Lastline CEO On Standing Out In A Crowded Cybersecurity Space

John DiLullo is somewhat of a rarity in the high tech world.

The CEO of Lastline, a cybersecurity company based in Redwood City, California, says most chiefs in the industry come from the product and engineering side. DiLullo’s background is in sales—prior to his role at Lastline, he was a global sales executive for F5 Networks. He also held positions at Cisco Systems, Avaya, SonicWall, and Aruba Networks.

“It adds a huge amount of context when you’re trying to sell a product, especially from an emerging company or an emerging technology, to understand the person that’s actually going to invest in your product, how will they perceive you? What are the elements of value that really matter? There are so many companies out there today that have great products but haven’t finished that last mile of understanding what people are actually willing to pay for and what business needs they have.”

This is what dooms a lot of tech-focused startups, says DiLullo, who joined Lastline last year. He spoke with Chief Executive about how the company is trying to stand out in the crowded cybersecurity space, how they recruit tech talent, and more. Below is an excerpt from the conversation.

What are some of the big challenges that Lastline is facing?

The company is growing and growth comes with growing pains and trying to figure out what you need to invest in and at what time, and what are the skills that you are short on and what [skills] you have plenty of. I think there are a couple of unique things about Lastline, which are really some of the core attributes of the company but some of the core growing pains stem from them.

Our background is really in academics. Our three founders are some of the top published academics in cybersecurity. And so, we have this great foundation of essentially applied science where we understand more deeply than any other company on earth what are the threats that modern enterprises are having to endure from hackers and from intrusions, and breaches these days. That’s from an applied science perspective, but actually getting that applied science into the hands of customers is very commercial. And so, you see a lot of companies that maybe don’t have great products but bring it to market well and then you have other companies like us that have an incredible technology, but have to really figure out how to pivot and drive that go-to-market movement.

To that point, you guys are in a crowded space. It really seems like every company on the block has some kind of cybersecurity defense solution. So how do you stand out in a crowded market?

It’s interesting, despite the crowd, if you look at the major breaches that happened last year, every one of those customers, every one of those companies probably had a next-generation firewall, probably had an identity and access management system and likely had some type of intrusion prevention capability. And a lot of people are investing in a lot of these different technologies.

It really is time for a different look at the problem. And I think that’s how you get your head above all the noise and that’s what we’ve done. So, in our core as a company I think we’ve recognized nearly 25% of all traffic on the internet right now is malicious traffic. The average intrusion today is lasting more than 200 days. So somebody breaches your network and on average they’re actually operating in your corporation’s network for more than 200 days. And add to that the fact that there’s a shortage of qualified security professionals today worldwide. It’s more than 200,000 people, and by many estimates in a year or two, that’s going to be over a million people.

It’s a huge shortage of talent and also a lot of success by the bad actors. And I think we realized that what you need to be able to do is you need to not only have a static response to security work. Every day you find something and then the industry responds, and that’s why you see this diaspora of companies out there that are all responding to different things.

What Lastline does that’s really different is we’ve truly leveraged artificial intelligence to not only try to answer the latest threat, but to also anticipate it. To use artificial intelligence to predict exactly how the next threat will present, almost like the way an illness presents. We’re ahead of the curve. And that’s why we’ve recently submitted to a lot of testing, and we’re sure that we have kept 100% capture and detection rate on intrusions, and so it is different. But it’s only through having a really unique type of a solution, using unique capabilities, that I think you can lift yourself out of the hundreds of companies that are out there today providing some level of solution.

You guys are in Redwood City. You’re in the kind of heart of Silicon Valley. What about recruiting tech talent? How much of a challenge does that present?  

It certainly would be hard if we were hiring most of our technical talent here in the Bay Area because as you know, it’s a very tight market. I think if you talk to a lot of the startups that are struggling today in the Bay Area, that’s probably why they’re struggling. What we’ve done is we’ve really relied very heavily on our founders and their university connections. And we have nine PhDs on staff, for instance. If you think about for a company our size that has that many PhDs, it’s pretty astonishing. And all of our development facilities are located nearby to university presences that we have established through our network. And so whether it’s in the UK, or whether it’s in the Boston area, or whether it’s here, we don’t actually have a lot of our engineering talent in Redwood City. We have it down in Santa Barbara, at the University of Santa Barbara. So we’re pulling our talent out of the university. And that’s giving us people with super-fresh experience in emerging computing environments.

It’s also giving us access to the students largely that are in advanced degree programs trending towards PhDs. Real thought leaders. The people that are writing their doctoral theses occasionally in that area. And so, if you go online, you’ll see that our founders, and a lot of the professors, and academics associated with the company have published more than 250 papers. These are core, foundational papers that talk about intrusion, breach defense, different types of malicious threats, malware. And so this is an incredible foundation for us. So we don’t feel constrained by talent. In fact, I think we have some of the most brilliant people on earth.

What are the conversations you’re having with CEOs about cybersecurity? Is there a level of understanding from their level?

I think there’s a level of fear. Every CEO, from myself to anyone that I talk with on a day-to-day basis, is very worried about enterprise risk management. And enterprise risk management, I would say nowadays also includes data privacy, data residency, of course, all the financial components around the theft of the assets of the company. The losses every year now are in the billions. I don’t think there is a single CEO in the world today that isn’t at some level worried about the impact of electronic threats. And those electronic threats present in a lot of different ways. It’s not necessarily breaking into your systems. Someone could be manipulating other systems that you use in the electronic commerce environment that can disturb or interrupt your business in some way.

Read more: It’s Time For The CEO To Own AI As A Strategic Imperative