Scaling and Selling

Can you tell us a little bit about your early life and education?

I grew up in beautiful Surrey, an area of rolling hills and suspicious properties owned by Russian oligarchs, just south of London. I was an average student with an addictive personality, more interested in maxing out my RuneScape account than getting high grades. I soon stumbled into the darker side of online gaming, immersing myself in the underground marketplaces of real word trading, botting (coding a program to play the game 12 hours a day so you didn’t have to) and account trading for real-world money. My insatiable desire to be the best at a meaningless online game soon got me in real-world trouble when credential misuse and hacking entered my skillset. 

Luckily, this was about the time I hit the angsty stage of growing up, where you begin to find other things to fill your time. I soon pivoted into trying (and spectacularly failing), at selling phone cases on eBay. Despite convincing my father to bulk purchase 400 cases, I couldn’t shift them. This didn’t discourage me, and I was soon on to my next idea.  

After a long line of failed businesses, I headed off to King’s College London to study Human Geography, where I promptly did not study anything and worked late into the night on my current business, an affiliate website that provided scathing (often unnecessarily harsh) reviews on things I could find lying around my and my friends’ university accommodation. Unsurprisingly, when you provide negative reviews, people don’t click through the affiliate link to purchase the item. So that idea died pretty pronto. It was around this time I met my TurgenSec co-founder in one of the darker parts of in the internet that I liked to frequent in those days.  

We worked together on a variety of projects (one of them spinning off to become a successful publishing company currently up for sale for £2m, built on the thesis of taking OSINT – open source intelligence – and turning it into valuable user content). My co-founder was an extremely talented developer with a long track record in building exceptional OSINT tooling. I did what any rational person would have done, I took every penny I had at the time, including my university maintenance loan and gave it to him to pre-seed fund TurgenSec.  

What gave you the idea to start Turgensec?

TurgenSec was founded on the principle that my co-founder and myself could find national security and information security applications for bulk OSINT collection and analysis. We essentially started off as an R&D shop trying cool and exciting new things to deliver value to businesses and governments. We soon stumbled into some pretty dramatic applications of OSINT. We built tooling that looked where no one else was at a massive scale and in an automated manner. This naturally led to the discovery of countless data breaches. The second one we found generated international headlines and put us on the map. Shortly after our founding, we soon realised that being two founders in their 20s did not lend us a lot of credibility. Luckily, it was around this time that we were joined by Dr Alex Tarter, the former CTO of Thales. Alex was the glue that held our enterprise together, providing credibility, and exceptional industry wisdom and keeping us all sane and on track through thick and thin.  

What was Turgensec’s greatest superpower?

TurgenSec had a uniquely strong technical capability, driven by my co-founder, who was the raw intellectual strength behind almost all of the innovations we pioneered. His otherworldly ability to derive simple solutions to incredibly complex solutions using first-principle thinking was what really set us apart.

Other than that, we consistently got headlines with countless responsible disclosures on governments, massive enterprises and pretty much anyone of note. My favourite two are the Philippines Government (I’m now terrified of going to the Philippines as there is an ongoing investigation into us in the Senate).  

The actual technology we developed was a strong differentiator, but only to our clients. Most people have no idea of the world that exists out there in OSINT & infosec. 

What are the key takeaways you have learned from scaling and selling a business? 

Scaling: While I wouldn’t necessarily claim expertise in scaling a business, I have been successful in transforming a nascent enterprise into a more established one. My core competencies lie in nurturing the growth of a business from its initial stages to a more mature and stable phase. The process of expanding a business from a handful of clients to a large-scale operation is indeed a challenging endeavour that demands dedication, strategic thinking, and adaptability. 

Selling: Undergoing the acquisition of a business is a complex and emotionally taxing experience, rife with unique challenges and obstacles. The process entails relinquishing control over an entity that you have poured your heart and soul into, which can be difficult even if you continue to work there post-acquisition. The bureaucratic aspect of selling a business is equally demanding, as it often involves extensive legal work, numerous meetings, and an extended timeline. In our specific case, the acquisition process required a year of engaging with attorneys and participating in hundreds of meetings, highlighting the arduous nature of such a transition. 

When scaling a business, what is the priority? Efficiency or profitability?

We never really raised funding at TurgenSec; we only got some modest seed funding from the NCSC (GCHQ) and whatever cash my student lifestyle would allow me to scrape together. For that reason, we focused on profitability from day 1. We were a profitable company for most of our timeline, and this definitely came with tradeoffs. Without free-flowing VC capital, you’re not able to take risks as easily, you have to have strict financial management and you’re required to find PMF quickly and accept whatever comes your way.  

At which point did you decide to sell the business?

We never sat down and had a meeting which resulted in us saying, “we want to sell this business”, it happened much more organically than that. As a relatively secretive enterprise, we had a tight-knit group of connections within the community we operated in. We worked with these partners often, showing them the new technology we were creating, the data we had, and more. After a while, one of these community members came to us with a proposal. They were much more connected than us, with a stronger understanding of enterprise sales and a network we couldn’t say no to. 

Please give us some exclusivity and details about the sale which are not in the public domain? 

TurgenSec was acquired by a private equity holding company that specialises in selling intelligence technology direct to the intelligence community. Confidentiality won’t allow me to name the company, their clients, or pretty much anything about them. For that reason, the only information I can really disclose is vague. When we were acquired, we were working on tooling that would allow our bulk data collection engine to scale up to the largest in the world, giving us access to a pool of data multiple times bigger than every enterprise and most governments. The tooling would make the Philippines government data breach and responsible disclosure (which potentially compromised thousands of witnesses and civil, military and private investigations) look like chump change.  

Will you continue to grow several other startups or are you looking at scaling yourself to be CEO of a big MNC (multi-national corporation) one day?

I would love to become the CEO of a big MNC one day, but I seriously doubt I have the capabilities at the moment to fulfil that role. I currently intend to continue working in the national security and information security space pushing forward the OSINT space and trying to highlight the risk of nth party supply chain breaches. I’m addicted to startups, and so I’ll be staying in that space for the time being.