San Diego Insecure times seem to favor cybersecurity company Proficio, which has outgrown its Carlsbad space two years ahead of schedule and is planning a move to a building with three times the room.
The privately held company does not disclose its revenue, though CEO Brad Taylor said it has been growing at 80 percent to 150 percent over the last four to five years.
“Right now the opportunity to grow even faster is available in the marketplace,” Taylor said. The business has security operations centers in Carlsbad and Singapore. It wants to build a third in Barcelona, Spain, and it wants to widen its sales and marketing push.
So in November, the managed security services provider (aka MSSP) inked a deal for $12 million in growth capital from Los Angeles-based Kayne Anderson Capital Advisors L.P.
The new capital means that Proficio can open its Barcelona site in the next few months. Original plans called for the move in the next few years.
Kayne Anderson Capital brings the company not only funding but a certain amount of credibility, Taylor said. The business’s goal now is to grow to $100 million in annual revenue.
Proficio’s founders — including Taylor and Tim McElwee — created their company in 2010 in Irvine, with the premise that they could make a business out of helping other businesses keep ahead of hackers. “We saw a need for companies to provide better threat detection and response,” Taylor said.
Large corporations on the Fortune 100 list seemed to be handling those jobs well, but companies outside of that arena struggled to keep up with attacks.
“We said, we need to stand up a Fortune 100-style security operations center, and offer it as a service-based model,” Taylor said. Proficio now concentrates its sales on companies with revenue between $500 million and $5 billion.
A recent report from Markets and Markets forecasts that the market for managed security will grow at a compound annual rate of 14.6 percent, from $17 billion in 2016 to $33.7 billion by 2021.
Proficio’s Taylor said that individual companies often have trouble hanging onto in-house security specialists. As a result, companies prefer to hire MSSPs, according to an August report from Forrester Research.
“Companies face a staff shortage and an expertise gap,” the report said. “MSSPs represent a mitigation mechanism for both problems, with superior talent and domain-specific skills that the organization can’t find or can’t justify retaining.”
The Forrester report also shows that Proficio has a lot of competition, including big companies with big war chests. Forrester names Alert Logic, SecureWorks and IBM as the top MSSPs. Following behind are CenturyLink, Symantec, NTT Security, Trustwave, BAE Systems, Hewlett Packard Enterprise, Verizon and AT&T.
In an attack on a corporate network, a perpetrator typically finds a vulnerable device — a laptop computer, a smartphone, a printer, a server or a router — breaks into that device, and then uses that as his entry point for the entire enterprise.
A hacker must take many steps before making off with sensitive corporate data, typically between nine and 15. “We call that a kill chain,” Taylor said. “The opportunity is, if you discover them someplace in that nine to 15 steps, you have the opportunity to block them before they get the data out.
“People always say, an attacker attacked my organization and they had one attack and they got the data out. Well, it’s never just a single attack. It’s an attack and then it’s a compromise, a compromise, a compromise, data, take the data out — and then it’s called a breach. Many things occur before the actual breach occurs so you have an opportunity to block them.”
Detecting Attacks in Minutes
The challenge is that the average time it takes an organization to discover a breach is 220 days. The famous breach at the Democratic National Committee occurred in 2015, but was only discovered during the summer of 2016. The attackers stayed in the computer system for about a year. “In the cyber community, that wasn’t a big surprise,” Taylor said.
Proficio’s goal is to detect attacks on computers within 30 minutes or less.
Proficio’s security operations center (or SOC) in Carlsbad has a high ceiling, row upon row of analysts monitoring network activity on their individual computer screens, banks of screens at the front of the room and a giant American flag on the opposite wall.
A good percentage of the employees are military veterans, Taylor said. “They have the perfect mentality for internet police officers,” the CEO said, and they don’t mind working unconventional hours.
Since a number of veterans wind up their military careers in San Diego, Proficio is in a good spot to recruit, the CEO said.
Taylor said one veteran told him that cybersecurity work was very similar to the work he did in Afghanistan: “We’d find the bad guys, we’d confirm they’re bad guys and we’d call in the airstrike.”
Prospective employees don’t always have the technical skills Proficio needs, but display an aptitude. The business offers entry-level employees training so they can advance. For those who prefer a change in scenery, Proficio offers a chance to go overseas when jobs open up there. The company now has about 100 employees, with about two-thirds of them in Carlsbad.
A Country for a Customer
Customers in the Asia-Pacific region include the largest hospital in Thailand, one of the largest financial organizations serving Singapore and the auto club of Australia. Perhaps its most unusual client is a bank in the Seychelles, the island nation in the Indian Ocean.
Looking ahead, Taylor said, Proficio would eventually like to set up a security operations center on the East Coast of the United States.
With Kayne Capital’s recent investment, Kayne’s Nate Locke has joined the Proficio board.
CEO: Brad Taylor
No. of local employees: About 60
Investors: The founders, Kayne Anderson Capital Advisors
Year founded: 2010
Company description: Managed security services provider, specializing in managed detection and response