12 hours ago
1
ARTICLE AD BOX
Kyle Hanslovan co-founded the cybersecurity company Huntress back in 2015 with the simple mission of “wrecking hackers.”
Over the past decade, what started as a basement project funded by $100,000 in winnings from the annual DEF CON hacking conference’s “Capture the Flag” competition has since grown into a global company that generates more than $100 million in recurring revenue and protects about 150,000 businesses.
Hanslovan says he never set out to be a CEO. He came from an “offensive cyber” background and previously spent his days supporting government hackers at the US Navy and National Security Agency. He didn’t know the first thing about running a company or raising the millions of dollars needed to fund one.
But his work with the government made him well aware of the nation-state attacker threats faced by companies. In this Q&A, edited for length and clarity, Hanslovan talks to Tech Monitor about the company’s genesis and its considerable growth over the past decade, along with his vision for its future. He also delves into the rapidly evolving online threat landscape faced by companies of all sizes.
Given the chance again, Kyle Hanslovan probably wouldn’t found cybersecurity standout startup Huntress all over again. Each to their own. (Photo: Huntress)Did you have any idea what you were getting into when you started Huntress?
Now that I look in hindsight, I think you have to have something slightly wrong with you to be a founder. I know a lot of people hype it because there’s confirmation bias. They only talk to the founders who make it. But no joke, if I could go back 10 years, I actually wouldn’t do Huntress again. I wouldn’t do it. It’s just you have to have, like, such a crazy, strong faith and a willingness to either A, be blind, or B, just have, like me, such strong conviction. Now that I’m 10 years in, I’m looking back and going, like, ‘Did I have something to prove?’ I think there was some of that.
Getting a startup off the ground and then growing it is never-ending work. You’re also a father of three. How have you avoided burnout?
Silicon Valley’s currently got its ritual of, ‘Hey, let’s work till you drop.’ They essentially celebrate working six days a week. And to be very frank, the thing I’ve learned in 10 years is that this thing is a marathon. And every time you sprint a marathon, it doesn’t work out well for you, your family, your connections around you. After a while, I didn’t even have a hobby anymore. I had nothing. I had to really reset if I wanted to go another 10 years. All I knew was how to run the business. So my point is, it’s cool, it’s cool. It’s dope. But everybody talks about work-life balance, and it turns out that’s more of a practice-what-you-preach type of thing.
Let’s talk about the tech. Artificial intelligence is fundamentally changing cybersecurity. How has that affected Huntress and its mission?
There is a lot of hype behind AI that could really get there in some cases. A lot of people forget, a human brain is extremely well-suited for certain problems like pattern matching. And what’s nice is you don’t actually have to have a $250,000 a year human brain to do some of that pattern matching. So if you use automation, machine learning, and AI in the right places, and then the things that AI is really terrible at, deterministic decisions, truly making a yes or no, you can sometimes throw a $100,000 human at it.
One of our biggest innovations is knowing what’s a great problem for AI, but also acknowledging what is a terrible problem for AI. Let’s format the data in a certain way and have brilliant humans just crush it, because of the context and experience we bring as humans.
What is your vision of the threat landscape now, especially when dealing with your customers?
We as a community are losing to cybercrime right now. It’s just that super simple. I don’t think you have to spice it up. Cybercriminals, right now, are much more efficient at acquiring victims and selling victims and extorting them than we are protecting them, and I don’t know why folks don’t want to call it out. I think we are doing better. Let’s not water down our accomplishments as a community. But we’re not winning. We are definitely not keeping up with the pace of cybercrime.
So how do we, as an industry, fix that?
I think more collaboration, more industry, more law enforcement in the right places (some of that means keep law enforcement out of it in the wrong places). I’m proud of Huntress’ first 10 years, but I actually think we are coming nowhere close to actually delivering what’s needed to protect the masses right now, and it shows in the numbers.
What are the specific threats, especially for the smaller businesses you protect?
The number one thing that actually extorts small businesses right now is reputation threats. What if they just gathered all of your contacts and then said, I’m going to shotgun blast out to everybody that you’re hacked? I have your data. I’m going to ruin your reputation.
Cybercriminals have also realised that they don’t need to steal your data if they can just shut your payroll system down. In any Western country, people can’t go without for more than two paychecks. So if I can just make it so you can’t run payroll for two or three payroll sessions, that actually causes a lot more damage than just encrypting your files that backups can restore.
Huntress serves a large number of small- and medium-sized businesses. How do you make security accessible and affordable for companies that just don’t have the same financial resources as the big ones?
When it comes to the track, a Formula One car is just a little bit faster than a Lamborghini, but the Lamborghini is a hell of a lot cheaper. We need to ask ourselves: ‘How do we build the right car for the right track?’ Bank of America needs CrowdStrike; they need that Formula One car. Most other companies don’t. Why try to deliver a Formula One car to somebody who will never be able to afford even the driver, let alone the car, the maintenance, the people to manage it? There’s no shame in building a Lamborghini. Everybody would want one. We need to build the right products for the right people.
In the months since President Donald Trump took office, the Cybersecurity & Infrastructure Security Agency, which previously provided U.S. companies with cybersecurity advice and resources, has been gutted. What does that mean for the security world?
Maybe states will individually step up and substantially harden themselves. But what I’ve seen in a career as an intelligence professional and a cybersecurity professional is that there is strength in numbers. There’s strength in threat sharing. I think CISA was doing almost everything they could do, definitely better than any previous government agencies ever did, from a cybersecurity standpoint. So, I, too, am kind of crushed by what’s happened.
