Dover raises $20M to bring the concept of ‘orchestration’ to recruitment

/0 Comments/in /by

Despite being one of the earliest adopters of using the world wide web to disrupt how its business is done and connect with more potential customers, the recruitment industry ironically remains one of the more fragmented and behind the times when it comes to using new, cloud-based services to work more efficiently. A new startup is hoping to change that, and it’s picked up some funding on strong, early signs of traction.

Dover, which has built what CEO and co-founder Max Kolysh describes as a “recruitment orchestration platform” — aimed at recruiters, it helps them juggle and aggregate multiple candidate pools to source suitable job candidates automatically, and then manage the process of outreach (including using tools to automatically re-write job descriptions, as well as to write recruitment and rejection letters) — has raised $20 million from an impressive list of investors.

Tiger Global led the Series A round, with Founders Fund, Abstract Ventures and Y Combinator also investing. Dover was part of YC’s Summer 2019 class (which debuted in August 2020), and Founders Fund led its seed round. Since leaving the incubator, it has picked up more than 100 customers, mostly from the world of tech, including ClearCo, Lattice, Samsara and others, even larger companies that you might have assumed would have their own in-house orchestration and automation platforms in place already.

“Orchestration” in the world of business IT is commonly used for software built for the fields of sales and marketing: In both of these, there is a lot of fragmentation and work involved in sourcing good leads to become potential customers, and so tech companies have built platforms both to source interesting contacts and handle some of the initial steps needed to reach out to them, and get them engaged.

That, it turns out, is a very apt way to think of the recruitment industry, too, not least because it also, to a degree, involves a company “selling” itself to candidates to get them interested.

“I would say recruiting is sales and marketing,” Kolysh said. “We’re comparable to sales ops, but sales is five-10 years ahead in terms of technology.”

Recruiters and hiring managers, especially those working in industries where talent is at a premium and therefore proactively hiring good people can be a challenge, are faced with a lot of busy work to find interesting candidates and engage them to consider open jobs, and subsequently handling the bigger process of screening, reaching out to them and potentially rejecting some while making offers to others.

This is mainly because the process of doing all of these is typically very fragmented: Not only are there different tools built to handle these different processes, but there is an almost endless list of sources today where people go to look for work, or get their names out there.

Dover’s approach is based on embracing that fragmentation and making it easier to handle. Using AI, it taps platforms like LinkedIn, Indeed and Triplebyte — a likely list, given its initial focus on tech — to source candidates that it believes are good fits for a particular opening at a company.

Dover does this with a mix of AI and understanding what a recruiter is looking for, plus any extra parameters if they have been set by the recruiter to carry this out (for example, diversity screening, if the employer would like to have a candidate pool that is in line with a company’s inclusion targets).

Dover also uses data science and AI to help calibrate a recruiter’s communications with would-be candidates, from the opening job description through to job offer or rejection letters. (Why dwell on rejection letters? Because these candidates are already in a short list, and so even if they didn’t get one particular job, they are likely good prospects for future roles.)

“No human wants to write 100 cold emails per week, but on the other hand, there are many people to hit up and connect with,” Kolysh said of the challenges that recruiters face. “When a company is seeing a lot of growth, it needs to scale fast. You just can’t do that without technology anymore.” Kolysh — who co-founded the company with Anvisha Pai (CTO) and George Carollo (COO) — said all three founders experienced that firsthand working at previous startups and trying to recruit while also building the other aspects of the business. (They are pictured above, along with founding engineer John Holliman.)

Given how much orchestration has caught on in the world of sales, there is a strong opportunity here for Dover to bring a similar approach to recruitment, based on what seems to be a very close understanding of the flawed recruitment process as it exists today. Whether that brings more competitors to the space — or more tools from some of the bigger players in, say, candidate sourcing — will be one factor to watch, as will how and if Dover manages to make the leap to other industries beyond tech.

Why CEOs should spend up to half their time recruiting

But for now, its usefulness for a particular segment of the market is also what caught the eye of Tiger Global.

John Luttig, the partner who led the investment for Founders Fund, noted in an interview that most recruiting tools in the market today might best be described as point solutions, addressing scheduling or interviews, for example.

“It’s the full stack here that is appealing,” he told me. “And it’s automated, which is particularly valuable for early and mid-stage tech companies, to keep candidates from falling through the cracks. It also saves time from having to build up big recruiting departments. And because Dover owns all that work, those working in recruitment can instead focus on culture building, or assessing the candidates.”

Updated to note that Luttig is at Founders Fund, and to correct that the customer is ClearCo.

SmartRecruiters raises $110M at a $1.5B valuation to expand its end-to-end recruitment platform

/0 Comments/in /by

The global Covid-19 pandemic had a chilling effect on a number of industries and their workforces, resulting in mass furloughs and layoffs. But now, with countries now taking steps back to “normal”, that has been leading, in many cases, back to a hiring surge. Today, SmartRecruiters, one of the companies that has built software to handle that process more smoothly, is announcing $110 million in funding to seize the moment.

The funding, a Series E, is coming in at a $1.5 billion valuation, the company confirmed. Silver Lake Waterman is leading this round, with previous backers Insight Partners, and Mayfield Fund also participating.

The investment will be used in two areas. First, SmartRecruiters plans to continue expanding business — its primary customers are large enterprises with Visa, Square, McDonald’s, Ubisoft, FireEye, Biogen, Equinox and Public Storage among them, and the plan will be to bring on more of these globally. Jerome Ternynck, SmartRecruiters’ CEO and founder, pointed out that one of its clients made a move recently in which it had to swiftly ramp up by 10,000 people in 90 days.

“That is the scale of the great rehire that we are aiming to serve,” he said.

And second, it plans to hire and invest more in product. Specifically, Ternynck said the company is looking to build more intelligence into its platform, so that it can help customers find ideal matches for roles and provide them with tools to automate and reduce the busy work of managing a recruitment process.

This is a notable area for growth, and one that smaller startups have also identified and are building to fix: just yesterday, one of them, Dover, announced a Series A.

Ternynck likes to describe SmartRecruiters as “the Salesforce of recruiting”, by which he means that it provides a system of record for large enterprises who can manage 100% of the process of recruitment, from sourcing candidates to hire.

“In recruiting tech, we are the mothership,” he said, with some 600 vendors integrated into its platform — a mark of how fragmented the wider industry really is.

(Salesforce, incidentally, is an investor in SmartRecruiters, and while right now it’s not directly working with its portfolio company to build recruitment into what it operates as essentially a massive CRM behemoth, it’s an interesting prospect and seems like a no-brainer that it might try to some day. Ternynck would not comment…)

There are already a lot of application tracking systems in the market that can handle the basics of logging candidates and managing their progress through the screening, interview, references, and hiring/rejection cycle — Ternynck, in fact founded and sold one of the pioneers in that space, But the problem with these is that they are limited and often work within their own silos. He refers to these ATS systems as “the first generation” of recruitment software, a generation that is now getting replaced.

There are some big changes driving that evolution, and specifically SmartRecruiters’ growth. One key area is the bigger shift in “digital transformation”, precipitated by the pandemic but also a bigger shift to cloud-based computing and evolutions in big data management. Fragmentation is rife in recruiting, but we now are equipped in the world of IT with many, many ways of navigating that and using the wide amount of information out there to our advantage.

But there is another, more epistemological shift, too. Recruitment, and talent in general, has become a critical part of how a company conceives of its future success. Get the right people on board and you will grow. Fail to hire correctly and you will not, and you might even fail.

“This round and our progression signals the fact that CEOs have been forced to care more about recruiting,” he said. They want want to hire the best, he added, but that is fundamentally different from how recruiting has traditionally been approached, which is focused on cost per hire.

“This means recruiting is coming out of the administration function and into value add and sales and marketing,” he added. (That’s another interesting parallel with Dover which has gone so far as to conceive of its recruitment approach as “orchestration”, a word more commonly associated with sales software.)

The pandemic has had an impact here, too: employees and “hires” today are not what they used to be. It has become more acceptable to work remotely, and what people have come to expect out of jobs, and what roles they are coming from when applying, are all so different, and that also demands a different kind of platform to engage with them.

Indeed, that bigger area — sometimes referred to as “the future of work” — is part of what attracted this investment.

“Hiring talent and building human capital is more complex and important than ever, and SmartRecruiters is well positioned to help companies attract and land top talent,” said Shawn O’Neill, Managing Director and Group Head, Silver Lake Waterman, in a statement. “Their scale and customer growth are testament to their strong leadership and industry leading platform. We are excited to help fuel SmartRecruiters’ next growth chapter.”

Interestingly, Ternynck noted that even despite the mass layoffs and furloughs experienced in some industries in the last year and a half, SmartRecruiters has seen business grow, even through some of the worst moments of Covid-19. Over the last 12 months, bookings have grown by 70%, he said. That’s a mark of how recruiting priorities are indeed changing, regardless of whether it’s a SmartRecruiters, or another kind of company entirely — and there are many, from Taleo and Cornerstone, through to smaller hopefuls like Dover, and even Salesforce — who might reap the spoils longer term.

Choco bites into $100M Series B, at a $600M valuation, to build a more transparent, sustainable food supply chain

/0 Comments/in /by

The United States estimates of the food produced here approximately 40% is wasted. Globally, $2.6 trillion annually is lost.

Berlin-based Choco, which has built ordering software for restaurants and their suppliers, is working to digitize the food supply chain and announced $100 million in Series B funding, led by Left Lane Capital, to give it a $600 million post-market valuation. Joining in is new investor Insight Partners and existing investors Coatue Management and Bessemer Venture Partners.

The new round comes just over a year after Choco’s $63.7 million Series A, raised at two different periods, a $33.5 million round in 2019 and a $30.2 million round in 2020 — at a $230 million valuation — to bring total funding to $171.5 million since the company was founded in 2018.

The company’s core food procurement technology digitizes ordering workflow and communications for restaurants and suppliers. During the global pandemic, Khachab said Choco became the go-to tool for operators to be more efficient around procurement processes and reducing expenses as they adapted to the changing market conditions.

With the food industry a $6 trillion market, Choco CEO Daniel Khachab told TechCrunch he aims to make the food supply chain more transparent and sustainable in order to help increase margins in the food service sector and combat climate change.

The company did 14 months of food waste research and found that it was central to a lot of other global problems: Food waste is the third-largest driver of climate change and is causing deforestation — as evident by news from the Amazon last year  — and the extinction of animals.

“It makes sense to try and solve it,” he added. “The food system is highly fragile, and what was shown in the first and second waves of the pandemic is how fragile and inflexible it was. It made the industry realize that it has to step up and that it can’t continue to work on pen and paper.”

Between the farmer and the end point, there are some nine parties involved, Khachab said. None are connected to another, which often means nine data silos and data not collected along the chain. It is important to connect them on one single platform so decision-making can be data-driven, he added.

As uncertainty swept across the food industry at the beginning of the pandemic, Khachab said Choco could either lay low and wait or invest in the company. He chose the latter, pumping up the team, regions and technology. As a result, Choco’s technology is stronger than it was 15 months ago and proved to be flexible amid the inflexible environment.

Choco saw orders quadruple on the platform in the past year, and gross merchandise value grew to $900 million annualized, up from $230 million, Khachab said.

As the company continues to learn how it can provide value to the food supply chain, half of the Series B funding will go into technology development. It will also go toward doubling its headcount, especially on the engineering side. Choco recently brought on ex-Uber and Facebook executive Vikas Gupta as chief technology officer, and Khachab said Gupta’s expertise will enable the company “to build the best technology team in Europe” and scale faster.

Choco is already operating in six markets, including the United States, Germany, France, Spain, Austria and Belgium. Khachab expects to expand in those markets and gain a footprint in new markets like Latin America, the Middle East and Asia.

What SOSV’s Climate Tech 100 tells founders about investors in the space

 

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

/0 Comments/in /by

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they’d had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective.

This story isn’t about what organizations do in response to cybercriminals holding their data for hostage, which has become something of a best practice among most of the top ransomware crime groups today. Rather, it’s about why victims still pay for a key needed to decrypt their systems even when they have the means to restore everything from backups on their own.

Experts say the biggest reason ransomware targets and/or their insurance providers still pay when they already have reliable backups is that nobody at the victim organization bothered to test in advance how long this data restoration process might take.

“In a lot of cases, companies do have backups, but they never actually tried to restore their network from backups before, so they have no idea how long it’s going to take,” said Fabian Wosar, chief technology officer at Emsisoft. “Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files. A lot of IT teams never actually make even a back-of-the-napkin calculation of how long it would take them to restore from a data rate perspective.”

Wosar said the next most-common scenario involves victims that have off-site, encrypted backups of their data but discover that the digital key needed to decrypt their backups was stored on the same local file-sharing network that got encrypted by the ransomware.

The third most-common impediment to victim organizations being able to rely on their backups is that the ransomware purveyors manage to corrupt the backups as well.

“That is still somewhat rare,” Wosar said. “It does happen but it’s more the exception than the rule. Unfortunately, it is still quite common to end up having backups in some form and one of these three reasons prevents them from being useful.”

Bill Siegel, CEO and co-founder of Coveware, a company that negotiates ransomware payments for victims, said most companies that pay either don’t have properly configured backups, or they haven’t tested their resiliency or the ability to recover their backups against the ransomware scenario.

“It can be [that they] have 50 petabytes of backups … but it’s in a … facility 30 miles away.… And then they start [restoring over a copper wire from those remote backups] and it’s going really slow … and someone pulls out a calculator and realizes it’s going to take 69 years [to restore what they need],” Siegel told Kim Zetter, a veteran Wired reporter who recently launched a cybersecurity newsletter on Substack.

“Or there’s lots of software applications that you actually use to do a restore, and some of these applications are in your network [that got] encrypted,” Siegel continued. “So you’re like, ‘Oh great. We have backups, the data is there, but the application to actually do the restoration is encrypted.’ So there’s all these little things that can trip you up, that prevent you from doing a restore when you don’t practice.”

Wosar said all organizations need to both test their backups and develop a plan for prioritizing the restoration of critical systems needed to rebuild their network.

“In a lot of cases, companies don’t even know their various network dependencies, and so they don’t know in which order they should restore systems,” he said. “They don’t know in advance, ‘Hey if we get hit and everything goes down, these are the services and systems that are priorities for a basic network that we can build off of.’”

Wosar said it’s essential that organizations drill their breach response plans in periodic tabletop exercises, and that it is in these exercises that companies can start to refine their plans. For example, he said, if the organization has physical access to their remote backup data center, it might make more sense to develop processes for physically shipping the backups to the restoration location.

“Many victims see themselves confronted with having to rebuild their network in a way they didn’t anticipate. And that’s usually not the best time to have to come up with these sorts of plans. That’s why tabletop exercises are incredibly important. We recommend creating an entire playbook so you know what you need to do to recover from a ransomware attack.”

Zoom buys cloud call center firm Five9 for $14.7 billion

/0 Comments/in /by

Zoom is taking advantage of the impressive rise in its stock price in the past year to make its first major acquisition. The popular video conferencing firm, which was valued at about $9 billion at its IPO two years ago, said Sunday evening it has agreed a deal to buy cloud call centre service provider Five9 for about $14.7 billion in an all-stock transaction.

20-year-old Five9 will become an operating unit of Zoom after the deal, which is expected to close in the first half of 2022, the two firms said.

The proposed acquisition is Zoom’s latest attempt to expand its offerings. In the past year, the video conferencing software has added several office collaboration products, a cloud phone system, and an all-in-one home communications appliance.

The acquisition of Five9 — which has amassed over 2,000 customers worldwide including Citrix and Under Armour and processes over 7 billion minutes of calls annually — will help Zoom enter the “$24 billion” market for contact centers, the company said.

“We are continuously looking for ways to enhance our platform, and the addition of Five9 is a natural fit that will deliver even more happiness and value to our customers,” said Eric S. Yuan, founder and chief executive of Zoom, in a statement.

Joining forces will offer both firms “significant” cross-selling opportunities in each other’s respective customer bases, the two firms said.

“Businesses spend significant resources annually on their contact centers, but still struggle to deliver a seamless experience for their customers,” said Rowan Trollope, chief executive of Five9.

“It has always been Five9’s mission to make it easy for businesses to fix that problem and engage with their customers in a more meaningful and efficient way. Joining forces with Zoom will provide Five9’s business customers access to best-of-breed solutions, particularly Zoom Phone, that will enable them to realize more value and deliver real results for their business. This, combined with Zoom’s ‘ease-of use’ philosophy and broad communication portfolio, will truly enable customers to engage via their preferred channel of choice.”

The two firms will do a joint Zoom call Monday to share more about the transaction.

The Good, the Bad and the Ugly in Cybersecurity – Week 29

/0 Comments/in /by

The Good

A transatlantic cybercrime operation was busted last week by Spanish Guardia Civil. Sixteen suspects in eight different locations throughout Spain were arrested on charges of laundering funds stolen through banking trojans made by Brazilian cybercrime groups. These groups developed and rented the banking trojans known as Mekotio and Grandoreiro, very capable pieces of malware targeting Windows computers through phishing emails. Post-infection, they remain hidden until the user logs into their banking accounts, silently harvesting credentials.

The police seized €276,470 in cash and, after forensic examination of the suspects’ computers, found an additional €3.5 million stashed away which had not yet been cashed out.

Back in North America, the U.S. government is stepping up its efforts to battle ransomware. The U.S. Department of Justice (DOJ), the U.S. Department of Homeland Security (DHS), and CISA have launched a website that aims to provide comprehensive information regarding ransomware attacks.

The site, stopransomware, includes guidance and resources, general information, tips, a Ransomware Readiness Assessment tool and a dedicated page for reporting ransomware incidents to the authorities.

The Bad

Software vulnerabilities are prime targets for attackers, who seek to identify and weaponize zero-day vulnerabilities. But this is a very expensive process that requires extremely skilled researchers. This is why traditionally it was only undertaken by well-funded, advanced nation-states. Now, however, commercial entities are doing their own research and selling weaponized zero-day end-products to whomever can afford them. While this has been known for some time, the general perception was that these enterprises focused on mobile exploits and to a lesser degree (and capability) on standard operating systems.

According to Google’s Threat Analysis Group (TAG) and Project Zero, four new zero-days were recently used as part of three targeted campaigns. These campaigns exploited previously unknown flaws in Google Chrome, Internet Explorer, and WebKit, the browser engine used by Apple’s Safari (CVE-2021-21166 and CVE-2021-30551 in Chrome; CVE-2021-33742 and CVE-2021-1879 for IE and Webkit, respectively).

Google says that three of these exploits were developed by a commercial surveillance company which then sold the vulnerabilities to two different government-backed actors. “Based on our analysis, we assess that the Chrome and Internet Explorer exploits described here were developed and sold by the same vendor providing surveillance capabilities to customers around the world”.

The Ugly

What does the University of London’s School of Oriental and African Studies (SOAS) have to do with cyber espionage? According to a recent study, Iranian attackers presented themselves as research fellows working at SOAS and contacted journalists covering the Middle East, Think Tank experts and senior professors.

The threat actors invited their unsuspecting victims to participate in an online conference called “US Security Challenges in the Middle East”. They then directed these contacts to a registration page, which was actually a compromised website belonging to SOAS, in order to steal Google, Microsoft and other single sign-on or email log-in credentials.

Based on TTPs and target selection, the activity has been attributed to TA453 (aka APT35, Phosphorus, and Magic Hound), an attack group affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC). One of the scholars who had his identity “borrowed”, told reporters “Of course it’s stressful, but on the upside I had conversations with a lot of interesting people that I would probably not have had interaction with otherwise. I’m taking it as a lived case study”. That’s the spirit!

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Taste intelligence startup Halla closes $4.5M Series A1 to predict which grocery items shoppers will buy

/0 Comments/in /by

Halla wants to answer the question of how people decide what to eat, and now has $4.5 million in fresh Series A1 capital from Food Retail Ventures to do it.

Headquartered in New York, Halla was founded in 2016 by Gabriel Nipote, Henry Michaelson and Spencer Price to develop “taste intelligence,” using human behavior to steer shoppers to food items they want while also discovering new ones as they shop online. This all results in bigger basket orders for stores. SOSV and E&A Venture Capital joined in on the round, which brings Halla’s total capital raised to $8.5 million, CEO Price told TechCrunch.

The company’s API technology is a plug-and-play platform that leverages more than 100 billion shopper and product data points and funnels it into three engines: Search, which takes into account a shopper’s preferences; Recommend, which reveals relevant complementary products as someone shops; and Substitute, which identifies replacement options.

Halla’s Substitute product was released earlier this year as an answer to better recommendations for out-of-stock items that even retailers like Walmart are creating technology to solve. Price cited a McKinsey report that found 20% of grocery shoppers sought out competitors following a negative outcome from bad substitutions.

Halla Substitute. Image Credits: Halla

None of these data points are linked to any shoppers’ private data, just the attributes around the shopping itself. The APIs, rather, are looking for context to return relevant recommendations and substitutions. For example, Halla’s platform would take into account the way someone adds items to their cart and suggest next ones: if you added turkey and then bread, the platform may suggest cheese and condiments.

“It’s also about personalization when it comes to grocery shopping and food,” Price said. “When you want organic eggs from a specific brand and it is out of stock, it is often up to your personal shopper’s discretion. We want to lead them to the right substitutions, so you can still cook the meal you intended instead of ‘close enough.’ ”

Halla’s technology is now live in more than 1,100 e-commerce storefronts. The new funding gives Halla some fuel for the fire Price said is happening within the company, including plans to double the number of stores it supports across accounts. He also expects to double employees to 30 in order to support growth and customer base, admitting there is “more inbound interest that we can handle.” Halla has been busy fast-tracking big customers for pilots, and at the same time, wants to expand internationally with additional product lines over the next 18 months.

The company is also seeing “a near infinite increase in recurring revenue,” as it attracts six- and seven-figure contracts that push the company closer to cash flow positivity. All of that growth is positioning Halla for a Series B if it needs it, Price said.

Meanwhile, as part of the investment, Food Retail Ventures’ James McCann will join Halla’s board of directors.

McCann, who only invests in food and retail technology, told TechCrunch that grocery stores need a way to inspire shoppers, that Halla is doing that and in a better way than other intelligence versions he has seen.

“Their technology is miles ahead of everyone else,” he added. “They have a terrific team and a terrific product. They are seeing huge uplifts in terms of suggestions and what people are buying, and their measurements are out of this world.”

From farm to phone: A paradigm shift in grocery

Photo includes Halla co-founders, from left, Spencer Price (CEO), Henry Michaelson (CTO & President) and Gabriel Nipote (COO).

ServiceMax promises accelerating growth as key to $1.4B SPAC deal

/0 Comments/in /by

ServiceMax, a company that builds software for the field-service industry, announced yesterday that it will go public via a special purpose acquisition company, or SPAC, in a deal valued at $1.4 billion. The transaction comes after ServiceMax was sold to GE for $915 million in 2016, before being spun out in late 2018. The company most recently raised $80 million from Salesforce Ventures, a key partner.

Broadly, ServiceMax’s business has a history of modest growth and cash consumption.

ServiceMax competes in the growing field-service industry primarily with ServiceNow, and interestingly enough given Salesforce Ventures’ recent investment, Salesforce Service Cloud. Other large enterprise vendors like Microsoft, SAP and Oracle also have similar products. The market looks at helping digitize traditional field service, but also touches on in-house service like IT and HR giving it a broader market in which to play.

GE originally bought the company as part of a growing industrial Internet of Things (IoT) strategy at the time, hoping to have a software service that could work hand in glove with the automated machine maintenance it was looking to implement. When that strategy failed to materialize, the company spun out ServiceMax and until now it remained part of Silver Lake Partners thanks to a deal that was finalized in 2019.

TechCrunch was curious why that was the case, so we dug into the company’s investor presentation for more hints about its financial performance. Broadly, ServiceMax’s business has a history of modest growth and cash consumption. It promises a big change to that storyline, though. Here’s how.

A look at the data

The company’s pitch to investors is that with new capital it can accelerate its growth rate and begin to generate free cash flow. To get there, the company will pursue organic (in-house) and inorganic (acquisition-based) growth. The company’s blank-check combination will provide what the company described as “$335 million of gross proceeds,” a hefty sum for the company compared to its most recent funding round.

Intel rumored to be in talks to buy chip manufacturer GlobalFoundries for $30B

/0 Comments/in /by

When it comes to M&A in the chip world, the numbers are never small. In 2020, four deals involving chip companies totaled $106 billion, led by Nvidia snagging ARM for $40 billion. One surprise from last year’s chip-laced M&A frenzy was Intel remaining on the sidelines. That would change if a rumored $30 billion deal to buy chip manufacturing concern GlobalFoundries comes to fruition.

The rumor was first reported by The Wall Street Journal yesterday.

Patrick Moorhead, founder and principal analyst at Moor Insight & Strategies, who watches the chip industry closely, says that snagging GlobalFoundries would certainly make sense for Intel. The company is currently pursuing a new strategy to manufacture and sell chips for both Intel and to others under CEO Pat Gelsinger, who came on board in January to turn around the flagging chip maker.

2021 will be a calmer year for semiconductors and chips (except for Intel)

“GlobalFoundries has technologies and processes that are specialized for 5G RF, IoT and automotive. Intel with GlobalFoundries would become what I call a ‘full-stack provider’ that could offer a customer everything. This is in full alignment with IDM 2.0 (Intel’s chip manufacturing strategy) and would get Intel there years before it could without GlobalFoundries,” Moorhead told TechCrunch.

It would also give Intel a chip manufacturing facility at a time when there are global chip shortages and huge demand for product from every corner, due in part to the pandemic and the impact it has had on the global supply chain. Intel has already indicated it has plans to spend more than $20 billion to build two fabs (chip manufacturing plants) in Arizona. Adding GlobalFoundries to these plans would give them a broad set of manufacturing capabilities in the coming years if it came to pass, but would also involve a significant investment of tens of billions of dollars to get there.

GlobalFoundries is a worldwide chip manufacturing concern based in the U.S. The company was spun off from Intel’s rival chip maker AMD in 2012, and is currently owned by Mubadala Investment Company, the investment arm of the government of Abu Dhabi.

Investors seem to like the idea of combining these two companies, with Intel stock up 1.59% as of publication. It’s important to note that this deal is still in the rumor stage and nothing is definitive or final yet. We will let you know if that changes.

Pat Gelsinger stepping down as VMware CEO to replace Bob Swan at Intel

Top 50 Subreddits for Cybersecurity and Infosec

/0 Comments/in /by

Reddit, the centralized community platform founded in 2005, is a massive social media platform, ranked as the 18th-most-visited website in the world and 7th most-visited website in the U.S. The site enjoys 52 million daily active users, and like most other areas of special interest, the cybersecurity community has taken the platform to heart. There are many subreddits dedicated to cyber news, hacking tutorials, reverse engineering and more.

Reddit’s format offers infosec and cybersecurity users the chance to really dig deep into a topic in a way that is perhaps more natural than Twitter threads or even Telegram groups. Whether it’s keeping up with breaking and developing news in cybersecurity, asking questions about malware, penetration testing, detection tools or vulnerabilities, picking up new tips for red teaming, blue teaming or learning about what’s happening at the next big cybersecurity conference, you’re bound to find a subreddit that fits your needs.

Like most social media platforms, Reddit has its own ‘netiquette’ rules, aka reddiquette, but be aware that each subreddit also defines its own rules (prominently displayed in the sidebar) in addition that participants need to be aware of.

If you haven’t yet discovered all that Reddit has to offer for cybersecurity and infosec professionals, then this is the post for you. Here’s our list of the top 50 subreddits for cybersecurity and infosec professionals.

1 AccessCyber

This relatively new subreddit offers cybersecurity career, training and education resources for “Digital Defenders”. Largely a curated list of links, AccessCyber is a useful source of info for anyone looking to improve or develop their skills, from beginners to those branching out into any of infosec’s many specialist areas.

2 apple

Billing itself as “the unofficial Apple community”, r/apple boast an incredible 2.6 million members. While the focus here is on news, rumors, opinions and analysis pertaining to Apple, its devices and software, there’s a number of useful flairs like the Daily Advice Thread, which can be used to ask for technical advice. Want to learn how to send your Watch or iPhone a message from your Mac when some long running Terminal job completes? Yep, you’ll find that and many other goodies here.

3 AskNetsec

The AskNetsec subreddit takes a Q&A format and offers a place to ask questions about information security and network security from an enterprise perspective. With over 150k members you have access to a lot of expertise in one place for all your infosec questions. This subreddit is also worth browsing as it contains a mine of information about both common and esoteric problems such as “Is there any way to download Cobalt Strike from the command line?” and “PHP command injection without $_POST or $_GET?”

4 BadApps

Malware in proprietary app stores is one of those nasty problems that can really hurt, as both users (and sometimes security software) have a poor habit of trusting software that comes from, well, trusted sources. Google’s Play Store has had more than its fair share of this problem over the years to the point where there’s a dedicated subreddit, BadApps, for discussing and coordinating the reporting of such “bad apps” to the Play Store.

5 blackhat

If vulnerabilities and exploitation are your thing, then you need to head over to the r/blackhat subreddit without delay. Here you’ll find a library of hacking techniques and research on all the latest attacks as well as more general topics like how to track the source of an image when google reverse image search doesn’t work, cryptography for pentesters, and links to both free and paid hacking tutorials and courses. This subreddit also has an IRC-style web chat site for live discussions.

6 blueteamsec


The r/blueteamsec subreddit focuses on technical intelligence, research and engineering to help blue and purple teams defend their estates. Some of the useful flairs include tradecraft (how we defend), intelligence (threat actors) and a Q&A flair for questions called help me obiwan (ask the blueteam). With over 16,000 “hunters” and “analysts”, it’s a community every blue teamer should consider joining.

7 cissp

If you’re thinking about becoming a Certified Information Systems Security Professional then you are going to want to see what you can learn from r/cissp and its nearly 40,000-strong community. This subreddit covers issues, questions and materials regarding studying, writing, and working with the CISSP exam certification.

8 CompTIA

CompTIA is one of those certs that prospective employers will either ask for or be pleased to see on your resumé. There’s apparently over 1 million certified CompTIA professionals out there, but don’t think that means the exams are easy. Underestimating the difficulty of the exams and the amount of study required is a common cause of failure. However, over at r/CompTIA, they’ve got you covered. From the “looking to get certified,” to conversations and questions from current students, this subreddit is dedicated to CompTIA certifications.

9 computerforensics


If computer forensics and DFIR are your thing, then check out r/computerforensics. Dedicated to the branch of forensic science encompassing the recovery and investigation of material found in digital devices, this subreddit is not limited to just personal computers and encompasses all media that may also fall under digital forensics (such as cellphones and video). Recent hot topics include “New Windows 10 artifact found/explored #EventTranscript.db (1 of 5 posts)” and “Disk encryption on analysis workstations / Windows 11 testing”.

10 ComputerSecurity

The Computer Security subreddit provides a curated list of links to IT security news, articles and tools as well as a place to ask cybersecurity-related questions. Questions here span the basics like “How can I best protect my PC on a home network?” to the technical such as “Can I create a secure port from my cable-supplied router”. With almost 30,000 members, there’s certain to be a slew of answers for any well-crafted question.

11 Crypto

This technical subreddit covers the theory and practice of modern cryptography, with a focus on strong algorithms and implementation. There are nearly 200,000 members discussing the “art of creating mathematical assurances for who can do what with data, including but not limited to encryption of messages such that only the keyholder can read it”.

12 cyber

The r/cyber subreddit bills “Cyber” as “the 5th Domain of Warfare”, and given the geopolitical, corporate and intelligence aspects of cyber security in recent years, that’s no overstatement. This community was founded back in 2010 from an abandoned subreddit and recently hit 10,000 members. Here you’ll find a mix of posts revolving around APTs, government policy, breach organizations, and law enforcement alerts from the likes of CISA, the FBI and more.

13 cyberlaws

If you are interested in the intersection between computing and the law, then r/cyberlaws and its 34,000 or so members is your next stop. Dedicated to legal news linked to technology, its remit covers computer crime, copyright, privacy, free speech, intellectual property, net neutrality and more. You’ll also find here posts listing cyber law courses you can take as well as both news articles and questions like “are clickbots legal for use on your own website?”.

14 cybersecurity

Another general community hangout for those that are current or aspiring technical professionals seeking to discuss cybersecurity, careers, developing threats and pretty much anything else pertaining to the ever expanding domain of cybersecurity. The r/cybersecurity subreddit aims to be “business-oriented” to handle questions from professionals and from students aiming to become professionals in the field of cybersecurity. With 275,000 members, there’s something for everyone looking to get into infosec here.

15 Cybersecurity101

In contrast to r/cybersecurity for professionals, r/Cybersecurity101 is the place to head for discussion of beginner topics concerning cybersecurity and privacy from a home, family and personal perspective. Basic questions like “Am I being keylogged” and “Does my PC have malware, a keylogger or a RAT on it” are common themes as well as similar concerns relating to mobile devices. If you’re concerned about your personal device security and not sure where to turn, this is the subreddit for you.

16 CyberSecurityJobs

If you’re looking for a new gig or just getting into the world of infosec, then r/CyberSecurityJobs should be on your list of regular stops. This subreddit has the latest jobs in Information Security, covering current job listings in cybersecurity, digital forensics, incident response and related fields. There’s also a “Mega-Thread” where job seekers are welcome to post in the commumity to attract potential employers.

17 datarecovery

The datarecovery subreddit exists as a place to discuss the ins and outs of data recovery, both logical and physical. The moderators warn that discussion is primarily aimed at education and information and that DIY datarecovery is a risky business (tl;dr: go to a pro!). That said, this subreddit is filled with useful tips and tricks as well as advice on how to find a data recovery specialist.

18 ethicalhacking

This subreddit caters for those interested in discussing computer hacking done for ethical purposes. There are flairs for newcomers as well as careers, but the majority of discussion will introduce or develop your knowledge of topics like wifi hacking, web vulnerabilities, pen testing, social engineering and essential tools like Kali Linux and Metasploit.

19 exploitdev

The exploitdev subreddit is the place to be for anyone interested in exploit development. Posts cover the whole spectrum of exploitation topics from basic beginners’ guides to advanced questions on shellcode and return-oriented programming. Whether you are interested in learning about buffer overflows, binary exploitation, fuzzing, or developing your CTF skills, you’ll find plenty of interest in this subreddit.

20 fulldisclosure

Over at r/fulldisclosure you will find a wealth of information related to breaches, data leaks, exploits, vulnerabilities and both informed and uninformed disclosures and zero days. Somewhat controversially, this subreddit declares that it will not remove posts on zero-day exploits. Fortunately, this forum doesn’t have a lot of traffic, but since it has been around since 2012 it provides an interesting and useful archive for researchers.

Top 10 Telegram Cybersecurity Groups You Should Join

Read Now

21 HackBloc

If you like to mix your hacking interests with politics then hacktivism subreddit r/HackBloc may be for you. This community promotes itself as covering all interests relating to Hacktivism, Crypto-anarchy, Darknets and Free Culture and claims to be “proudly feminist, Anarchist, Anti-Capitalist, Anarchist hackers”. That should give you a fairly clear indication of whether it’s for you. If the answer is yes, you should find plenty of help and common interest among its 23,000 members.

22 hackers

The r/hackers subreddit shines a light on the most recent, interesting, and historical hacks. Topics are not necessarily technical and can also cover social engineering, commonly the most effective way to gain access to someone’s account. This community is not a Q&A help forum (see some of our other picks in this guide) but mainly caters to an audience seeking detailed news.

23 hackersec

Hackersec bills itself as a place to learn, interact and share information on Cybersecurity, CTFs, programming, cryptography, anonymity and other security-focused topics. The mods are keen to point out that the community does not welcome questions asking for help hacking in the sense of recruiting others and posts offering hacking services are likely to be banned. Welcome content includes technical how-to guides, infosec developments and newbies trying to learn fundamentals.

24 hacking

The hacking subreddit is dedicated to hacking and hackers. Constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security. This community has an incredible 1.9 million members and is never short of interesting questions from broad advice on how to start malware analysis to specific areas like how to embed custom code inside USB device memory.

25 Hacking_Tutorials


Hacking Tutorials is a subreddit where members can post various resources that discuss and teach the art of hacking and pentesting while staying ethical and legal. There is a pinned post on how to get started as well as a list of useful websites. If you’re looking for a guided intro to something in infosec, this subreddit is a good place to start.

26 HowToHack

This subreddit is an outlet for the Zempirian wargaming community, which aims to provide challenges to teach various hacking skills to the public. r/HowToHack has a stunning 390,000 members and includes filters for hacking, pentesting, exploiting and script kiddie topics. Recent posts include questions like ‘What is your next step after gaining access to a network?’ and ‘Posting my Progress on Becoming an Ethical Hacker / Pen-tester’.

27 i2p

The Invisible Internet Project (I2P) is a fully encrypted, decentralized private network layer that aims to protect user activity and location, and r/i2p is the subreddit dedicated to information and discussions related to the I2p anonymous network. All your questions on how to set up and get I2P to work are welcome here.

28 Information_Security

Another general infosec subreddit, r/Information_Security is dedicated to providing information security news, analysis and links to blog posts as well as member questions. Recent topics include questions like ‘what is the best way to break into infosec for someone with my experience?’ and ‘Can Cisco VPN track/monitor my traffic on a personal device when disconnected?’ Almost 18,000 members ensure plenty of fresh traffic.

29 InfoSecNews

This subreddit is designed for users to post the latest Information Security related news and articles from around the Internet. The subreddit is intended to provide a location one can come and receive updated security news including security, privacy, and other security related industries or topics.

30 IOT

We’ve lost count of how many IoT devices there are predicted to be on the Internet by 2025, but it’s somewhere in the region of 30 billion units. Surprisingly, a couple of existing IoT security subreddits [1, 2] are not well populated, but r/IoT has a strong community of over 30,000 members where you can ask and learn about all things IoT related, including IoT security.

31 ISO27001

The r/ISO27001 subreddit aims to bring together like-minded professionals who want to network, discuss hot, relevant or important topics and contribute to an active ISO27001 community. Here you’ll find intro topics such as ‘I’m a new traveler on the ISO27001 journey’ as well as plenty of links to ISO27001 training and certification.

32 MacOS

Security on macOS is of increasing importance particularly in the Enterprise. Although the r/MacOS isn’t a dedicated macOS cybersecurity subreddit, with 186,000 members it is one of a number of places where new security issues can get an early mention and is worth keeping an eye on if you’re trying to stay ahead of new and developing threats for Apple’s desktop platform.

33 macsysadmin

This subreddit is definitely one for all you Mac admins out there. Here you’ll find lots of useful posts related to Mac administration, scripting, configuration profiles, remote management, firewalls, networking, MFA, and other topics that impact macOS security.

34 malware

The r/malware subreddit is a community for malware reports and information and enjoys a healthy 53,000+ members. Here you’ll find a wealth of information on the latest threats, and the forum is also a great place to ask your own questions, find things like phishing analysis tools or just discover general malware resources.

35 msp


If you’re using or thinking about using a Managed Services Provider in your organization, then msp is a subreddit for you. This community is heavily Q&A based with a lot of traffic from people seeking solutions to a wide variety of issues. With 113,000 members, there’s also lots of answers and this is definitely a friendly community where you can get help fast.

36 netsec

The r/netsec subreddit is a community for technical news and discussion of information security and closely related topics. This site is heavy on links to community-created tools available from github and similar repositories for all manner of useful scripts and programs to solve common and not so-common security problems.

37 netsecstudents

The r/netsecstudents subreddit is for students or anyone studying Network Security. This is the place to ask questions regarding your netsec homework, or perhaps you need resources for certain subjects, either way you’ll find them here! Users are welcom to contribute their own nfo or resources, too.

38 NetworkSecurity

This small community of around 6,000 doesn’t seem to have a lot of traffic at the moment, but it has been around since 2011 so there’s a wealth of useful archive material on enterprise and business network security topics, data centers, VPNs and related netsec topics.

39 opendirectories

The opendirectories is a subreddit for data hunters. Whether you’re looking for manuals on old computers or lab equipment, or desperate to find some obscure ebook, then this subreddit listing unprotected directories of images, videos, music, software and otherwise interesting files is a good place to start.

40 osx

Another general Mac related subreddit, this community has been around since 2008 (that’s OSX 10.5 Leopard era) and is another great place to keep up with what’s happening in the Mac world or to ask questions. While there’s definitely an emphasis on people running pre-macOS versions of Apple’s Desktop system, there’s still plenty of help requested and given for the newer versions and the newer M1 hardware.

21 Cybersecurity Twitter Accounts You Should Be Following in 2021

Read Now

41 privacy

Cruising at over 1.2 million members, there’s no mistaking that the r/privacy community is a popular and important place to swap news and join discussions around the intersection of technology, privacy and freedom in the digital world.

42 pwned

The r/pwned subreddit discusses news of recent breaches, leaked or stolen data, and other examples of pwnage affecting the confidentiality or integrity of data. You can filter by industry such as Finance, Technology, Healthcare and Government.

43 redteamsec


This subreddit is dedicated to red and blue teaming content including malware, tradecraft, and reverse engineering. Aside from links to breaking stories and helpful articles there’s also plenty of links to shared tools, techniques and github projects aimed at red and blue teams.

44 regames

If you are interested in reverse engineering, then regames could be the ideal place for you. This is a subreddit for those who enjoy reverse engineering games, figuring out how they work, defeating cheat detection, and all of the other fun things that advanced problem solving gives.

45 reverseengineering

With 110,000 members and a history that stretches back to 2008, the r/ReverseEngineering subreddit is the granddaddy of all things RE on Reddit. This amazing subreddit has a RE Weely Questions Thread, Triannual Hiring Thread and offers a moderated community dedicated to all things reverse engineering. An absolute must for all who like taking software (and other things) apart.

46 SecurityCareerAdvice

This subreddit bills itself as “like CSCareerQuestions, only cooler. Its 9,000 members offer a place to connect those seeking to learn with those who have walked the path before. Ask questions about cybersecurity careers here, and mentors can choose to answer as they have time.

47 securityCTF

Capture the Flag competitions are a hallmark of the uber-hacker and there’s no better subreddit to hang out for CTF folks than securityCTF. Here you’ll find news and links to wargames, CTF tournaments, tutorials and walkthroughs for challenges on HackTheBox and other platforms.

48 TOR


The TOR subreddit boasts almost 180,000 users dedicated to news and discussion around the TOR anonymity software. This forum covers everything from setting up your initial TOR instance to concerns about the most anonymous and secure way to setup and use The Onion Router software.

49 websecurity

As applications and services move to the web, avoiding web vulnerabilities such as XSS and CSRF becomes critical, and that’s where the r/websecurity subreddit comes in. Here you’ll find links and discussions on the development and maintenance of secure websites, for website owners, developers and pentesters.

50 zeroday

An A-Z of cybersecurity communities wouldn’t be complete without the last letter of the alphabet, and taking up our final spot is r/zeroday (what else?). This is a small community of around 2500 members focused mainly on links to published exploits and breaking news about new vulnerabilities.

Conclusion

And that rounds up our tour of the top 50 cybersecurity subreddits. There’s something for everyone from CISOs and CIOs to SOC analysts, malware hunters, penetration testers, reverse engineers and more. What’s your favorite subreddit? Did we miss it in our list? Share with us on  LinkedIn, Twitter, YouTube or Facebook.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security