Chris Wysopal, Co-founder & CTO of Veracode, talks about how startups take time and how some founders may look like an overnight success, but usually they’ve been at it for years. And how to be a successful founder, you need to love what you do. In this second and concluding episode Chris touches on a wide range of topics – quantum resistance in place before we start breaking security keys when quantum computing fully emerges. He talks about his mentoring activities in the Black hat software security community. And there’s a a very valuable insight from the research carried out by a fascinating startup called Humanyze on the impact of open offices on our ability to do effective work. ”They’ve created this field created by 3 people from MIT called people analytics and the idea is how can we make organisations work better. How can we get the right meeting spaces, how can we help with culture, because the space you work in matters – there’s a big debate over open spaces … high cube walls versus low cube walls offices and whatever and they’re data shows that human interaction actually goes down 10% in an open space.”
—
Transcript
Chris Wysopal
People see someone and they’re an overnight success. No, they’ve been working on it for five plus years probably if you’re noticing them as a big success, right? Like that that’s like sort of the minimum. Like when I started Veracode I said, ‘yeah, I can put five years into it’. And at five years. I felt like we were really just getting started like to really capitalise on what we were doing. And to exploit the whole market space it’s going to be at least another five years. So you have to put it in a lot of time to build something big and lasting. And then you have to, you know, you have to be absolutely passionate about it. You have to absolutely love what you’re doing. It can’t be like … it’s not like a day job. You know, it’s going to suck up all your time and all your mental energy. So you have to be committed to it. And I think if you put in the time and you’re committed to, and you’re passionate about it, you know, I think anyone can do it.
Stephen Cummins
Welcome to 14 minutes of SaaS, the show where you can listen to the stories and opinions of founders of the world’s most remarkable SaaS ScaleUps.
In the second and concluding episode with Chris Wysopal, the co-founder and cto of Veracode, he expresses his interest in a wide variety of topics. He talks about mentoring activities with the Black Hat data security community. He has a very valuable insight from research carried out by fascinating startup founded called Humanyze – an MIT startup which he advises …. on the impact of open offices on our ability to do effective work. He also touches on whether quantum resistance will be in place before it starts breaking security keys when quantum computing fully emerges.
You’re on the board of a very interesting looking operation called Humanize – born out of MIT media Lab. You joined I think about five months ago.
Chris Wysopal
Yeah. So, I after, after being acquired, you know, I’m part of a big company now, I wanna keep my, you know, roots a little bit in the startup world. And so to give back to the Boston startup community … I started going to, some of the MIT, Angel, meet ups. And they have every couple of months … they’ll have pitches and to learn about… learn about some of the new companies and network with people … and I was networking with one of the guys from Romulus capital and I happened to say, you know, ‘I’m interested in technology companies … You know, I hope to be on a board of company some day and share my experience growing Veracode for 12 years and, you know, we met over lunch a couple of times and then about six months later he said ‘You know, I have this company that I think you’re a good fit for … we’re looking at getting our first outside board member.’ And, you know, I met the team and they’re just doing some really cool stuff.
What they’re doing is they’re using these devices that collect they called sociometrics. So you wear this device. It knows, you know, with RFID … it knows like who you’re standing near. It knows if you’re talking to them or not. It knows your location where you’re having your conversations.
They also of course, tap into things like the phone system and e-mail to see who’s communicating with who on what … you know that from the calendaring system …. who’s meeting with who and they kind of understand how your organization is interacting with each other and they’ve… they’ve created this field. It was founded by three PhDs from MIT and the field is called people analytics. The idea is how can we make organizations work better? How can we get the right meeting spaces? How can we help with culture … because the space you work in matters right, There’s a big debate over open spaces. ……
Their data shows that human interaction actually goes down 10 percent in an open space.
Stephen Cummins
That’s interesting!
Chris Wysopal
Isn’t that really interesting? Because people are like … they’re wearing their headphones … they’re actively trying to focus …
Stephen Cummins
Maybe they’re overcompensating.
Chris Wysopal
Maybe they’re overcompensating. It’s still an ongoing research area but that’s the kind of decision making you can make with that … and how to organize your organization. So. You know, who are… who are the actual leaders in the organization, right? Yeah. Who are really the facilitators. Yeah. And those are really good things for organizations to now. Really cool stuff.
Stephen Cummins
You’re a member of the Black Hat review board. Can you tell us a little bit more about that?
Chris Wysopal
Yeah. So, Black hat is a conference that started in the late nineties and it really became …and it’s called Black Hat because it was really bringing the hacker community and the traditional governments and enterprise, you know, security community together.
And so the people who are doing vulnerability research – who are independent, who are just trying to figure things out … can inform the people who are actually running larger organizations. And again, it’s trying to learn from the way hackers work. And this is what the conference is all about … it’s been a place where a lot of us got our first conference on stage to talk about, you know, our research or, you know, what we were discovering around security and share it with the… with the community and I spoke at Black Hat. And, I wanted to, you know, help become on the review board … which essentially, that’s the people submitting talks to, to see, you know, select what are the best talks, right?
And, it’s great because I get to sort of be in the middle of the of what’s going on with the community – but I also get to help people that are just starting out, you know, and there is a little bit of a mentoring aspect to helping people sort of break into the security community through black hat. So it’s… it’s very enjoyable to participate that way. ….
Being someone who’s been immersed in SaaS for like 12 years, some of the stuff that we built it at Veracode ….. I still think a lot of companies can adopt the model of, yes, you have your SaaS, your customer interacts with you through APIs … through your website.
But there are some things that just can’t be done just with software. You know, as a technologist it’s kinda weird to say that …. you need to figure out how do you engage people to provide the services that only people can do. And how do you make it so that the software and the people perform together to provide a cohesive service to your customers. This mixing of people and technology is an area that I’m interested in exploring.
Stephen Cummins
Very good. You must have a very busy life doing what you do … how do you stay healthy?
Chris Wysopal
I’m pretty lucky that my wife is a great cook. And we almost never eat out. We always Cook at home. And so I eat very well? I watch what I eat. You know, I use an app. And, you know, I use an app. I think good nutrition is sort of the foundation of… of being healthy.
Stephen Cummins
What app do you use?
Chris Wysopal
I use My Fitness Pal.
I actually met the founder in my first WebSummit in Dublin … I think three years ago. And he’s from Massachusetts. I think he’s from Lexington Massachusetts – couple of towns over for me. And, so I think that’s important. I think getting enough sleep is important.
Stephen Cummins
What drives you to keep doing what you do?
Chris Wysopal
Yeah, I think, you know, the security of our technological world is… is critical to the… to the future, right? We don’t want bad actors … whether it’s as simple as like stealing money or is complex to manipulate demand or the democratic process to take advantage of the technology.
You know, we’ve created … just about everything is software now, right? You know, they call it the internet of things …. but it’s not the thing that’s important … it’s the fact that it’s connected to the internet and it’s connected to a whole back end of software. That’s what makes it interesting. And so the security a software to me, it’s just like, it’s something I’ve been working on for a long time … and it needs to keep getting better as technology changes.
We need to keep figuring out how to get better. What I’m talking about later today is the security surrounding the cryptocurrency ecosystem … which has a lot of problems. So inventing technology … there’s new problems to be solved. And I’m just really interested in helping people solve those problems.
Stephen Cummins
A friend of mine that I interviewed recently … whurley … he’s building a platform to interface with quantum computers and he’s working with IBM [whose machines] are stored at temperatures below the temperature of outer space, but he’s interested in making that accessible to developers around the world.
And he’s been quite successful in his previous endeavours. He’s building a platform to interface that .. quantum-as-a-service so to speak.
What do you think will be the consequences of us building viable quantum computers … and their ability to sell massive problems? Do you think initially there will be a lot of security keys broken. Do you think there’ll be a lot of keys broken when that new paradigm happens.
Chris Wysopal
Yeah, I do… I do I think, because the algorithm is designed, without the quantum computing in mind … they are breakable with … so you come up with like a completely new technology, you can break some old technology that doesn’t have that in mind.
So like our conversations now that we’re encrypting, you know, and everything in the past that could potentially be broken … but it doesn’t mean that we can’t build quantum resistance encryption into the future. And so that’s a that’s a big area of research now and, I think in the next, I think before we have, you know, viable quantum computers, that can break, you know, 256 bit keys easily, we will have quantum resistance in place. But it’s not gonna help us what the past. Okay. So just like everything on the internet is like permanent – like sort of everything you’ve encrypted could potentially be broken in the future.
Stephen Cummins
Okay… okay? Do you have any hobbies Chris?
Chris Wysopal
Yeah. See I’m just sort of I’m sort of a geek at heart. So I like trying to tinker around with technology … electronics, ham radio is one thing I play with. I’m trying to get my son interested in that now. I do a lot of photography, I’ve a photography studio set up. So those are just some of the hobbies and it’s… it’s mostly because I like tinkering with technology more than anything else.
Stephen Cummins
What are the one or two big learnings from your experience that you might share?
Chris Wysopal
So a big one is it’s gonna take a lot of time. I think people underestimate. how much time it takes because people see someone and they’re on overnight success. No, they’ve been working on it for five plus years probably if you’re noticing them as a big success, right? Like that that’s like sort of the minimum. Like when I started Veracode I said, ‘yeah, I can put five years into it’. And at five years. I felt like we were really just getting started like to really capitalise on what we were doing. And to exploit the whole market space it’s going to be at least another five years. So you have to put it in a lot of time to build something big and lasting. And then you have to, you know, you have to be absolutely passionate about it. You have to absolutely love what you’re doing. It can’t be like … it’s not like a day job. You know, it’s going to suck up all your time and all your mental energy. So you have to be committed to it. And I think if you put in the time and you’re committed to, and you’re passionate about it, you know, I think anyone can do it.
Stephen Cummins
Well Chris, thanks for bringing your time and your passion and your commitment to the table here at 14 Minutes of SaaS. Really appreciate it.
Chris Wysopal
Thanks for having me.
Stephen Cummins
In the next episode we have Cameron Adams, co-founder and chief product officer with Canva … talking about his near 20 year old pet project called the Man in Blue, working as the main designer on Google Wave – a failed project to build something similar to Slack – very high profile that lasted for 4 years, seeking out more control in his life, getting together with Mel Perkins and Cliff Obrecht to form a very popular company and technology called Canva – a 2.5 billion dollar success story .. and why he prefers Sydney to San Francisco as a city in which to build a startup.
Stephen Cummins
You’ve been listening to 14 minutes of SaaS. Thanks to Mike Quill for his creativity and problem solving skills and to Ketsu for the music. This episode was brought to you by me, Stephen Cummins. If you enjoy the podcast, please don’t forget to share it with your network, subscribe to the series and give the show a rating.