Lessons from the Founder’s Fireside: Chris Wallis, CEO of Intruder

Leave a Reply

Chris from Intruder joined the Cyber Runway: Scale Founders Fireside session to share his journey in building a successful cybersecurity startup. The conversation explored the challenges of product development, securing investment, and adapting to industry shifts while growing a cyber business.

On 14th January 2025, we were joined by Chris Wallis, CEO and Founder of Intruder, for a Cyber Runway: Scale Founders Fireside session, where he shared his journey in building a successful cybersecurity startup.

Hosted by Plexal in collaboration with the Department for Science, Innovation & Technology, the conversation explored the challenges of product development, securing investment, and adapting to industry shifts while scaling a cyber business.

I attended on behalf of Cyber Tzar, the Enterprise Supply Chain Risk Management platform, gaining key insights into navigating growth, securing funding, and adapting to market demands in the cybersecurity sector.

Contents

Table of Contents

Founders Fireside with Chris from Intruder 14th January 2025

This video is publicly available on the Plexal YouTube playlist for the Cyber Runway programme.

From Penetration Tester to CEO

Chris began his career as a penetration tester, breaking into the networks of major UK companies while working for Context. He then moved in-house to Worldpay, where he was responsible for vulnerability management, using industry tools like Qualys to protect the company’s infrastructure.

It was during his time at Worldpay that he recognised critical gaps in the existing security solutions. Frustrated by complex, cumbersome tools that didn’t provide meaningful context for threats, he decided to build something better—and so Intruder was born.

Building Intruder: The Journey

Intruder launched as a simple, user-friendly vulnerability management platform, with an emphasis on ease of use and automated insights. The company has since grown to nearly 3,000 customers and is approaching $12 million in annual recurring revenue (ARR).

Chris credits part of Intruder’s success to its focus on simplicity—a feature that resonated particularly well with small and medium-sized businesses (SMBs). Interestingly, this wasn’t the original plan; the SMB market emerged naturally as a result of prioritising a frictionless user experience.

However, success didn’t come without challenges. One of the biggest was educating customers about the real-world risks that vulnerabilities posed. Many security buyers—particularly CISOs and IT leaders—tend to make decisions based on compliance checklists rather than practical security risks. Communicating why certain threats mattered became a key focus for Intruder.

Lessons in Growth

Chris shared some key takeaways from his entrepreneurial experience:

1. Test Your Hypotheses with Minimal Investment

One of the smartest early moves at Intruder was adding a credit card payment option to their website. Initially, Chris was sceptical—customers had never asked to pay by card before, so he assumed it wasn’t a priority.

His CTO challenged that assumption: “People don’t want to ask, they just want to do it.” Instead of spending time integrating payment processing, they simply added a dummy button to test demand. Within days, customers were clicking it—proving the assumption wrong and justifying the investment in the feature.

2. Simplicity Wins in SMB Markets

Enterprise security tools tend to be complex and overloaded with features. Intruder took a different approach: prioritising usability. This decision paid off, especially in the SMB sector, where users want to “just get the job done” without wading through a convoluted interface.

3. Freemium Models: Proceed with Caution

While some cybersecurity companies use free trials or freemium models to attract users, Intruder has been careful not to give too much away for free. The company offers a fully featured trial, but avoids permanently free versions that could lead to high costs without conversions.

Chris highlighted that many companies assume freemium models will naturally lead to conversions, but in cybersecurity, some users just want free tools and may never upgrade.

4. Outbound Sales is Harder Than Inbound

Intruder grew primarily through inbound marketing, with Google Ads and other digital channels bringing in customers who were already searching for solutions. However, as the company looked to expand into larger enterprise deals, it started building an outbound sales team—a transition that has been challenging.

One of the biggest issues? Displacing incumbent solutions. Many large customers already have Qualys, Rapid7, or Tenable, making outbound sales much tougher than inbound leads who are actively looking for alternatives.

5. Channel Sales: Not Always a Silver Bullet

There’s a common belief in cybersecurity that “80% of sales go through the channel”, but Chris is sceptical. Channel sales can work well if:

  • The product is simple to sell.
  • The value proposition is clear.
  • There is strong demand from resellers.

However, cybersecurity resellers are evolving. Many are shifting from hardware-focused distribution to SaaS-based security solutions, making it unclear whether traditional channel strategies will work for every product.

Reflections on the Founder’s Journey

After 10 years of building Intruder, Chris has gone from being a pentester with no management experience to running a 50-person company. He admitted the transition was surreal at first—one day he was a technical expert, the next he was being invited onto panels as a CEO.

He also highlighted the advantages of being bootstrapped. Intruder has raised only $1 million in angel investment over a decade, meaning it has retained full control of its strategy without pressure from VCs. While the company is not yet highly profitable, it is breaking even and remains focused on sustainable growth.

Chris ended the discussion with a light-hearted but valuable lesson: founders need a support network. Having other entrepreneurs to share challenges, vent frustrations, and exchange ideas can make all the difference.

Final Thoughts

Chris’s story is a reminder that building a successful startup takes time. There’s no single playbook for growth, and what works for one company won’t necessarily work for another. But by focusing on simplicity, testing ideas cheaply, and understanding customer needs, startups can carve out their own space—even in highly competitive industries like cybersecurity.

For founders navigating similar challenges, Chris’s advice is clear: test everything, adapt quickly, and don’t be afraid to challenge industry assumptions.