Frank Wang is a Ph.D student at MIT’s Computer Science and Artificial Intelligence Laboratory, known as CSAIL, one of the world’s most important centers of information technology research. His graduate work is focused on building secure systems in the PDOS group, where his research interests lie at the intersection of systems, cryptography, and web applications. [pdf download]

Topics: Helping PhD Students & Early Stage Startups, Startup Personality in the Boston Area, The Importance of Collaboration in Starting Up, Cybersecurity Startup Trends to Look Out For

Helping PhD Students and Early Stage Startups

ACSC: Frank, as you complete your PhD program at MIT, you’ve also been running Cybersecurity Factory for three years as an accelerator supporting early stage cybersecurity startups. Tell us a little about the Cybersecurity Factory.

FW: Our mission at Cybersecurity Factory is to empower new entrepreneurs to tackle the difficult and ever-changing challenges in the cybersecurity industry. We initially started it with the intention of providing the necessary resources for PhD students to bootstrap their cybersecurity startup, namely capital, some venture help, and access to a network of executives in the cybersecurity industry for mentorship. However, we realized the need for our program now extends past universities and PhD students. We are focused on helping early-stage cybersecurity startups find customers, extend their network, and work on business development to find product-market fit. We believe there are not enough dedicated cybersecurity resources to help early-stage cybersecurity companies succeed, especially on the East coast.

Cybersecurity Factory is a 10-week summer program in collaboration with Highland Capital and support from Latham & Watkins, Comerica, and numerous security companies. We provide office space, a $35k investment, and most importantly mentorship from top cybersecurity executives.

Where does your passion come from to guide startups while still learning and growing yourself?

I grew up in Silicon Valley, so I was always excited about startups. However, when I was doing my undergraduate at Stanford, I had the time to help startups, so I promised myself that when I started my PhD program I would focus more on that. I came to Boston, got involved in the startup community, and then slowly received demand for help from many startups. Helping these startups, I realized that I had a strong impact on the trajectory of those companies, which were the center of many people's livelihood. It's really exciting to be going on a journey with a passionate founder. A lot of the founder's passion "rubs off" on you.

Usually, these companies are trying to disrupt very established security disciplines, so it's always a learning and growing experience to dive deep into an area with a founder. A lot of it is really similar to research done in a PhD. Many say that the process doesn't get easier, but you just get better at handling the ups and downs. However, I always enjoy finding answers to questions that others don't know how to answer.

Beyond funding, what do you see as the critical success factors to starting a company? What are you looking for in the companies that are accepted by the Cybersecurity Factory?

People. This is constantly overlooked in many early-stage investment decisions. Companies change really fast in the early stages, so the product and ideas don't matter as much. However, the question is always whether the founder has the ability to hire and handle failure as well as success. Also, do you think there is a good founder - area expertise fit? I would say most failures at early stage always start as "people problems" or a founder just not understanding the intricacies in a space. For my program, I start finding companies as early as the summer before.

Startup Personality in the Boston Area

What are your thoughts on the startup ecosystem in Boston? How does funding and growing a business in the Boston market compare to other regions like New York, D.C. and San Francisco?

I think it would be wrong to dismiss the vibrant startup ecosystem in San Francisco, but I think other regions are definitely working hard to play catch-up. Boston has a great ecosystem in my opinion because you have the talent from universities, and a large number of top companies on the enterprise side, such as GE, Akamai, Rapid7, LogMeIn, etc. who have a lot of executive talent. NYC is also great on this front. There is a lot of activity, and they are close to customers.

However, the reason that Cybersecurity Factory has been so successful and popular as a program is that there is really not enough pre-seed/seed funding, especially in security. That's an area that I've heavily focused on and hoping will change. Because of the lack of early funding, you see many fewer first-time entrepreneurs start companies, which is unfortunate. However, I do think this can change with more early-stage funding opportunities. Investors should consider spending more time on the East coast, in my opinion.

What are the benefits to starting a business in Massachusetts? Is there anything we as a community can do better?

Easily, the cost of living and access to talent make starting a business awesome in Massachusetts. That's why some security entrepreneurs spend their whole lives in Boston. However, we don't quite have the vibrant community that other places do, and again, the early stage funding is almost non-existent. Also, the elephant in the room is the non-competes. I think almost all top executives at tech companies agree that we need to get rid of those.

The Importance of Collaboration in Starting Up

You’ve stated that the underlying philosophy of your research is that breaches and hacks have become inevitable, and the goal of secure systems should be to minimize information leakage when these breaches occur. How do you see academia and industry working together to strengthen infrastructures and reduce the impact of such breaches?

Right now, I think there aren't enough industry-academic collaborations. They kind of talk past each other. Academia is really good at doing R&D and training talent. Industry is really good at taking products to market. Since each side is good at different things, there is a lot of room for collaborations and synergies. To start, I think just having more conversations and a constant dialogue can ensure that both sides are working on the most relevant problems. Both sides can benefit greatly, and slowly, these collaborations will mature. We've seen this happen in other fields such as AI, machine learning, and computer vision. 

As someone who has his foot in both doors, I've been doing quite a bit to encourage these collaborations because they can be mutually beneficial.

What role in this collaboration do you feel local, state and Federal government have? What role do private investors have?

The government can create policies to encourage economic development. Private investors are good at growing companies that innovate. Government should focus on creating and supporting innovation-friendly policies that encourage collaborations between industry and academia. Private investors can contribute their expertise to help build these collaborative ecosystems, using their domain expertise to help guide these collaborations.

Cybersecurity Startup Trends to Look Out For

In running the MIT security seminar, you’re regularly hosting some of the industry’s top minds as they look ahead to securing the infrastructure of tomorrow. What are some of the more interesting trends you’ve discussed this year, and what key takeaways do you have to share with ACSC members?

First and foremost is blockchain innovations. We need more funding and interest to support the hype around blockchains and how systems can be secured by blockchains. People are interested but there is so much going on as people are still trying to figure out what can we really do with BitCoin and blockchains. The market is inevitable, but still so nascent that everyone is just speculating, and it’s very important to have this discussion and collaborate together.

Another area that’s really interesting to watch is secure computation. We all have a lot of data stored somewhere in a big data center, and it’s going to get breached. So how do we ensure very little information is being stored on the server, or can be leaked from a breach?

This leads to another side, people are thinking more broadly about their data, and about handling/sharing of data. It’s not just stored by one company but data is shared often for fraud prevention and business related activity. How is the privacy of the user being ensured and is it being properly handled as we increasingly gather and share more data?

You also have an interest in building practical, secure systems. What new challenges are introduced by Internet-of-Things (IoT) and other embedded devices as we enable and link intelligent devices to operate within these secure systems?

The problem with the IoT market is that people are building these devices without considering security in the first place. That’s fine, because it’s how new markets emerge. They have very proprietary hardware and no unified network. Until we see a more unified platform in the IoT market, centered around the market-driving players and users, it may not be possible for security companies to secure more than the critical systems leveraging IoT.