Stu Sjouwerman is the founder and CEO of KnowBe4, a security awareness and training company. It’s not his first rodeo, so to speak. Stu co-founded Sunbelt Software, which was acquired in 2010 by GFI Software. This time is different though, Stu tells me, as we look across the London skyline from the Duck and Waffle restaurant. “This one has not been built to flip…No seriously”, he adds when I raise my eyebrows. Despite having the entrepreneurial bug and not suiting retirement – “I tried that when we sold Sunbelt back in 2010 but it only lasted five days” – Stu is in this for the long run. Besides, he says, “it’s really fun to build something from scratch but it’s so work intensive.”
As the lone founder of KnowBe4, Stu went it alone, even putting up $1m of his own money to build the infrastructure of the company back in 2010. Due to a chance mutual friend (a neighbor of Stu and a relative of Kevin), Stu met “the world’s most famous hacker” Kevin Mitnick in 2012 and offered him the role of ‘chief hacking officer’ at KnowBe4. In return for his knowledge, expertise, and of course his name, Kevin and Stu together own a majority of the company and are equal partners.
The cybersecurity landscape has played right into Stu’s hands, with high-profile news events like BitLocker and WannaCry raising awareness and thus increasing KnowBe4’s sales. CryptoLocker, for example, resulted in massively increased revenue for KnowBe4. “I call it fantastic bad news”, says Stu. “CryptoLocker in 2013 sent our financials sky-rocketing and it hasn’t stopped since”, he tells me. He’s not wrong. In 2015, KnowBe4 had sales of £7m. This year, sales are set to reach £55-60m. He attributes the incredible growth to a “combination of our service and the need in the market.”
It has become quite on-trend in this industry to say “the human is not the weakest link.” In fact, our Q4 issue of Infosecurity Magazine has a brilliant article by Wendy M. Grossman on the subject. Stu, however, disagrees. He created KnowBe4 because “a human firewall is needed because humans are the weakest part of the supply chain.” The human firewall does not replace any other part of a security defense strategy, Stu explains, “it’s an extra layer.”
KnowBe4 trains people online with interactive modules and also sends out simulated phishing attacks to improve awareness. Their sweet spot, says Stu, is their foresight to get in front of the bad guys. “In two years’ time, cyber-criminals will be launching multi-layered phishing attacks; they’ll send similar messages to email, then SMS, then voicemail. The multi-layered technique will leave even the savviest victims believing the message to be real.” KnowBe4 already has that technical ability, and the multi-layered phishing exercise is currently in beta testing, ready to arm their clients with awareness and preparedness for future attacks.
In two years’ time, cyber-criminals will be launching multi-layered phishing attacks; they’ll send similar messages to email, then SMS, then voicemail"
I ask Stu about the most current successful types of phishing emails. What are the headlines that are most successful? “Data breach alerts, ironically, are very popular right now. So are ‘LinkedIn’ connection requests, delivery confirmations and free pizza offers.”
He considers millennials the most susceptible generation to phishing, on the grounds that they are not aware, or concerned enough, with the risks.
Investment, Expansion, IPO
It looks like the future for security awareness companies is bright, and KnowBe4’s recent Series B investment (security $30m in growth capital financing led by new investor Goldman Sachs Growth Equity) shows that investors are confident in the market too. On the day we met, Stu had just received confirmation that KnowBe4 were being promoted to the ‘leader’ section of the Gartner magic quadrant. He was literally radiating pride and excitement. “We’re the fastest growing company in this field, and the Goldman Sachs investment will open Fortune 1000 doors for us,” he says. “Having Goldman’s nod of approval and knowing they believe in our mission makes us credible with the largest companies on the planet.”
So what does the future look like for KnowBe4? “The plan is international expansion, and I’d love an IPO in five years. The expansion possibilities are so great that I don’t want to leave or retire.” Ultimately, he continues, he sees himself as the Chairman of the Board.
His desire to stay connected to the security training space is in contrast to his feelings about his former business and space. “I’m so glad to be out of the anti-virus market,” he admits. “Anti-virus products as a whole are getting worse. Attackers are getting better and the anti-virus market can’t keep up. They’re actually becoming less reactive rather than more, and the industry is not cutting it.”
He continued, “Anti-virus is a really crowded space, partly, I suppose, because you can’t live without it. But relying on it gives a false sense of security.”
Something tells me that it may be a long while before Stu is ready to migrate to that Chairman of the Board role.