FireEye’s David Merkel Talks Acquisitions & Cybersecurity

We recently shared a discussion with Vencore President and CEO Mac Curtis, where he discussed some of the intricacies of the integration process following a major acquisition. Last week, the ACG editorial team had the opportunity to sit down with FireEye’s Global Chief Technology Officer David Merkel to discuss FireEye’s recent acquisition of Mandiant, what may have sparked it, and the integration process.

Mr. Merkel will be the featured speaker at the upcoming ACG monthly meeting, where he’ll provide additional insight into the acquisition process, the Cybersecurity market, and its significance to the DC-Metro region. October is National Cybersecurity Awareness Month, making this conversation all the more relevant.

Here is what Mr. Merkel had to say:

CGCS: Can you tell our readers a little bit about your background and your current role within FireEye?

David Merkel: My background is all technology oriented; I received my degree in Computer Science. Actually, the Air Force paid for it. I was on an ROTC scholarship so I went into the military right after college. I spent my time in a military organization called OSI, The Office of Special Investigations; it’s like NCIS, except we didn’t get our own TV show.

I ended up doing computer crime because of my CS background, so I was doing forensics and chasing hackers in the late 90s. I also spent some time in industry, like AOL during the Dot-Com boom, building security teams and security technology. We started the Mandiant business for Kevin [Mandia] in the beginning of 2006 – Kevin and I had actually met in the Air Force – so he started Mandiant as a service company, which worked for the first two years, and when our team came on board we started the product arm of the business.

We grew that for eight years; this past December we were acquired by FireEye and, Dave DeWalt, our CEO, asked if I would stay on in the role as Global Chief Technology Officer, and here I am.

CGCS: Mandiant was recently acquired by FireEye, a fellow Cybersecurity provider. Why was the acquisition of Mandiant the logical, strategic next step for FireEye?

David Merkel: In looking at FireEye, the company had started to focus around a next-generation detection technology, but it was packaged in a point-product. It focused on their network detection. And so Dave came on board to take the company public and he looked at a couple of things.

The first thing he looked at was how to grow out the capability organically and start to cover more parts of the problem so that we have a broader reach. He then looked at what we’d need to acquire in order to really push this more complete solution and platform, and how do we differentiate and ensure we’re always ahead of the game in terms of the attackers changing and morphing what they do. What we don’t want to do is build what we would consider a next-generation technology today and have it become the anti-virus of tomorrow.

So looking at Mandiant, there were three primary things that were interesting; the first is that at the time, FireEye didn’t have an end-point product and Mandiant did, and though that product isn’t at the end-state where Dave wants to go, he has a vision for what a next-gen end-point capability should look like; it’s a great starting point when combined with the rest of FireEye’s technology. So the first point was to jumpstart the end-point game.

The second was services, and not services because Dave wanted to grow some giant services business – that’s not what FireEye is about – but Mandiant services were really focused on incident response and really doing all the next-gen breach work. So if there’s a serious headline somewhere, the likelihood of Mandiant being in the background dealing with that is exceptionally high, and that lets FireEye stay close to the breach, close to whatever’s happening next in the attacker space. There really wasn’t a FireEye services capability outside of product services, so there wasn’t any overlap.

The last thing was getting Mandiant’s intelligence. FireEye already had an impressive body of intelligence, but most of it is focused on detection, generated by the millions of virtual machines running in our products that we have deployed across the planet. But what Mandiant brought was strategic intelligence, more information about who the attackers are, how we attribute some of these attacks, and what their motivations are. It’s the same kind of intelligence and intelligence team that wrote the APT1 Report that Mandiant published last year. So though FireEye had intelligence, Mandiant’s was different.

Overall it’s a great combination to accelerate the innovation and the growth of both companies by combining the teams.

CGCS: Big mergers and acquisitions such as this one generally go through a brief period of transition and integration. How has that experience been like?

David Merkel: I’ve had my chance to witness a fair number of acquisitions during my time at AOL (where AOL was doing the acquiring) and I have to say that I’m finding the experience of being acquired to have gone pretty well. There’s always the tactical headaches that you’re going to have when combining business systems and connecting networks and getting the sales teams aligned, but you expect all that.

The strategic integration has been really good. Because we didn’t have a lot of overlap – even though we were focused on a similar problem space – things fit together reasonably well, and FireEye has managed to retain a lot of the Mandiant leadership staff; Kevin Mandia is the COO and I’ve moved into the CTO role. We haven’t lost any of our key operational executives from the Mandiant side as part of the acquisition, so I say it’s gone reasonably well.

We actually recently announced some offerings that I think really highlight where we are in the integration, which we’re really almost through, and we’re starting to deliver the value of the Mandiant acquisition through the FireEye product platform. We announced an enhancement to our intelligence offering where we’re now starting to deliver some of that rich Mandiant context down through our products directly. We also announced FireEye as a Service, where we took some of that Mandiant managed service component and we’ve really blown that out across the entire FireEye product line. Maybe you love FireEye technology and capabilities but you really need a service provider to deliver that, well FireEye can do that across the whole portfolio, either on our own, together with our customers, or in conjunction with an existing security provider.

So it’s really exciting stuff, and it’s the culmination of – I hate to use the word digesting, but I will for now – digesting the acquisition and getting all the pieces aligned so that they come to market in a way that makes sense.

CGCS: With cyber threats reaching an all-time high, Cybersecurity has never been more important. What kind of growth opportunities does that create in the DC-Metro area?

David Merkel: It’s an interesting question. Growing technology companies on the East Coast is always challenging when you look at the ecosystem. However, there are certain types of technology and services companies that are very well suited to the East Coast, DC in particular, and Cybersecurity is one of them. And the reason for it is that, one, there’s so much national interest in Cybersecurity so there’s great opportunities to partner with government and solving some national-level issues, there are a lot of opportunities around that to get funding and to start a business.

There’s also such a large amount of cyber-oriented talent in the area that allows you to tap into some of the brightest minds in security. There continues to be a really strong opportunity for new security players in this space. FireEye, speaking to our own experiences, we’ve acquired Mandiant, and we’re not trying to dismantle the Mandiant operation and move West; we’re keeping it so the entire Mandiant engineering team is here in the Washington DC-Metro area. The nucleus of the services business is in the DC-Metro area. The nucleus of our FireEye as a Service offering is in the DC-Metro area, and none of that is changing. In fact, in all of these areas we’ve increased hiring and are expanding capacity, not trying to transition away from the geography.

So we see enough opportunity that we’re doubling down on our investment.  I think there’s definitely continued opportunity here for the next Mandiant, FireEye or SourceFire or you name it, to get its roots on this coast.

To hear more from David Merkel, click HERE to register for the upcoming monthly meeting.