On Saturday, with Hurricane Hilary looming, Alex Pall and Drew Taggart of the DJ duo The Chainsmokers performed a concert at Los Angeles State Historic Park that set an all-time attendance record for the venue. By Tuesday night, Pall was in Switzerland but he had a different recent event on his mind: his and Taggart’s first-ever trip earlier this month to the Black Hat security conference in Las Vegas.
On top of being DJs and electronic music producers, The Chainsmokers are also active tech investors. They founded a venture firm, Mantis VC, in 2019 with two other entrepreneurs and now have investments in a broad portfolio of fintech, machine learning, ecommerce, gaming, and healthcare startups. And though Mantis doesn’t specifically focus on cybersecurity, the firm is starting to develop a reputation for identifying startups that are attempting to address esoteric yet critical digital security problems.
This morning, for example, the now-independent mobile security app iVerify announced a $4 million seed funding round that Mantis is participating in. The well-regarded app, which grew out of an incubator at the security firm Trail of Bits, aims to take on the mercenary spyware industry by making it easy for people or organizations to scan their iOS and Android devices for suspicious activity and malware.
How The Chainsmokers got interested in digital privacy and security
How did The Chainsmokers get interested in digital privacy, incident response, software supply chain security, and anti-spyware tools? And how did Pall, a celebrity DJ who performs all over the world, end up partying at Black Hat? He broke it down for us. Our conversation has been lightly edited for length and clarity.
I’m super curious, where does the security and privacy specialization come from?
Alex Pall: I gotta give credit to Saveena [Mandadi, a Mantis investor and director of operations] who’s definitely the leader of that space for us. She’s done a terrific job building out our thesis around the space. But going back a little bit further, you look at our portfolio, and it probably seems a bit out of character for how you would imagine two musicians to be investing their time and money. And that was very much intentional.
When you’re an artist with a platform like ours, you’re getting sought out for two things: distribution and marketing—consumer-related brands or creator, economy, and social. But a few years into it, we were reading the news, and you can’t help but take a second look at your portfolio and be like, why are we not in companies like Palo Alto Networks and CrowdStrike? And it dawned on us that we were kind of falling victim to the consumer space in a way. We wanted to go out and invest in tools that, behind the scenes, could be the things powering society. And it was also just a challenge at first, like maybe we can be some of the first artists to show what kind of value we could bring outside of the typical ecosystem you’d imagine us investing into.
Do you feel like you’re raising awareness for other investors that security and privacy issues impact everyone’s lives and everyone’s work?
People take for granted that if you type in your bank information, it’s going to be secure. Or if you log in to your iPhone and send something private to somebody else, that it’s not going to end up in the wrong hands. But we had a firsthand experience a number of years ago—our Twitter account got hacked while we were in London. It was a really, really awful experience to have somebody inside your system, speaking like they’re you. And obviously, that was just a little taste of the larger consequences that can happen.
You can easily invest in one really terrible cybersecurity company and say, ‘We’ve made a huge mistake getting into this space.’ So I think it’s always been the strategy for us to be a part of the best businesses, even if it’s not the most exciting work to the average person when you read it on paper. And hopefully, we de-risk it a bit for others by investing in people who are far more experienced than us.
The investment in iVerify: Why it matters
Why did you want to invest in iVerify? What’s important about it and about focusing on the threat of spyware?
Our phones aren’t always as secure as people think, especially for people like journalists and politicians. Mobile device management is obviously a big issue, but there are lots of important people and organizations that probably don’t focus enough on it. So it’s critical that iVerify is a really powerful but also simple solution.
Getting involved in the security community
What’s it been like to connect with the security community? It sometimes has a reputation that it’s a group of people who are really tinfoil-hat and hard to interact with or hard to break into.
There’s a lot of pressure on them. Not only do they have to make sure that everything’s secure and safe and people are following the guidelines set by an organization, but the pace at which innovation is happening and you’re adopting new technologies and bringing new software in—it’s a lot of work while still keeping all the customers happy and hoping that the machine doesn’t break down. That’s a daunting task, and these things are only going to become more and more important as everything becomes more digital.
Creating awareness for cybersecurity
In movies, they certainly don’t paint [hackers] as the outgoing, fun people at the party. They’re usually the ones saving the day, which is the truth. So that’s something that we’ve kind of recognized and realized, which is, how do we, through whatever platform we have, bring more awareness to this space and get more people interested and excited about the applications of cybersecurity?
A lot of the time you’re dealing with founders who are extremely technical and brilliant, but we all have our shortcomings. I’m not extremely technical or brilliant. So the idea is that we, hopefully, can come together and leverage each others’ strengths to accomplish a really challenging goal.
Having fun at Black Hat: Breaking down stereotypes
It sounds like you at least got to have some fun at Black Hat, right?
We hosted an event at Black Hat for one of the companies we invest in, Chainguard [which focuses on software supply chain security]. And they’re all wonderful, but I had no idea what kind of crowd we would be drawing on for this. I didn’t think everyone was going to be terrible or boring or something, but I was surprised because everyone was awesome. We had a great night out. Eventually, I was like, I’ve got a show tomorrow, so we can’t keep going all night!
I think security folks are going to be thrilled to hear that The Chainsmokers had fun partying with them.
You know, growing up, I was on ClarisWorks pretending I was hacking into things, and I was a big fan of the movie Hackers. They were really cool to me. And this stuff is really important. As the world continues to advance with AI technology, we as a society will need more cybersecurity experts. And they deserve more recognition so they can secure all the new things that we’re getting excited about.
Conclusion: The critical role of cybersecurity experts in advancing society
We all want to move as fast as possible, but at the end of the day, you can’t have this system that’s just jerry-rigged together. As new companies spring up and all the code that’s being written—you need to have some sort of observability into this in real time to understand where the flaws are. Soon, all of our identities will just be in the metaverse or something. Who knows. So these things become more critical every day.