endpoint against every type of attack, at every stage in the threat lifecycle.

Learn more about how endpoint protection can help protect your remote employees, the company, and your sensitive information here, or contact us for more information or request a free demo.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security