Scotland’s Cyber Symbiosis: An Interview with Quorum Cyber MD Federico Charosky
Federico Charosky, Managing Director of Quorum Cyber, talks collaboration, communication and symbiosis in Scotland’s cybersecurity sector.
Ensuring a symbiotic relationship between Scotland’s academic institutions, government and cybersecurity sector will be critical to future success, according to speakers at the Innovation in Cyber Conference.
Hosted recently at Edinburgh Napier University, the event brought together a host of speakers, including ZoneFox founder Jamie Graves, 7 Elements CEO David Stubley and Quorum Cyber’s managing director, Federico Charosky.
Given the location of the event, it was no surprise that academia’s role in fostering future innovation in the sector was a recurring theme – they play a critical role in both the development of talent and young startups.
In the form of ZoneFox and Cyan Forensics, Napier, as an example, has proven its ability to act as a conduit through which talented entrepreneurs and disruptive firms can burst onto the scene.
ZoneFox, long held up as the shining example of Scottish cyber innovation, made headlines toward the end of 2018 following its acquisition by US cybersecurity giant Fortinet.
Similarly, another spin-out, Cyan Forensics, continues to draw attention for its groundbreaking work. In November 2018 the company closed a £900,000 investment round, led by Merica Fund Managers, which brought its total funding to nearly £1.5 million.
While the acquisitions and funding announcements grab headlines and do well to showcase Scottish innovation, speakers underlined the hard reality of life in the sector. When building a company from the ground up those shiny headlines appear to be nothing more than a distant blip on the horizon – golden shores that often require a perilous slog to reach.
Sleepless nights, cash flow headaches, the toils of leadership and, sadly, hair loss, are all issues one must contend with during the early stages of building the next great cybersecurity company.
Jamie Graves explains that while the journey is exciting, it comes with pitfalls, failures and doubts; experiences echoed by Charosky and Stubley.
While Scotland has a bustling technology sector complete with the centres of innovation, incubators, accelerators and world-class academic institutions, the symbiotic relationship between sectors still requires attention.
DIGIT caught up with Federico Charosky at the Innovation in Cyber Conference to discuss what he believes will be the key issues moving forward for Scotland’s cyber sector.
Leading by Example
Government at both a national and devolved level is, by and large, helping to champion the Scottish cybersecurity sector and the digital tech scene as a whole, Charosky believes.
“I think the government is doing the right thing in setting the standards and the benchmarks, as well as having the important conversations,” he says. “Cybersecurity is prevalent in government conversations. They’re acknowledging the importance of it and saying ‘this is a thing’ that needs to be addressed.
“They’ve also done a lot of great work in helping industry and businesses get off their feet. They’ve helped that by setting requirements such as cyber essentials – these kind of things are amazing and certainly do help.”
The Scottish Government has recently announced more than £1 million in funding to build and promote Scotland’s reputation for robust cybersecurity products and services and has underpinned cyber resilience as a key objective going forward.
Although government is playing a crucial role in fuelling the development of the cybersecurity sector in Scotland, Charosky points out that certain inconsistencies have the potential to dampen the resolve of firms across the country.
“Where they’re not helping is they’re not buying enough from the businesses that are trying to innovate in Scotland,” he says. “They do all this work to help us create and build great companies but then they go buy from traditional enterprise suppliers, for example.
“There’s a dissonance there that doesn’t quite work where they say ‘oh yeah, create all these companies and everyone should buy from them‘ but then they don’t always follow through on that.”
Charosky adds: “It’s unintended hypocrisy, I suppose, and there is undoubtedly a lot of political pressure, the tendering processes and legacy conditions that have led to where we are.”
Nobody in government has actively made the decision not to sell to startups or younger companies, Charosky insists though, and gradually he believes we will begin to see government place ever-greater faith in homegrown talent.
Less than 24-hours later, this prediction appears to have come true, to an extent. ZoneFox announced it had been selected by the Scottish Government to lead its network security – a deal still under wraps while founder Jamie Graves spoke at the event.
Raising the Profile
Scotland’s digital technology sector, as a whole, has grand aspirations and to play its role in global innovation. While government, industry and academia at home continue to raise the profile of the cybersecurity sector, Charosky believes there is a possibility that Scotland may fall into the trap of emulating the efforts of others.
Scotland is a great nation with its own particular image and appeal, and while heeding the advice and the experiences of others further afield is a wise decision, Scotland could find itself blending in and failing to stand out.
“The UK Government’s cybersecurity strategy actually has a really good statement,” he says. “Which is ‘making the UK the world’s safest place to do business‘ – but that is only half the message we should be pitching for Scotland.
“Scotland should be piggybacking on the back of this, so to speak, and saying ‘we can accelerate businesses that come here as well as allowing them to do business safely’ – that’s where the conversation should be rather than looking at what other countries, such as Israel, have done.”
Scotland’s vision for its future self differs from other examples, such as Israel, he says. While the latter sought to tap into US money and go full throttle, Scotland – and the UK – chose to pursue a different narrative – safety and security.
“I think Israel absolutely did the right thing and tapped into US money,” he says. “They had their mission statement teed up from the start, which wasn’t the same as ours, but instead to become the best place in the world to start up companies and to get foreign direct investment.
“That isn’t what we’ve done, which I think is a missed opportunity on our part because we are small enough, agile enough and connected enough through industry, academia and government to portray us as a far more attractive place to come to than most other countries out there at the moment.”
Ultimately, while Scotland’s academic institutions, industry and the Scottish Government play a crucial role in raising the country’s profile, efforts have to begin at a grassroots level with founders and entrepreneurs, Charosky believes.
Although he acknowledges that Scotland has a bustling and tight-knit cybersecurity community – and tech community at large – founders and young entrepreneurs may not be capitalising on the support network around them; or simply don’t know where to go.
“I think we can work on making sure founders have a line of sight of what they need to be thinking about,” he says. “A lot of founders that I’ve met find themselves in the situation where they need the money here and now, but they just haven’t made themselves attractive or resilient enough to draw investment.”
“We, as a community, should be making much more noise, having conversations and sharing knowledge about how to think about the long-term issues, such as funding – whether you want it or not – and how we go about long-term growth aspirations.”
Charosky adds: “I think we are moving in the right direction, but to a certain degree there may be too many players involved. There’s a huge amount of politics involved on who’s going to be that connection or hub that connects the community and we have a number of groups trying to do the same thing.”
This lack of symbiosis, Charosky suggests, creates resource overlap and overcomplicates the situation. For an outsider entering the scene, as Charosky did several years ago, one will find a number of organisations all pursuing the same goals independently.
Although meant with the best intentions and with a common goal, this lack of consistency can cause confusion, he says.
“It’s getting there – it’s better than not having any,” he concedes. “But you can end up in a spiral of stuff that doesn’t really help you build a company. It promises the connections and a future that is not yet there and, at a make it or break it point, it’s not hugely beneficial.”