The old man start a business also has the spring--Chinese grassroots Silicon Valley entrepreneurship present situation

Dream of this thing and the classics like, never fade because of time, but more precious
--"Old boy"

What would people think of a 35-year-old man in one word? Uncle? Mature? Sophisticated? 35 years old in the eyes of most people are invisible Karez, career bottlenecks, family pressure, mechanical life, there is an exponential decline in energy, physical and creative. Entrepreneurship for many 35-year-old men, or with that romantic first love, or once dreamed of life. Many people choose to minimize stability and risk when they are young, and most of the compromises are futile, step-by-step, and then suddenly feel that they should rise to change after a few years, but they are powerless.

In Silicon Valley, where the average founder is less than 30 years old, the entrepreneurial circle is the 35+, and when everyone is looking for "next Zuckerberg," the average age group seems a little out of tune. Chinese in the fourth part of the Silicon Valley series we are going to talk about an old men's entrepreneurial team, how to give up the big company's handsome salary and optimistic prospects, in the high cost of choice, resolutely chose the highest risk of entrepreneurship road. The protagonist of the story is the mobile Internet Security Application team, the average age of the team is as high as 37 years old, is the "Old man" entrepreneurial group. Mobile Internet security in the field of the major road giants hand-to-hand combat, but not one has a clear advantage. How is the Trustlook team "hale and Hearty", undaunted in front of the Giants, focused on the field of development, in less than a year in the major hacker/Bai Ke community to make a name, and in the recent "heart bleeding" loopholes in the emerging? Here we are together with Trustlook founder, Allan Zhang, in-depth discussion of the old man entrepreneurial and Trustlook team of various.

36 Krypton: Can you briefly introduce the background of the older boys in the team?

Trustlook: I was originally Palo Alto receptacle early employees, after the IPO came out of their own. Xie was formerly a member of the core team of InnoPath Mobile device management, and later did a lot of front-end development at Yahoo, including Yahoo! Finance and iOS versions and Android. Daniel is the advisor to our big data piece, the boss of the original Yahoo Hadoop team Pig. Wilson is I met in a small café, a word completely touched me, he said "I 1.5 in the Play store wrote more than 40 applications", Weimin has many years of mobile and mobile Internet development experience, The author of the mobile phone management software Mobie, plus the original Dealmoon (North American Money Express) Android version, Sanli from Marvell to support all the databases and service tiers. Tianfang is the smallest, 87 white hat hacker in our team. Basically everyone is a very powerful action hand, no slow people. We are releasing a new version of the program every day.

36 Krypton: How did you make a career out of "throwing your wife and your son"? The choice in Silicon Valley is very expensive, especially for men with family. They tend to have a very respectable salary and optimistic outlook in big companies. What is the motivation to get everyone together?

Trustlook: It's not as hard as you think. Although the cost of starting a business is very high for us, but it is for those of us who have been in the big company for nearly 10 years, we know very well that the company can give you a good salary, but it is difficult to have a strong sense of belonging. Working and starting a business are two different attitudes. Especially you can meet a bunch of friends who can fight, all want to burn their youth tail, all in this industry saw the problem of mobile security, are hoping to change the future of mobile security, the cost of this option to go down immediately. Those who do not want to come out in the enterprise, and you care about the salary of the number of people, you do not meet in the entrepreneurial process. To be together first is to be like-minded, the early startup never rely on money to recruit. You think about why China has so many engineers in Silicon Valley, but so little entrepreneur,it moment-in be something wrong.

36 Krypton: What's wrong with that? It is because the last generation of Chinese came to Silicon Valley, many of them are scholarships doctoral graduates, the purpose of life is to better life and a more stable income, so it is more inclined to a stable career path in large companies?

Trustlook: I think it is the social definition of success and the problems in the process of education and training. We are not in this direction to cultivate, we cultivate is a big house, there are two children, a wife does not work at home to take care of children, such a life for men is the most "natural". If the 35-year-old is still engaged in entrepreneurship, without a stable income, such men in the universal values is "failure." Such people will never be entrepreneur. Tianfang at the time to come to our company and I said, you give me the basic salary, other I a penny don't, I just like this thing, want to work in your team. At that time one months, he palo Alto receptacle the first year of the option is due, he did not want a penny, come directly to us here. Ordinary people do not have the courage. So I and everyone in the team said, I hope you go, to create a better product and team than Trustlook. Because I know that the founder of the Bones, is not to stop the pace of entrepreneurship.

36 Krypton: In fact, age for entrepreneurship is a double-edged sword, experience network, and the accumulation of the industry, is an important factor in the venture to reduce risk. Data show that VC is actually more favored by older entrepreneurs, because VC is also tending to low risk investment. What do you think of that?

Trustlook: Consumer Products (consumer product) are small young play we do not understand. But like machine learning, search, computer security, large data such products, there is a threshold, you must first understand the industry at which level, you have to be able to stand in the forefront of the industry's technology, you have to see the industry in the next three years where to develop, these are required industry experience. For example, our forecast for the next three years to move the animal network security will be where, then we now take the path to that place. , aiming at the technology used in the industry after three years. This kind of industry innovation if the university graduated on the out, the probability of failure is very large, at least 5-10 years of experience in the industry to accumulate, will be more emboldened. In the final analysis is still the beginning of the technical threshold of the difference. Consumer products are often to accumulate to a certain number of users, will appear technical barriers such as the structure of the problem, configured problem, unlike us to solve the problem is the technology. The height of technology can be said to determine the depth of our moat.

36 Krypton: Then can we say that the higher the requirements for backend server side, the higher the technical threshold, the more suitable for experienced industry people to do.

Trustlook: Right. We see a lot of tools like products casually have 1, 200 million of users. or social products, such as Facebook. These products are based on experience to occupy the user, and then use the power of capital to solve the problem of technology, such as high-priced hire technology Daniel. In the middle of a part of the technical backbone to build a framework to solve the difficult technical problems, to the latter is the need for younger people better is a white paper, as long as the study fast. Because at that time a lot of technical problems are dedicated to the company, and other places of the solution is not applicable, as long as the company can immediately get started with the existing things on the line. In the medium term has its own technical backbone, to the latter is to cultivate their own technical personnel. The easier it is to do it or the easier it is to use it, once it is made, it is almost impossible to replicate it. The slower the evolution industry, the more opportunities for people with experience in the industry. For example, FireEye (Burner), which was listed last year, is known as the only company in the PC industry that can do the fact virus and malware detection, immediately received a large number of U.S. government and military orders, the advantages of the technical threshold is displayed. Burner technology on the PC side is what we need to do on the mobile end, we are now doing is the industry in the past three years may be in the top of the grab.

36 Krypton: The core technology of Trustlook is the dynamic identification of malicious software and intelligent prediction based on user behavior analysis. But there are countless variants of the virus, called prayer villains outsmart. The security product's detection logic is more like a medical method, based on experience and experimentation, and can you talk to us about the reliability and scalability of this dynamic identification (reliability and scalability)?

Trustlook: To cite a popular example, a meal to eat 200 dishes, royal dining room How to prevent people poisoning is a thorny issue. The traditional method of testing can ensure that the broken broken grass crane top red Such a common thing, but the face of a variety of exotic drugs in the western regions may not be useful. What is the surest way? Find a small eunuch test poison, if tasted after half hour still alive and kicking, estimate is not poisonous. The same is true for the killing of malicious software and malicious acts. Traditional anti-virus software is based on signature to kill, as in the case of each of the poisons in the design of detection methods respectively. Each occurrence of a new virus is designed with a special signature and updated to all client virus libraries. The disadvantage of this approach is obvious: the response time to the new virus is sometimes up to 200 days and powerless against the unknown threat. Trustlook uses the "Little Eunuch Test" method: Put the app to be tested in a real environment and watch its behavior at the operating system level to determine whether it is malicious. The cell phone used for "drug testing" is a specially crafted set of Android systems Trustlook. The bottom layer of the system is rewritten and recompiled, detailing all the behavioral details of the running app and sending it back to the server. The latter automatically generates detailed scan reports. The entire process, can be completed in 5 minutes, the real real-time response to the unknown virus. "Behavior killing" is not Trustlook initiative, but we go farther than others. Most of the same products on the market can only be "command flow tracking"-that is, by observing the system functions called by the app to determine whether it is malicious. Trustlook further implements "Data flow tracking", that is, tracking the flow of sensitive data at the bottom of all systems, preventing the leakage of sensitive information such as phone numbers and payment card numbers.

The following figure is a sandbox device used by Trustlook for virus detection

36 Krypton: What is the reliability of this kind of behavior based on instruction flow tracking?

Trustlook: We did an impressive show at the "b-side" Hacker conference in Las Vegas, USA last August: In the face of an unknown malicious app that steals a user's phone number, no matter how the app splits or even encrypts the phone number it steals, Trustlook can be seen through the "Data Flow tracking" technology. And all the traditional anti-virus software face this unknown app, annihilated. The bottleneck of traditional anti-virus software is that the reliability depends on the speed of Virus library update, and we are based on app contact user data suspicious degree of killing, all applications will be in our own Androsa box run all the possible path, and then eradicate the results of detection to confirm whether malware or virus, this " The practice of "trying to poison" can really do it in the bud. In addition, we are the first to have a comprehensive solution to the "heart bleed" loophole that everyone is concerned about recently. We released a security application for a heart bleed within 36 hours of the leak, including web scans, mobile phone system scans and app scans, and now the industry's first safe product for a heart bleed.

36 Krypton: Security This thing for the vast majority of users, is an accident to think. People are less attached to their privacy and security data, let alone mobile security. When Amazon used personal purchase history data to do personalized recommendations have caused no small criticism, to now everyone on Facebook aboveboard use user data to advertise targeting has been used to. The real concern for security vulnerabilities is often hacker groups, because they are profit-driven and need to exploit security vulnerabilities to achieve their goals. What is the meaning of mobile security applications when everyone is weak in mobile security?

Trustlook: Security This thing, is how strong each other, determines our side of the need for more urgent. Or is a kind of consequence of the passive production of the industry. Now the mobile Internet is in 95 years of PC, almost no anti-virus software, because non-toxic can be killed. But as people's lives are increasingly inseparable from the mobile end, when the payment, identity, contacts are in the mobile end of the integration, this is a great temptation for hackers, but now has not been the time to explode. If out of a fierce virus, the circle of friends 10 have 8, and the consequences are very serious, such as Alipay wallet stolen, micro-letter account is also black, then everyone would like to install anti-virus software. Originally everyone is aware of PC poisoning will be computer crashes, will lose files, is aware of the consequences of the premise of the importance of antivirus software. Now for the mobile end is also the same, and mobile end is more likely to be finance harm (pay), just throw a file, a photo, far less than the harm of finance serious. Once the harm of finance, the importance of antivirus no doubt. If one day, mobile phones also become a huge zombie/Trojan network, then the timing of mobile security mature.

36 Krypton: Security products and virus software are in fact a thin line, can protect users means that can hurt users. Will there be sway in the choice of good and evil? I've heard a lot of examples of hackers from white people. Because hackers have mastered the technology you have, hackers want to get the things you are also within reach, every day to face a lot of temptation to tell us about these experiences?

Trustlook: Safety products are about running with the other side, if the security loophole you know before the hacker, the first thing you do should be to inform the manufacturer, to help users repair. In addition, you see too many things that can be directly converted into benefits, which is why so many of the people who make security are in the end. And in our industry, really many times is villains outsmart, hackers sometimes run faster than us, because they are purely interest-driven. In our industry, some things are illegal. For example, virus check virus, or you found a loophole, there is a solution, not to inform the user, but leaked to the hacker, in the user suffered loss after you again with a just posture to repair. These are all illegal. So the security industry on the moral integrity of the requirements are very engaged, the personality of the practitioners is also a great test. So we recruit also the same, all have the government work experience of all do not, all and the hacker industry chain is not all about. Hackers and white is between the line, as if to give you a knife, you want to cut vegetables or cut people.