While most Americans assume online thieves want government secrets, intellectual property, and financial information, companies like FireEye know that they’ve also started targeting city infrastructure, health-care systems, and universities. While other cybersecurity firms push old solutions like antivirus software, FireEye is combating advanced attacks with a combination of technology, intelligence, and expertise. The fast-growing company has surpassed hundreds of millions in annual revenue and is expanding quickly in global markets. FireEye’s general counsel, Alexa King, shares what the company is doing to disrupt a frenetic industry.
As a former litigator, what drew you to FireEye in the first place?
Alexa King: I got a taste of what it felt like to be more engaged with a client when I was at a firm and had three cases with the same client. I saw how my knowledge of their business improved my work, and I knew then that I wanted to go in-house. I did that with a company called Siebel, which Oracle later acquired. I was then asked to be the GC of Aruba Networks and got to go in as the first lawyer and build a department at a pre-IPO tech company. On my sixth anniversary, I told the CEO that I was ready to build something new, and four months later I was at FireEye. I was excited by their innovative technology and the chance to create a new team and help take the company public.
How did you know that FireEye was a good fit?
King: With a tech company, it all rises and falls on innovation. I met with our founder, Ashar Aziz, for two hours, and I was incredibly impressed with FireEye’s technology and also with him as a person. He originally came from Pakistan, and ten years ago, after selling his prior company, he realized there’s a new generation of advanced attackers in cyberspace that traditional companies can’t stop. He worked out of his living room; he created something no one else has and took security to the next level. I saw a great founder with a great vision who had built something innovative. Then it became a question of, “Do you fit in and can you add value?” I spoke to many FireEye executives and board members and felt that my answer was a yes.
Tell me more about what Aziz built that’s so different from what other cybersecurity firms can do.
King: The landscape is rapidly evolving with extremely sophisticated attacks and well-funded campaigns. Today’s attacks are advanced, stealthy, targeted, persistent, and often unknown. New generation hackers are seeking sensitive information from companies, organizations, and governments around the world across all industries. Simple firewalls and traditional means just cannot combat these attacks the way our platform can. The proprietary technology that Aziz created is called MVX, and it is a new approach to security using virtual machines to detect unknown and known attacks across all vectors, such as e-mail, web, and mobile.
How does FireEye’s platform work? What’s the alternative?
King: The FireEye platform fills the security holes left open by next-generation firewalls, intrusion prevention systems, gateways, and AV. We’ve invented a purpose-built virtual machine and threat-prevention platform that differs from traditional signature-based security. Think back to the era of Bonnie and Clyde when there were “Wanted” posters on the wall. When the bad guys walked into a bank, people recognized them. Today’s threats are like shape-shifters. Our signature-less approach allows us to detect threats in real time as well as reduce the time to contain and resolve the threat, thereby preventing or minimizing the business impact of these threats. We pick up attacks that others miss.
We have a threat map on our website that tracks attacks. Just yesterday alone there were 19,682 coming from all corners of the world across all industries. It’s getting more and more sophisticated, and traditional solutions aren’t working. Our platform also includes a managed defense component. We are finding that more and more customers want a security partner that can help manage their entire cyber-defense operation. They just don’t have the expertise and intelligence to apply on top of their technology buys.
What have you done to build your team since your arrival in 2012?
King: The first thing you want to do is build business relationships. You have to understand how legal can enhance and support the overall vision of the company. Then I sat down to understand the kind of legal team I needed to build that would be able to move very quickly to help a business that wants to grow fast. We needed the right contracts and the right people supporting the field to get deals done quickly and well. I also did a deep dive into intellectual property—I always check on the patent portfolio first, because many times start-ups haven’t had the time to strategically build one.
You took FireEye through its IPO. What was the legal department’s biggest contribution there?
King: Although an IPO is exciting and important, it’s just one day in the life of the company. Of course we helped with drafting all the documents and ensuring all the SEC rules were being followed, and we worked closely with marketing and investor relations on messaging, but a good general counsel is focused on preparing the company for the day after the IPO. We need employees to know what the company expects from a governance perspective so everyone can hit the ground running. It’s critical to have deep discussions with the board and management about what kind of company you want to be. Then, my goal is to get out there and do as much training as possible. Policies are just a piece of paper unless you sit with people and explain why they matter.
And during all this, FireEye was growing at an incredible rate. How did you manage that?
King: Right. We hired two thousand people in a year and expanded into sixty new countries!
That must have been a huge challenge from a legal perspective.
King: We worked with HR and finance very closely to make sure we would set up the right policies, procedures, and legal entities in so many varied jurisdictions around the world—each with their own rules and regulations. I set up an “entity counsel” and had partners from HR, global payroll, treasury and tax, and stock admin sitting on a committee to talk about where we were hiring and what was needed.
There was also an acquisition.
King: Yeah. Saying 2013 was a busy year would be an understatement. I had twin girls who were born in August. The IPO was in September. Then we did a billion-dollar acquisition of Mandiant, which closed the very end of December.
King: Now we’re making sure our growth is scalable, and that all our integration processes are in place. We’re moving forward strategically and thoughtfully from patents to entities to making sure our sales teams are properly trained to having the right contracts for each deal to everything else in between.
What has this growth been like from your office? How have you grown the legal team?
King: I look for four things: smart, fast, business savvy, and nice. Nice is important because when you work closely for many hours, you better get along! Our business partners have been very supportive, starting with our CEO, who knows a strong legal department is critical. We’ve built the department from one to twenty-one people in less than two years.
Where is FireEye headed?
King: We have to continue to innovate and stay one step ahead of the bad guys. In addition to our headquarters in California, we’ve opened research and development centers in India and Germany. We have to do our job when it comes to educating the public, which has only seen the tip of the iceberg. There are attackers out there who are gaining more and more tools to launch attacks on various organizations all around the world. There is really no safe place. FireEye is working very hard to stop them.