Cybersecurity, blockchain and NFTs meet the metaverse

When Facebook Inc. changed its name to Meta Platforms Inc. last fall, the move catalyzed a chain reaction throughout the tech industry. Software firms, gaming companies, chipmakers, device manufacturers and others have joined in the hype machine.

It’s easy to dismiss the metaverse as futuristic hyperbole, but do we really believe that tapping on a smartphone, staring at a screen or two-dimensional Zoom meetings are the future of how we work, play and communicate? As the internet itself proved to be larger than we ever imagined, it’s very possible that the combination of massive processing power, cheap storage, artificial intelligence, blockchains, cryptocurrency, sensors, augmented and virtual reality, brain interfaces and other emerging technologies will combine to create new and unimaginable consumer experiences — and massive wealth for creators of the metaverse.

In this Breaking Analysis, we explore the intersection of cybersecurity, blockchain, cryptocurrency, nonfungible tokens and the emerging metaverse. To do so, we welcome Nick Donarski, cybersecurity expert, hacker, gamer, NFT expert and founder of ORE System.

Key issues for today’s discussion

Today we’re going to traverse two parallel paths. One took Nick from security expert and security penetration tester to NFTs, tokens and the metaverse. And we’ll simultaneously explore the complicated world of cybersecurity in the enterprise and how the blockchain, crypto and NFTs — which allow for the ownership of virtual items in virtual worlds such as avatars and virtual apparel — will provide key underpinnings for digital ownership in the metaverse.

We’ll talk a bit about blockchain and crypto and some of the realities and misconceptions and how innovations in those worlds have led to the NFT craze. We’ll look at what’s really going on in NFTs and why they’re important as both a technology and societal trend.

We’ll dig into the tech and try to explain why and how blockchain and NFTs will lay the foundation for the metaverse. And finally, who is going to build the metaverse and how long will it take?

From hacker to NFTs

Nick Donarski started his career as a hacker. He began to explore technology as an infant then got deep into cyber as a pen tester, helping companies expose gaps in their security. And it wasn’t just the logical part of the security stack.

Nick would sneak into client companies through weak points of access, like the smoking door. He’d park in a cubicle for hours playing games and wait for the staff to leave for the day. Then when things got quiet, he’d poke around the building, taking pictures of sensitive information left out on desks and he’d ultimately find the data center. He’d poke his head through the drop ceiling and see if access could be gained that way.

He even had two “get out of jail cards,” one fake and one real. The fake card had the phone number of a friend that he would call if caught by security to tell them he was legit – a technique he used to find weak links deep in the process. The real card was if security didn’t buy his story – or if his friend didn’t answer and Nick got put in handcuffs.

According to Nick:

I started a long time ago as my dad was really into technology. I wrote my first program on an Apple IIe in 1989 and incorporated my first company in high school when I was 16. The company did tech support for parents and teachers and then in 2000 transitioned and really got into security and my focus has been there there ever since.

I joined Rapid7 and then I was one of the founding members of HP’s Shadow Labs. I’ve been part of the information security and cyber community throughout my career. Whether it’s doing training at various conferences or speaking, my awesome moments are when things are getting broken into, I get to work with somebody that’s new to the industry that has that light bulb moment of really understanding the technology or an idea or “getting it” when it comes to security.

The complicated picture in enterprise security

Before we get into the emerging technologies, we want to share some data on the enterprise security market and get Nick’s comments. We’ve reported over the past several years on the complexity of the security industry and the numerous vendor choices security operations pros face. The chart below tells that story.

It’s an XY graph from the ETR surveys where the vertical axis is a measure of spending momentum called Net Score and the horizontal axis is Market Share, which represents each company’s presence. A couple of notable points:

  • First, it’s a crowded picture. There are many holes to fill in cyber and the tools just keep coming.
  • That red dotted line at the 40% Net Score on the Y axis marks highly elevated spending momentum.

Let’s just zoom out a bit and cut the data by those companies with more than 100 responses in the survey. You can see below it’s still a crowded picture, but a few callouts are noteworthy as detailed below:

  • SentinelOne, Elastic, Tanium, Datadog, Netskope and Darktrace were all above the 40% elevated line in the previous chart, and they’ve fallen off. They still have a decent presence in the survey – well over 60 responses but under 100, so they didn’t make this cut.
  • Auth0, now Okta, has the highest Net Score. Combined with Okta “classic,” which has a Net Score of 51.5% and 241 Shared N mentions, the combined entities present a formidable picture in identity access management. Auth0 brings the developer capabilities while Okta focuses on enterprise solutions;
  • Crowdstrike Holding, Zscaler, CyberArk, SailPoint and Cloudflare all show up above that 40% elevated line, with Rapid7 just below;
  • Most impressively, Palo Alto Networks and Microsoft have strong market presence on the horizontal axis and are also above the 40% line.
  • Cisco Systems and Splunk are below the 40% line but both show respectable spending momentum and a notable presence in the survey.

Complexity means more pathways to attack

Chief information security officers struggle to attract and retain enough talent to secure their organizations and that’s part of the reason the picture above is so crowded. But more tools means more complexity. We asked Nick to comment on this dynamic and the data above from the perspective of a security pro:

The more tools that organizations try to integrate into their systems, the more components, more dollars and more time their engineers need to spend to be responsible for these tools. The more hands in the cookie jar when it comes to the security architecture, the more avenues for attack become built into the system. Really one of the biggest things that organizations face is being able to have engineers that are qualified and technical enough to be able to support the complexity of the architecture. Deploying tools effectively is a good thing. But if it’s not tuned properly or if it’s not connected properly, that security tool can just add more attack vectors.

Let’s get into the meat of the discussion for today and talk about blockchain and crypto for a bit.

Blockchain and crypto: What’s real, what’s a scam?

A recent Substack post ripped Matt Damon for peddling crypto in TV ads. The article called out crypto as just a big pyramid scheme and noted how it’s all about allowing criminals to be anonymous and being an enabler for ransomware and drug trafficking. Although it’s true there are definitely scams and lots of dangers, these are common criticisms that overlook the fact that blockchain technology and cryptocurrency are being applied toward new innovations. The article, like many of its kind, fails to highlight the fact that many people consider initial public offerings and special-purpose acquisition companies forms of pyramid or Ponzi schemes.

One big difference is the maturity of regulation.

Bitcoin was born out of the financial crisis and the subprime mortgage meltdown of 2008/2009. It tapped the visceral reaction to a system that favors large financial institutions and hurts the average person. You remember the movie “The Big Short”? Christian Bale’s character couldn’t understand why, when real estate markets were cratering around him, that his “insurance policy” wasn’t skyrocketing in value. The reason was the big banks, likely with government knowledge, were unwinding their positions to reduce the damage. Once they limited their downside exposure, the market crashed in dramatic fashion.

Watch this clip of Stephen Colbert interviewing Michael Lewis, author of “The Big Short.” Listen to the audience’s reaction and you’ll get a sense as to the sentiment that fuels the thesis for bitcoin:

Banks were too big to fail so governments around the world simply printed more money to save them, racking up debt to do so. As of the date of this post, the U.S. national debt approaches $30 trillion, averaging almost $250,000 per taxpayer. Of course this was more recently fueled by the pandemic but national debt now exceeds U.S. GDP by around $6.4 trillion.

This isn’t politics, these are just facts.

Bitcoin specifically (and cryptocurrency generally) is the confluence of cryptography, software engineering and game theory – all well-understood and applied disciplines. The blockchain and cryptocurrency can cut out the so-called trusted third party and enable direct, highly secure transactions between two parties. The game theory aspect comes into play because it’s harder to hack bitcoin than it is to mine it– so people put their effort into mining what is a finite resource. The government can’t just print bitcoins.

It is true that criminals exploit the anonymity of crypto platforms like bitcoin to do bad things.

But there’s more to the story. Crypto and blockchain are at the heart of a technological revolution that is building out a new decentralized internet – some call it web3. It’s potentially one that is more secure and more private than today’s internet, which is largely controlled by Internet giants such as Google LLC, Meta’s Facebook, Amazon.com Inc., Apple Inc. and Microsoft.

Crypto is spawning new technologies that will be the underpinning of innovations in financial services, supply chain, digital rights management, manufacturing and more. The thing about crypto that often gets overlooked is that often it can be inclusive for the little people. In the past, for example, if you wanted to invest in a new technology, such as Linux, you had to wait for a company to announce an IPO, such as Red Hat, and then buy the stock. You as the little person could never get in on the ground floor. But with crypto there are hundreds of opportunities to get in early – like an early-stage venture capitalist. You never could do that before crypto.

Are there scams? Yes, absolutely. So you have to do your homework. And if you educate yourself, form a strong thesis and do research, you can often outperform the public stock market.

And blockchain technology underpins all this.

According to Nick:

I really like to separate ourselves and say that we are a blockchain company. We leverage cryptocurrencies. We leverage NFTs and those types of things, but blockchain is a technology which is the underlying piece. So cryptocurrency and a lot of that negative context comes with fear of something new. Without having that regulation in place, without having the rules in place. And we were a big proponent of regulation. We want regulation and clear rules. Because we want to do the right thing. And we we also want to help write those rules because a lot of the lawmakers and lobbyists may have other agendas.

Our goal is simplicity. We want the ability for the average person to be able to interact with crypto, interact with NFTs, interact with the blockchain in its various forms. The easiest way to understand blockchain is it’s simply a distributed database. That’s really the heart of what blockchain is. It’s a record-keeping mechanism that allows you a reference point. And the beauty of it is that it’s immutable. You can’t edit that data.

So when we talk about blockchain being an underlying technology in the future, we’re talking about things like security, where you have logging, you have record-keeping, whether you’re talking about sales, where you may have multiple different locations and users the globe. It creates a central repository that provides distribution and security in a way that you’re ensuring your data, ensuring the validation of where that data exists and when it was created.

Is blockchain technology secure?

Much has been said by skeptics, based on high-profile hacks into crypto exchanges or other thefts, that blockchain isn’t secure.

Here’s Nick’s take:

You know, snail mail is considered a very ancient technology, but it still works. You still get a portion of the population that falls for those phishing tricks. It’s all about trying to make sure that you have appropriate controls. And I think that as we move forward into the future, the simpler and the more comfortable these types of technologies become, the easier it will be to utilize and indoctrinate normal users to be able to take advantage of these innovations.

When you’re talking about blockchain, specifically, the majority of the attacks happen with the applications and the smart contracts that are actually running on the blockchain as opposed to necessarily the blockchain itself. And the the impact of whether that’s a loss of revenue or loss of tokens or whatever it is. In most cases that results from something that was a phishing attack, you gave up your credentials, somebody said paste your private key in here and you you win a cookie or whatever it might be.

But the fundamental piece is when you’re talking about various different networks out there, the underlying architecture of any system is the key to success. If you look at distributed networks, something like Ethereum or bitcoin, where you have those proof of work systems that disperse information, the more dispersed that information is, the less likely it is to be able to be impacted by one small instance.

Are NFTs just a fad?

When Beeple sold his digital art for $69 million, we wrote about NFTs and tried to make sense of them.

We asked Nick: Why should people pay attention to NFTs and why do they matter? Are they really an important trend and what are the societal and technological impacts we should consider? His comments:

NFTs are very new technology and ultimately it’s just another entry on on the blockchain. It’s just another piece of data in the database. But how it’s leveraged in the grand scheme of how we as as users is what makes NFTs unique. Is it just the art or is it any better than the poster on your wall? But some of the new applications is where you actually get that utility and function, for example in the case of say video games.

Videogames and gamers in general already utilize digital items. They already utilize digital points as you know in the case of “Call of Duty,” for example. “Call of Duty” points, those are just different versions of digital currencies. “World of Warcraft” Gold, I like to affectionately say was the very first cryptocurrency.

There was a Harvard course taught on the economy of WoW. There was a black market where you could trade your in-game gold for fiat currencies. And there’s even places around the world that you can purchase real-world items and stay at hotels for “World of Warcraft” Gold. So the adoption of blockchain simply gives a more stable and a diverse technology for those same types of systems.

You’re going to see that carry over into shipping and logistics where you need to have data that is single repository for being able to have multiple locations, multiple shippers from multiple global efforts out there that need to have access to that data but in the current context it’s either sitting on a shipping log, it’s sitting on somebody’s desk, all of those types of paper transactions can be leveraged as NFTs on the blockchain, it’s just simply that representation.

And once you break the idea of this is just a piece of art or this is a cryptocurrency, you get into a world where you can apply that NFT technology to a lot more things than I think most people think of today.

How do the blockchain and NFTs play in the metaverse?

Nick has stated that blockchain and NFTs are foundational elements of the metaverse. So we asked him: What is the metaverse to you and where do blockchain and NFTs fit?

I affectionately refer to the metaverse as just VR essentially. We’ve been playing virtual reality games and and all the rest for a long time. And VR has really been out there for a long time, so most people’s interpretation of the metaverse is a virtual reality version of yourself. And this idea of once it becomes yourself is where things like NFTs, blockchain and digital currencies are going to come in. For example, if you have a manufacturer like Nike and they want to put their shoes into the metaverse because we as humans want to individualize ourselves. We go out and we want to have that one shoe or special T-shirt or whatever it is.

We’re going to want to represent that the same type of individuality in our virtual selves. So NFTs and crypto and all of those digital currencies like I was saying that we’ve known as gamers are going to play a very similar role inside of the medical industry and other sectors. Basically you’re going take your physical world into the metaverse and acquire things.

The metaverse must be more open and cross-domain

Of course, Facebook spawned a lot of speculation and discussion with its name change, but the concept of the metaverse is not new. Second Life started in 2003 and is still around today. It’s small, but the creator is coming back into the company. Books were written in the early 1990s that used the term metaverse.

We asked Nick how he sees this evolving world and what role his company hopes to play in the future. He already sees the early giants trying to make the metaverse into their own closed system. Nick sees the metaverse as more open and cross-platform.

We just got back from CES last week and the metaverse is is a very big buzzword. You’re seeing a lot of integration of what people are calling “the metaverse” and there were organizations showing virtual office space, virtual malls, virtual concerts and those types of experiences. And the one thing that I don’t think that a lot of organizations have grasped is how to make one metaverse.

There’s no “Real Player.”

There are lots of organizations creating their version of the metaverse, which just like every other software and game vendor out there has their version of of cryptocurrency and their version of NFTs. You’ll see it start to pop up especially as Oculus comes down in price and you get new technologies like some of the VR glasses that look like more augmented reality and look more like regular glasses that you wear. The easier those technologies become as adopting into our normal lifestyle as far as like looks and feels, the faster that stuff’s going to actually come out into the world.

But when it comes to what we’re doing is we believe that the metaverse should actually span multiple different blockchains, multiple different segments, if you will. So what our system is doing is we’re actually building the underlying architecture and technologies for developers to bring their metaverses. So they can leverage all the systems.

The ability for having that cross support within the ecosystem is what really no one has has grasp on. Yet most of the organizations out there are using a very classic business model, right? Get the user in the game, make them spend their money in the game, make all their game stuff only good in their game. And that’s where the developer has you, they have you in their bubble, right? Our goal, and what we like to affectionately say, is we want to bring white-collar tools and technology to blue-collar folks. We want to make it simple, we want to make it off the shelf and we want to make it less cost-prohibitive, faster and cheaper to actually get out to all the users.

We do this by supporting the technology. That’s our angle is if you support the technology and you support the platform, you can build a community that will build the metaverse around them. Today when you buy an item in “Fortnite” or skin in “Call of Duty,” it’s only good in that game and not even in the franchise. It’s only good in that version of the game. In the case of what we want do is you can have that carry over along with your character. So say you buy a really cool shirt and you’ve got that in your “Call of Duty.”

In our case, we’re releasing a proof-of-concept video game to show that this whole thing actually works, but you can actually go in and you can get a gun in “Osiris Protocol.” And if we release “Osiris Protocol,” you’ll be able to take that to “Osiris Protocol Two.” The benefit of that is you’re going to be the only one in the next version with that item if you haven’t sold it or traded it or whatever else.

So we don’t lock you into a game, we don’t lock you into a specific application. You own that you can trade that freely with other users. You can sell that on the open market, we’re embracing – what used to be considered the black market.

Like many new innovations, large players try to get a foothold and lock in consumers. It’s likely that new disruptors like Nick’s company will enter the space and advocate for a more open and cross domain metaverse. Public policy, technology and disruption business models will likely be keys to the evolution of the metaverse.

Whatever the outcome, it’s also likely that blockchain, cryptocurrencies and NFTs will participate as well.

Many thanks to Nick Donarski for his insights and contribution to the program and best of luck building out his community.

Keep in touch

Remember we publish each week on Wikibon and SiliconANGLE. These episodes are all available as podcasts wherever you listen.

Email david.vellante@siliconangle.com, DM @dvellante on Twitter and comment on our LinkedIn posts.

Here’s the full video analysis:

All statements made regarding companies or securities are strictly beliefs, points of view and opinions held by SiliconANGLE Media Inc. or other guests on theCUBE and guest writers. Such statements are not recommendations by these individuals to buy, sell or hold any security. The content presented does not constitute investment advice and should not be used as the basis for any investment decision. You and only you are responsible for your investment decisions.

Image: ipopba/Adobe Stock

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.