Q&A: Goldilock's CFO on transitioning to a channel-first cybersecurity
Just as the inquisitive Goldilocks wandered into the three bears’ home, cybersecurity threats are constantly probing and infiltrating digital spaces, seeking vulnerabilities to exploit.
In the fairy tale, Goldilocks sampled the bears’ possessions until she found what was “just right.”
Similarly, Goldilock, an innovative cybersecurity firm, adopts a channel-first cybersecurity solutions approach, ensuring enterprises have defences perfectly fitted to their unique needs against evolving threats.
The CFO sat down with Goldilock’s financial chief, Angela-Marie Graham, to discuss the company’s pioneering “channel-first” business model and how it empowers partners to rapidly deliver Goldilock’s distinctive hardware-based security solution to customers across diverse industries.
Much like the fabled porridge that was neither too hot nor too cold, Goldilock aims to offer cybersecurity defences that are not too complex nor too simplistic, but precisely calibrated to mitigate risks.
Read the full interview below.
In the current geopolitical climate and with the accelerating evolution of cyber threats, there’s a huge need for rapid adoption of advanced security solutions across all industries. At Goldilock, we want to improve infrastructure and save lives. But in order to do this, we needed to be able to scale quickly across numerous verticals, from IT to OT, critical national infrastructure and IoT devices.
Therefore, a channel-first model made the most sense. It would allow us to tap into the extensive networks and expertise of channel partners, ensuring customers receive the tailored support they need. The channel-first model is the most efficient sales model to allow us to accelerate market penetration and deliver our much-needed security solution to as many customers as possible.
Ensuring alignment with our channel partners is paramount. We achieve this through a two-pronged approach: selecting the right partners and fostering open communication. This starts with choosing partners who are genuinely excited about our product and who understand the solution we provide.
Communication is also crucial to ensure successful alignment. We actively solicit feedback from our channel partners. This two-way dialogue ensures we provide them with the resources and support they need to sell effectively, and their insights into customer needs and industry trends are invaluable to us for refining our product roadmap and messaging.
We are also able to address the diverse needs of different industries by partnering with specialists across the various sectors we work in, from IT and OT experts to healthcare and manufacturing specialists. This allows us to leverage their industry-specific knowledge and helps to meet our partners’ goals.
As you would expect we have set challenging but achievable targets and we measure the performance of our resellers in terms of units sold, revenue achieved and their gross margin. However the metric that most shows the success of this approach is market penetration. We have seen a vast number of partners (distributors and resellers) in different geographies sign up, indicating how globally accepted our offering is. This has really has given us faith in the decision: our partner engagement and pipeline have increased, as have our sales. So all the indicators are pointing in an upward and positive trend.
The obvious challenge was managing cashflow; we introduced delays into the sales cycle as we signed up resellers and distributors. The other was having to “share” margin with partners for their activities, but this is easily replaced by the volume of new clients we are engaging with.
Then there is the resource challenge, we want to ensure all partners have enough dedicated contact and support points so we need to recruit the right people at the right time to align with the accelerated growth. Which leads us back to more efficient cashflow management.
We have to ensure that we have a more structured process in place for product development and feedback. Our roadmap has to be much more solid and robust as the scale of opportunities is increasing at a faster rate than before. It is also important we plan for future elements that different type of partners require, such as increasing the level of automation. In truth, the largest impact is ensuring we focus on growing the marketing capabilities of the company to support the partners and end clients. But this doesn’t mean that we’ve stopped coming up with great ideas on how we can stop cyber-attacks in the future.
Our flagship product is a simple yet powerful, hardware-based approach to bolstering cyber defences. It allows users to physically segment their digital assets, networks, devices and operational control systems remotely, instantly and without using the internet. By making all assets unreachable and choosing when your systems are online, businesses can fight back against cyber criminals by reducing the attack surface by up to 100%. Our product is truly unique, so our channel partners won’t be selling anything like it. The technology also compliments existing technologies like firewalls, routers, and switches, offering our partners a multi-layered security approach they won’t have seen before.
The primary trend we’re seeing now is that cyber threats are becoming more sophisticated and higher in number. Emerging technologies like AI are fuelling a new wave of more targeted and sophisticated ransomware attacks. Air gapping, or disconnecting your business’ systems from the internet, is the only real way to guarantee that AI or any other technology cannot be used to attack the system, since AI can only threaten a system that is online. We’re committed to showing business leaders the benefit of keeping parts of their networks offline to guard against these threats, demonstrating that Goldilock’s solution is an essential security measure, especially as AI progresses and new breakthrough technology emerges.
Over the last couple of years, we’ve also seen an increase in attacks on critical national infrastructure (CNI) globally, especially with mounting geopolitical tensions. Just last week, UK and US authorities warned that Russian-aligned hackers have been targeting vulnerable, small-scale industrial control systems in North America and Europe. Goldilock’s solution is easy to implement and deploy. In a CNI setting, it will work with any level of digital maturity, from legacy systems to leading-edge systems, as well as OT devices, meaning any part of a CNI organisation’s network can be disconnected or reconnected at the press of a button, with minimal heavy lifting.
Opportunity costs, budget and cashflow needed to be assessed against the company’s ambitions when making this decision. Building and maintaining a direct sales force can be expensive, and a start-up may not have the budget to hire a team large enough to meet their business goals. Channel partners can leverage their existing infrastructure, which can offer a more cost-effective approach for a small business. A channel-first approach can also allow businesses to be more flexible, removing fixed costs that may not be covered if market conditions adversely change.
Product complexity and customer size should also be considered. If a product is hard to use or requires a certain level of training, it’s worth considering a direct sales model. However Goldilock’s solution is easy to implement and deploy, thus making a channel partner approach the best and cost efficient decision for us.
Something we’re particularly excited about is our recently announced partnership with CR14. This partnership aims to test our hardware solutions in a fake CNI setting to help increase the resilience of these organisations. CR14 is a cyber defence organisation and the host of NATO’s operative Cyber Defence Centre of Excellence, so this is the perfect opportunity to demonstrate the importance of instantly disconnecting and physically segmenting CNI networks. The whole testing process is also taking place under the banner of the NATO DIANA programme we were selected for at the end of last year, and it’s great to see the direction this programme is taking us!
The simplicity that drives our security solution will maintain Goldilock’s competitive advantage. The technology is easy-to-use yet extremely powerful against rising cyberattacks, and ultimately saves lives. Long term, we see air-gapping becoming as common as two-factor authentication, but until then, we’ll certainly be keeping up with market demands.