By Pamella De Leon / Entrepreneur Middle East - Image Credit VUL9
Team members are given targets, and are tasked to find as many security flaws and vulnerabilities. The end result? Clients are presented with cyberattack scenariosthey’re unaware of, saving cost and impact of the critical vulnerabilities the startup uncovers. “We are talking unauthorized access to databases with millions of user records, access to financial transactions, ability to destroy or leak data, capability to install backdoors, or even wipe out entire applications and IT infrastructures.”
The co-founders met in a 2015 hackathon at New York University, Abu Dhabi. While El Khdime’s passion for the field started at the age of 13, Belarbi’s interest lay in finding opportunities in the market and creating an impact. Learning how to bypass anti-virus solutions from a young age, and having been a member of the white hacking and information security community was, El Khdime says, a “fun and notoriety game.” They are now driven to be responsible with that capability, and it’s one of the reasons why their core mission is “challenging existing traditional security patterns in order to improve the technology and safeguard millions of users across the region.” Their meeting introduced Belarbi to the world of ethical hacking and to the community of infosec enthusiasts and professionals. “We understood that the cybersecurity market was a multimillion-dollar one, and that expertise locally and regionally was limited, hence, the clear opportunity to enter the space and establish ourselves as a provider of choice.”
When the duo decided to pursue their business, they were faced with a two-pronged challenge: showing they have a marketable and scalable business (proof of concept), and second, finding the appropriate financing to bring the startup to life. Their solution to the first challenge was peculiar: approach a company with proof of their efficiency. Focusing on a large UAE-based tech company, the team found a critical weakness which can allow access to their entire database of users. They used this flaw to get the attention of the company’s top executives, which impressed them of the startup’s capabilities, and prompted a $26,000 contract for their services for three weeks. “The proof of concept was achieved because we showcased that someone was willing to pay significant amounts for our work,” says Belarbi.From Yahoo’s data breach in 2013 and 2014 wherein over 1.5 billion users’ data was compromised, to the 2016 DDoS attack which took down popular sites like Twitter, Netflix, Paypal and Spotify, there’s certainly been a wave of cybercrimes around the world of late. The 2017 Norton Cyber Security Insights Report found that 978 million in 20 countries were affected by cybercrime in 2017, with the UAE seeing 3.27 million consumers affected by cybercrime and losing US$1.1 billion. Besides cyber attacks being identified as a national security threat, the cost for cybersecurity negligence by companies is high, and along with a lack of cybersecurity education and training, employees and individuals alike are vulnerable. This is the opportunity that cybersecurity startup VUL9 Security Solutions is capitalizing on.
Launched in July 2016 by CEO Mohamed Amine Belarbi and CTO Mohamed Zakariae El Khdime, the co-founders saw a gap in the market and leveraged their access to stellar talent in security and ethical hacking community groups. “Ethical hackers are a very rare resource, and they tend to have a tendency to dislike bureaucracy, corporate structures, and authority,” says Belarbi. With VUL9, the co-founders cultivated an environment for hackers to “feel free to pursue their passion in a legal and ethical way, and at the same time, not feel as if they were forced to work for a paycheck.”
This was also a precedent for one of the ways they acquire potential customers. “We would look at existing companies with valuable digital assets, be it mobile applications, large user databases, usage of online payment facilities- literally anything worth hacking. Then we identify vulnerabilities in these companies’ digital assets, and use it as a means to gain their attention, and show them that if our team was able to easily hack them, then someone else could as well, and that hiring us to help them strengthen their security posture is a must.”
So far, they haven’t stepped on any toes, and have received positive feedback from Samer Awjan, CTO of Aramex, Magnus Olsson, co-founder of Careem, and Fadi Ghandour, founder of Aramex and CEO and Chairman of Wamda Capital. Currently, VUL9 has four revenue streams: security audits and penetration tests, providing trainings, Payment Card Industry Data Security Standard (PCI DSS) certifications, and software products.
As for their financing hurdles, the co-founders were keen for the right financial backer who would not only provide financial support, but also provide access to a strategic network locally. Prior to the launch, they achieved this when Mohammed Kamali (who also onboarded as a co-founder) supported the startup with a seed investment of $90,000, helping the startup set up shop in the UAE and kickstart operations. He notes that the company has been profitable for the past year, financing operations with its revenue, and the ecosystem has noticed the startup too.
A year after the launch, two undisclosed Saudi angel investors contributed $225,000 to its seed round, which brought its valuation to $3 million. In 2018, their goal is to drive 50% of their revenue from licensing their suite of products, due to go live this year starting with their proprietary solution, Falcon. In total, the startup has raised $325,000. “[We] are now gearing [up] for our Series A in Q2 2018, when we’re raising close to $2 million at a $15 million valuation.” If that sounds implausible, Belarbi adds: “Our Series A is already oversubscribed, given the overwhelming interest we had from investors who witnessed our rapid expansion in the market, and the solid client portfolio we’ve built in such a short period of time.” In the past year alone, Belarbi asserts that they’ve closed over AED1 million deals in the UAE, but have also serviced clients in Morocco, France, Pakistan and Egypt.