Welcome to our Blog

The Foundry Files


Students vs. Startups Episode 27: Helping Cyber Companies Grow

Students vs. Startups Episode 27: Helping Cyber Companies Grow


Featuring Global Transatlantic

Read Time: 15 Minutes

Welcome to Episode 27 of Students vs. Startups. This week, moderator John Gilroy talks with the founder of Global Transatlantic, Andy Williams. Andy explains how he helps cybersecurity companies break into the international cyber realm.

[audio src="https://easternfoundry.files.wordpress.com/2017/06/students_vs_startups_podcast_episode_27-final.mp3"][/audio]

If you would like to get weekly updates sent straight to your phone, you can subscribe below on iTunes!


Thanks to our Sponsor:



John Gilroy: Welcome to Students vs. Startups: Showdown on the Potomac. My name's John Gilroy and I will be your moderator today. Let's have a big round of applause for show number 27. Yay! We survived 27 ... I don't know why the FCC hasn't shut us down but we're just here doing podcasts. I tell ya.

If you've listened to the show before, you know what this is all about. We kind of took over a room at the Eastern Foundry, kind of like Occupy DC, Occupy Roslyn, and we have a conference room here. One side of the conference room, we have three students. On the other side of the conference room, we have a startup. They have a little conversation and 26 minutes later, everyone walks out of here as friends. Sound like fun? Great. Great. Great.

Well, let me introduce the students first. And this is a distinguished group of students, Andy. Really is a fantastic group. Lot of recent graduates here.

Our first student is Kevin Uffelman. Kevin, tell me about your background and what you did interesting last week.

Kevin Uffelman: Hi. Kevin Uffelman. My background is I have an undergraduate degree in history. I am still currently, John, despite you telling everyone I graduated, completing my degree in systems engineering management from Georgetown University. I actually finish in August so I did get to walk.

John Gilroy: But you walked ...

Kevin Uffelman: I walked.

John Gilroy: But you got a blank diploma. Is that what you got?

Kevin Uffelman: I didn't even get that. They gave me a piece of paper with the alumni song on it.

John Gilroy: So, we have one wanna-be and two graduates then?

Kevin Uffelman: Yes.

John Gilroy: Madeline Tomchick, your background, please.

Madeline  T.: So I work for AIS in Reston Virginia, which is a software development company, and I handle their Microsoft relationship.

John Gilroy: Yeah, and did you graduate from the Georgetown School of Continuing Studies

Madeline  T.: I did, but I'm one of those graduates that's at the table right now. So, I graduated last year.

John Gilroy: Let's all look down at Kevin. Boo.

Madeline  T.: Boo.

John Gilroy: Greg Forman, you're back on, please.

Greg Forman: Yes, I'm a finance major and a recent graduate from the University of Georgetown with a masters in professional studies and systems engineering management, and I work for the MITRE Corporation and do acquisition support.

John Gilroy: So, we got a rough crew here, buddy. Can you handle it?

Andy Williams: I think so.

John Gilroy: I don't know. On this side of the table, we have Andy Williams. He's the founder of a company called Global Transatlantic. Is that right?

Andy Williams: That's correct.

John Gilroy: Okay. And normally we just talk about regular Americans, okay? And talk about American problems and try to solve American problems. Talk about startups. But we're kind of reach out internationally. After all, we are in Washington, D.C. We'd be foolish if we didn't reach out internationally on the radio.

Before we begin, just tell us your company name again and, I'll just hit you real quickly, what business problem does your company solve?

Andy Williams: Sure. So my company name is Global Transatlantic and the problem that we solve is helping cybersecurity entrepreneurs, who typically are technical geniuses but have very limited business experience, to internationalize their businesses.

"So once they want to break out of their home market and get into the wider international market, that's what we help them do."- Andy Williams, CEO & Founder of Global Transatlantic

John Gilroy: And so you have kind of a fascinating background where you wear a different hat on the other side of the Atlantic.

Andy Williams: I did . .

John Gilroy: But similar.

Andy Williams: Yeah. So for about five or six years I worked for the US government in London, helping them initially support Silicon Valley startups wanting to come to Europe through London. But then I moved across to cybersecurity and for about four years I worked at the embassy in London helping the US cybersecurity industry understand and engage with the European market through London.

John Gilroy: Wow, that's fascinating. You know with these 27 shows we've done, we probably have four or five that are cybersecurity startups, who should be targets for you to help out, shouldn't they?

Andy Williams: Absolutely, yeah. Well, you know in the last two years I've worked with over 180 cybersecurity startups in the US and the UK. So there's a lot of startups coming to market.

IMG_1315 Andy Williams, CEO & Founder of Global Transatlantic

John Gilroy: Wow. Wow. Wow. It's all kinds of questions.

Kevin, let's jump in here. You got anything for Andy?

Kevin Uffelman: Yeah, absolutely, Andy. Pleasure. So you've worked with, you said, 180 different companies-

Andy Williams: In the last couple of years-

Kevin Uffelman: Yeah, in the last couple of years between the UK and the US. What are some of the similarities and differences you're seeing between them, coming from different sides of the ocean?

Andy Williams: Well, that's a really good question because there's been a ton of money invested in cybersecurity startups in the US and in Europe, primarily in the US, and one of the challenges that companies have when they're trying to make sense of this ever-growing cyber solution landscape is a lot of the companies look very similar, that are addressing very similar issues.

It might be the insider threat. They might be doing data analytics looking at behavioral anomaly detection within companies. A lot of the companies right now that receive a lot of investment seem to be addressing the same problem the same way. So one of the challenges that the companies that are buying those solutions have is, "How do we assess who's doing the best stuff?" And, "How do we assess which companies are going to be sticking around long enough?"

And it's one of the things that I get involved with for UK government, is looking at which are the best US companies looking to come to Europe and helping them kind of assess and evaluate those companies.

John Gilroy: In class we talked about cybersecurity companies being divided between product and service companies.

Andy Williams: Right.

John Gilroy: And do you think this is a good division to frame? Do you think he even cares?

Kevin Uffelman: That seems like a good question. Do you feel like you're more on the product side or on the service side when it comes to dealing with these cybersecurity companies?

Andy Williams: Yeah. Traditionally there was a very distinct difference typically between the way that a product company internationalizes and the way that a service company internationalizes. Typically a service company needs all sorts of security clearances to deliver their capability and when you're doing that outside of your home market, particularly, for example, if you're doing that in the US, you have the security clearances issue to deal with, right? If you're not an American citizen you can't work on a ton of projects in the US.

But what we're finding is that product and services are overlapping increasingly. Gone are the days where you thought you could buy the latest smart tool and solve cybersecurity problems. A lot of the best tools need a tremendous amount of intelligence applied to them. So what I'm seeing in the market is product and service companies actually coming together. In fact, there's been quite a bit of acquisition recently by service companies acquiring some of the best tools and by some of the product companies going out and acquiring service businesses so that they can add that consultancy element to what they do.

John Gilroy: Madeline.

Madeline  T.: So, by being both in the UK and the US and dealing with both sides, has changes in the administrations or changing in the government have any change in how the cybersecurity gets pushed forward for you?

IMG_1294 Madeline Tomchick

Andy Williams: Yeah, because every political administration prioritizes different things. I mean, nobody's not prioritizing cybersecurity, right? No matter what the administration. No matter what the political complexion of the party. But certainly we saw under the second Obama administration a tremendous increase in the focus on cybersecurity both in terms of budget. I think the last budget that President Obama submitted had $14 billion lined up. Was it 14? Yeah, it was around about $14 billion lined up for cybersecurity. That's a pretty big commitment. That's much more than the entire UK spends on cybersecurity by a factor of about three or four.

So we saw a big uplift in cybersecurity spending under the Obama administration. Whilst it's very early days under the Trump administration, the one thing that we're waiting for right now is to see many of the new senior cybersecurity officials to actually be appointed. Many of them at this point have not yet been put in place.

John Gilroy: Kevin.

Kevin Uffelman: President Trump's come out and said that the US needs to modernize its IT infrastructure. What relative opportunities do you see in that statement given that they have not come out and named those cyber officials to take those roles and really set the pace for that modernization?

Andy Williams: Yeah, so it's an interesting time because only last week the executive order on cybersecurity was published and we are, from that, we're starting to get a sense of where the new administration's priorities will lie. So as you rightly say, there's a heavy focus on actually updating and improving the IT infrastructure. And, I don't know if you saw the interview with Tom Bossert, the president's Homeland Security Advisor, on the day that that executive order was published but one of the points he made was it's very difficult to focus on the cyber adversary when you're working on very dated technology.

And it's interesting to us, in the UK, to see how the US government is planning to go about that. So they've created this American tech council and they're going to draw in advice from senior industry leaders in the likes of Microsoft and elsewhere to help them focus on that strategy. But you're absolutely right. Until they put the people in place that can actually deliver on that strategy, we're not going to ... I don't think, at this point, we're going to see very significant procurement type opportunities coming out of that until all of the right people are in place.

John Gilroy: Greg.

Greg Forman: So what's the business model for Global Transatlantic? Do you guys take a portion of the company in equity stake? Or do you do just a kind of a service fee? Or, how do you approach it?

Andy Williams:

"We try to be as flexible as possible because, really, we just want to get to a win-win situation."- Andy Williams, CEO & Founder of Global Transatlantic.

So for very early stage companies where they don't have a ton of money to spend, equity is what we look at. Where they are more established and have a very good track record in their own country, for example, and a good revenue stream in their own company, sorry, country, then they can afford to pay day rate type consultancy engagements.

So, it really depends on the company. In the last two years, I've been contracted with one client, which is the UK government and the UK government is paying me for virtually all of my time, or has been for the last two years, to help all of the UK cyber security startup industry. And in that time I've worked with 180 or so UK cyber security companies trying to do business here in the US.

John Gilroy: I have to ask the question, we had a guest speaker in our class, a Russian gentleman, and he indicated that degrees were worthless, anything to do with cybersecurity should be able to be learned on your own and just figure it out. In fact, he got two patents based on just figuring it out himself.

Andy Williams: Right.

John Gilroy: You've met people, I guess. Where do they fit into your world?

Andy Williams: Yeah, you know, I worked for a while for one of the most successful UK cyber security software companies that, in fact, has two-thirds of its business here in the US and is, in fact, a client of Eastern Foundry and that company is run by a guy who, in my view, is like a technical genius. He does happen to have a degree but it's not really why he got into the business and some of the smartest developers that he employs are, to me, very young kids who have zero previous experience in cybersecurity but often they come with an interest in, for example, in gaming or coding, generally.

And I would say in that business, which is growing tremendously, less than half the people in that business had a degree of any kind.

John Gilroy: Madeline.

Madeline  T.: So, you said that person, he got into it, it may not have been the reason why, but why did you start the startup? Why did you make the decision that, "Hey, this is a need that's really not being met."

Andy Williams: Right. Yeah. That's a really good question. I ask that myself.

John Gilroy: What's your answer?

Andy Williams: So, I have a unique background in the sense that I started my career working for a very large corporate, BT Global, back in the UK. I spent about half of my career working for those guys and then I was actually invited to join a US tech company that was breaking into the UK market by acquiring two other UK companies and merging them and turning them into the UK arm of the US telecoms company. And what I saw in that experience was even though these guys were really bright, really smart, really experienced entrepreneurs, they made a ton of mistakes in trying to apply their US business experience directly into the UK without taking notice of some of the subtle differences in doing business in a different country.

And so I helped them with that. And I found that interesting and so valuable and, frankly, such great fun that I thought, "I'd like to run a business that just does that." Helps international companies break into overseas markets. So, that's how I decided to get into it.

John Gilroy: Greg.

Greg Forman: So do you feel like UK companies or US companies, one or the other, has more of a focus on cybersecurity? I know that it's becoming more aware with a lot of CEOs, that cybersecurity is an increasing threat. Do you feel like the UK or the US has a certain awareness, a greater awareness, about the threat or are maybe funding it more or just approaching it differently?

Andy Williams: Yeah. I think in technology terms, and this isn't unique to cyber security, I think in technology terms the UK would recognize that the US is probably a year or two in advance of the UK. In business terms, the board ... The issue of cybersecurity in this country is much more a board-level issue. I think boards now get, because of so many high-profile breaches that have happened, boards now get that this is a very fundamental risk issue for the business.

That's also increasingly true in the UK but I don't think it's as widely understood yet in the UK as it is in the US.

John Gilroy: Kevin.

Kevin Uffelman: Yeah. So you had mentioned earlier that you're spending all your time now contracted with the UK government. What does that leave you in terms of strategy for your company in the next one, three, five years? Where do you see taking things?

Andy Williams: Yeah. This was a very interesting role for me and I think a role that I felt obliged to take, not least of which because I was asked by the prime minister's office to take it. And it's a career-limiting choice sometimes to turn down the prime minister's office. But I did it for a specific person, reason, and that is that those 180 companies that I've worked with will need some ongoing support.

I'm actually coming to the end of my secondment with UK government, so going forward I'll be working with many of those companies directly in order to further their engagement in the US market. But I also will be working with more US companies going in the opposite direction, which I've had a limited opportunity to do in this role.

John Gilroy: Madeline, this is kind of fascinating here.

Madeline  T.: Is there a ... Being that you've had to bridge kind of between the two, is there companies that you're running into that are like you and are kind of competitor to you? Or you finding that you're in that niche market in effect?

Andy Williams: Yeah, well, there are a ton of companies coming to market in cybersecurity with a lot investment so there are a lot of consulting companies that they engage with. Typically, the engage when they look at internationalizing their business with a big household name, global consulting companies, and those are the guys that I tipped and come up against. The great thing about what I do compared to those guys is that I have a lifetime of experience in what I do in terms of internationalizing and I'm very specialist these days in cybersecurity.

So ... And I've been there and done that in running my own cybersecurity software company or been part of one that's been very successful here in the US. So not only can I tell you how to do it by the book, I can actually show you the scars that I bear from doing it actually for a company that has become very successful here. So that's how I typically differentiate myself from those more generalist but much higher profile consulting businesses.

John Gilroy: Kevin. He's familiar with MACH37 right? I mean do you think Andy here competes with MACH37? Works with them? Where do you think they stand? I mean-

Kevin Uffelman: It seems like they serve separate purposes. I think that they're both cybersecurity-related but I think crossing the pond, the transatlantic aspect of it really makes Andy stand out or his company-

John Gilroy: Which is funny. The last time that MACH37, they had a cadre of about 10 people and three were from Europe. I mean this is-

Andy Williams: And one of them was a Brit who decided from the get go to launch his business in the US. So, even though he's a Brit and he developed technology initially in the UK, he felt that for his particular business he should just go straight to the US, not even try to build the business in the UK.

IMG_1312 Kevin Uffelman, Madeline Tomchick, and Greg Forman

John Gilroy: So, Kevin, someone comes knocking on your door with some funny British accent, you gonna trust them? I mean, this is cybersecurity. He could be a spy here, huh?

Kevin Uffelman: That's a great question. So, actually I was thinking about this. How do you make your professional contacts? How do you grow your business? How do you find these companies who have these early stage products that are primed to bring them into these new markets?

Andy Williams: Yeah, that's a great question. When you're running a consulting business, where do you find your clients, right? Well, luckily for me, I've been around for a long time as you can see by the gray color of my hair. So, I have a very substantial network anyway, but I've also built a reputation for delivering success to the cybersecurity startup community. And so people find me.

You mentioned MACH37 for example. So, Rick is not a competitor to what I do. Rick we see as a great model for that cybersecurity accelerator, for brand new startups turning ideas into business. They get that 13-week period of mentorship, direct mentorship. That's fantastic. Rick actually refers people to me in the same way as I refer people to Rick when they're at that point at the stage in their very early thinking about commercializing a product and I think they need MACH37.

But fundamentally, thankfully, I've got to the point where I don't advertise my services at all. Everything comes to me on the back of what I've already achieved.

John Gilroy: Sounds like no marketing expenses. No need for advertising and skywriting and Twitter and LinkedIn. I don't know about that. What do you think?

Madeline  T.: I thought that was kind of interesting because you're building solely off of your network but do you think you're ever going to hit a point where, "My network is only going to get me so far and I'm going to need to change my business model"? And go to that marketing, then go to the social media route and go to the advertisements and ...

Andy Williams: I should qualify what I said about advertising. I don't spend a penny on advertising but, of course, like every business I have to market my capabilities. Last week, I was in the UK. I talked at two cybersecurity camp conferences, very high profile cyber security conferences. I did a US-UK workshop on cybersecurity for the Internet of Things and I did a ton of one-to-one meetings, which were effectively prospect meetings for my business. So, I do marketing. I don't do above-the-line advertising. That's what I should have said. Yeah.

John Gilroy: One of the books I force my students to read is Adele Revella's book on persona and what she suggests is that you try and define your ideal customer. So, who's your ideal customer? Give me a ... Give me a thumbnail sketch of who your ideal customer is.

Andy Williams: My ideal customer would be a company that has already established some kind of business credentials for themselves in their home market. If they haven't yet got going in their home market commercially, it's difficult for me to help internationalize them. If they've got a client base of some kind that would resonate in the international market, that's the point at which I can help them.

In terms of other characteristics, it's good if they're well-funded because it's kind of difficult to break into an overseas market if you don't at least have some minimum funding in place. And also, and this is probably the most important thing, you need to be developing a capability that is significantly different in some way to the many other vendors who are coming to market out there. So if I think what you've got is really different and solves a really difficult practical problem in cyber security, that's typically what will interest me most in taking you on as a client.

John Gilroy: Kevin.

Kevin Uffelman: What is the biggest challenge that UK companies have coming to the US or trying to break into the US market?

Andy Williams: Simply the scale of the market. So, for companies that haven't yet engaged in the US, it's like, "Where do we start?" "How do we go about, a, educating ourselves enough to have a good go at this market, and, b, what expertise do we need to bring on board?" Just the scale of it.

The US is, frankly, the largest at about $45 billion and the biggest market in the world for cybersecurity products. So it's not a lack of opportunity, but it's the scale and the complexity of the market that they need help understanding.

John Gilroy: So Andy you talk about the size, the scale the complexity of the market. It's really a global market that you're talking about and earlier you said were at an Internet of Things conference talking. Before that, we were talking about IT sustainment and modernization. Where do you see the industry going that's the area that your company can help in specifically?

Andy Williams: You make a very good point. Cybersecurity is a global, borderless threat. That's the bad news. I mean, the good news for companies that are operating in that market is it's a borderless opportunity and,

"frankly, you don't succeed and sustain yourself as a business in cybersecurity unless you internationalize, right."- Andy Williams, CEO & Founder of Global Transatlantic

You mention IT. That, frankly, is one of the greatest, is going to be one of the greatest drivers for the development of the cybersecurity market. Again, because of the numbers. There's talk of 20 billion devices being connected to the internet in the next five years. Many of those products are being designed right now with no security in mind because they're being developed by consumer tech guys who don't even think about security. They only talk thinking about functionality, right.

If you're building a firewall, of course you're thinking about security. If you're building a telecom switch, you think about security. If you're building a toaster that has an internet connectivity to it, you just want it to be able to connect to the internet. You don't think about the fact that maybe somebody could hack the toaster and therefore take over every internet-connected device in your home, for example. And that's where we see a tremendous potential growth for the market, but also some serious security issues to address.

John Gilroy: I'll go home and unplug my toaster, I think. Scares me.

Anyway, Andy, we're running out of time here. If people would like to find more about your company what website should they visit?

Andy Williams: Yeah. They should come to my website which is globaltransatlantic.com.

IMG_1300 Andy Williams, CEO & Founder of Global Transatlantic

John Gilroy: It's pretty simple, huh?

I'd like to thank our sponsor, the Radiant Group. If you are interested in getting involved in geospatial projects contact the Radiant Group. We are hosted by Eastern Foundry, a community of government contractors who are bringing innovative solutions to the government marketplace. For more information, go to eastern-foundry.com.

If you would like to participate as a student or a startup, contact me, John Gilroy, at theoakmontgroupllc.com. And thanks for listening to Students vs. Startups: Showdown on the Potomac.