Sramana Mitra: In 2014, you had five people in SteelCloud?
Brian Hajost: Yes, I came back in 2009 to sell off two of our three divisions. It was a rescue mission. The market for the third product line had gone away in 2012. We had to do a complete reboot of the company in 2014.
Sramana Mitra: What were the two product lines that you sold off? What was the left of the division where you built the company around?
Brian Hajost: We had a manufacturing division that made security appliances for companies like McAfee, PROK, and Packateer. We also had a consulting division for large corporations and government entities. We were left with a mobility platform. That is the one that went away in 2012. We had to start from scratch and create an entirely new product. We started in 2012 and released in 2014. That is the reboot of the completely new product starting in 2012.
Sramana Mitra: What did that mobility solution do?
Brian Hajost: We are getting a bit technical here.
Sramana Mitra: I am a computer scientist from MIT, so there is no problem with being technical.
Brian Hajost: It hardened the platform in which the Blackberry enterprise server ran so that we could be implemented in the US government – specifically in the Department of Defense. Are you familiar with STIG?
Sramana Mitra: No.
Brian Hajost: It’s the Security Technical Implementation Guide. They are books on how to install and harden all kinds of technology. Every operating system has a STIG. Cisco routers, copying machines, and Microsoft Office has STIG. They are controlled to have to be applied to what you, as a consumer, would operate an operating system or application so that it can be used in a highly secure environment.
The government spends $8 billion a year on hardening systems. That is the marketing space. There are two standards in North America. The other standard is CIS benchmark produced by the Center for Internet Security which is based out of the upstate New York. Those are the two standards that are used to harden systems. Take an operating system that Bob’s bookstore would use and turn it into something that you would install in a UAV. We have done that.
Sramana Mitra: What specifically do you sell to your customers?
Brian Hajost: We sell software. We sell a platform that automates the entire process of hardening an operating environment around an app stack.
Sramana Mitra: Got it. What customer base did you go after when you decided to go this route? Because of your location, was it government?
Brian Hajost: We primarily went after the government. We went after a compliance market. I didn’t have to convince somebody that they should harden their systems to be secure. I went to a customer that was already mandated to do this work. All I had to sell them was the fact that we were the best way to do that.
The entirety of the Federal government is mandated to harden their systems and produce reporting and audits based on that hardening. We went after a market that had already existed. They are already spending $8 billion a year, primarily manually to produce pre-mediocre results.
Sramana Mitra: Where did you get your early traction?
Brian Hajost: We started with our biggest customers with the most need, but we found that the bureaucracy in the largest customers with the most needs didn’t allow us to do anything. We went after small programs in which we could solve a problem quickly.
Our first government customer was in the Navy. It an educational system that they had to harden. It got shipped out and put on a military ship. It was a small lab environment about classified and unclassified environments. Two engineers were tasked with all of the work. The STIG work was something that was passed on to them and they weren’t prepared for any of it.
Our product was very attractive to them. We grew from there – working with government customers directly and working with the systems integrators that deliver programs for the government. These include Lockheed, General Dynamics, Lighthouses, Raytheon, FDICs, and the big companies that deliver programs.