Cybersecurity: Why it is Important & How it Can Give Startups a Competitive Edge w/ Brian Fritton


Recently, it was reported that cyber criminals are monitoring deal flow announcements and targeting affiliated startups. Moreover, according to stats, 50% of successful cyber attacks target small businesses.

Needless to say, cybersecurity needs to be a top priority for startups these days.

Brian Fritton, CEO & Founder at Havoc Shield, joins the show to talk about what you should be doing to protect your business.

We discuss:

-Why investing in cybersecurity is vital to the success of your business

-Why startups struggle with cybersecurity

- How security helps startups prevent revenue leaks and win business from enterprise clients

-How Havoc Shield works with startups to stand up a cybersecurity strategy

-His experience working with Techstars

This discussion with Brian Fritton was taken from our show Startup Success. Reach out to Brian at or on LinkedIn at and visit for more information.

If you want to hear more episodes like this one, check us out on Apple Podcasts.

If you don’t use Apple Podcasts, you can find every episode here.

Listening on a desktop & can’t see the links? Just search for Startup Success in your favorite podcast player.

Welcome to start up success, thepodcast for startup founders and investors here you'll find stories ofsuccess from others in the trenches as they work to scale some of the fastestgrowing startups in the world stories that will help you in your own journeystart up. Success starts now welcome to start up success today, onthe show we have the CEO and founder of Havoc Shield, Brian Fretten, and I'mexcited to have frying with us today. Brian Welcome to the shell thanks ortime for having me go. Thank you, and I thought of you earlier this week,because I get a million newsletters around startups and something caught myeye, and it was that cyber criminals are now watching dealflow announcements and targeting those startups, and I was like how timely that Bryan'sgoing to be on the show that we can now talk about this, because here's anotherthing that startup founders need to worry about. So I just want to jumpright into that, because that article really caught my eye- and let's talkabout that- why do start ups- need to worry about cybersecurity early stage?Yeah these types of techniques of tactics- those attackers use only getmore novel. I read a recent article about you know, links on the ends ofyoutube videos being used to spread malwar. Recently, it's crazy! Really, it's certainly a sort of a can mousegame. The layer on top of this is that types of businesses we all run. Thesesmall businesses are now- and you can look this up in the horizon- databreach report that Potamon Institute report a lot of respected, differentsurveys and they have slightly different percentages, but the realityis they're all around the fact that about fifty percent of the timesuccessful attacks target small businesses, so just as much as a largerbusiness as your large counterparts are attacked, so are small businesses. Soit's not a question of if but when you will get attacked now. I think that'simportant. I note because we only read about the big ones in the media rightyeah. But if you go on to these, these state data breach data basis of whichyou are now required, and I think it's like forty, five or forty eight statesto register and if you are, if you meet some pretty minimal criteria of abreach, you'll find a budge of small businesses in there and that's reallyunfortunate and our mission is to protect other founders and other smallbusiness owners. And so it's that huge risk that can no longer be ignored andkeeps people like me and my pastorals up at night and I'm sure folks, youknow in operational roles and in the c sweet you know are seeing folks inthere in their industry, maybe competitors. Colleagues, I have to dealwith the reputational impacts of being attacked right. So it's a hugereputational arm having to email, your your employees or your customers, yourpartners to let them know that there might have been a breach. And then youknow, even if you have cyber insurance, which is which is great, it's a tool,but the financial infects of being attacked. The the cost of not beingable to do business of having to be distracted and respond to somethinglike an attack there, huge and more and more. You know in the case of justransom more alone, these types of things are being carved out by insurers,and so you might get some coverage, but if you can't prove that you've doneenough with your efforts to protect Your Business, protect your customers,they might not pay it all, and so you're now substantially more at riskof having to pay for the impacts of a breach them than ever before, got it sofor the insurance. And then you also have mentioned that in some of thereadings I've done about you that compliance right, that's another reasonif you're selling into the enterprise yeah, so compliance there's, there'stwo things there actually so yeah. A lot of us have larger customers right,and so these larger businesses, you...

...know and even mid cap businesses noware getting way more stringent way earlier on about their demands in termsof a Cypros Urit in compliance program for small vendors and it's because theycorrectly see us as a sort of squishy target and if we're holding theirinformation, if we have sort of keys into the different parts of theirbusiness, you know because we help them when in different ways, hackers areprioritizing us, our small businesses as targets as gateways into thoselarger businesses, and you know that that's scary to bigger enterprises andso they're. Putting these really large complex jargon, fill sipersquestionnaires in front of a low a lot of businesses, especially in thefinancial industry, and so you know customer struggled to get past those,but it's a revenue problem right. You know. If you can't get past thesethings, you're going to slow down, if not possibly lose a deal, and that'syou know, we don't want that to happen. The other side of it is being able tokeep your keep your licensure and and comply with different regulations. Ifyou are in you know: education, health care, of course, or financial services.There's all of these. You know regulations that are becoming much moreenforced than they ever have before, because you see the government kind oftake note of the last several months with with ransom, ware and with databreach and privacy concerns, so states, the federal government and evenindustries and licenser bodies are now creating separe rity requirements, andyou can expect to get notes from your lawyers from your associations fromregulators themselves more often than you have before so better to beprepared for that now that, after respond to the future, absolutely I cansee where this is really important for our clients. You know and fen tech andhealth care, like you mentioned, but everyone really- and you mentionedrevenue- let's touch on that a little bit because, yes, you know, if you'renot able to get compliant quickly, that's going to impact revenue. Whereare some other ways? You know that this can compromise revene yeah. I thinkit's there's a front on the back end, so, on the front end you see, customerslarge and small, becoming much more security conscious. You know, they'vegotten enough times the letter and the the thin lighter and the male or theemail saying your breach again. Please change your passwords that got yoursocial security number or watch your credit like customers are found, butthis is especially D to be because there's so much more to lose there andso from a revenue perspective. Using security as a competitive advantage is,is a strategic route that smart businesses are taking now right. It'snot it's no longer the the cost center for for forward looking businesses thatsecurity has been. They see it, and we've proven this out with a lot of ourcustomers, who put our trust, badges on their website and list their policieson a security page and talk about security as one of their features.We've seen that the conversion rate from traffic to trial or traffic toconversation go up when folks do that. So there's that front end that thosemarketable assets that you can get by having a cybersecurity program and sortof exposing your efforts there and then the back end is what we talked aboutright, which is, you might get all the way to a deal and you've. You beat outcompetitors for the business and they said Yeah. Well, you know we would goshut at the price when we want to go with you and he the deal sponsor inthat in that customer is waiting to get started with you. But then they saidyou know the last step. Is You got to go through procurement, compliance andcall different things in different companies, but one way or anotheryou're going to get that questionnaire about? Do you have a sit rescue program?Do you train your staff on these types of topics? Ye? Do you have backups?Unfortunately, the answer for a lot of us is yeah. I have antivirus installed,but I haven't not done much more than that, and so you know being able toanswer those questions even understand.

Those questions is a big pull, and sowe try to help it with with the whole step by step process there. You knowwhat questions are they asking you? What have you done already? How do wefill the gaps on the things that you still need to do and on the other, andhow do you? How do you respond professionally? How do you use thelanguage and the evidence necessary for the types of people are going to be areview in that so that you can go great? You know you got the check box and- andyou can win that business and for folks who can't do that effectively. You know,I think they're, seeing their pipelines slow down and they're losing more dealsnow. The way you've spelled that out is very compelling and listening to thisand thinking about the way work has changed over the past year. Did thepandemic accelerate the need for this with so many remote workers, and youknow: You're, not you're nodding, yeah, that's a yeah yeah. It is acceleratedright this. This widespread use of personal networks and personal deviceson some cases, even if it teams are trying to make sure that you're usingyour company, PC, yeah, we've seen a lot more companies. You now ask usabout approaches and securing those. Now that remote work is, I think, in abig part, going to be a way that company go forward now in their work.GENVIEVE ND, it's forced companies, I think, to you, know more quickly adoptadditional SASS products. You know and leave behind some of those more on premtypes of legacy, applications and servers. So there's still lots of work,different type of work to do to secure those SAS products. You know as oneexample, if, if you moved from an online excuse me a hope, Ted Microsoftexchange server for your email right, so great, that's a cure. That's a ingto fire all that good stuff, but now you've moved to the office throughsixty five online version or google work pace both of those in the pursuitof like a good customer experience, ship De Fault, insecure in the way thatmany of the security features are turned off. So multi factorauthentication one of the best ways to keep people out of your accounts. Ifthey are able to you know fish. Your Password, for example, turned offturning that on means getting into a huge. You know, admint in her face thatthe settings are seven levels deep right and so there's there's a lot ofhelp. I needed with configuring the things that we've moved to because ofthe pandemic securely and a lot of them are being ignored. And, lastly, you have the human elementright. So employees are dealing with a lot stillkids at home, balancing work on personal scheduleslike they never have had to before. You know their day, care might shut downfor a day. Things are things are still harried and what that creates is humans that are more susceptible tosocial engineering, attacks right those types of fishing attacks, the theemails from your CEO Saying, I'm in a meeting, but I need you to buy thesethousand gift cards right. Tell me the numbers right. Yes, I'm laughing,because that happens to arch. We all get those tacks all the time. Yes, yes,okay, we're all much more susceptible to it now, so you got to take care ofyour humans as your first line of defense. That's so true, and I feel andtell me if this is what you see startups: they don't their resources,aren't as deep right and, and so they don't have the team to do a lot of thiswork. Is that what you see with startups on why they struggle withcyber security yeah? Absolutely we don't have the budget for two hundred fifty sand dollar cybersecurity specialist. We don't have the time to wait the months it takes to geta contractor and to help us. We don't have the resources to study what weshould be doing ourselves and the people that we could leverage to dothat. Don't have the luxury of being... to spend hours and hours doing thehomework behind that right. They have another job to do, and so what we seethat the people who are coming to us, first of all, like they're,fantastically diverse and role. So you know there, people that are you knowthe director of operations there, the CFO there, a small company C to orsoftware engineer, sometimes but they're coming to us saying you knowthat, given this responsibility, given the pressure is that we've been talkingabout, I don't know where to start. I think this is a really expensivepursuit, but we got to do it right, we're beingforced because of this risk and our revenue and that type of thing, andwhat we're trying to do is make that process of using your existing teams.They don't have to have specialists. You don't have to wait on a contractor,we're trying to make that much much more accessible for existing team, butat the same time we know that that will have another job they have to do. Theywere just kind of given Stewart ship over the security topic, so we try tokind of do it like turbo tax did, for you know, tax preti is we take thisocean of technical compliance, prioritization planning complexity?That is the syposulphate and we bake it into a step by step plan that you- andI is non security pros- could could execute on professionally and gain thatcompliance gain the assets that you can show to your customers to win the deal.provably decrease the likelihood that you're going to get attacked. That really spoke to me, especially thepart about how you describe yourself as the turbo tax right, because it'sreally clear that the value that you bring and the fact that you get that ina startup people have multiple roles right and their task to do things thatthey might not have a lot of experience with, but they have to take on, and soI do you have a process. You Walk your startup clients. Through I mean itsounds like you're really good at giving them the tools to make thesechanges right away. Yeah Yeah! So it's a sax product, so it's self serve. Wethe first place. We start is you know every business is different, so we haveto know you know what your priorities are. Are you know? Are you facing acustomer that wants you to go through a big Sudeeq, questionaire compliancephase? Are you seeing new types of attacks and you've got a you got to putprotections the place sooner relater? So we ask you some guided questions. Wedo an assessment right and we profile the customer. We build what it's calleda threat model by by your answers to that question and that informs the planwe produce. So every plan is curated to the customer hand, so if you're infinancial services and you've got to comply with the new Ark Department ofFinancial Service as long as because you're also in New York or do businessin New York, we know that from your answers and we're going to put theRightt tast in place, if, if you're prioritizing, that that customerquestionnaire will ask you I'll put it and we'll pass that and we'll be ableto put tasks that will answer those types of requirements in place and fromthere we do a couple of things you know and they're all just you know, taskslike you have intertoto that you follow a lot. We roll out vendors, so you knowyou need backups, you need a antivirus, you need the training for our staff.All these types of things come from this kind of fragment, and you knowwild west of security vendors that got. How do I manage this? How I pay forthis? When should I do this? We try to beopinionated so that you know when we tell you it's time to roll outsidebrower and its training or time to do this. It's the obvious next priorityand we make it really easy to do so. So we take all that complex configurationand all that stuff from from roll out through actually getting your your reports on the other end of thesetypes of things. Super Super Easy, so...'s paid for for you. We were allabout automatically. We make sure your staff does what they needed to do withit. So as we handle all those vendor roots and then and then, of course,like the monitoring and configuration pieces of it, we show you how to enablemulti factor in office. Tough Sixty five, if you haven't done it and that'sa process where we're just overlaying guidance on top of your browser. So youget told quick this quick this, and this is a recommendation instead ofhaving to figure it out yourself, and then you know. Lastly, we help youprove it and monitor for changes. So if your employees get stuck in a day tobreach, we know that we scan your your websites and your networking forstructure for vulnerabilities and can help you resolve issues there. So it'sthe ongoing stuff as well. This is brilliant. There's a few things I likethat you do a customized plan for the start, up that it's so turn key for theemployees and then you're there if they need to ramp up if something happens,right at compliance deal or attack or something it's fantastic. So how didyou get here? Because I you know, checked out your profile. You have agreat background. You founded you know, engineering. How did you come up withthe idea of Havic Shield and you know pursue this route? Thanks?Think not a start turning red here and the winter has has not deepened my Tan.So, yes, I know software engineer by trade, so you know train on the product Sid andthe consulting side, a d and saw these types of issues for a long time, butlike reminding even before that. As a kid, I was always really interested inprotecting people. So you know I was always the the scrappy little kidon the playground. You know trying to make sure my other scrappy, nerdfriends, weren't getting bullied, and you know my parents weren't allowed towalk through the House without typing the Code on a Cardboard Code Pad that Ihad drawn and stuck to the you know the threshold for the next room. That'sawesome! I love it. You know I've always have aninterest in it right and and and after I've gone through these roles. Havingfound in companies and been stuck with that responsibility, you know it waspretty obvious that this is my way to keep protecting people right, protecter,boundary, protecting business owners, and I was given the the chance to applythat sort of passion and my last roll is the VP of engineering for DataScience Company that works hell in the political space, and so we held aboutnine out of every ten national political data strategy hubs during thetwenty eighteen mid terms, and we were told by the the Senate IntelligenceCommittee, you know: Hey you're, going to you're going toget attacked. You know they have this type of data and wow what a what anexcellent reason to get serious about the program at that time, and then youknow day today I was the the guy in the room trying to convince these thesepolitical institutions and also enterprises that were selling to that.We had done enough to win their business from a Scudo sandpoint andthat wasn't always an easy conversation, so kind of became the the the bug in my head, and I talked toother you know, Area C. Tos and directors of operations and the peoplewho kind of get given this the stewardship- I said Yeah Brian, like Idon't you know, we really need help with this. I can see the pain, and sothat's that that's the history, it's fascinating. I like that it spans fromthe playground to you know a recent role you had around the mid terms,which is so interesting, and it clearly says to me: You are doing exactly whatyou should be doing right now and what you're doing is very impressive. I sawthat you were part of techs yeah, Chicago Cohort. That is fantastic. Canyou tell us briefly about that...

...experience and congratulations. Thanks,yeah a text arts is a great experience, soI've been working on havoc shield for maybe a little under six months when Igot the chance to apply for Tech Stars and you know, I'd seen, lots of theirsuccessful businesses go through the accelerator, and so you know help mybreath in terms of getting in but was really blessed to get the belief of theManaging Director and the Valuation Group there and started that at thebeginning. In Two thousand and twenty- and you know that at that point we hadjust launched a first version, we were kind of searching for. How do wereached our best customers and what Tex Arts gave us was you know anaccelerated route to customers and to an investors and to knowledge like thehaving been in a multi time founder. There was some one on one level stuffthat I was I knew already, but they let you kind of run your business and theysay if you know this already and you don't need it go, run your businessright. They don't make you go through all these steps, if you don't need to,but they also did things like a really comprehensive. Well done, youknow master class and how to build a financial model and how to positionyour company right, because everything comes from positioning- and I don'tknow if I ever would have learned that if I didn't kind of get the opportunityto do that and then on the back of Demo Day, you know we were able to raise aabout a one and a half million dollar round. So you know the output is we'realive and have the cash to keep going. What an excellent opportunity I meanjust that those lessons on financial, modeling and positioning. I would liketo take that that sounds so right, yeah how fun congratulations, any advice tothe founders listening just from one found or to another. Yes on all thesecurity, and I want to touch on how they can reach out to you. But beforewe get there, just any other advice for founders on the security topic startedearly, it's it doesn't have to be expensive or comprehensive. There arefundane things you can do, enable multifactorial on everything you canmake sure all your staff does use backups, make sure that you know how torecover them. If, if stuff hits the fan, one great piece of advice that I'vegotten from some Sementerio in the past and have really taken up- and it'sespecially helpful in this sort of a syncretist remote environment- we'reall working in- is to write more. It's than immensely helpful in terms ofclarifying my thoughts and what success looks like out of a project or strategy,and then I can send that to my team and we can have a everyone kind of read itdo their own thinking then get together on any questions or clarifications. Soit is just such an an efficient use of time during the process of of trying toget together on something rather than have six different meetings, and ithelps you clarify the thoughts and realize what is important versus notyourself, and if you get in that habit of writing, other people start to takeit up to, and you get this culture of careful well thought out moves by yourwhole team and then it's it's less important to have a bunch of meetingsand have our own available. You get to have the benefit of people in differenttime zones about all working off of the same information. So that's workedreally well for us. I love that suggestion. We do that with Googledocks our executive team and then everybody adds comments and, like yousaid, when you put something to writing, it forces you to really think itthrough, and then everyone can collaborate and just those tips yougave right there. I mean I need to go back and do some security to t some ofmy things. So I've really enjoyed this conversation, Brian and I'm veryimpressed with Havic Shield and what you're offering to start ups. You know we are a big believer infractional and startups taking what they need right. That's our businessmodel to with CFO to people, ops, and I... this, the way you've set upsecurity for them. You know turn key. They can ramp up when needed. You knowit shows you really understand startups and how they scale and what they need.So that being said, how can people get in touch with havoc shield and theywant more information back, and thank you so much for Hame. It's obviouslylike Birkland is putting out some really excellent thought leadership andwhat a great way to do right by your customers to put out these kinds ofthings right. It's not just about doing your books or you know developinganother sop at the end of the day. It's not just about the tactical stuff.That's about! Where do you need to strategically focus where there's riskright? And so so that's that's so awesome it's so we're really seriouswhat we build a technology product. We are also serious about putting a humanface, that you can trust and you can reach in front of it, because securityis a sticky scary, complex topic, and so we invest really deeply in havingexperienced client success, people everyone across our team who you cantalk to, and so when you go to our website and you get a trial all thatgood stuff. I always thought people just email me and ask me the questionis: If you're, not a customer, I'm really serious about that wanting toprotect other founders, business owner self, it's Brian, Brian, havoc shieldcom. Thank you that's great. I I like your passion, our founders, passion isaccelerating dreams and I feel like you're an example of that from theplayground to her. It's pretty cool. I've enjoyed this conversation. Pleasekeep in touch, I'm looking forward to seeing what happens with havoc Shiel inthe future. So thank you for being here today, Brian Exitum, it was great you've been listening to start upsuccess to make sure you don't miss out on future episodes subscribe to theshow in your favorite podcast player. Like would you hear tap the number ofstars? You think the show deserves an apple podcast for more tools andresources for your own start up. Success check out berkely associates.Thank you so much for listening till next time.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (29)