Eoin Keary, Edgescan: “It’s dog eat dog”

In 2020, BGF Ireland invested €10.5 million in Edgescan to accelerate international expansion and product development. As part of the deal, former senior IBM executive Bernie Waldron joined the board of Edgescan as non-executive chair. Hear from Edgescan’s founder and CEO, Eoin Keary, as he discusses the company’s growth journey.

I graduated from Trinity College, Dublin with a computer engineering degree. After that I worked in software development and that’s when I got into the idea of software security.

It wasn’t that big of a thing back then. At a previous job, I had set up a team to find vulnerabilities and weaknesses in code, teaching people to write systems in a secure way.

The trouble with that approach is that it’s expensive – humans can’t scale like automation, they get tired. We decided to make a system combining human intelligence and automation. Those ideas became Edgescan.

When I started Edgescan, I had two small kids. It was a risk. My wife was on maternity leave. My previous employer wasn’t convinced I could pull this off. I didn’t have a bank loan or venture capital or any infrastructure.

I didn’t even save up. I was lent a desk in an accountancy office, I had an encrypted laptop and an internet connection, and that was it.

We started small and now we deliver vulnerability detection and intelligence for clients across the globe – everything from start-ups to very large media and technology companies. We’re based in Dublin and growing steadily. Even during the COVID-19 pandemic, we grew by 40% in terms of staff. We’re 70 people now.

Fair share of nasty stuff

Over the years, I’ve seen horrific breaches that were usually the result of something simple. Even when you’re looking at the current ransomware pandemic, a lot of those start with a very simple vulnerability. It’s not hard to find them individually, but really hard to do that continuously. I wouldn’t discount that there are advanced things going on, I’ve seen my fair share of nasty stuff, but that’s more with nation state issues and espionage.

I had never started a business before this. I thought I’d try it, and if it didn’t work, I would go get a real job. When we see how much we help our clients, how much value we bring, it gets me out of bed in the mornings.

My proudest moment was when we won our first enterprise client – a seven-figure deal. We had proved to ourselves and to that client that we could deliver a global enterprise-wide solution using our product.

Cows and rain and green grass

When I was a kid, I would take things apart. I liked to see how they worked. I was the person who would fix the PC and the joystick and the computer when it broke. I’ve always been technical. My parents are both PhDs in science. They are both analytical people.

I grew up in Galway and spent my formative years there before going to school and college in Dublin. I go back to the far west of Galway as often as I can. There’s almost no cellphone coverage there, no broadband, lots of cows and rain and green grass and all you can do is walk around and admire the views.

Outside of work, I like playing computer games with my kids – I have two teenage boys. They have an interest in technology. One loves it and does it at school and the other is very sharp – leaning towards technology and science.

It’s a meritocracy

I have learned things the hard way. When you go from 10 to 20 people, you can still manage on your own but from 20 to 70 you need some HR responsibility and structure. It’s been a learning curve but a lot of it is about making people feel valued, that their efforts are being recognised.

My strengths are being transparent, honest and direct, as well as logical and able to explain complex things in a simple way. However, I can be impatient, and I don’t suffer fools well. Looking at the world from other people’s standpoint is important, but there will always be people who waste your time, and I’m good at spotting that pretty quickly now.

The culture internally here is very good. It’s a meritocracy. If you’re good at your job and work hard, you do well. People who just want a 9-5 job may not enjoy it here. It’s not about clocking in and clocking out. I really enjoy working with people with a similar passion for cybersecurity.

BGF & Edgescan

We felt BGF would give us a lot of value but also the space to run our own business. We would get help where we needed it, and guidance when we needed it, but then space to run the company the way we thought it should be run. It’s been that way ever since.

A red ocean, a bloody ocean

The cyber industry is very cooperative in open source and research, but on the commercial side, it’s dog eat dog. Every organisation says they are better. There is lots of uncertainty and doubt being sold to people, and a lot of vaporware – software that’s announced to the public but is late or never actually gets made.

It’s a fragmented industry because there are so many companies doing things. It’s not a blue ocean, it’s a red ocean, a bloody ocean. I can see a lot of consolidation coming. I’m not worried, though, because I can see Edgescan sitting well in that world, given what we deliver. Good companies with strong revenues and good clients will always be sought after.

Learning from low points

The lowest point for me was the first time we lost a client. You ask yourself, what did I do wrong? In many cases, nothing. Vendors rotate. You can’t always keep a client forever. Historically, we retain clients for a long time and our churn rate is very low – just 3% for the first six months of 2021.

The barriers to growth vary. Organisations often want to stay with local vendors. There’s a level of sensitivity with any cybersecurity vendor and you have to build trust with the client. We handle some very sensitive projects.

There are cultural aspects too – in some cultures, you need local talent and a local feel. What gives us an edge is that we’re European. Most competitors are based in the US.

Too young for rocking chairs

In ten years’ time, I’ll be sitting in Connemara on my rocking chair looking out over the Atlantic Ocean. I’m 48 now so maybe a bit young to talk about rocking chairs. The problem is that the fundamental challenges in cybersecurity are 25 years old and we still haven’t solved them.

I could see myself starting other companies. Maybe not in cyber. I’m interested in the green agenda stuff – green energy and sustainable energy. I don’t think this will be the last time I start and grow a company.