Cyber safety serial entrepreneur Dug Music on constructing an moral enterprise
Dug Song grew up in Maryland in the shadow of the NSA and felt a natural pull on cybersecurity, even in a pre-internet era. A computer science degree later, Song went headlong into the gloomy underbelly of cybersecurity when attacks made headlines only in obscure tech publications. His first start-up was a cyber consult with clients that ranged from banks to Vegas casinos, but as glamorous as the kind of business the Eleven Ocean sounds, he tells GrowthBusiness, it’s harder than it looks. To keep one step ahead of the attackers, Song insisted on thinking like the same attackers.
“I sold this company and built Arbor when I realized the nature of the attacks was moving very quickly. Teenagers turned companies like Yahoo, eBay and CNN upside down and held them hostage. We saw the pendulum swing, that even teenagers can take the world hostage, so we decided to step in, ”he says. Song’s next leap was when he came to Barracuda Networks and started building security for everyone else.
Eventually, he started his current company, Duo Security, which he sees as an interesting exercise to find the middle ground. “Arbor was for government organizations and institutions, Barracuda for everyone. Duo Security is more for that middle, democratizing security and making it something any company can be capable of, ”adds Song.
“Attacks are not ingenious. The simplest and most embarrassing way of doing things is through simple malware or a phishing attack. “
Hacker with a heart of gold
British companies were hit 230,000 times by cyberattacks of some kind over the past year. This does not apply to the newer known malware types WannaCry and NotPetya. Amid growing fears about the evolution of nasty ransomware attacks and data breaches, Song says it is a security vendor’s duty to allay panic and confusion.
“The answer should really be accessible. That is the void that we saw in the market. Security was overly complicated and was starting to get morally lost. Taking advantage of the complexity and confusion, the industry admires the problem rather than solving it. In addition, even security experts cannot tell who the attackers are. Is it a nation-state or a teenager? “
In the context of morals and ethics in the security profession, a recent study by KPMG found that 53 percent of UK businesses are considering hiring hackers to meet their cybersecurity needs. While the report’s authors view this as a desperate call from understaffed companies for certain technical talent, the art of counter-espionage is certainly not new. Are all hackers bad by default?
As a well-known hacker, Song has always had a thing for hackers with a heart of gold. “If you are safe, you have to gain a foothold in both worlds. You have to think like a hacker to defend yourself against them, ”he says. While in Arbor, Song recalls working late one night only to set off a digital alarm that alerted him to the fact that someone was trying to hack into his WiFi. It turned out that then 17-year-old Jon Oberheide was a streetwise hacker turned entrepreneur and innovator. “I caught him hacking into one of the wireless networks in our office while he was hiding under a stairwell in front of a Starbucks. Basically, it had triggered some alarms that we set digitally for a “honey pot” (a pseudo radio network intended to intercept hackers). “Instead of bringing charges against Oberheide, Song hired him as a student intern at Arbor and later founded Duo Securities together with today’s Dr. Oberheide.
“People of my generation deserve security in other ways. This type of exploration wasn’t illegal. This was before Linux existed. We grew up in the age of wargames and everything that’s somehow circumvented, and there are laws now. There are more standards and codes of ethics and conduct in the room. “
However, when it comes to ethics, just having the skills is not enough. You need the right motivation, he says. “We have a very clear code of ethics, and that includes doing everything we can to help others succeed. We’re the kind of team that has our backs on each other, not one that talks behind each other’s backs. “
For Song, the industry got lost and acted on the hype instead of downplaying it when necessary. “It’s so important to build a relationship and build a community. There are instances where you can solve a problem halfway, which might be enough to surprise a company, and it gives the security vendor a reason to make more money later. As long as there are more problems, there will always be a security industry. We believe we need to set an example of why we partner with other technology providers. It is not about benefiting from the world’s misery. “
The Oberheide team within the company, Duo Labs, is aggressively focused on research and innovation, with the sole focus on staying one step ahead of attackers. “We are trying to compromise the security of the two-factor authentication systems from Google and PayPal, as well as the laptops exhibited by companies like Dell, HP, Lenovo and Acer, and find a way to compromise these computers. It’s important that we stay innovative by building these skills in our organization, ”says Song.
“My job is to make the way security work obsolete today. We will work to automate and prevent many problems in the future. It’s about defending others and protecting their mission. Security can be made a lot easier. “
With a focus on innovation, Duo Security is now one of the fastest growing cloud-based SaaS (Security Software-as-a-Service) providers in the world. The company had $ 73 million in annual recurring revenue in 2016 and now protects more than 8,000 organizations worldwide, including Bolton NHS Foundation Trust, Etsy, Facebook, and Yelp.
In the UK and the wider EMEA market, the company has grown exponentially, a market that Song describes as a “ticket to the growth of (Duo Security)”. “We believe that this market offers us a tremendous upward trend. It’s early in his journey. We have learned a lot in the two years we have operated the area. Now we have nearly 2,000 paying organizations and 1,000 organizations using the free version in EMEA. That includes customers in every industry that you can imagine of any size, ”says Song. “And we’re here because we’re being drawn in. Over 90 percent of our customers are committed. “
With GDPR on the horizon, Song believes this is not a problem for the UK or EMEA, but for the world. “In many ways, Europe has led the world on the conscience of what is necessary for data protection, privacy and compliance with appropriate standards. This is one of the biggest geopolitical problems of our time, ”added Song. “Our job is noble, but calm.”
What makes this “noble but quiet” job all the more causal for Song is Duo’s corporate culture, which in his opinion is entirely intentional. “We are working on developing and growing. For us, it’s more about how we can think about how we’re evolving. We are effectively a different team every year as we have doubled our workforce and sales so many times. If you look around every six months, half the team is new, ”he says.
The Michigan-based tech company, so far from the New Boys’ Club in Silicon Valley, believes it is more about shared values than cultural fit, which Song says can be toxic to the sector.
“We are happy not to be part of the whole chaos in the valley. the monoculture, which leads to the groupthink of not very different teams. We have an enormous diversity, people with a wide range of backgrounds, perspectives and skills. We ask every employee what makes them unique and what we can learn from them. It is so important to know what cultural contribution you will make to the team rather than being committed to cultural fit. That way we can grow and do new things. “
Song’s team is made up of experts in anthropology, journalism, politics, and everything else in between because he believes the only true path to growth is to incorporate new ways of thinking that result from as much diversity as possible.
“80 percent of our employees do not come from our industry. We choose to be open and not closed, especially because the sector can be clubby. For me, it’s part of doing the right thing, ”he says. “We are all aligned in our ambitions and our common prisons and values, how we treat each other. That’s all that counts.”
Regarding the notorious gender gap in cybersecurity, Song says the average number of female employees in the industry is only 11 percent, while Duo’s workforce is 35 percent women. If you add up the other minorities represented, that’s 40 percent of the team. “It’s about building social capital and building relationships that go beyond role responsibility in the organizational chart. We turn hundreds of perspectives into creativity rather than conflict. Like any business, they need to evolve over time, especially when it comes to security. We strongly believe that you have to be willing to embrace new ways of thinking and different perspectives in order to grow. What got you here doesn’t get you there. “