“I’m sitting at this desk by myself,” Wiacek said, “Gmail’s up, and I’m staring at the screen. I look around, and I’m just sitting there in a sea of empty desks. I thought to myself, ‘What have I gotten myself into?'”
He wasn’t truly alone, however. Wiacek had included VirusTotal, a small team based in Malaga, Spain, as part of his moonshot pitch.
The security company, created by cybersecurity developer Bernardo Quintero in 2004 and acquired by Google in 2012, runs a hugely popular file-and-URL-inspection service. The free-to-use platform is unique because it leverages more than 70 different antivirus scanners, including Symantec, Kaspersky and F-Secure, alongside various website-blacklisting services provided by Bitdefender, Yandex, Opera and others. “It’s like the Switzerland of malware research,” Wiacek said.
VirusTotal shares its aggregated findings with the user and all of its antivirus partners. That means everyone in the community is able to learn from one another and continuously improve their own systems. A premium service also allows approved customers, including independent cybersecurity professionals, to search for and access harmful file samples for research purposes. “I often will say that they’re the CDC or World Health Organization of malware,” Wiacek said. “In Atlanta, the Center for Disease Control has Ebola and smallpox in some cryogenic vault. VirusTotal has some of the world’s scariest malware in their repository.”
Wiacek knew that VirusTotal would be critical to his work at X. The company had a massive and constantly evolving data set for the team to test its search capabilities on. It also provided a unique perspective into what was happening beyond Google’s borders. “One of the greater advantages of having VirusTotal to collaborate with,” Naghibzadeh said, “was being able to open that aperture up and see the different threats and things that happen in the world more broadly.”
One month into his new job, Wiacek was introduced to Stephen Gillett, an executive in residence helping startups at Google Ventures (now known as GV). They immediately clicked. “The guy is like, openly genuine and caring,” Wiacek said, “And he’s not a tyrant. Or a ‘my way is the only way.’ He actually has a lot of humility. But he also has a lot of bold ambition.”
Gillett was a great fit for Wiacek’s yet-to-be-named X project. He studied political science at the University of Oregon while working part-time at Office Depot and later, after impressing a regular customer, a full-time help desk and networking job at a nearby hospital. After graduation, he held a number of high-level roles at CNET Networks, Yahoo, Starbucks and Best Buy, among others. Along the way, he learned a bunch about IT, infrastructure and cybersecurity.
In 2011, Gillett joined the board of directors at Symantec. He was later appointed COO and worked with the company as it split into two independent companies, focused on security and information management, in late 2014. The latter portion, named Veritas Technologies, was sold to the Carlyle Group in August 2015. “They were investing in a lot of the assets that were not related to cybersecurity,” Gillett said. “When we sold the majority of those assets to private equity in 2015, I left, as did much of the executive team, because [Symantec] was a different company focused on a much smaller part of the market.”
He was then asked by David Krane, the CEO and managing partner at GV, to join Google as a startup advisor. The former Symantec executive was about to turn 40, however, and have a seventh child with his wife. “I was kind of reluctant,” he said. “But they convinced me that I would get free food, I would get to ride the Google bike and I would also get to work with great entrepreneurs. And so I joined.”
“I’m looking under the tinted part of the conference-room glass saying, ‘I hope that’s not Astro.'”
He was paired up with roughly 30 companies and helped them with hiring, product decisions and other basic issues, such as how to negotiate a new office lease. Soon after, he was invited to meet the Alphabet leadership team, including Google CEO Sundar Pichai, the head of Google Fiber and Astro Teller, the jovial Captain of Moonshots at X. Gillett agreed to the meetings but knew he wasn’t interested in running a large company or department again. The meeting with Teller, however, changed everything.
“I wasn’t really trying to sell myself,” Gillett said. “So I didn’t do a lot of homework on him. I didn’t do a lot of research. Then I went down to the conference room on the first floor of our building, and I’m sitting in there, kind of waiting for Astro to walk in, and I see this guy coming toward me with rollerblades on and a ponytail in kind of a flannel T-shirt thing. I’m looking under the tinted part of the conference-room glass saying, ‘I hope that’s not Astro.'” It was Astro. The meeting was a great success, however, and by the end Gillett knew Teller was one of the smartest people he had ever met.
By January 2016, Gillett had joined Wiacek’s team inside X. “Then I wasn’t alone here anymore,” Wiacek said. “Eventually it was Shapor [Naghibzadeh], me and Stephen [Gillett], which was great. But then from there we said, ‘You know, how do we actually — what do we do next? Who do we hire? What’s our plan?'”
Life under X
The moonshot factory gave Wiacek, Gillett and Naghibzadeh the time to do some high-level thinking about the future of cybersecurity. They felt, unsurprisingly, that it would be software-based, unlike most X moonshots. The group also agreed that it would revolve around Alphabet and Google’s core strengths: huge amounts of data stored in well-protected data centers, paired with enormous computing power and smart analysis of logs.