"Those sources say the company’s investors have told employees that they can show up for work on Monday but that there is no guarantee they will get paid if they do."
Didn't exactly call this in particular, but an old comment of mine about how many serious infosec professionals had a very low opinion of Norse: https://news.ycombinator.com/item?id=9855582
A lot of people saw this coming before it actually happened. Everyone has to pay the piper eventually. I predict next company to fail in such a way will be BitSight Technologies - https://www.bitsighttech.com/
A lot of infosec professionals have the same opinion of the "threat intelligence" pile-on overall.
Norse had some amazing engineers working on their appliance, way before demand in any way justified that level of investment. Fortunately most of them have already found new jobs.
True, the threat intelligence industry is a mess and reminds me a little of early tech startups in the last bubble. It's a response to breach hysteria.
Threat intel is a good idea in theory. As more and more threat intel companies start being filtered and shutdown (and I'm sure 80% or more will), there'll probably be a few left that provide some real value to security programs. Until then, it's just going to be 90% marketing.
Remember a wave of personal firewall products around 2005? zonealarm/norton/mcafee all had those sexy "security" popups/notifications about IP x.x.x.x HAXORING you with ICMP packet.
This is what Norse offers, but repackaged for clueless executives instead.
Anyone that knew anything about security knew that Norse was full of it. Norse is a shining example of how little information most people have about the security products and services they buy. It's all marketing, and it leads to more snake oil than not.
Let's not forget when Norse named a fictional person named "Lena" as the person who perpetrated the Sony hack in 2014 based on "Open-Source analysis" of the leaks.
From the fine article:
"The data scientist said she vetted Norse’s founders prior to joining the firm, but that it wasn’t until she was fired at the beginning of 2016 that she started doing deeper research into the company’s founders.
“I realized that, oh crap, I think this is a scam,” Landesman said. “They’re trying to draw this out and tap into whatever the buzzwords du jour there are, and have a product that’s going to meet that and suck in new investors.”"
I guess the lesson is that even serious due diligence isn't a guarantee.
For many people "serious due diligence" is a Google search.
Relationships between people, even business ones, are based on trust. You'll rarely know if someone deserves your trust by the time you have to give it to them, so it's more important to realize whats actually going on then to be lulled into a false sense of security for how you think someone is.
It amazes me that in so many of these stories the people who got hurt, usually employees or investors, will just stand around afterwards with their hands in their pockets saying how smart the perpetrators are and how they were fooled. It isn't that this particular situation has no guarantees, it's that their are few to no guarantees in life (especially when money is changing hands).
When I mentioned "serious due diligence" I didn't mean Google search. I should have spelled it out. When a founder is neither a well-known person nor someone you know personally very well, the answer is a background check done by a professional.
Of course there is no guarantee, I'm talking about being prudent and improving your odds.
Finally, I personally know how it feels being employed by a startup founded by a con artist.
What problem do you have with them paying people for wearing their vendor swag around a conference full of buyers? $100/h is cheap in the scheme of Black Hat promotions, too.
I love their knit hats. I wonder if I can buy a case of them from Solarflare.
Is that even legal?