Bill Croutch on Cybersecurity & the Fortune 100

Listen & Subscribe to this Podcast | Read & Download the Transcribed Episode

***To Download the PDF Transcript, click here*** (Look in the top right corner and click on the three dots to download.)

I interviewed Bill Croutch | General Counsel of Optiv on Friday, August 16th, 2019.

Bill shared the variety of cybersecurity services that Optiv provides to the Fortune 100 and 1000. He predicted what’s to come in 5-10 years for cybersecurity threats. We discussed GDPR and privacy concerns for the US. He also shared advice for legal executives as they protect vulnerable information from breaches. We discussed his leadership style and what he looks for in hiring a new attorney. We discussed the value a corporate legal department should bring. We discussed how he chose to be a lawyer, his family life, and his epic boat story. We wrapped up the conversation with his recommended fictional books.

Here are some highlights of my interview with Bill Croutch:

In 5-10 years, I think there are going to be more hackers, many of which will be hacking from their bedrooms. We will see domestic hacking in addition to the Russias, Syrias, and Irans of the world.

You computerize anything nowadays and there’s a chance that somebody can break into it.

Law firms can have the most sensitive information about a company, so a breach would cause a great deal of concern for General Counsels.

One of the biggest adjustments of going in-house is that you aren’t around lawyers all the time.

I did not plan on becoming a lawyer. I thought a law degree would enhance my resume and make me more attractive from a business perspective. Little did I know I would fall in love with the law.

If you have comments, recommendations, etc. please send them to Podcast@findthelions.com
If you haven’t already, please leave a review on iTunes.

Links referred to in this episode:

Bi ll Croutch | LinkedIn Profile

Optiv and Their Story

Bill Croutch featured by Vanguard Magazine

The Fifth Domain: Defending our Country, our Companies, and Ourselves in the Age of Cyber Threats

**Robert Jordan | Wheel of Time series**

**James Corey | The Expanse series**

Subscribe to the Podcast

iTunes | Stitcher | Google Play | YouTube | iHeartRadio

Audio Transcription

To Download the PDF Transcript, click here. (Look in the top right corner and click on the three dots to download.)
Greetings friends, this is Chris Batz, your host of the Law Firm Leadership podcast. In today’s episode, I spoke with the general counsel of a little, quiet company known as the 800-pound gorilla in cybersecurity. Glean from his legal career and laugh with us as he shares his boat story. You will not want to miss it.
Just a reminder, the PDF transcript of this audio is available to download. Go to LionGroupRecruiting.com/podcast.
As many of you know, we interview corporate defense, law firm leaders, partners, general counsel, and legal consultants. You are listening to episode thirty-four of the Law Firm Leadership podcast.
Chris: Welcome to the Law Firm Leadership podcast. I’m your host, Chris Batz with the Lion Group. Today I have the pleasure of speaking with Bill Croutch, general counsel of Optiv. Bill began his legal career in private practice at a Kansas City business boutique with the intention of going in-house. It was not long before he was serving in legal roles for well-known Kansas City brands and employers, which include the global Seaboard Corporation and Euronet. His foray into the cybersecurity industry began with joining the legal team of FishNet. After the merger of Accuvant in 2015, FishNet became Optiv and Bill became the EVP, General Counsel, Board Secretary, and Chief Privacy Officer. Bill received his law degree from Drake University Law School and a bachelor’s from Arizona State University. Welcome, Bill, to the Law Firm Leadership podcast. It’s great to have you on the show.
Bill: Thanks, Chris. Great to be here. Look forward to speaking with you.

Cybersecurity is Evolving

Chris: Bill, do my audience a favor and explain what Optiv is.
Bill: Optiv is the largest global cybersecurity provider in the world. It provides a number of solutions as it relates to breaches. We resell technology and we also provide services. We go in and do an incident response. We do penetration testing.
Chris: Optiv’s customers represent a large portion of the Fortune 100 and the Fortune 1,000, correct?
Bill: We represent around 85% of the Fortune 100 and around 70% of the Fortune 1,000.
Chris: Explain to my customers how cybersecurity has evolved and where it’s headed, Bill.
Bill: I’ve been working at Optiv and in cybersecurity for about ten years. In my first five years or so, it was all about technology – who could buy the fanciest new product that would solve all their problems. I noticed a shift about four or five years ago, where our customers said, “We don’t want to keep spending money on technology. Every year it seems like I have to spend another $100,000 on a new program or a new software package. My budgets are being capped out.”
Customers came to us and said, “We want a better solution. We want you to take a more holistic view and show us more value,” so our services business became more important even while our resell business remained important. We’ve seen a shift from just providing technology to providing more of a holistic services approach.
Chris: What services does Optiv provide?
Bill: We do what we call Plan, Build, and Run. We plan. We can do your entire protection right upfront. We build it. We can have people onsite to actually build the programs that protect your company from the hackers. As you’ve seen, especially with Russia lately, hackers have become more prevalent. It’s become more of a trophy to announce and brag about. We help companies maintain their system. We have programs that monitor a company’s systems and we’re informed when there are issues. We go and follow up on those issues.
We try to provide the entire package. We’re the only company that does the whole thing, so we can provide a customer with a number of solutions. We have 300 or 400 different partners that we can look at to figure out what specifically is the best solution for a particular company. For example, what Apple needs can be quite a bit different than what a U-Haul would need.

Cybersecurity in 5-10 Years

Chris: Bill, what do you think cybersecurity will look like 5-10 years from now?
Bill: Russia will take a more active part. If you look at what’s going on right now with as Russia tries to influence our social media. Where are we going to be in five years? I think there are going to be more hackers. I think people are going to be doing more hacking from their bedrooms. I think we will see domestic hacking in addition to the Russias, Syrias, and Irans of the world. We see individuals that brag and feel confident that they can break into systems. I think that’s going to continue and get worse. It’s going to be difficult for companies that don’t have solutions in place and are ready for it to protect themselves.
Chris: I’m a NPR (National Public Radio) listener and I recently heard an interview of an author that wrote the book The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats. One of the conclusions he has in the book is a push on Federal Hill to have a single cybersecurity solution to protect voting systems for local governments. Do you have any opinions about the vulnerability of local governments from a national perspective?
Bill: As it relates to what’s going on right now in Russia, it would be great to have a single solution. I don’t know if we’re going to have one that will adequately protect all our systems. In some ways, counting ballots manually is the safest way of doing it. You computerize anything nowadays and there’s a chance that somebody can break into it.
Chris: From a global perspective, who else is innovating in the cybersecurity space?
Bill: We do have a global aspect of Optiv. We are in the UK, Canada, India, and are looking at other areas to expand in. Global cybersecurity is handled differently than it is in the United States. It’s more segmented overseas and in Europe. It’s smaller mom/pop companies that manage it. From Optiv’s perspective, it’s tougher to break into those markets.

GDPR, Insurance, & Advice for Legal Executives

Chris: I welcome your thoughts on the EU taking leadership and rolling out GDPR to protect their people. Do you see the US stepping up for privacy in the US?
Bill: The US is stepping up. GDPR is a good thing. We have a big practice in our own company that is GDPR oriented. We have a number of specialists that do nothing but GDPR. I also have an attorney who specializes in GDPR compliance and she spends a lot of her day handling our GDPR compliance as it relates to contracts and things of that nature. I think the United States government could do more from a privacy perspective. We see people more concerned every day about their privacy. The United States is doing a lot, but it could do more.
Chris: Bill, how does insurance play a part in the business model of Optiv and/or cybersecurity in the United States?
Bill: A lot of companies we work with would like Optiv to be their insurance company. In essence, we are insuring them from any breaches going forward. Although we provide solutions, we’re not an insurance company. Insurance companies provide insurance. I managed the entire insurance portfolio for Optiv and we went through that insurance renewal process. Part of that was cybersecurity.
It’s the most expensive insurance that you can potentially buy nowadays because it could be catastrophic if a company is breached (millions and millions of dollars, loss of business, lost profits, etc.). I don’t know even how affordable that type of insurance is for companies. That’s why, quite frankly, companies use Optiv. One of the great things about Optiv is that we’re in the business of cybersecurity. We’re also in the business of protecting ourselves. I’m happy to say that we have not been breached.
Chris: What advice would you give legal executives of law firms and legal departments around cybersecurity?
Bill: Obviously, don’t get breached. Law firms can have the most sensitive information about a particular company. If there is a breach, it would cause a great deal of concern to the general counsels over what information was seen by that hacker.
We have a number of clients that are law firms. Law firms, dare I say, were slow to react to the initial breaches of five-ten years ago. They are certainly caught up now. Some of the law firms that I work with are more protected than a lot of the companies that I’m aware of. Many law firms have their own CISOs (Chief Information and Security Officer) now and their own IT department.

Leadership & Hiring

Chris: How do you approach leadership in running your legal department?
Bill: I’m hands-off. I have 12 people that work for me, 6 are attorneys and 6 are paralegals. I like to think I have a happy team. I believe in my team and have their back. I lead by example. When it comes to work ethic and time, I’m there all the time. I believe work hard, play hard, meaning my team is extremely busy at quarter-end. Companies in my line of business tend to be busy at quarter-end, especially later in the year. When that’s over, if people want to take time off, I allow it. I certainly don’t watch people’s schedules. I take an active interest in each of my team members as I want to make sure they’re engaged, happy, and they like the culture of Optiv. That’s important to me.
Chris: What do you look for when you’re hiring attorneys for your team and what advice would you give those considering leaving private practice to go in-house?
Bill: The first thing I look for is their prior experience. I want them to have a few years of law firm experience. You’ve got to cut your teeth at a law firm before you go in-house. I hire a varied type of lawyer, not just a corporate lawyer or generalist. I like them to be go-getters. When I interview somebody, I look for somebody that has a lot of energy, is excited about the practice of law, and excited about going in-house.
Working in-house is quite a bit different than working at a law firm and there is an adjustment. In most cases, it’s a good adjustment that people look forward to. You don’t have billable hours or the pressure to pound the pavement and find clients.
One of the biggest adjustments is you aren’t around lawyers all the time. One of the great things about private practice was being surrounded by lawyers. I’d go walk around and talk to people with different perspectives, experiences, and specialties. When you go in-house, you become your own expert. You have to know the company and love the industry. I look for those things when I interview somebody. Quite frankly, within the first 10 – 15 minutes I know if I like somebody or not.

Value of a Legal Department

Chris: How would you define the value that a legal department brings?
Bill: It is a bit of a pet peeve of mine. When I was younger, the general perception was that legal departments were necessary evils, if you even had one. Things would slow down in a legal department, and it was perceived to bottleneck. It is an absolute issue with me because I believe that a legal department is one of the single most important departments of a company. There are a number of ways a legal department can add value to a company, but one of the biggest is partnering with your other departments. My team partners with sales and services.
My team doesn’t just review contracts. They don’t just take a contract, review it, redline it and give it back. We actually get involved with the customer, the client. We negotiate directly with the customer and try to understand their business. We work with the business partner to get the deal done. That partnership is extremely important.
The individual, Jacquelyn Wayne, who runs my contracts department, does a great job and so does the entire contracts team to turn around contracts in a relatively short period of time – could be just a couple of days. We get about 500-600 contracts a month here, so that’s really important.
Some CEOs generally think, “Okay, I’ll get a lawyer when we have a claim and when we’re sued.” In my opinion, that’s the latest you get a lawyer involved. You should be getting somebody involved early. We have an issue with one of our clients and it’s not really a bad issue, but it’s a dispute. Instead of waiting for it to escalate to a claim or a demand letter, I involved somebody from my team to see if we can work something out. Get involved. Find out what’s wrong. Find out what the miscommunication was and see if we can come to a good resolution. The goal is to keep the customer happy, keep the business and fix the issue before it gets to a demand letter.
It’s difficult to show value from a financial perspective when you run a legal department. That’s one of the frustrating things. I can’t show revenue. I don’t bill our time. Unfortunately, we’re that dreaded cost-center. There are so many intangibles that a legal department can provide a company to show value. Some of those areas I’ve shared with you. There are many others.

Choosing Law School

Chris: Bill, what led you to become an attorney?
Bill: It’s kind of interesting. I graduated with a finance degree at Arizona State. In my last year of college, my dad had a job ready for me at Intel. I did not want to follow my father to Intel. I wanted to do something on my own, so I thought, okay, there’s medical school, there’s an MBA, and there’s law school. Medical school was out as I wasn’t into science. It was either an MBA or a law degree. I chose a law degree.
I did not plan on becoming a lawyer. I thought a law degree would enhance my resume and make me more attractive from a business perspective.
Little did I know that while in law school, I would fall in love with the law. I would call myself an average college student, but in law school, I did really well. I tend to be a very competitive person and law school is extremely competitive. I went to Drake University, which is a private school. They teach the Socratic Method, which is a very intense way of going to law school. I loved it.

The Boat Story & Family Fun

Chris: Bill, let’s talk about the family. You’re married and you have two kids. Is that correct?
Bill: I have a son, Jared, who is 19 and starting his second year at Kansas University. I have a daughter, 11, who just started sixth grade at Harmony Middle School.
Chris: What does your wife do?
Bill: She works at the Midwest Research Institute. She is a scientist there. She is what they call a section manager. She’s got more degrees than I do. I believe she has a Ph.D. in toxicology, and a Masters in biology or biochemistry.
Chris: Tell us what you guys do for fun in the summer.
Bill: We have a condo down at the Lake of the Ozarks. We’ve had it for a couple of years now. It allows us to get out of town. At home, it’s normal for everyone to be on their iPads or iPhones and we don’t spend as much time as I would want as a family. When we go down to the lake, we’re focused on each other. We all go down there and we actually communicate.
Actually, we have a boat and try to go out on the boat. My claim to fame is I’ve only been down there two years and I’ve sunk two boats in that time. I had the boat that I brought with me down there and I found a way to sink that. Shortly thereafter, I bought a bigger boat thinking the size of the boat is why I sunk the first one. Well, apparently there’s no correlation to stupidity as it relates to managing a boat and I found a way to sink the second boat about six months later. I do not have a third boat and I have no plans on buying a third boat.

When Tragedy Strikes

Chris: Bill, let’s transition to something you shared with me today about a recent shooting in Kansas City. Can you elaborate?
Bill: Unfortunately, a 25-year-old girl named Erin was shot at The Crossroads. She was a neighbor for a number of years since we moved into the neighborhood. She’s got a wonderful family. It’s been very devastating for the neighborhood.
I tend to be conservative and conservative on my gun rights, but when you have incidents that hit very close to home, it tends to change your opinions. It’s a tragic and horrible event. It impacted my entire neighborhood. If there’s anything good that’s come out of it, it’s the fact that I didn’t realize how great it was to live in Kansas, specifically in Johnson County and in my neighborhood. We’ve been extremely supportive of the family, and I’ve been really proud to be part of that.

Ep: 34 Bill Croutch on Cybersecurity & the Fortune 100