Marten Mickos is a well-known technology executive in the open-source and cloud realms, but he’s less known—if known at all—in the security industry. That’s about to change, as bug bounty vendor HackerOne named Mickos its CEO today.
Mickos’ background includes stints as CEO of open-source database vendor MySQL, which Sun Microsystems acquired for $1 billion in 2008, and CEO of open-source cloud vendor Eucalyptus, which Hewlett-Packard acquired in 2014.
HackerOne was founded in 2012, and in a recent video interview with eWEEK, Alex Rice, the company’s co-founder and chief technology officer, explained the company’s roots and its core business model.
HackerOne has raised $34 million in funding, and one of the company’s lead investors, Benchmark, also helped to fund Eucalyptus. As it turns out, it was Bill Gurley, general partner at Benchmark, who introduced Mickos to HackerOne.
“I got a ping from Bill Gurley, and then Merijn Terheggen [co-founder of HackerOne] reached out and I had a discussion with him,” Mickos told eWEEK.
Mickos candidly admitted that while he knew, of course, that security is an enormous challenge, he initially wasn’t mentally engaged with the idea of the security business until he spoke with Terheggen. In conversations with Terheggen, Mickos said he came to understand the business model of HackerOne and became very interested very quickly. HackerOne runs bug bounty programs for companies in an effort to use its community of security researchers to help secure its customers.
“I surprised myself how quickly I got very excited about the HackerOne business and was very interested in learning how to deal with serious security issues,” he said. “Vulnerabilities are exploited by the worst criminals in the world, and here with HackerOne is a way of finding vulnerabilities and eradicating them in a way that uses the intelligence of the crowd.”
While Mickos is not a veteran of the security market, using the intelligence of the crowd, or a community, is an idea he’s very familiar with, as it’s the basis for all open-source software. In open-source software, there is the often repeated Linus’ Law, which holds that with enough eyes all bugs are shallow. At HackerOne, that same basic idea is manifest with bug bounty programs.
“The only solution to the problem of modern security is to enlist a large group of people who think in their own ways and can find bugs that no software or robot can find,” Mickos said. “Mankind is so unique in that it creates bugs that only human beings can find.”
While automation does serve a purpose for building and testing software, Mickos emphasized that there are certain types of flaws that machines will simply never detect.
“Every human brain has 86 billion neurons, and if you take a whole community, that’s a lot of neurons,” he said. “That’s very powerful.”
From a business perspective, Mickos already has a basic plan for his first 90 days as CEO of HackerOne. One of his first steps will be to do some additional hiring to enable HackerOne to expand more rapidly.
“We have work to do in operationalizing our go-to-market efforts and sales, identifying the best way to generate leads and get customers on board,” he said. “HackerOne is doing very well, but we’re now at the volume where operationalization is needed.”
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.