Sign up for my newsletter to see more interviews with the biggest names in cybersecurity.

This week I got to talk to Marcin Kleczynski, the founder and CEO of Malwarebytes. Marcin has a fascinating story. Marcin was a senior in high school working as a technician in a computer-repair shop back in 2004 when his own computer was infected with a virus. He tried Symantec and McAfee but none of the traditional antivirus software tools could remove the virus. Marcin found an online forum of people with similar issues and after his computer was fixed he started fooling around creating products to stop the malware that traditional antivirus products couldn’t stop. Thus Malwarebytes was born! Check out the awesome interview below.

You’ve mentioned that Malwarebytes is designed to prevent the zero-day threats that traditional antivirus software can’t stop. How is your product able to succeed where large, well-capitalized security companies have failed?

This is a question that comes up often. I think our agility and “smallness” has played such a key role. We were able to focus on zero-day threats while the competitors tried to do it all. When you have focus on the one thing you’re going to do really, really well, it sets you up for success.

In that same article several years ago, you mentioned that layered security (“Having multiple scanning engines from different companies, where each company can be accountable for some aspect of protection”) was the way of the future. Has anything changed since you said that? Do you think we’ll see consolidation along those lines?

I actually think that after 8 years, this is now truer than ever. When I speak with CISO’s of large enterprises, they tell me they have 9-10 solutions in place for security. Many even have several engines on the endpoint. The days of an organization or an individual trusting one vendor for everything are over. I firmly believe layered security is still the future.

Malwarebytes first offered a consumer product and several years ago released an enterprise version. Nowadays everyone is talking about the consumerization of the enterprise–has that played to your advantage in gaining traction from enterprises?

Only slightly. It’s hard to get visibility into who is purchasing a consumer license for use on a device that also comes to work. We sell to a lot of organizations who ask us to provide free access to a consumer version for that reason. On the whole, I think this will only continue to help us.

In 2008 you released the first version of the product, but you did not raise any funding until 2014 when you raised $30mm in growth equity from Highland. You talk a little bit about this here, but what made you finally decide to raise funding? What do you think stuck out about your company that caused Highland to give you $30mm without any coinvestors?

There were many reasons but the biggest was stability and professional management, whatever that might mean to you! We were rookies when it came to building a business and finally we had something that was exploding and I think there was a bit of fear of screwing it up. Highland thought we had a stellar brand and I don’t think we could have picked better partners.

The News:

Cybersecurity Firm Rapid7 Files For $80 Million IPO

• You might remember that I interviewed Rapid7’s cofounder Alan Mathews several weeks ago.
• The firm had $23.6mm in Q1 revenue–up 40% YoY.

Menlo Security Emerges From Stealth With $25M Round

• The round was led by Sutter Hill with participation from General Catalyst.

OPM Data Breach: What You Need to Know

• Last week the federal government announced that Chinese hackers had penetrated its computer systems. Affecting an estimated 4 million current and former government employees, this may have been the “largest breach to ever impact government computers.” The motives behind the hack are still unclear.
• Also see Hackers Likely Stole Security-Clearance Information During Breach of Government Agency and Data hacked from U.S. government dates back to 1985

Wired: Why The OPM Breach Is Such a Security and Privacy Debacle

• The breach took four months to discover, and was only discovered when a cybersecurity firm came in to demo its product!
• It’s possible that the impact of the breach is far greater than initially anticipated (possibly affect up to 14 million–not 4 million–people).
• In addition to personal information such as social security information, hackers may have accessed employee background checks–sensitive information that could be used for bribery and extortion.

Security Firm Kaspersky Labs Discovered a Nation-State Attack–In its own Network

• The hackers were trying to figure out how Kaspersky’s software works so that they could create malware to avoid detection.