A conversation with Nick Owen on easing the use of two-factor authentication and how security creates value

Catalyst Conversations showcase the work, experience, and insights of inspiring professionals working to advance the security industry and those we serve

Passwords and authentication remain a sore spot for employees, security professionals, and companies alike. Exploring ways to help companies make the transition to stronger authentication is what fuels Nick Owen.

Along the way, he's gained experience, insight, and credibility across a number of areas in security. When asked about the focus on two-factor authentication, Nick explained, "If you look at the Verizon DBIR, replacing passwords with something stronger would force 80% of attacks to change. That's a huge impact."

In an effort to reduce complexity and increase adoption, Nick focused on making his solution easy to use -- for both users and administrators. He and his team invest a lot of time in the community answering questions and providing tutorials. They even authored an eGuide on how to add two-factor authentication the right way.

The aha moment for Nick came early in the history of the company. After pitching his solution to replace hardware tokens - for a substantial cost savings - the client's only concern was the risk of switching brands. Cost didn't matter.

That realization shifted focus from trying to replace hardware to save money to looking for companies new to two-factor authentication. Compliance initiatives helped drive interest with companies seeking new solutions where Nick was able to provide a competitive advantage.

When asked if cost ever factors in, Nick explained, "During the 'Great Recession', things changed. People started to realize that they were over-paying for hardware tokens. When they had to make cuts, vendors are always a focus. I think that is continuing now, but perhaps with more of a focus on needing to balance expenditures."

Making the case for stronger authentication combined with an extensive business background lead to a conversation about how security creates value.

Nick shared "three ways a company creates value:

  • Invest where the return is greater than the cost of capital
  • Divest where the return is less than the cost of capital
  • Increase the return on current capital."

When it comes to demonstrating the value of security, Nick suggests focusing on ways to "reduce costs and reduce the risks of operations."

He points out that a highly competitive, cut-throat technology industry means excessive margins don't last. His advice, "take advantage of that."

Equally powerful, Nick explained that, "if a company can reliably and consistently execute, their cost of capital will plummet. This may mean that you don't have to re-image 25% of your PCs every month."

Nick is quick to point out that value is an elusive concept for business leaders as much as it is for security and technology professionals. His suggestion is to use it as a basis to explain why information security goals are important to the business. 

Nicks experience is proof it's possible to increase security while increasing value to the business.

The Catalyst Questions

These are five questions asked during each conversation. The responses are as shared with me. 

1. What is your why? What drives you?

I've always struggled working for someone else. I want to create a company where I love working.

2. What still requires translation to be successful?

We get a lot of questions like “Will you work with my Juniper VPN?”. First, we wouldn't be much of a two-factor authentication company if we didn't! Second, RADIUS has already solved this problem. All the enterprise class VPNs, directories and 2FA systems support radius. You should not use any proprietary protocol or plugin for authentication. Except for custom apps where you might need an API.

3. What was your biggest failure? How did you recover? What did you learn from it?

We prepared a big announcement about a release and did some press releases and boom, the tsunami hit in the Indian Ocean. It was all wasted as nobody, not even me, was interested in doing business that day.

For a while we seemed to be cursed about marketing. But I realized that it didn't matter too much. We focused on the things we did well and gradually grew our business in a sustainable way. Since we started I have seen other companies raise capital, hire employees and then shut down when the revenue failed to materialize. Growth kills starts up more than anything else. Growing through cash flow forces discipline.

4. How do you prioritize and justify your efforts?

We have two priorities: existing customers and new customers. We want existing customer to have no support issues. This is good for us and them. We want prospective customers to be able to easily install and configure WiKID in their network. This means we often do tech support for other companies. We help people configure their Cisco VPNs or Active Directory. If someone needs support right away, we do that. Then we work on documenting the fix and sharing it out to the community, so it helps the next person, even if they might not be using WiKID.

5. Best piece of advice you ever got… and offer to others

Early on Glenn McGonnigle told me I needed a national/international focus. Later Adam Shostack said I needed to present at conferences. Then, Rafal Los told me to get on twitter. And suddenly, we had more exposure, were involved in Bsides Las Vegas and eventually Bsides Atlanta.

I'm slow on the uptake so it's good we don't have outside investors.

Connecting with Nick Owen

Who are you, how do you describe what you do?

My wife calls me a pathological entrepreneur. WiKID is my 4th startup. I like to say I am 1-1-1, but the tie may be a bit generous. WiKID is also my attempt to build a company for the long run, the kind of company I want to be a part of. So, we have no outside investors. We control our fate. It has been a long haul, but totally worth it.

I believe that as a start-up CEO I can't delegate what I don't understand, so I am very hands on and very technical. People are surprised that I do pre-sales engineering. One person thought I was also the only programmer. Any CEO that says “I have people that understand the technology” immediately loses credibility with me.

Where and how do you work?

I've been working from home a lot more. I set up a sit-stand desk that hangs from my basement ceiling via block and tackle. It reminds me of Frankenstein's laboratory. When I go to the office, I ride my bike there via the Atlanta Beltline park. It's great.

Being able to work anywhere is important to me. It allows me to spend more time with my family. When my mother-in-law gives me the stink eye for checking my phone I say “isn't great that technology allows me to be here instead of tied to my desk!”.

Where can we connect with you?

I'm active on Twitter @wikidsystems. It's a corporate/personal account. I'm also on #wikid on freenode pretty much every day and by email -- nowen at wikidsystems.com.  

Copyright © 2013 IDG Communications, Inc.

The 10 most powerful cybersecurity companies