How did you get into computer security?
I started using the Internet when I was young—in the early 1990s, before I was a teenager. I was drawn to security for two main reasons: First, I was interested in how individuals could stand up to large groups, even nation states, using mathematics. Also, learning about computer security meant I was able to subvert security systems, and this gave me access to things I wasn’t supposed to see. I never used my skills to harm anyone, I just thought it was fun to get an account on a supercomputer and things like that.
Do you have any advice for younger people getting into the field?
The best way to learn about computer security, as with most technology, is to get hands-on experience. Once you have some practical experience and have decided that you’re interested, then go back and learn the theory through formal education or certifications. If you use this approach, you have an intuitive understanding of how the different parts of the field are related and it is very powerful.
Probably one of the hardest problems for young people in this field is assessing how much you really know—once you understand the basics, you think you know everything, but there can be huge problems lurking just under the surface. I think it’s important to keep in mind that no matter how much you learn, there’s always something new—it’s a rapidly changing field. This fluidity means it is possible to become a relative expert on very specific things quite early in your career. The most important thing is to learn how to find information, perform experiments, and figure out how things work. Sometimes just being able to identify a problem by name is enough to solve it, since there’s a huge amount of academic, industrial, and hacker literature about most topics.
How do you feel about having your company acquired by CloudFlare?
I’m very happy! My main interest in starting CryptoSeal was to get Trusted Computing technology into commercial use. At CryptoSeal, we were working on using that technology for a general cloud computing solution, key management, and overlay networks. These are all fairly sophisticated, difficult to use applications, and not really directly usable by end users. I wanted to change that.
I think CloudFlare has done an amazing job of bringing high-end anti-DDoS, caching, firewalling, and filtering technology to a huge number of users, and by working with CloudFlare to incorporate Trusted Computing technology, I get to accomplish everything I wanted to do with CryptoSeal.
Also, CloudFlare has a really amazing team—people with cryptographic and protocol expertise, great network engineers, peering specialists, and one of the best support teams in the tech industry—so I’m really excited to be working with them.
What attracted you to CloudFlare in the first place?
I was first attracted to CloudFlare because I was a customer for three years, and I was always impressed with their service. They are a great service for startups, and through my interactions as a customer, I got to know some of the team.
As I looked further into CloudFlare I realized that they are solving some really difficult problems, especially now that they are operating at Internet scale—5% of web requests. Sometimes projects at CloudFlare require actually fixing the underlying infrastructure of the Internet, and the company is willing—and able—to invest the resources to make that happen.
The three founders, Matthew, Lee, and Michelle, are actively involved, and they’ve created CloudFlare to be a flat organization without unneeded bureaucracy and process. As a company, it’s a great place to be -- the hiring bar is really high, so all of your coworkers are brilliant and hard-working. Everyone is focused on doing the right thing for CloudFlare’s users, and for the Internet as a whole. (If you’re interested, we’re hiring. Check out our openings here).
Before CryptoSeal, what are some interesting projects you’ve worked on?
I’ve done a lot of different things. I worked on an early anonymous electronic cash system while living on a Caribbean island in the late 1990s. The electronic cash system didn’t work out, but we ended up building some useful cryptographic tools that we later used in other products.
My neighbors on the island, the guys who ran the “.ai” domain name, introduced me to Sean Hastings. After I left the Caribbean, Sean and I got together to figure out the best place to host content free of government interference, but we couldn’t find a country which would be good enough. At that point, we bought a book: “How to Start Your Own Country”, and soon after that we found this abandoned WW2 anti-aircraft fortress occupied by pirate radio guys called Sealand in the North Sea. It was exciting, but the costs to provide service were really high: diesel fuel, helicopters, boats, etc. So I eventually left and moved back to the US.
For a couple years, I worked on cryptographic software for payment systems companies and RFID/NFC payments for credit cards. When the Iraq War started, and I got in touch with some Iraqi expats who needed help setting up Internet in Iraq after the US intervention. I flew into Iraq on a civilian flight, and spent six months working with them on satellite and wireless networking for a variety of military, government, and commercial customers. Then, as the country got more dangerous, I moved onto a US military base in Iraq and spent the next six years doing defense contracting, primarily building satellite, cellular, and wireless networks for a diverse set of customers in Iraq, Afghanistan, Kuwait, and elsewhere.
After enough close calls with explosions and helicopters, and missing the Bay Area, I moved back to work on a more “conventional” tech startup—CryptoSeal—which was also a great adventure.
What’s different between being at a company versus your own startup?
Getting to focus on the parts of the company I really care about which are product and technology, and not having to constantly worry about administration, finance, etc. It’s more efficient, less stressful, and produces better results. Since CloudFlare has such a great team, I’m also really enjoying getting to learn from people across the company.