 Trying to get back to the basics of great products. Power comes from sharing information. I try to convince people to slow down. Three, one. Open. This is the soak twice. Smart, smart, smart. Hello, hello, listeners and viewers. My name is William von der Palen. I'm here at the Helsinki Slush office yet another podcast episode coming up. And today, our guest is Emilie Orton, CMO of Dark Trace. Welcome to the show. Thank you very much, William. Very nice to have you here. Let's start out with the basics. Who is Emilie Orton? Well, great question. So I'm the Chief Marketing Officer at Dark Trace. I've been with the company since it founded, so I'm part of the co-founded team. And I'll tell you a bit about Dark Trace as well, because I'm sure you'll want to hear about that. So Dark Trace is a cybersecurity company. We're based in Cambridge. And we were actually the first company to develop AI back in 2013, when we founded, that was capable of interrupting in progress cyber attacks inside a company's systems. So my journey has been going from the very early days, setting that company up through to today, where some of you may know that their Dark Trace recently floated on the London Stock Exchange. But a bit of background, I guess, to kind of where we come from. I'm guessing you might want to hear about the founding story. And what was interesting about when we started Dark Trace was the whole approach to doing cybersecurity was based on this idea of having a wall around your network, keeping bad actors off your systems altogether. And so the whole industry was built around this fundamental principle of keeping the bad guy off. Now, today, that whole approach is discredited. It doesn't work. And the reason for that is people are on your systems all the time. Your employees need to get into your systems. Your customers are connecting to your network. Today, we have remote working. We have so many ways of interacting with data, which is great, but it also makes us very vulnerable. So we really came in with this question of how do you actually deal with the situation where the bad guy can get in? In fact, in many cases, when we start working with organizations, we find that the bad actor, the threat is inside already. And so it was a really different way of looking at the problem of security and looking at how a technology like AI could be used to overcome that. Yeah, for sure. And it's a massive problem, the cybersecurity part. And the little I know about it, it seems that even though you have the perfect security system set up and all your servers duct taped and whatever, it always boils down to personal, like one person doing something maybe a bit stupid, something a bit naive, or getting tricked into doing something and then granting access to someone to the system. So it seems very inevitable to keep everyone out of the systems entirely at this point. But what about your background? How did you end up co-founding Dark Trace? Well, it's really interesting because I am a linguist by background, I did French and Spanish literature. And so how did I get into technology? So it's a really great question because it's not an obvious route. And certainly if you go across Europe, I remember travelling in France and Spain, I did time out there, it's almost that pathway. It seems kind of strange. And I think, as I said, particularly when you travel to the rest of Europe, it's kind of like, you're a literature graduate. How did that happen? So let me explain. Well, I guess I think it's really important for employers to be really sort of open in the way they hire. And I think this is something I'm sure we'll get on to in our conversation as hiring. But I was lucky enough to have an opportunity to work within a technology company at the beginning of my career. And Dark Trace was actually a company that was founded out of Cambridge, which is a very rich ecosystem in terms of technology. It's somewhere where I actually studied. And so I was quite close to the Cambridge ecosystem and started working in Cambridge companies from the beginning of my career. And at the beginning at Dark Trace, I didn't know where it was going necessarily, but what I did know is that there was some really, really bright people behind it. We were founded by mathematicians coming out of the university, coming out of that science base in Cambridge. And so what attracted me as someone who enjoys communicating, enjoys trying to translate ideas into concepts that are going to be compelling was, firstly, it was a massive challenge. It's a massive challenge working with people that whose brains work in a very different way to yours. So I really liked being part of adding something that was different. And you need to clearly some very serious brain power. We have PhDs in physics, computing, statistical modeling. Those are really pure scientific disciplines. And I'm translating that. So I started right in the early days, building up that initial communication strategy. And eight years on, I'm now leading a global division within that. So it's definitely been a lot of learning in my career in terms of how technology works, how science works. And I definitely, I love to encourage people coming out of universities in these broader subjects. You don't need a business degree to do business. That is a reality. What you want is someone who is capable, who's creative, who has the ability to think laterally around a problem. And you really want to give those people the ability to learn. And so that's something that's really important at dark traces, getting capable people and allowing them to learn on the job. And that's something very much that I've done. Yeah, exactly. It seems to me that that's more common in Britain, for instance, than in many other European countries where you study humanism or it can be a historian, work as a lawyer or whatnot. So it seems like it's working at least for Britain. It's probably something that should be more and more common also given the world we live in at the moment. But yeah, you mentioned building out the communication strategy and the marketing. So what were the initial steps going from a very deeply technical product with these mathematicians and all these models and to actually create then a story and a product and a really well-known brand? Yeah, absolutely. And just to pick up on your previous point, I mean, I agree. Like people used to ask me, was I a teacher or a translator? But when I, so it was always kind of like, oh, you're a teacher. You studied French. So I agree. I think it would be great to sort of start changing that mentality in terms of building up the brand. I think first off, dark trace serves over 5,000 organizations currently across all industry sectors and also different sizes of business. So we're working with enterprises that are multi-nationals with thousands of employees as well as smaller to media businesses. And I think I talked about, we were coming into the market with a very different approach. There is no silver bullet to cybersecurity. That is the reality. A lot of people will tell you, you can stop breaches. You can't stop breaches actually. You're vulnerable. I think we were coming in with a very different message. And so I think there was a lot of education that we had to do in the early days to explain a different approach. This wasn't an incremental change and an incremental improvement on an existing approach. It was something very, very different. I think one of the key things for us has been to really facilitate our customers to be storytelling around how they use our technology and what are the benefits. In the security industry, the customers that we're serving, they are a skeptical bunch. They're a demanding bunch. They have incredibly difficult and difficult goals. You know, it's a tough job to be defending your business's intellectual property, their employees. It's a lot of stress that goes with that. And so what we've been able to do is really foster a really great community within the dark trace customer community where they're able to share peer to peer insights of how this is used, what the value is. And I think that's as equally as important now at the stage we are now as a large enterprise. But it's certainly very, very important at the early stage. So when you're getting a product out to market, the first thing I would say is get customer feedback early. It can be tempting to try and create the perfect product or what you think is the perfect product. But you need that feedback really early. That's been really important for us is being able to iterate the product based on customer feedback. And then in terms of what you're asking in terms of the brand, really allowing our customers to tell stories and have a platform because actually it's an area that's changing so much. The threat landscape has changed so much in the last decade. It's got a lot more sophisticated and a lot more aggressive in terms of the threats that companies are facing. And so really it's important to have that interchange. We've set up forum events where we actually bring chief information security officers who are typically our buyers to events where they can come together and not just to talk about dark trace, to talk about the problems that they're facing. And I think if you can help create those communities and those interactions, then you get a really great advocate base who are going to do that job really, really well because they want to hear from their peers. Yeah, exactly. And it seems like changing the narrative, changing the story and then getting your customers to sing your praises or sing that story. It seems that that's a very efficient way for many deep tech companies. We've had some other similar companies also on the show and we've talked about getting those first partnerships, getting those first advocates and allies and really talking for you and doing the job in that sense for you and then taking it from there. So absolutely. Yeah, as I said, I think one of the first events we did was what we call a forum event where we set up a Q&A. We invited just people in the industry and we allowed the audiences to ask questions. And so we just had this really interactive event where we were able to talk about our approach but just really have an emphasis on interaction. We had networking afterwards. So I think everything you can do to create that community is ultimately good for your brand. Was it hard for you to get the first customers on board since you probably believed in your product and knew it was the right approach? But it always seems that getting the first really big references, big customers to believe in the story is always the hardest. And most companies want to buy at the point where someone else has bought because they don't want to be on the hook for buying something that doesn't work, especially with a product like this that could potentially then screw it up even more. Yeah, it's a really good point. It's sort of getting that initial momentum going. It is your first priority as a new business and you want to lower the barriers as much as possible to kind of getting that first customer relationship which is good for you as it is for them. So it's really a mutual relationship that you're building. As I said before, that feedback is absolutely critical. You can't build a product without getting that and getting it early. I think for us, we were founded by I mentioned mathematicians and the sort of genesis and getting it off the ground was coupling up that group with some individuals coming out of the UK Intelligence Services, GCHQ and MI5 here in the UK who had direct experience of the cyber threat at a government level and who'd also worked with large corporations and seen the extent to which quite frankly they were getting infiltrated. And so we had a great team that had a lot of credibility and talked to the problem. And so particularly on the UK Intelligence Service and we actually built an advisory council again in quite the early days where we had people really talking to why this approach was so necessary. Of course it's a critical problem that companies were facing and still face and it's an existential problem. You're not going to have a business if your engineering blueprints are being stolen, if you've got competitors going after customer databases or whatever. So I think clearly it was a critical demand that we recognize and being able to couple up external parties that validated the approach was really powerful and getting customers, sort of those early customers engaged. The second thing is a very practical thing. We're an artificial intelligence company. Now today there's a lot of hype around AI. It's almost used as a marketing term today. That wasn't so much the case when we started, certainly is now. I think we knew as a sort of deep tech company that had a different approach was that at the end of the day you need to show it working, not just in some sort of like test lab theoretical way. You need to show it working in their systems. And so from a very early point, we decided to roll out a trial period where we would essentially provide the technology free of charge. We would install it into the customer's environment whether that was in their data center or in their cloud environment or wherever they wanted to test it. And we go in and we basically start looking at those systems. The way that AI works is it goes in and it starts learning what is the normal activity for this business? What's the pattern of life? What's the day-to-day cadence of the employees? And it learns that and develops this sense of what we call self. If you think about the immune system and the way the human body defends itself, it's very similar in that it's predicated on the idea that you're not going to keep bad stuff outside. Your skin's not going to keep everything out. You're going to have to find and identify bad stuff, intrusions internally. And so we have a similar model where we put the AI inside and then we would show them what we found. And I think what was the real test and sort of proof of this is that in over 75% of organizations where we're still today, where we go in and we apply that AI, we're finding a threatening activity that that company was unaware of, despite investment in that wall that I talked about earlier, despite having a pretty mature approach in terms of the perimeter security. And so being able to do that, and of course there was a cost to us there, but being able to actually put that technology in the hands of our customers was really critical in building up that early credibility and winning those first customer wins. Yes, and probably money much more well spent than doing billboard ads or Instagram ads for a cybersecurity product with no customers. So I think that's a great way to approach it. And I think many entrepreneurs and companies underestimate how hard it is to get the first customers and paying customers and how you actually need to approach it in the way you did most often. So I think, yeah, evidently it has been money well spent. So yeah, but moving down to the hiring part, maybe you work as a CMO and yeah, the product is still very deeply technical and you get your customers to see your prices, of course, but how do you, do you need to think differently about hiring other marketeers or copywriters or your internal marketing team when doing a more technical product? Yeah, so Dark Trace today has 1,600 employees. So we've certainly done a lot of hiring over the last eight years. I think the first thing to say is hiring is probably the most important thing you can do when you're building a business. People are critical. And so really understanding what you're looking for and making sure that you communicate that across the business when you get to scale is really, really, really important. For us, I think we're looking for very bright capable people. Now clearly in our Cambridge R&D team, we're looking at highly skilled scientists, software engineers in those roles. And they're a finite resource and they are the kind of magic team, really, that I think of them as the magic team who are doing the kind of amazing engineering work. But of course, across the business, we need those skills to commercialize it and to scale the business. And so for us, it was about getting skilled, capable people and bright people. But remembering that actually you can learn a lot on the job and in security, we have a massive skills crisis. Actually, we don't have enough people who know cyber security, who are specialists in threat investigations and networks. And actually what we realized was that a lot of that you can implement on the job. We spent a lot of time developing training programs that got people up to speed. And really what you're looking for when you're hiring those people is that potential and that kind of core competency. It can be tempting to sort of look at the ultimate sort of what you want at the end of it and look for those capabilities and look for certain degree course. And actually you're going to be missing a lot of really, really good people if you're too kind of narrow in what you think you want. So for us, it was about really spotting potential. And when you're growing a company, you are hiring your future leaders. Whether that's an entry-level position, you need to be really looking and thinking, could this be a future leader? Because you're going to need those later down the line. So I think that's allowed us to get really interesting people that perhaps don't fit to a particular mold, whether that's in a commercial role or whether that's in a cyber security analyst role. And it really creates a really great culture because you have this culture of continually learning and you open up these really amazing career paths. We have people who've studied classics and have gone on to actually join the software development team. And those kind of roots that even when I was at university I would never have thought that I could be, to do that, to be a software developer would just be outside of what I would have imagined myself. But we see those career paths and I certainly see them on my team. So I think believing people's core capability and they can learn. And I've seen that proved out in various departments in dark trace. We have a bit of a rule at dark trace that you want to take a problem back to its first principles. You're not rolling out the playbook. In fact, often there is no playbook. You're in new territory. And so you don't necessarily want someone who's going to have the management answer or have a sort of preconceived idea of how to run a business. You want someone to sort of sit back and think, if I took this back to first principles, what is the problem here and how can I solve it? And often you get the most creative solutions when you're taking that approach. Yeah, I think that's a great approach, especially the idea of hiring your future leaders. Because it seems like many companies also hire for a very specific need at a very specific time. And you kind of treat people like disposable assets that you need to switch out at some point to get the next batch of people in to fit that growth stage of the company. And that's very expensive. And for every good hire you also probably make a bad hire. It's very hard to hire to be that good at hiring. So then allowing for more mistakes and more development of the job seems like a very intuitive approach. So it seems like a very good idea. Absolutely. I mean, I think one of the joys of kind of seeing a company grow is seeing people grow. And yeah, we have people on the team that have been with us three, five years and will have had amazing careers where they've learned, they've escalated and they'll be leading teams of their own in that time. So it's really kind of fulfilling to see people develop really exciting career paths with our company. Yeah, exactly. What about yourself then? Clearly, you've had to scale as well. You were one of the co-founders. You were five people. Now you're 1600 employees. So how is your personal growth journey looking? Yeah, I mean, a lot of learning, clearly. I think certainly the company has changed a huge amount from when I started, just developing the first website and doing the first kind of events and doing the first kind of collateral that you produce. And obviously running a team, that's very different. I think scaling has been the big challenge. I think it's a cultural challenge, which is how do you make sure that that kind of entrepreneurial culture, which I think is important to us, even as we're a large company, is maintained when you're not physically there and you're not going to be able to influence everyone on your team in a direct way. So certainly for myself, it's been really making sure that have a really strong leadership team that are able to do that in different regions of the world and continually learning. And I think you need to be a little bit humble when you're in a fast growth industry. You won't have all the answers. And I think even now we're looking at new technologies, new ways to apply the artificial intelligence that we're really having to rethink how we sell and how we roll out to customers. And so I think it's about getting that balance right between directing and getting your strategy executed, but also kind of being open to learning. And I think it's something important because the whole of my team is constantly being learning and keeping up with the changes in the market and changes in technology. It's really exciting. Obviously, we are now at a really exciting stage in that we have this amazing platform that we've achieved through floating the company early this year. And so what we're really excited about is how do we get to the next phase of our growth? And so these milestones are something that I know personally I get a lot of kind of some energy out of in terms of really marking the progress of the company. And I'm really excited about growing dark traces, presence into new emerging markets, and also really exciting product launches that are going to change again the way people think about enterprise security and artificial intelligence. So I think the wonderful thing about being a tech is you're always learning. You're very rarely sort of resting on your laurels, which is a challenge, but it keeps it really exciting. You're never just executing that same playbook and you've got it right and you just rinse and repeat. You've got to be on your toes all the time. Yeah, exactly. It's a good mindset. Before we move on to the flotation and the IPO process, I thought it would be interesting to discuss also the research-driven innovation and research-driven companies. And there's still like somewhat uncommon for deep tech companies to achieve high valuations such as the one you've achieved and really to succeed. So what do you think are the most important things to get right in order to foster more of research-driven innovation? I think I guess the first thing to say is that in the UK and I think in Europe as well, certainly particularly in the UK, we have second to none scientific research. We have the ecosystem in terms of the universities and the funding. And of course, it's really important to make sure we maintain that great support or funding for research. That is the core and the base of which we rely to be able to create companies like Gartrace. So we do really well on that. And I think we need to continue to, from a government perspective, that support for scientific research. In terms of within our business, it's an absolute priority for us to keep innovating. And that's something that it's not just something you do at the beginning and then you launch the company and then the job is done. We're a deep tech company. We're an AI company at our core that develops solutions for a cybersecurity challenge. But we very much see ourselves as an AI company as a mathematics company at its core. And what we've been able to do is actually within our research and development team in Cambridge, firstly, they are mathematicians, they're not all cybersecurity specialists. We need those core capabilities to be innovative, to rethink problems. And so we have a range of skills and it's very important that we have a range of skills within the R&D team. And then what we've done as well is run sort of parallel teams. So as we get larger, of course, we have a lot of kind of customer road map plans that we want to roll out new improvements and new features for our customers. But in parallel, we have another team, perhaps we have several teams that are working on kind of pure research and innovation. And I think the core there, this isn't my team, but the core there is giving them the time and the space to think laterally. If you're always just executing on a kind of road map, you're not going to give people the kind of time and kind of headspace to think about new problems. And I think what's really exciting about dark trace is we have an artificial intelligence that learns a sense of self for a company. It's a very fundamental capability, understanding the, if you like, the digital DNA of an organization. And we are conscious that the application of that could also be really interesting outside of, or beyond cyber security. So we are actively investing in our R&D team. We're increasing its size. And we give teams the ability to spend times on how we could use this, not just necessarily within security, but within other areas of business. And so getting those bright people and giving them the space and the encouragement to do that is how we get to these really interesting new innovations that aren't just kind of adding on a certain track, but actually creating whole new tracks. Yeah, that makes total sense. And what about thinking about global expansion? That's something also as very, very hard often to get right and choosing the right market, setting up the right teams internationally, getting the customers. It's like starting a company all over again, in a sense, until you've done that a few times, and then you again have maybe some references and credibility in terms of opening new markets. Has there been some really clear learnings on how you, on the way you've approached the global expansion so far? Yeah, I think we expanded internationally pretty quickly. In the first couple of years, we already had close to 20 offices around the world. So it was pretty rapid. And so we took the approach of really just going out. We knew there was demand. We knew this was a fundamental problem. Companies were getting infiltrated and experiencing cyber intrusion. So we went out pretty quickly. I think one of the key learnings is culture is probably one of the big concerns. How do you make sure that it doesn't feel like you're setting up five or six different companies? You've got a single company. And that's really hard. I think again, it comes down to the people that you've got setting up. You need to make sure that you really have people that are bought into your culture, that aren't just good at sales or whatever it is that you want them to do there, but actually really are bought into your culture that spent time with founding group and then can build up that culture in different regions. So we went to North America and across Europe pretty quickly that we expanded out to Asia and then we've been able to add things like Latin America and really exciting new emerging markets. So I think getting that leadership in place, we also took the approach that it was really important for us to have centers of gravity in those regions really strong hubs to office environments where people can collaborate and get that culture. I think it's really hard at the moment. You know, we've gone through a global pandemic and people haven't been able to do that. And you know, running a remote workforce when you've just started, I think it's a challenge. I think some companies have done really well at that. But I think it would have been a challenge for us because we really wanted to make sure that people were meeting and whether they were kind of in the field and traveling a lot that there was someone going to go back to. And so we definitely created these kind of regional hubs, Singapore for our Asia Pacific business. We had, you know, South African New York becoming kind of key hubs in the US, etc. And then making sure we have enough clearly interaction from the founding team getting out there and spending time in the markets. Markets are different. And I think certainly from a marketing perspective, you know, understanding where you do need to localize is really important. There's, of course, language barriers that you need to make sure that you're accommodating, but also different business practices. You go to parts of Asia and, you know, your event strategy may not work the same way as it will in Europe because of cultural practice. And so you want to make sure that you are, you're sort of translating your culture, but you're also listening to cultural norms and getting that balance right. So ultimately you have a team that are proud of your culture and proud of that kind of HQ sort of link, I guess that they have, but also feel that they have the autonomy and independence to be able to make that work for the market that they're in. Yeah, no, exactly. And obviously, as you said, the problem being that global and being in some ways, at least, quite the same everywhere helps. You don't need to educate the customer, you know, and tell them what the problem is in the same way that with some maybe other consumer products or stuff like that. So it's probably a good advantage to have as well. Yeah, maybe to close off then to talk a little bit about the flotation and the IPO process. So just in general, how did you start evaluating if the timing was right? You know, how do you know? When do you know when to IPO? Is there a perfect time? Well, I think, I don't think there is a perfect time. I think it's something that certainly was an aspiration that was shared by, you know, the leadership team for a long time. We've always been very ambitious for the company since its early days. And so it was on the horizon. And I think the time was right for us in terms of certainly the threat landscape. You've seen the escalation in attacks really ramp up. Just in the last year, around where it's become almost sort of synonymous with cyber attack for a lot of people. And so it was a really good time to double down and particularly what the flotation has done has enabled us to invest and expand our research and development team in Cambridge and get that those kind of innovation projects that I was talking about really just do more and do it quicker. And so it was the right time from a kind of market perspective for us and internally for us to really kind of, you know, put the pedal down and start that process. And I think it's been a really interesting time as well to be looking at kind of talent flows and getting the right people on board. So we've been doing a lot of hiring still, particularly within our R&D team. And so the time we've worked for us, it's given us an amazing platform that really gets us to be seen as, it sort of kind of, it's a pegs us in terms of our growth. It gets us to that kind of platform where we can sort of get to the next stage and the timing just felt right for us. Do you think it increases your credibility in larger corporation sizes? Is it easier for them to buy from a stock listed company than from a, you know, quote-unquote startup? Absolutely. I'm no question. I think there is a huge amount of credibility. And what was great about the IPO was our customers' feedback. They're really proud of actually being part of the Dark Trace journey pre-IPO. And that's really nice when you can take the customers along a journey. You know, those early customers that were trailblazers and really trying a brand new approach and then coming all the way up to the IPO. It's really validating for that customer community. And so that was one of the joys of sort of getting that great feedback and absolutely, you know, you're completely correct that that credibility is so valuable in getting, you know, expanding more and getting bigger customer wins. Yeah. Was there something in the process of the IPO that surprised you? Something that was, you know, an unexpected outcome or something that was harder than you thought or whatever some anecdote of something being surprising? Well, I'd say I was slightly disappointed because we were all kind of waiting for the kind of bell to ring and be in the stock exchange and that kind of big moment and the balloons and it was a global pandemic. And it was very different. So I think personally that was a bit of a shame. But and of course, you know, the team that we're doing, you know, speaking to investors day in, day out, had to do it on Zoom, not how we'd imagined it. Of course, you know, you really want to be kind of sitting with these people looking into the wide of their eyes talking to them about your business. And there was a lot of Zoom fatigue by the end of it. So that was different. And that was, I guess, a challenge, but it was it was amazing also to see how we how we kind of pulled that off virtually. And I think what's really nice about the whole process is certainly as a founder coming through the business and being day in, day out, you're kind of in the weeds of your business and you're just moving forward day, you know, and entrepreneurs listening to this will know this, you just you're constantly just pushing for day by day, week by week. And so for us, it was a great opportunity to just take a step back and look at the business and think about the business as an external party would. And it's the moment of pride for us because we get to present not just the business today, but also it forces you to present the business tomorrow and show that pathway. And so I think it surprised me, I guess, not kind of our business because I kind of know that very well, but really looking at the amazing sort of future that we have, I think that was really exciting, very motivating for a lot of us to kind of think more deeply about that. And obviously, it was a great moment for our employees as well. I said, you know, again, it was the pandemic, so it was kind of, it was a shame that we couldn't get together and have that big party that you'd hoped that we had and we did do one later. But an amazing moment for all the employees that have been past that journey for a number of years. So for me, it was just a great moment of pride for just kind of recognise the last eight years. Yeah. I think, you know, how they moved up all the weddings and the concerts, they should be moving up the bell-ringings of all the missed floatation bells as well, I think that would be more than fair. So I think so. Yeah, all in a row, one bell-ringing day or something like that. So that would be deserved, I think. Yeah, no. But thanks so much for joining the Soakbuy Slash podcast and it's been a blast, really fun talking to you. Well, thanks so much for having me. Thank you. And thank you to everyone who tuned in and see you in the next episode again. Bye-bye.