In October, Corey Thomas took over as chief executive of the Boston network security firm Rapid7 Inc., a fast-growing tech company that is expected to go public as early as next year. Thomas took over the job from Mike Tuchen, a former boss at Microsoft Corp. and a longtime mentor. The Globe recently spoke with Thomas about computer security, minorities in the tech world, and getting Rapid7 ready for Wall Street.
Rapid7 is built on the premise that business networks are insecure. What’s the most common security lapse you find?
The largest security lapse is people failing at the basics. Lots of people spend lots of time and energy looking at obscure use cases and state-sponsored attacks. It’s the complexity of the overall IT and security infrastructure that ends up catching most people.
You seem to have a lot of competitors. Is network insecurity good for the software business?
I look at it in a slightly different way. If I could, I would design systems that were completely secure. But the reality is that technology has drawbacks. It introduces risks into businesses. But as long as technology is an enabler, it’s worthwhile for companies to figure out how to deal with the downsides. We want to minimize the cost and the effort to deal with the downside. That’s not just a positive thing for our business, it’s a positive thing for society.
Without buying Rapid7’s products, what is something a typical business can do to improve network security?
Have good planning in place for how to think about core systems and access controls. There’s not enough thought or planning that goes into how to configure those systems. If people do well in that dimension, they’ll do a phenomenal job of lowering overall risk.
What’s the thing that keeps an IT manager up at night?
Users are now responsible for their own devices, and they are posting on business critical servers.
Rapid7 raised $50 million in venture capital funding last year. What has it done with the money?
We’ve been investing in expansion. A portion of the money went into expanding our footprint but, by and large, most of the money has gone into hiring engineering teams and extending our product portfolio.
Will Rapid7 go public next year?
Our viewpoint is that if we build a great business, there are going to be lots of different ways to [cash in] for our employees and investors. We expect to [launch an] IPO, but we haven’t put any specific time frame on the IPO. We’ll do it when we feel ready and the market is ready.
What’s the most difficult part of getting a company ready for Wall Street?
How do you keep energy, the customer focus, and the passion but at the same time balance that with the controls and processes you need to deliver a predictable business? We want predictability, but on the other hand we want imagination and creativity. How we balance those tensions is something we’re constantly focused on.
You and your predecessor, Mike Tuchen, both worked at Microsoft. What’s the connection?
I worked for Mike at Microsoft, and he’s been a mentor who’s helped groom me for this job and many different jobs.
You’re one of just a few African-American tech chief executives. Do you think more should be done to encourage African-Americans to pursue jobs in tech. If so, what?
Technology is better by having a diversity of backgrounds and perspectives that are engaged. Creativity is really driven by the diversity of perspectives that you bring to bear. One of the best things that we can do is just provide access and mentorship on a broader basis.
How’s that playing out at Rapid7?
We’ve started an internship program, and we’ve done lots of outreach to both women and minorities. We are trying to make sure we have a selection pool. We’re going to continue investing in those sorts of programs.