Company: Nok Nok Labs | Who:Phillip Dunkelberger, President and CEO
SecurityWeek: How did you start out in the computer field and in particular, security?
Phil: I’m 33 years in the industry, and started when Xerox entered the Internet. That started a security problem since you tied all the computers to the network. So security is a backbone of my career in the business. Later I was at Apple, then moved to Symantec where I got into the utility business such as backing up computers. That in turn led to anti-virus products – I was there when they created the first anti-virus products. In 1995-6 I was recruited to run sales for PGP and become the CEO. In 2007 we sold it to Network Associates (McAfee). McAfee had PGP until 2002 when they then announced to shut it down. At that time I was working in a traditional VC venture so I re-bought PGP and ran the company. Then in 2010, I sold PGP to Symantec for $300 million.
SecurityWeek: What brought you to join Nok Nok Labs?
Phil: I’m 30 years already envisioning running more companies. After PGP, I had a long talk with a colleague at Cisco who said: if you do come back – do something big. I realized I wouldn’t retire entirely if I can do something impactful. Nok Nok Labs is something that resonated well with the idea. It’s founded by three well-known guys: Taher Elgamal, Michael Barrett and Ramesh Kesanupalli. It had all the components – it’s an industry movement. Currently, username and passwords are broken and authentication needs to be fixed. Over the course of 5 months, I brought in the management team. We started working on the environment, raised the money and worked quietly – for 14 months – until today.
SecurityWeek: What does Nok Nok Labs do?
Phil: The product itself is the implementation of an authentication protocol, the Fast Identity Online Alliance (FIDO), created 30 months ago as an industry standard. FIDO is essentially the protocol that connects the device with the backend server. The protocol can use a variety of strong authentication methods such as the camera, microphone and biometric devices. This is much more manageable than the current method of username/ password, especially when using mobile. On the backend side, this is a much more secure method than using just a username/ password.
SecurityWeek: Can you give an example of the protocol’s usage?
Phil: Say you’re surfing to Paypal. The FIDO on the Paypal server checks to see if you have FIDO code on your machine and inventories the strong authentication methods on your machine. When you complete an action, Paypal pops up a box which states, for example, that you have a fingerprint reader which is appropriate for authentication purposes and Paypal wants to put you in a safer transaction mode.
The software sets up an encrypted token between your machine and Paypal, and a corresponding unlocking token on my Paypal account. The fingerprint is used only to unlock your part of the token.
When you next surf to Paypal again, instead of logging in with a username/ password, it will ask you to swipe your fingerprint.
SecurityWeek: Who is your target audience?
Phil: Target audience ranges from the enterprise to Web commerce and services, including services to the mobile worker, and extending to the consumer who is using a mobile tablet or PC.
In the enterprise, there are hundreds of systems that use a username/ password but require a stronger authentication.
Financial services need this solution to protect money and their intellectual property. We’re looking also at Web commerce vendors (Paypal), trading (e-trade) or companies that process credit cards (such as Netflix). There are additional services, say LinkedIn, who need to replace the username/ password combination.
Then there’s the in-between market: mobility. We use different devices, but when traveling – we mostly use the phone. The phone itself is used mainly for e-commerce and for corporate email. Currently, we’re using two different access modes but both are using different username/ passwords. It would be so much better to swipe a finger or PIN. The point is that I’m still the same person and would like to use the same method of authentication across multiple devices.
SecurityWeek: Funding-wise, what stage are you now?
Phil: We’ve raised $15M in an A round in November 2011.
It’s a big market and even if we only speak about mobile commerce and mobile for strong authentication.
Then there’s the enterprise. According to Cisco, there are currently 12B devices and by 2020 there’s going to be 50B devices. If by 2020 we get to 1/50 of Cisco’s numbers, we’ll have 1B users with this. We had to raise this capital since we’re building an infrastructure.
We’ll be raising capital again later this year and hopefully that will be that.
SecurityWeek: What’s your biggest challenge as an entrepreneur?
Phil: It’s a triad. The first thing is controlling your fear. Many people are afraid. There are lots of fears that drive you throughout your lifetime: am I going to the right school? Will I get the job? Is the market going to like the product? Are my peers going to stay with me? All these are rational fears but unless you control them they make you to conserve or take risks. Success has many fathers but failure only one. That’s common but true. If Nok Nok Labs won’t succeed for any reason, no one is going to talk about FIDO or about the sales teams, engineers, etc. – they’ll ask what I did. That sounds scary to people.
The second piece is once I control these fears, can I work to be disciplined and focused. When I started PGP people told me it was a failure from beginning. It was like that at McAfee and it will happen again. But we bought it for a few million and then sold for $ 300 Million – during the worst economical times.
The third triad is getting to surround yourself with people that are smarter than you. Not just specialized folks as hardware, or a VP of marketing. The point is to surround yourself with people that are not afraid to challenge your authority.
SecurityWeek: Any tips for others starting out?
Phil: There are two:
1. Know your markets – how big is it, who are the key customers.
2. Know you numbers – and know them cold. How much will it cost to get into production and to sell. How fast is it going to take– not to the release of the first product, but to the first profit.
SecurityWeek: Who are your competitors?
Phil: We’re enablers so we don’t have competitors. There are people who think we’re competitors – but we’re not. What we’re saying is that if you use our tools, then your tools will be easier. We allow more cars to run on their highway.
SecurityWeek: Other than yours what is your favorite startup – whether it is in security or not?
Phil: Social Fortress. Other than Nok Nok Labs, I’ve been spending time on this. It’s a really cool startup that allows you to encrypt your social media streams. Say, all your Facebook pages so only those you want them to view your pages can unscramble the encryption. It’s a really important aspect for enterprise customers using social media.
Disclaimer: I had the privilege of interviewing Phil right on the day of Nok Nok Labs formal launch date (February 12, 2013). Passion and belief in the product are mandatory ingredients in any entrepreneur. Double that with the excitement of a new launch and Phil and I had an engaging discussion. In order to keep this article to a readable length I was not able to relay our entire talk. Any cutbacks or lack of completeness are entirely mine.