Dan McCall thinks the timing is right for Lexumo, a Boston-area startup aiming to help secure the world’s rapidly growing collection of Internet-connected devices and embedded systems.
And Lexumo’s leaders think McCall is the right person to take the two-year-old company to the next level.
Last week, Lexumo announced it hired McCall as CEO. He took over for co-founder Brad Gaynor, who shifted into the role of chief technology officer, according to Gaynor’s LinkedIn profile.
McCall (pictured above) has spent 30-plus years in the technology industry, working in cybersecurity, computer networking, data storage, and other areas. He previously co-founded Guardent, a managed security services provider acquired by Verisign in 2004 for $145 million, according to his LinkedIn profile.
McCall served as Verisign’s vice president of corporate development for two years before getting the startup itch again and founding Virtual Computer, which managed mobile and distributed computers on enterprise networks. He led that company for five years before selling it in 2012 to Citrix Systems, which named him a vice president and manager of its desktop and apps product unit.
Now, McCall is back at the helm of a small, young company. Lexumo spun out of Draper Laboratory—the not-for-profit R&D center next to MIT—to commercialize software that uses an automated process to sniff out vulnerabilities in open-source software written for connected devices and embedded systems. The technology was developed by Gaynor, Nathan Shnidman, and Richard Carback, who are PhDs with expertise in cybersecurity, big-data analytics, and machine learning.
Lexumo has raised nearly $5 million in venture funding from Accomplice, .406 Ventures, and Draper. The company currently has 15 employees and plans to double its staff in the next year, McCall says in an e-mail message. Lexumo will soon relocate from Accomplice’s offices in Cambridge, MA, to a nearly 5,000-square-foot space in nearby Burlington, MA, he adds.
Xconomy talked with McCall about his thoughts on Lexumo’s potential, his approach to building startups, the government’s role in advancing cybersecurity, what the security industry could be doing better, and more. The following is a lightly edited transcript of our e-mail exchange.
Xconomy: What drew you to Lexumo? What intrigues you about the company?
Dan McCall: There were really three things that made this decision easy:
1. The timing for a Lexumo is perfect. Open source is consuming the world of software, and [the number of] Internet-connected devices (consumer IoT, industrial IoT, and embedded systems) will soon eclipse mobile phones and computers combined. IoT devices are predominantly built on open-source software, which will make them the largest attack surface in the world.
2. Most of the time you look for a single, brilliant, and inspirational founder to partner with to build an early-stage company. In Lexumo’s case, I found three, all with PhDs and offering unique leverage and value to the company.
3. The approach, which was spun out of the prestigious Draper Labs and DARPA, is unique in our industry. Using big-data analytics and machine learning to understand software and replace the tedious and error-prone process that companies use today to secure their use of open-source software is a winner.
X: Any big lessons from your past companies that you will apply to your new role leading Lexumo?
DM: After spending time in both large and small companies, I think the most important thing to realize is that small companies succeed where large companies fail nearly every time because larger companies get so much LESS done in a week and generally do it with three to four times as many people. What that means to a smaller company like Lexumo is that we need to focus on execution every day because that’s our competitive advantage.
The second big lesson is making sure we keep our hiring practices at the highest level. Startups often make the mistake of a few mediocre hires because of the amount of work they have to do. When everyone is working 60-70 hours/week the desire to just get anyone to help becomes overwhelming. And it’s a mistake every time and actually detracts from productivity. This is doubly hard while we are working down in Boston/Cambridge with the land grab for talent that’s going on. I’m proud to say that today we’re a great team, to a person, and when we move from Cambridge to Burlington in a couple of months, we’ll open up a whole new pool of talent we can grow with.
X: What’s one widely held opinion/idea/prediction in the cybersecurity industry that you think people have got wrong?
DM: I think most people are missing the role the U.S. government is going to play in protecting our security interests.
First is regulatory. While government regulatory requirements (or the threat of them) has created a great deal of new expenses for certain industries, can you imagine a world without HIPAA, when a healthcare record is worth 10 times more than a credit card?
The next frontier is going to be