In this video, Paul Paget, CEO of Black Kite, talks about the inception of the company and its journey to success. The company was co-founded by Candan Bolukbas, who is trailblazing cybersecurity avenues as a certified ethical hacker (CEH) for NATO.
Thanks to Candan’s expertise, NATO was able to uncover existing cybercriminal loopholes exposing member countries. Candan’s work led him to an epiphany: vulnerable third-party contractors were stepping stones to the primary target.
In 2016, realizing his insight had commercial implications, Candan and his team built a cyber risk rating platform that could identify, continuously monitor, and scale, sparking a revolution for what third-party cyber risk intelligence means to businesses today—and in the future.
Paget was connected with Candan through the early-stage investment community due to his passion for cybersecurity, specifically offensive security. They and Bob Maley, who had experience dealing with third-party risk at PayPal, identified a significant gap in the market and saw an opportunity to fill it.
Despite being significantly underfunded compared to their competition, they decided to focus on quantitative risk, differentiating themselves from other third-party vendor risk management systems that didn’t consider the cyber component. By partnering with industry players interested in their unique approach, they managed to secure a swift entry into the market, winning big brand name accounts and displacing incumbents who were not innovating or responsive to customer needs. The validation from these big accounts, two years into their operation, boosted their confidence and confirmed they were on the right track.
Hi, I’m Paul Paget, CEO of Black Kite. Black Kite started as a result of an idea that a partner in the business with me, Candan Bolukbas, had when he was a counter-cyberterrorism expert working for the NATO countries who helped them with their cyber defenses. He did the work of showing those countries, the military, and the intelligence organizations, how they could be compromised through their supply chains and through their vendors. So a lot of work to do to try to size up an operation to how you’re going to actually compromise it.
So all that front-end work, all that scoping work. Jonathan had the idea that maybe I could figure out a way to do that and automate that, and maybe that would be a technology that others would be interested in. And that really was the spark that led to this company.
The early-stage investment community looks for ideas. They go to the educational institutions and they go to the incubators. And so they found Jordan and they knew me and they knew that I really had a passion for early-stage cybersecurity. I had a particular expertise in offensive security, which this was involved in, and they connected the two of us and we hit it off immediately. And so, in the course of John seeking funding, I was asked to evaluate what he had. And so that’s how I met Jordan. And that led to getting a guy named Bob Maley involved. Bob was at PayPal and he actually dealt with the risk problem, this third-party risk problem that we address with PayPal. And so he knew a lot about it. And so once I got Bob involved and John, then we all got together and we realized we really have something here to take advantage of. We could do a different approach than what’s in there in the marketplace. A huge gap in coverage. And we saw an opportunity to do something about that.
So at the early stage of a company, you want to do all kinds of things. And the biggest challenge we had was we were underfunded relative to the competition. The competition had raised hundreds of millions of dollars, right. And we had raised $3.5 million. Right. So how are we going to go after the competition in a marketplace that was already forming where they had a tremendous amount of investment and where we have an idea we think is better? And that was the really the biggest challenge is how are we going to overcome that? So we picked quantitative risk as something to go with, and we found partners in the industry that were really interested in differentiating their third-party vendor risk management systems. There were systems out there that calculated the risk, the financial risk of third parties or the geopolitical risk, but they were missing the cyber component. But they understood quantitative risk. And so, by working with them to partner with them, it gave us a pathway, a very fast pathway into the marketplace. And we started to win some big brand-name accounts because they were a trusted supplier, and we were able to hook our technology to them.
We knew we were on the right track when we started to win those deals and actually displace the incumbents. The incumbents were not innovating. They were not listening to the customer. It sounds so simple and there was frustration. And so we took advantage of that. We partnered with not just organizations that would bring us in, but we stayed really, really hyper-focused on those customers. You start to win big brand name accounts and they they vouch for you. You know, you’re on to something and you try to replicate that. But that really was a huge confidence boost to what we were doing. We were probably two years into it when we started to see those results.