Rapid7’s Mike Tuchen on Cyber Espionage and Startup Lessons

are now 10 times what they were in the year before his arrival. Rapid7 had more than 70 percent revenue growth in 2010 over the previous year, and had similar growth in 2011, he says. The company was cash flow positive for much of last year, and after the recent funding round, it expects to be cash flow positive again by mid-2012. Rapid7 will continue to expand, add new product lines, and make acquisitions, Tuchen says.

Rapid7’s business boils down to two main components. One is what Tuchen calls “automated assessment,” whereby the company’s software finds security flaws in an organization’s IT systems—things like software issues and configuration problems. The other area is what he calls “penetration testing,” whereby Rapid7 will test a company’s security system by trying to break in from outside, to demonstrate the urgency of any security flaws and make sure problems have been fixed. The latter business unit grew out of the company’s 2009 acquisition of Metasploit, a security firm that specialized in that form of testing.

Rapid7’s customers include big government organizations like the U.S. Department of Energy, universities such as Carnegie Mellon, defense contractors like Teradyne, and big brands like Liz Claiborne.

Lastly, here are five more highlights from my chat with Tuchen:

—On what he learned from his dot-com startup, Paramark: “We struggled outside of our skill set,” Tuchen says. The four-person founding team was great at engineering and product development, but was sorely lacking in sales, marketing, and profit and loss management, he says. So it’s important to bring in people with complementary talents.

—On advice for new entrepreneurs: Only start a company if you have a strong enough network to hire the first four or five people directly, Tuchen says. Otherwise it can be too much of a slog to get going.

—On Rapid7’s culture: Tuchen boils it down to “high energy.” And he says he largely inherited it when he came in. You can sense the passion and excitement in the company’s open floorplan at its Boston office, he says.

—On hiring: “The most important thing to get right is the people on the team, particularly at the senior levels,” Tuchen says.

—On acquisition targets: Tuchen wouldn’t tip his hand on any impending deals, but Rapid7 is probably looking to follow the Metasploit model. That is, work with a prominent entrepreneur (in that case, HD Moore, an open-source security expert) and combine his or her technical talent and projects with Rapid7’s marketing and sales expertise to build a new part of the business.

Pages: Page 1, Page 2

Author: Gregory T. Huang

Greg is a veteran journalist who has covered a wide range of science, technology, and business. As former editor in chief, he overaw daily news, features, and events across Xconomy's national network. Before joining Xconomy, he was a features editor at New Scientist magazine, where he edited and wrote articles on physics, technology, and neuroscience. Previously he was senior writer at Technology Review, where he reported on emerging technologies, R&D, and advances in computing, robotics, and applied physics. His writing has also appeared in Wired, Nature, and The Atlantic Monthly’s website. He was named a New York Times professional fellow in 2003. Greg is the co-author of Guanxi (Simon & Schuster, 2006), about Microsoft in China and the global competition for talent and technology. Before becoming a journalist, he did research at MIT’s Artificial Intelligence Lab. He has published 20 papers in scientific journals and conferences and spoken on innovation at Adobe, Amazon, eBay, Google, HP, Microsoft, Yahoo, and other organizations. He has a Master’s and Ph.D. in electrical engineering and computer science from MIT, and a B.S. in electrical engineering from the University of Illinois, Urbana-Champaign.