Archive

Tag Archives: security

One of the most famous hackers in the world, Kevin Mitnick, published a book about his exploits — “The Art of Deception” — after he got out of prison. This guy broke into corporations, government agencies – even the FBI cell phone network to find out they they were closing in on him. Surprisingly, the most interesting “a-ha’s” of the book weren’t related to his prowess behind the keyboard but something much simpler — he was a master of “social-engineering.” Kevin would get unsuspecting staffers on the phone and trick them to reveal passwords, backdoor locations, and critical tidbits of information to enable his hacking. He used well-worn techniques like urgency, name-dropping, and a folksy familiarity that were popular in the Depression era and updated them for the modern times.

Kevin Mitnick was not alone.

Most of the largest online fraud hauls begin with a live telephone conversation. The existing caller ID infrastructure is useless as there are plenty of software options available for fraudsters to spin up millions of fake numbers and spoof the origin of the call. Quite honestly, there really isn’t a good way to authenticate who is on the other end of the line other than a series of painful security questions and even those are getting harder — my great aunt’s maiden name? There’s just got to be a better way…

While working on his PhD degree in 2009, Vijay Balasubramaniyan, had an unusual thought: could each phone call possibly have its own unique acoustic signature? Specifically, are there patterns in the sounds, packet loss and latency that could tell you the network, phone type and specific location the call was coming from? After some investigation, Vijay decided to focus his efforts on proving out the technology and the results became the core of his PhD thesis.

In 2011, Vijay completed his studies and hooked up with Paul Judge, a fellow Georgia Tech PhD alum and security industry veteran, to co-found Pindrop Security. The company’s technology is a commercialization of Vijay’s unique primary research and patents. Pindrop provides an enterprise solution that helps prevent phone-based fraud. Vijay’s pioneering acoustical fingerprinting technology detects fraudulent calls and authenticates legitimate callers, helping customers eliminate financial losses and reduce operational costs.

I’m very pleased to announce that Andreessen Horowitz will be leading Pindrop’s $11M Series A financing round. Our friends at Citi Ventures, will also be participating in the financing round. Here’s why we’re so excited to work with Vijay and Paul:

Founder/market fit. This is really our kind of opportunity — a very unique technology with virtually all the intellectual property invented by the founder. And it works! Vijay developed and patented the core technology while pursuing his doctorate at Georgia Tech, a school renowned for its cyber security and signal processing research.

Focus on voice fraud. As much as we talk about data overtaking voice — every customer we talk to has seen voice calls increase linearly with customers. And voice is becoming even more of an attractive alternative for fraudsters as the online channel is maturing and becoming more secure.

Very differentiated technology. It’s a very differentiated solution and the only one that isn’t purely fingerprint based so it detects zero-day attacks. Customers rave, “we are finding whole new fraud rings that had previously gone undetected…”

A track record of execution. Since we participated in Pindrop’s seed financing, Vijay and Paul have executed to plan in a remarkable way — they launched the product and had a stable of excited, apostle customers. The game film on their progress has been universally positive.

I’m super excited about joining Pindrop’s board of directors and look forward to helping Vijay and Paul bring this technology to everywhere people are answering phones and wondering who is on the other side of the line…

It took almost six months for my former company IronPort’s acquisition by Cisco to close and it seemed like forever. Although I was still the CEO by name, I was essentially running a “puppet” government with every hire, major expense and strategic shift needing explicit approval from my soon-to-be-overlords. Since Cisco was a functionally organized company, I would soon be losing half of my direct reports as sales, HR, and finance would report into their respective groups. My job was becoming smaller and it had considerably fewer degrees of freedom. So here was the big dilemma: I had signed up for 24 months of re-vesting my founder’s shares that wouldn’t begin until the deal was closed and it already seemed like a paint-drying eternity. I was pretty sure that I wasn’t cut out for a big company but I just couldn’t spend the next two years watching the clock or I’d spiral into insanity. What to do?

An analogy hit me as I watched my son at recent team practice: Water polo. Despite growing up on Florida beaches, I’m not that great of a swimmer. I’ve never even put on a Speedo. I didn’t think that I would like anything about water polo. However, if I was locked in a sports complex every day for two years and everyone else was playing water polo — how long could I sit on the edge of the pool before I gave it a go? Should I just go through the motions? Splash water on my face and feign participation? No, I came to believe there was only one way forward: shave all the hair off my body, put on the Speedo, start throwing elbows, making shots and playing with vigor…

Seriously and specifically, after six months in, I strongly advocated to be put in charge of all Security products at Cisco — a business that was three times larger than IronPort. I believe if the leaders of a newly acquired company are locked up for a significant period of time (>18 months), they should strongly advocate for bigger jobs within the acquiring company. This is especially true if the leader isn’t planning on staying around after the vesting period. This may seem like odd advice, but here’s the rationale:

It’s not about you, it’s about your team. If you’re a disaffected leader, moping around, “doing time” and talking smack, your team will disintegrate and the acquisition will fail. On the other hand, if you land a larger role, you are in a unique position to help them out. You owe it to the people who ate Ramen noodles while you paid them in potentially worthless stock to work at your company in the beginning. In addition to promoting some of them to larger roles within your new org, you will be much more connected to the cross-company opportunities and can advocate for your top performers. When your team sees you engaging, they are more likely to pull harder, too. Most of the mid-level managers at IronPort had a significant increase in their responsibilities at Cisco and it prepared them to take on even larger roles both in and outside the company. There is a myth that employees that come from a startup aren’t cut out for large companies — in fact, many may be ready for a change. Over the eight years we built IronPort, many of our single employees got married, had kids and wanted the current income, benefits, lighter work hours, and increased stability of a larger company.

You need to “sew in the organ” to make the acquisition successful. Most acquisitions fail. If something isn’t big enough to stand on it’s own or doesn’t logically snap into an existing business line, it will usually wither and die. This is especially true if the acquired leaders leave or become disaffected. Employees mimic leaders’ behavior or get shifted to new leaders when the previous ones exit and have no connection or trust with their new reporting chain. If the leaders take larger and different roles within the acquiring company they form beachheads of trust and points of navigation. It becomes less “them” vs. “us” and a more collective “we.” Look, I’m not saying it’s ever going to be Kumbaya over s’mores, but it’s a helluva lot easier to accept the bullshit you get at a large company if you have someone you trust explaining the rationale to you.

You will meet amazing great people as you get closer to the inner circle. If your head isn’t in the game, you’ll never spend any meaningful time with the best people. After my promotion, I got to spend a ton of time with the senior team, went through their version of VP leadership training, and tackled many tough strategic issues. I believe it’s only by really getting to know the key people that you can make an informed decision about making a career at the new company. Yes, I met my share of climbers, passive-aggressive assholes, and C-players but that didn’t really matter long term. The rockstars I came across have become lifelong colleagues — some of whom have stayed — but many have moved on to bigger, more interesting jobs in hot Silicon Valley companies. Don’t overlook the importance of this opportunity.

If you decided to take my advice and push for a larger role, I have a few more suggestions once you’re there:

Don’t play favorites with your old team. If you’ve run a successful startup, you’ve likely attracted first-rate talent to join you. Invariably, the close relationships, trust from working together, and familiarity with their great work will lead you to promote them first and fast. However, it’s important for them to earn some credibility with the new organization first. In retrospect, I moved too quickly and put my old team in charge too fast. We suffered from a perception of an “IronPort takeover” that was hard to reverse. I should have taken more time to evaluate my inherited Cisco team and let the cream of the crop rise naturally.

Mix up the talent. When we announced the reorg, I shuffled the leadership decks completely. The IronPort SVP of Engineering took over the firewall group and the Cisco VP running firewalls took over IronPort. Each had a fresh set of eyes and legs to apply to their new areas and attacked getting up to speed with vigor. In addition, we flew in all the director-level leaders and above from all the product groups to do group brainstorming and come up with new roadmaps for every product. Because the plans were argued and debated out in the open with everyone involved, there was much more buy-in with the employees working on the products.

Speak your mind. I was constantly pointing out inconsistencies, stupid directives, red tape, and anything that got in the way of doing the right thing. The fact that I wasn’t nursing a 10-year career trajectory and was on the fence about staying long term was incredibly freeing in terms of getting things done. In general, large companies get caught up in their processes so much that the leaders forget how to push to do the right thing. In addition to making the experience more entertaining, I met a bunch of other, like-minded leaders and made progress on important projects.

Negotiate for more compensation. Although this is starting to change at companies like Facebook and Google, most large companies are not prepared to be competitive with hot startups for compensating executives. As the leader, you can create a business case of what a comparable compensation plan would look like for a CEO of a private company. The main benefit here, again, is for your team versus you. If you can set up a compensation umbrella for you, it will apply directly to the rest of your executive team and top engineers.

Put together a succession plan. (Especially, if you’ve definitively decided it’s not for you.) In today’s world, 18-month stints are the norm at well-run large companies so there’s no need to feel bad leaving at the end of your vesting period. If you’ve integrated the team, someone would have likely distinguished his or herself and can be promoted into your role. If you’ve addressed your compensation and met all the best people, you’ll have all the data in place to make an informed decision to stay or move on.

In the end, for a variety of reasons, I left Cisco two years to the day when my vesting period was over. My former SVP of marketing at IronPort took over my role as head of all security products at Cisco. Many of the best people at IronPort stayed at Cisco for many years after their IronPort vesting was over. I believe the main reason the acquisition was a success was because the team engaged and meaningfully integrated into Cisco.

I have so much respect for people who fought online criminals for eBay and PayPal. There hasn’t been a set of websites more highly targeted by cybercriminals and fraudsters.  The founders of Silver Tail, Mike Eynon and Laura Mather, were colleagues on the anti-fraud team at eBay/PayPal for three years and had a front row seat to the newest attack techniques and the most beguiling exploits. It stands to reason that the team pioneering security and anti-fraud techniques at the tip of the spear would come up with a breakthrough technology. This was the genesis of Silver Tail.

After testing with customers, it was clear that Mike and Laura were on to something special but desperately needed help to scale. The product needed many refinements and it was clear that they should bring in a seasoned executive to help them with sales, marketing, and building a team. Enter Tim Eades as their new CEO and partner. Tim had been a longtime sales and marketing executive at IBM and a CEO at Everyone.net. His aggressive, take-no-prisoners competitiveness, indomitable work ethic, and remarkable ability to enroll customers and recruits made him the perfect fit.

When Andreessen Horowitz first started looking at Silver Tail, they had just been named to the Gartner Magic Quadrant (MQ) as the furthest out on the “Visionary” or “X” axis. This MQ position fairly reflected the stage of the company and the founders’ technical breakthrough.

Source: Gartner (February 2011)

On the “Y” axis however, which measures “Execution,” Silver Tail was still in its infancy. They had a total of 15 customers using the product, with only a few paying, and the rest in beta. That said, customers were not on the fence with how they felt about it: “We’ve never seen anything like it!” and “They are charging too little…”

So, they had a proven technology and a few rabidly fanatical customers. At this point, the company’s future was going to revolve around it executing flawlessly to win the market. And they did that and more. The team’s accomplishments are exemplified by the most recent (May 2012) Gartner MQ:

Source: Gartner (May 2012)

It’s the story of how the team, driven by Tim, deployed the product, acquired customers, scaled the company, and accelerated into a tornado in merely 18 months:

  • Almost two thirds of the top US banks have deployed the product or are in the process of deploying.
  • A skeleton crew of 12 expanded to a global team of nearly 100, including top notch teams in Federal and European markets.
  • Three new, world-class executives joined the team to lead product and marketing, engineering and finance. Each one built a remarkable team of rock stars.
  • An irreverent, open-communication, and high-performing culture helped attract and retain top talent.
  • Huge success in ecommerce.
  • Customer responsiveness became a true market differentiator as the team overemphasized quality and support. In fact, existing customer referrals are Silver Tail’ s largest source of new leads.
  • The company was cash flow positive in the first half of their 2012 fiscal year.

This “hockey stick” ramp reflects the disruptive nature of Silver Tail’s Web Session Intelligence technology and the rapidly shifting frame of reference currently underway in the security space. Analyzing “snapshots in time” of network traffic and deploying “signatures” is not keeping up with the innovation of hackers and cybercriminals.

Silver Tail’s success in the market did not go unnoticed. We are announcing today that Silver Tail has signed a definitive agreement to be acquired by EMC/RSA. From the very beginning, Tim and the founders had a vision of helping to eliminate fraud and deploying their technology as widely as possible. With EMC’s worldwide presence and resources, they will achieve these goals much faster and integrate into a broader set of security and anti-fraud technologies.

Please join me in congratulating Tim, Laura, Mike and the rest of the incredible Silver Tail team in marrying the ultimate peanut butter-and-chocolate combo: A breakthrough technology innovation with near-flawless execution!

I would also like to thank my partners, Mark Cranney, Jeff Stump and the entire a16z team for all of their extra effort with Silver Tail – it made a meaningful difference…