What security companies – and all of us – can learn from the Deadspin debacle

Full disclosure: I’m a huge Philadelphia sports fan. My favorite teams are the Eagles, Sixers, Phillies and Flyers. Like many Philadelphia sports fans, I have a complex love/hate relationship with them. The first song my kids learned in its entirety was the Eagles fight song. I’ve kept this up in the 3+ years since we’ve moved to Indiana. My football jersey I wear is a Nick Foles #9. I always want to see the Sixers at the Indiana Fieldhouse, where there are a lot more Joel Embiid and Ben Simmons jerseys than you would expect in the land of Reggie Miller and Bob Knight when they play here. Instead of the vanilla coverage presented by sports sites, I read a site that told it with an edge, truth and honesty about Philadelphia sports that no one else outside of Charles Barkley would. Even the great Philadelphia sports radio station WIP lost its edge. However, Deadspin was there to pick it up.

What was Deadspin?

This past week brought terrible news to those of us that are fans of Deadspin, the sports blog that never just covered sports. Since the Gizmodo Media Group’s acquisition (from Univision) by Great Hill Partners, a private equity firm, and their renaming to G/O Media, a lot has happened. Their new CEO, Jim Spanfeller – the former head of Forbes.com and The Daily Meal – and editorial director Paul Maidment made drastic changes. They wanted to move away from some of the more controversial and non-sports material, and “stick to sports.” The environment became incredibly toxic and morale plummeted, as evidenced in Laura Wagner’s August 2019 article, “This is how things work now at G/O Media.”

It all came to a head a week ago, when they fired interim editor in chief Barry Petchesky, and the majority of the 10 staff writers resigned. Then Drew Magary, the most famous writer on the site, also resigned, and the rest of the staff soon followed. What was once a thriving website is now essentially a zombie website. Thanks, G/O Media!

What can we learn from its downfall?

Two big lessons can be learned from this debacle. First, when you bring in a CEO to maximize profits and value – as private equity firms do – you shouldn’t destroy what made the organization great. Secondly, the real talent will easily find new homes, and they’ll continue to create great things (content, product, etc.) for someone else.

In the name of profit

Spanfeller had one job, which was to maximize the investment that Great Hill Partners made in acquiring the Gizmodo Media Group from Univision. However, as Wagner’s article demonstrated, his attempts include micromanagement, lack of communication, not engaging teams for feedback and managing through fear and his temper. What this creates is a culture of toxicity, and a place that makes team members feel unwelcome.

If you don’t engage the people who make the company what it is, they’re going to walk. If you create a culture of uncertainty in the face of major changes, people are going to leave. If you mandate changes –  not based on actual customer or user experience, but because of how it was done elsewhere – you’re going to drive a wedge further between the executive team and the rest of the company. Most importantly, if you put artificial barriers around what people do that are part of the reason for their success, and fire people for stepping out of them, you will cause a mass exodus. That’s what happened at Deadspin this past week.

This is a clear example of how not to run a team. Effective managers keep teams engaged, communicate well and keep a culture of certainty even when there is turnover in senior leadership. Healthcare, like many other industries, is infamous for what we call “churn at the top,” where senior leadership changes significantly more rapidly than the levels beneath them. Each of those leaders has their own mandates from other leaders and board, and their own management style.

The most important lessons taught in business school and leadership courses include listening to your customers, listening to your team, having clear lines of communication and not micromanaging. You have to ensure that people are able to do the jobs you entrust them to do without constantly undercutting them, and not forcing changes through fear. Just because you did something well somewhere else many years ago doesn’t mean it works in a different place with a different team. You were brought in to lead and listen, not to force your point of view on others and assume your methods will lead to success.

In the security world, that means talking to everyone who will accept an appointment with you and getting 2-3 names from them. It also means identifying and assessing risks that you find and building plans to address them. It does not mean blindly implementing solutions you think are needed based on your assumptions. This is why many security solutions fail. It’s not the vendors or the products, it’s that last mile with customers and the supporting team that determines success.

McAfee – One of the originals

One of the original security companies was McAfee, which began life as McAfee Associates in 1987. They were founded by larger-than-life personality John McAfee. Over the years, they merged with Network General, PGP Corporation, Foundstone, Nitro Security, Secure Computing, Safeboot and many other companies to build a comprehensive security portfolio. They were one of the first comprehensive security companies to exist, offering everything from endpoint protection, encryption, network sniffers, firewalls and professional services to the enterprise management tools needed to deploy these in a large environment.

[Incidentally, the long, strange tale of cybersecurity mogul John McAfee is the subject of an upcoming movie starring Zac Efron called King Of The Jungle, based on the Wired article “John McAfee’s Last Stand”…but that’s fodder for a different post.]

They were acquired by Intel in 2010 for $7.68 billion dollars. Between 2010-2017, when they were spun back out, there was significant turmoil. As of 2016, McAfee was worth $4.2 billion, which was significantly less than what Intel paid for it. Intel sold a 51% majority stake in McAfee to TPG Capital for $1.1 billion, meaning they took a significant loss. They plan on having another IPO to raise capital, and eventually make Intel’s investment whole.

There were failed attempts to integrate the McAfee security technology into Intel’s chips. Intel is not a security company, and because of that, initiatives and discoveries that would have gotten the attention of a pure security company did not get the attention they needed. They did not contribute significantly to revenues in a company where gross profit margins routinely hover around sixty percent for processors.

Finally, Intel was attempting to compete with other security companies, many of which needed their partnership to address cybersecurity issues. Having them both manufacture the chips that most of the server, desktop and laptop worlds used, and the anti-malware products to protect them precluded meaningful partnerships. Ownership hindered the ability of Intel to work meaningfully with other companies, as they feared that their intellectual property would end up part of McAfee.

Intel tried to maximize their investment, and due to multiple environmental factors, the acquisition did not go as planned, and caused a significant loss of value for McAfee. They went from being a well-performing independent company with a focus on cybersecurity to a comparatively low-performing business unit that had to compete with products that made significantly higher profits for investment, and obstructed potential partnerships.

Most importantly, Intel was not a pure security company. They attempted to leverage the technology McAfee brought to the table using methods they knew, and it didn’t work. Much like Jim Spanfeller, the techniques used in one place didn’t work somewhere else. The poor fit caused disengagement. Like Deadspin, Intel bought a company with grand plans to increase their value, and it didn’t work out.

There was correspondingly high turnover from team members due to these factors. However, the talent that left went on to do great things, and three great companies came out of these changes.

Cylance, Crowdstrike and Demisto

Stuart McClure was the co-founder of Foundstone, which was a security consultancy acquired by McAfee in 2004. He left in 2012 to cofound Cylance, which was considered one of the first companies to apply artificial intelligence, machine learning and cloud-based technologies to endpoint protection. Cylance grew into a very successful competitor to McAfee and was later acquired by Blackberry for $1.4 billion dollars.

Two of the other co-founders of Foundstone, Dimitri Alperovitch and George Kurtz, went on to found Crowdstrike, which provides endpoint security, cyber response and professional services and threat intelligence to numerous public and private customers. Crowdstrike has had many successful engagements and detected hacking attempts from numerous hostile third parties. They are public and worth over $1 billion dollars.

Rishi Bhargava, Slavik Markovich, Dan Sarel and Guy Rinat all left McAfee to found Demisto, which is a product/service that automates security and incident response. They were one of the leaders in the Security Orchestration, Automation and Response (SOAR) space. They were able to develop a leading product in this space quickly, and were acquired by Palo Alto Networks, who is currently assembling a complete suite of products reminiscent of McAfee or Symantec, for $560 million in cash and stock earlier this year.

Learning to fly

We can only hope the talented team members who left Deadspin for obvious reasons can learn the lessons from the founders of Cylance, Crowdstrike and Demisto and use it as an opportunity to kickstart something new and different. Maybe some of them will create new companies or find other ones that will help them succeed. If so, I hope they land at places with leaders that inspire and value their teams and help them succeed.

And if leaders like that don’t exist, be your own.

It’s good advice for all of us.