On this week’s episode of the Full Stack Leader, we are talking to Valentine Wats at TechCrunch Disrupt 2023.
Valentine is the CTO and a co-founder of Excelitte, a data security service that instantly converts your data in a spreadsheet to a web-based software database application, automatically encrypting your data, providing access to it only after 3-Factor authentication. Excelitte instantly encrypts your computer or cloud-based files of any format, ensuring that your files can’t be ‘ransomwared’, stolen, or lost.
During our conversation, Valentine talks about cybersecurity, emphasizing the shift towards data protection in the era of remote work. He also advocates for a multi-layered approach to security, stressing the need to safeguard data in an age of unprecedented data generation and sharing.
We hope you enjoy the episode. You can find even more Full Stack Leader episodes here.
Ryan: Hello, everyone, and welcome to this week’s episode of the Full Stack Leader podcast. This is the special TechCrunch episode, and this week, I’m excited to have here with me Valentine Wats of Excelitte.
He’s the CTO there, and they work in the security field. I’m really excited to talk a bit about some of the exciting things happening on that front. It’s great to have you here, Valentine.
Valentine: Thank you. Great to be here.
What Excelitte does
Ryan: Well, we’ve had a couple of really great conversations coming out of the conference, and I was so excited to talk to you about some of the things you’re doing.
Maybe you can give us a quick rundown as to what Excelitte does and how you have your approach to cybersecurity.
Valentine: Okay, so Excelitte is a data protection tool set.
Traditionally, most cybersecurity products have leaned towards protecting the IT network itself. In other words, all the other layers that you’ve got to go through- the actual firewalls, the actual local air network, your wide area network, your virtual private network, and all the networks you need to get to actually get through to data, share data or to interact with anyone else on the network.
How remote work let to data vulnerability
We know that since COVID when everyone started working remotely, what became apparent was that we became a lot more vulnerable because so many were all logging in and doing work remotely. People are collaborating remotely as well. But then what that did was it simply precipitated the level of cybercrime, which is why we see all the news reports that we get now.
That level of collaboration and remote working from a security point of view was not advanced enough or had not advanced enough in the manner to which some of the sophisticated tools and techniques that now exist within the cybercrime world can impede some of those attacks.
So that’s created a problem where a lot of networks are getting bypassed, and people are stealing data. So, the ransomware crime is now on the up. So the approach we’ve used with Excelitte is to now serve as a last line of defense.
Protecting the data by encryption
If everything else fails and the cybercriminals have got into your network, when they get through, the data is encrypted with 256 AES bit encryption, which means that if you don’t have the correct keys – with a public and a private key – which is, really, what cryptology is all about – and we are going into more detail about that one- if you don’t have those keys, then you cannot view that data. So, pretty much what we did was we said, “We’re going to get there first.” Excelitte gets there first and encrypts your data, making it impossible for someone else to decrypt that data that does not have the keys.
So a typical scenario would be if Excelitte is protecting your data – whenever that data is stored – it is encrypted. But this is data, and it also includes data files as well. So we’re talking about data in the database and also your data files as well. Excelitte encrypts both and secures both.
So, by the time you get a data file that is already encrypted or a database that has data in it that is already encrypted, you really can’t do much about it as a cyber-criminal. All you can do is put on your own layer of encryption or try to delete that file. So, maliciously delete that file or encrypt it.
Now, if you encrypt it yourself, obviously, Excelitte does not have those keys, Excelitte cannot decrypt that file. But what now happens is we now have two layers of encryption: Excelitte has encrypted it, and the cybercriminal has also encrypted it. And even if they do delete that file, Excelitte automatically backs up this file, automatically backs up its encrypted file version, which means that regardless of what happens, a user can literally delete those files or literally delete every information from that computer, log back into Excelitte and pull up their files.
The backup is sitting right on your dashboard there in Excelitte and allows you to recover it -and it’s also sent to you via email. So, our approach with Excelitte is to focus on the data. We also have Excelitte AI, which is an offensive and defensive option as well, which is built – we’re probably at 67% stage of finishing it off right now, and it’s built to use known information and efficient, intelligent machine learning with data that we’re capturing at the moment to provide intelligence and learning Excelitte AI to preempt an attack.
So, in other words, profiling where an attack can come from and taking action to do that. So, it’s a combination of artificial intelligence, software robotics, and automation to ensure that the right level of protection is given for both your digital assets and your IT network.
The $10,000 challenge: how it started
Ryan: That sounds like you guys have been working on a pretty big and complex problem that really peaked its head since COVID. And you’ve seen ransomware become such a big deal. What really sparked me, though, at the booth, when I saw you guys there is you have this contest running to actually prove the level of security that you have. I thought it was a really fun and big call-out. Maybe you can talk a little bit about that?
Valentine: in order to explain what we’re doing, We started to explain better because it’s a lot better when you can visually show what we’re trying to do – and that’s what we tried. We thought of different methods of doing that, and we started running a cybersecurity challenge. I think about eight weeks ago now. And we also brought that into TechCrunch that we’re exhibitors and sponsors that as well. So we started running that challenge, and the idea is we’ve hidden data and information both in the database, in the Excelitte database, and in data files that are protected – encrypted by Excelitte. And we’ve said if you are able to break into a network and view this data, we will give you $10,000.
We would transfer this $10,000 to whatever Bitcoin wallet you have anywhere. Frankly, if you’re able to do that, we will double it up with negotiating to see if we could work with you. We would like to know how you did it – because, obviously, you’ve bypassed the highest levels of cryptology that we have today that we know a quantum computer is unable to break -at least not right now. I know it’s been talked about, and maybe it will happen the next time with some of the conversation around quantum computing, but it has not happened yet. And if it happens, I’m sure the level of cryptology would also go up a notch.
The $10,000 challenge: how it’s going
We decided to run this challenge, and we protected this data, and we’ve been getting, on average, about 150 attempted attacks, brute force attacks, Globally. We get it from the United States, Korea, South Korea, South Africa – wherever, just name it – the United Kingdom, Singapore – we’ve had it everywhere.
But we’re also using that to capture some data and studying that data and profiling some of where these attacks are coming from as the data that we’re using to feed into the Excelitte AI model that we’re building as well.
So far, there hasn’t been anyone breaking in. But the beauty of this is that even if someone does what we don’t believe is possible – if it does, it will help us to learn something more, and we’ll understand that some of the things we’re talking about have also advanced. And for us to raise the game in understanding how to mitigate that as well – that’s the first point. The second point is we’re getting over 150 attacks on a weekly basis now, But the point is even if they do break into the network, You still have the same problem, which is what we’re trying to demonstrate that even if you did bypass the network, which no one’s been able to do so far even if you were able to bypass the network, you still have a problem of breaking through 256-bit AES encryption.
Now, not unless you have a better method or you’ve come up with something to do that you’re not gonna get the prize. Now, once we’re in a TechCrunch as well, it was quite interesting because we’d obviously had it on the rollup banner and information, and it was very interesting watching people walk across. I know a number of conversations that we had where people stood there and said to me, “I’m going home. And when I get home, I’m going to round up my associates, and we’re going to try to break in” and believe me, two or three hours later, you would see a number of root attacks coming through, right?
It was quite a good one. And a good test of what we’re trying to do.
Protection from automated attacks
Ryan: Well, yeah, that makes a lot of sense. And I was wondering about the concept of these kinds of brute force attacks right now. They’re mostly human, right? But there is a shift coming – much like we’re going to see a shift in black hat hacking, where you’re going to see robots penetrating. I’m expecting we’re going to see a lot more white hat penetration protection from white hat penetration, from robots, as well as a way to basically inform us. Is there a point where it just becomes too complex to track when the robots begin to really try and tear one another apart?
Valentine: Well, to be honest, no, because you see, our networks and our server machines, our host server machines, are protected by complex passwords.
So you will see someone trying to break in as root, and they’ll try it consistently. And the point is when you try it four times, it’s automated to kick you out and then block that IP address. Then you try another one. Then you try another one. And you can watch this. I mean, when I look at the stats, when I see some of the reports, you would see, and you would know that some sometimes these attempts are via VPN where someone is going in and saying, “Okay, I’m not going to come in through here.”
And then you try it four times, and then it locks you out again. It says, “No, not gonna let you in.” But the passwords are complex. And that’s part of what we’re trying to indicate here as well, that the idea that we’re all vulnerable to cybercrime is very inaccurate. Very inaccurate. There are methods to ensure That you cannot be broken into, not without robots attempting it.
The distant challenge of robotic hacks
Now, using robots or software, robotics are using more automated fashions to try to break it. Yes, that is an issue because, obviously, that’s the piece to which you could try several notations, but with complex passwords as well.
And that becomes a challenge. Now, on top of that, we have no misgivings even if you do break through the network – even with the robotic and automation-type tools that you’re using, you still have a problem breaking through 256-bit encryption.
And I would like to be aware. If there is any such thing, we’re not aware. We’re certainly not aware of anything, of any robotics, or any automation you could use to break through that. The only thing you could use as the closest solution at the moment today is quantum computing, and it’s still not there yet.
Ryan: Well, I think I agree with you on a pure brute force level. I absolutely agree. I think you and I talked about this a little bit. It’s going to be a whole big ball of wax for everybody once quantum computing catches up to the point where it can break the encryption across everything.
Before then, though, there is still an interesting thing. I mean, we watched this with the ChatGPT testing where ChatGPT was using methods beyond brute force, where they were really, as a computer trying to think about how I communicate with other people to get things done. Do you think that there is a level of tracking around more multi-approach to the attacks that we have to keep in mind that a computer might be able to figure out that humans haven’t?
Using AI to impede cyber attacks
Valentine: Well, yes, I agree, but I think that’s the reason why I had a very interesting conversation with three cybersecurity industry leaders at TechCrunch as well.
One of the things that we agreed on very clearly was, in that same manner, that it is another reason why the wider use of artificial intelligence, machine learning, and software robotics can impede some of these attacks. So, as these attacks are getting more sophisticated, more automated, and are using intelligence, you’re going to have to reverse that intelligence as well or reverse those technology advances that are happening within the AI area.
Defend to defend them as well, which is what Excelitte AI is doing. Excelitte is literally doing what you’re saying, but from a defending point of view, so and also the approach of traditionally for the last 20 years, -and I’ve been around the street for the last 20 years, so I would know as well.- traditionally, for the last 20/25/30 years, the industry has adopted an approach that everything relies on the earlier layers Prior to getting to the data or to the application, we now say Excelitte we’ve had probably seven different groups of penetration testing done in Excelitte very deliberately because we now say that even in software engineering and application development, the application now needs to have some degree of robustness in terms of security in the build of it.
The idea that all the other layers will protect it beforehand is 20 or 30 years of ideas.
Today, we need the approach of not just the network layer, the firewall layers, and all that, but in terms of the data and the application as – we’re at that level of technology now, we need to reuse those things.
The same advancement to protect against some of these automated attacks that are going to happen, that are going to become even more rampant as we’re going to see in the future.
Joining forces for better data security
Ryan: How do we get the community together to work on this as a collaborative group versus, maybe, adversaries trying to beat each other out? It seems like this one might be better with heads put together versus heads separated.
Valentine: That’s a very good question. Ryan, I think that the industry is beginning to realize. I mean, certainly, obviously, we are pretty out of Australia at the moment. There are a lot of gatherings beginning to happen. In fact, because we actually have a minister for cyber security here, and she’s been doing a lot of work in terms of getting groups together from financial services and trying to begin to have some of these conversations and collaborations.
I think it’s getting there. Maybe not as fast as one would prefer, but I think some of those conversations, certainly with some of the guys that I met in TechCrunch, we’ve agreed that we’re actually organizing a couple of webinars over the next few months to have for that conversation because we had I think we had two or three hours standing up a conversation that was very intense and we intend to carry those things on and do our own little bit as well in organizing some of those things.
But I think there’s a lot going on certainly from this point of view where I think the realization is gradually becoming mainstream that people need to get together and talk about it. And even things like this podcast you’re doing today on what we’re doing today, things that would trigger me. Someone else would listen to this and say, “Oh, okay, let’s invite him to this. Let’s sit down and talk about this,” and this is a view as well. So, I think we’re getting there. Probably, I thought we were getting there, but I think there’s a lot of conversation, a lot of groups on cybersecurity who are beginning to have those conversations.
Need for cybersecurity education
I think we’re still far off from approach. I’m convinced that the approach I think there’s still a lot of educating, and that’s one of the things we’ve highlighted in the way we’re doing our marketing and the way that we’re getting this message out and the way that We are beginning to have a lot more emphasis on educating and saying “this is why we’re doing this.” Some of the videos that we’ve done or some of the marketing videos we’ve done – I think we have a 3D one, which tries to explain to you. We actually use an analogy of a burglar trying to get into your house and trying to steal a gold bullion that you have in the safe. We’ve used that as an analogy in the same way that someone’s trying to get to your data as well.
There’s a lot of education that needs to be done. There is a lot of talking about it for the different groups, companies, and people who are in this area who are looking for us to successfully start making an impact in mitigating cybercrime, the approach in the way that will protect it.
Remember, data was not as valuable. We didn’t have as much volume of data as we had 30 years ago. Today, a mobile phone can carry more data Than a database server 20 years ago, and you can have phones that carry as much as a terabyte of data today. We generate, we consume, and we share so much more data than we did 20-30 years ago.
So we’ve been kind of caught off guard to a point. And there’s a lot of catching up that now needs to be done in the way that we safeguard unprotected data. And part of that thinking needs to be looking at a new approach, a new way, leveraging new technology as well in using that to reverse that and then impede some of these crimes as well.
Ryan: Yeah, that’s a great summary. One last thing before we wrap up. I thought I’d switch it to something kind of fun. I was in a comic book store with my son the other day, and I was looking at all the different superheroes in the comic book store. And I had this epiphany, I think, that all the superheroes in here are actually digital cyber security heroes because it is the universe in which superheroes can actually live, and we can do some pretty amazing things.
So, along those lines, what do you think are some interesting superheroes or cyber security developments that might be coming to life over the next little bit? And can they become mythology and interesting stories?
Valentine: So, in other words, you’re saying, “How do we liken a superhero, like the comic, To some of the work that we’re doing?”
Ryan: We can’t have Spider-Man in real life, but we can have a superhero body of capabilities in the digital landscape.
Are we going to see some interesting leaps in that? And can it become something that we relate to on that level?
More innovation is coming
Valentine: Wow. Okay. That’s a good question. I think I am excited for the future. And I think there’s so much that can be done.
And I think that as research and development and new tools, new advancement, but in software engineering overall information technology overall across your IoT, across your robotics, software robotics and all forms of automation. I think we’re certainly going to see some very advanced. I think the moment the industry pivots to understanding that we need to innovate even further because there are cybersecurity professionals who are very much stuck in the old traditional methods of protecting a network.
I am saying you need to move. You need to be a little bit more open in advance. So, the short answer to your question is “Yes.”
Ryan: I think Iron Man, or maybe even Batman, like technology-driven characters.
But I think to some degree, a lot of the magic that’s taking place that we see inside those stories are things that we can only imagine as something that, not real, but we’re kind of entering into that space where we’re gonna see some of that happen on a computing level. So it’s gonna be interesting.
I thought it was kind of playful to think about, “Oh, you might see.”
Valentine: Absolutely. Yeah, absolutely. I agree. Iron Man that’s probably one of the clues. I’m sure there are others, and I come to mind at the moment. I’m sure there are others now.
I’m sure once I come up there, I’ll remember it. I’m thinking, “Oh, I should have said this one, “but that’s fine. I am on this pretty close, I would say.
Ryan: I just thought it would be a fun one to end on. But yeah, it was really great to hear your thoughts and talk a little bit about this.
I hope we get a chance to chat more here in the near future. You’re working on an extremely important problem for everybody. And we appreciate all of your innovative thought. And I was really excited to meet you and see you at the conference.
Valentine: Thank you very much. Thanks. Thanks for having me here.