“Cyber resilience is about more than just being ‘secure’. It’s about being able to deal with, respond to, recover from, and learn from cyber incidents that occur.”
Oz Alashe MBE, former UK Special Forces Lieutenant Colonel, is the Founder and CEO of CybSafe, a cyber security and data analytics SaaS company focused on creating a safer digital world focused on human behaviour risk. With already over200 customers using CybSafe including HSBC, Credit Suisse, Ocado, the Financial Conduct Authority, NHS Trusts and John Lewis Partnerships they’re the a leader in this important field and have been recognised as such in the Forrester Wave report. Cybsafe’s customers use a data-led model of human behaviour to enhance human cyber risk management providing organisations a better understanding of their cyber readiness across the people dimension of their risk.
With over 90% of security breaches occurring due to human error, this is a sector that is attracting significant interest. CybSafe is the category leader, pioneering the use of data and behavioural science. IQ Capital invested in CybSafe’s Series A round in December 2020 alongside Hannover Digital Investments GmbH (HDI Group).
IQ Capital: Could you tell us about your background and your route to cyber security before forming a business?
Oz: I was initially exposed to digital intelligence, cyber security and predictive analytics when I served in as a British Army Officer. In terms of academic background, I actually studied Economics at Reading University and later went on to gain a Masters in Defence Studies and International Relations from King’s College London. However, after university I passed selection for, and graduated from the Royal Military Academy Sandhurst. I commissioned into the Parachute Regiment in the British Army.
During my service I had the honour of serving and leading in numerous operational environments, however, I predominantly focused on national security and counter terrorism. I’ve always loved the challenge of leading through complexity and I was excited by the opportunity to spend time with other like-minded people, keen and ready to ignore any suggestion of “impossible”. And all determined to succeed where others are likely to give up.
So, my original exposure to digital intelligence and cyber security was from the perspective of national security and counter terrorism. I gained experience and understanding in the most intense and challenging of environments. However, I also learnt about the linkages and interdependencies within organised crime and the rapid rise of cyber-crime. This is where my understanding of cyber security and cyber resilience really took root. Cyber resilience is about more than just being “secure”. It’s about being able to deal with, respond to, recover from, and learn from cyber incidents that occur.
“Cyber resilience is about more than just being ‘secure’. It’s about being able to deal with, respond to, recover from, and learn from cyber incidents that occur.”
What got you started in entrepreneurship?
There’s always been a need for an intelligent software solution like CybSafe. However, for me it was the realisation that as I worked with organisations who struggled to understand what they needed to do to reduce cyber risk, we all lacked an evidence-based, data-driven solution to one of the most important parts of the conundrum – the human aspect.
I’d seen the impact that data analytics had had on my work when I still served in complex and challenging environments in which risk-based decision making was core. I was also intimately familiar with the opportunities an evidence-based application of behavioural science could bring to human risk management. So, the idea of combining data science and behavioural science to achieve the outcomes we were seeking in cyber security was a natural area to explore. The principle was already being applied increasingly in areas such as health tech and wellness tech. Human cyber risk managers just needed to embrace data and tech. And the world was crying out for a fantastic product that made this easy to do.
In many ways I’m an accidental entrepreneur. I didn’t really set out to build a business. I set out to solve the problem and make a difference. However, I passionately believe in our mission, I know the issue and space inside out, and I know how to build a great team. The obvious thing to do was to bring those three attributes together and make a difference.
Where did your inspiration for CybSafe come from?
The traditional reliance on e-learning and phishing simulations simply isn’t enough to reduce risk in this new working environment. And it fails to provide security teams the insight, data and metrics they need to measure impact on users, or visualise and demonstrate risk reduction. The human aspect of security is evolving rapidly. Users don’t just need training. They need timely, effective help. The CybSafe platform goes beyond training to provide automated guidance, support and assistance to users and increase effective behaviour change. (In terms of principle think health tech fitness tracker, but for personal cyber security decisions and behaviours.)
The platform measures and tracks the impact your security team has on user decisions, security behaviours and security culture. CybSafe is underpinned by the SebDB framework. SebDB is the world’s most comprehensive security behaviour database. Our approach to behavioural science and data science means that the platform helps identify and predict human risk outcomes before they materialise.
“The vision for Cybsafe is to fundamentally transform the way that society addresses the human aspect of cyber security, and it just happens that the most effective way to do that is by using the data that most organisations have, to better help them manage that risk.”
What is the future vision for CybSafe?
Our vision is to fundamentally transform the way that society addresses the human aspect of cyber security. We’re pioneering the use of data and behavioural science to build a data-led model of human behaviour to enhance the way organisations manage human cyber risk. We’re going to make sure that security teams around the world are able to use intelligent software to actually help their people, and thereby help their organisations.
We’re changing the game as far as security awareness, behaviour change and the influence of security culture is concerned. But we’re doing much more than this. We’re building a library of knowledge, datasets, and security specific insights that when applied to the challenge of human cyber risk, will enable organisations and governments to accelerate risk reduction and make better risk decisions.
We believe in being bold and aren’t afraid to tear up the status quo. In fact, I believe it’s our duty to tear up the status quo because it doesn’t work. It doesn’t influence behaviour and it doesn’t reduce risk.
“We believe in being bold and aren’t afraid to tear up the status quo. In fact, it’s our duty to tear up the status quo because it doesn’t work, it doesn’t influence behaviour and it doesn’t reduce risk.”
Can you tell us a little bit more about your interest in leadership as a concept. Have you always been a leader?
For as long as I can remember I’ve led teams. As a young child growing up. At school. As a young adult through university. And of course, as a commissioned officer serving in the Parachute Regiment and UK Special Forces. Leadership requires you to be clear about what you stand for and often, what you stand against. Leadership is a daily, renewable contract and I believe that leaders must earn the right to lead, every day.
I’ve been blessed in that I’ve been surrounded by great role models. Of note for me is my mother, an extraordinary, strong and kind woman. She set (and continues to set) me the most amazing of examples to learn from. That said, I was the eldest of three kids, so the chances of me getting away with not pulling my weight or setting a good example for my siblings were very slim!
Many people have invested their time in me. And they supported me. I’ve benefitted hugely and I’m determined to pay this forward. As a society, I believe that we can and should instil in all young people from an early age the idea that leadership is about service. Everyone has it in them to be a good leader. And leaders create leaders. Virtually everyone is a leader in some regard. The real question is: what kind of leader are you, and will anyone invest their time in you?
“Everyone has it in them to be a good leader. And leaders create leaders. Virtually everyone is a leader in some regard. The real question is: what kind of leader are you, and will anyone invest their time in you?”
You put a huge amount of thinking into what the hiring process is and into good company culture. It seems like it stems from the understanding of what it means to lead, but how do you go about choosing your team at the early stage?
Yes, we think this is an important consideration for a business as ambitious as we are. It stems from a recognition that well-led teams and empowered, talented individuals can have a disproportionate impact if they’re provided the right framework within which to operate. Culture is what people will do when nobody else is looking. It’s the direction people take, and the decisions people make when they’re on their own. As an organisation, your culture is your values in action – it’s the absolute present day. It’s not what you used to do, or where you want to be. It’s what every single one of us does… today.
“Culture is what people will do when nobody else is looking. It’s the direction people take, and the decisions people make when they’re on their own.”
What advice would you give to founders who are thinking about taking funding from a VC and if they do, what is your advice to achieve a good outcome?
The advice I would give other founders is to take references in the market and from other founders about the VCs you’re considering taking funds from. You also need to make sure that VC investment is the right path for your business.
In my case, I found it extremely encouraging to hear what the market and founders said about IQ Capital. IQ Capital’s reputation preceded them. It was even more encouraging to then have this positive view reinforced by every interaction that I’ve had with IQ Capital. This was the case during the deal process, and with the support that we’ve received afterwards. With the free-flowing introductions to other founders and leadership teams within the portfolio, and to other members of the IQ Capital team who can help us. The members of the IQ Capital team have different strengths and experiences and are all happy to make themselves available to support the journey that we are on. For me this has been one of the best parts about this relationship.
“I found it extremely encouraging to hear what the market said about IQ Capital. IQ Capital’s reputation preceded them. It was even more encouraging to then have this positive view reinforced by every interaction that I’ve had with IQ Capital.”
How do you relax?
I’ve got a young family, so a lot of my downtime revolves around my three wonderful kids and my amazing wife. We’re fortunate enough to live near a fair bit of open space (relatively speaking for London!), and so spending time with them is (generally!) relaxing.
I’m a keen snowboarder. I love mountains and I used to snowboard race competitively – I even have Alpine Snowboarding Army colours! I’m a terrible surfer but love it. I also love skydiving albeit don’t jump much at all now. When I have time, I love taking my motorbike (a Ducati 821 Dark) for a spin. But I also love learning and I find reading into non-cyber related topics really fulfilling. I love learning about stuff: how things work, the different perspectives people have on issues. I just enjoy better understanding various topics.