Closed encounters

Robert McAdam recently took a three-week holiday, his first since he set up computer security firm Pure Hacking eight years ago. And it was only three years ago that he started paying himself a salary. The road to success is not always easy.

McAdam always wanted to start his own business. However, the former policeman had an important job with computer giant IBM helping to protect computer systems against hackers. He was 31, paid well with industry awards that attested to his skills, and his first child had just been born. Then he was made redundant.

IBM’s chief hacker sat next to him, and he was also retrenched. Stunned, McAdam turned to his weeping colleague and asked, “Do you want to start a business?”

They went into partnership and formed Pure Hacking in Sydney. McAdam got a copy of the BRW Top 500 Private Companies list and started cold calling companies. In 2002, corporate computer hacking was an annoyance, but not today’s multibillion-dollar problem run by organised crime. Potential clients wanted him to try to hack their systems, but they didn’t want to pay unless he found a problem.

McAdam had to grapple with the concepts of business development and how to sell his services. It was a skill he thought he had, but IBM’s network was so large the business flowed in, the company did not have to chase it. It was a steep learning curve and he did every course on the subject he could find.

In the first couple of years, the business turned over about $250,000 in revenue, jumping to $500,000 three years on. This year it will make more than $2 million, and expansion should increase this figure in the years ahead.

In the initial lean years, McAdam kept the business tightly focused. The big accounting firms offered so-called “penetration hacking” – experts are brought in to simulate real hackers trying to break into a company’s online operations – but it was part of a suite of services. Pure Hacking only offered penetration testing, a boutique business that he hoped would be recognised as exceptional in its field.

The first big client came three months after start-up. It was a large internet service provider in Melbourne but it didn’t have a snowball effect on business. After six months, his partner – older, with different priorities in life and a redundancy package that meant he didn’t have to work – left, selling his share of the fledgling firm to McAdam. McAdam carried on as a sole proprietor for three years, cold-calling clients eight hours a day.

As the business grew, McAdam hired more staff. He says it takes about six months to find the right person, and in the initial years the staff took the wages he was yet to pay himself.

“At one stage I had a staff member who had nothing to do as the work was not there and it lasted four months. When you’re not paying yourself a wage it gets really hard and tests your mettle. In hindsight, it was a leap of faith. We were still in survival mode then and we have moved beyond that now, but it was the stuff that kept you awake at night.”

Today Pure Hacking has a staff of seven and is the recognised Australian expert in penetration testing. Its average client has about 2500 employees and clients are spread across all industries, but particularly those that take customers’ credit card details. The big banks have their own internal versions of Pure Hacking, with dedicated staff who do nothing but try to hack into their own systems.

McAdam sees his firm’s role as part of an arms race. It supports enforcement agencies such as the state and federal police forces, the United States’ Federal Bureau of Investigation and Central Intelligence Agency, and the Australian Secret Intelligence Organisation – the elite troops that target organised crime gangs by setting up sting operations and other actions.

Pure Hacking is more on the defensive line, he says, setting up the machine-gun nests and bunkers to protect the vulnerable population behind them. Criminal organisations are targeting the credit card details of the millions of consumers who input their information into computer systems daily.

McAdam says any reasonably large firm is being attacked every day. Media reports earlier this year suggested China-based hackers were mounting attacks against big miners such as BHP Billiton and Rio Tinto in Australia. It was assumed the Chinese government was trying to access information to help it in price negotiations with the miners. McAdam says the publicity led to mining companies contacting his firm to have their computer firewalls tested.

McAdam says his staff have a real dedication to their work. “When you invest huge amounts of mental energy over a week or weeks to crack a system, there is a real release of emotion when you succeed – it’s the stuff that has my people leaping out of their chairs,” he says.

“And so education is a large part of the ongoing training. I send people to the United States and Europe to attend the latest hacking conferences. One of the joys is watching them grow in talent.”

McAdam also views the business as a public service. When a big firm puts up a firewall, it’s likely to have been supplied by one of the big global internet security firms. But each corporation’s operating system has its own nuances that can provide cracks for hackers to enter.

Pure Hacking has augmented its penetration testing to find those gaps, with solutions to plug them. This involves writing code, a lot of which the company makes available for public access on the internet.

There is also a proprietary library of special code that the company is building both for clients and to act as “secret weapons” in the arms race. McAdam says the organisations globally that are fighting the hackers try to help each other stay ahead of the enemy.

Looking back on why his company is succeeding, two things stick in McAdam’s mind. The first is to have the organisation’s administration in order, including personal finances. Even in a struggling business, cash is still flowing in and out. He says that if you don’t get it right, it sucks up too much time and puts a venture at risk of failure. McAdam was lucky in that when he worked in the corporate world he was a great saver, so he had the discipline and strength to withstand the first few years of minimal cash flow and no wage.

The other secret to success, he says, is personal relationships. “A business is an obsession, so you have to have strong personal relationships. To have so much time tied up in the business you require a lot of forgiveness from your partner. It’s a mature person who can understand and give you the room you need to make the business work.”

In five years, McAdam expects the company to have tripled in size, but he has learnt along the way how to delegate responsibilities, freeing up some time for himself. He says it will not be another eight years till his next holiday – but neither will he be taking his foot off the business’s accelerator.

Although he could go back to the corporate world, McAdam says it’s not going to happen. “The entrepreneurial part of me loves having a business – the whole concept around choice and the right to make my own mistakes (and so many things don’t go right), to be able to own that and enjoy the rewards as well.

“People say, do what you love and the money will come. I don’t believe that. You have to do what the market actually needs,” he adds.

“In my case, there is a personal value in what I do. I was a policeman for nine years and then computer protection services for IBM before starting Pure Hacking. So I guess security is in my make-up”.

BRW

Comments (0)