Serial entrepreneur Scott Chasin is one of the world’s most prolific technology and information security pioneers. Having founded four software-as-a-service startup companies and exited each via IPO or M&A (to Symantec, McAfee, and Verizon no less), Chasin is also credited with creating the world’s first web-based email service, USA.NET, a trailblazing cloud company. Over the past two decades, Chasin’s remarkable leadership in successfully developing and commercializing cybersecurity products has uniquely now positioned him for yet-to-be-announced business ventures in 2020. Slone Partners Cybersecurity is pleased to present the business insights of Scott Chasin in this exclusive interview.
From your perspective, what does the future of cybersecurity look like?
The future of Cyber is really about our ability to bridge the gap between automation, AI and human intuition. Each of these areas will have a major impact on the Cyber solution landscape. AI will play a key role in how we delve into these massive data lakes of event data to understand behavior and anomalies. We will continue to automate our response and sharing capabilities, extending our threat radars well beyond our typical enterprise perimeters. And lastly, we will see a continued focus on the delivery of human decision-making as a service with more emphasis around collaboration and the presentation layer of the Cyber experience. In my mind, there is little doubt that we have a long way to go before we can replicate human intuition in an AI algorithm, thus exists a critical need continue to expand the human analytical talent pool which is severely understaffed.
Additionally, we all know that our future reality is founded on an ever growing attack surface, from the Internet-of-Things (IOT) to our aging Operational Technology (OT) environments (manufacturing, energy, healthcare) to the Cloud. These surface areas are major attack points that are evolving quickly, both from an offensive as well as defensive perspective.
The fundamental story here is that technological advancement at every layer of society will not slow down and neither will those that are motivated to attack us.
When you reflect on Bugtraq, USA.NET, MX Logic, and ProtectWise, what is the one thing - the single biggest topline takeaway - that you learned from each experience?
That’s a difficult question as each of those ventures yielded very different experiences:
With Bugtraq, there was huge opportunity to build a knowledge-based community around the exploitation of software vulnerabilities to hold OS and software vendors accountable. Back in the early ‘90s there really wasn’t a formal community or even awareness of the “zero-day” threat and with the introduction of Bugtraq, we were able to build a community that turned into the premier alerting service for tracking these threats. At the time, this open sharing was highly in demand; however, given today’s climate of quickly weaponized vulnerabilities and massive attack surfaces, full disclosure isn’t in our best interest.
USA.NET was such an amazing venture as we introduced the first web-based email service in 1995. We initially competed with Hotmail but quickly changed our go-to-market to focus on delivering our (pre-cloud) platform to large service providers such as Netscape. We experienced the epic highs of the dotcom bubble as well as the tragic lows. Amazingly fast growth in customers, employees and in our technological platform was an unforgettable ride. I feel lucky to have played a key role.
As for MX Logic, given my submersion in helping pioneer email and messaging, I knew that my next venture would be to help secure those communication channels. Spam and phishing were becoming a plague on the inbox and there was this immense opportunity to build a solution for the enterprise that could be delivered as a service with unbounded scale. We competed against the likes of Postini (Google) and MessageLabs (Symantec); however, as they went up stream to the Fortune 1000 we built a go-to-market around SMB that scaled into the tens of thousands of customers. This was truly one of the larger scale early modern cloud architectures that was an obvious factor for McAfee acquiring the business in 2009.
And with ProtectWise, we really set out to create a new category - to drive network security into the cloud with the ability to create a memory for the network. This was a big idea venture that embraced massive data sets in the cloud. After two years of R&D, we solved some ridiculously difficult technological challenges to create the first Network Detection and Response platform. It wasn’t easy and we learned a lot in terms of scale, specifically around engineering our platform for gross margin efficiencies and building a solid business model.
With all of these ventures, I would say my key takeaway is that it’s about the people. As a founding CTO or CEO, it’s not you that builds a great company. It’s you that builds a great team that builds a great company. I could sum up this approach easily with a mantra that I’ve used time and again: People, Product, Profit. Getting the team right, from the Board of Directors to the engineers, to the marketeers and to those on the front lines selling and evangelizing your solution. It’s about team. It’s about creating a family that embraces your passion and is energized to change the world.
Which CEO's do you really admire? The coolest, the smartest, the most effective?
I really admire Ben Horowitz and what he accomplished as a CEO. His experience with Opsware is something to admire and study. Tim Cook of Apple has my complete admiration in what he has been able to achieve in the post-Jobs era. And I would say that Satya Nadella has been simply amazing at the helm of Microsoft.
Warren Buffet has shared big picture wisdom like “Look to the future, not the past”, “Avoid herd mentality”, and “Build relationships and treat people well.” What resonates when you consider each one? What would you add?
In looking to the future I think you always have to consider the past. Your scar tissue or pattern recognition plays a key role in guiding you into the future. I don’t think this can be underestimated. But there is also this sense of balancing your past experience with a sort of blind navigation so that you aren’t bound into aged thinking. I believe that balance is what real innovation should embrace.
The herd mentality can be quite damaging as an approach to anything. I’ve always been an out-of-the-box thinker. In terms of go-to-market, certainly creating a differentiated value proposition that exploits the “demand herd” is where I tend to concentrate.
On building relationships and treating people well, certainly I agree. As I said earlier, people are the engine that are the builders of amazing companies.
How did you first get connected to venture capital? Has the tech VC environment changed over the past two decades, and if so, how?
My first experiences with venture capital were back in the early ‘90s with the funding of USA.NET. We raised a massive amount of capital through the dotcom bubble. A lot has changed since those frothy days of raising. Of course the tech VC community has changed. It’s grown a lot over the last two decades and a lot of the early entrepreneurs in tech are now in venture themselves. Because of that I think there is a wider knowledge of what being a tech founder entails and how that impacts the blueprint for investment. However, with a lot of that growth you get either a lot of new funds that are first time investors or funds that are overly invested. This can be challenging, especially given that a VC board member can be on anywhere from 8-10 other boards. More so, I think that the value-add of VC has changed considerably. Whether that’s through vetting technology with potential customers to helping build the team, I think that VC today is really about differentiating their value-add to the founder. Depending on the stage of the business, today’s founders should really focus on finding value which can yield customers, employees, pattern recognition and more capital.
What advice do you give to entrepreneurs?
1. Make it about the people. Build your team with the same passion that led you to building your vision. And manage individual team member’s “passion reservoirs” appropriately by finding new projects, growth or opportunities to refill their tanks continuously.
2. Let go. You can’t do it all and you don’t want to. Leverage your team and their talent as much as you can. Understand that as the business evolves so should your focus. You must widen your aperture as you build scale for success.
3. Build your board as you would your team. Getting that first round of capital is exciting. However, with every new board member you are introducing a new dynamic to the company which will have a major impact on the business’s performance and outcome. These are critical relationships that can add so much value or undermine and devalue what you are building.
When you conceive a business, before Day 1, have you already mapped out possible exit scenarios in your head? Like, “If we’re successful at this, Verizon, Symantec or McAfee might buy us, so let’s design this product or process to be particularly attractive to them.” Or are you focused on getting to Day 2, and Day 3 and so on? Is dreaming of, or designing, exits essential for startups?
I think that any business that is going to be brought to market has to consider the current gaps in existing products and services. This ultimately means that you are thinking about what the big boys are building and NOT building. Of course, you’ll identify potential opportunities for future exit but it’s not something you should embrace as you build a business. I’ve always had the mentality of building for a public exit, which means you are building for the scale and demand that a public company serves. In my experience, startups have very distinct life cycles from the R&D, product, market and customer development perspectives. You have to focus on each of these appropriately as you scale the business. And in a lot of cases, you are concurrently building these lifecycles to be timed with investment and market timing. In short, you don’t build to exit, you build to make your business scale and be attractive as a potential exit.
You’ve effectively been on hiatus and started a family - what’s next for you, personally and professionally?
Well, after four startups and exits over the last 26 years, I thought it was time to build the ultimate startup and have my first child. My time recently has been spent with my new daughter and it’s been amazing. With my last exit (ProtectWise) and my departure from Verizon in September 2019, I am now starting to think about what’s next. There is so much opportunity for value creation in the market its mind-numbing. But that’s what excites me and keeps me passionate. Simply stated, it’s about the opportunity to inspire others to help change the world through building great teams that build great companies.
ABOUT SCOTT CHASIN
Scott Chasin is a widely recognized pioneer in information security, and a serial entrepreneur of software-as-a-service security solution companies. Most recently, Scott was the co-founder and CEO of ProtectWise, an innovative cloud security company which provided comprehensive, long term network memory and immersive visualization for enterprise security teams. ProtectWise was acquired by Verizon in 2019.
Prior to founding ProtectWise, Scott was CTO of Cloud Security at McAfee, where he was responsible for the vision and growth of McAfee's email, web security and data loss prevention products. He joined McAfee upon its acquisition of MX Logic, an email and web cloud defense company that Scott co-founded and served as CTO.
In 1995, Scott Co-founded SilverSky, serving as CTO where he is credited with creating the first web-based email service which grew to over 33 million users. In 1993, he created and moderated BugTraq, the security industry’s first full-disclosure software vulnerability alerting service that was acquired by Symantec in 2002 and he was a key contributor to the creation of the first open-source, multi-factor authentication system, S/Key. Scott has served on many advisory and industry boards, including the cloud Security Alliance, Messaging Abuse Working Group and Anti-Phishing Working Group.