Story image

Interview: How to grow a cybersecurity firm from the ground up

26 Oct 2017

Alastair Paterson is a defence contractor turned entrepreneur. He is the CEO and co-founder of Digital Shadows — a firm that manages digital risk “across the open, deep and dark-web for clients worldwide.”

“The company developed out of a personal worry regarding the amount of information that was being shared online by individuals as social networks started really gaining traction back in 2009/10. Through conversations with James Chappell, who became my co-founder, I came to understand that this wasn’t just about individuals and social media — it was the start of a new era where companies could no longer rely on everything being inside their networks.

As people moved to the cloud, mobile devices — and now the Internet of Things — managing cybersecurity risks outside the boundary becomes an absolute essential. It was at that point which we, perhaps naively, decided to quit our jobs and found a company.”

Since its founding, Digital Shadows has raised $US49 million, expanded from London to the US and is now poised to enter the Asia PAC market. Its flagship product, SearchLight, provides organisations with real-time assessments of their digital risk through the monitoring of hundreds-of-millions of data sources across the ‘dark-web’, crime forums and social media. MitchelLake’s Robin Block sat down with Alastair to understand how he has managed to grow Digital Shadows, and gain insight into the future of cybersecurity.

How have you approached international expansion and growing the company?

Alistair: The demands of the job shift every 6 months. If you are going to lead a company through those changes, you have to grow with the company. I have found that the leader's journey is a lesson in humility. You essentially go around finding people who are better than you at everything you do and then get out of their way. My job is to keep things pointed in the right direction.  

We always had one eye on the US. I think you have to accept that you will be limited in scope if you don’t move into the US. We were fortunate in that we started being pulled there by clients with American teams — allowing us to gain referrals and market momentum. In general, we have followed our clients and the market. EMEA — mainland Europe and the Gulf states — have been natural expansion points from London.

Time-zone differences have been a challenge, and the introduction of APAC is essentially a third dimension. There is a limit to what you can do without a regional base, which is something we are currently assessing in APAC to further commit to the region. Early on, we focused on building the business to work in a distributed way. We invested in technologies like Zoom and good headsets, along with working practices that meant we could have remote teams. Importantly, we set up teams with cross territory management — that really breaks down the ‘us and them’ mentality that can occur.

What is your vision for the business and what do you see as important for the development of the industry — how do Australia and the UK compared to the US?’

For me, this is simply a captivating industry to be a part of because it is such an important problem — I consider this to be one of the ‘issues of our time.’ From a company perspective, we still have a lot of room to grow. Every company with more than a couple-hundred employees needs the services we offer.

My goal is to continue to grow and build a global security business. For me, there is no ‘end-game’ really, no specific point at which I am going to feel like we have finished.    

Even now, companies struggle to get the basics right. If you are still getting firewalls installed and figuring out how to patch things — the bleeding edge services that we offer aren’t going to be in your budget. However, I think it is becoming more and more of an imperative for companies to take cybersecurity seriously and engage in a sustained and holistic manner.

I think the key to industry development hinges on a serious commitment to cybersecurity from a more diverse range of businesses, and the growth of a vibrant and innovative start-up ecosystem that can deliver solutions. You can see differences in this regard when looking at different markets. For example, a lot of the top Australian banks are already quite mature from a security perspective. However, beyond that, it is a less mature market than the US and parts of Europe.

But the seriousness with which cybersecurity is being taken is great to see — the Australian market is developing quite quickly. I think the UK is really starting to get its act together with regards to the start-up ecosystem. They have prioritised VC money and have done quite well. For me, the biggest missing link in both the UK and Australia, when compared to the US, are the entrepreneurs who have done this before.

People that can advise and act as angel investors to help scale businesses. But, I think in both the markets, moves are being made in this regard. Seeing some of the entrepreneurs that have been successful in Silicon Valley come back to Australia is a very positive and exciting development.  

Article by Robin Block, MitchelLake.

Aerohive launches guide to cloud-managed network access control
NAC for Dummies teaches the key aspects of network access control within enterprise IT networks and how you can secure all devices on the network.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
emt Distribution adds risk intelligence vendor
Flashpoint has signed emt Distribution to provide channel partners in Oceania and South East Asia a solution for illicit threat actor communities.
CrowdStrike: Improving network security with cloud computing solutions
Australian spending on public cloud services is expected to reach $6.5 billion this year according to Gartner
Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.