Christopher Harrell is the CTO of Yubico, a cybersecurity company that creates USB authenticator keys for securing access to IT systems and online services.
Founded in Sweden in 2007, Yubico now has offices located in seven countries.
Harrell has more than two decades experience in cybersecurity, with previous roles as director of security engineering at Yahoo and managing information security at Apple. In his role as Yubico CTO, Harrell oversees the company’s technology strategy to help protect individuals’ identities online and businesses protect their assets.
In this Q&A, the 40th in our weekly series, Harrell discusses balancing security and privacy, shares his tips for spotting disruptive technologies and reveals why Dan Boneh is his tech hero.
Rob Scammell: Tell us a bit about yourself – how did you end up in your current role?
Christopher Harrell: I grew up as an only child in the countryside, fortunate to have parents who worked hard and pushed me to explore everything I was interested in. We saved up for a computer and I became obsessed by the intricacies of how it worked, how to modify it, and later, by the idea of them connecting and changing the world.
While computers and networking enabled so many things, they also introduced new challenges, and all but erased the concept of distance in the reach of communications and in the possibility of committing a crime.
How well do you really know your competitors?
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
My obsession grew to include the impacts of technology on the world, and I’ve been privileged to have people in my personal and professional circles who have enabled, challenged, and supported me as I’ve focused on solving problems in that space.
Yubico’s founders and I both care deeply about these issues, so once we discovered one another it was obvious we should work together.
What’s the most important thing happening in your field at the moment?
There are a couple of things I’ve been thinking about the most. The first is how we can use technology to help solve the problem of people tricked into taking actions they wouldn’t otherwise take, but while maintaining their privacy. This is why we worked so hard on the WebAuthn and FIDO protocols. Attacks like phishing, vishing, smishing, and similar attacks can wreak havoc and cause significant damage.
The second is the impact of ubiquitously available, instant global communications on humanity at large. There’s been a lot of study in this space recently, but I think it will be a while before we fully understand the impact, and identify approaches that enable society and justice to scale with the technology.
Which emerging technology do you think holds the most promise once it matures?
Definitely machine learning and artificial intelligence. This is another area where we’re seeing all kinds of benefits from early work, but the potential is enormous. I think that if we can realise that potential, the benefits to society could be like nothing we’ve seen before.
There are also monumental challenges associated with building, deploying, and depending on these systems, and in how to make sure they aren’t codifying the worst parts of humanity or overlooking the best parts.
We’ve got a long way to go before this comes to fruition, and it’s going to be an interesting journey.
How do you separate hype from disruptor?
Without being hands-on, it’s really tough. Companies, of course, want to put their best foot forward and most even believe what they’re saying. Separating fact from fiction, let alone useful versus disruptive, is no small task.
For some things, my colleagues and I roll our sleeves up and think hard about the problem, how to measure what we think matters, and evaluate a solution ourselves. For other things, we cultivate relationships with experts we trust who do the same and take the time to understand if what matters to them matters to us.
A large part of my job is developing an understanding of and empathy for the problems the companies we work with are facing, so I get a lot of great information there, too. When you hear something surprising, or hear the same thing a few times, you start digging and can sometimes find a gem.
What’s the best bit of advice you’ve been given?
Early on it was simply, “Keep going. You don’t fail unless you give up.” Struggling, failing, and adjusting is how you learn, persevere, and accomplish great things. This powered so much of my technical growth, and still does.
Later, it was about people. I was absolutely terrible at the soft side of things for a very, very long time. I‘ve been lucky to have colleagues who helped me despite that huge gap, and to have a partner who is probably the most empathic person I’ve ever met.
I was helped a lot from so many by feedback and learning from mistakes in this space, but a particular inspiration was an employee who embodied the concept of “seek first to understand, then to be understood.” The satisfaction and alignment that consistently resulted on both sides was amazing, and it still guides my actions regularly.
Where did your interest in tech come from?
I’m not sure exactly. I’ve been taking things apart and putting them back together for as long as I can remember. My parents liked to tell the story of when I was still in diapers and wanted to go outside despite the rain pouring down. They said no, but later found I had unscrewed the strong closing cylinder on the screen door so I could go out anyway, and they figured if I wanted outside that badly that they could deal with a damp child.
So, maybe it’s some combination of early encouragement of my innate curiosity, and the idea that there is value in understanding and being able to shape the systems we surround ourselves with. It’s allowed me to have a fulfilling career, and to help many people, so I’m grateful for whatever it was!
What does a typical day look like for you?
My days vary a lot. I typically have time dedicated to technology exploration, internally focused real-time communication with people, writing and sharing, and engaging externally to understand what our customers and partners are doing and what challenges they’re facing.
What do you do to relax?
I listen to a lot of music – almost every genre you can think of. I also like to explore the city (any city, really), and to be near and feel the vastness of the ocean.
When time allows, I like to help my friends and neighbours fix or build things, and to escape the city and go look at the stars. Meteor showers are particularly fulfilling!
Who is your tech hero?
This is embarrassing, but I don’t think I can name just one. I’m constantly inspired by so many great minds and people of action in so many technical fields!
If you pushed me, I’d probably say Dan Boneh. He’s brilliant, and kind, and so incredibly, infectiously passionate about technology and cryptography. He can also explain anything to anyone, and seems so happy to help people learn something new even if he’s taught it a thousand times. To top it all off, he finds the application and impact of technology to be as important as the research, and takes the time to make sure that can happen.
What’s the biggest technological challenge facing humanity?
I honestly think it’s ourselves. Knowing when to put technology into a position of power over systems or people isn’t something we’ve been wonderful at so far. Sometimes that power is direct and obvious, and sometimes it is very subtle. With AI creating systems we aren’t able to understand, the problem magnifies.
It will be fascinating to see how we evolve our approaches and ways of thinking to better benefit from these systems without sacrificing our humanity. My sincere hope is that we can find ways technology can help us institutionalise kindness.
Read more: CTO Talk: Q&A with Texthelp’s Ryan Graham