Sign Up for Our Newsletter
* indicates required
Tribe of Hackers Dug Song

Tribe of Hackers Spotlight: Dug Song

Dug Song is the co-founder and CEO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud.

Duo protects more than 12,000 customers globally, including Dresser-Rand, Etsy, Facebook, K-Swiss, Random House, Yelp, Zillow, Paramount Pictures, and more. Founded in Michigan, Duo has offices in Ann Arbor and Detroit, as well as growing hubs in Austin, Texas; San Mateo, Calif., and London.

Prior to launching Duo, Dug spent seven years as founding Chief Security Architect at Arbor Networks, protecting 80 percent of the world’s Internet service providers, and helping to grow the company to $120M+ annual revenue before its acquisition by Danaher. Dug also built the first commercial network anomaly detection system, acquired by Check Point Software Technologies.

Dug’s contributions to the security community include popular projects on open source security, distributed file systems, and operating systems as well as co-founding the USENIX Workshop on Offensive Technologies.

Twitter: @dugsong


Don’t know what the Tribe of Hackers is? Check it out here!

What is your advice for career success when it comes to getting hired, climbing the corporate ladder, or starting a company in cybersecurity?

I don’t think success is very linear. Some people are born knowing exactly what they want to be in life and those people scare me. I have a friend who’s a public company CEO, and he said, “I knew I was going to be a public company CEO when I was eight,” and that’s… scary. I think there are many routes to the top, and it’s not just ladder-climbing. You can enter a field and find a profession and work your way up the levels; for some people, that works, but that’s not me. My interests growing up have been pretty broad—from skateboarding and graffiti to punk rock and hacking—but for me, it’s really the exploration. If you’re like me, you have the voracious appetite to experience the world from a bunch of different perspectives and incorporate that into your learning. Fundamentally, I just like to create, and I think that’s what creativity is. It’s not necessarily that you have some crazy, wild ideas no one’s ever seen before, but that you can draw from a background of many different ideas that you can combine. Many of my best ideas have simply been taking ideas from one domain and applying them to another.

It is kind of a path of rock climbing, not ladder climbing. You go sideways, you exercise different muscles. There are many paths to the top. We had an office manager who became one of our top-performing inside sales reps, who went on to become one of our top-performing recruiters, and now helps us throw corporate parties and then DJs them. Explore and try lots of things; there’s a very good chance you’ll find your way into some opportunity, and you can always pivot from there.


What is the best book or movie that can be used to illustrate cybersecurity challenges?

One is The Checklist Manifesto by Atul Gawande. It’s basically an explanation of why it’s so important to get basics right and why checklists do matter. In our industry, there’s a lot of folks saying compliance is just security by accountants, not real security. I think that’s wrong. Getting those basics right matters, and how you actually build operationally—the kind of discipline to make sure that the right things happen—is super important.

My second recommendation is also not about security but about the challenge of the hyper-connectedness of our systems and our world, and the kind of butterfly effect that arises from that: A Demon of Our Own Design by Richard Bookstaber. It’s actually about our financial collapse in the last decade, looking at the ways in which complex systems fail. A lot of it is simple. The warning lights, like at Three Mile Island, didn’t work, and then there’s a cascade of other lack in controls that leads quite literally to a nuclear meltdown. If you’re looking for examples of how security fails, it’s helpful to look at other disciplines.


What is a life hack that you’d like to share?

This isn’t so much of a life hack as it is a principle, but it does have quite a bit of bearing on how I conduct myself. My dad was a Buddhist monk, and it’s quite a long story of how he got to working at a liquor store. He tells me that reputation takes a lifetime to build, but it can go away in a second. The meaning of life, he said, is to live a life of meaning. What does that mean? A life of meaning is to have an impact and help others. At the end of the day, we’re not going to take it with us. No one has ambitions to die rich. What is the legacy that you’re going to leave behind? If you’re a good person and do right by others, the universe won’t let you starve. That’s how I conduct my life and career and the models of leadership that I have for myself, my company, and community.

I started something eight years ago called the Ann Arbor New Tech Meetup. It’s a startup showcase of five new companies presenting every month, so we’ve had hundreds of companies and thousands of founders. What makes this event great is not that you’ve met a lot of people, but that you’ve introduced a lot of people. Being useful is the greatest hack of all. People think of hacks as shortcuts, but I think of them as strategies. A good hack is an interesting strategy that people overlook, and sometimes the simplest things are standing right before us. I try to be useful and make sure that I’m doing the right things in life.

To read all of Dug’s answers, sign up for our email list on the right and be the first to know when Tribe of Hackers is released.

Check out some of our other Breach and Attack Simulation and cybersecurity content while you’re at it:

Threatcare creates Breach and Attack Simulation software for humans.