Exclusive: Offensive Security Names New CEO; Former No. 2 at HackerOne, Lynda

January 15, 2019, 6:03 PM UTC
ning wang offensive security ceo
Ning Wang is the new CEO of Offensive Security, a company that trains hackers. She used to run finance and operations at tech firms such as HackerOne, Eucalyptus (now part of HPE), and Lynda (now part of Microsoft's LinkedIn).
Courtesy of Ning Wang

Ning Wang is the new chief executive officer of Offensive Security, a cybersecurity training business best known for its popular certification programs which teach technical skills to hackers and test their chops. The company is also known for developing Kali Linux, an open source toolset used by penetration testers the world over.

“We feel very fortunate to have Ning on board,” wrote Mati Aharoni, Offensive Security’s cofounder, in an email to Fortune. Aharoni, who bootstrapped the business in 2006 with his wife Iris, said he was wowed by Wang and her “perfect technical and operational background.”

Wang, who holds a Ph.D in physics from the University of California, Berkeley, began her career at the consulting firm McKinsey & Company as part of the same class as Facebook’s Sheryl Sandberg in the 1990s. She later rose to a variety of c-suite roles at multiple technology companies, including finance and operations chief of Lynda.com (now known as Microsoft’s LinkedIn Learning); chief finance officer of Eucalyptus, a cloud software-maker (now owned by HPE); and most recently as second-in-command of HackerOne, a bug bounty startup.

Wang joined Offensive Security as an independent board director in September after the company took its first venture capital investment from Spectrum Equity, a Boston-based firm. The terms of the deal were not disclosed.

On Jan. 3, Wang replaced Joe Steinbach, the company’s former CEO of four years, who ran the business out of the Philippines. He departed in October to consult and advise startups.

Hacking talent

Expertise is unevenly distributed within the information security industry, Wang told Fortune on a call. In the three years she spent at HackerOne, Wang discerned an extensive skills gap.

“A few of the top hackers make a majority of the contributions or bounties,” she said. “People are looking for qualified professionals.”

Corporations are indeed hungry for hacking talent. CyberSeek, a job-tracking project sponsored by an education initiative within the U.S. Department of Commerce, estimates the current number of unfilled cybersecurity jobs at greater than 300,000.

Perhaps ironically, Offensive Security had the exact opposite problem. Already replete with hacking talent and set on training the next generation of computer crackers, what the company needed was business savvy, said Jim O’Gorman, the company’s chief strategy officer.

O’Gorman, who joined Offensive Security after becoming enamored with its products as an early user, explains that this desire to get ahead was part of the rationale behind the company seeking outside investment.

“Everyone in the organization was security nerds—we didn’t really have a business background whatsoever,” O’Gorman said of the early days. When growth “hit a plateau,” he said, it became “obvious” the team needed new and different talent.

The folks at Spectrum courted Offensive Security’s founders for a full year before investing in the fall. Adam Margolin, the Spectrum investor who led the deal, said the “biggest hump” was getting the team “comfortable with us as the right long term partner.”

He said Wang was their “wish-list CEO candidate.”

Track record

Now that Wang is in charge, she has her sights set on expansion.

Offensive Security has already managed to attract big customers—including Cisco, Wells Fargo, Booz Allen Hamilton, and some defense-related U.S. government agencies—on the basis of reputation alone. The company built its following through word-of-mouth and in-person training sessions at the annual Black Hat hacker conference in Las Vegas.

Wang said she plans to develop subscriptions and a continuing education business while keeping core components of the brand, like the pen-tester toolset Kali, free. One of her top priorities will be to create more business-to-business offerings, a product line she built out to great success at Lynda.com.

During her tenure at Lynda.com, she took the business to $100 million in revenue run rate from $20 million in three years, she said. (It’s this achievement that put her on the radar of Spectrum, a Lynda.com backer, in the first place.)

Since then, Wang has helped Mårten Mickos, CEO of HackerOne and former CEO of Eucalyptus, build two companies. In her most recent stint at HackerOne, she helped the company grow revenues by an order of magnitude, she said.

Mickos told Fortune in an email that Wang “was instrumental” in terms of nailing a business model. “She has been preparing to be a CEO for some time,” he said, “and here came the perfect opportunity.”