In the space of two months, email security firm Egress announced two high-profile appointments. In September, Steven Malone started work as its VP of product management, and in November, Matt Biggin became its VP of engineering. Interestingly, both Malone and Biggin joined from publicly-listed cyber giant Mimecast, where they each enjoyed prominent roles over a number of years.
To find out more about their decision to move from a large, well-established vendor to a more focused, albeit rapidly growing company, Infosecurity recently caught up with Malone and Biggin. We also discussed the pair’s ambitions for the future and how to deal with evolving cyber-threats in the future.
Biggin began by emphasizing the enormous opportunities Mimecast afforded him since he started working there in 2017, finding it “an incredible place to work.” However, around nine months ago, he decided he needed to lead an engineering department for his career to progress in the manner he wanted. Biggin recognized this couldn’t be achieved at Mimecast, and “then I started talking to the Egress founders and got very excited by the opportunities that presented themselves here, the journey they’ve been on and what their plans are.”
In Malone’s case, who worked at Mimecast for eight years, the rationale behind the move was different. “I joined Egress because of the huge shift in the dynamics of the email security market,” he explained. This shift has been driven by the growth in Microsoft 365 uptake, which Malone believes is “not a product anymore, it’s a movement.” He expects vendors like Egress, who provide new approaches to securing email, to thrive in this landscape. Egress, he said, has the edge of having both inbound and outbound security capabilities, “and that’s quite unusual in the market we’re in.”
Malone therefore believes he has joined Egress at the “perfect time.” He explained: “I want to drive that maturation in the product team and innovation in our products, ultimately to help the business scale and expand globally.”
So, what differences have the pair found working in a smaller organization?
"I joined Egress because of the huge shift in the dynamics of the email security market"Steven Malone
In Malone’s view, while cybersecurity is a sector that large companies have traditionally dominated, “there are interesting smaller vendors that are doing things differently and are driving these shifts in the market.” Ultimately, all players in the cybersecurity ecosystem are motivated to help customers and society at large stay secure, and the movement of personnel among different companies can play a big part in that aim. “That’s one of the great things about working in infosecurity – it’s an ecosystem that people can move around in and that benefits businesses and customers because of that innovation we’re able to drive,” he outlined.
In Biggin’s experience, “trying to get things done in Mimecast took a certain level of knowledge of how their systems work” compared to Egress. However, he believes the most important determinant of innovation is the make-up of individual teams rather than organizations. “It’s all about those teams and how they gel,” he commented. “It’s also about what you do to bring those people together to understand the mission they’re on so they get their objectives right.”
Therefore, developing the right team dynamic is a huge motivator for Biggin in his new position as VP of engineering. He emphasized that software engineering is very much a team sport, “bringing people together to create innovative products and make customers happy.” This is something he gets a “massive kick out of.” In his leadership role at Egress, “my goal is to create an engineering department full of leaders – people who know exactly what they’re doing, who want to drive forward.”
To achieve this aim, Biggin wants to move away from the traditional ‘command and control’ approach to leadership, in which staff are expected to follow instructions without question. “If you put a leader in charge of an engineering department who has to know everything to make the right decisions, they will fail because it doesn’t create people who think for themselves,” he explained. Instead, he subscribes to the ‘servant’ leadership model, which aims to put the needs of employees first and help them develop and fulfill their potential. “For me, that’s how we’ll grow in the future, how we’ll grow a group of people who understand our mission,” Biggin added.
With cyber-attacks surging since the COVID-19 crisis, including those targeting emails, what trends do the pair expect to see over the coming months and years?
Malone observed that during the shift to remote working, “attackers are not having to try too hard to innovate because the things they’re doing are still working.” This includes methods like phishing, business email compromise (BEC) and ransomware (in which email is still commonly used as the point of entry). As such, “attackers are just fine-tuning what they’re doing – making use of those same attack vectors.”
"My goal is to create an engineering department full of leaders - people who know exactly what they're doing, who want to drive forward"Matt Biggin
The most significant shift he is seeing is the risk posed by global supply chains, as highlighted by large-scale incidents like SolarWinds and Kaseya. “It’s becoming more clear the supply chain is probably your least trusted chain of communication, and organizations definitely need to look at the protection they have there,” said Malone. He hopes growing recognition of this risk will drive the concept of zero trust. However, he warned this requires a multi-faceted approach, with security products only part of the journey. “Vendors need to be mindful of the fact they form part of a customer’s zero trust strategy – they cannot solve the zero trust problem in isolation,” commented Malone.
In Biggin’s view, a continuous evolution of cybersecurity techniques and solutions is required to keep up with the increasingly dangerous threat landscape. “There has to be a relentless focus on efficacy; we need to look at our services to determine whether what works six months ago still works now,” he outlined, adding: “We will be looking at bringing the appropriate technologies to bear to solve these problems rather than rely on what worked in the past.”
Malone’s and Biggin’s recent moves from Mimecast to Egress highlight the importance of sharing experiences and knowledge in driving progress in the cybersecurity sector. Speaking to the pair shows how insights taken from one environment can offer new opportunities in another and enable that motivation among industry professionals to try to make a real difference to a sector that must evolve quickly to succeed.