Hello Steve, please tell us about your journey from being a WebSphere Software Engineer at IBM to becoming Co-Founder and CEO at HackNotice.
I’ve always had a passion for Security and startups, which has driven my career from the beginning. I joined IBM to work on the Apache project, testing their SSL protocol. From there, I joined the IBM Extreme Blue startup program, which moved me to Austin, Texas, which I now call home.
As an engineer, I’ve always wanted to see the impact of my work, so I worked as a sales engineer for IBM and then a startup called Innography. It was at Innography that I got my first-hand training on how to run a startup sales team, which led me to bootstrap and start my first threat intelligence security startup. After running and growing my first startup for a few years, I sold that startup to an identity theft provider.
When I was free from my golden handcuffs, I joined a friend’s startup, SecurityScorecard, to help them build out their sales and sales engineering team. That’s where I met my current co-founder Mike. We spent a few years building and growing SecurityScorecard before I got the itch to start another security startup, HackNotice.
I’ve been building HackNotice for a few years now and are bootstrapped, profitable, and growing rapidly.
I still have my original iPhone from 2007, and I think that smartphones growing into the dominant platform has been amazing to see. If a company doesn’t have a mobile app these days, they really are living in the past.
I also worked on the cloud before it was called the cloud, selling data centre automation software. How quickly everything moved from data centres to the virtual cloud has been impressive.
HackNotice already had an international workforce before COVID-19, so we had a strong work from home culture. Right at the beginning of the pandemic, I hired several new people in Austin, so I had to figure out how to train them and increase their knowledge without the typical in-person options.
The most significant change to my role was around fundraising. I was preparing to raise an additional round right during the height of COVID-19, but after a few months worth of talks, it was clear to me that an additional round wasn’t our best option. So I had to switch my plan to a plan that brought us closer to profitability. Now we are a much stronger company and ready for rapid growth this year.
We have engineered our watchdog service to require the smallest amount of information from our clients as possible. We’ve built our platform from the ground up with privacy in mind, so users always have complete control over what we are watching and what information they can choose to share. Each watchlist item can be set to private or to be shared with the security team to request help.
Further, by nature of being a watchdog service, we are often bringing a large amount of data that hackers know about our clients to them, and we disclose that information only by following responsible disclosure and verifying that our clients have the authorization to see the information first.
HackNotice is a security awareness company, but we go about building security awareness and habits in a very different manner than other security awareness companies. A lot of the companies that we compete over budget are security training or phishing testing companies, who try to go about building awareness through phishing or security lectures.
We differ by providing a highly personalized, self-service platform that uses security events surrounding each user to create teachable moments and build security habits. We aren’t trying to trick our users through phishing or give a one size fits all training. Every study suggests that generic training and phishing does not build long-lasting change, so we are going about building habits in a very similar manner to how modern social media applications build audiences.
We are currently in a data breach epidemic, where hackers are by and large winning the cyberwar. The number one challenge that we see that organizations have is that employees have more access and privilege than ever before, but they are also unaware of the dangers they face online and don’t see the level of threat intelligence that security teams have seen for over a decade. We hope to change that by democratizing threat intelligence and using it to build security awareness.
The second security challenge is that businesses are increasingly intertwined, using hundreds or thousands of platforms, vendors, and suppliers. Hackers have been routinely breaking into third parties and using those companies as launching off points to break into more secure companies. If we are to slow the spread of data breaches, we need to solve the third party risk problem.
The third challenge is that hackers collaborate much more than companies do, sharing tricks and attacks and even buying and selling access to breached companies. There are too many barriers between security teams at different companies. Further, hackers can hack with impunity, and companies can’t attack back, they can only operate defensively. If hackers continue to be able to attack and evolve their techniques without the risk of being attacked back, I see the cyberwar only getting worse for businesses.
I see a crucial opportunity for businesses to use Security as a selling point or even a reason to go with one service provider over another. Consumers are becoming aware of how Security is essential, and so Security is becoming a buying factor. If one company is more secure than another, that could be used for further sales and consumer trust.
Budding entrepreneurs: Building a startup is hard work and often ends in failure. Even when everything is going well, the global economy could drop, or you could be faced with a once in a lifetime pandemic. My best advice is to make sure that you are in a strong personal position before you take the leap into starting a company. If your life or finances are a mess, you won’t set yourself up for success. Also, this business is all about people, so make sure that the people that you get into business with are good, trustworthy, and someone who you want to work with for a long time. Finally, be prepared for people to not be reliable and have a backup plan. If you want something done, you most often have to do it yourself.