# SALT Typhoon, Telecom Resilience, and Navy Acquisition Transformation

**Podcast:** a16z Podcast
**Published:** 2026-03-26

## Transcript

I was at Davos last year in a cyber form, and one of the speakers was talking about SALT Typhoon.
It was a closed door room of 60 cyber folks.
And wait, how many people know about this?
It was five out of 60.
What we learned was that China has infiltrated major telecommunications carriers in the US for all intents and purposes fully.
So you can listen to the phone calls, the lawful intercept plugin points.
They have control of those, and they can just flip turn along at any time and listen to.
I mean, what do you do on your phone?
You know, how much of your life runs on your phone?
Basically all of it.
And what we continue to learn is that that's true for everybody, everybody in the United States.
Rather than trying to ferret through the existing carriers on Guam and find all the China and try to get rid of it.
Let's just do a clean install of the telco on top of the existing physical infrastructure.
Just assume it's hostile.
This was literally three months before the SALT Typhoon news broken.
The more folks who are kind of bringing connecting the dots speaking the same language, I think the better off we all are from a national security and economic prosperity perspective.
In late 2024, the United States confirmed that Chinese hackers had infiltrated every major American cellular carrier.
The operation SALT Typhoon gave China access to lawful intercept systems, live phone calls, and the communications of senior government officials.
It was not a one-time breach.
It was the product of an industry-wide failure in cybersecurity.
Years before the story broke, a former Green Beret and Palantir executive had started building a new kind of cell network, one designed to operate securely on top of compromised physical infrastructure.
The Navy was an early partner, testing the technology on Guam before anyone outside the intelligence community fully grasped the scale of the threat.
David Yulovich speaks with Justin Fennelli, CTO of the Navy, and John Doyle, founder and CEO at CAPE.
Thank you guys for being here.
We are very lucky to have Justin Finelli, the CTO of the Navy on his second tour back with the Navy and in this role.
And we have John Doyle, the founder and CEO of CAPE with us.
And we're gonna have a terrific discussion about building for the country, building for the Navy, partnering with the Navy and all the technology transformation work that is going on at the Navy.
So thanks, guys, for being with us today.
Thanks for having me.
Justin, just give us a quick background who you are, what's your job today, how long you've worked in this space.
Thanks for having me.
Awesome to be with winners.
That's actually a big part of my job is hey, let's figure out where needs are, where gaps are, listen to our sailors and marines, spend time with them, and then connect dots for people who are bringing either improvements or breakthroughs.
The name of the game is how do we lessen paying and increase gang?
And so across the board, it's a little bit of signal to noise detection.
The good news is we have a really healthy and thriving and growing ecosystem.
And so this is not a me thing.
This is hey, how do we make sure that folks who are super innovative are able to get in?
How do we catalyze?
And so my backstory is I'm an engineer, Air Force picked electrical engineering.
There's a pretty good time for that.
This is just before the world starts getting eaten by software.
When was this?
Well, you're gonna date me.
So this is early 2000s.
Okay.
This is right after 9 11, but the hardware revolution and the internet starting.
I think that quote from Mark Andreessen happens late August.
Early 2000s, yeah.
Uh and then we start to like kind of my office within the Navy at that point starts to ride the wave towards software.
So really early glistenings on software-defined warfare.
No one called it that at that point.
I think the earliest name was network centric effects.
Right.
That's something a Cisco term where I used to work.
That sounds right.
Yeah.
Very strong early BD efforts by Cisco.
Overnight success, uh decade in the making, right?
And so like they end up adding up.
And so I had an engineer waypointing through.
So worked in the intelligence community in the actual manpower and business systems, operational systems within uh Department of War and Department of Navy, went to DARPA, helped stand up two new agencies from scratch.
So uh Space Development Agency and RPA H, so DARPA for healthcare.
Oh, cool.
And then Is that something that works with like the VA and things like that?
Yeah.
Yeah.
Yeah.
And so when I was at Defense Health, we were working with VA to try and connect the dots.
This is during Trump won.
Let's make sure that we are flattening the government connecting where we can be connected, right?
Have synergies.
At one point there, the health records for the veterans were on a different backbone than the health records for active duty.
It didn't make sense.
So kind of trying to be again around people who want to make things happen, scouting for new capabilities, new technologies, and then pulling those through.
And I think right now we have the most encouraging best set of pullers I've ever seen.
So it's a great time to be in the moment and in the ecosystem.
Awesome.
You we're excited to be investors in Cape.
We've been investors, I think, from the very beginning.
The very beginning.
Yeah.
Just almost exactly four years ago.
It's February 28th.
Amazing.
Okay.
A lot is our street.
This is the real anniversary.
A lot.
A lot is a lot, a lot has happened in that time.
Tell us before we tell.
I want you to tell us what CAPE is, but before that, you've had an amazing career.
To the extent that you are able and willing to tell us about your career, tell us what you've done before starting CAPE.
Sure.
Cool to be here.
Thanks.
My background, I was a computer science major, but then as soon as I graduated, I went in the Army.
We had just invaded Iraq.
I joined up, became a Green Beret.
I was Army Special Forces from 2003 until I left in 2008.
Brief detour to law school.
I'm a law school graduate, Harvard Law School.
Wow.
Passed the bar.
I figured out early I never wanted to be a lawyer, and instead I went to Palantir.
This is 2012 or 2013.
In the way that people found their way to Palantir in those years, I did.
I had an amazing run there.
Nine years at Palantir.
Started as a Ford Deployed engineer doing technical work, wrote code.
But my signature contribution to the company was running the national security business from 2017 until I left in 2022.
Amazing, super mission focused.
It's kind of uh wild five years.
We went public in the middle of all that, but it's also where I had the opportunity to learn about a whole host of vulnerabilities that exist in the commercial cellular network.
And that was interesting to me.
And then I was obsessed about it, and then I had ideas on how to fix it.
And so in 2022, with the help of the American dynamism team, who was really in the early days at that point, I left Palantir to start CAPE.
Awesome.
All right, what is CAPE?
CAPE is a global cellular network, commercial cell network.
So your phone, hopefully, yours says CAPE.
Here's my say Verizon in the upper left-hand corner.
Mine says CAPE because I'm on the CAPE network, it's live in 190 countries.
We're more private, more secure, and more resilient than any other commercial carrier on Earth.
We're gonna dig into this a little bit, but just briefly, what is more private, more secure, more resilient mean?
Right.
It's a good question.
Those all mean different things.
When we talk about privacy, we are highly differentiated in the way we manage our customer data, the way that we assign identifiers to their phones.
You need a bunch of identifiers on your phone for it to work.
We rotate ours kind of like Apple rotates Mac addresses on the iPhone.
We do that for a bunch of other ones.
More secure means it means a lot of things, as we've four years now into starting and running a telco.
When an entire team with almost no telecom experience when we started, a bunch of defense tech folks started at telecom.
What we learned was that the status quo in the telecom industry was really, really poor when it comes to cybersecurity.
And then I'm sure we'll talk about Salt Typhoon at some point a few years in, and this became not just a suspicion, but a reported story.
And so for us, that just means deploying commercial cloud, employ industry best practices when it comes to cybersecurity.
When we find off the shelf components that are lacking from a security perspective, we just build our own and we in house it.
And so over four years now we've been able to make real strides and we are I'm confident in saying meaningfully better than any other carrier from a cybersecurity perspective.
And then resilience for us means we are what's known as a mobile virtual network operator in the V, the virtual means we don't own any towers.
We rent capacity on towers from major carriers wherever we are in the world.
In the US, the list of companies that that includes overseas.
We just announced last week a partnership with Rakitan in Japan.
We did a joint US and Japanese self-defense force military exercise on Rakatan's physical infrastructure with CAPES software in Japan that was really successful.
So, but what that means is we become, and what we've built is a network of networks.
So we stitched together physical infrastructure wherever we find it.
And the result is that you're not reliant on any one physical infrastructure provider.
I won't name any names, but in the last six months, two of the three major US telcos have had significant outages.
Those aren't as scary for a Cape subscriber as they are for someone else because there's another network you can fail over in.
I see.
Awesome.
Well, I'm gonna get to how you two met in a moment, but Justin, you are CTO of the Navy.
That is a very, very big title, and with it must come a significant amount of responsibility, opportunity, and impact.
You know, when you stepped into that role as CTO of the Navy, how did you decide how to figure out your priorities?
How did you identify opportunities?
What are those opportunities?
What are the priorities?
And what are some of the things that you have focused your efforts and time on in the role?
I left and came back.
And so I'll tell you a quick story about coming back.
I was doing healthcare, I was loving it.
We were getting after it, making huge strides.
And so you always know where your cowboys are in the organization.
And so someone who I worked with a little bit, but not a lot, said, Hey, heard you're coming back to work with us.
And I said, Oh, I hadn't heard that.
And he said, Yeah, the Navy is pulling you back in.
And I said, I really like what I'm doing.
And he goes, It's different from when you left.
We've slowed down.
I said, Oh.
And he goes, and we know how to fix it, but we need you.
And I did not want to go.
And and so we had just kind of this group of unleashed folks, and they knew where others were.
And so they kind of handed me, hey, here's a pipeline of wins that we'd like to get through.
And so what that ended up looking like was it for us kind of forms part of the barbell strategy.
And so, like from a finance perspective, we're excellent at the high end, but on the lower tritable commercial, there hadn't been a lot of really strong experience of moving that through quickly.
And I think I probably had the best team anywhere.
And I had some experience doing it.
Is that a sourcing issue or procurement issue or contracting issue of identifying the technology priorities?
What makes the low end of the barbell, why hadn't that been moving or what needed to change?
I think reps.
And so if everyone was previously trained on here's how you buy a plane, here's how you buy a ship, then everything looks like that.
Yep.
And so we started with what are the differences if you're doing software.
And so we found the folks who are saying, hey, I think we can accelerate software acquisition.
I think we can spot talent.
I had done a little bit of VC work at that time.
There were four VCs making investments in the space.
There's 168 now by my last count, 42X in seven years, means that we have private sector that's ready to go knocking on the door.
We have some folks in senior leadership positions now who are saying, hey, come in.
And so that was a shift for us from make everything yourself innovate to let's be adopters of innovation.
And so that just between practice and kind of a different way of measuring yourself, that was a huge shift for us.
Now the good news is there's so much for support for this right now that even if people haven't had experience, just what three months ago now, Vice Admiral Total champion of these type of efforts, initiator, succeeder at many levels, said, Hey, let's do a boot camp together.
And so we took all the program managers and contracting officers, most of them who had never worked with commercial or very little, and said, here's how you do this differently.
Here's how you can do something in three months that used to take 18 months.
And so we had the folks who were doing that well and and pulling things through, and then we had folks who had questions.
We kind of workshopped that out.
It's it's a tale of two cities now.
It's really exciting.
See, the that answers excellent because I when I asked the question, I was just thinking about all the things that startups were doing wrong that they didn't know, or that private sector wasn't partnering with the Navy.
But what you just spoke about was really about internal education, internal training, rethinking about how they work with the private sector.
And maybe really it really takes it really takes both halves.
You got you need the startups and the companies to figure out how to work with the government, but the government has to figure out how to work with uh the companies.
I think we weren't listening enough before.
And it's definitely like a collective action thing.
We can talk about the outside in, but the inside out was the bottleneck.
And so we take in huge.
Yeah, like the primes have had 70 years to refine the go-to-market motion of how to sell to the government.
They already know how to do it.
And it's a new muscle for startups to build.
Maybe there's a good segue, John, to you.
Like, how did you meet Justin?
How did you get to meet the Navy?
And how do you sell to the government?
Maybe we'll get to that last part later.
It's a great question.
And maybe I'll as a bit of framing.
When I started CAPE four years ago and I didn't make this up, the conventional wisdom was if you're gonna do a defense tech startup or dual-use startup and sell to the government, go to the Navy last because they were the hardest to do business with.
The Air Force was fastest.
The Marines are also fast, but don't have very much money.
The Army is somewhere in the middle there, and then go to the Navy last because they're the slowest to adopt.
And that was just conventional wisdom that got repeated over and over and over again, which is important framing for when I met Justin and had the opportunity to brief his in it.
PEO Digital in the Navy, I had the opportunity to brief them on an exercise we had just done at CAPE where we deployed our network in support of a training exercise and had discovered it, had done a lot of validation.
It was a really good early, early proof point for us, and had discovered an interesting feature where we thought that we could offer a trusted cellular connection over known compromised physical infrastructure.
We tested this within the US borders by simulating a compromised telco.
Turned out to be a good thing to simulate.
When we talked to Justin in his office about it, Justin said, let me tell you about Guam, right?
We have this problem on Guam, which is we believe that there's a real problem with penetration of the telcos on Guam.
And it's they've been compromised.
They've been compromised.
And it's strategically important ground, of course.
Sure.
I mean, it's a really hard problem to unravel.
Maybe we can just deploy.
What if we just deployed the CAPE network on top of the known compromised physical infra?
Could we trust that connection?
And we worked with Justin and his team.
And what I think became was sort of on their end also a prototype of the system and the way of thinking that you've developed and really gone a long way towards implementing over the last four years to get a pilot together quickly and not spend a bunch of time wringing our hands over exactly all the kind of classic things that are hard to get under contract.
We worked as a sub with the major prime.
We worked with Justin and his office to identify funding from DIU, the Defense Innovation Unit to help us go faster.
And then we just went to Guam.
And one thing I want to hear Justin's perspective on this story and his side of it, but a really important thing that you did early on that I have a ton of respect for and I've seen now play out many, many times over, is insist from the beginning on defining success metrics.
He calls them or they call them world-class alignment metrics.
WAMs.
We call them success metrics, it's the same thing.
Let's be rigorous and specific at the outside.
Like, what does winning look like?
And what does that mean?
And why is that important?
And really transparently, you don't know the story, but we thought it was a pain in the ass internally, we're like, oh my god, we gotta because we went the we didn't get hung up on contract and we get hung up on dollar amount.
We iterated with your team several times on the whams, like we got the whams got to be right, the whams gotta be right.
But they were, and we got them really crisp, and we got really strong alignment between the Navy and between Cape on what success looked like.
And then we went and executed this pilot, and it was ahead of schedule and under budget, and we hit all the whams.
And in the middle of that story is when the salt typhoon news in the US broke and it turned out to be the case that Justin is and his team in partnership with DIU had incubated and validated this technology that then was critical for an emerging national security threat.
So in my mind, it's exactly the way that system is supposed to work.
That's a little rambly.
I want to hear your perspective on on how that went.
So the normal, hey, we need to meet, we have a game changer.
Yep, everyone has a game changer.
We think we're awesome.
I know.
And so I go and see them and I'm impressed with the tech.
But the translation is always the problem, right?
Everyone who wants to meet with us, they're like, if I just convince this person, but then we have to go back and convince people.
And then ultimately there's going to be a room that we're not in where a decision is going to be made.
And so this is why.
And you tell that story, but I'm not surprised that it was annoying, because the translation is what carries forward.
So, like what often will happen is like someone will say, like, we can do something with quantum that no one else can do.
And like, yeah, but who's going to explain that to everybody?
Yeah, like if we're talking about tech and we're not talking about outcomes, then like, how many engineers do you think are in that building, right?
Or can pull this forward.
And so to this point, it was pretty clear that hey, there's pain relief here.
And it's actually this is an interesting one to carry like things that we haven't really shared is defense acquisition system historically like hinges on a requirements axis.
And that's a slow access.
That's three years to write them all of this stuff.
This was ahead of need.
And so this is a case where we're looking at things that we think could be game changers, but not following like the full formal process and small dollar amounts, and then like ultimately like little bets that could turn into big bets if they carry.
And so you guys doing the business case and the mission case for us, like it made it a lot easier to pull that forward because there's still so many levers.
So the continuation of that story, like what I thought about it was, hey, if these guys can get over the hump, then we have an ace in the hole here.
And what we did, and kind of what that looked like at scale was when we stood up the team, the tech director team for this program executive office with an acquisition when I'm at this point acting CTO, we're looking at it and we're saying, we only have a handful of new investments.
There aren't even as many investments as there are problems.
Right.
And so I was like, when are we gonna get after these next ones?
And they're like, next year.
I'm like, but there's gonna be more it's like me sprinting against Usain Bolt.
If he has a head start, I'm not going to catch up, right?
It's going to increase the distance.
And so what we did at that point was we started wildcatting.
And we said, hey, you did two pilots last year.
How many do you think you could do?
Well, if we really pushed it, we could do five.
Great.
We're gonna do 25 this year.
Oh gosh, figure it out, right?
And so on the back end, how do you catch 25?
Well, you need a funnel, right?
And so what we did was we had a couple light caped that when they are really comparatively advantageous, it greases the skids on the funnel.
And so no one was going to be able to do the Rue Goldberg all the way through.
But if we had side by side, if we had A B and could show how much better that was, then I thought people would get a taste of that they did.
And then when opportunity or crisis strikes, then you scale and you have like kind of those use cases.
So that's a good.
So I guess my question is your team in your office can drive these pilots and drive these evaluations.
How do you take that innovation and then spread it across the Navy and make sure is it your team's job to make sure that you know what all the problems and needs and ass are across the Navy?
How do you basically make sure that the new technology, new capabilities, and the awareness of those capabilities gets spread across the Navy?
Yep.
I have the pleasure of working with like some of like the best servant leaders you've ever seen.
I can normally keep people up until they get offers about four times their salary.
At that point, it's harder to keep them, but the amount of kind of talent on a small team, it would still be a bottleneck if we were trying to keep it in-house.
And so what we do is always scouting, but more so it's a network of networks.
So to go meta with CAPE, like we're looking at here's what's out there, here's what's available.
And then we kind of have the unleashed people that we know in every community within the munitions community, here are the hitters within the robotics and autonomous systems, here are the hitters.
Here are proxies, here are some investors who are looking at this.
When a new company is in stealth mode, we probably know more about it than others, right?
And so that landscape, I'd say in general, what's happened, and this isn't our team, this is the department under a really strong leadership, is we went from a group of just straight builders trying to build everything to gardeners.
And we're okay, that's coming along, right?
We planted a seed there and it's springing, right?
And so how we pull those through, we have an innovation adoption kit.
We wanted to make sure these tools scaled.
And a cool story recently is I was with the special ops community and they said, yep, we're doing an exercise and through the innovation adoption kit, we found these pilots and we're going to send them into Horizon One.
I was like, who told you to say that?
And they're like, well, like sometimes we think of ourselves as the proving ground for the larger departments, big Navy, otherwise, right?
And so if we are learning things within the special ops community on maneuver warfare, and that applies to the Marine Corps, then if they have the business submission case, why wouldn't we pull that through?
And so it gives us an easier way to do that translation and convocation.
We're just in constant conversations with lots of people at all.
Well we're speaking the same language, sure.
And so the overhead costs are way down.
Like we're now all talking TCP IP instead of there were 27 different dialects.
Totally.
So maybe, John, has that been your experience?
So you, I would say, are sort of in the you're starting to mature from a go-to-market standpoint as a company.
You now have multiple engagements with the government across different areas of the government.
Do you find that they're talking to each other?
What advice do you have for founders who want to sell to the government?
I mean, you've found a number of, and by the way, selling telco services is not easy when there's very, very large entrenched incumbents.
So talk to us a little bit about how you've been able to then take relationships and successful outcomes like you've had with the Navy and expand from there.
And what does that look like a little bit?
It's a great question.
Do they talk to each other?
And then how do you navigate that?
The one thing that's been true forever is if you fail, that gets around fast.
I see.
Right.
And so you bad news travel.
Yeah, yeah, bad news travels, yeah, really quick.
And so that's always been the case.
What's interesting for us, and maybe it's broadly applicable, is the work, certainly the Navy's doing the work DIU is doing to do these tech validation and like move companies and tech more quickly through the stages of adoption.
A really powerful thing is unclassified and shareable tech evaluations.
On Guam, we did something we I shouldn't name the company, I guess, but we had a independent pen tester, a really credible third party come and do a deep dive on the tech and evaluate it at multiple levels of the stack.
And they wrote a 50-page report that DIU paid for because they wanted it and it was the right thing to do, but also they made it unclassified and shareable.
True.
And now we can use that across services, we can use that with other customers within the US government.
We got permission to share it with investors as we went out to raise more money.
And that has really positive effects for the company because we don't have to convince people that it works and does what we say that it does.
But it's also really beneficial to the government, not only because it helps our tech get out more broadly, but the fact that then we're then available to go raise more money and more capital and go more quickly, ultimately that all that money goes right back into government work anyway.
And it's a really super positive flywheel.
Awesome.
Yeah.
I kind of think we need to re-engineer the system for a better flywheel, right?
And so I think the, I don't know, your anthropology major.
My understanding to your research didn't wow is now out is a lot.
I didn't know that.
Interesting.
Okay.
But bad news travels six times faster than good news, right?
Right.
And so you just need more good news or a way to carry.
And so, like the success metrics, like our whams, hey, if you just are talking about cyber, if you're like, we hit more of the zero trust activities than other people, that falls on deaf ears for a lot of folks.
If we say we move the needle on operational resilience, right?
In the nuclear navy, they say two is one and one is none.
So if you're not resilient, you're in no good shape, right?
The idea of doing resilience as a function as a return on investment measure, as a success measure, we've had amazing war fighters and we have people who know their part of the process.
Right now we have economists and financial minds who can actually see the forest through the trees and tell a larger story.
And so if we have the data to feed them and we have a kind of a return on investment data substrate going, then we can choose better products that move the needle in a way that if we were all stovepiped, everyone's working on the same tree, it doesn't always turn into the forest that you want.
Sure.
We talked about secure communications and Cape Here.
What are the other areas within the Navy where you think that the private sector can find areas where there's opportunity, there's transformation underway.
I know we're investors in a company called Ceronic that makes unmanned surface vessels.
I think obviously the subsea domain is interesting.
Talk to us about some of the areas where you think there is exciting opportunity for the private sector to meet the Navy at its needs.
So maritime industrial base, very large.
We've been talking a little bit at the DOW level of, hey, here's the defense industrial base.
And we look at the suppliers, we used to kind of distinguish, oh, that's from this service or this depart.
We're one organization.
And so Honorable Michael put out, hey, here are the C six key technology areas to say, hey, let's operate as a department with a like a unified demand signal.
And so taking the lead from there, right, and saying, okay, within these six here areas that we can surge.
And so the research and engineering department, like that used to be a at times like a study the problem thing.
They're moving with urgency so that we can catch.
And so the answer to your question is obviously we want to get way better at scale and speed on manufacturing.
And so the idea of like working with some of these companies, I guess I shouldn't name them, but who are either working on point solutions where they're doing additive and just distributed manufacturing parts repair, that and the difference that can make if you think about like point is there's a little bit of some of that's not sexy, especially if it's at the point.
But the question is like how much difference is it making, right?
And so theory of constraints tells us that if you are blocked up, so we've been told that there's equipment out in the field where one little part is broken, and if you can 3D print a replacement part, you're back in service.
And if you have to wait six months for something to come from some factory that only makes it once a year, because they only make 500 of them, you know, you have a vehicle out of operation for six months.
It's crazy.
That full through line on that for manufacturing across the board.
And there's domain expertise, right?
And so, hey, here's what it is for aviation, here's what it is for maritime, here's what it is for just front end users on ships.
So I think that's like an area that we have started to see and continue to look for kind of big impacts.
What about on the software side?
On the software side, well, here's the useful and interesting part.
I think people recognize now that software networks, cyber have a seat at the table across the board, the basis for kinetic activity and soft activity, all of that's highly dependent.
And so what we've said is we want to get better at bending metal, but for software, there's just so much ripeness.
So here's how I think about that.
I can describe a couple problems, but realistically, the amount of technical debt is significant.
And so what I always encourage people to do is say, hey, if you're going to look at logistics, here are all of the government systems that are here right now.
Disrupt those, but make sure you're taking things out with them, right?
We want to divest to invest.
And so interesting.
Kind of like what we had said in the past was there's room for everybody, and we can just keep adding systems.
That's just not the case.
Right.
And so if you can take out five systems with one application, this is modern service delivery.
And so we actually put a guidebook out, modern service delivery 3.0, to say here's your here's how you loosely coupled, here's an actual implementation of modular open systems.
Here's how you pull those things forward.
And so for almost every domain where we're doing software, there are too many systems.
And so if you can do secure data delivery with an intuitive user interface, we will find room for you as long as you're taking things out and sending it to Operation Cattle Drive, sending it to the bone yard afterwards.
Yep.
Can I ask a follow-up question?
Yeah.
A question I get a lot, I bet you get a lot.
Also, you may not get as much.
Is either like a oftentimes the veteran in business school or sometimes from a lot of different places, I get asked the following question.
I am inspired by this dual use and defense tech movement.
I want to start a company in the space.
I don't have an idea of what I want to build.
I just know I want to be building and I'm ready to do it.
Yeah, yeah, right.
I'm ready to go.
What should they read?
What should they research?
Someone who's full of entrepreneurial drive and low on defense-specific knowledge, where should they start?
Yep.
So go to, I'm gonna channel my inner Steve Blank, go to where the problems are.
And so there are a lot of ships docked in San Diego and Norfolk.
If you are friends with someone else who's working in the area and you just want to learn, listening to their pain points.
We have hackathons.
So one of the plays from the innovation adoption kit is structured challenges that's now in the uh defense authorization act.
And so we're supposed to do structured challenges.
This includes pulling people in who are problem solvers and ultimately giving them problems.
And so here's the point: don't do that from on high or over there.
Be where the problems are and rank them by here is the size of the pain, right?
We don't want to solve three headaches.
We want to solve a migraine and then something imminent.
Yep.
And so the closer we're at at that, and then you check the scale on that.
Right.
But the problem that you read about is probably being covered by other people.
If we start there and then we look at, oh, here is a system that doesn't need to be there anymore.
I'll give you an example.
We shut down a system this year that people have been trying to shut down for 10 years.
Just couldn't put it in the coffin, right?
And so and then there's always some defender somewhere.
Someone's collecting those monthly bills.
Look, what often happens is if there's 10 modules, nine of them don't matter, but one is indispensable.
And these are severable tasks.
And so whenever I say turn something off, find a way to make it fully severable because we're not looking to pay more for the one thing that they need, which will happen, right?
So go after that, not a whole problem, but a chunk of a problem and pull the plug on the hardest piece.
Yeah.
When people ask us that question that you asked.
Like they have the desire, they're fully brought into the mission.
Maybe they're veterans.
Like we spend time with the commit Foundation, which are helping people transition out of government service into the private sector.
We usually tell them if they don't have an idea of what to do, they should go join a company like Kate.
Yeah, yeah.
And we tell them, like, go get startup experience.
And then we try to tell them, like, try to work at a startup that's good.
Because getting startup experience at a crappy startup actually does not help you.
It's actually a negative.
Because then you learn all the bad behaviors.
Everyone said you're probably gonna hate it.
Right, right.
And you won't like it, right?
Sometimes you learn what not to do, but that's not the lesson I'd rather you learn.
I'd rather you learn what to do.
So that is what we see.
We're gonna wrap up in a little bit here.
I do want to mention Salt Typhoon because that's a huge story in all of our lives and something that we've paid attention to, but I still think because it was a little bit of a complicated story, it never quite hit the mainstream to the degree that it probably should have.
Yeah.
Explain to us what Salt Typhoon is and to the extent you can, how something like CAPE is a resilient alternative.
Yeah.
To amplify your point.
I was in, this was shocking to me.
I was at Davos last year in a cyber forum, and one of the speakers was talking about Salt Typhoon and had like kind of glazed over.
Yeah.
A room of 60, it was a closed door room of 60 cyber folks.
And they said, Wait, how many people know about this?
None.
It was five out of the for cyber practitioners who traveled to Switzerland.
Yeah.
So they answered the first.
So what is Salton?
Well, yeah, what is Salt Typhoon?
Strictly speaking, Salt Typhoon is the name for an APT in advanced persistent threat group or a group of Chinese hackers who work for the government and do hacking on behalf of the Chinese government.
They have targeted critical infrastructure in the United States, and in particular the cell phone networks.
And so when the story came out, and what capability can they get by having infiltrated the cell phone network?
I mean, what do you do on your phone?
How much of your life runs on your phone?
For me, more than I'd like to admit.
Basically, all of it.
And what we continue to learn is that's true for everybody, everybody in the United States, up to including the most senior folks, right?
And that's not surprising.
The smartphone is one of the best products ever made.
The iPhone's one of the best products.
Certainly the most exquisite communications platform ever built.
So of course you run your life on it.
What we learned was that China has infiltrated major telecommunications carriers in the US for all intents and purposes fully.
So you can listen to the phone calls via the plug-in points that if the FBI comes and wants to put a wiretap on your phone.
The lawful intercept plugin points.
So they have control of those.
They have control of those, and they can just flip them, turn a lot at any time and listen to during the last presidential campaign, and then candidate JD Vance's phone calls were listened to, and that got reported.
That was an early, that was like a canary on the salt typhoon story.
Yeah.
Call data records, who's calling who, the duration of the call, connection, internet, websites.
I mean, it's kind of everything that you're doing on your phone, effectively.
And it was interesting was when I started the company, when we started the company four years ago, part of the pitch was this idea that China can leverage telecommunications network to basically see everything about you and us, and most importantly, the armed forces and the national security professional in the US.
And people didn't laugh us out of the room when we said that, but also it wasn't quite concrete in the way that it became after the SALT Typhoon thing was broken.
And then we just learned, actually, in fact, China has fully infiltrated the telecoms.
And then it has expanded now.
The story has grown from just the US to now.
Not every, but effectively every major carrier in the world is somehow implicated in the salt typhoon story.
The intelligence and the national security implications of that are enormous.
The implications for everyday citizens are enormous to the extent you care about your privacy and security as you should.
It also seemed to me one part of the story that is relevant is that it also allowed the hackers to know who was being lawfully intercepted.
Yes.
Which is also confidential information.
Correct.
Right?
Because there could be grand jury subpoenas, there could be all kinds of investigations underway, drug cartels, you name it.
And now the adversary knows whose calls are being topped.
Right.
So that was very, very scary, puts people at risk.
Yeah.
Okay.
Yeah.
And to the extent you can talk to us a little bit about how CAPE can help mitigate some of this threat.
Let me give you a broad version and I want to tell you a specific story.
Yeah.
The broad version is the way we've come to talk about Guam was rather than trying to ferret through the existing carriers on Guam and find all the China and try and try to get rid of it and never quite know when you're done or know if you've succeeded.
The basic idea was let's just do a clean install of a telco on top of the existing physical infrastructure.
Just assume it's hostile.
Yeah, and then and rely on our architecture, which allows for a cryptid traversal of the physical of the towers in the our software, our mobile core.
Yep.
And we tested that.
And that now has formed the basis of the work we're doing with Rackuten in Japan and elsewhere in the world because wars run on cellular networks, just like everything else does.
And so there's a lot that we can offer.
The specific story that I think is interesting is related to lawful intercept.
When we were building our telco out, so we're live nationwide in the US right now.
Consumers can self-drive and onboard.
One of the things you have to build is your story for responding to lawful intercept requests from law enforcement.
You're required by something called Calia to be responsive.
Nobody builds that themselves because it's super administrative.
The tech is actually quite easy, but there's a huge administrative burden to respond into a search warrant or a wiretap request.
And so everyone, every telco in the US, certainly, and I think around the world turns to one of a small number of sort of cottage industry vendors who will do that for you.
You say, I want to hire this company, they'll plug into my X1 interface and do my wiretaps for me.
So we picked one of the top ones and put them on a pilot, and we're getting them installed into our network and kicking the tires and whatever.
And our SRE team, we may be the only telco in the world was an SRE team, by the way, but our SRE team was evaluating the connection and looking at it, and they discovered in the installer that the vendor sent out to us when they unpacked it, there was an unencrypted text file that had the usernames and passwords for every single client of that vendor.
Crazy.
Insane.
Yeah.
And this was literally three months before the SALT Typhoon news broke, and we learned that China had compromised the X1 interface of all these major tour closing.
And I don't I have no specific knowledge.
That doesn't seem like it was that hard for them to do it.
It doesn't seem that hard.
And when I said at the outset that the industry baseline is so low, that's what I'm talking about, right?
And so the SRE team just did what they're supposed to do.
They notified them and said you shouldn't do this.
And by the way, we're gonna use a different vendor for our Calia compliance.
But that's the state of play where we're operating.
Okay.
Justin, you're up on 27 years of working in the government, you know, in and out, private sector as well.
I think from where I sit, this is the greatest time to be building companies that support the national interest, working with the governments largely and thanks to people like you, been more receptive to partnering.
But are there any parting words or thoughts or ask that you have for the private sector?
Kind of across the board, I feel like at this point, I get a decent amount of credit because I have an office that's made some things happen.
There are so many people behind the scenes.
And so it's a little bit I'm from Pittsburgh, City of Bridges.
No one designs a city with 300 bridges, but it ends up helping, right?
And so here's the point be a bridge.
And so you mentioned from one side to the other, we have so many hitters.
I was reading John Boyd this weekend and so Oodaloop creator and history fighter pilot.
And at his eulogy, they mentioned that he was a warrior engineer.
We have warrior engineers around right now.
And we have the buy and trilingual people.
We have lieutenants, we have a handful of the Marine Corps lieutenant colonel who started the innovation challenge, uh C McGee.
He made things happen.
And he is again an amplifier who is funneling things in.
And so I would say for people who want to join and be pullers on the side of that bridge, do it.
On the folks who want to push things in and make a difference.
I would just number one, recognize that we're in a moment where we care more about results.
We were focused on just kind of process and then some spray and pray.
Now we're focused on results and we can measure those outcomes.
So do that and bring us overmatches and show how much difference you can make.
And we're going to increase value, we're going to increase impact, and we're going to increase deterrence.
And so just be a part of that.
I don't have to tell people because this is the best support we've ever had.
But the more folks who are kind of bringing connecting the dots speaking the same language, I think the better off we all are from a national security and economic prosperity perspective.
Awesome.
Well, Justin and John, I want to thank you both for being with us today.
It was a great discussion.
And thank you both for what you're doing.
Thanks to you.
Appreciate it.
Thanks, man.
Thanks for listening to this episode of the A16Z Podcast.
If you like this episode, be sure to like, comment, subscribe, leave us a rating or a review, and share it with your friends and family.
For more episodes, go to YouTube, Apple Podcasts, and Spotify.
Follow us on X at A16Z and subscribe to our Substack at A16Z.substack.com.
Thanks again for listening, and I'll see you in the next episode.
As a reminder, the content here is for informational purposes only.
Should not be taken as legal business, tax, or investment advice, or be used to evaluate any investment or security, and is not directed at any investors or potential investors in any A16Z fund.
Please note that A16Z and its affiliates may also maintain investments in the companies discussed in this podcast.
For more details, including a link to our investments, please see A16Z.com forward slash disclosures.