Conversation with Chris Young, Former CEO of McAfee
Presented by: Chris Young, Matthew Prince
Originally aired on March 5, 2022 @ 11:30 AM - 12:00 PM EST
The inaugural episode of Cloudflare TV: A special conversation with Chris Young, former CEO of McAfee, joined by Matthew Prince, co-founder and CEO of Cloudflare.
English
Interviews
Transcript (Beta)
Welcome, Chris, to Cloudflare TV. This is the initial broadcast. Kicking it off, we don't quite know exactly where this is going to go, but super honored to have you as our first guest.
I think we met years ago through a mutual friend who introduced us, and I've always really admired you and your career, and we've sort of been in similar industries.
First of all, how are you doing? Is your family healthy and safe and everyone okay?
Matthew, thanks, number one, for having me on. I'm happy to be part of the Cloudflare community and thanks for asking.
We're doing well here, all things considered.
Clearly none of us would have predicted that the world would be and our country would be in the state that it's in right now.
So I'm challenged as many people are with what's happening there.
I'm sad with what's been happening in the country the last couple of weeks now, but I'm about focused on where we're going to go from here and how we're going to change things.
And I think that's the mode that a lot of us will have to start to shift towards as we come out of this period of time.
Yeah. So, you know, I've always really admired you and your career, and especially how much of a visionary you've been around, you know, the cybersecurity space.
You were a leader in cybersecurity before cybersecurity was cool.
I mean, you were a consultant for a little while after college and then just a few years after graduating, co-founded a company called Cyvalence.
How did you first get interested in cybersecurity?
You know, it's interesting. It's like any story, you know, you start with a journey.
I can tell you, for those who recall, who are those who are in my age category and can recall what connecting to the Internet was like in, you know, the late nineties, it wasn't anything like the experience we experienced.
But now if we have a little jitter in our video conversation, you know, we're concerned about it.
In those days, you're dialing up at, you know, nine baud speeds on a modem, literally.
And my friends and I actually thought that we could come up with this technology to cache web pages and serve up the web experience a lot faster.
And there were a few companies kind of doing it at the time.
But one of the things that was interesting is as we got out there and we started building our knowledge on it, we learned, Hey, you know, there's actually a ton of copyright infringement.
There's content misuse. There's a lot of abuse going on.
It was, you know, we talk about the wild west, but it was really, and many people know, it was really the wild west back in the mid nineties.
And so, you know, after we evolved our thinking, we said, Hey, there's a real opportunity to work with legitimate organizations, with companies to help them deal with the problems that they were.
And most of them had no idea of what was really going on on the Internet.
And we're just starting to put up websites and finding ways to have legitimate interactions with their customer base over the Internet.
So that's kind of how we got started in the company, you know, like many has evolved over the years and, and, you know, proud of what we did.
And I'm happy. I learned a lot from those days.
Did you, did you like being a founder? Was that, did that feel, did that feel fun or was it, I mean, it's always terrifying when you first start something.
It is.
And I'm sure you can relate. I went through the process with my co-founders of borrowing money, work out of my buddy's garage, sleeping on my friend's floors.
And we would go to New York.
We lived in DC at the time. So we would fly to New York and, you know, pitch people on the idea or try to get people to buy, obviously, you know, subscribe to the service.
And, you know, we slept on our friend's apartment floors to save money.
Those were the kinds, those are the kinds of things you do.
I know a number of people can relate to that. Things have changed obviously a lot since, since those days, but it was a fun experience.
It's a tough experience.
And it definitely teaches you a lot, not only about yourself, but about how difficult it is to get a business off the ground.
Have you been tempted to be, to start another one at some point?
I have. There's, you know, as you can, as you know, for, for a lot of different reasons, you know, I've, I've kind of gravitated towards large, you know, large cybersecurity businesses, you know, most recently McAfee and then, you know, being part of, you know, bigger companies that have been at this.
And I think it takes businesses and companies of all sizes to fight this problem.
But, you know, I, you know, I come up with ideas, you know, I have been supporting.
In fact, some of the time I've been, I've spent the last few months has really been starting to work with some of the entrepreneurs that I know looking at different opportunities to invest early stage and help people kind of grow, you know, their ideas.
I do every now and then think about, you know, what it would be like to go start something again.
And I can't say I've completely ruled it out, but you know, there's, there's so many interesting opportunities and clearly we all know there's a lot of problems yet to be solved in the cyber security realm more broadly.
You know, I, I think you more than almost anyone in this space have seen cybersecurity from so many different lenses, the consumer lens where you were at AOL early on and today on the boards of snap and American express to companies specifically selling cybersecurity solutions like RSA, VMware, Cisco, Intel.
And most recently you were the CEO of McAfee.
What's, what's changed over, over that period of time in terms of the threats and solutions in that, in that space?
You know, I think many of us can, can think back to early 2000s and you had the love sand virus.
I love you. You know, these are, you know, these are some, you know, we had Nimda, we had just a number of, of really you know, by today's standards, relatively basic attack types that, that we lived with and we evolved a lot even during those days.
You know, what I see changing a lot in cyber is, and it shouldn't be, I hope it's not any any secret to many of the people would be listening to this, but no, clearly the sophistication levels have gone up.
The targets have gone up, the volume has gone up.
And I know you see that a lot at Cloudflare, just the sheer volume and diversity of attack types that are happening.
And in many ways it's driven by the technology footprint that we have today versus what we had, you know, a little bit over 20 years ago when I, you know, when I first got started in this, in this business.
What has also been interesting to me and perhaps even more interesting than that, than the evolution has been how many attacks still leverage a lot of the same basic principles that they did 20 plus years ago.
You know, worming is still an effective methodology for a cyber attack.
Denial of service, you know, we've seen it research, obviously quite different than it was in the mid nineties.
But, you know, these are examples of some of the earliest forms of cyber attacks that have been reconstituted and combined in different ways with what we see today.
Not interestingly enough, unlike the way physical viruses, which we're all confronted with today also function in our health ecosystem.
It's pretty remarkable to think about.
So, you know, one of the things I'm, I'm always struck by is when I talked to companies, they often feel so powerless against these cyber threats that are out there and the volume, you know, do you think over the next 10 years, that's, that's going to change?
Is there, is there sort of, is this going to continuously be a challenge or is there some chance that the good guys are going to, going to turn the corner?
I don't know that I see a day when we, you know, you're never going to be completely immune from a cyber attack.
Just like we're not immune from attacks and violence and, you know, crime in our world today, even in a physical sense.
But I do think that we can get to a place where organizations, you know, CIOs, CISOs, CEOs, have a better handle on their risk factors, better ability to deal with day-to-day attacks, understand how exactly they would recover if more of a non -traditional or what I'll call a high impact, but low probability event were to take place.
That's the, that's the future that I see us building towards. I think we've gotten better in many respects over time, but I think there's still a lot of work to be done to get there.
That being said, I'm an optimist about cyber. I think the things that we can do today with technology would not be possible if it weren't for evolution in our security models to protect so much of what we can do today with technology.
Is this still an area that's, that's fruitful for startups to invest in or do you think kind of the big companies own it?
You know, for so much time, a lot of that R and D and innovation came from small companies and now it feels like more and more it's coming from larger and larger organizations.
I think there's still, I think in tech, there's always room for innovation coming out of the, the, you know, the grassroots ecosystem of, of, you know, of entrepreneurs and, and that sort of thing.
But I, I, you know, I do think big companies are more committed to the cyber problem than they have been in the past.
I mean, we all remember the days when some of the biggest companies, biggest tech companies were sort of, you know, kind of ignoring the problem or weren't, you know, certainly weren't close to the problem.
And that's, that's not the case today.
I can't honestly can't think of a big tech company that's not investing and invested in, you know, much, you know, you know, greater levels, much greater levels of cybersecurity than they've ever been.
That being said, look, the problem, as we know, is a nimble one.
It's fast moving. You know, what I often like to say is in cyber, what makes us so unique is that we not only have to keep up with all of the changes that are happening in the underlying technology infrastructure.
So think of IOT, think of AI, big data, cloud technologies.
We have to keep up with all the evolution there, but then we have these cyber attackers who are completely random, unpredictable, and come up with new ways in a very nimble and agile fashion to take advantage of, you know, sort of the opportunity that exists in either how we run our, our organizations or the technology that evolves.
And that's going to come, that's going to require a very nimble and agile response.
And I think that's one of the reasons why startups are very much alive and well in cyber and why they'll continue to be a big part of the ecosystem.
That being said, I think if you want to truly raise the floor, raise the bar, the big companies have to continue to invest and do what they're doing because they're the ones who really set the foundation for everything upon which the cybersecurity infrastructure is built.
Whether it's cybersecurity or otherwise, are there, are there particularly technologies or trends that you're, that you're watching or that you're excited about going on right now?
I'm excited about some of the work that I'm seeing happening in a few key spaces.
I think that some of the work that's being done to truly provide visibility for organizations, for CISOs, I think is incredibly important.
You know, as we know, that's, that's continuously been a struggle for a lot of organizations and to, you know, part of the, the, the driver behind the comment you made earlier that a lot of companies feel helpless, organizations feel like they don't know what to do.
Part of it is they don't have the proper visibility to, you know, their systems, their tools, not only from a cybersecurity perspective, but from an IT hygiene perspective as a start, and then with cyber as an, as an add on to that.
But I'm seeing a whole new uptick in, you know, not just small companies, but some of the bigger players that are trying to provide security scoring and analytics to help organizations be smarter about where their tools are working and not working.
Cause look, if we're honest with ourselves, traditionally a lot of the cybersecurity tools have been built in a way where, you know, tools provided to practitioner, practitioner put it in place.
It was usually functioning in a silo, limited information and that led to a proliferation of a bunch of different tools, a bunch of different approaches to solve a complex set of problems.
Now there's a lot more attention being paid, I believe in the ecosystem to interconnectedness, shared information, you know, a lot of companies now building integration points among the different tools that are out there to better provide that visibility.
Still a lot of work to be done, but I think this is the right direction.
And then I think all of the things that, you know, for example, like you guys are doing applying real analytics, you know, call it AI if you want to identifying attack patterns quickly, responding quickly.
That's a real, I believe a really important evolution in our industry.
One that didn't start, you know, just recently, it's been ongoing.
But I think, you know, one, one thing we used to talk about you know, with, with my team is that anything that was rules-based and most cybersecurity tools traditionally have been rules-based tools.
I pick one, right. Almost each and every one, you know, from authentication tools to an IPS to a firewall, you know, endpoint security, all of every tool needs to evolve to become an intelligence driven tool.
I think that in and of itself is going to be a massive transformation in how cybersecurity products actually work.
Yeah. It's been interesting, you know, at Cloudflare, that was, that was always our thesis from the very beginning was that if you, cybersecurity was basically statistics at the end of the day.
And if you had enough data, then you would be able to do that.
And it's been really interesting where I think we've done an okay job of that for a lot of our history, but it's only been in the last little bit that both the tools and the data have gotten to the point where I feel like we can proactively now spot new threats and, and things, but it's, it's it's that to me, that's what's so exciting about right now is that you've got that, that coming together of the tools and the data that you need to, to maybe really get ahead of some of the challenges that, that, that we see out there.
I think it's possible. I mean, if you think about it attackers have traditionally taken advantage of the lack of visibility and the lack of information that organizations have.
And I think now, as you say, that the tools are there, the foundation is there to bring the right amount of information together to see patterns and, and more importantly, to react quickly, because, you know, one of the other pieces of, of sort of thinking that I often focus on is that time is such a critical element of everything we do in cyber, whether it's how we react to something in a, in a short period of time or how we think about our problems over the longterm.
So time is a critical element here. Yeah. What, so you, you up until fairly recently where the CEO of McAfee stepped down just a few months ago, how are you thinking about what's next for your career?
Do you think it's in the cyber security space or, or something else?
I think, you know, cyber is near and dear to my heart.
You know, there's a lot and there's, there's still so much happening in it, you know, but I am interested in areas like, you know, what we're just talking about big data and analytics you know, replatforming a lot of our technology in a cloud form factor you know, really leveraging information to make better decisions in so many different elements of our economy.
Think about supply chains, right?
One of the, one of the, I think post COVID changes that will happen is that we'll, you know, supply chains will need to refactor themselves, physical supply chains.
In this case, we need to refactor themselves in new and different ways and technology both the actual interconnectedness of technology, but the information that we can gather and then apply to making our supply chains smarter, more resilient, cheaper, faster I think is going to be a critical element of what goes on here.
And so I'm interested in, in, you know, things like problems like that that need to be solved.
But, uh, but I haven't forgotten about the cyber problem.
And I'm encouraged that increasingly almost every company that I come across is thinking about cyber and doing different ways.
You know, my, my dream for the world is that one day cyber will just be part of what we all do.
It'll be part of what we, we think about in every company, not just in cyber companies.
Table stakes for sure. I think, uh, and, and it's, uh, you know, I, I, I think that that's, that's where we're, where we're headed shifting gears a little bit.
Um, you know, you've, you've had, you've had such an incredible career and you know, one of the things that I think is so important is I talk to people who are starting their career is how, how much it matters to be able to look to people who look like you and sort of feel like you that, um, that are steps ahead in their career.
And so, you know, as, as you think about advice to maybe a young black engineer who's watching this, uh, broadcast and thinking about kind of the beginning of their career, any, any advice on, on how, how, how they should, how should they should be thinking about the world?
You know, my, my advice is, you know, as a young engineer or any young professional starting out and particularly, uh, black professionals and African Americans, you know, we, we, you know, make sure that early in your career, you're focused on learning.
That's probably, that was something that was very important to me.
Um, you know, and in fact, you mentioned, you know, briefly, I spent a little bit of time as a consultant at the very beginning of my career.
And one thing that was great about that is you get a tremendous amount of feedback, like you're, you're constantly getting feedback and you finish a, a three month engagement and, you know, you literally get, you get rated, you know, you have a sheet with like 50 different attributes of how you approach your, your work and, you know, you're rated kind of, you know, are you, how you're doing.
And one of the things that, that was really valuable for me, it was learning early on to, to really take that feedback, incorporate it into what I did next to learn, evolve, um, and more importantly, to seek feedback.
Um, I think in many cases, it's hard because when people offer you feedback, some don't always feel good to hear, Hey, you're not so good at X or, uh, or Y, uh, my advice to the young person of color or not, for that matter, is that you should aggressively seek feedback in your career, aggressively seek to learn and grow.
Um, ambition is good, but if, if you can, you know, build on your, your capability set early on, then you sound set the foundation to evolve.
Then you become a manager of others and you're providing the feedback.
Um, people will see you taking on assignments and, and, you know, being effective in what you do.
But the way you get at that is, is by, you know, really, I think seeking to learn and understand early and then applying it.
And the better you are, the more aggressive you are doing that.
I think the better off you'll be able to grow your career over the long run.
You know, I, I think we're, we're right now living through a time in the U S which is, which I mean, I think is incredibly discouraging at, at some level.
And I, you know, I think I've been horrified seeing the violence, which has been targeting black communities and, and, and just seeing how, how, um, how, how negatively impacted, um, those communities have been and how, how, um, how unfair, uh, the system has been in so many ways.
And I think you wrote a great editorial for the Silicon Valley business journal about how important it is to channel this anger that we have right now.
Um, but, but especially, and I think that conclusion was, was incredibly important that this isn't just a moment, but this is an opportunity for us to really, really make things better.
How, how, any, any thoughts on, on what we can do to keep the positive energy of this moment up and, and try and make a more lasting change for the country?
Yeah. I mean, like you said, Matt, I think a lot of us are, are, you know, we're, we're, we're hurt, uh, by what we're seeing and what we've been seeing.
Um, many people are encouraged as am I, by the response that, that has been, you know, in this, whether it's in the streets, whether it's in the boardrooms where, you know, you're starting to see, you know, see companies, leaders coming out with not just statements, but with, uh, money and commitment to change.
But, you know, I think as you pointed out, one of my, my key areas of focus is that the change needs to be the commitment to change is most importantly needs to be sustained over a period of time.
And we didn't get here overnight.
I mean, this is a, you know, what we're seeing, uh, Dem, you know, demonstrated in our country right now and what people are protesting in the streets over is, you know, a problem that's as long as the history of this country.
And even prior to its founding as a country, um, it goes back that deep.
And so it's going to require a sustained effort to fix it. But I, like you, um, I've, I've turned a lot of my attention to focusing on what do we need to do?
How can we take concrete actions towards improvement and to, and towards change?
Uh, you know, I'll tell you a couple of things that I, I think many people can focus on.
I think leaders, companies can focus on. Number one, it's the numbers, it's the metrics.
You know, I point out in that piece that look, even in Silicon Valley, as, as, as meritocratic as we like to believe that we are, you know, blacks are represented at lower ratios and other, other, other races in the company, in our companies, they leave at high faster rates, higher rates.
Um, they're not advancing, um, at the same level as many others, uh, of different races.
And so what does that tell us?
That tells us that we, we need to make sure we've got a good pipeline of professionals, uh, that are black coming into our, our companies.
Uh, and I would say that's also true about diverse candidates, uh, more broadly speaking, but this is a moment where we're focused on black, black professionals.
So how do we get them into our companies?
Well, we need to broaden our recruiting efforts.
Uh, we need to set targets, uh, for our leaders, our managers and our companies to make sure that they're, uh, really reaching out and trying to find candidates that are qualified.
And then I think once we bring people into the organization, we need to make sure we've got support systems and, um, those matter, uh, cultures and companies, uh, can make or break the individual.
And I think the, the right support networks are going to be critical around, uh, making sure that black employees can thrive in these organizations.
Um, and I think all of this has to be part of a sustained effort, uh, in the private sector.
I'll focus on that for a moment to really change our, our, our, our numbers.
I'll tell you, you know, I first saw this, I was part of this at Intel.
Like the guy, you know, when I, when I was at Intel, um, our CEO Brian Krasanich at the time, he said, look, we're not going to talk about it.
We're going to put numbers, hard numbers. You guys, we were the senior leaders in the company at the time.
You guys are going to have metrics.
You're going to have targets. And I would say Intel, you know, I've worked in a lot of big tech companies, Intel was better represented, um, just at a cursory glance of African -Americans in the company.
As a result, the culture around it, I think is stronger than what I've seen in other places.
And I brought some of that with me to McAfee in terms of how, um, we thought about diversity at McAfee and, and, you know, that I'm happy to say, that the team there is committed to, to the same kinds of metrics and measurement, uh, that, that we had when I was there.
And that's, every company can do things like that. And then I can tell you the other thing, I'll say is that companies have influenced far beyond their own, you know, their own borders, if you will.
Uh, you know, for example, one of the, one thing that was pointed out to me is like, when was the last time you checked, uh, the congressional members that your PAC was donating to?
What's their record on social justice? Um, simple thing to do. Hadn't thought to do it.
Um, something that I think is incredibly important because, you know, as a tech person, you're focused on, you know, what, what's their position on regulatory matters?
What are their position on privacy issues? Um, you know, in cyber you're worried about what's their position on encryption and, uh, and how we're thinking about those kinds of issues.
This is a, but, but we should be looking more broadly to make sure that, that the, the influence and the issues that we care about in society are reflected in everyone that we employ, but also the people we support and the other companies with whom we do business.
Yeah. You know, I, for all the, all the things that tech has been good at disrupting, I think that it's high time that we, that we all can do more to disrupt this space.
One of the things, you know, I've been thinking about a lot is as we increasingly are willing to have people work remote and not force them.
I mean, Klaffler's first three offices were San Francisco, London, and Singapore, which are not really places with their, you know, as large of black communities.
You know, what I'm hopeful is that as we give people more choice, that that's a way of us encouraging more diversity, you know, on, on our teams.
And, you know, it's, it's, uh, it's, it's challenging.
You know, one of the things I think that I've admired about you has been your work to get more, uh, more underrepresented groups on corporate boards.
How's that going? And how, how are you thinking about that? You know, it's a long-term effort, you know, and I join a lot of, uh, you know, really, I think forward-leaning leaders in this, um, you know, I, I think, I think there's so many great organizations that are working towards more diversity on boards.
Um, you know, him for her as a great organization that, that is trying to focus on, you know, getting more, uh, female leaders, uh, onto corporate boards.
Um, I know a number of, of African-American CEOs, uh, Shelly Archambault is a great example of that.
She's on a number of boards and she's a great advocate for this Ken Coleman, another great advocate.
Um, but it's going to take a lot of effort. You know, I think, I think, you know, I think it's, it's a, it's back to, you know, boards, you know, nominate, nominating and governance committees on boards and every public company board has one, uh, need to make this a part of, of what they're doing.
Uh, they need to make, make sure that they're looking at diverse candidates.
They're, they're thinking about the makeup of their board. And I'm proud to say that the, the, the companies I'm a part of, uh, are, are doing that and take, obviously take that very seriously.
Um, there's clearly, and everybody recognizes that there's way more work to be done, but, but we need to make sure we stay focused on the issues and we need to make sure that we, you know, we, we make visible the candidates who are qualified to be on, on boards as well, because, you know, that's always been an excuse, right?
Well, there's not enough candidates and not enough people of color we can find or women we can find.
Uh, I don't believe that's true.
Uh, I believe that there's, there's great candidates. Uh, I think that the nom and gov committees of boards are going to need to make sure that this is part of their criteria and then the other community.
And, and I'll give, you know, I will say, um, some private equity firms are starting to take this one up as well.
And I think more need to, but, you know, think about private equity firms place big ones place literally hundreds of board members every year on their companies.
They can have a massive influence on the makeup of private company boards as well.
Many of whom become part of public companies later or qualify, uh, up and coming potential board members to, to serve on public company boards.
So again, it's back to everybody's got to focus on the problem, make sure that it's part of the goal set that they have for themselves and for their organization, and then remain committed to it.
It can't just be a situation where, um, you know, people get up in arms today with what's happening.
And then in six months from now, when we continue to see fallout in the economy from, from the shutdowns that we've had and 20 million people out of work that we now move on to the next thing, we can't move on.
This has to stay part of our consciousness for quite a while. Yeah. I think that that, that, that point from your editorial was, was dead on.
So we're, we're out of time and we're running a television station.
So we're supposed to stay on schedule, but, but I did want to say, you know, before, before we go, um, so first of all, thank you, uh, for being, being the first guest.
Um, and, and I think, you know, I have, for the last, for the last several weeks, and I think actually just, I mean, for the last several months, this has been a very anxious time.
I think when I hear from people on our team, a lot of them feel incredibly sad or discouraged by what they're seeing.
Any, any notes of, uh, of optimism, anything that, uh, anything that you'd leave us with that, that you're, that you're seeing that, uh, that, that, that's encouraging?
You know, perhaps the thing that makes me the most optimistic, Matthew, is when I look at the faces, uh, of the, the, the people out in the streets now all over the world, literally all around the world that have come out for equal justice for black lives matter.
It's not just black people.
It's not like the sixties when it was mostly black people with a few supporters.
This has been a much, a very diverse group and it's young people leading the way.
Uh, and that's encouraging to me. Uh, that is exact, but that's exactly why I just want to, I can't, I will remind everybody I talk to friends, family, uh, supporters that we need to just sustain the effort here because that's what's going to carry us through.
Uh, and I think every, I think the P, I think most people are starting to realize that this isn't, you know, this is an issue that's about, you know, about really making our country the place that we needed to be for everyone, not just for, uh, for certain groups, but we have a long way to go and a lot of work to do.
Well, Chris, I really, I really appreciate it.
And thank you. Thank you so much for being on.