Shadow IT vs. Innovation: Lessons from a Cybersecurity CIO with Brad Pollard, CIO at Tenable

Brad Pollard on Punk Rock Startups, the Art of Saying Yes, and the Mentors Who Shaped a Career

Brad Pollard, CIO, Tenable | Interviewed by Luke Alie of Atolio

Brad Pollard is the CIO of Tenable, a publicly traded cybersecurity company. He describes his path as going from punk rock musician trying to get his band a website in 1995 to an IT career spanning small ISPs, Sourcefire (acquired by Cisco for 3 billion dollars), and Tenable, where he joined pre-IPO and helped grow the company from 400 to 1,500 people. He talks about startup culture, the art of saying yes to innovation instead of no, and the mentors who fundamentally changed how he worked and led.

From Punk Rock to IT: An Accidental Career That Stuck

Luke Alie (LA):  Tell me a bit about your background and how you arrived at Tenable.

Brad Pollard (BP):  I got into technology trying to be a musician in 1995. I was trying to get my band on the World Wide Web, which was a new thing, and started learning to build websites. I ended up working for a small ISP called ClarkNet, which was deaf-owned and based in a barn with sheep outside. I learned American Sign Language, Solaris, Cisco IOS, Perl. It was like going to college all over again for something entirely different. And I fell in love with startup culture because it reminded me of a punk rock band: no rules, building things that had never been built before, surrounded by really smart people.

From there I joined Sourcefire, an intrusion detection company, as around the 17th person hired. I stayed 12 years. By the time Cisco acquired us for three billion dollars, we were 1,500 people. Two years at Cisco, then I found Tenable. We were about 400 people when I joined, pre-IPO. Now we're publicly traded, have had three acquisitions, and are around 1,500 people globally.

Cowboys and Governance: How IT Can Enable Innovation Instead of Killing It

LA:  You've worked in fast-moving startup cultures as a CIO. What are the drawbacks of that culture and how do you work with it?

BP:  The thing that makes startup culture go can also be a problem. In any startup there is entrepreneurial spirit. As a governance function, I call that cowboys. And cowboys can cause problems. But the way you engage them is not to be binary about it. The answer is always yes, let's figure out how to make it work.

When you say no outright to a smart person who wants to try something, all you do is inspire shadow IT. They go do it anyway, and that doesn't scale. Instead, say yes and partner with them on building a solution. They get skin in the game. They help find budget. They talk through the rules. They see everything involved. And you get a much better work product as a result.

People perceive IT and governance bodies as red tape, as something that slows innovation rather than enables it. My job is to change that perception by saying: let's do a pilot. Let's have InfoSec review it. Let's do it through single sign-on. Let's put enough guardrails on it that you're not accidentally spinning up an AWS bucket with a wide-open network and copying data into it. I want innovators out there working with a net, not without one. That's not restriction. That's protection.

Identifying Good Startup Bones

LA:  You've mentioned the 'good bones' of a startup. What does that mean to you?

BP:  First: does technology leadership actually believe in what they are building? Do they think it solves a real problem and why? That passion is easy to detect. Second: what's the energy in the office or on video calls? Do people seem excited to be there? Are they proud to work at this company? All of that traces back to founders. If leadership is not excited, individual contributors will not be either.

I have seen startups whose entire culture was organized around an exit. They were asking about how to get out before they had fully committed to building something worth getting out of. I knew what good bones looked like because I had seen it twice. ClarkNet DNA and Sourcefire DNA. Those were organizations built by people who genuinely wanted to do something, build something well, and make working fun. When you're in that environment it's inspiring and it makes every hard day worth it.

Two Mentors Who Changed the Course of a Career

LA:  What role has mentorship played in your career?

BP:  Larry Abernathy at Sourcefire changed me. I was 27 or 28, convinced I was very smart, and writing long emails to explain to people why they were wrong. Larry sat me down and said: we all know you're smart, nobody cares, just get stuff done. I had never really looked at myself from the outside like that. Within a year of that conversation I went from being someone no one wanted to work with to being a director. Five years later I was a VP. That redirection changed everything about how I worked with people.

John Burris, the second CEO of Sourcefire, was the other. He would pull me into his office and rubber-duck problems with me. One day he stopped and said: the person with the least words has the most power. After that I paid intense attention to him in meetings. He'd sit through long discussions and then just say yes or no, one word, and the room would settle. During a board meeting I tried it. The chairman was asking me questions. I said yes and sat back. John was sitting next to me. He made a big smile and put two M&Ms in my hand, then took one back and said: one M&M is good, not two. That's the kind of mentorship you can't pay for.

LA:  Brad, thank you so much for talking with me today.

BP:  When I met you guys I really liked your vibe. Having a conversation like this reminds me how much I've genuinely enjoyed this career. Watching founders' dreams come true and being part of companies like these has been a lot of fun.