General security

Interview: Darren Guccione, Co-founder of Keeper Security

June 19, 2015 by

Darren-Guccione-CEO-&-Co-founderDarren is the co-inventor of Keeper Security and started the company with extensive experience in product design, engineering and development. At Keeper, Darren leads product vision, global strategy, customer experience and business development.

Darren is regularly featured as a mobile- and cyber-security expert in major media outlets including CBS Evening News, Fox & Friends, USA Today, ABC Chicago and Mashable.

1. What were your reasons for co-founding Keeper Security in 2011 and why should prospective customers go with your company over your rivals?

My co-founder, Craig Lurey, and I founded Keeper in 2008 on a 40 hour plane flight to China. We knew the iPhone 3G was coming out and the App Store was debuting, but nobody had a password manager app out there for the mobile space. We believed that the world was moving towards mobile, so we built the app with mobile domination in mind, while our competitors were concentrating on desktops and computers.

Prospective customers should go with Keeper over our rivals for the following reasons.

  1. Keeper is the most secure product in the market today. As a zero-knowledge security provider, only YOU have the ability to access your information. We utilize 256-bit AES Encryption and are SOC-2 certified. Unlike our competition, we provide a transparent explanation of our security to all users. Here is the link:
  2. Most password management applications only provide users the ability to store just that, passwords. Keeper is a comprehensive digital vault that allows users to attach sensitive files, photos and videos in addition to passwords. Users can take pictures of their passports, tax returns and social security cards and store these documents in their vault and none of those photos will reside on the device's camera roll.
  3. Keeper is the only product that has been vetted and pre-loaded by major mobile carriers around the globe. AT&T selected Keeper as the only password manager to be pre-loaded on all of their Android and Windows devices.
  4. 2. Your company provides mobile security software for smartphones, tablets and PCs. What are some of the negative consequences that can arise if companies fail to take advantage of such technology?

    Companies that fail to take advantage of such technology run the risk of employees getting hacked. If so, sensitive company data that is stored on their device could be breached. The negative consequence could involve major financial and reputation repercussions for the company. It is estimated that cyber-attacks cost companies $400 billion every year. In a Bring Your Own Device (BYOD) business culture, employees need secure access to websites and mobile applications from a wide range of platforms.

    3. In your opinion, are companies generally aware of the extent of the cyber security threats that they face constantly?

    Unfortunately, no. SMB's think only large enterprises are at risk and that is simply not true. In fact, companies with 250 or fewer employees accounted for 31% of cyber-attacks last year.

    The biggest cause of data-security problems is human error. Of 139 incidents in 2014, in which the cause could be identified, 36 percent of the problems were the result of employee negligence. Since this is the case, why aren't more companies enforcing good password hygiene and cyber-security training of employees?

    4. How has the cyber security landscape changed since Keeper Security was founded?

    I think the shift has gone from a focus on convenience to a focus on security. We are in the midst of a "cyber-war" where the winners are prepared and are pro-active about mitigating risk and the losers close the stable door after the horse has bolted.

    Good password hygiene has become more difficult to achieve for businesses as the amount of passwords required to live in today's world has increased exponentially and password fatigue has set in. Many individuals use the same password for all of their accounts or utilize weak passwords that can easily be hacked. According to the results of a new study carried out by TeleSign, over 60% of adults don't follow safe-use guidelines and continue to use the same passwords over and over again. The most common reasons why were the inability to remember multiple passwords, the fact that they get asked to change their passwords far too often or in many cases just pure laziness.

    This attitude has alarmed stakeholders at all levels of enterprise. We continue to see more and more interest in cyber-security and companies looking for solutions to protect their sensitive data. With the increase in cyber-hacking and identity theft in today's world, it seems like there is a report of a new hack every week. For this reason the industry has grown exponentially in the past 5 years and will continue to grow. The cyber security market is estimated to grow from $95.60 billion in 2014 to $155.74 billion by 2019.

    5. What makes Keeper Security different from other companies that you've co-founded over the years such as Callpod and OnlyWire?

    When my partner and I started Keeper, we knew very little about cybersecurity. There wasn't a password management application on Smartphones. It was a massive, under-served market that would ultimately become the fastest growing company in our tenure as entrepreneurs.

    6. On your LinkedIn profile, you describe yourself as, among other things, a serial inventor. What would you say is your most important invention to date and why?

    All of our inventions are important because each of them serve a unique purpose. I believe that "invention" is the result of acting upon the feeling that something about life is either wrong or missing.

    7. What sorts of hard and soft skills do you require as CEO of Keeper Security?

    The passion and desire to connect design and humanity is really important. I strive for perfection with every product I work on - whether it's hardware or software doesn't really matter. People have to want to use a product and for that to happen, it should be elegant, fluid, graceful and friction-less. From a business perspective, starting a business is really hard but starting a tech company is much harder. This is because technology, on its own, is often complex. When you can take a complex technology like encryption for example, and make it really easy to use and understand, then you've done something special.

    Education and technical proficiency is very important but at the end of the day, it sits far back from positive energy, determination and a willingness to prevail and proceed no matter how tough the challenges are. Most people that I know, who have tried to make the leap from a comfortable job into entrepreneurship, haven't made it - not because they weren't smart enough. They were geniuses. They just couldn't deal with the constant pain and uncertainty that you go through when you are building a company - it's a constant uphill battle that requires a different frame of mind and behavior than most people are used to. It's an uncomfortable way to live but for me, that's where I find my comfort. I couldn't go through life any other way.

    8. In terms of your job, what is the greatest source of satisfaction and what is the greatest source of frustration?

    There are lots of satisfying things about my job. First, I enjoy working with positive-spirited, smart, creative and constructive people. Second, it's rewarding when you meet someone for the first time and they say "Hey, I'm a Keeper user - I love it!" The biggest downer in business is being around negative people - I don't like negative energy. It's averse to what life is all about and is destructive to a company. We are very focused on hiring great people who have a passion for their profession and are interested in becoming part of something that is both disruptive and amazing for the cybersecurity industry.

    9. What sorts of mistakes do companies make that can put them in danger on the cyber security front?

    Here are some questions your company should be able to answer to mitigate danger on the cyber-security front.

    1. Has the cloud provider implemented ISMS (Information Security Management System)? And if so, does that security management system follow a well-known specification or framework (i.e. SSAE16/SOC, ISO 27001, etc).
    2. Are they SOC certified? What other certifications have they obtained (HIPAA, PCI, etc)?
    3. Is my data encrypted? If so, how are the encryption keys managed and who has access to them?
    4. Is my data backed-up regularly offsite? If so, are the backups encrypted? How long are the backups kept and who has access to the encryption keys for the backups?
    5. Do you have a Disaster Recovery Plan in place?
    6. Do you have a password manager and ongoing training of employees for compliance in place?
    7. Can your cloud service continue to operate after the loss of a single data center or availability zone?
    8. Do you implement encryption on network links between physical data centers?
    9. Does your cloud provider have Service Level Agreements? What is their history of meeting SLAs?
    10. 10. How can companies develop a corporate culture that includes cyber security awareness?

      Corporate culture comes from the top and trickles down to various departments. There needs to be buy-in from every department in the company including finance, legal, and HR to work as a team to develop cyber-security strategies and policies. These strategies should include not only technological approaches, such as stronger firewalls and the adoption of a password manager, but also ongoing employee training to prevent human error.

      It is imperative that employees understand the risk their company faces and the financial and reputational havoc a data breach can wreak. Once this risk is understood and education is put in place to develop a strong security posture for the entire company, then a culture of cyber-security awareness should start to blossom.

      About Keeper Security

      Keeper Security, Inc. is the creator of Keeper, the world's most downloaded password manager and digital vault. Founded in 2009 by CEO Darren Guccione and CTO Craig Lurey, Keeper Security is a privately-held company that is based in Chicago, Illinois with engineering offices in El Dorado Hills, California. Keeper is SOC certified and utilizes world-class encryption to safeguard its users. Keeper is available on all major Smartphones, Tablets and Computers – covering iPhone, iPad, Android, Mac, PC, BlackBerry, Kindle, and Windows Phone. For more information, visit