Culture is Incredibly Important: Before I started my own company, I truly thought having a “company culture” was not that important. I was wrong. Once I became CEO, identifying what our company culture was and communicating it meant that it permeated through every aspect of the company: from the people we hire, how we retain talent, what we encourage and discourage, and most importantly, developing an environment that rewards good behavior and success. Ensuring that once the culture is defined that everyone buys in is also incredibly important. It’s the CEO’s job to make sure the company values aren’t just something written on the wall, but that they are implemented and become a core part of how people do business on your behalf. One example of SecurityScorecard’s culture is that we don’t have phones on people’s desks. We do this because we encourage people to talk to each other to solve problems, either by meeting face-to-face or with video calls. This is part of our culture and integral to the way we do business because we’re all about establishing lasting relationships.
Ihad the pleasure of interviewing Aleksandr Yampolskiy, a globally-recognized cybersecurity innovator, leader, and expert. As co-founder and chief executive officer, Yampolskiy has led the company since its beginnings in 2013 to become one of the world’s most trusted cybersecurity brands. His vision is to create a new language for cybersecurity by enabling people to work collaboratively across the enterprise and with external parties to build a more secure ecosystem. Prior to founding the company, Yampolskiy was a hands-on CTO at Cinchcast and BlogTalkRadio, the largest online talk radio and podcast hosting platform. Prior to that, he led security and compliance at Gilt Groupe, where he managed all aspects of IT infrastructure security, secure application development, and PCI compliance. Yampolskiy has a B.A. in mathematics and computer science from New York University and a Ph.D. in Cryptography from Yale University.
Thank you for joining us Aleksandr. Can you tell us the story about what brought you to this specific career path?
I’ve worked in the security industry for almost my entire career. Prior to founding SecurityScorecard, I held various leadership security positions at Goldman Sachs and Oracle before becoming the CISO at Gilt Groupe. I was working alongside Sam Kassoumeh, (now the COO and co-founder of SecurityScorecard) and we had different kinds of tools at our disposal to help us do our jobs. However, our Marketing team would sign contracts with vendors that we didn’t think we had enough visibility around. How could we understand how working with them would put our data at risk if there was no way to really measure or even understand how secure they were? All of a sudden, my job security felt precarious. If one of our vendors was breached, our data would be accessed and I could lose my job in a heartbeat.
Needless to say, this caused Sam and I a great deal of stress (and heartburn). We wished there was a way to compute a security score and have a holistic understanding of cyber risk, similar to what credit scores help financial institutions understand the risk of individuals. This is what sparked the idea for SecurityScorecard security ratings.
We thought, “What if we could engineer a way that would allow one company a deep view into another company’s security posture that would be instant, accurate, and independently verifiable without having to ask permission or wait around for weeks for answers to important security questions?” We strongly believed there were non-intrusive ways to obtain a clearer picture of the security health of a company. It was truly a ‘lightbulb’ moment.
Can you share one of the major challenges you encountered when first leading the company? What lesson did you learn from that?
When we first started the company, communication was in many ways easy. There were just a few people sitting in one room and whenever one of us learned something, we all did through osmosis because we were in such close proximity. For example, If I hung up the phone and said that we lost a sales deal, our engineer would swivel around and ask what features they could build. Then our marketing director would overhear and figure out how they could create collateral that would help communicate that new change and that kind of progress would happen very naturally and rapidly.
As we began to scale however, it became harder to communicate because we weren’t sitting right next to each other and we had employees in many different locations. Communicating information as well as being crystal clear on our company’s long and short-term strategy, vision, core values, goals, etc. became tantamount to success. That has been an important lesson for me, about how to scale communication as our company grows. Doug Leone, a partner at Sequoia Capital, is fond of saying that you must be a relentless metronome when you talk about something important. This means that you will have to repeat something over and over again to ensure the messaging sticks. I actually put a miniature metronome on my office desk to remind myself of that daily.
What are some of the factors that you believe led to your eventual success?
There are two things that I believe have been integral to my life trajectory: grit and perseverance. When I first came to the U.S. with my family as a child, we had very little money. In fact, I remember walking with my father in our Brooklyn neighborhood and picking up old furniture that people had discarded on the street in order to furnish our home. Experiences like this helped me develop a deep sense of perseverance, grit and taught me to be hungry.
Resilience is also a key factor that I believe is important to anyone’s success. It’s cliche, but it’s not about how many times you fall down, it’s about how many times you get back up. I believe if you work hard and keep knocking on many doors, eventually one will open. In fact, resilience is a core value of ours at SecurityScorecard, and we often share examples of colleagues who display great examples of resilience — among other core values — at our weekly all-hands meeting. It is necessary to be resilient in order to be successful because there will always be obstacles and challenges on the journey to success.
What are your “5 Things I Wish Someone Told Me Before I Became CEO”? Please share a story or example for each.
- Culture is Incredibly Important: Before I started my own company, I truly thought having a “company culture” was not that important. I was wrong. Once I became CEO, identifying what our company culture was and communicating it meant that it permeated through every aspect of the company: from the people we hire, how we retain talent, what we encourage and discourage, and most importantly, developing an environment that rewards good behavior and success. Ensuring that once the culture is defined that everyone buys in is also incredibly important. It’s the CEO’s job to make sure the company values aren’t just something written on the wall, but that they are implemented and become a core part of how people do business on your behalf. One example of SecurityScorecard’s culture is that we don’t have phones on people’s desks. We do this because we encourage people to talk to each other to solve problems, either by meeting face-to-face or with video calls. This is part of our culture and integral to the way we do business because we’re all about establishing lasting relationships.
- Different people for different stages: There’s an aphorism that is often quoted by CEO’s from an article by Ben Horowitz: “You either apply pressure or you feel pressure.” As a CEO who is also a co-founder, you usually start your company trying to do too many things. As you scale, you’re able to hire more people who have specialized experience, but if you continue to feel the pressure, it may be that one of your employees isn’t carrying the appropriate weight. It’s very important to set crystal clear expectations and hold people accountable if they do not meet them. Oftentimes, as your company grows, so will its needs. What you may have been able to get by without a year ago, becomes essential as you scale. Understand where those needs are as the company reaches different stages.
- It’s a marathon, not a sprint: As a CEO, there is a lot of pressure to not just succeed, but to beat your own records continuously. This is the way people get burned out. CEO’s should remember that they’re in this for the long haul and that if they tire themselves out in the beginning, they cannot finish what they’ve started. Pace yourself, take vacations to recharge and work out so you’re able to handle the physical demands of the job. It’s much better to do a few things well rather than do many things at half-capacity.
- It not just about the product, but about your go-to-market strategy: A lot of CEOs focus on perfecting their product, but having a solid go-to-market strategy is just as important. When you create a new market, you must educate potential customers about the value you provide; this takes both money and time. Creating a strategy that takes into account partnerships and alliances is crucial to success because these are additional ways to reach more customers that require upfront resources but pays dividends in the long run.
- All about the metrics: There is no one set of metrics that works for every CEO. Each person needs to figure out what matters the most, clarify them and then ensure that everyone on their team is reporting to the same metrics. Having fewer metrics that are highly targeted is far better than having many metrics. We use weekly stand-ups with my entire executive team where we review progress on company OKRs. This helps drive precision and focus.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
Prioritize. There is no possible way for one person to do everything needed to make a company succeed, so a CEO must figure out what is the most important thing that he or she can work on that will move the needle the most. For example, I religiously protect my mornings. I start every day in a coffee shop and make a list of what I need to get done. That list is limited to only the most important things on my plate and if I’m able to accomplish at least one of those important things, I know I’ve used my day well. A CEO must be ruthless about where and how they spend their time, otherwise, they will burn out. Taking care of your physical and mental well being is also incredibly important to making sure burnout doesn’t happen. I dedicate five weeks out of the year to vacation — time spent with my family, away from work so that I can recharge and come back fully present. I also ensure that I feel physically fit by working out every day so that I don’t feel sluggish and am alert.
None of us are able to achieve success without some help along the way. Is there a particular person who you are grateful towards who helped get you to where you are? Can you share a story?
I’m indebted to my incredible wife Kira. If she didn’t encourage me to take a risk and start SecurityScorecard, I would never have been able to do it. Her support has been instrumental and she’s always provided a rational sounding board for anything I’m struggling with professionally, whether that’s a business strategy, finance, or anything else. She is my most trusted confidante and her candid feedback means I can get a true gut check on any issue. She also has enabled me to spend so much mental energy on the company by focusing her efforts on being the CEO of our home and being an incredible mother to our two kids, which I am forever grateful to her for.
What are some of the goals you still have and are working to accomplish, both personally and professionally?
Professionally: I think we are only at the beginning of SecurityScorecard’s mission. We envision a world where millions of companies use the SecurityScorecard Ratings to report to boards, audit committees, and more to ensure they understand their vulnerabilities and how to act on them. We created a market that didn’t exist before and think there’s a large market for boards to use our scores to understand how safe and secure they are.
Personally: As I mentioned previously, it’s important to have interests outside of work and one of mine is playing tennis. I’d like to become a better tennis player because I find it challenging, fun, and a great way to stay healthy.
What do you hope to leave as your lasting legacy?
I’d like to look back at SecurityScorecard and say that we created a great, innovative company that changed how companies throughout the world measure and understand security.
Additionally, I’d like to see many SecurityScorecard alumni who have since gone on to become founders, CEOs and entrepreneurs of their own companies in New York. I encourage every person at our company to think big, find what makes them passionate, and go after it — and I want to see NYC become the center of an entrepreneurial ecosystem even more than it is now.
How can our readers follow you on social media?