FRAMINGHAM (11/13/2003) - David Peterschmidt, the former CEO of Inktomi Corp. who oversaw that company's US$235 million acquisition by Yahoo Inc. a year ago, took over as CEO of network security management start-up Securify Inc. last month. Peterschmidt met with Computerworld Wednesday to discuss his plans for the 5-year-old, Mountain View, Calif.-based company.
Excerpts from the interview follow:
What happened to your predecessor, Mark Hangren, who had been CEO only since April of last year? I wasn't around, but obviously I had to ask the same question. I think the board just fundamentally decided that this was at a scope and a level beyond the experience set that Mark brought to the company. He didn't do anything wrong.
What attracted you to Securify? I said if I was going to run one more company, and if it was going to be pre-IPO, it basically had to meet three criteria: that the product was already in the street and proven, that the intellectual capital of the development team had to be robust enough that the proven product wasn't going to be a one-hit wonder -- that they could propagate the technology -- and that it had to be focused at a large market, where you could rationally say you can make a $300-million-to-$500-million-annual-revenue company out of it. So that's how I ended up here.
Are you making money yet? Cash-flow positive, but not making money yet.
When do you project that to happen? I think it's 2005, because quite frankly, I plan to build the company out pretty substantially over 2004. The company has fundamentally been in a development mode, and it's got a very lightweight sales and marketing capability.
You said "pre-IPO." Is it really pre-IPO, or is it preacquisition? I think this has got the breadth to it to be pre-IPO. An early sign, for example, is that the very first enterprisewide deal this company did was a $5.8 million deal with the Navy.
What makes Securify's technology so distinctive? What (Securify founder and Chief Technology Officer) Taher (Elgamal) and the team have done is build a company that says this idea of trying to get security one point at a time in the network is craziness -- we're never going to get there. We've got to get to a more comprehensive infrastructure-layer approach to the network and base that on policy. Then you've got a fighting chance of really making stuff happen.
How much of the blame for the security problems corporate IT faces do you place on Microsoft Corp.? What you've really got to go pin the tail on first is the network, because it is the petri-dish medium that allows these viruses to cultivate themselves. It's not that Microsoft or any other software company doesn't have to put their patches in. But you've got to fix the network first. You've got to look at it from the top of the business process down, rather than from (the perspective of) firewalls and antivirus software. (The latter is) a journey that's way beyond the life span of you, me and the next two generations behind us.
A lot of the stuff that Microsoft is catching the bullets between their teeth on, they're going, "Man, if we could only point out to people all these networks that are misconfigured and equipment that's not set up to communicate properly, we'd have a lot fewer problems."
How difficult do you expect it to be to convince IT shops that your policy-based, real-time risk management approach is unique? The challenge that we've got taking this into the market is that we're a fabric between the network guys and the applications guys and the security guys, and they don't talk to each other. So we've got some interesting marketing and positioning work we've got to do to get this across. The military and governments are a lot easier because they're so hierarchical in the way they're organized. You get to the top guy and he says, "Do it."
What is it that companies are failing to get from other network security vendors that you think you can provide? The life I lived the last seven years as the CEO of (Inktomi), a public company (for example) -- I could never get quantifiable measurements on this part of my business. At Inktomi, I had five data centers with 6,000 servers in them. I asked the question, "How secure am I, and how well is the network really operating for us?" All I got was, "It's better than it was, because we installed all this stuff." But they didn't know how effective it was.
What will future versions of your technology do that the current version doesn't? Over time -- not too long a time -- we think we can do the same thing for the application layer. So we're really focused on how we can help a business process become deployed in a secure fashion. That is the ultimate high-value proposition. We are convinced we can do that, that we will get there. And that's going to be a big deal.
So we're going to talk to people like PeopleSoft (Inc.) and SAP (AG) and say, "We think there are some real synergies here with deployment of your apps and business processes in a secure fashion." (Security is) not on the checklist today.