a16z Podcast - Security, Resilience, and the Future of Mobile Infrastructure
Episode Date: March 26, 2026David Ulevitch speaks with Justin Fanelli, CTO of the Navy, and John Doyle, founder and CEO at Cape, about how the Navy is transforming its approach to technology adoption, from running bootcamps for ...program managers to piloting commercial solutions in months instead of years. They discuss the Salt Typhoon breach that exposed China's infiltration of American cellular networks, how Cape built a secure alternative, and what defense tech founders need to understand about selling to the government. Resources: Follow Justin Fanelli on LinkedIn: https://www.linkedin.com/in/justinfanelli/ Follow John Doyle on X: https://twitter.com/JohnDoyleCape Follow David Ulevitch on X: https://twitter.com/davidu Stay Updated:Find a16z on YouTube: YouTubeFind a16z on XFind a16z on LinkedInListen to the a16z Show on SpotifyListen to the a16z Show on Apple PodcastsFollow our host: https://twitter.com/eriktorenberg Please note that the content here is for informational purposes only; should NOT be taken as legal, business, tax, or investment advice or be used to evaluate any investment or security; and is not directed at any investors or potential investors in any a16z fund. a16z and its affiliates may maintain investments in the companies discussed. For more details please see a16z.com/disclosures. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Transcript
Discussion (0)
I was at Davos last year in a cyber form, and one of the speakers was talking about Salt Typhoon.
It was a closed door room of 60 cyber folks, and she said, wait, how many people know about this?
It was five out of 60.
What we learned was that China has infiltrated major telecommunications carriers in the U.S.
For all intents and purposes fully.
So you can listen to the phone calls, the lawful intercept plug-in points.
They have control of those, and they can just turn it on any time and listen to this.
I mean, what do you do on your phone?
You know, how much of your life runs on your phone?
Basically all of it.
And what we continue to learn is that that's true for everybody,
everybody in the United States.
Rather than trying to ferret through the existing carriers on Guam
and find all the China and try to get rid of it,
let's just do a clean install of a telco on top of the existing physical infrastructure.
Just assume it's hostile.
This was literally three months before the salt typhoon, the news broke,
and we learned China had compromised the X1 interface all these major telcos.
The more folks who are kind of bringing, connecting the dots speaking the same language,
I think the better off we all are from a national security and economic prosperity perspective.
In late 2024, the United States confirmed that Chinese hackers had infiltrated every major American cellular carrier.
The operation, Salt Typhoon, gave China access to lawful intercept systems, live phone calls, and the communications of senior government officials.
It was not a one-time breach. It was the product of an industry-wide failure in cybersecurity.
Years before the story broke, a former Green Beret and Palantir executive had started building a new kind of cell network,
one designed to operate securely on top of compromised physical infrastructure.
The Navy was an early partner, testing the technology on Guam before anyone outside the intelligence community fully grasped the scale of the threat.
David Ullovich speaks with Justin Finnelli, CTO of the Navy, and John Doyle, founder and CEO at Cape.
Thank you guys for being here.
We are very lucky to have Justin Finnelli, the CTO of the Navy,
on his second tour back with the Navy and in this role.
And we have John Doyle, the founder and CEO of Cape with us.
And we are going to have a terrific discussion about building for the country,
building for the Navy, partnering with the Navy,
and all the technology transformation work that is going on of the Navy.
So thanks guys for being with us today.
Thank you for having me.
Justin, just give us a quick background,
who you are, what's your job today, how long you've worked in this space.
Thanks for having me, awesome to be with winners.
That's actually a big part of my job is, hey, let's figure out where needs are,
where gaps are, listen to our sailors and Marines, spend time with them,
and then connect dots for people who are bringing either improvements or breakthroughs.
The name of the game is how do we lessen pain and increase gain?
And so across the board, it's a little bit of signal to noise detection.
The good news is we have a really healthy and thriving and growing ecosystem.
And so this is not a me thing.
This is, hey, how do we make sure that folks who are super innovative are able to get in?
How do we catalyze?
And so my backstory is I'm an engineer, Air Force picked electrical engineering.
It was a pretty good time for that.
This is just before the world starts getting eaten by software.
When was this?
Well, you're going to date me.
This is early 2000s.
Okay.
This is right after 9-11.
But the hardware revolution and the Internet starting,
I think that quote from Mark Andreessen happens late.
Early 2000s, yeah.
And then we start to like kind of my office within the Navy at that point,
starts to ride the wave towards software.
So really early glistings on software-defined warfare.
No one called at that at that point.
I think the earliest name was network central.
effects. Right. It sounds like a Cisco term, where I used to work.
They were in verge of the
very strong early BD efforts by Cisco.
Overnight success, a decade in the making,
right? And so they end up adding up. And so
kind of engineer way pointing through, so worked in the
intelligence community, in the actual manpower and business
systems, operational systems within
Department of War and Department of Navy, went to DARPA, helped
stand up two new agencies from scratch.
So space development agency and ARPA H, so DARPA for healthcare.
Oh, cool.
And then.
There's absolutely that works for like the VA and things like that.
Yeah.
Yeah.
And so when I was at Defense Health, we were working with VA and try and connect the dots.
This is during Trump one.
Let's make sure that we are flattening the government connecting where we can be connected, right?
Have synergies at one point there.
The health records for the veterans were on a different backbone than the health records for active duty.
It didn't make sense.
So kind of trying to be, again,
around people who want to make things happen,
scouting for new capabilities, new technologies,
and then pulling those through.
And I think right now we have the most encouraging best set of pullers
I've ever seen.
So it's a great time to be in the moment and in the ecosystem.
Awesome.
John Doyle, who I've known for a long time.
You?
We're excited to be investors in Cape.
We've been investors, I think, from the very beginning.
The very beginning.
Yeah.
Just almost exactly four years ago, is February 28th.
Amazing.
Okay.
A lot is our history.
This is the relationship anniversary.
A lot.
A lot is happened in that time.
Tell us, before we talk, I want you to tell us what Cape is, but before that, you've had an amazing
career.
To the extent that you are able and willing to tell us about your career, tell us what you've
done before starting Cape.
Sure.
Cool to be here.
Thanks.
My background, I was a computer science major.
But then as soon as I graduated, I went in the Army.
We had just invaded Iraq.
I joined up, became a Green Beret.
I was Army Special Forces from 2003.
until I left in 2008.
Brief detour to law school.
I'm a law school graduate, Harvard Law School.
Wow.
Passed the bar.
I figured out early I never wanted to be a lawyer,
and instead I went to Palantir.
This was 2012 or 2013 in the way that people found their way
to Palantir in those years.
I did.
I had an amazing run there.
Nine years at Palantir, started as a forward-deployed engineer
doing technical work, wrote code.
But my signature contribution to the company
was running the national security business from 2017
until I left in 2022.
amazing super mission focused.
It's kind of wild five years.
We went public in the middle of all that.
But it's also where I had the opportunity to learn
about a whole host of vulnerabilities
that exist in the commercial cellular network.
And that was interesting to me,
and then I was obsessed about it,
and then I had ideas on how to fix it.
And so in 2022,
with the help of the American Dynamism team,
who was really in the early days at that point,
I left pound here to start Cape.
Awesome.
All right.
What is Cape?
Cape is a global cellular network, commercial cell network.
So your phone, hopefully it says Cape.
Here's my say Verizon in the upper left hand corner.
Mine says Cape because I'm on the Cape Network is alive in 190 countries.
We're more private, more secure, and more resilient than any other commercial carrier on Earth.
We're going to dig into this a little bit, but just briefly, what does more private, more secure and more resilient mean?
Right.
It's a good question.
Those all mean different things.
When we talk about privacy, we are highly differentiated in the way we manage our customer data,
the way that we assign identifiers to their phones.
You need a bunch of identifiers on your phone for it to work.
We rotate ours, kind of like Apple,
rotates Mac addresses on the iPhone.
We do that for a bunch of other ones.
More secure means, it means a lot of things
as we've four years now into starting and running a telco,
when an entire team with almost no telecom experience
when we started, a bunch of defense tech folks started at telecom.
What we learned was that the status quo in the telecom industry
was really, really poor when it comes to cybersecurity.
And then I'm sure we'll talk about salt.
at some point a few years in,
this became not just a suspicion,
but a reported story.
And so for us, that just means
deploying commercial cloud,
employ industry best practices
when it comes to cybersecurity.
When we find off-the-shelf components
that are lacking from a security perspective,
we just build our own and we in-house it.
And so over four years now,
we've been able to make real strides
and we are, I'm confident,
and saying meaningfully better
than any other carrier from a cybersecurity perspective.
And then resilience for us means
we are, what's more than a mobile virtual network
operator in the V, the virtual means we don't own any towers. We rent capacity on towers from
major carriers wherever we are in the world. In the U.S., the list of companies that that includes
overseas, we just announced last week a partnership with Rackatan in Japan. We did a joint U.S. and Japanese
self-defense force military exercise on Rackatan's physical infrastructure with CAPES software in Japan.
It was really successful. So what that means is we become and what we've built is a network
of networks. So we stitched together physical infrastructure wherever we find it. And, and
And the result is that you're not reliant on any one physical infrastructure provider.
I won't name any names, but in the last six months, two of the three major U.S. telcos have had significant outages.
Those aren't as scary for a CAPE subscriber as there for someone else because there's another network you can fail over.
I see. Awesome.
Well, I'm going to get to how you two met in a moment.
But, Justin, you are a CTO of the Navy.
That is a very, very big title.
And with it must come a significant amount of responsibility, opportunity, and impact.
You know, when you stepped into that role as CTO of the Navy,
how did you decide how to figure out your priorities?
How did you identify opportunities?
What are those opportunities?
What are the priorities?
And what are some of the things that you have focused your efforts and time on in the role?
I left and came back.
And so I'll tell you the quick story about coming back.
I was doing health care.
I was loving it.
We were getting after it, making huge strides.
And so you always know where your cowboys are in the organization.
So someone who I worked with a little bit, but not a lot, said, hey, heard you're coming back to work with us.
And I said, oh, I hadn't heard that.
And he said, yeah, the Navy is pulling you back in.
And I said, I really like what I'm doing.
And he goes, it's different from when you left.
We've slowed down.
And I said, oh.
And he goes, and we know how to fix it, but we need you.
And I did not want to go.
And so we had just kind of this group of unleashed folks and they knew where others were.
And so they kind of handed me, hey, here's a pipeline of wind.
that we'd like to get through.
And so what that ended up looking like was it for us
kind of formed part of the barbell strategy.
And so like from a finance perspective,
we're excellent at the high end,
but on the lower treatable commercial,
there hadn't been a lot of really strong experience
of moving that through quickly.
And I think I probably had the best team anywhere
and I had some experience.
It's not a sourcing issue or procurement issue
or contracting issue of identifying the technology priorities?
What makes the low end of the barbell, why hadn't that been moving or what needed to change?
I think reps.
And so if everyone was previously trained on here's how you buy a plane, here's how you buy a ship,
then everything looks like that.
And so we started with what are the differences if you're doing software?
And so we found the folks who are saying, hey, they think we can accelerate software acquisition.
I think we can spot talent.
I had done a little bit of VC work at that time.
There were four VCs making investments in the space.
there's 168 now by my last count, 42X in seven years,
means that we have private sector that's ready to go knocking on the door.
We have some folks in senior leadership positions now who are saying,
hey, come in.
And so that was a shift for us from make everything yourself innovate
to let's be adopters of innovation.
And so that, just between practice and kind of a different way of measuring yourself,
that was a huge shift for us.
Now, the good news is there's so much for support for the,
this right now that even if people haven't had experience, just what, three months ago now,
Vice Admiral, total champion of these type of efforts, initiator, succeed at many levels,
said, hey, let's do a boot camp together. And so we took all the program managers and contracting
officers, most of them who had never worked with commercial or very little, and said,
here's how you do this differently. Here's how you can do something in three months that used to
take 18 months. And so we had the folks who were doing that well and pulling things to
and then we had folks who had questions,
we kind of workshop that out.
It's a tale of two cities now.
It's really exciting.
See, that answer is excellent,
because when I asked the question,
I was just thinking about all the things
that startups were doing wrong,
that they didn't know,
or the private sector wasn't partnering with the Navy.
But what you just spoke about was really about
internal education, internal training,
rethinking about how they work with the private sector,
and maybe really takes both halves.
You need the startups and the companies
if you're out of work with the government,
but the government has figured out
work with the companies.
I think we weren't listening enough before.
And it's definitely like a collective action thing.
We can talk about the outside in, but the inside out was the bottleneck.
And so we've taken huge.
Yeah, like the primes have had 70 years to refine the go-to-market motion of how to sell
to the government.
They already know how to do it.
And it's a new muscle for startups to build.
Maybe there's a good segue, John, to you.
How did you meet Justin?
How did you get to meet the Navy?
And how do you sell it to the government?
Maybe we'll get to that last part later.
fell to the government.
Yeah.
It's a great question.
And maybe as a bit of framing,
when I started Cape four years ago,
and I didn't make this up,
the conventional wisdom was,
if you're going to do a defense tech startup
or a dual-use startup
and sell to the government,
go to the Navy last
because they were the hardest
to do business with.
The Air Force was fastest.
The Marines are also fast,
but don't have very much money.
The Army is somewhere in the middle there
and then go to the Navy last
because they're the slowest to adopt.
And that was just conventional wisdom
that got repeated over and over and over again,
which is important.
and framing for when I met Justin and had the opportunity to brief.
He was in at PEO Digital in the Navy.
I had the opportunity to brief them on an exercise we had just done at Cape where we deployed
our network in support of a training exercise and had discovered it had done a lot of validation.
It was a really good early, early proof point for us.
It had discovered an interesting feature where we thought that we could offer a trusted cellular
connection over known compromised physical infrastructure.
We tested this within the U.S. borders by simulating a compromised telco.
turned out to be a good thing to simulate.
But when we talked to Justin his office about it,
Justin said, let me talk about Guam, right?
We have this problem on Guam, which is we believe
that there's a real problem with penetration
of the telcos on Guam.
They've been compromised.
They've been compromised.
And it's strategically important ground, of course.
Sure.
I mean, it's a really hard problem to unravel.
Maybe we can just deploy.
What if we just deployed the Cape network
on top of the known compromised physical infra?
Could we trust that connection?
And we worked with Justin and his team,
and what I think became was sort of on their end,
also a prototype of the system
and the way of thinking that you've developed
and really gone a long way towards implementing
over the last four years
to get a pilot together quickly
and not spend a bunch of time
wringing our hands over exactly
all the kind of classic things
that are hard to get under contract.
We worked as a sub with a major prime.
We worked with Justin in his office
to identify funding from DIA,
the Defense Innovation Unit,
to help us go faster.
And then we just went to Guam.
And one thing, I want to hear Justin's perspective
on this story and his side of it,
but a really important
thing that you did early on that I have a ton of respect for and I've seen now play out many,
many times over is insist from the beginning on defining success metrics. He calls them,
or they call them world class alignment metrics. We call them success metrics. The same thing.
Let's be rigorous and specific at the outside. What does winning look like? And what does that mean
and why is that important? And really transparently, you don't know the story, but we thought it was a
pain in the ass internally. We're like, oh my God, we got to because we went, we didn't get hung up
on contract and we get hung up on dollar amount.
We iterated with your team several times on the
whams. We got the whams got to be right. The whams have got to be right.
But they were and we got them really crisp
and we got a really strong alignment between the Navy and between
Cape on what success looked like. And then we went and
executed this pilot and it was
ahead of schedule and under budget and we hit all the
whams. And in the middle of that
story is when the Salt Typhoon News in the U.S. broke and it turned out to be
the case that Justin is in his team in partnership with
D.I.U. had incubated and validated this technology.
was critical for an emerging national security threat.
So in my mind, it's exactly the way that system is supposed to work.
That's a little rambly.
I want to hear your perspective on how that went.
So the normal, hey, we need to meet.
We have a game changer.
Yep, everyone has a game changer.
We think we're awesome.
I know.
And so I go and see them and I'm impressed with the tech.
But the translation is always the problem, right?
Everyone who wants to meet with us, they're like, if I just convince this person,
but then we have to go back and convince people.
And then ultimately, there's going to be a room that we're not in where a decision is
going to be made. And so this is why, and you tell that story, but I'm not surprised that it was
annoying, because the translation is what carries forward. So, like, what often all happen is, like,
someone will say, like, we can do something with quantum that no one else can do. And like, yeah,
but who's going to explain that to everybody? Like, if we're talking about tech and we're not
talking about outcomes, then, like, how many engineers do you think are in that building, right? Or can
pull this forward. And so to this point, it was pretty clear that, hey, there's pain relief here.
And it's actually, this is an interesting one to carry, like, things that we haven't really shared is defense acquisition system historically, like hinges on a requirements axis.
And that's a slow axis. That's three years to write them, all of this stuff.
This was a head of need.
And so this is a case where we're looking at things that we think could be game changers, but not following, like, the full formal process and small dollar amounts.
And then, like, ultimately, like, little bets that could turn into big bets if they carry.
And so you guys doing the business case and the mission case for us, like it made it a lot easier to pull that forward because there's still so many levers.
So the continuation of that story, like what I thought about it was, hey, if these guys can get over the hump, then we have an ace in the hole here.
And what we did and kind of what that looked like at scale was when we stood up the team, the tech director team for this program executive office with an acquisition when I'm at this point acting CTO.
we're looking at it and we're saying,
we only have a handful of new investments.
There aren't even as many investments as there are problems.
And so I was like,
when are we going to get after these next ones?
And they're like next year,
I'm like, but there's going to be more.
It's like me sprinting against Usain Bolt.
If he has a head start, I'm not going to catch up, right?
It's going to increase the distance.
And so what we did at that point was we started wildcatting.
And we said, hey, you did two pilots last year.
How many do you think you can do?
Well, if we really pushed it, we could do five.
Great.
We're going to do 25 this year.
Oh, gosh, figure it out, right?
And so on the back end, how do you catch 25?
We need a funnel, right?
And so what we did was we had a couple light cape that when they are really comparatively
advantageous, it greases the skids on the funnel.
And so no one was going to be able to do the Rue Goldberg all the way through.
But if we had side by side, if we had A.B.
and could show how much better that was
than I thought people would get a taste of that they did
and then what opportunity or crisis strikes,
then you scale and you have like kind of those use cases.
That's a good, so I guess my question is
your team in your office can drive these pilots
and drive these evaluations.
How do you take that innovation
and then spread it across the Navy
and make sure, is it your team's job
to make sure that you know what all the problems
and needs and ASAR across the Navy?
how do you basically make sure that the new technology, new capabilities,
and the awareness of those capabilities get spread across the Navy?
Yep.
I have the pleasure of working with something like the best servant leaders you've ever seen.
I can normally keep people up until they get offers about four times their salary.
At that point, it's harder to keep them.
But the amount of kind of talent on a small team, it would still be a bottleneck if we were trying to keep it in-house.
And so what we do is always scouting, but more so it's a network of network.
So to go meta with CAPE, like we're looking at here's what's out there, here's what's available.
And then we kind of have the unleashed people that we know in every community.
Within the munitions community, here are the hitters.
Within the robotics and autonomous systems, here are the hitters.
Here are proxies.
Here are some investors who are looking at this.
When a new company is in stealth mode, we probably know more about it than others, right?
And so that landscape, I'd say in general, what's happened, and this isn't our team.
this is the department under a really strong leadership,
is we went from a group of just straight builders,
trying to build everything to gardeners.
And we're, okay, that's coming along, right?
We planted a seed there and it's springing, right?
And so how we pull those through,
we have an innovation adoption kit.
We wanted to make sure these tools scaled.
And a cool story recently is, I was with the special ops community,
and they said, yep, we're doing an exercise.
And through the innovation adoption kit,
we found these pie.
and we're going to send them into Horizon One.
I was like, who told you to say that?
And they're like, well, like sometimes we think of ourselves
as the proving ground for the larger departments,
Big Navy, otherwise, right?
And so if we are learning things
within the Special Ops community on maneuver warfare,
and that applies to the Marine Corps,
then if they have the business and mission case,
why wouldn't we pull that through?
And so it gives us an easier way
to do that translation and conversion.
We're using constant conversations with lots of people at all.
But we're speaking the same language.
Sure.
And so the overhead costs are way down.
Like we're now all talking TCP IP instead of there were 27 different dialects.
Totally.
So maybe John, has that been your experience?
So you, I would say, are sort of in the, you're starting to mature from a good to market standpoint as a company.
You now have multiple engagements with the government across different areas of the government.
Do you find that they're talking to each other?
What advice do you have for founders?
who want to sell to the government.
I mean, you've found a number of...
And by the way, selling telco services
is not easy when there's very, very large
entrenched incumbents.
So talk to us a little bit about
how you've been able to then
take relationships and successful outcomes
like you've had with the Navy
and expand from there.
And what does that look like a little bit?
It's a great question.
Do they talk to each other?
And then how do you navigate that?
The one thing that's been true forever
is if you fail,
that gets around fast.
I see.
Right?
And so you, bad news travels.
Yeah, bad news travels.
Yeah, really quick.
And so that's always been the case.
What's interesting for us and Navy is broadly applicable is the work, certainly Navy is doing
the work DIY is doing to do these tech validation and like move companies in tech more quickly
through the stages of adoption.
A really powerful thing is unclassified and shareable tech evaluations.
On Guam, we just something.
we probably shouldn't name the company, I guess,
but we had an independent pen tester,
a really credible third party come
and do a deep dive on the tech
and evaluate it at multiple levels of the stack.
And they wrote a 50-page report
that DIU paid for because they wanted it
and it was the right thing to do,
but also they made it unclassified and be shareable.
And now we can use that across services.
We can use that with other customers
within the U.S. government.
We got permission to share it with investors
as we went out to raise more money.
And that has really positive effects
for the company because we don't have to convince people
that it works
But it's also really beneficial to the government, not only because it helps our tech get out more broadly, but the fact that we're then able to go raise more money and more capital and go more quickly.
Ultimately, all that money goes right back into government work anyway.
And it's a really super positive flywheel.
Awesome.
Yeah.
I kind of think we need to re-engineer the system for a better flywheel, right?
And so I think the, I don't know, your anthropology major, my understanding, their research is outed.
Four years ago.
No, then.
Justin, okay.
But bad news travels six times faster than good news, right?
Right.
And so you just need more good news or a way to carry.
And so, like the success metrics, like our whams,
hey, if you just are talking about cyber,
if you're like, we hit more of the zero trust activities than other people,
that falls on deaf ears for a lot of folks.
If we say we move the needle on operational resilience, right?
In the nuclear navy, they say two is one and one is none.
So if you're not resilient, you're in no good shape, right?
The idea of doing resilience as a function, as a return and investment measure, as a success measure,
we've had amazing war fighters and we have people who know they're part of the process.
Right now, we have economists and financial minds who can actually see the forest through the trees and tell a larger story.
And so if we have the data to feed them
and we have a kind of a return on investment data substrate going,
then we can choose better products that move the needle
in a way that if we were all stovepiped,
everyone's working on the same tree,
it doesn't always turn into the forest that you want.
Sure.
We talked about secure communications and Cape here.
What are the other areas within the Navy
where you think that the private sector
can find areas where there's opportunity
there's transformation underway.
I know we're investors in a company called Serronic
that makes unmanned surface vessels.
I think obviously the subsea domain is interesting.
Talk to us about some of the areas
where you think there is exciting opportunity
for the private sector
to meet the Navy at its needs.
So maritime industrial base, very large.
We've been talking a little bit at the DOW level
of, hey, here's the defense industrial base.
And we look at the suppliers.
We used to kind of distinguish, oh, that's from this service
or this department, we're one organization.
And so, Honorable Michael put out,
hey, here are the six key technology areas
to say, hey, let's operate as a department
with a unified demand signal.
And so taking the lead from there, right,
and saying, okay, within these six here are areas
that we can surge.
And so the research and engineering department,
like that used to be at times like a study the problem thing.
They're moving with urgency so that we can catch.
And so the answer to your question is, obviously, we want to get way better at scale and speed on manufacturing.
And so the idea of like working with some of these companies, I guess I shouldn't name them,
but who are either working on point solutions where they're doing additive and just distributed manufacturing parts repair that and the difference that can make if you think about like,
point is there's a little bit of some of that's not sexy, especially if it's at the point.
But the question is like how much difference is it making, right?
And so theory of constraints tells us that if you are blocked up.
We've been told that there's equipment out in the field where one little part is broken.
And if you can 3D print or replace from part, you're back in service.
And if you have to wait six months for something come from some factory that only makes it once a year because they only make 500 of them,
you know, you have a vehicle out of operation for six months.
It's crazy.
That full through line on that for manufacturing across the board.
And there's going to main expertise, right?
And so, hey, here's what it is for aviation.
Here's what it is for maritime.
Here's what it is for just front end users on ships.
So I think that's like an area that we have started to see and continue to look for kind of big impacts.
What about on the software side?
On the software side, well, here's the useful and interesting part.
I think people recognize now that software networks, cyber have a seat at the table across the board.
The basis for kinetic activity and soft activity, all of that highly dependent.
And so what we've said is we want to get better at bending metal,
but for software, there's just so much ripeness.
So here's how I think about that.
I can describe a couple problems, but realistically,
the amount of technical debt is significant.
And so what I always encourage people to do is say,
hey, if you're going to look at logistics,
here are all of the government systems that are here right now.
Disrupt those.
But make sure you're taking things out with them, right?
We want to divest to invest.
And so, interesting.
Kind of like what we had said in the past was there's room for everybody,
and we can just keep adding systems.
That's just not the case.
Right.
And so if you can take out five systems with one application, this is modern service delivery.
And so we actually put a guidebook out, Modern Service Delivery 3.0, say, here's how you loosely coupled.
Here's an actual implementation of modular open systems.
Here's how you pull those things forward.
And so for almost every domain.
where we're doing software, there are too many systems.
And so if you can do secure data delivery with an intuitive user interface, we will find
room for you as long as you're taking things out and sending it to Operation Cattle Drive,
sending it to the Boneyard afterwards.
Can I ask a follow question?
Yeah.
A question I get a lot.
I bet you get a lot.
Also, you may not get as much.
Is either like a, oftentimes as a veteran in business school or sometimes from a lot of different
places I get asked the following question. I am inspired by this dual use and defense
tech movement. I want to start a company in the space. I don't have an idea of what I want to
build. I just know I want to be building. And I'm ready to do it. Yeah, yeah, I'm ready to go.
What should they read? What should they research? Someone who's full of entrepreneurial drive and
low on defense-specific knowledge. Where should they start? Yep. So go to, I'm going to channel my
interstate blank, go to where the problems are. And so there are a lot of ships docked in San Diego
in Norfolk. If you are friends with someone else who's working in the area and you just want to
learn, listening to their pain points, we have hackathons. So one of the plays from the Innovation
Adoption kit is structured challenges that's now in the Defense Authorization Act. And so we're
supposed to do structured challenges. This includes pulling people in who are problem solvers and
ultimately giving the problems. And so here's the point. Don't do that from on high or over there.
be where the problems are and rank them by here is the size of the pain, right?
We don't want to solve three headaches.
We want to solve a migraine and then something imminent.
And so the closer we're at that, and then you check the scale on that, right?
But the problem that you read about is probably being covered by other people.
If we start there and then we look at, oh, here is a system that doesn't need to be there anymore.
I'll give you an example.
We shut down a system this year that people have been trying to shut down for 10 years.
Just couldn't put it in the coffin, right?
And so in that there's always some defender somewhere.
Someone's collecting those monthly bills.
What often happens is if there's 10 modules, nine of them don't matter, but one is indispensable.
And these are severable tasks.
And so whenever I say turn something off, find a way to make it fully severable because we're not looking to pay more for the one thing that they need, which will
happen, right? So go after that, not a whole problem, but a chunk of a problem and pull the plug
on the hardest piece. Yeah. When people ask us that question that you ask, like, they have the desire,
they're fully brought into the mission, maybe they're veterans, like we spend time with the
Commit Foundation, which are helping people transition out of government service into the private
sector. We usually tell them, if they don't have an idea of what to do, they should go join a company
like, Kate. Yeah, yeah. And we tell them, like, go get a startup experience. And then we try to tell
and like, try to work at a startup that's good
because getting startup experience
at a crappy startup actually does not help you.
It's actually a negative.
Because then you learn all the bad behaviors.
Everyone once you're probably going to hate it.
Right, right.
And you won't like it, right.
Sometimes you learn what not to do,
but that's not the lesson.
I'd rather you learn.
I'd rather you learn what to do.
So that is what we see.
We're going to wrap up in a little bit here.
I do want to mention Salt Typhoon
because that's a huge story in all of our lives
and something that we've paid attention to,
but I still think because it was a little bit
of a complicated story,
it never quite hit the mainstream
to the degree that it probably should have.
Explain to us what Salt Typhoon is
and to the extent you can
how something like Cape is a resilient alternative.
To amplify your point,
I was in, this was shocking to me,
I was at Davos last year in a cyber forum
and one of the speakers was talking about Salt Typhoon
and had like kind of glazed over.
Yeah.
A room of 60, it was closed door,
room of 60 cyber folks.
And they said, wait, how many people know,
about this. None. It was five out of
crazy. It's crazy. For cyber practitioners who traveled
to Switzerland. Yeah. So they answered the first
What is Salt Typhoon? What is Salt Typhoon? Strictly
speaking, Salt Typhoon is the name for an APT
and advanced persistent threat group, a group of Chinese
hackers who work for the government and do hacking on behalf of the
Chinese government. They have targeted critical
infrastructure in the United States and in particular
the cell phone networks. And so when the story came
And what capability can they get by having infiltrated the cell phone network?
I mean, what do you do on your phone?
How much of your life runs on your phone?
For me, more than I'd like to admit.
Basically all of it.
And what we continue to learn is that's true for everybody, everybody in the United States,
up to including the most senior folks, right?
And that's not surprising.
The smartphone is one of the best products ever made.
The iPhone is one of the best products.
Certainly the most exquisite communications platform ever built,
so of course you run your life on it.
What we learned was that China has infiltrated,
infiltrated major telecommunications carriers in the U.S.
for all intents and purposes fully.
So you can listen to the phone calls via the plug-in points
that if the FBI comes and wants to put a wiretap on your phone.
Those are a lawful intercept.
The lawful intercept plug-in-points.
So they have control of those.
They have control of those,
and they can just flip them, turn along at any time and listen to us.
During the last presidential campaign,
then candidate J.D. Vance's phone calls were listened to
and that got reported.
That was an early, that was like a canary on the assault typhoon story.
Yeah.
Call data records, who's calling who,
the duration of the call, connection, internet, websites.
I mean, it's kind of everything that you're doing on your phone effectively.
And what was interesting was when I started the company, when we started the company four years ago,
part of the pitch was this idea that China can leverage telecommunications network to basically see everything about you and us.
And most importantly, the armed forces and the national security professional in the U.S.
And people didn't laugh us out of the room when we said that.
But also it wasn't quite concrete in the way that it became after the salt typhoon, it was broken.
And then we just aren't actually, in fact, China has fully infiltrated the telecoms.
And it has expanded now.
The story has grown from just the U.S. to now.
Not every, but effectively, every major carrier in the world
is somehow implicated in the Salt Typhoon story.
The intelligence and the national security implications that are enormous.
The implications for everyday citizens are enormous.
The extent you care about your privacy and security, as you should.
It also, it seemed to me one part of the story that is relevant
is that it also allowed the hackers to know who was being lawfully intercepted.
Yes.
Which is also confidential information.
Correct.
Right?
Because there could be grand jury subpoenas.
There could be all kinds of investigations underway, drug cartels, you name it.
And now the adversary knows whose calls are being tapped.
Right.
So very scary.
Put people at risk.
Yeah.
Okay.
Yeah.
And to the extent you can talk to us a little bit about how CAPE can help mitigate some of this threat.
Let me give you a broad version.
And I want to tell you a specific story.
The broad version is the way we've come to talk about Guam was rather than trying to
ferret through the existing carriers on Guam
and find all the China
and try to get rid of it
and never quite know when you're done
or know if you've succeeded.
The basic idea was
let's just do a clean install of a telco
on top of the existing physical infrastructure.
Just assume it's hostile.
Yeah, and rely on our architecture,
which allows for a cryptotroversal
of the physical, of the towers
into our software, our mobile core.
Yep. And we tested that
and now is formed the basis
of the work we're in Rakuten in Japan.
And now's around the world
because wars run on cellular networks just like everything else does,
and so there's a lot that we can offer.
The specific story I think is interesting is related to Lawful Intercept.
When we're building our telco, so we're live nationwide in the U.S. right now,
consumers can self-drive and onboard.
One of the things you have to build is your story for responding to lawful intercept requests
from law enforcement.
You're required by something called Kalia, very responsive.
Nobody builds that themselves because it's super administrative.
The tech is actually quite easy,
but there's a huge administrative burden
to respond into a search warrant or a wiretap request.
And so every telco in the U.S., certainly,
and I think around the world,
turns to one of a small number of sort of cottage industry vendors
who will do that for you.
You say, I want to hire this company,
they'll plug into my X-1 interface
and do my wiretaps for me.
So we picked one of the top ones
and put them on a pilot,
and we're getting them installed into our network
and kicking the tires and whatever.
In our SRE team,
we may be the only telco in the world,
was an SRE team, by the way,
but our SRE team was evaluating the connection
and looking at it,
and they discovered in the installer
that the vendor sent up to us
when they unpacked it,
there was an unencrypted text file
that had the usernames and passwords.
Every single client of that.
Crazy.
Insane.
Yeah.
And this was literally three months
before the Salt Typhoon news broke
and we learned that China had compromised
the X-1 interface
of all these major storicos.
And I don't, I have no specific knowledge.
That doesn't seem like it was that hard
for them to do it.
It doesn't seem that hard.
And when I said at the outset
that the industry baseline
And it's so low, that's what I'm talking about, right?
And so the S3 team just did what they're supposed to do.
They notify them and they said, you shouldn't do this.
And by the way, we're going to use a different vendor for our Kalea compliance.
But that's the state of play where we're operating.
Okay.
Justin, you're up on 27 years of working in the government, you know, in and out, private sector as well.
I think from where I sit, this is the greatest time to be building companies that support
the national interests, working with the government largely in thanks to people like you,
been more receptive to partnering.
But are there any parting words or thoughts or ask that you have for the private sector?
Kind of across the board, I feel like at this point, I get a decent amount of credit because I have an office that's made some things happen.
There are so many people behind the scenes.
And so it's a little bit, I'm from Pittsburgh, City of Bridges.
No one designs a city with 300 bridges, but it ends up helping, right?
And so here's the point, be a bridge.
And so you mentioned from one side to the other.
We have so many hitters.
I was reading John Boyd this weekend and so Udalupe creator and history fighter pilot.
And at his eulogy, they mentioned that he was a warrior engineer.
We have warrior engineers around right now.
And we have the by and trilingual people.
We have lieutenants.
We have a handful of the Marine Corps lieutenant colonel who started the innovation challenge,
Steve McGee.
He made things happen.
And he is, again, an amplifier who is funneling.
things in. And so I would say for people who want to join and be pullers on side of that bridge,
do it on the folks who want to push things in and make a difference. I would just, number one,
recognize that we're in a moment where we care more about results. We were focused on just kind
of process and then some spray and prey. Now we're focused on results and we can measure those
outcomes. So do that and bring us overmatches and show how much difference you can make. You can
make and we're going to increase value, we're going to increase impact, and we're going to
increase deterrence. And so just be a part of that. I don't have to tell people because this is the
best support we've ever had, but the more folks who are kind of bringing, connecting the dots
speaking the same language, I think the better off we all are from a national security and economic
prosperity perspective. Awesome. Well, Justin and John, I want to thank you both for being with us
today. It was a great discussion. And thank you both for what you're doing. Thanks, thank you.
Thanks, man.
Thanks for listening to this episode of the A16Z podcast.
If you like this episode, be sure to like, comment, subscribe,
leave us a rating or review, and share it with your friends and family.
For more episodes, go to YouTube, Apple Podcast, and Spotify.
Follow us on X at A16Z and subscribe to our substack at A16Z.com.
Thanks again for listening, and I'll see you in the next episode.
As a reminder, the content here is for informational purposes only.
should not be taken as legal business, tax, or investment advice, or be used to evaluate any investment or security, and is not directed at any investors or potential investors in any A16Z fund.
Please note that A16Z and its affiliates may also maintain investments in the companies discussed in this podcast.
For more details, including a link to our investments, please see A16Z.com forward slash disclosures.