Q&A: FireEye CEO Mandia On His One-Year Anniversary, Partner Milestones And Work That's Left To Do

One Year In

When Kevin Mandia took over as CEO of FireEye a year ago, the company was ready for a change. Over the past year, the company has rolled out new technology – including its Helix platform – and pushed to repair its damaged relationship with the channel. The ultimate goal, Mandia told CRN, is to get FireEye on a path away from its on-premises sandbox roots to a full-fledged, cloud-based security company. In an interview with CRN around the anniversary of his June 15 start date in the role, Mandia talked about what he feels the security vendor has accomplished in the past year, the changes it has made, and what work remains to be done. Take a look at what he had to say.

Looking back, what was the state of FireEye when you first joined the company?

Walking in as the founder and CEO of Mandiant [when FireEye acquired Mandiant in 2014] is a little bit different than walking in as president of FireEye to the CEO of FireEye. It's just a different job and different expectations. Walking in as CEO of Mandiant, I have always thought it is strategically important to respond to every breach that matters because it helps drive the security innovation cycle … I felt the need of a product and services company joining at the hip.

Taking over as CEO [of FireEye a year ago], probably the first thing I wanted to do is: we are really known for a sandbox on-premise appliance, yet our solutions are much broader than that. I wanted to be able to tell people we're going from an on-premise sandbox company to a hybrid everywhere security company. That is something that takes years to take that journey, but from an innovation standpoint, that’s what we're doing ...We're on that journey and that started Day 1, the minute I got to the helm it was: let's innovate out of the sandbox and into a real security company.

What are some of the big milestones you've accomplished on that journey over the past year?

On the innovation side, I would say its two things … With [the Helix platform we launched in Novemer], we are making it the interface to all FireEye products and being able to take alerts from everyone else's products as well. We are combining SIEM capabilities, with workflow, with threat intelligence management, with the integration to do countermeasures, all of that right in our product dashboard. That's what Helix brought to bear: network security, endpoint security, and we know what to look for with those two - all in one package … I like the bundling capability of that.

The second one is endpoint … We have always had the goal of detecting what AV detects and detecting what AV misses. We can do [both of those] in multiple ways … We also have the forensic capabilities, skills and experts so you can actively hunt for things as well. I like our endpoint opportunity now … I think endpoint is going to be our first real [product for the channel] … That's why I'm pretty excited about going into the second half of this year and really funding [millions of dollars of] marketing with our channel and our partners for our endpoint initiatives.

What were some of the milestones over the past year with FireEye's partner community?

I thought we were ambiguous, and maybe that was part of the challenge. When it came to partners, let's go back to 2014. About a month after we were bought …I think right then there was some confusion with our partners: Who are these Mandiant guys and what are they going to do? I would sit in meetings with our partners, and we didn’t do a good job clearly delineating our lanes on what we were going to do and what they were going to do. We could have done better – let's put it that way.

I recognized that, so in June of last year, when I became CEO, it was clear we have to tell our partners the lanes … We hadn't done the work to have a policy that was unambiguous. Now, we have done that. We launched that at the beginning of this year. I think now partners know the things we do direct – and it's just a couple of things – and they get it and they understand it. Everything else, we are going to leverage the channel. I think that's important. We had to put the bright line out there on what is our policy.

What were some of the specific changes you've made with your partner strategy?

Trust me, I've been beat up. I've met a lot of our partners and they didn’t like the ambiguity. I get that. It was ambiguous. We had a lot of deals going direct that our partners didn't like. So, we reined that in. It still took six months, but I knew we had to do it and we got it done.

I also thought our pricing was not priced for the channel. We are going to continue to always price appropriately for the channel. We will get better at that as time goes on … I've actually enjoyed meeting so many of the folks at the regional channel partners we have. They're entrepreneurs. I founded a company, so I sit with these folks and I get it: they're trying to build a business. We want to work better with them … We want to be helpful to make them successful.

Do you generally see partner perception of FireEye as being different than it was a year ago? It was pretty negative a year ago.

Anecdotally, I feel like it's getting better from a channel perspective. It can't be as bad as where it was. What I have noticed statistically is that we are going up and to the right in every meaningful statistic that would show that we are leveraging the channel appropriately. But, we can always do better. I still think it's early on. We're getting our trust back after 2014, 2015, and 2016 from when we had an ambiguous policy of when we worked with the channel and when we didn't. It was problematic. I think it will take time, but all indications over the last few quarters and every meaningful statistic is moving and trending in the right direction for us… It can only get better when you think about it from the partner perspective. They had no idea how to work with us. We were too inconsistent. With Bill Robbins on board – he is our new head of worldwide sales - I just have great confidence that we will execute with discipline the policies we have put in place. We will ... It takes time. We didn't earn the right to have magic happen overnight, but we are earning the right to have a more effective channel with better products, better prices, and a better policy. If we stick to it, that process will pay off over time.

What about Wall Street's perception? Is that improving?

I'm always amazed at how fast perception changes in 90 days. We have Wall Street, we have our channel, and we have customers. Customers love us – that's the good thing. The channel is getting better. I think in general if a company does what it says it's going to do, then Wall Street sentiments improve. That's what we have to keep doing as a company – we have to sell Wall Street what our numbers will be and then we have to do it … It amazes me how fast [sentiments] can change in either direction … Whenever you have a stock go from more than $90 down to single teens, you leave a trail of unhappy folks somewhere in the world. Now we just need time behind us and quarter after quarter performance … For now this company we had a miss in Q4 and in Q1 we did what we said we were going to do. We have to stack wins … If that doesn't work, I don't know how to change their sentiment. We just have to do what we say we are going to do, and over time they will see us as a good investment.

How have you seen the threat landscape around FireEye change in the past year?

Every modern nation is developing an offensive capability, and all of them are following different rules of engagement. It's weird right now. What I mean by that is Russia changed the rules of engagement and China did (but they were more beneficial to us as a company). But, I feel like in general, the activities in the cyberspace from the best actors in the world is escalating in a bad way. It's because they are state-sponsored attacks. On the threat side, most companies can prevent the automated attacks, and most companies have a challenge with the targeted attacks. I would tell you I just think they are getting less predictable after a 20-year run when we kind of knew the actors and where they were coming from. A quick example, Russia hacking and stealing documents and posting them online, that is a new rule of engagement … These rules of engagement are blurry, both from who the nations are targeting and what they do once they get in. That's the threat side. It's getting interesting. It's also getting more global – we'll be responding to more and more breaches internationally every year.

What about the market – how has the security market landscape changed around FireEye in the past year?

Back in 2014 valuations for cybersecurity companies were getting really high and the amount of capital getting poured into cybersecurity was astronomical, or at least large … There's also a whole bunch of companies that have cyber components to them that didn't use to have cyber components to them … My question is: how many companies can this market sustain? I'm pretty sure it's not 1,500-plus. There's going to be a lot of losers and a few winners. It's just a matter of when the compression starts. I think you will see consolidation… What makes it unique right now it's hard to read the compressions because these companies probably would have died by now if they didn't have over $100 million in funding. They're almost too big to fail for some of these investors … And then you have to wonder, how fast does it happen once it starts to happen? That's a tough one … I can feel the Wall Street fatigue in how do we pick the winners out of this big bucket right now.

What are the key goals on the roadmap in your second year as CEO?

Just keep developing Helix. We're taking a company from an on-premise sandboxing company to an off-premise security company. [Helix has] the dashboard to handle on-premise alerts, off-premise alerts, cloud-based alerts. The message I always like to tell everyone is we know more about what the bad guys are doing on the Internet than anybody. We're the fastest and best at determining if something is good or bad. We're going to bring that capability to you.

Because we're both product and services, I like the idea that with Helix – whether it's our partners or us – we will, in time, bring a platform to our buyers where there is a seamless connection to expertise when they need it… What does that mean? We're bringing together expertise with our technology.