I chatted at length with Alastair Paterson of Digital Shadows to learn more about how a CEO can successfully grow alongside a company from its inception to maturity. In this first of three conversations, Alastair describes the circuitous path Digital Shadows took in growing from a two-man team in London to near 200-person growth-stage company that has since expanded to the US and other parts of the world.
Digital Shadows is the market leader in Digital Risk Protection, providing a suite of products to protect organizations against digital risks across the open, deep, and dark web. Alastair Paterson is the co-founder of Digital Shadows and has been its CEO for 8 years since its founding.
How did the idea of Digital Shadows first come to be?
A huge transformation was going on in 2010 to 2011 with everyone becoming active on social media. People were posting their home addresses, dates of birth, personal phone numbers—loads of information—without any thought about how it would be protected by cavalier startups at the time. Around the same time, I newly became an uncle and began thinking about what the world would be like for my niece and nephew. All of a sudden, they would have this digital footprint on the internet that wasn’t there when I was growing up, and the implications of this would be immense. I just thought back then that there would be huge privacy and security implications in this world where information was being shared online, stored, and protected in ways that were not well understood.
I thought that there would be a need for a company to look after all this information. Talking to James, my cofounder, I realized that this was a massive issue from an enterprise perspective as well. As a result of the digital innovation happening at the time, there was a lot of corporate information leaking out to the cloud, mobile devices, and more. Companies were suddenly exposed in a way that they weren’t before.
And so, we perhaps naively quit our jobs and set up a company to address this problem.
So, you had an idea and thought to create a company. How did you articulate the problem you wished to solve to, say, the potential customers?
The concept hasn’t really changed from then until now. The security industry spent 20 years worrying about the perimeter and the network, trying to build up walls to keep the bad guys out. Suddenly, through digital transformation the walls have disappeared and there’s also a lot more risk to the business outside those castle walls, from data loss, brand and reputation risk, and an ever expanding attack surface.
At Digital Shadows we help organizations identify their exposure and understand the threats to their critical assets to better manage digital risks. By detecting data loss, securing their online brand, and reducing their attack surface, organizations can reduce the loss of revenue, intellectual property, and reputational damage.
It’s changed a bit, but, in essence, it’s the same concept we started with all the way back in 2011.
And how has Digital Shadows grown since that beginning?
From 2011 it was just the two of us, and we got to four by the end of 2012. We bootstrapped and funded ourselves from a number of government grants and angel investment. My co-founder James did a little contracting work on the side. That kept the lights on.
Since then, we’ve gone from a pre-seed to a Series C company! Now we are close to 180 people. We’re spread not just in San Francisco, where I am – we’re in London, Dallas—our biggest US office now—Singapore, and Germany. We recently hired in Japan and Australia. So, it’s been quite a shift!
What kicked off the company’s growth at the beginning?
Firstly, we were two guys without a track record of building startups. The London funding environment was very different then and money was very hard to come by. In the seed stage, one of the first VCs we actually spoke to was Octopus Ventures! Our first pitch wasn’t compelling enough and we didn’t have enough traction, so we didn’t get the funding
There’s a lot be said about timing when it comes to startups. You need the right idea AND timing. When we were going out in 2011 – 2012, the problem for companies felt too far in the distance; they were just putting firewalls in place, getting their antivirus in order, and building very nascent security teams. In a way, we were fortunate that it took us a little while, and I think it was a good thing that we didn’t get funding at the time. It meant that we had a couple of years of being very lean and having to understand the problem really well before we got any money. It also forced us to be disciplined about how we went about our business.
Was there some point when things began to move forward quickly?
We got a big springboard in 2013 from the Fintech Innovation Lab in London. After successful trials that were pretty tough, we were working every hour and learning exceptionally quickly on this 3-month program. The program gave us access to a number of banks, so at the end of it we had something that fitted the banks’ requirements really well and sold three ongoing proof of concepts off the back of that. This was the evidence we needed to convince the UK VC community to put money in, and our original seed round happened with Passion Capital around this time.
So, inflection point number one was having a degree of evidence that this was going somewhere, and we could build out the development team and the first version of the platform with that Seed round. Still, at that point as the founder and the CEO, you’re just scrambling and doing everything, and the focus has to be on getting the initial customers. Everything is about getting to £1 million recurring revenue from a number of clients in order to demonstrate the capability. So, we kept everything really low on the spend at that time of the journey. We were just surviving, really.
And then, if I remember correctly, another important point in the company’s life occurred when progress stalled before your Series A?
Yes. I went out in April 2014 to try to raise money from a number of US VCs. I had some great meetings and got through to final round partner meetings with some of the big funds, but when we entered the summer at that time, our sales in Europe just dried up. We were owed money from many banking clients that were taking a long time to pay us. So, momentum dropped off, they passed on us in the end, and we failed to raise the round. That was really disappointing, and we came back with really low funds.
The great thing was that as part of the diligence process, the US VCs had introduced me to a bunch of CISOs (Chief Information Security Officers) to get a better idea of what we were doing. Those conversations came out really positively and the good news is that I managed to convert a number of those into sales by the end of the year. This meant that I could get back on the plane to the US pretty soon after. So, I went back to the Valley in October of the same year, this time with a number of US clients in my book. Since Europe also picked up again at that time, we ended up with about five term sheets and closed out a Series A at the end of the year.
I got on a plane and moved out to San Francisco in February 2015 and started to build out the team here. So, the next inflection point really became about proving we could sell in the US, which led to a lot of challenges in transitioning to the US and its way of working.
What kinds of challenges in transitioning to the US were you grappling with at this stage? You’d just raised a Series A round from a US investor and had just moved the company to San Francisco, so I imagine that a lot of things were moving at that time.
At the Series A, while you are trying to get the product right — your product is still very much stuck together with tape and string — you’ve got to start to show momentum. You have to be focused on the next milestones and what will allow you to raise or have a sustainable business. One of those milestones has to be revenue, and if you’re trying to raise from US investors, they prize US revenue over everything else. So that was very challenging.
Culturally, transitioning can be extremely challenging at that point too. You’ve gone from having a small team on the table, where communication is easy, culture is pretty homogenous, and you know a lot of your team’s faults because they came to you that way when you hired them. Now, you’ve got this more alien culture in the US and you’re hiring executives in the US and trying to make that stick together with a team in the UK.
How then did Digital Shadows navigate the cultural challenge when you moved to the US?
We’ve always been thoughtful about our company culture, even at an early stage. Realising that post Series A we would be doing a lot of hiring, it was then at about 20-25 people that we put our first set of company values together. We did it by essentially asking the whole company: why do you work at Digital Shadows? What do you like about it? You’ve got tons of places you could work – what keeps you here? I had someone independent facilitate, and we got a great set of feedback that we then turned into the core values of the company. We’ve updated them every 12-18 months since then, because the company changes and the culture changes. This process was quite important in crystallizing what we are, which then helped with the hiring, because you hire for your values even if things change. So, we tried really hard to do a good job with the hiring.
As Digital Shadows began to scale in the US and London, I imagine some of your roles and responsibilities as a CEO changing. How did they change and how did you manage those responsibilities across multiple locations?
At that point, my role changed radically, and it continues to change. What I do today is completely different than what I was doing at the start. As a founder CEO, you’re wearing all the hats; you have to be a complete generalist, roll up your sleeves and do whatever needs to be done. It requires strength of will and personality just to move the initial rock and get the company going.
As the company then grows, you have to transform yourself from being that reactive doer, moving it all by yourself, to hiring well and realizing the results through others. Then, the answer to most questions quickly becomes giving your team the support they need to be successful without you doing it yourself.
How do a CEO’s personal characteristics influence success in this role? In the second part of the conversation, Alastair and I discuss his individual strengths and challenges and evaluate how well he has applied them at each stage of Digital Shadows’ growth.