Iain Paterson is Managing Director of Cycura, a Toronto-headquartered cyber-security company.
Previously, he worked in a range of technical and management roles in banking, healthcare, and government organizations. Working in those fields gave him experience with a cross section of security tools, infrastructure and network technology, policy and governance concerns, compliance requirements and privacy legislation. Each industry, he discovered, has unique requirements and standards, leading to his own learning curve in vulnerability and risk management practices, security operations and a range of technical controls.
Companies assisted by Cycura have included homeland security, financial institutions, healthcare, law enforcement, law offices, startups, tech, and telecommunications.
What’s the ‘elevator speech’ for Cycura?
Cycura is a research and development focused, offensive security services firm. We specialize in advanced attack methodologies, vulnerability and exploit research, penetration testing and tools development. We also provide incident response and forensic services and training. Our capabilities and proprietary tools allow us to offer high-end and exotic services that are quite scarce in our industry, and to deliver superior outcomes for our clients.
How would you describe your job?
My job is to align the exceptional technical capabilities our team has with the needs of our clients. The major components of my role are business development, customer education, relationship management and continuing to evolve our growth strategy.
Cyber Security can be a complicated subject, with a lot of focus on products and reactive solutions.
I spend a lot of time helping clients understand the nature of the services we provide, the value proposition of advanced technical security testing and how we are much more than a simple series of checklists and automated scans.
How did Cycura get started, and how is it different from companies that do similar things?
Cycura was started in 2013 by a few of our board members, one of whom has many years of experience in the industry and once worked in a specialized cyber-unit of the Israeli Defense Forces.
The company grew out of projects and initiatives by word of mouth and referrals initially. Our team came together as a collective of subject matter experts, with different skill sets, centered around offensive security practices and research.
We scaled up in 2015 when we responded to a major data breach at a Toronto company, which garnered international public attention. I joined Cycura during this time to act as project executive, and to focus on business development efforts.
Cycura is different from other cyber security companies for a number of reasons.
We focus on proactive security approaches through our service offerings.
While expensive solutions may help increase security posture, we have seen time and again that no one solution can mitigate or identify all the technical risks an organization may have. We bring together a global team of leading security and intelligence experts who understand advanced attacks to identify and address these gaps and vulnerabilities.
Our laser focus on offensive security, and having resources with incredible depth and experience in the very advanced technical elements of security makes us a different type of company relative to our peers.
Who has used your services?
It’s fair to say that we’re able to work in just about any industry or vertical. We definitely like working with companies building applications or providing digital services because they’re very technical and so are we.
Cycura works with a number of tech and startup firms to help them secure their platforms, applications and websites. We also work with larger enterprise and institutional clients on the same initiatives, but have broader services like Red Team testing, Phishing campaigns and social engineering.
Cycura also provides bespoke technical testing, services or tools development in areas such as IoT, embedded systems, critical infrastucture, and other domains. Basically, if it can be hacked, we can hack it, and help you secure it.
What’s some entrepreneurial advice you’ve learned?
Identify “the one thing” that is the nucleus of your company. Define, build, and refine your services or products outward from that.
It can be really tempting to latch on to opportunities outside of your core capability, but you have to approach that with caution.
You risk diluting your brand and risk failing to execute with excellence.
Seek opportunities to grow organically and partner, but do it in a measured and risk conscious manner. Find others you can work and collaborate with, and leverage those relationships to build your brand and your offerings until you can expand your own core capabilities.