Sign up for my newsletter to see more interviews with the biggest names in cybersecurity.

This week I was lucky enough to speak to CJ Radford, the VP of Cloud at Vormetric–a cloud, data security company. In news this week, the Congress moves forward with its cybersecurity bill which critics say is more of a “surveillance bill.”

Enjoy!

C.J. Radford is VP of Cloud at Vormetric Data Security–a $50mm/year data security company that has raised $48mm in venture capital to help companies protect their data in private, public and hybrid cloud environments. Before Vormetric, CJ worked at Symantec for five years and also worked in private equity and investment banking.

You worked in private equity and banking, why did you make the switch to working at operating companies in the security space?

• After working in banking and private equity for a few years, I came to the conclusion that to become a really great investor, I would need some operating experience under my belt. Having served on boards of companies, I really believe that you’re not very insightful as a board member unless you’ve spent time in an operating role. Eventually I’d like to go back to investing.

Why did you move to Vormetric from Symantec?

• There are a lot of differences between an established player like Symantec and a relatively small and lean company like Vormetric. Because Symantec is so big, they are very slow moving and so reliant on old technologies and I didn’t think they had the ability to capture market opportunities. We’re a $50mm business with 470 employees and there are just 6 of us who really run the business–we’re able to make a lot of decisions really quickly.

Vormetric protects company data in the cloud so you’re on the front lines of the cloud storage trend. Are companies moving data to the public cloud as quickly as TechCrunch wants us to believe?

• Companies are realizing that there’s a lot of value of being highly virtualized and so we’re definitely seeing widespread cloud adoption but we see that trend more towards a hybrid public/private cloud environment. This will be the predominant state for the next 5-10 years. There will always be things that never leave the four walls of a data center. Think Coca Cola’s secret recipe.

There are lots of cloud data security companies out there, how do you differentiate yourselves at Vormetric?

• Whenever a company moves servers to the cloud (public, private or hybrid), we protect the workloads in those servers. One point of differentiation is the breadth of supported operating systems–this forces us to update our software whenever an operating system gets an update but it’s worth it.

• Our second big differentiator is that our platform is highly architecturally friendly. As a data security manager you can run your servers on premise or in the cloud, it doesn’t matter. The differentiation there is that you as the end customer have complete ownership over the keys to your data. The keys are not stored with us, nor with any other cloud provider. This provides one less point of vulnerability.

You guys raised a Series E in 2013 from Sigma, JK&B, Vanguard and a few others. How did you choose these investors?

• We chose these investors based purely on whoever gave us the best valuation. This might be bad to say because I hope to get back into investing at some point, but I think VC money is largely a commodity for an established business like ours.

Is there no way that they can add value? Have your VCs not added any value?

• We took a round in July of 2013 and it’s really too early to tell whether these VCs will really be able to add a lot of value. In general VCs add value as being a sounding board. They see a lot of playbooks from other companies and thus they have a bird’s eye view of what’s working and what isn’t.

News:

Growing Cybersecurity IPO Pipeline

• Rapid7, LogRhythm and Mimecast all plan to go public this year and expect valuations north of $1bn.

Meet the Cybersecurity Company Helping Sony Fend Off Hackers

• Inc.com profile of FireEye. FireEye tripled its revenue in 2014 but still remains unprofitable.

Calculating The Colossal Cost of A Data Breach

• Great article that looks into the actual costs of a cyber attack including resulting churn, lawsuits and disruption which can end up costing far beyond the average of $200 per record stolen.

Android Releases On-Body Unlock Function

• On-body unlock keeps your phone unlocked as long as it’s on your person. The measure aims to improve security amongst those who leave their phone unlocked.

Half of all Android devices vulnerable to installer hijacking attacks

• More potential for pre-loaded malware on Android. Use Palo Alto Network’s free vulnerability scanner to check the status of your phone.

Lookingglass Raises a $20mm Series B

• The round was led by Neuberger Berman. Lookingglass gathers and analyzes threat intelligence. I’ve asked the CEO if I can interview him for the newsletter.

Fear of Cyber Attacks is Increasing amongst Banks

• 80% of respondents said that cyber attacks are a “top concern.” The same survey showed just 50% a year ago.

How smartphone users are making silly and unsafe choices

• 34% of users don’t set a pin code and 35% download apps from unofficial marketplaces.

House intel leaders unveil cyber-security bill

• The bill aims to facilitate information sharing between private companies and the federal government. The most recent version includes strengthened privacy provisions and states that individuals whose privacy has been violated can sue the government for damages.

What Cyberattack Would The New Cybersecurity Bill Have Stopped?

• “The only Senator who voted against it was… Senator Wyden, of course, who pointed out that this bill is ‘not a cybersecurity bill – it’s a surveillance bill by another name.’”