Sophos encourages a culture that thrives on the “constant battle” of one-upping cyber criminals to boost innovation amongst developers, Sophos’ CEO told Techworld this week.

The security software firm has “hundreds and hundreds” of staff working to counteract the increasing malware and network intrusion threats to enterprise, CEO Kris Hagerman said. VC firm Truffle Capital recently revealed that the company employed 550 R&D employees in 2013 in the UK.

Sophos' developers are encouraged to go to battle with cyber criminals to improve software ©Rayi Christian Wackoo
Sophos' developers are encouraged to go to battle with cyber criminals to improve software ©Rayi Christian Wackoo

He said: “The security industry will come up with a new approach to make enterprises safer, and then some hackers and nation states will innovate around it and come up with brand new threats, then the industry will respond and try to one-up the advances. It is relentless on both sides.”

To stimulate a culture of ethical hacking, to ensure Sophos’ software is ahead of the criminals, Sophos encourages a sense of war amongst its team.

Hagerman said: “It is sort of an adrenaline-creating exercise to stay on top of this stuff. You really feel like you are going to battle with a very well-funded, competent, aggressive opponent so there is a sort of a race, or a battle element to it, and our team members get a real charge out of that.”

But Sophos is also working on “scaling up” the impact of its developers with automated tools and algorithms to not just react, but predict malware traps.

“We need to not just catch what has been created today but create traps and triggers and ways for products to work together to go a step ahead.”

Hagerman admits that moral hazards among security developers such as temptations and dangers is a pitfall of the industry; so retaining talent and encouraging innovation is imperative to Sophos' success.

“The team we assemble are people who could easily have taken, or easily take their skills and do nefarious things with them. But instead they have chosen to get on the bright side and do good things.

He added: “The team themselves are immensely proud of the work they are doing.”

Sophos offers a clear career progression for the technical track, to ensure that its IT talent does not become complacent.

“Allowing employees to work on tools and algorithms that have a broader applicability as opposed to ‘whack-a-mole’ both requires creativity and organisational design…If they [staff] are good at it - continue to give them more opportunity to flex their muscles and do the best work of their careers.”

What makes the security industry unique?

Hagerman uses shampoo as an analogy to describe the particular challenges of working in the security software industry, and the industry as a business model.

“You have other competitive vendors who are trying to sell their product. There are a finite number of those all trying to tell you why their shampoo is better than yours.

“But I can’t think of another industry where, at the same time you are trying to demonstrate that your shampoo is better than theirs, there is an even better funded, much larger group who is trying to get end-users to use something that looks like your shampoo, but that makes your hair fall out.

“And that takes a special kind of organisation - and a special kind of person - because you have to be motivated by that daily battle with this very global, murky adversary.”

Read more

'Businesses don't have the luxury of hiding behind breaches anymore', says Sophos

Image credit: Rayi Christian Wackoo