Interview With Synack’s CEO Jay Kaplan: Getting the ‘Hack’ of It
At the Economist Innovation Forum, I interviewed executives on the topic of innovation. Synack is a cybersecurity company that employs hackers.
Inspiration leads to aspiration leads to innovation.
In today’s business world, companies must continue to innovate in order to compete, especially in places like Silicon Valley — which can be more like Death Valley if stagnation sets in.
On March 10 at The Economist magazine’s Innovation Forum held at the Four Seasons Hotel Chicago, I had the opportunity to talk with senior-level executives in tech and other fields on building an innovative culture.
Up first is my interview with Jay Kaplan, the CEO of Synack, a cybersecurity startup based in Redwood City, California, that employs hackers to try to break into companies’ networks to figure out where they are most vulnerable to cyberattacks. As of February 2015, the young company had already raised more than $34 million in venture capital funding. The name Synack comes from a “geeky term derived from the TCP IP three-way handshake,” Kaplan told me. “Basically in computer networking, it’s how two computers make a connection with each other.”
Kaplan previously worked with the National Security Agency as a senior analyst dealing with counterterrorism issues.
An edited transcript follows.
Whatever Works: What is Synack?
Jay Kaplan: We help employers build enterprises — just what they look like from an adversarial perspective. We do think by recruiting hackers all over the world and coupling them with technology to basically incentivize them to try to break into our customers. When they’re successful, we pay them money.
WW: How big is your organization?
Kaplan: So we’re about 85 employees internally and roughly 500 researchers who are in our independent network globally.
WW: So what do you do to promote innovation at Synack?
Kaplan: I think innovation can happen in a multipronged way. One, we have a very innovative model — recruiting hackers all over the world to try to break into customer technology. Obviously that’s a very innovative approach and a new methodology to help our customers just get better from a security perspective. But innovation is something, I think, that can be fostered in a work environment. Coming from the Department of Defense, I think you’re in a situation where you’re dealing with lots of bureaucracy, and innovation is a lot harder to foster and facilitate just given that there are so many hoops to jump through. In a startup environment, you have flexibility and the ability to get things done very quickly. So when people think of new, creative ideas, you’re able to execute on them very quickly and see if they work or if they don’t.
WW: How hard is it to promote innovation when there is that bureaucracy and that history?
Kaplan: It is very hard, especially being in an intelligence organization like the NSA, which is a component of the DoD [U.S. Defense Department] where the stakes are really high. They don’t want to make mistakes, and they’re very conservative with a lot of their approaches, but at the same time, in order to win, in order to beat the enemy that we’re ultimately trying to defend against, protect the nation against, you have to think a little bit outside the box.
The government, more broadly speaking, is very conservative and it’s very difficult to get things done. It’s very hard to innovate. I think certain organizations like the NSA might be easier.
WW: How do you get buy-in on innovations in that kind of environment?
Kaplan: Buy-in is always a difficult thing when you are thinking about very creative approaches. Obviously it’s hard to give you exact examples, but you know, I worked primarily in the counterterrorism division. When you have a potential actor that’s about to do something bad, you want to try anything you possibly can to get the intelligence that the country needs to defend itself. Buy-in means sometimes pushing the envelope a little bit, but it’s really about making people who are above you, the higher-ups in the organization, understand what you’re trying to do and get their buy-in ultimately to make the mission as a whole successful.
WW: So what innovations are you seeing in cybersecurity?
Kaplan: Cybersecurity is definitely a very quickly growing industry. Last week there’s a cybersecurity conference called RSA based out of San Francisco, and it’s the largest security conference of the year. You just walk onto the show floor and see there’s so many companies doing so many things, and being very innovative in the space. They’re doing it out of necessity because we’re seeing time and time again companies are just getting breached left and right, and we need to really push the envelope to think of new, creative ways and methodologies to secure them.