Talking Security with InteliSecure Founder Rob Eggebrecht
Here’s the recipe: Take one good idea – add some hard work and a good partner – bake for a couple years and you get… One profitable and thriving enterprise. At least, that’s a central part of the American dream, right? Rob Eggebrecht’s story of starting InteliSecure (formally BEW Global) in his basement and growing it into one of Colorado’s most successful security firms is both familiar and unique. In this profile we’ll learn how Rob used the tried-and-true model to build up a business in a nascent field, watch it come within a hairs-breadth of folding completely, and ended up with a unique piece of the Colorado security landscape.
My passion is to organize and energize the Colorado information security community as the mecca for information security. As I’ve worked in the community, I’ve been continually surprised at just how many fantastic individuals we have in the area and the wide variety of ways they contribute to the industry. So I set out to start meeting those people, and writing up those interviews for you, the loyal reader, to enjoy along with me. I am hopeful that one of these stories will inspire you to throw your own hat in the ring, and take a chance by trying something new. Click the links below to read previous interviews in the series.
- Dave Navetta – Information Security Lawyer
- Chris Petersen – Co-founder of Boulder-based Log Rhythm
- Johan Hybinette – CISO for Hosting.com
- Jericho – Founder Attrition.org
- Dan Wilson – Co-founder of Denver-based Accuvant
- Mike Kalac – CISO for Western Union
- Brian Krebs – Investigative Security Journalist
- Debbi Blyth – CISO for the state of Colorado
This discussion took place back at one of my favorite local places: Hapa sushi. This time Hapa at Landmark. If you like good sushi but haven’t tried it out yet, you’re missing out. I recommend the tempura lobster and dragon rolls.
My questions are in bold, with Rob’s responses paraphrased below.
Rob, let’s start at the beginning. How did you get into the security business?
Telecom. In 1999 I was working for Level 3 in London as a Director of Metro Private Line, Ethernet and Dark Fiber. The demands of security were starting to get heavier at the time, and I recognized that it was a field that was going to continue to grow. Some of my former colleagues from the old Qwest (before US West), were starting up Virtela, where they were going to do managed MPLS networks. I asked if they were planning to do any security with it, and they said they were planning to do managed firewalls. I thought that was a good place to be, so I joined the team.
I moved back from London and took over the position of international business development for Virtela. I was there for some time when a recruiter contacted me for a new company called Gemplex, which was looking to do the same thing as Virtela. They brought me out to Denmark as their Senior Director of Global Business Development.
At Gemplex we built out a big MPLS network and managed firewall infrastructure, and were ready to ramp up, right when the telecom crash came. One evening in 2002, at 2:00 in the morning I got a call letting me know we had been acquired and that I was being laid off. The layoff came with a decent package and gave me a chance to think about what I wanted to do next.
How did the layoff impact you?
I really didn’t like the feeling. It was nice that they had taken care of me but I what I really wanted was to be working and building something.
I was 32 at the time and I had heard that if you want to start a company on your own, you need to do it before you are 35 or else you just won’t have the stomach for the uncertainty. So I realized this was my best chance to build a company. In December 2002, I started building BEW Global, now InteliSecure in my basement.
At the same time that I started working on InteliSecure, I also took a position with Qwest. However, I knew it was a short term arrangement as I built up my company.
What did InteliSecure look like at that point?
Initially it started as a reseller for Virtela’s managed firewall and VPN services. I had built up quite a list of contacts throughout my career, and I used those relationships to start selling as an agent of Virtela.
Six months later, June of 2003, I had enough success to quit my job at Qwest and dedicate myself to InteliSecure full time.
How long did you go it alone?
Not long. In July of 2003 I recruited Chuck Bloomquist to partner with me. Chuck was CTO at Kit Carson Rural Electric at the time, in Taos New Mexico. He had found a nice job down there and was working in a low stress position down there. I called him and made this very compelling pitch… “Hey, how about you make 80% of what you’re earning now, invest your own money into this company, and get after it with me.” Unsurprisingly, he wasn’t convinced.
So I drove to Taos to convince him in person that we could build something special together, and to come join the team. Fortunately, he came aboard, and we had a team. From the beginning, same as now, I played the Business Development role while Chuck was the technical guy.
Initially he stayed down in Taos, and did some remote support for me. But in January 2003 he moved up to Denver and joined me full time. We basically played the traditional role of sales and sales engineer, knocking down deals for Virtela’s services.
How and when did that change?
What’s cool about the model we had was that it came with some recurring revenue. As we sold those deals for Virtela, we didn’t just get paid when we closed the deal, but also each month as the customer continued to pay. So we started to build up a run rate to cover our salaries.
InteliSecure has been known as the DLP experts, how did you get there?
We ran into a fantastic new technology. Chuck and I found out that we had a mutual acquaintance, Tom Donahue. Tom had created the first DLP system, Vericept. They were headquartered right here in Denver. Chuck set their technology up in the lab and started using and testing it. He was convinced, and then convinced me, that we could do something really cool with DLP.
We started bringing this solution out to our banking customers, and they couldn’t get enough of it. They loved DLP and were excited about it. We sold 40-50 Vericept deals in 2003 and 2004. But then we started running into Vontu’s DLP solution all over the place, and they were kicking our ass. So we got an introduction to Vontu, Chuck baked them both off, and decided he liked them both. And we made the decision that we’d start supporting and reselling both of them.
We would engage potential customers, perform an evaluation of their needs, and made a recommendation about which solution was the best fit for their technical and business requirements, and financial constraints. We made our first hire; Hillary Laird, who is still with the company today. Next thing you know, it’s 2006 and we’re a two million dollar a year DLP value added reseller (VAR).
What was next?
We started getting into web and email gateways, because they integrated so closely into DLP. We become Vontu’s go-to service provider. Heading into 2008 we were up to 12-14 employees at a $3-4m revenue clip. Then the economy took a nose dive.
How did that impact you guys?
It was the start of a dark time for us. At the time we were acting as a VAR. There was no residual income, meaning every month we start at zero and try to make enough sales of DLP, web and email gateways to fund operations. Bottom-line, we were running out of cash and the future looked grim.
What did that mean for you guys? How do you dig out from that kind of a hole?
In Florida, while the rest of the family was playing in the pool over spring break, my dad, Lew Eggebrecht, one of the creators of the IBM PC and a mentor for me, sat down and dug into the business with me. The next step was to come up with a plan for our company to go from 20% services and 80% VAR, to an 80% services and 20% VAR model within 5 years. He told me that it was up to me and Chuck to come up with that plan, and then pitch the concept to him, and if he was impressed, he would help us dig out of the hole.
I was thinking, “Great, he’s going to write us a check.” But no, he guided us to call each one of our vendors and tell them we were going to stretch. His advice was phenomenal. He said if we keep selling their products, they will help us get out of this hole.
How did Chuck take this news?
Shortly after, Chuck and I flew to Pittsburgh to close a large deal. The conversations during this trip were the hardest we ever had. I’ll never forget this moment. We were sitting in the Intercontinental Omni in downtown Pittsburgh. The question on the table was, “Are we staying together? Do we really want to do this?” Both of us are getting older and wondering if it really makes sense to start back from zero with this company. All our money was tied up in InteliSecure, and we both had some attractive employment opportunities with big companies with no risk and a reliable paycheck.
It was Chuck who said, “I think we can do this managed DLP thing.” He had a bank that was ready to pay us $3000/month to manage it for them, and we knew we could grow from there. We agreed to get after it, and do it. This was in June of 2009 and started the next chapter for us.
Sounds like that was a step on the road to becoming primarily a services company
Unfortunately that chapter started by laying just about everyone off. We kept just me and Hillary on the sales team, and Chuck and Chris Benz on the technical team.
By the end of 2009 we hired two more people. We started building out a security operations center (SOC) and signing up new DLP customers. In 2010 we had 6 new managed DLP customers sign-up for good revenue, making maybe 20-25k a month.
In the fall 2010 we had a massive financial services company that came to one of our DLP webinars. Hillary set up an on-site meeting with them, to talk about a DLP project they were kicking off. I figured we’d get there and meet with one or two people. Instead, we walked into a room with 20-30 folks from their side. They were excited about what we were offering for managed services, but I was skeptical that a company of our size could land this big client. But it went well, and before we even got on our return flight to Denver they called us and asked us to come back out for another on-site meeting.
They were in?
They wanted us to do all of their DLP implementation. 9 months later we closed a deal for $400,000 of implementation services. Then they asked us for a quote for managed services for their on-going DLP program. Our contact with the client warned us that they have been known to crush little companies and suggested we consider an appropriate price. We came back with a second quote and again, the customer said with the size of the user base, he wanted us to make sure we were really sure we could support it for the long term and we might want to increase our price!
In the end they signed what would be the biggest deal ever to-date with InteliSecure for approximately $1M annualized revenue. Not only that, they let us start billing them while they did the implementation. So we were able to build the team and get ready before we actually started working their incidents. We had six full months to get the team in place and trained before we handled the first alert from their system. It’s almost like getting venture capital, allowing us to grow and build in advance of the rush.
What a fantastic opportunity to build up the company the way you want it.
Yeah, it really allowed us to mature and grow so much more quickly than we could have otherwise. One part of that was due to this large customer’s requirements for us as a vendor. They handed us a third party requirements document that we couldn’t possibly comply with initially. But I reviewed the document, and told them that we would be compliant and ISO 27001 certified within 12 months.
Yeah! I remember seeing your marketing and webinars around that time, walking us through your certification process
Previous to this I had already received the ISO 27001 Lead Auditor certification. This exercise gave us the chance to internalize the requirements, and to firm up our place in the market as an expert on ISO. Throughout 2011 we grew and matured.
So we were billing a significant run rate of managed DLP. Then we get a call from an international manufacturing company. Apparently they had run into our big client at a conference, and been referred to us. Next thing you know, we land another significant managed DLP deal.
In 2012 we got ISO certified and moved from Castle Rock into the Denver Tech Center. The new location gave us a lot more room, and more access to talent. We brought in Gary Schilsner, previously CFO for Virtela to our leadership team as CFO.
It sounds like you guys had arrived.
2012-2014 we were growing like gangbusters. At the same time, Chuck and I were getting burned out. The company was undercapitalized and we were putting in long hours constantly. We needed help.
Gary suggested we go out and get capital. It worked out well; in the summer of 2013 we started getting calls from venture capital firms looking to invest in us. We were in a hot industry and we had eclipsed the magic $10m revenue market. The phone was ringing regularly.
We went through about 5 months of due diligence with one of the investors, and hammered out an agreement to sell the company to them. When we got to the closing table, as a result of that one deal slipping into the following quarter the venture capitalists reduced their offer and the deal did not happen.
That must be been exhausting, to go through all that and end up with no deal
I was so tired. This was middle of March 2014, just last year. I couldn’t imagine going through another 5 months of diligence with another firm. It was at this point that In 2014, Frontier Capital got involved. I really didn’t even want to talk to another VC firm, but Gary, our CFO, had been talking to them already and convinced me to take their call.
Initially I could tell this firm was attractive to work with. Their website had pictures of a rafting trip they did. They had already invested in companies similar to ours, and they really understood our industry.
So, was it the start of another round of due diligence?
Yes, we agreed to give them all the due diligence the previous firms had already done. They would get one week to do their on-site diligence. Third, they needed to close the whole deal within 75 days. Frontier called back and agreed to those terms.
Sometime shortly after that you guys changed your name from BEW Global to Intelisecure. What happened there?
We had always called the managed service part InteliSecure. We all liked that name and the allusion to “Intelligent Security.” We had been talking about this for a while. The investors agreed, so in October 2014 we formally changed the name.
So, what is next for InteliSecure?
We will become a $100m company in the next three years. We’ve built up a stellar team. It starts at the top with our executives, and goes down through all layers. We have a great mix of experienced pros from outside the company and home-grown talent.
What’s your biggest challenge?
Finding and retaining talent in this market. Security people are at 0% unemployment and there’s strong competition for talent. We work to address that by creating an exceptional work environment, where people get to do highly innovative work in a great environment with extremely attractive compensation and benefits packages.
What advice do you have for people looking to get into the information security industry?
You need to be an expert on the business side of things to be effective. Understand the context in which you work, not just the systems you’re running. The cool thing about that is, if you end up getting bored with security someday you still have value to your company as a business process expert. You can help the business in a lot of different ways. If you just focus on being an expert in technology you will likely never have the chance to move away from those.
How can you expect to be a C-level without understanding your company’s revenue?
What advice do you have for CISOs?
Basically the same advice. Learn your P&L (profit and loss). Understand what makes your business’ payroll every two weeks. How can you expect to be a C-level without understanding your company’s revenue, it’s structural operating costs, what contributes most to revenue, how that drops down to EBITDA, and what generates cash? If you don’t have that kind of insight you can never walk into the CEO’s office and show how your security program will protect the company’s most critical assets and capabilities.
Thanks so much to Rob for making room in his schedule to grab lunch, and opening up about his Colorado success story. I look forward to continuing this series and shining a light on more interesting members of the Colorado security community. If there an individual or corner of the security spectrum you’d like to see spotlighted, drop me a note and I’ll see what I can do.