Lessons From (Re)Building A Security Company From Scratch
getty
I've always admired the Roman architect Vitruvius, who once said that if you're going to build something, it ought to be beautiful, strong and useful. After spending the past two and a half years building the software and platform engineering teams, as well as a new security organization, at LastPass, I've come to truly understand how right he was.
I joined LastPass in 2022 as its chief secure technology officer (CSTO)—combining security and technology into one role—an opportunity I couldn't resist.
The business was taking the first of many steps to spin out from its parent company and form a stand-alone company. A whole new executive team of industry veterans was at the helm, setting out to deliver on the promise of tackling the decades-long, ever-complex challenge of passwords—making them more secure and more convenient for people and organizations.
This was my opportunity to integrate security by design, not just into the company's operations but throughout the entire product development life cycle. I would work alongside the leaders we had assembled to build something beautiful, strong and useful from the ground up.
Three months after I joined LastPass, the company was the target of a sequenced set of two security attacks that spanned multiple months and threatened to derail everything we were working toward. But in the end, it didn't. In fact, the security incident acted as an accelerant for the people, process, technology, controls and infrastructure initiatives we already had planned to build while establishing a new company from scratch.
In reflecting on this experience, I hope to offer something relatable in its honesty, strong in its lessons and useful to anyone tasked with rebuilding—not just systems, but trust. Here is how you can do it.
From day one, I knew that security couldn't be a checklist—it had to be a blueprint. If you want to drive innovation while keeping trust intact, security, privacy and engineering must be tightly coupled.
It's important to consciously embed security into every phase of decision-making and build the right teams around it—architecture, threat intel, governance, detection and response. We did it intentionally and with buy-in from across the company, leveraging the outcomes of decades of experience to understand where security can be a differentiator and become a business-enabler.
As an example, and something unique among password manager providers, we built a dedicated threat intelligence team. With backgrounds in counterterrorism and financial services, this team monitors threats, delivers actionable insights and automates threat response to help protect our customers, data and company. It's not just a line of defense—it's a proactive, strategic asset that keeps us a step ahead. That's what it means to design with security at the core.
Security and engineering won't click together on their own. You need to define how they'll collaborate—and then back it up with process, structure and, most importantly, the right people. We hired brilliant engineers from world-class companies and combined them with our existing team. The mix gave us a rare advantage: experience, new ways of working and belief in the mission.
Hiring great people is step one. Step two is giving them the space, clarity and support to do their best work—especially under pressure. As a leader, your job is to make sure they know you trust them and to give them the resources they need to succeed.
We built an entirely new development infrastructure in months because the team believed they could. And they were right. Transparency was our prerogative, and that's why we documented how we made LastPass secure. We have a trust center where we reflect, and we've also created a publicly available compliance center for close to real-time monitoring of LastPass systems and access to the latest certifications.
We didn't just rebuild the platform; we reimagined it through the lens of the customer's experience. What did users need? Where were the friction points? What would make them feel safe, confident and in control?
That's what drives decisions—from introducing stronger password recovery options and implementing secure sharing to strengthening master password protections and encrypting sensitive data fields. Through hackathons, we've started to integrate new features and functions like AI into our platforms.
Under pressure, perfection is a luxury. Progress is a necessity. There were days when we moved fast because we had no other choice. But every sprint, every decision, every hard call got us closer. You need to be flexible, decisive and focused on what matters most—especially when time and attention are scarce resources.
I'll never forget the conversations I had with dozens of CISOs from our customer base—internalizing their concerns and their wishes for the new LastPass. The first time a CISO asked me, 'How are you doing?', I was moved to tears. Imagine possessing such empathy and grace.
This—the security and experience of the people behind our product—was our raison d'être, fueling us through every 20-hour workday. So here is my advice: Talk to your customers. Listen. Internalize what they're worried about. Let it shape your work. Then build something worthy of their trust.
That's what we did. We started with a mission, built a blueprint for success and responded to adversity with momentum through our people, empowered and enabled by the support of our leadership. We've seized a once-in-a-lifetime opportunity. We have built something beautiful, strong and useful—and so can you.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Insider
2 days ago
- Business Insider
Meet Zuckerberg's brand-new AI dream team
Meta CEO Mark Zuckerberg just hired his dream team of AI avengers, raising the stakes in the all-out battle between Big Tech companies for talent. On Monday, Zuckerberg announced the launch of Meta Superintelligence Labs, a group of star researchers that Meta poached from its AI competitors and has tasked with building a "personal superintelligence for everyone." Interest in the new unit surged after OpenAI CEO Sam Altman claimed that Meta is offering recruits $100 million signing bonuses. But the team also offers a glimpse into what Meta is up to on AI, which it has mostly kept under wraps so far. Meta is clearly interested in using multimodal AI, which means using AI to generate images, video, and speech. It has hired multiple people with expertise in this domain. The new hires also show Meta is keeping very close tabs on OpenAI, since most of them worked on training OpenAI's latest models. (Meta wouldn't be the only Big Tech firm obsessed with beating ChatGPT.) Meta has said it will disclose other hires later, so it's still early. Regardless, the hiring blitz has commanded Silicon Valley's attention. Whatever form it takes, Meta's new team stands to shape whoever controls the future of AI. Meta didn't comment for this article. Leaders Alexandr Wang will lead the team as its Chief AI Officer, according to Zuckerberg's memo. At only 28, Wang has already cofounded and led Scale AI, a startup that helps Big Tech train their latest AI models. Meta recently invested $14 billion into Scale as part of a deal to hire Wang. Wang has a strong interest in AI progress: while he was at Scale, for example, the startup helped create an especially difficult test for AI systems called Humanity's Last Exam. Nat Friedman will co-lead Meta's lab with Wang, Zuck's memo says. Friedman is best-known as the former CEO of Github and as an AI investor who has backed startups like Stripe and Perplexity. Friedman has also served on Meta's AI advisory group since May 2024. He's dabbled in other projects, too, like funding a program to decode an ancient Roman scroll charred by the Pompeii eruption. Researchers and others Trapid Bansal is a former research scientist at OpenAI, where he co-created the company's leading o-series of AI models, Meta's announcement says. OpenAI's o3 model is touted by OpenAI as its most powerful "reasoning" model. Reasoning is a trend that's taken over AI this past year, and involves AI chatbots fleshing out their 'thoughts' before answering a question. Jiahui Yu used to lead OpenAI's perception team, which works on multimodal AI, and co-led Gemini's multimodal efforts when he worked at Google, according to his personal website. He's also helped build some of OpenAI's latest models, Meta says. Shuchao Bi also worked on multimodal AI at OpenAI, co-creating GPT-4o's voice mode. He also co-created YouTube shorts when he worked at Google, according to a Columbia University profile page. Huiwen Chang is an expert in multimodal AI who helped launch image generation for OpenAI's GPT-4o model, Meta says. Prior to that, she used to work for Google and Adobe, according to her LinkedIn profile. Ji Lin is a former OpenAI research scientist who specializes in multimodal and reasoning models, his personal website says. He's also a co-creator of several of OpenAI's latest AI models, Meta says. Hongyu Ren also worked at OpenAI, where he led a team focused on post-training AI models. "Post-training" means improving an AI model's performance after the model itself has already been created. Shengjia Zhao is a co-creator of ChatGPT and previously led synthetic data at OpenAI, Meta says. Synthetic data means using AI-generated data to make AI models smarter — another big AI trend as AI labs run out of materials to train on. Johan Schalkwyk worked as a machine learning lead at Sesame, a startup building software and hardware that can chat naturally with people. Schalkwyk previously worked at Google on speech-related technologies, including leading a 'moonshot' effort to expand Google's support to 1,000 languages, according to his LinkedIn page. Pei Sun worked for Google creating the most recent generations of AI models for Google's self-driving car subsidiary Waymo. Sun also worked on post-training and reasoning efforts for Gemini, Google's ChatGPT competitor, according to Meta's announcement. Joel Pobar worked on building inference systems for OpenAI rival Anthropic. That means making sure massively popular AI systems have enough data centers and other tools to run smoothly. Prior to joining Anthropic, Pobar worked at Meta (then Facebook) for about a decade, leading engineering teams, his LinkedIn page shows.
Business Insider
2 days ago
- Business Insider
Meet the people Zuck hired for his AI superintelligence team
Meta CEO Mark Zuckerberg just hired his dream team of AI avengers, raising the stakes in the all-out battle between Big Tech companies for talent. On Monday, Zuckerberg announced the launch of Meta Superintelligence Labs, a group of star researchers that Meta poached from its AI competitors and has tasked with building a "personal superintelligence for everyone." Interest in the new unit surged after OpenAI CEO Sam Altman claimed that Meta is offering recruits $100 million signing bonuses. But the team also offers a glimpse into what Meta is up to on AI, which it has mostly kept under wraps so far. Meta is clearly interested in using multimodal AI, which means using AI to generate images, video, and speech. It has hired multiple people with expertise in this domain. The new hires also show Meta is keeping very close tabs on OpenAI, since most of them worked on training OpenAI's latest models. (Meta wouldn't be the only Big Tech firm obsessed with beating ChatGPT.) Meta has said it will disclose other hires later, so it's still early. Regardless, the hiring blitz has commanded Silicon Valley's attention. Whatever form it takes, Meta's new team stands to shape whoever controls the future of AI. Meta didn't comment for this article. Leaders Alexandr Wang will lead the team as its Chief AI Officer, according to Zuckerberg's memo. At only 28, Wang has already cofounded and led Scale AI, a startup that helps Big Tech train their latest AI models. Meta recently invested $14 billion into Scale as part of a deal to hire Wang. Wang has a strong interest in AI progress: while he was at Scale, for example, the startup helped create an especially difficult test for AI systems called Humanity's Last Exam. Nat Friedman will co-lead Meta's lab with Wang, Zuck's memo says. Friedman is best-known as the former CEO of Github and as an AI investor who has backed startups like Stripe and Perplexity. Friedman has also served on Meta's AI advisory group since May 2024. He's dabbled in other projects, too, like funding a program to decode an ancient Roman scroll charred by the Pompeii eruption. Researchers and others Trapid Bansal is a former research scientist at OpenAI, where he co-created the company's leading o-series of AI models, Meta's announcement says. OpenAI's o3 model is touted by OpenAI as its most powerful "reasoning" model. Reasoning is a trend that's taken over AI this past year, and involves AI chatbots fleshing out their 'thoughts' before answering a question. Jiahui Yu used to lead OpenAI's perception team, which works on multimodal AI, and co-led Gemini's multimodal efforts when he worked at Google, according to his personal website. He's also helped build some of OpenAI's latest models, Meta says. Shuchao Bi also worked on multimodal AI at OpenAI, co-creating GPT-4o's voice mode. He also co-created YouTube shorts when he worked at Google, according to a Columbia University profile page. Huiwen Chang is an expert in multimodal AI who helped launch image generation for OpenAI's GPT-4o model, Meta says. Prior to that, she used to work for Google and Adobe, according to her LinkedIn profile. Ji Lin is a former OpenAI research scientist who specializes in multimodal and reasoning models, his personal website says. He's also a co-creator of several of OpenAI's latest AI models, Meta says. Hongyu Ren also worked at OpenAI, where he led a team focused on post-training AI models. "Post-training" means improving an AI model's performance after the model itself has already been created. Shengjia Zhao is a co-creator of ChatGPT and previously led synthetic data at OpenAI, Meta says. Synthetic data means using AI-generated data to make AI models smarter — another big AI trend as AI labs run out of materials to train on. Johan Schalkwyk worked as a machine learning lead at Sesame, a startup building software and hardware that can chat naturally with people. Schalkwyk previously worked at Google on speech-related technologies, including leading a 'moonshot' effort to expand Google's support to 1,000 languages, according to his LinkedIn page. Pei Sun worked for Google creating the most recent generations of AI models for Google's self-driving car subsidiary Waymo. Sun also worked on post-training and reasoning efforts for Gemini, Google's ChatGPT competitor, according to Meta's announcement. Joel Pobar worked on building inference systems for OpenAI rival Anthropic. That means making sure massively popular AI systems have enough data centers and other tools to run smoothly. Prior to joining Anthropic, Pobar worked at Meta (then Facebook) for about a decade, leading engineering teams, his LinkedIn page shows.
CNBC
2 days ago
- CNBC
Goldman says this newly public obesity play can surge nearly 60%
Newly public virtual care company Omada Health is a strong pick for investors seeking long-term growth, according to Goldman Sachs. Analyst David Roman initiated coverage of Omada Health with a buy rating and 12-month price target of $29. That suggests roughly 58.5% potential upside ahead for the stock, which made its public debut on the Nasdaq on June 6. "At current levels — considering the growth trajectory of the business, near-term path to profitability, and below peer valuation — we see OMDA offering compelling risk/reward," Roman wrote in a Monday note to clients. Roman is particularly bullish on Omada's clinical value proposition and growth trajectory driven by its programs. Omada employs what it describes as a "between-visit care model" to virtually support patients with chronic conditions tied to obesity— such as prediabetes, diabetes and hypertension — between their regular doctor's appointments. According to Roman, the Omada program has seen strong results from clinical and economic studies, adding to its growth trajectory and value proposition for stakeholders. The company's approach has "resulted in an engaging patient experience, robust clinical evidence which we believe will be increasingly important to employer-customer decision markers, and a strong ROI proposition that should resonate with payors," he said. Separately, Roman believes that Omada has significant room to grow given that roughly 156 million patients in the U.S. have 1 or more chronic conditions, and because the cost burden of chronic conditions in the U.S. sits at over $1 trillion annually. "The company sits within a large are growing market opportunity where there are significant unmet needs and secular drivers of growth," he said. The San Francisco-based company has seen skyrocketing growth , boasting a 57% increase in first-quarter revenue to $55 million from $35.1 million during the same period last year. Omada generated $169.8 million in revenue in 2024, up 38% from $122.8 million the previous year. Looking ahead, Roman is optimistic that Omada's partnerships with weight management program EncircleRx and CVS, along with its GLP-1 program, could drive higher revenue growth. Omada went public in early June, pricing its IPO at $19 per share. Since then, however, shares are down slightly.
