Ning Wang, CEO at Offensive Security (OffSec), joined the company with a mandate to transform the business model into a subscription-based learning platform.
We recently spoke about her path to becoming a CEO and about OffSec’s “secret sauce” in the cybersecurity training world.
This interview has been edited and condensed for clarity.
Karen Walker: Ning, you have a unique background for a CEO. What was your path?
Ning Wang: I grew up in China and earned my undergraduate degree in physics there, so early on I was in a male dominated field. Then I came to the United States and earned a Ph.D. in physics. After that, I finally asked, “What is my passion?” It took me four or five years to figure it out.
As part of that search, I switched my career from academia to business and went to McKinsey. I realized there that I love building products and I love working with teams. I knew that one day I wanted to run or start a company.
With that long-term vague goal in mind, everywhere I went it was always with the question, “What can I learn that will help me run or start a company one day?” I didn’t manage my career, so to speak, I just wanted to learn it all. McKinsey was like being paid to be at a business school. I learned so much, the people I met there are still a large part of my network today.
I also worked at a series of six start-ups, where I make mistakes and I learned how to make a business work. Lynda.com (now LinkedIn Learning) was my third start-up, and I learned so much as CFO/COO. We completely revamped our learning management system, making it extendable and flexible so we could scale and then we entered into the B2B space.
I joined Lynda in 2008, a time when we were self-funded and trying to navigate the financial crash, so I’m very proud of our success. We made it because the brand and the product were so good. I also learned the about the business of a SaaS organization.
Walker: SaaS is a beautiful thing from the financial side. What else is important to you as a first-time CEO?
Wang: As CFO/COO at HackerOne, I met my mentor and friend Martin Mickos, who was then the CEO. I saw the impact that a great leader can have in a company. He’s a big fan of Peter Drucker’s theories – put the company first, own your communications, run productive meetings and the respect the power of culture in a company.
At OffSec, the employees were very kind to me, saying “ You’re not really like a CEO when I talk to you.” In the beginning, I didn’t see that as a compliment and thought it was something that I should work on. But they said, “No. You aren’t arrogant. You don’t come across as believing you are more important than us.” That’s what gave me the courage to be authentic and vulnerable in this role. That combination has served me very well.
Walker: OffSec is described as cybersecurity education as a service, created by a community. What does that mean?
Wang: OffSec started in 2006. The founders realized there were many cybersecurity trainings and, after what was usually a multiple choice exam, the students received a certification. But after graduation, they weren’t able to do the work as well as they wanted.
Our goal is to train a person to be a problem solver and a critical thinker, because in cybersecurity most situations that you see are not identical. They’re part of a landscape that is always changing. While the ability to think creatively, practically and critically is very important, it’s very hard to train and develop those skills. So we developed a set of “labs,” basically networks with machines in them. Those machines have vulnerabilities built in. And we say to the students, “Go find them.” We don’t tell them where or what kind of vulnerabilities there are.
This is hands-on training using real world examples. Our labs, machines and networks are really our differentiator and are an essential part of how we built our reputation. Today we are the industry gold standard. Our lab has over 70 machines, multiple networks and our exam is 24 hours long.
We recently launched a subscription service for people who embrace the continuous learning mentality. It’s how you become good-better-best in cybersecurity. We coined the “Try Harder” mindset. That mindset is one of the many analogies between scientists and good security people.
Walker: What’s next for OffSec?
Wang: There’s a tremendous shortage of talent in cybersecurity. Our vision is to be the world’s leading continuous cybersecurity workforce development and education place. We want to have our content and developer delivery platform utilized by universities, trainers, bootcamps, enterprises and governments. This is where they can source, nurture, rescale and upscale their talent.
Walker: It’s clear you have a passion and talent for the work that you do. The tagline for my consulting business is “up and to the right,” because that’s the place we always want to be on a two by two matrix. Was there a moment when you knew that your career was moving in that direction?
Wang: Yes, it was when I discovered my passion. Figure out your passion and follow your passion. Don’t let anyone else define who you are. Especially as a woman, there’s always the question of family and career. You can have it all, you just cannot have it all at the same time.
You make trade-offs at different stages of your life. In my case, I balanced work with my kids and my family. Now that they’re grown, I can do things I couldn’t do earlier. Dare to dream, leverage your mentors and go for it!