Bootstrapping a High Growth Cyber Security Venture with a Paycheck: Christian Geyer, CEO of ACTFORE (Part 3)

Sramana Mitra: Were you aware of this regulatory requirement in your original business?

Christian Geyer: Yes. I was part of a cybersecurity incident response company back in 2016 at the Crypsis group I had talked about. We sold it for $260 million to Palo Alto Networks, a cyber security company.

Part of that family office, where we launched multiple companies from, were staff augmentation, being in the DC area. One of them was a government contractor, and then the most successful one was a cyber incident response company. For four years, I understood, lived, and grew up within the cyber incident response marketplace.

So, when I moved to the new company, when COVID hit, and when revenues changed, it was trying to identify where we could pivot into the market. Since I had a background in incident response, I then said, “Well, if our software seeks to identify sensitive information, why are we doing it in a proactive nature? Why don’t we augment the software to then work in a reactive mode?”

I knew about the regulatory requirements, coming out of, let’s say the Equifax breach. You or a lot of your listeners may have received letters from the Equifax breach. So, the requirement to notify individuals has been there for quite a number of years.

This isn’t a new requirement, it’s been out there. I knew it was out there, because I knew how our software works. I then understood that I can augment it, I can change it, and I can make it more robust to then address this new market.

Sramana Mitra: Now, what did you do with your corporate structure? You said you spun this thing off the main company. What was the capitalization of the original company and how did you capitalize the spinoff?

Christian Geyer: There’s a lot in that. I think there’s an important story to tell around the bootstrapping of the company. The original global software company is still around today and it’s successful today.  We weathered the storm of Covid and then came out of it stronger, but it’s been around for 20 plus years. It was actually founded in 1997 or 98. It’s changed ownerships throughout the years, but they’ve raised to the tune of roughly about 20 million pounds over 20 plus years.

Sramana Mitra: So, this is a British company,

Christian Geyer: Yes, it’s a British company. It’s a global company. I was going overseas to visit their UK offices and the EMEA offices. It’s important to understand the history of the business because what we didn’t want to do was pivot the entire company and say, “We’re going to pull the plug on everything we’ve built for 20 years.”

So, we still had to remain fully focused on the actual software delivery and the software development that the business and its investors have put their money and faith into. So, we didn’t change anything about that business. At that time, I was on the board, so I was able to influence and pushed my ideas. I brought a business plan to them. I proposed to them that let me do this. They didn’t want it to disrupt their core business. So I said, let me do it in that in the after-hours time, so from 6PM to 6AM I would work on it.

Sramana Mitra: It was just you and nobody else?

Christian Geyer: It was just me and my co-founder Daniel Lim. It was just the two of us. We just decided, let me try this out. I then got approval from the board. So, from the hours of 6PM to 6AM, I was pulling apart code, rebuilding structures, redefining new sort of workflows within the actual delivery model. I basically honed out a minimum viable product that I could try out in the marketplace.

Because of my history with the Crypsis group, because of my four plus years in incident response area, I then went out to my contacts and I asked them, “Could you give us a single case small in nature so that I can test drive and show you a solution?”

They ended up bringing us probably the hardest engagement that you can possibly imagine. They brought us a medical firm or a hospital network that had been breached in three states, and it was across 2000 laptops that were in all three states. So, we had to deploy the solution and scan all 2000 endpoints or laptops remotely, pull back all their data, and then deliver a notification list like who was impacted, what sensitive elements they took, did they take your diagnosis treatment codes?  Did they take your date of birth, your passport numbers, your medical IDs, maybe your Medicare number or Medicaid number.

We had to pull all that out. The truly difficult thing about it was they needed it done in five days. The typical delivery on an engagement of that size at the time back in 2022 was roughly about six months to a year. They gave us five days.

But because of my solution engineering, where I was working on automation, it was to automate this workflow process. We were able to bring in the deal, communicate the value proposition to the client, to the council. We were also the only vendor out there that said that they would do it in five days. Everyone else was months. When we got it in, we delivered it. We showed the solution, it worked, and we got it delivered on the fifth business day.

But there’s a lot more behind it. Now, why I tell that story is all of it was bootstrapped, it was worked after hours.

So, the board of directors, they trusted and they also showed trust in the business. So what they’ve allowed, and what we negotiated from the very onset was that if this is a solution that was born by our hard work, not by something that was invested in, then the shareholders for the actual original business Active NAV should be a minority shareholder in it. So, I negotiated that at the very beginning before I even started and touched a single key on the keyboard.

Sramana Mitra: Very good.

Christian Geyer: I negotiated that if I was going to do this, it was going to be on the right terms, that they would become a minority and then we would hold the majority. When I say we, it is to be an employee-owned company.

Sramana Mitra: Both you and your co-founder?

Christian Geyer: Me and my co-founder and also every employee at the organization – every person that walks through these doors, that works for our company, that’s building and putting in sweat equity to build this business and make it greater. They should actually be entitled to a piece of it.

That was the original negotiation, and they accepted it because one, they saw that there was nothing to lose. They understood the fairness and they wanted to give back to who was actually investing in the company and providing for its growth.

So I think they did a phenomenal job understanding their position and then understanding their involvement in it. They just took a minority stake. So that’s how the cap table came to be. That’s how get the current corporate structure.

This segment is part 3 in the series : Bootstrapping a High Growth Cyber Security Venture with a Paycheck: Christian Geyer, CEO of ACTFORE
1 2 3