Scaling a Cyber Intelligence Business: Lessons from Crisp’s Growth Journey with John-Orr Hanna

Leave a Reply

Scaling a company from a small team to a global market leader is a challenge that requires smart hiring, a robust governance model, and a deep understanding of customer needs. In a recent Cyber Runway Founders Fireside, John-Orr Hanna, former Chief Intelligence Officer at Crisp, shared his experience of growing the company from a handful of analysts to over 140 employees and achieving a 15x business expansion in four years.

Crisp, a threat intelligence company, focused on brand protection and online harms, working with some of the world’s largest social media platforms and brands. Cyber intelligence businesses face unique scaling challenges, from data privacy concerns to operational resilience. In a Cyber Runway: Scale session, John-Orr Hanna from Crisp (rebranded as Resolver after purchase by Kroll), shared insights on navigating high-growth phases while maintaining cybersecurity integrity. Hosted by Plexal in partnership with the Department for Science, Innovation & Technology, the discussion covered operational scaling, compliance considerations, and competitive differentiation in the cyber intelligence sector. I attended on behalf of Cyber Tzar, the Enterprise Supply Chain Risk Management platform, exploring how Crisp’s journey can inform cybersecurity startups looking to scale.

Contents

Table of Contents

Founders Fireside with John-Orr Hanna 21st January 2025

This video is publicly available on the Plexal YouTube playlist for the Cyber Runway programme.

1. Scaling Strategy: Balancing People, Process, and Technology

One of Crisp’s biggest challenges was balancing people-driven intelligence with AI-powered automation. While AI played a significant role in data ingestion, qualification, and decision-making, a large team of human analysts was still essential for threat intelligence validation and interpretation.

Key Takeaways

  • A Hybrid Approach: Crisp scaled by combining AI automation with human analysis, allowing them to handle threats at scale while maintaining high-quality insights.
  • The Right People Matter: Hiring was a huge focus, and the company placed an emphasis on capability over existing skills, looking for individuals who could assess risk effectively.
  • Building for Scale: As they grew, Crisp had to continuously refine their operating model, ensuring the company could handle new product lines without slowing down.

2. Smart Hiring: The Power of Risk Assessment Skills

Hiring was critical to Crisp’s success, but it wasn’t just about technical skills—it was about finding people with the right mindset.

What They Looked for in Candidates

  • Strong Risk Assessment Skills: The ability to identify, evaluate, and mitigate risk was a key hiring factor.
  • Adaptability & Learning Ability: Since Crisp was operating in a relatively new market, they needed employees who could learn quickly.
  • Mission Alignment: Many hires came from government, academia, and security backgrounds, attracted by the company’s mission-driven work in child safety and online harms.

Hiring Mistakes & Lessons Learned

  • Rushing Hires Can Be Costly: Early mistakes involved hiring too quickly to meet immediate demands. Some of these hires lacked long-term potential, requiring replacements just a few months later.
  • Future Leadership Potential Matters: John emphasized that every hire—even at a junior level—was assessed based on whether they could become a senior leader within five to six years.

3. Creating an Effective Governance Model

A major bottleneck for Crisp was decision-making at the leadership level. Before implementing a governance structure, every major decision had to be approved by the founders, creating bottlenecks as the company scaled.

How They Fixed It

  • Delegating Decision-Making: They defined clear decision-making boundaries, allowing team leaders to approve hiring, expenses, and product changes without executive-level oversight.
  • Strategic vs. Operational Focus: Founders needed to shift their focus from day-to-day operations to long-term strategy, funding, and partnerships.
  • Avoiding Over-Engineering: At one point, 40% of Crisp’s workforce was focused on process documentation—which became an inefficiency. They quickly scaled this back to focus on client value delivery instead.

Key Lesson: Startups that want to scale need governance models that balance control and agility—too much oversight slows growth, while too little creates risk.

4. Evolving the Sales Model: Moving Beyond Professional Services

Crisp originally operated as a Professional Services company, selling threat intelligence as a service. However, scaling a service business is difficult, so they evolved into a SaaS-plus model, offering:

  • Automated SaaS Threat Intelligence Tools
  • Custom Threat Intelligence Reports
  • Ongoing Risk & Incident Response Subscriptions

This allowed them to move away from one-off contracts and build recurring revenue streams (ARR).

Key Takeaways

  • SaaS + Professional Services = Scalable Model – Combining software with managed services helped them maintain high margins while scaling.
  • Selling to Enterprises Requires Patience – Deals with large enterprises can take months or even years to close, requiring a well-structured sales strategy.
  • The Right Sales Team Matters – They learned that selling SaaS vs. selling Professional Services requires different skill sets.

5. Competitive Intelligence & Market Positioning

As Crisp grew, competitors started appearing in the space, making differentiation more important.

How They Stayed Ahead of the Competition

  • Constant Competitor Analysis: They tracked competitor pricing, positioning, and messaging to refine their own customer value proposition.
  • Focus on Customer Experience: While competitors focused on technology, Crisp invested in customer support and relationships, making them a trusted partner rather than just a vendor.
  • Owning a Market Segment: Instead of competing broadly, they dominated the online harms & brand protection niche, working with 85% of tier-one social media platforms.

Key Insight: “Great competitors make you a better business. Learn from them, adapt, and differentiate.”

6. Selling to Large Enterprises & Government: Breaking Through Gatekeepers

For many startups, breaking into large enterprises or government contracts can feel impossible. John provided practical advice on how to approach big customers and high-level stakeholders.

Tactics for Selling to Enterprises

  1. Deeply Understand Their Organization – Public stakeholder lists don’t always reveal the true decision-makers. In government and enterprise, the real influencers often aren’t public-facing.
  2. Find a Design Partner – A trusted early customer (e.g., NCSC or a major brand) can validate your offering and open doors.
  3. Leverage Government & Industry Networks – Engage with working groups, trade bodies, and regulatory bodies to gain visibility and influence decision-making.
  4. Use Strategic Events – High-level stakeholders often attend invite-only dinners, summits, and roundtablesfind a way to get a seat at the table.
  5. Partner with Key PlayersWhite-label partnerships with large cybersecurity assessors (e.g., Cyber Essentials) provided a shortcut into regulated industries.

7. Selling in the US vs. UK: Understanding Market Differences

Crisp generated 85% of its revenue from the US, requiring a different approach than the UK & Europe.

Key Differences Between US & UK Sales

  • The US Market Moves Faster – Buyers in the US make quicker purchasing decisions compared to the UK.
  • Face-to-Face Sales Are Crucial in the US – Even post-pandemic, large enterprise sales in the US require in-person meetings.
  • US Buyers Are More Direct – In the UK, there’s more relationship-building before deals close, whereas in the US, buyers expect a clear value proposition upfront.
  • Networking & Referrals Are Everything – “In the US, if you need an introduction, you just ask. In the UK, we’re more reserved—we need to change that.”

Advice for UK Founders Expanding to the US

  • Spend more time in the US—deals happen in-person.
  • Use advisors who know the US market.
  • Partner with US-based distributors & integrators.

Final Thoughts: Scaling a Cyber Business Successfully

John-Orr Hanna’s experience scaling Crisp from 4 to 140+ analysts and securing a 15x business growth offers invaluable lessons:

  1. Scale smart—balance automation with people.
  2. Hire for capability & long-term leadership potential.
  3. Implement governance that empowers growth.
  4. Evolve sales models to prioritize recurring revenue.
  5. Understand competition and differentiate clearly.
  6. Break into enterprises with a mix of partnerships, networks, and credibility.
  7. If targeting the US, build strong in-person relationships.

For cybersecurity startups looking to scale successfully, these insights provide a proven roadmap for growth.