10 Questions for Bit9 CTO Harry Sverdlove
Harry Sverdlove heads the technical team for Bit9, a Waltham, Massachusetts company that provides trust-based security software to detect and prevent sophisticated cyberthreats. Its customers include more than 1000 companies use its software, including Fortune 500 companies in banking, energy, aerospace and defense, and U.S. federal government agencies.
Name: Harry Sverdlove
Time with company: 4 years
Education: Bachelor of Science degree in electrical engineering, MIT
Company headquarters: Waltham, Massachusetts
Countries of operation: U.S., U.K.
Number of employees total: About 120
Number of employees the CTO oversees: 3
1. Where did you start your career and what experiences led you to the job you have today?
Originally, going way back, I started my career in computer science at the age of 12 when I spent two summers at Wesleyan University studying computer science. Through that experience, I made a number of contacts and actually had small software engagements. I've been a nerd as far back as my memory goes.
My professional career started at Lotus. It was in the heyday when 1-2-3 was the big thing, before IBM acquired Lotus.
I was at a number of different technology companies and ended up at NuMega Technologies, which specialized in developer-oriented, code analytic tools, and that's where my interest in computer security really started, especially outsider threats. All applications have flaws and vulnerabilities, and the idea that there are enemies out there actively looking to take advantage of those flaws both bothers and motivates me.
After that, I started my own consulting business and did a lot of work in the area of email and spam detection, before becoming chief scientist at SiteAdvisor, which analyzed the safety of websites across the Internet. It was acquired by McAfee and I spent two years at McAfee. While there I was able to see firsthand how reactive the security industry has become and how ineffective that can be against a determined attacker. Following McAfee, I came to Bit9 where I've focused on proactive approaches to cyberdefense.
So, I've been in the software engineering space for over two decades and the computer security space specifically for about ten years.
2. Who was an influential boss for you and what lessons did they teach you about management and leadership?
The most influential boss for me was prior to joining NuMega. He was CEO of SQA, Ron Nordin, who, not coincidentally, is on the board of Bit9. Ron was CEO [of SQA] when we were a small company. I was employee number 17 and I think he was employee 15. That was before we were acquired by Rational.
He taught me to inspire employees while marching toward a very specific set of common goals. A lot of the way I manage today comes from that experience. You can have the best process in the world, but if you don't have the team members aligned, it's all for naught and the same is true for an overall company as well as its mission.
3. What are the biggest challenges facing CTOs today?
I don't think it's specific to my market -- I think one of the biggest challenges for all CTOs is that there is so much hype and FUD about technology. One of the biggest challenges I find as a CTO is cutting through all that to find out what trends are real and which technologies really work.
Is there going to be some new cloud computing or smart device solution? There's so much marketing hype and sci-fi around figuring that out. Which parts are real and what can we do to take advantage and leverage the parts that are real?
It's a challenge, but it's one of the best aspects of being a CTO for me because I get to be true to the technology.
4. What is a good day at work like for you?
I would say specifically as the CTO of a security company there are two types of good days for me. We have great customer relationships, and the best day is one where I get a call from a CSO or CISO saying that we helped stop an attack on their network. It's almost hokey-inspirational, but a good day at work is when I can come in and talk to a C-level executive about how we helped protect their company.
The other best day is when I come in not too inundated with meetings, so I can sit down with the engineering team and talk about what we're doing. It's just me and the team and a blank white board that at the end of the day is anything but blank.
5. How would you characterize your management style?
I tend to manage at arm's length. I like to give the people who work with me the opportunity to shine, to come up with their own solutions, and then I see my role as helping them to stay the course. I like the team to work collaboratively, but I like them to work with clarity as well.
I set a goal post out in the future, for whatever the mission is that we're working on, and then my job is to keep them in the same game but focused on creativity.
I don't like to micromanage. I like the team to feel empowered enough to come back to me with their own estimations, and their own set of deliverables because I believe that goes back to fostering the same kind of atmosphere I talked about with Ron Nordin. You have to keep people inspired, but focused on a mission.
6. What strengths and qualities do you look for in job candidates?
There are three -- two of those are a little bit of mother and apple pie and the other one is a little different. The two characteristics I most look for are passion and creativity. I like to work with people who are passionate about what they do and who are also creative.
The third one you can look at the wrong way, but I like to work with people who are lazy. The best people I know don't like to do the same thing twice. The natural thing in engineering is to over-think. The smartest people I know don't do that. If they have to do something a second time, they try to find a way to do it better and they also tend to be the most productive.
7. What are some of your favorite interview questions or techniques to elicit information to determine whether a candidate will be successful at your company? What sort of answers send up red flags for you and make you think a job candidate wouldn't be a good fit?
I ask people to describe problems that they have solved, and how they solved them. Also, I'll come up with problems, and then ask candidates how they would solve them. With engineers, you'll often get different levels of response. Most of the technical challenges we face can be solved with simple, easy-to-solve approaches. If a candidate comes back with complex theories, then red flags go up for me. But if a candidate comes back with common-sense answers to potentially complex questions, that's a big plus.
I think it's more effective to focus specifically on the things they've actually done and not just theoretical answers. What's really telling is when I ask someone what problems they had in the past and how they dealt with them.
The other question I like to ask people is to name the worst co-worker or boss they've worked with and why.
The reason I ask that is because we all work for different characters, so I'm not looking for who that person is, but I want to see how animated they get as they answer. It tells me if they have a negative or positive outlook on their career. It's like asking a date about an ex-boyfriend or ex-girlfriend that they've had. If they get very animated, and they talk for a long time that might say that maybe they've spent a little too much time thinking about the negative aspects.
8. What is it about your current job, at this particular company, that sets it apart from other chief technology positions?
We're in one of the spaces that is moving and evolving at a faster speed than any other company for which I've worked. The security market is changing faster than I've ever seen. The technology is changing faster than ever before, but also the threat landscape is changing faster than ever before. Until recently, no one had heard of Anonymous or hacktivism. There is also the idea of nation states carrying out wide-scale cyber-espionage. Just a few years back, this wasn't talked about outside of government agencies. Now, you can't pick up a newspaper without reading about some data breach traced back to China or some other country. We're also now seeing the early rumblings of cyberwar and cyberterrorism -- Stuxnet, a cyberattack on Iran's nuclear capabilities, just happened two years ago.
Certainly, cybersecurity has been an issue -- we've known about the threats and the challenges for over a decade, but as part of our daily lexicon what used to be talked about in our back rooms or by nerds at a conference is now part of the mainstream. That has accelerated the opportunities to play in this space, but it's also an extreme challenge. The idea of making three- or five-year product plans, technology plans, that's much more challenging now. We often don't know where the technologies are going to be in three or five years.
9. What do you do to unwind from a hectic day?
What I like to do to unwind from a hectic day is have a glass of wine and watch the Syfy Channel. Whether it's watching a cheesy sci-fi movie with my wife or one of the sci-fi series, just doing that with a glass of wine is what I find relaxing.
10. If you weren't doing this job, what would you be doing?
I would be doing one of two things and probably both. One is I'd probably be home and writing iPhone or smart apps, because that seems like it would be a really fun thing to do, albeit not very profitable.
The other thing that is more serious is that I've always wanted to write a book. Here at Bit9, they've been asking me for a nonfiction book about security, but as I've mentioned I love sci-fi, so I would probably combine a little bit as any writer would -- and I'm not a writer, by the way! -- a little bit of science fiction with a little bit of the world we face. I think there are some great stories there. Maybe I'd write both books simultaneously.