No-Nonsense | Featuring Marten Mickos, CEO of HackerOne

Following the 2019 Core Summit, we’re releasing “No-Nonsense,” a content series featuring no-nonsense advice on the not so obvious paths to success. This week we dive in with Marten Mickos, CEO of HackerOne.

In this piece, we chatted with Marten Mickos about leadership, open source, the new perception of hacking, and his uncanny ability to all but guarantee unbelievable business growth.

In 2015, Mickos became CEO of HackerOne, a hacker-powered security platform helping organizations find and fix critical vulnerabilities before they can be criminally exploited.

Mickos has served as a CEO three times (CEO of MySQL, Eucalyptus Systems, and now HackerOne) and has a particular love for leadership. He even started his own leadership blog, School of Herring – named for the United States’ working person’s fascination with “the big fish” in various industries (as well as admittedly being partial to the importance of fish in his Scandanavian culture).

Marten Mickos also joined us for the Underscore Core Summit, where he gave a lightning talk on the future of security. You can watch the full talk below:

At HackerOne, do you have a North Star?

Our mission is to empower the world to build a safer internet, and it’s no accident that we say “empower” the world. We’re not making the world safer, but we are empowering others to make it safer.

Marten, do you have a mantra that drives your company forward?

We certainly do – it’s “ask hackers to help us.”

We want to enact change and reach the state where our digital civilization is secure and can be trusted. We know organizations need help with this in their own security realm, so that’s where our platform with half a million hackers comes in.

Some look at the term “hacker” with skepticism or even fear, but we see hackers as those who creatively look to overcome limitations. We collect them in our community and give them a way to express themselves and contribute to customers.

Do you have any leadership principles that you live by as CEO?

I’m extremely passionate about leadership. Predominantly, I’m intrigued by managing oneself, since I believe every act of leadership starts with leading yourself. You can’t lead or set demands for other people if you’re not doing that for yourself. In that sense, everything starts with the self and reflecting on who you really are.

Marten, have you faced any moral dilemmas in this role?

We had one situation where a company with controversial business practices said that they are signing up with us, and we got a lot of hate mail asking why we were working with them.

The company wasn’t operating illegally, so we had to ask: should we choose to serve them, or should we refuse because we don’t agree with their moral stance? If we did the latter, how would we draw a line in other cases?

After a lot of discussions, we came up with a solution and wrote it in a public blog, because we believe in transparency. Some people didn’t like it, but we are trying to be the doctor, not the judge. Our job is to be helpful in building a safer internet, because – no matter who you are – if the software is secure, it’s better for everybody.

Are there any trends relating to crowdsourcing security that you’re seeing?

The trend we’re seeing is similar to what the open source software world saw 15 years ago. The early users of it said, “This is amazing. We should all be doing it!” But the world at large was still unsure about what open source could be. Today, if you don’t use open source software, you’re frankly considered stupid.

Crowdsourcing security is new for most. People grew up thinking that you get more secure by buying another firewall. But now, you get more secure by inviting hackers to help.

Growing your business at HackerOne, do you have a personal favorite story?

My greatest stories are with hackers. It’s so touching and moving when you hear their stories. We sort of have a mirror mission of making sure the young generation that understands computers gets a good outlet for their skills.

When I talk to hackers, they thank me and the company. People who have never had a home of their own or struggle to pay off college now can afford these things with money they make off of bug bounties. I’m moved to tears when I hear that because they (and I) realize that it’s changing their whole lives.

Has working with half a million hackers taught you anything about human motivation?

Money certainly plays a central role for our hackers and it enables this whole business, but yet, everyone who hacks on HackerOne has other motivations as well.

We’ve learned that the business won’t work without money in the model, but it also won’t work without the goodwill. Hackers tell us they want to help the world, show their skills, meet other intelligent people, and learn more. These are very noble motivations.

What attributes do you look for in founders?

There are three attributes to hone in on. In order, they are coach-ability, tenacity, and believing in people.

The character of being coachable is the clearest indicator of long-term success. You can (and will) fail many times, but if you’re coachable, you will ultimately win. Since you’ll likely fail many times, you need tenacity. If you don’t have that, you won’t succeed.

Lastly is believing in people. To build a really great business, you must hire really great people. The human being is the most extraordinary thing ever, and you cannot build a successful business unless you think that people are amazing.

Marten, are there any experiences early on that you wish you could have avoided, but in hindsight realize, “Hey, it shaped me?”

All negative experiences are like that, but you have to learn to accept yourself to be successful. You also learn to reinterpret your history so that everything seems absolutely vital.

For example, I ran a company before this that – for two years – was completely in the valley of death and not going anywhere. We didn’t give up. We kept going, got it in great shape, and had a fantastic outcome. But there was a time when we could (and probably should) have given up.

But I refuse to turn my back on the experience. It built my resolve. It tested my tenacity. It proved my loyalty to my team, and I came out of it better equipped for more success.

But somebody who saw it could say, “Martin, don’t you remember how bad it was? You should have left it!” They may be sort of rationally correct, but not practically. It was essential. If I hadn’t gone through that, I wouldn’t be able to do what I do now.

Were there things earlier in your career that you found yourself wasting time on?

Everything, of course. I didn’t think about my career early on. I didn’t graduate from university for many, many years. I didn’t become a CEO until I was 39, which in the startup world is pretty late.

The truth is, when you look at successful people, most are successful in something they initially were bad at. Some of the best business people weren’t born that way. They were born as regular babies and then they slowly learned and turned it into mastery and became brilliant at it.

In business, is anything non-negotiable for you?

Few things are non-negotiable, but one would be our company values.

As I mentioned earlier, we have some customers who don’t always have the best intentions in our eyes, but through our values, we get them in the right direction. We nudge them and show them the good sides, and after some time, they say, “Okay, now we get it.”

What’s the greatest piece of advice that you’ve received, and who did it come from?

A mentor in Sweden got me to think differently. Whenever we had a problem, he would say, “Hmm, is it possible to think about this situation in the opposite way? To look at it 180 degrees differently?”

He had this amazing ability to flip problems around, explore them, realize new approaches, and then go back and apply them to the real situation.

Whenever I’m stumped, I ask myself, “What if this isn’t the problem, but an opportunity?” It truly helps in figuring out what to do next.

Are there any predictions that you want to make in your space?

In the era of cybersecurity, systems are improving. But as they get better, damages will get worse. We probably have another ten years of seriously bad breaches until breaches start reducing, so if you thought you had seen the worst in terms of cyber threat, you haven’t.

But the ship is already turning. We’re already designing software to handle this in a better way. Still, it will take us years to roll the improvements out, so I’m pessimistic for the short term, but I’m optimistic for the long term.

– – – – – – –

Like what you heard from Marten Mickos? Dig into last week’s No-Nonsense advice from Sanjay Poonen, COO of VMware!