SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Interview: How to grow a cybersecurity firm from the ground up
Thu, 26th Oct 2017
FYI, this story is more than a year old

Alastair Paterson is a defence contractor turned entrepreneur. He is the CEO and co-founder of Digital Shadows — a firm that manages digital risk “across the open, deep and dark-web for clients worldwide.

“The company developed out of a personal worry regarding the amount of information that was being shared online by individuals as social networks started really gaining traction back in 2009/10. Through conversations with James Chappell, who became my co-founder, I came to understand that this wasn't just about individuals and social media — it was the start of a new era where companies could no longer rely on everything being inside their networks.

As people moved to the cloud, mobile devices — and now the Internet of Things — managing cybersecurity risks outside the boundary becomes an absolute essential. It was at that point which we, perhaps naively, decided to quit our jobs and found a company.

Since its founding, Digital Shadows has raised $US49 million, expanded from London to the US and is now poised to enter the Asia PAC market. Its flagship product, SearchLight, provides organisations with real-time assessments of their digital risk through the monitoring of hundreds-of-millions of data sources across the ‘dark-web', crime forums and social media. MitchelLake's Robin Block sat down with Alastair to understand how he has managed to grow Digital Shadows, and gain insight into the future of cybersecurity.

How have you approached international expansion and growing the company?

Alistair: The demands of the job shift every 6 months. If you are going to lead a company through those changes, you have to grow with the company. I have found that the leader's journey is a lesson in humility. You essentially go around finding people who are better than you at everything you do and then get out of their way. My job is to keep things pointed in the right direction.

We always had one eye on the US. I think you have to accept that you will be limited in scope if you don't move into the US. We were fortunate in that we started being pulled there by clients with American teams — allowing us to gain referrals and market momentum. In general, we have followed our clients and the market. EMEA — mainland Europe and the Gulf states — have been natural expansion points from London.

Time-zone differences have been a challenge, and the introduction of APAC is essentially a third dimension. There is a limit to what you can do without a regional base, which is something we are currently assessing in APAC to further commit to the region. Early on, we focused on building the business to work in a distributed way. We invested in technologies like Zoom and good headsets, along with working practices that meant we could have remote teams. Importantly, we set up teams with cross territory management — that really breaks down the ‘us and them' mentality that can occur.

What is your vision for the business and what do you see as important for the development of the industry — how do Australia and the UK compared to the US?'

For me, this is simply a captivating industry to be a part of because it is such an important problem — I consider this to be one of the ‘issues of our time.' From a company perspective, we still have a lot of room to grow. Every company with more than a couple-hundred employees needs the services we offer.

My goal is to continue to grow and build a global security business. For me, there is no ‘end-game' really, no specific point at which I am going to feel like we have finished.   

Even now, companies struggle to get the basics right. If you are still getting firewalls installed and figuring out how to patch things — the bleeding edge services that we offer aren't going to be in your budget. However, I think it is becoming more and more of an imperative for companies to take cybersecurity seriously and engage in a sustained and holistic manner.

I think the key to industry development hinges on a serious commitment to cybersecurity from a more diverse range of businesses, and the growth of a vibrant and innovative start-up ecosystem that can deliver solutions. You can see differences in this regard when looking at different markets. For example, a lot of the top Australian banks are already quite mature from a security perspective. However, beyond that, it is a less mature market than the US and parts of Europe.

But the seriousness with which cybersecurity is being taken is great to see — the Australian market is developing quite quickly. I think the UK is really starting to get its act together with regards to the start-up ecosystem. They have prioritised VC money and have done quite well. For me, the biggest missing link in both the UK and Australia, when compared to the US, are the entrepreneurs who have done this before.

People that can advise and act as angel investors to help scale businesses. But, I think in both the markets, moves are being made in this regard. Seeing some of the entrepreneurs that have been successful in Silicon Valley come back to Australia is a very positive and exciting development.