Story image

Interview: Hivint's cofounder on Security Colony & the power of the hive approach

13 Nov 2017

Nick Ellsmore is building the infrastructure needed to tackle cybersecurity as a collective threat. He is the co-founder and Chief Apiarist of Hivint and Security Colony.

“The names and title come from bees. Even though bees only have a lifespan of a few months, a hive can possess communal knowledge running back years. We are trying to create that kind of collective response to cyber threats. We want to enable organisations to adopt solutions to problems that they haven’t even yet seen because someone else has already confronted it.”

Hivint is Australia’s fastest growing cybersecurity consultancy. Security Colony is poised to exponentially expand into the international market — having just secured a US launch through the joint AustCyber and Austrade landing-pad programme.

MitchelLake’s Robin Block sat down with Nick to understand what a collective approach to cybersecurity means and why it is a necessary move for the industry.   

What does collective security mean — have there been challenges in getting organisations to cooperate?

Nick: The inspiration for the company was to break down silos. Security Colony is a collaboration platform that is then fed by our consulting business Hivint. The whole thing, however, is about taking solutions that are created in one organisation and making them available to others who need them.

We have never received any significant pushback from security industry professionals. The most common concern expressed is that we are cannibalising our own market. But, I think that anyone who understands the field can recognise that the market is so big and growing so fast that we are never going to run out of problems. Sharing solutions will just raise the bar for the whole industry.

The largest challenges we face have come from legal and commercial departments. However, once we sit down and explain that we are going to de-identify the solutions, and take out any sensitive data, people are generally receptive. The reality is that most companies don’t want to compete around security.

They want to outdo their competitors through products and service — not the security of operations. Sharing information allows everyone to get better — it is a win-win situation that creates better solutions more efficiently.  

How do you approach running and growing the business?

Nick: I have always thought that one of the greatest sins you can commit as an organisation is to be boring. A large part of our recruitment strategy comes down to brand - there are a lot of talented people out there looking for interesting problems to solve, and an opportunity to be themselves. If you’ve seen any of our “No Bullsh*t Briefing Notes”, you’ll know what I mean - we’re not shy about taking a position on things and are allergic to corporate blandness.

When looking to bring on team members, we look for people that want to think differently, undertake interesting projects and solve problems. If I ask my team what they think are the important problems on which we need to focus — I want multiple answers and I want them passionately held. I would never recruit someone who is just hopping between consulting firms looking to push the same cookie-cutter solutions on every client.

Is there an ‘end game’ for the business — where do you think the cybersecurity industry is headed?  

Nick: There are a number of end-games for the company. The key variable is Security Colony. Hivint and Security Colony, in many ways, have different dynamics. Hivint is growing and is currently the larger business.

But Security Colony is both an international business and very scalable. It could easily dwarf Hivint in the next few years. The evolution of the business depends on where that goes. When you are growing as fast as we are now, it's hard to look beyond the next year.

The industry has spent so long trying to get boards of directors and governments to start paying attention to cyber that, now that we have their attention, we don’t know what to do. The big challenge is that many of the problems are so intractable and engrained in the system that there are no easy answers.

There is no economic incentive for software manufacturers to write better software; there is no economic penalty for organisations that ship insecure products, and there is no real appetite for regulation to change those economic structures. I think it is hard to see a way through that. In many ways, we are almost back to where we were 5-10 years ago — undertaking full reviews of organisational security strategy to basically start again. The key is to make sure that we do a better job this time around than we did the first time.

We ask people to trust us — I think that means honesty in marketing and honesty in delivery. I think there is so much genuine work to be done in cybersecurity that there is no reason to ever push programs or projects on clients that they don’t need.

We are all competing against the same bad guys — not each other. If anything, the adoption of that sentiment is the main change I want to see in the market. The facilitation of that change is exactly why we founded Security Colony.

Article by Robin Block, MitchelLake.

Microsoft urges organisations to tackle data blindspots
Despite significant focus placed on CX transformation, over a third of Australian organisations claimed that more than one in five of their projects failed.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Renesas develops 28nm MCU with virtualisation-assisted functions
The MCU features four 600 megahertz CPUs with a lock-step mechanism and a large 16 MB flash memory capacity.
DOCOMO ranked world's top mobile operator in 5G SEP applications
NTT DOCOMO has been ranked the world's leading mobile operator in terms of applications for candidate standard-essential patents.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.
Gartner’s top 10 data and analytics trends for 2019
Data is the fuel for the modern world, and analytics the engine. Gartner has compiled the top 10 trends to watch this year.
How CIOs can work with colleagues to drive new competitive advantages
"If recent history has taught us anything, it’s that the role of the CIO is always changing, and that it won’t stop changing anytime soon."