Will Ackerly, the founder and CTO of Virtru, left the NSA in 2012 to solve a big problem: securing personal digital communications. Today, his product Virtru enables anyone to counter the asymmetry of the current communications environment by giving people more control over their digital information. A fierce privacy advocate, Will talks about why he started Virtru, productizing his vision, and DC's tech scene.
What does Virtru do?
Virtru is a data-centric security company. We allow people to put their information online but in a way that they don't give up control of that data and they can continue to use the tools they like to use every day. So whether that's sharing attachments or files or email, what we do is end-to-end protection so you can continue to use your Gmail or Yahoo. We ensure that only you and the people that you're communicating with have access to that data and you can control after you send it - expiration and revocation.
When did you start Virtru?
So in terms of Virtru proper, it's been since 2012 when I left the government. But in terms of working in the space of trying to make secure collaboration really easy, it's been since 2005.
Why start the company?
Before Virtru, I spent eight years at the National Security Agency working to try to come up with ways to protect information both for the US and its partners. I realized two critical things throughout my years there. One, there really aren't good protection mechanisms for the government. But more importantly was the realization that there aren't easy-to-use protection mechanisms for everybody else. So as an individual out there on the internet there are even fewer regulations of what companies can do with your data. The companies that are making your life on the internet possible, whether it be your internet service provider, or the ones providing those services are on the cloud. Whether it be your email or file sharing...
The providence of Virtru comes out of a realization that it's not about a new encryption mechanism or something crazy technical in that regard, it's really about making it super easy. Because encryption has been around for a while, it just hasn't been that accessible so I was waiting for someone else to do something like this and I started using it for my personal email, but I realized the best way to kind of make that happen was to do it ourselves.
Some might find ironic that an NSA vet is starting a data privacy company?
I think in a sense there might be some irony there for sure but I also think it's a real opportunity. If you look at who would be in a position to really understand the threats that are out there and the vulnerability of the tools that are out there, I think there really is no better institution than the NSA to give you that insight and the knowledge required to build something that truly is effective. And from that standpoint it was also a big motivating factor for me.
Can you talk about what you learned as you developed the product?
It was interesting. At first we thought that we could boil the ocean and basically create a presence one by one on all the major platforms that anyone would ever want to consume on email, and that's what we thought was necessary. But we soon learned that was not an effective agile process. You need to get out there and learn and modify what you're doing. We got our browser plug-in out there to get into Gmail and Yahoo, and then Outlook. We quickly learned that there were so many important things we had to do to learn to get the product out there. The big hurdle for us was learning how to be agile and reactive. The biggest thing after that, once we got a good agile process going, was learning how to build the things that would generate revenue. Because from a product standpoint, encrypted email is all well and good, but what we learned is that if someone's going to be paying for this in a professional context, more likely than not, they are going to want the tools to be able to manage a team.
What were your interests early in life?
I was born and raised in Washington D.C. As a kid, I had a lot of very quirky interests. I started coding when I was in fourth grade and because one of the kids in my carpool was just a savant coder and my mom needed some way to keep me occupied, so she would pay him a little bit to come teach me code. One of the first programs he showed me was a program putting random dots on a screen and he was like 'hey look, it looks random doesn't it?' and then after a while you'd see a pattern. He said, 'random is not always random. If you are talking to a computer you have to be very careful about how you are getting your random. And this was sixth grade. It wasn't until I got to the NSA that I realized how true that is. If you're cutting keys for a door and they have the same pattern every time or you're doing encryption keys for securing communications, it can't be guessable. If its guessable, it doesn't matter how good the door system itself is, right, if you can guess the key. Anyway, that's sort of where the super geek in me sort of started.
You are a well-financed start-up that's gotten a good amount of press and you have a very easy to use product both for individual consumers and the enterprise. You are in D.C. Can you talk about starting this kind of company not in San Francisco or Silicon Valley?
I think one thing that a lot of people don't realize is how competitive D.C. is with regards to tech talent, generally. There are a lot of companies here who have a lot of engineers who really understand their stuff well. When it comes particularly to security, I think D.C. has a huge advantage over, I think, over anywhere else. I've recruited quite a few people who have deep technical background in security, and it simply is just harder to find on the West Coast.
You can listen to the complete interview here.