Few executives have fought in the open source trenches like Mårten Mickos. In 2001, long before open source products enjoyed the widespread deployment they do today, Mickos led MySQL to prominence, enterprise acceptance, and, ultimately, acquisition by Sun Microsystems in 2008. The native of Finland then picked up the CEO mantle at open source-and-paid cloud environment developer Eucalyptus and ushered it forward to a 2014 purchase by HP.
Now CEO of Benchmark- and Benioff-backed HackerOne, Mickos is ready to leap some of the same evangelistic hurdles of confidence, trust, adoption, and growth at the whitehat hacker-powered security solution that he leaped as an open source pioneer.
M.R. Rangaswami: Just fifteen years ago, many enterprises were afraid of open source. Even some software companies still shied away. Today, open source enjoys wide acceptance across all industries. What happened to reassure buyers of the developmental advantages and software makers of the business viability of open source products?
Mårten Mickos: All revolutionary shifts in industry start with big amounts of skepticism among those who are formally in charge. In some ways, it is the good feeling of “the old” that creates the reluctance to adopt “the new.” In the early 2000s, traditional companies lived in a closed-source, client/server mindset. Smart organizations embraced the web and open source. They built amazing software systems to catapult their businesses forward.
You could list any number of objections that customers raised along the way trying not to adopt open source. But the main point is undeniable: Open source software serves customer needs better than closed-source software. The reasons for this lie in the collaborative model and the meritocracy of the product roadmap.
Over time, everyone had to accept the fact that open source software was superior – and radically less expensive – to closed-source products. It was a major shift that, for a long time, did not seem to happen, but when it finally happened, the shift swept the entire world.
But the reality is that “open source” is not a business model; It is a software production model. The benefits of open source software attracted fast adoption, which caused a few business models to emerge to capture the business value. One of the first business models for open source software was dual licensing: Selling a commercial license (for the same software) to those who needed one. The next major business model that emerged was the subscription model that Red Hat pioneered: You don’t pay for the software; you pay to make it convenient for yourself to deploy the software.
Now we see a third major model in the open source market: Selling open source software as a cloud service. Amazon Relational Database Service (based on MySQL, Postgres, and other technologies) has most likely earned more revenue than any other open source database to date.
Today, we see a trend in cybersecurity that looks very much like the open source revolution. Old security products are proprietary and insufficient; new products are open and collaborative. Hacker-powered security (i.e. vulnerability disclosure and bug bounty programs) is revolutionizing the security space in a way similar to how open source revolutionized software.
M.R.: You’re a successful, serial CEO. Do you feel managing an open source company is different from managing a cloud or traditional software company?
Mårten: When you are the CEO of a growth company, you have to lead. What I mean by that is that you have to dive in at the deep end and go “all in.” You have to lead from the front. You need to learn more every day, and you need to stake out a path for the company. Oftentimes, the CEO must take the company to a place it otherwise would not have had the courage to go to.
I am a believer in value-based leadership. In every decision, we try to employ our values. As CEO, I help set the culture and the long-term goal, and then I try to empower the team to execute and make sure we reach our goals. I build teams that build businesses.
Managing an open and collaborative company is different from managing a traditional company. You have to be ready to be transparent about nearly everything. You must take your ego out of the equation and just focus on enabling and empowering the community around you.
At HackerOne, we have about 100 employees. But the community is much larger. It consists of 1,000 customer organizations and more than 100,000 whitehat hackers. I am, of course, the CEO of just the employees of HackerOne, but I see my role more broadly. I have a sense of duty and a mandate to help our customers make their systems more secure and help our hackers along their path to a mastery of bug hunting.
When you work with a community of highly intelligent and self-driven people, you must start by realizing that you cannot manage them. They are individual actors and they make their own decisions. Your role is to empower them to reach the success they are visualizing for themselves.
So, as I said earlier, you start with values. We talk a lot about hackers and hacking and the philosophy behind ethical hacking. We figure out motivations and we try to build a system that rewards the good deeds and discourages behavior that is not in line with the mission. Just like our hackers are trying to understand the inner workings of software systems, we at HackerOne are trying to understand the inner workings of hackers. If we have empathy and understanding of their motivations, we can establish a model that will allow them to reach success.
On the customer side, we spend a lot of time educating people and removing doubts and concerns. Our model is new and powerful, and customers will want to become comfortable with how it works. The fact that we already have helped other customers find and fix 57,000 vulnerabilities is evidence that the model works beautifully. Having a stamp of approval from the Pentagon also helps. In a way, the decision-making journey for our customers is similar to what we saw 10-15 years ago with open source software: Everyone agreed that the benefits were overwhelmingly positive, so all we had to do was show that the possible downsides did not practically exist.
M.R.: What experience in your upbringing shaped you as a future CEO?
Mårten: I would say that joining the scouting movement as a teenager in Finland was what put me on a leadership track – but I did not know it at the time. In fact, I had little awareness of leadership. I just took responsibility for things, and soon I was leading groups of people. Later in life, I did my military service, and again I was put in leadership roles. I received my next phase of leadership learning during my time at university. Even though I would not become CEO for another 10 years, the foundation was laid for my career as a business leader.
To stay in the lead, I’ve found that executives, like all human beings, need restorative time for themselves. So I find it makes sense to take breaks from work and do something simple: Go out for a walk, hike, bike ride, or do absolutely nothing and just relax. Then, for some hobby or personal endeavor, you can find the energy to do something out of this world and entirely extravagant. I have come to realize that the big things in life – like work – need simple solutions and the small things in life – like hobbies – are where a complex solution may be more appropriate.