Interviews at The Entrepreneur Center @NVTC

Tania Anderson for Bisnow on Business: Congratulations on your sale. What’s changed?
We’re waiting for the acquisition to close. A foreign company buying us has to go through a federal approval process so that takes awhile. Day to day, not a ton has changed. The next six to 12 months will be when we see more significant change.

What will be your role in the company?
I’m CTO at Sourcefire. I don’t know that I’ll necessarily be CTO at Check Point. Check Point never really had a strong CTO role like we had at Sourcefire. They have a somewhat different internal structure, so I think I’m going to be responsible for more people than I am right now. I don’t have anybody directly reporting to me right now because I spend so much time on the road, and I have such a diverse role in terms of product strategy, marketing, sales, technology prototyping and research. It’s a unique position within Sourcefire. I expect at Check Point I’ll have a team reporting to me, and I’ll have a more focused role within the organization.

How did you get Check Point’s attention?
We got their attention by building innovative technology and by executing really well in the market. Sourcefire went from nothing to being the largest private vendor in the intrusion detection space in three years. We’re a very different company than most security start-ups because we have done something that most security start-ups haven’t done, which is that we built a diverse product set and marketed a solution instead of a single technology. The market really rarely rewards companies that build single technologies. But we’ve always been about solving broader problems and solutions approaches, and our growth has shown that the market is really ready for a company like that, even at our size.

What was it like for you to sell your brainchild?
In some regards at Sourcefire, I’m obviously a key contributor here. But at the same time Sourcefire is my first start-up that I’m the founder of. I like to step back and try to look at things from the outside looking in. For me it was very educational. I’ve never been close to the negotiation process of an acquisition before. I’ve read about them and I’ve heard about them but I’ve never actually stood there in the room as it was going on. It’s a little bittersweet. We have been living the excitement of the start-up lifestyle for five years now. It’s going to be a change. On the other hand, it’s a big monetary event for me. And it’s exciting to think about the possibility of what a company like Check Point brings to bear in terms of market presence and being able to get in there and really expand our presence and take the technologies and ideas that we’ve developed over the last five years and drive them into a broader market.

Any plans to start a new company?
I don’t have any immediate plans to go start another one. I could personally use a break for a little bit. Sometimes I wonder if I should do something like that or just kind of relax and sit back and enjoy myself for awhile. I really want to make the Check Point acquisition a big success and I want to see what it’s like working there. A lot of the technology we’ve developed at Sourcefire I’ve had an active role in, so for me to leave the combined company, I’d be walking away from a lot of stuff, my brainchildren over the years. It’s not something I would do lightly.

Ever thought of becoming an angel investor?
I didn’t make that much money. I guess I could become an angel investor now. I could certainly fund a company at the level of Sourcefire’s initial investment. But I don’t see myself becoming a big fund or anything like that. The venture process has been pretty interesting but I’m not sure. I’d have to find something that I really believed in. That’s a tough one.
What is the biggest security threat that companies face today?
The threats that we’re seeing these days, they’re both inside and outside of the enterprise. There are threats from the inside in terms of people’s browsers getting hacked or their instant messages getting hacked and those getting leveraged as platforms to get wider footholds into a networked environment. There are the classic threats on the Internet from external attackers coming in through holes in servers. The biggest threat is that hacking has gone from joyriding on the Internet to being a money-making enterprise that’s bringing in quite a bit of money now. People with a financial incentive can work a lot harder and try a lot longer to elevate the threat level significantly. The threats themselves, they change day to day, week to week, year to year. Right now the biggest threats are viruses and attacks that can get in and exploit weaknesses. I think we’re going to continue to see that evolution for a long time to come.

Where are these viruses and worms coming from?
The hotbeds for development tend to be in Eastern Europe and China. If you look at the Eastern European republics, you’ve got relatively depressed economies but you still have fairly pervasive Internet access. Which means you’ve got a lot of bored, unemployed people who are looking to make a buck. And there’s relatively easy, low-risk ways to do it by hooking up with organized crime and hacking for gold. The Zotob worms that came out last year were financially motivated. There was a hole in some software out there and some guys wrote some worms and released them out in the wild with the express goal of making money for an organized crime syndicate.

How organized is it? Is it a couple guys in the basement of someone’s house or is it like a small company?
It’s like the Russian mob. It’s real organized crime. Mafia level but high-tech mafia.

What gave you the idea for starting this company?
In the Fall of 2000 when I started thinking about doing the company, I had this open source project that I had been working on for about two years. It had become widely successful and was very popular, and I was looking for what I was going to do for my next job. I was looking at all these companies that I could work for, and I thought to myself, “All I’m going to do is bring my good ideas, and there’s a chance I’ll make decent money but the people who are really going to make the money are going to be the founders and the investors.” And that didn’t sound like a real good deal for me when I had a lot of good ideas. I decided that it would be fun to do my own start-up. Since we were heading into a recession, I thought, “What better time?”

Why did you bring in someone else to run the company?
Wayne Jackson came in at the end of April 2002 just as we were getting series A funding wrapped up. One of the things I worried about was that I was starting this company and I had never done it before. I knew we had a unique advantage in the open source software that I had developed. We had a lot of people who liked it and who were using it. It gave us an unfair advantage in our technology space because it let us compete on a level playing field with people who were much bigger than us right out of the gate. What I didn’t want to happen was having my inexperience as a CEO screw us up and constrain our ability to be successful. I decided to get somebody who I could work and who would help us be as successful as possible.

Do you think a scientist or an engineer can run a company?
Sometimes the founder of the company wants to be the CEO. But what you’ve got to do is surround him with experienced business people and train him on the job. We talked with our early investors about doing that at Sourcefire. They were OK with bringing in a business team and turning me into a CEO. But I wasn’t OK with it because I had confidence in myself but I felt with the way the business environment was back then we needed somebody with a more tried and true hand at the business side of things. I could be the visionary and have the proper revolutionary spirit to lead the charge into the market from a technology standpoint, or an ideology standpoint, from the standpoint of someone who’s going to change how people do security. But the nuts and bolts of operationally running a company that we were working to turn into a multi-hundred person, multi-million dollar company, maybe with an IPO somewhere in the future—for that, I felt the smart thing to do was to go and get somebody who knew what he was doing.

It must have been scary enough to launch a tech company right after the bubble burst.
We had a number of things that really enhanced the fun. We ran the company initially with seed funding of $100,000. That’s what this company ran on for nine months. Calling it a shoestring would have been extravagant. We ran on some tattered threads for about nine months as we were getting the company going. It was me and a couple other guys who believed that this was going to be a successful thing. We put it together and got it going and the market was miserable back then. I went out looking for funding in 2001. Let me tell you: Going to VCs with an open source story in 2001 was not a good way to raise money. They’d look at you strangely and say, “Don’t you read the papers? Open source is dead. The markets are in turmoil. We’re closing start-ups left and right. Why are we going to invest in you? Call us back when you make some money.” That’s basically what it took. We started selling and capturing customers immediately once our products were ready and that’s when we started getting people’s attention.

Did you ever have doubts?
When you’re at the bottom of a mountain looking at the top, it’s a pretty big climb. I knew that’s what we were facing. One of my investors told me early on that sometimes entrepreneurs have an overdeveloped sense of optimism and an underdeveloped sense of fear. I’m probably one of those guys. There’s always moments of self doubt, but you just look for some success to keep you moving on.

Did any family members or friends think you were crazy?
Everybody’s been very supportive of the company and the idea. My family isn’t really technical. Especially my immediate family. My dad was a teacher, and my mom was a nurse. My sister is in sales, and she’s pretty technical but they don’t really understand network security. But they did understand I had made something of a name for myself in the field and figured I knew what I was doing. My wife was the most supportive. She was willing to let me take a chance on it, and she encouraged me in the beginning to start the company. There were definitely some dark days in the early going. But nobody ever said I should do something else or find another job. We’ve always had our eyes on the horizon in that regard.

Did you have any moments growing up when you knew you wanted to be a business person?
I don’t think anything pointed to me running my own company. I had a penchant for trying new things just to see if I could do it and for the experience. When I was 8, I would take apart the family TV or the family stereo to see if I could put it back together. I had some signs of being willing to try new things and not being really fearful about doing it. I’ve always been a fairly independent person. When I was a very young kid, between 3 and 6, I was hospitalized 20-something times. I had some lung issues. I spent a lot of time in the hospital so that taught me to be an independent person to a degree.

Where do you see yourself in five or 10 years?
One of the things this acquisition has done is given me a lot more options than I would have had before. I have a lot more credibility now not just as an engineer but as a person who has had good ideas and as a business person. I’ve got a lot of options right now from things like working with venture capitalists to help them identify companies, to starting my own company, to working with Check Point and being an integral part of the management team and helping to find what future products and technologies we’re going to do. I can certainly get a job at another company in the security industry. I do have a lot of options right now. I haven’t decided on anything. I’m going to see how successful we can make this integrated entity. I’d like to see my technologies taken as far as their natural places in terms of what they should mean to the market. One of our technologies has a lot more potential than people have realized so far. I think Check Point is going to be the platform to expose that capability to the world. I’m excited to see how far it can go because it was my idea from start to finish. I guess I’m pretty wishy-washy right now.

[This interview conducted by Tania Anderson for Bisnow on Business.]