Welcome to our series — How did you get that job? — where we run interviews with interesting people about their work and how they came to be doing it.
Trent Adams is PayPal’s head of ecosystem security, the company’s frontline fighter against phishing, spoofed emails, and the big-picture problems that come with running a billion-dollar payments systems. Along the way, he’s worked for the New England Patriots, run a search-engine startup, and played a central role in some of the most important standards on the web.
Russell Brandom: So how did you start out?
Trent Adams: I got my degree in astrophysics. I was always interesting in math and science and those kinds of things. I also had a concentration in film, so when I left there I hooked up with the television industry and ended up with the New England Patriots. They wanted to do this new thing called video on the internet.
"At the time, online video was incredibly tiny."
This was back in 1998, well before YouTube or anything like it. At the time, online video was incredibly tiny and the frame rate was horrendously slow. We were using a homegrown java app. I knew that big stadium shots just weren't going to play on streams of that size, so I redesigned the show specifically around the limitations of the medium. It was really a human interest show. It was about the players and about what they do off the field and on the field. A lot of interviews. It became reasonably successful, and it was not only the first of its kind but the longest running, because it's still running today.
How did you move from internet video to PayPal security?
By 2007, we had really scaled up, and I started to think bigger. There was so much media being produced that the problem became how do you get to the media? That was the "a-ha moment" I had. I pitched the idea to the Krafts [owners of the New England Patriots], and they funded a startup with me called MatchMine. The concept there was to programmatically identify your tastes and interests in media, and then turn around and match those interests to content that exists on the internet somewhere, kind of like a meta-search engine. As part of that, I realized that your personal tastes and interests are very personal to you, and then I started working into the internet standards space around identity and privacy. Security started falling in there too, because if you have personally identifiable metadata floating around, you need to secure it, you need the system to respect privacy.
"I was able to speak tech geek as well as business speak."
I spent a lot of time with the various organizations and specs like Liberty Alliance and the data portability project. I worked with the early versions of OpenID, OAuth, and just sort of grew a reputation for myself as being a technologist that can collaborate and build working relationships and working groups to tackle hard problems. I was able to speak tech geek as well as business speak with regulators. I was able to sit in the middle of all these conversations and thread them together. It's been kind of the undercurrent of my entire career, meeting people and bringing disparate groups of people together and tackling hard problems.
After Matchmine, my startup, ran out of money, as these things have a tendency to do, I started doing the same work for the Internet Society, which is what runs the IETF [Internet Engineering Task Force]. And Paypal saw that I had this ability to work these crazy ideas through incredibly disparate communities and brought me on board to do essentially the same things for them.
So what is your day-to-day like?
I'm director of ecosystem security within Paypal, and we define ecosystem security as the holistic nature of the interplay between interoperable systems. These are the problems that need to be solved for PayPal to be secure across the internet, and we know that we cannot solve them by ourselves. So we have a team that I run, and we are focused on solving the big problems.
"You plan for the future and build toward it."
As an example, I was one of the founders of the DMARC specification that authenticates email. We did that because we had to figure out a way to authenticate emails so that when you got an email that looked like it was from PayPal in your inbox, your mail receiver would be able to authenticate that it was in fact from PayPal. And so we had to come up with this technology. We knew we needed it. And so we seeded it out in the community, worked with some partners to develop it, and deployed it. We do that again and again. We're working on one right now called FIDO for biometrics.
What kind of work does that require from you?
Essentially I live five years in advance. I'm projecting essentially the next few steps out and planning for them as opposed to reacting to what's going on today. You plan for the future and build toward it.
It's much more about relationships than it is about anything else. Because you can have the best technology on the planet, the most secure, fastest protocol, and it really isn't going to matter at all if you don't have the right organizations deploying it, if you don't have the right environment to support it, and you don't have the right people involved developing it, advocating for it, and otherwise making sure that everyone's pulling in the same direction. You'll see time and again a standard be developed and just fall by the wayside. And people can look at it and say, "That was an amazing technology, how did that not go the distance?" And when you unpack that question, it turns out the answer has a lot to do with the relationships.
What do you think drew you to standards groups?
What's fascinating to me about most of these technologies is how few people actually worked on them. There are 2 billion people across the planet relying on these specs that really just a handful of people developed.
It seems like it's such an ordered world, but at the end of the day, if you kind of unpack it, it turns out that it's an incredibly chaotic world when you're developing these standards, and to see the processes unfold is incredibly instructive about human nature.
This interview has been condensed and edited for clarity.