Founders Spotlight: Smoothies with Ed Bellis and Jeff Heuer 

Since the news broke about Cisco’s acquisition of Kenna Security in May, many more eyes shifted in our company’s direction. Naturally, we’ve piqued the interest of a lot of folks who want to know more about the company that laid the first bricks of the risk-based vulnerability management (RBVM) market more than a decade ago—and the people behind it. So today, we’re shining our “employee spotlight” on two individuals who can tell you all you need to know about Kenna’s story: our founders, Ed Bellis and Jeff Heuer. 

Q: What was your vision when you first helped create Kenna?

Ed: When I was the CISO at Orbitz, we were buried in noise from our vulnerability scanners and assessment tools. There were a lot of results coming that were false positives, some were duplicates, some were important, but many were not. We had a team of people dedicated to combing through the results in order to get the important ones fixed. This took a lot of time and effort. After speaking with a range of other people, it became clear to me that this problem was not unique to us.

My vision was to automate this process using a data-driven approach. One focused on actual risk and not blindly on severities without context. It was clear organizations didn’t have the resources to fix everything, but it was also pretty clear they didn’t have to. There were a lot of open questions that needed to be solved, like what data could be used to feed and build these models, but I very much felt this was a solvable problem.

Q: What aspect of Cisco’s acquisition of Kenna makes you most proud?

Jeff: I’m most proud of the hard work by the incredible team we assembled to get us here. Creating a new product category and getting a new company off the ground is really challenging work, and most companies fail when trying to do this. I feel lucky we’ve been an exception to that trend. And it’s just not possible unless you have a really small team that brings a really diverse set of skills to bear on the problem—and really working hard at it. It took a decade of concerted effort to get us here. No one person can do that. It takes a village, and we were able to assemble the right village to let us reach this milestone. 

I’ll add that we have a lot of people who joined us really early in their careers and have really grown since that time. Some folks were quite green when they first started at Kenna, but because of the types of responsibilities you get at startups, they were exposed to a lot. It’s been especially gratifying to see people grow into their careers. 

Ed: I view this as a big positive shift for the industry. I remember participating in early groups like Metricon and now SIRA, where viewing these practices through a lens of risk was only being done by a select few. I think this acquisition is a big step forward for all the quants, and I am incredibly proud to be a part of it. 

Q: What’s the most important lesson you’ve learned during your journey with Kenna so far? 

Jeff: The biggest theme has to be humility. Ed and I certainly came to this space with a distinct vision about the problem we wanted to solve and how companies might be able to protect themselves more effectively. But there is so much learning along the way. You have to keep validating the vision, talking to real prospects, customers, and even course correct if what you’re building doesn’t exactly match what the customer wants to see. 

By their nature, startups are always resource-constrained. The constraint may be money, time, recruiting, brand exposure, or often all of the above. That means you, as a founder, have a long list of things you wish you could do better but just can’t. That dynamic is really humbling—being aware of what you could be doing better but not always being equipped to pursue it. The silver lining is that this forces you to prioritize and prevents you from focusing on too many things. Avoiding distractions is critical, especially for early-stage startups. 

Q: What does the acquisition say about the urgency of RBVM? 

Ed: I view this as clear validation of a market that didn’t exist when we started. It’s fantastic that so many organizations are now using a risk-based approach to vulnerability management. I am excited to be able to bring RBVM to the scale of Cisco’s customer base. I am confident this quantitative approach is going “mainstream.”

Q: If you had to describe the Kenna family in three words, what three words would you choose?

Jeff: Committed: It takes a lot of effort and a lot of heart to make a difference in a startup environment—much different from an ordinary 9-to-5 job. We’re also in a complicated space, and many people on the team didn’t come to us from security backgrounds. Even just understanding the lay of the land—the players, the customer pain points, and where we fit into the dynamic—takes a lot of homework. I really respect everyone getting up to speed on what I know isn’t a simple discipline. 

Collaborative: It takes so many different skill sets to have succeeded in the way we have. On the product side, developing a new web-based product requires engineering, product design, QA, support, etc. Then you have to start thinking about your go-to-market strategy to figure out how people will learn about your product and come to understand its unique benefits and value. So many different skill sets are required to do this effectively, and the collaboration between these skill sets has been critical to our success.

Fun: I can’t do the math on how many hours I’ve spent on Kenna so far, but it’s certainly been a major chunk of my career. And truth be told, I’m not willing to devote that much of my life to anything if I’m not having fun along the way. I’m very grateful for the more lighthearted dimensions of our culture, and all of the personal interactions which have made it fun along the way.

Q: What has been the best part of leading the Kenna team?

Ed: Hands down, working with the people. We’ve always put an emphasis on finding smart but humble people with a bias towards action. I love working with this team and always have.

Q: What advice do you give start-ups with acquisition dreams?

Jeff: A caution: It’s a mistake to focus too much on the exit. It can really bias the choices you make and distort your thinking in an unproductive way. We spent very little time over Kenna’s history thinking explicitly about what the exit might be. It makes sense to understand the industry landscape and a thesis about how it might evolve—the interests and motivations for different players. But we always focused first and foremost on creating the most value for our customers. And if you do that well, interesting exit opportunities will emerge organically. 

Q: How did you end up in this line of work?

Ed: Like most, by accident. I started my career at CSC in systems administration on Unix systems like DGUX, HPUX, AIX, and a few mid-range AS400’s. From there I worked my way into a development role via customer support at first debugging PICK Basic applications. It was around that time that I was introduced to the web and started doing some development for a supplier network to the Big 3 automotive companies. This included building out some early single sign-on and authorization systems for all suppliers. 

That was when I first started to get interested in security. I ultimately joined a joint venture between Sprint and E&Y where I focused exclusively on security building out web and mobile applications. And the rest, as they say, is history.

Q: Did you always know you’d be an entrepreneur?

Jeff: My orientation has always been towards the near future: “what could exist, but doesn’t yet?” Working to bring new things to life doesn’t always require becoming an entrepreneur, but does very often lead down that path. I suppose I do have “founder’s DNA” in that respect. I had been an entrepreneur before graduate school and I really thought I’d work for a larger organization coming out of school. But come graduation, the emerging possibilities being created by new technologies proved too big of a lure, which led to Ed and I first brainstorming a new venture.

I have an intensely interdisciplinary background—I studied computer science and economics, and I have strong interests in product design, information visualization, data science, etc. Being familiar with all of those different disciplines (even before entering the security space) gives me superpowers on a founding team where, by necessity, you are wearing many hats. That’s just the nature of the beast in the early stages. I love being able to sit at the boundaries of those disciplines because it’s where the most exciting innovation happens. 

Being part of a high-growth startup is such an incredible education—probably the best business education, honestly. And I say that having done a traditional MBA myself. You learn so much where the rubber meets the road at a startup. 

Q: If you weren’t doing this as a career, what would you do?

Ed: Either professional baseball player, skater, or surfer. Needless to say, my talent level in each of those will keep me in the tech industry for a while.

Q: Who is one person that influenced your professional life? 

Jeff: I’ll go back two decades ago to my very first boss, a creative director that I worked for while building products for the early web. We were using the best technical tools we had to deliver information and insights to users (pretty rudimentary by modern standards—this was the mid-to-late 90s), but his own background in sign painting and hand lettering for storefronts brought a real artisan’s eye, and hand, to the work we did. Seeing that unity between art and technology to achieve your ends inspired me. That theme broadly has been the key to my whole career—bringing design to bear on unique data sets in order to unlock new insights for people. 

Q: If you were planning a heist, who would be in your crew?

Ed: I think we have already established a pretty good crew here at Kenna. I may recruit a couple of my kids if there’s a need to get into small places.

Q: Favorite Kenna Slack channel?

Jeff: I’ve probably created many of our Slack channels myself, so they’re all my children in some sense. Fun fact: We were early Slack customers when it was still in alpha; I had been a fan of Stewart Butterfield back to his work on Flickr and even earlier web projects. Not many companies have used Slack longer or more than we have, and the profusion of Slack channels at Kenna speaks to that. 

We have had so many great channels evolve over the years, for example #kudos. It’s a great place to celebrate one another, and we have this culture of the “++” with Kennabot to add your name to the list of support for someone’s achievements. I also love #kennacookbook, where people share their latest conquests in the kitchen. But if I am forced to pick just one favorite, it would have to be #music. Going back to the theme of having fun with your team, that channel shows a great sense of camaraderie and sharing. And it’s exposed me to some really great music I wouldn’t have otherwise found. 

And the most important question of all…

Q: Shakes or malts? 

Ed: Shakes. Malts are the worst.

Jeff: Team Malts all the way! It’s a nostalgia thing for me. When I was young, my parents made my siblings and me take swim lessons on Saturday mornings, which we didn’t love. Afterward, as a consolation prize, my dad would make us malted vanilla milkshakes (blended Whoppers added to vanilla ice cream and milk).