Andrew Peterson was at the online retailer company Etsy almost a decade ago at a time when being “cloud ready” and undergoing “digital transformation” initiatives were still foreign concepts in the enterprise.
“We were faced with the challenge and opportunity of building a cybersecurity and infosec program around those [technological] changes,” says Peterson, who started Signal Sciences with Nick Galbreath and Zane Lackey, who were also at Etsy with him. The security technology Peterson and co. developed for Etsy ended up getting noticed by others in the industry.
“People were asking for us advice on what they should do and it led us to realize there was a real need from our constituents in the industry and a meaningful business opportunity.”
The result was the creation of Signal Sciences, which uses next-generation web application and runtime application self-protection (RASP) technologies on its security platform. The concept draws on the fact that web software is the most vulnerable part of a company’s business, but it also happens to be the area that’s growing the fastest. “It’s a perfect confluence of a situation where there’s real risk that’s being generated in these organizations, but you don’t have a good solution to it. That’s where our business is focused.”
The Culver City, California-based Signal Sciences closed on $35 million in funding earlier this year and has reportedly drawn interest from Cisco. Chief Executive spoke to Peterson about the conversations he has with CEOs about cybersecurity, how he recruits tech talent in a competitive market and more. Below are excerpts from this conversation.
Your customers run the gamut from healthcare to technology to government. What are the industries that are lagging in cybersecurity?
It’s really hard to be good at security if you’re not proficient at technology. Like it’s possible. But it’s rare that you have a really strong security group, but a really weak technology group. The industries that historically have outsourced a lot of their technology in the past are the ones that are in the highest risk. Healthcare certainly falls into that. Government certainly falls into that. Things like utilities certainly fall into those things. This is where digital transformation and the digital transformation projects that are happening for those groups…what you’re seeing is that they’re taking this technology function that they’ve historically outsourced and they’re insourcing it. They want to get better at technology and that’s a hopeful change for me. If these groups are getting much more proficient and good at natively at building technology, they are in a much better position to be able to have a much stronger cybersecurity focus as well.
What are the conversations you are having with CEOs and leaders at companies about cybersecurity? What are their greatest concerns?
I think a lot of them are trying to understand right now what implications adopting technology in the cloud has for them. They’ve had technology in house for a long time but the paradigm for how they’re running and consuming that technology is really changing with the rise of things like SaaS [software as a service] applications and cloud systems. It’s something people have been talking about for a while now, but I think it’s still something that CEOs are really trying to grapple with. [They are wondering] what are the new types of threats that we need to think about as we adopt these new technologies.
I think the marketing lines tend to say, “The world completely changes when you move to the cloud,” I think the reality is that a lot of the ways in which companies are under attack haven’t really changed. A lot of the basics for how people continue to be breached from a security perspective, it’s kind of the same thing that we’ve seen for the last 10 years. There are certainly new threats that come along with the adoption of new technologies, but we’ve yet to see those things really be the culprit of breaches happening. The culprit continues to be the same areas of vulnerability.
Tech talent is hard to come by these days for any company. How does Signal Sciences recruit the best and brightest?
There is a reason we came down to Culver City because I think it was an untapped market [compared to] Silicon Valley. The big companies in California considered Southern California as an extension of the normal California market, so they started offices in Boston, New York instead of LA. But in the last year-and-a-half, we’ve seen a massive investment from large companies to building offices down here. They realize LA is the second largest city in the country. There is a massive talent pool. It’s not an extension of the Bay Area at all. You certainly get a different cross set of talent down here. We’ve had great success at finding folks that care about living in Southern California and care about living in LA, but they also want to work on world class technology with world-class technologists. That’s really kind of our background of having all three of our founders and most of our executive team having experience of doing work in the Bay Area. That is one of the things that we can kind of promise to our teams when they’re coming on. You can get an elite level of technology and technology leaders that you get to work alongside. It’s been a great recruiting tactic for us.