This was originally posted on the TrueBit Cyber Partners Blog.

When a buzzy, high profile technology company, like Norse, collapses, us industry analysts are compelled to seek a deeper meaning.  What does this collapse signal? What lessons can we learn? Is cybersecurity doomed?

Norse’s implosion is a fascinating tale, with many lessons to learn. However, the haunting question is, why are we still learning some of these lessons?

norse-hacking-map

For background, there are ample stories about the Norse implosion: Kreb’s Blog and Forbes and SC Magazine. Personally, I enjoyed Robert Graham’s commentary at Errata’s blog.

However, it is a story from The Register that offers the best insight into Norse’s failure. In the story, Norse’s colorful CEO Sam Glines blames the media and then ultimately his own co-workers for the company’s collapse. He claims blog posts and media stories scared away customers. There are also accounts of employees showing some damning disrespect for Norse’s leadership. What this story (and others) show is that Norse’s fundamental problem was not a bad product, weak marketing, or lack of funding, but rather their terrible leadership, namely Glines.

The Cyber-Reckoning

A good leader would never blame others (especially the media) for the company’s failures. Real leaders take responsibility, even if they are not entirely at fault.  Glines had all the markings of a self-absorbed, self-indulgent leader who put his needs ahead of everybody else’s.  You do not need an MBA from Harvard to know that bad leadership begets bad companies and weak products.

So, how did Gline’s weak leadership go ignored for so long?  Why did the investors overlook this? Where was the accountability?

The reason for people like Glines is rather simple: booms breed bullshitters. The cybersecurity boom has created a huckster-rich environment where the loudest and most self absorbed ringmasters get most of the attention. The same conditions existed during the dot.com and mortgage boom. When an industry is hot, it is easy for hucksters to take advantage of the irrational exuberance and ample availability of capital to enrich themselves. While hucksters rarely survive for long, they do not need longevity to make a profound impact on a company.  People like Glines flame out fast and are quick to blame others before they move on to the next snake oil big data enterprise.

Norse is the the beginning of the great cyber-reckoning that many of us have anticipated. Glines was the first, but will not be the last cybersecurity huckster who will fall to the sword of reality.

How do investors avoid this? The first step is to integrate an assessment of leadership skill and leadership personalities into the due diligence phase of any investment.

Calming Down the Bankers

Last year, I worked on a large acquisition that was extremely technical, involved multiple product lines, diverse development teams, and conflicting agendas between parties. Like many large, complex acquisitions there was immense tension between the investment bankers and the acquiring firm.  Toward the end of the due diligence work, our discussions turned to discuss the target company’s leadership.

What followed was long conversation about leadership, vision, and ability to inspire development teams.  This analysis altered how both sides viewed the acquisition.  In some ways, it alleviated concerns while also identifying potential challenges they had not considered.  This also allowed the investment bankers to seek a more equitable arrangement among interested parties. The end result was a very successful acquisition.

The Cult of Palo Alto Networks

Leadership is a sorely lacking skill in cybersecurity. There are too many leaders with no leadership ability. Glines is a timely example of this problem.  While assessing the leadership skill of a CEO is one aspect of due diligence, the other is the personality balance of the entire leadership team.

A good leadership team can make a significant difference in whether a company will be the next Norse, or the next Palo Alto Networks (PANW).  Palo Alto is an excellent case study in what a great leadership team can accomplish.

palo alto networks

Over the past eight years, PANW has risen from a puny start-up to a dominant force in cybersecurity. PANW’s technologies, while capable, are not revolutionary.  What PANW revolutionized was messaging. However, this messaging did not spontaneously generate.  It took a uniquely balanced leadership team to invent and evangelize the Palo Alto Networks message. Specifically, the balance between CEO Mark McLaughlin and CTO Nir Zuk is what makes PANW great .

In 2012, I wrote a blog entry, The Cult of Palo Alto Networks, that was critical of PANW’s technology. After I published the blog, Mark McLaughlin called me and challenged my assumptions, without insulting or attacking me.  I was impressed at how cool, respectful, and reasonable McLaughlin was.  In contrast, a weak leader, like Glines, would have just attacked and dismissed me.

A few weeks later, I saw Nir Zuk speak at event.  I was impressed with his limitless passion for PANW and their vision for security.  On one hand, you have Nir Zuk’s infectious zeal and on the other Mark McLaughlin’s cool-headed rationality. This is PANW’s secret sauce.

Unlike Norse, PANW has extremely tight alignment of their message from the board room to the break room.  Whether you are listening to a quarterly earnings call with McLaughlin or one of PANW’s sales people at a conference, you hear the exact same message. PANW is a kind of cult. However, this cultishness breeds unwavering loyalty among their employees (and customers), which translates into outstanding marketing, sales, and products.  Conversely, at Norse it is clear that the message from Glines and the message from his employees not only different, they were outright antagonistic.

Cybersecurity needs more Mark/Nir combos, and the only way we can get there is to purge the Sam Glines of the world into the effluent.  This begins with the investors and buyers integrating leadership analysis into due diligence.  Companies are more than just product roadmaps and financial statements, they are tribes with leaders.  When people are unified under strong leadership with a compelling and cohesive vision and mission, they will build great products and deliver robust sales.  Conversely, if a company has a self-indulgent jerk at the helm who impulsively purses whatever earns him praise, then no amount of eye-candy can save them.

Conclusion

There will be more implosions like Norse.  This is ultimately a good thing.  Irrational exuberance is fun for a while.  But the party has to end sometime, and the adults need to be in charge again.

The message for investors is do not overlook leadership skill or teams.  They are the essence of what makes a company successful (or unsuccessful).  Glines doomed Norse.  Had the investors replaced him sooner, Norse may have become the next cult.

Share This
%d bloggers like this: