Life of: A Hacker Turned Cybersecurity Founder

Written by

Name: Andrew Martin

Job Title: Founder & CEO, DynaRisk

Bio: Andrew is an industry-leading security professional and a holder of the Security Expert (GSE) designation, one of only 150 worldwide. Earlier in his career as a cyber investigator, his threat research contributed to the protection of millions of people and triggered international investigations by various law enforcement agencies. He started DynaRisk to help people protect themselves by giving anyone a personal cyber score and simple actions to protect themselves.

Tell us about your move from ‘hacker’ to entrepreneur?

I was quite young during my hacker days, around 18 years old. To be honest, I realised that if I continued on the path I was on, I would probably get into trouble at some point. It took me a relatively long time to become an entrepreneur from those days, but here I am.

I never realised this at the time, but from a young age, I had a very entrepreneurial mindset that helped me to move up the corporate ladder fairly quickly. However, it wasn’t until I was about 34 years old that I decided to take a big leap forward and create DynaRisk.

What made you change hat color?

When you are in your late teens, you don’t think too much about hat colors. Instead, you just feel the rush of accessing systems and find it all quite cool.  As I grew older, I believe my moral compass kicked in, and thankfully pointed me in the right direction. In addition, as an avid chess player, I like to plan things in advance and theoretically assess the outcome of different scenarios. Applying this thinking to my situation at the time, I quickly realised that the odds would be against me if continued on that path.  

Andrew Martin, Founder & CEO, DynaRisk
Andrew Martin, Founder & CEO, DynaRisk

Is the information security market too crowded or not crowded enough?

Both, because it really depends on what specific type of technology you are looking for. For example, it is very crowded when it comes to firewalls, anti-virus, endpoint protection agents and other traditional tools. That said, it gets far less crowded when you think of more innovative, emerging technologies. Most importantly, there are very few technologies that are focused on being simple and easy to use and that’s what we probably need more of.

How do you make (good) noise in a market that is so loud with marketing noise?

To make the right noises and stand out, you have to base your message on authenticity and facts. Every company needs to generate some of hype around their product in order to get noticed, but many get bogged down by basing their communications on fear, uncertainty and doubt. It’s important to be upfront about what your product does and does not do. Being authentic is the best way to win committed customers.

If you could work with any client on any project, who and what would it be?

Our ideal project would be to work with a financial institution to play a role in keeping their customers safe online. Generally speaking, we jump at the opportunity to with companies that are committed to taking a people (rather than technology) focused approach to protecting their customers.  

What’s the best thing about your job?

The highlight without a doubt is when I hear from our customers who just love using DynaRisk! These relatively small mentions mean the world to me, because I’m reminded each time that people are using the platform, benefiting from it, learning from it and ultimately making themselves safer online. That’s what I set out to achieve and getting this feedback makes the hard work, long hours and sacrifices all worth it!

And what’s the worst?

As a relatively new company, there is a lot of uncertainly you need to deal with every single day. Will the person we just hired work out? Are we going to win that client? How will our users react to new features? Will our marketing be a huge success or a total flop? The upside is that every stage is a learning curve, and over time this uncertainty decreases.  However at the time, it can all be quite stressful.

What’s your proudest achievement?

My proudest achievement so far is winning BT’s Securing the Nation award. It wasn’t just winning that was so important, it was the validation from some of the brightest minds in the industry that the market actually needs what we are offering. 

There are very few technologies that are focused on being simple and easy to use and that’s what we probably need more of...

What’s your biggest professional regret?

To be honest, not starting my own company sooner. I had several ideas over the years and I just let them slip through my fingers. There was always an excuse – I’m too busy, my day job is great, I don’t have enough money and on, and on – but that’s just what they were, excuses.

Tell me in one sentence what your job is about

Empowering the average person to keep themselves safe online.  

What was your route into cybersecurity?

I first worked in a Security Operations Centre for one of Canada’s bigger banks. I had started my career at the bank in a desktop support role and used self-taught security skills to land the job in the SOC.

If you could change one thing about the information security sector, what would it be?

I would change the current trend for rapid launch campaigns for ‘sexy’ technology, and instead put more emphasis on enabling business goals safely, patiently and securely.

I had started my career at the bank in a desktop support role and used self-taught security skills to land the job in the SOC...

What’s the most misunderstood thing about information security?

That information security is a technical challenge that needs solving by only technical people. On the contrary, it is fundamentally our own actions that increase risk – and it just so happens that we need to put a lot of technology in place to prevent these risks from happening in the first place.

Tell me something about you that our readers will be surprised by

After spending years in front of a computer for 12-14 hours each day, I suddenly developed a love of fitness. This culminated in me competing in a natural, completely drug tested, amateur body building competition. While I unfortunately didn’t win, I did beat a number of people in my weight class. If you can walk out onto a stage in front of hundreds of people wearing virtually nothing, you can do anything!

If you weren’t an infosec professional, what would be your dream job?

Wow this is a tough one, I would really love to run tours to beautiful, remote places like the Galapagos Islands, Machu Pichu or similar. Not only would I be spending valuable time away from technology, I’d also be taking people on an adventure of a lifetime!

What’s hot on Infosecurity Magazine?