Alert: Cyber-shark sighting

Robert Herjavec, star of ABC's Emmy Award-winning hit show Shark Tank also stars as CEO of a real life Canadian startup which became the world’s largest independent pure-play cybersecurity services company.

1 2 Page 2
Page 2 of 2

Herjavec sees himself as a shark who defends his customers. He says that corporations need a shark mentality to help protect them from cybercriminals.

Cast of characters

The school of cyber-sharks swimming alongside Herjavec since he founded his firm include co-founders George Frempong, senior vice president of sales, and Sean Higgins, CTO. Working together for 15 years - and having known and worked with each other for years prior to that - the three of them and a couple of other corporate managers reflect a management style that is fiercely loyal to its people and their career goals.

The most valuable people are Herjavec Group’s corps of cybersecurity professionals. The company employs expert cybersecurity advisers, consultants, incident responders, engineers and SOC (security operations center) staff.

Herjavec’s partners deserve credit too - and he singles out Splunk and Exabeam as two who provide key technologies that are integrated in to Herjavec Group’s proprietary SOC platform. They use Splunk for logging and analytics, and Exabeam for identity management.

Recruiting

Herjavec Group will need to recruit new cyber-talent, and retain its current staff in order to meet its ambitious growth plans. That’s no easy task, especially in the U.S.

There’s a labor shortage in the cybersecurity field. More than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74 percent over the past five years, according to a Peninsula Press (a project of the Stanford University Journalism Program) analysis of numbers from the Bureau of Labor Statistics.

[ ALSO ON CSO: 10 common misconceptions about security professionals ]

The firm has some distinct advantages to meet this challenge. They offer an opportunity to work for a celebrity, and that is definitely a calling-card whether the company intends it to be or not. Herjavec says the biggest benefit is working for a company on the cutting-edge of cybersecurity. As a large pure-play cybersecurity services firm, they are constantly on the most exciting projects that teach and challenge their technical experts.

Competitors

There’s a formidable list of competitors that Herjavec Group is going up against, including large cybersecurity professional services divisions within major tech companies.

IBM Security, the cybersecurity arm of tech giant IBM Corp., would be a $1 billion plus business if it were spun out on its own. IBM’s Managed Security Services is an industry leading MSSP.

BT Group plc, trading as BT, is a British multinational telecommunications services company with head offices in London (UK) with operations in around 170 countries. BT’s Managed Security Services business is a major player in the MSSP space.

NTT, headquartered in Tokyo Japan, is the world's largest global IT and telecommunications services company. They acquired the leading pure-play MSSP company Solutionary, headquartered in Omaha, Neb., two years ago in June 2013, and they’ve been gaining traction in the market ever since. The MSSP is run as its own brand - Solutionary, an NTT Group Security Company.

That’s just to name a few of the bigger tech outfits who play in security.

On the opposite end of the spectrum there’s dozens of smaller MSSPs that are attempting to build up as regional players in local markets, and in industry verticals. Herjavec Group has a distinct edge over these companies with its own world-class SOC. Many smaller MSSPs rely on third-party technology platforms to deliver some or all of their services.

There’s also the cybersecurity product vendors who provide services around their own technology. Market leader FireEye offers its FireEye-as-a-Service, which resembles a Managed Security Service and Managed Security Services Provider (MSSP) arrangement.

Herjavec Group is an inch wide and a mile deep in cybersecurity services and its MSSP offering, and well-equipped to compete against the bigger tech brands and the smaller up-and-comers.

Herjavec points out that while IBM’s security business is big, it might only make up 1 percent of IBM Corp.’s total revenues - and he wonders how important security is to them in the context of everything else they do. IBM did grow their security business by an impressive 20 percent in 2014, but Herjavec Group grew five times faster during that same time period.

IBM reported Q1 2015 revenue of $19.6 billion for the quarter, $100 million less than analysts had predicted and down 12 percent year to year, according to Forbes. IBM’s cloud business saw growth of 60 percent, and Cloud-as-a-Service took in $3.8 billion in revenue. IBM’s business analytics was up 12 percent.

It appears IBM’s future success is tied to next-generation technologies. Considering IBM missed on revenue in Q1 2015 for its eighth of nine quarters in a row – even with its cloud and analytics businesses trending up, we expect to hear a lot more about IBM’s security business in the latter part of this year and in 2016.

Customers

Herjavec says Global 2000 corporations are his firm’s primary target.

While the largest corporations do not typically outsource their entire cybersecurity stack and are not the top candidates for MSSP services, there’s still a big opportunity with them. Herjavec Group has deep expertise in logging, analyzing, reporting, and responding to security alerts. Log analysis isn’t ‘sexy’, but it’s in high demand… it is a tedious but mission critical task faced by all large corporations who are largely under cyber-staffed - and Herjavec Group has the people and technology who can do it.

Moving down the list of Global 2000 corporations, the sweet spot for MSSP services are companies in the market for a hybrid or fully outsourced security provider.

By 2018, Gartner projects that more than half of organizations will use security services firms that specialize in data protection, security risk management and security infrastructure management to enhance their security postures.

Infonetics Research says the managed security market will exceed $9 billion by 2017, in its “Cloud and CPE Managed Security Services” report.

Herjavec Group is aligned to these trends and the corporations who will be in the market for MSSP services.

North American expansion

Herjavec Group is new to the U.S. and closed its first deal there just over a year ago. It also closed the largest deal in company history with a U.S. customer. To say the U.S. business is growing quickly would be an understatement. The company posted $10 million in U.S. revenues in 2014 - which by any standard is off-the-charts for a new entrant. For 2015 the company has already generated $20 million, and they aren’t even halfway through the fiscal calendar year. Herjavec says one of the their major wins is a U.S. customer who is the world’s largest gaming company.

North American Managed Security Services will reach $3.25 billion in market revenue by 2018, according to research firm Frost & Sullivan. Herjavec Group currently derives about 40% of its revenues from its managed security services.

Going global

Herjavec has been doing his homework studying global regions ripe for MSSP services.

Frost & Sullivan researchers predict the EMEA MSSP market will reach $5 billion by 2018, almost $2 billion more than North America. “Threat intelligence, research, detection and remediation services are likely to grow at a rate twice that of security asset monitoring and management, becoming a critical focus area that will distinguish market leaders from the rest,” stated Network Security Industry Principal, Frank Dickson.

Herjavec Group has used the Sysec acquisition to set up its European headquarter in the UK, and tap into an explosive growth opportunity for MSSP services.

Acquisitions

Despite Herjavec Group acquiring several companies, it is not its fundamental growth strategy.

Herjavec says acquisitions are really difficult now. The better MSSPs have already been acquired during a period of intense M&A and consolidation over the past few years, and the valuations of private MSSPs are way too high.

The best acquisition targets are cybersecurity professional services firms who have people that can be cross-trained on to the MSSP side of the business.

When Herjavec group enters a new region, it builds a SOC from the group up. The firm essentially ghosts its technology platform in order to increase capacity or serve new geographies. You might think of this as its secret sauce. It is a much better strategy than acquiring other MSSPs with dislike platforms.

Looking ahead

Herjavec will continue to star as CEO at his firm, and there’s no plans for that to change. He says there’s infinite opportunity in the fast-growing cybersecurity industry, he loves what he does, and he gets a sense of fulfillment by helping to protect and make the world a better place. Herjavec points out that the basic premise of doing business is trust, and his firm helps to protect that trust.

His firm may look to outside investors for help financing expansion into additional international regions including Australia and Asia.

The rest of 2015 and 2016 should be interesting.

Is Herjavec a great white Cyber-shark in disguise - who will swallow other cybersecurity firms and MSSPs as he ventures out to deeper seas? Will he roll up a $300 million global cyber brand in the next few years like he says?

It is interesting to ponder a liquidity event down the line as the final episode.

Maybe Herjavec sell-offs and delivers the knock-out blow to Cuban.

Maybe Herjavec and Cuban emerge from the Dallas skybox to announce a joint venture deal and become the cybersecurity power couple.

You never know. Stay tuned to Herjavec Group!

1 2 Page 2
Page 2 of 2
SUBSCRIBE! Get the best of CSO delivered to your email inbox.