Join me as I share my journey and insights from the CyberASAP Pathfinder event in Birmingham, where I discussed the transition from a long IT career to founding a cybersecurity startup. Discover the challenges, surprises, and rewards of turning innovative research into market-ready solutions.

Wayne Horkan at CyberASAP Pathfinder 2024

I was honoured to speak at the CyberASAP Pathfinder event, on Thursday the 25th of January 2024. An in-person session designed to guide and support academics in commercialising their ideas. Below is the transcript of my talk, where I shared my journey and insights into the world of cybersecurity entrepreneurship. Quick shout out to Daniel Lewis for asking me to present, and to the support from Diane Gilbert and Mary Welton, all of whom I met through Cyber Tzar‘s time on the NCSC For Startups Accelerator.

Wayne, tell us a bit about your background, and how that led to you to (found/join?) CyberTzar?

I’ve a thirty plus year career in IT. I started out as a programmer building statistical process control and quality management software for the automative manufacturing industry. I won’t go into every job I did, or system I delivered. Highlights include:

• Building Harrods Online for Al Fayed back in 97/98.
• Nine years at Sun Microsystems, with the last three of those as CTO for the UK and Ireland.
• Two years at Thomas Cook Online as Chief Architect.
• Two years at Manchester United as Head of Online Technology.
• Four years at the Home Office, where I led the design of the new Border Control system for the UK, as well as a couple of other projects.
• Three years at DLG as Chief Architect on their Digital Transformation programme, B4C.
• As well as that I’ve spent time at Bupa, M&B, Cabinet Office, HMRC, HSBC, Barclays, and a few others.

All my roles have been technical, I’m a career technologist. I never went for project management, or sales, or any of those routes into higher earnings. Most of my roles have been the design and development of, often large-scale/complex systems, and the creation and management of teams to help do just that. That includes vendor and offshore teams too.  

Early in my career, during the gold rush of the dot com boom, I did a fair number of pen tests, we had to secure them as well as build them. And later in my career I’ve done a fair amount of security audits and risk assessment of 1^st and 3^rd party systems and organisations.

And that’s what led me into the first version of Cyber Tzar. Dealing with doing risk assessments over 80+ “Shadow” IT Suppliers at Bupa, it took a team of thirty almost two years to complete.

I realised that I could automate a lot of the individual tests and present the data into risk assessments. Moving a ten-day security assessment down to less than an hour, and a risk assessment that would normally take months to a couple of hours.

Your background is as an engineer and technology consultant, how did you find the transition into entrepreneurialism?

Hard. There were a lot of barriers to entry, not least time and money. I’ve got a young family and like anyone else I’ve got financial responsibilities. I have to keep earning. The prototype and earliest version of the product was built by working 4 to 6 hours a night over a year. The company was bootstrapped initially by taking on consultancy work and feeding that into the business. The other issue was disposition, being a founder means being the product and selling the product. I’ve Asperger’s Syndrome so I really had to push myself hard to do all the sales and marketing required.

What do you find most interesting about being involved in an early-stage startup?

To be honest the whole experience has been seriously interesting. The whole thing. Because it was so fresh and new and different to my other roles. Two times in my career I was involved in other peoples’ startups, in that Harrods Online was run as a startup aiming for IPO as was Thomas Cook Online. But in both instances, they had a lot of backing. Harrods was at that dot com phase of the internet and Thomas Cook was at the web 2.0 resurgence.

In an early-stage startup, you really are everyone! And the “buck” stops with you.

Did you have any doubts about going down the start up route?

No.

What’s been the most surprising aspect for you?

Probably three things:

• The backing. In that when I showed the prototype to people, I was able to get the help I needed to take the business further. Martin Hockly came onboard as CEO and helped me productise the prototype. And Charles Andrews joined as Commercial Lead and Chair to help build out and then deliver to the vision and business plan.
• The freedom. The ability to develop the product in the shape/form I had a vision for and the ability to do the same with the company.  
• The personal growth. Taking on different roles and responsibilities given my die-hard mantra of “technical career path” only has been a revelation.

Can you talk a bit about the experience you had of being part of an accelerator, how has that helped support you as an entrepreneur?

I haven’t been on loads of Accelerators, but I can talk about the ones we’ve been involved in. First off not all accelerators are alike. They come in multiple shapes and sizes, and some are focused on a specific industry, problem domain, or startup stage. And this means that the timescales they run over and the level of commitment you need to give is variable, based on the programme too.

We’ve just graduated from the NCSC for Startups accelerator, and this must be the “mother” of all accelerators in Cyber in the UK. And I mean that in a good way. It has huge credibility and that lends itself to you and your startup. The programme is intense, three days a week, on site (mainly in Cheltenham), plus “homework”, plus you still must keep the startup going at the same time. But I guarantee it is worth it.

Thanks to the NCSC for Startups programme, we achieved all our aims for the programme. We matured our messaging so that instead of testing it in customer engagements, where we could lose customers if the message doesn’t “hit”, we did that in front of the industry partners and other cohort members. We validated our approach and architecture and had it reviewed by the NCSC Architecture team, leading us to make improvements. And we joined the wider NCSC eco-system. As a bonus we won multiple deals as we exited the programme and I put that down to the messaging being on the ball and the credibility we’d gained from the programme.

Incidentally I made some friends along the way, which is nice.

And what about the wider ecosystem exposure you have had, both in Cheltenham but also here in Birmingham?

The eco-system for Cyber is fluid, over the last three years I’ve seen a lot of changes and evolution. In the West Midlands the obvious go to place is Midlands Cyber, and the Innovation Alliance for the West Midlands. My personal favourites have been the Cyberverse meetings run by Prashant from CQ/Wolves.

At Cheltenham the situation is much more stable. Several things contribute, including the closeness of the NCSC/GCHQ, the programmes they coordinate and run with Plexal, the physicality of having a place to go in Hub8, the ecosystem of cyber oriented businesses and startups, and the strength of their cyber cluster in CyNam.

If there was anything I’d like for the West Midlands, it would be having a physical “home” for Cyber in Birmingham. I mean there there’s a few “contenders”, the SteamHouse, the Eagle Barclays Lab/NatWest, but having somewhere like Hub8 in Cheltenham or DiSH in Manchester would be amazing.

Have you connected with academia as part of either ecosystem?

Yes, but primarily as a mechanism to bring people into our Intern programme. We’ve had one grad plus a mature student so far and both have been great. We’re looking at how we build that programme into an apprenticeship or something that maps to the whole T-level initiatives.

I’ve discussed some R&D opportunities with a couple of local Universities but haven’t progressed this much. I’d like to learn more.

Do you have any advice for our cohort here as to how to capitalise on those connections and opportunities?

I think that most of the academics probably know more about their own Universities than I do, but I do think it’s useful to find out what programmes are running and what support you can get from your own faculty and then extrapolate that out to the other local universities.

What would be the one piece of advice you would like to give to someone who is considering the entrepreneurial path of commercialisation?

Be prepared to be resilient. You’re going to face a lot of challenges, but it is hugely rewarding and you will have a lot of fun. If your product is based on design thinking principles make sure you are very close to the users and fully understand what the benefit your product delivers to them.

Wayne Horkan, CyberASAP Pathfinder 2024 Birmingham

What is CyberASAP?

Now in its eighth year, CyberASAP (Cyber Security Academic Startup Accelerator Programme) provides academics with the expertise, knowledge, and training needed to convert their research into technologies, products, and services in this key sector of the global economy. The programme creates a pipeline to move great cybersecurity ideas out of the university lab and into the commercial market.

CyberASAP is highly selective, and teams compete to join and complete the programme. A series of highly effective interventions, including boot camps, workshops, and mentoring, gives participating teams essential insights into the key milestones necessary to commercialise their research.

CyberASAP benefits from the experience and specialist knowledge of an extensive network of practitioners, including experts in IP, new product development, innovation planning, sales, investment, pitching, and communications. These practitioners contribute to the 11-month programme, which culminates in a Demo Day where teams pitch and demonstrate their proofs of concept.

Funded by the UK Department for Science, Innovation and Technology, CyberASAP is delivered by Innovate UK (Business Connect).

Summary

Participating in the CyberASAP Pathfinder event was a fantastic experience. It was an honour to share my journey and insights with aspiring cybersecurity entrepreneurs. I hope my story inspires others to take their research from the lab to the market, embracing the challenges and rewards of the entrepreneurial path.