Darktrace: How Poppy Gustafsson built a $1.65 billion unicorn

Darktrace CEO Poppy
Gustafsson.
Julian Dodd/Management
Today

• Poppy Gustafsson is the 35-year-old CEO of
  Cambridge-based cybersecurity firm Darktrace, which was
  recently valued at $1.65 billion.
• Gustafsson told Business Insider how she grew Darktrace
  into a unicorn after spending just £15 ($20) incorporating the
  company five years ago.
• Darktrace has made a name for itself by spotting
  strange hacks and scams, such as bad actors trying to break
  into a US casino using the internet-connected thermometer in a
  fish tank.
• Gustafsson spoke to Business Insider after being named in the
  UK Tech 100, a ranking of the 100 coolest people in the UK tech
  industry.

Business
Insider

Poppy Gustafsson may have just helped her cybersecurity company
Darktrace achieve unicorn status, but she still admits to making
mistakes all the time.

“I’m trying to cut down my mistakes from every day to every
week,” she told Business Insider after being named among the 100
most influential people in the UK tech industry.

On the surface at least, it looks as though Darktrace is doing
very little wrong. The company raised another $50 million last
week, bolstering its value to $1.65 billion, and it now
employs more than 800 people across 33 offices worldwide,
including in San Francisco, India, and Hong Kong.

It’s come a long way since Gustafsson spent £15 to incorporate
Darktrace five years ago. Not that she is particularly bothered
by achieving unicorn status. “It’s not something, if I’m honest,
that we really benchmark ourselves against internally,” she said.

Darktrace, which uses artificial intelligence to fight cybercrime
for its clients, traces its roots back to British tech
billionaire Mike Lynch. Both Gustafsson and her co-chief
executive Nicole Eagan worked at Lynch’s $11 billion software
company and later his venture capital firm Invoke Capital.

Mike
Lynch is a director and early investor at
Darktrace.
Ben Gurr/WPA Pool/ Getty
Images

Darktrace was essentially spun out of a piece of Cambridge
University maths research, with& mathematicians working
alongside cyber intelligence experts in the US and the UK to
develop the technology. While neither Gustafsson and Eagan are
listed among the original directors, they helped set the company
up through Invoke.

Darktrace’s big idea was that instead of doing cybersecurity like
a medieval fortress by erecting a big wall to keep people out,
it’s better to do it like espionage — track people who break in
to find out what they’re after, who they are, and how they got
in.

Darktrace now uses the human body as a metaphor for its
technology. The company calls its tech the “enterprise immune
system,” taking inspiration from the way the humans fight off
disease. It is officially named Antigena.

Gustafsson’s partnership with Eagan is the engine room of
Darktrace’s growth. Eagan’s background is in marketing, whereas
Gustafsson is an accountant by training. “We tend to say that
anything with words in is Nicole, anything with numbers in is me,
and it works well,” she said, adding that Eagan was instrumental
in honing Antigena to make it able to respond to threats, rather
than just detect them.

She’s also straightforward about Lynch’s role in the company.
“Mike is a brilliant mind, he’s got incredible experience at
growing organisations from nothing to something very
significant,” she said.

He is embroiled in a legal wrangle after selling Autonomy to
Hewlett-Packard for more than $11 billion in 2011. HP filed a
lawsuit in 2015 alleging that Autonomy fraudulently inflated its
earnings ahead of the sale. Lynch launched a countersuit, saying
HP invented the fraud claim to hide its own incompetence.

The trial will take place in March 2019, but it does not
appear to be clouding Darktrace’s horizons.

Danger lurks in the internet of things

Antigena has made a name for itself by spotting strange hacks and
scams. Earlier this year, Eagan told a conference in London that
Darktrace found a hack which
targeted a casino via the internet-connected thermometer in its
aquarium.

Gustafsson said the internet of things is increasingly being used
as a point of entry for hackers.

“The internet of things is this huge maze of interconnectivity
between us and our environments and the devices that occupy them.
And it could be something like a fish tank, it can be your
internet-connected coffee machine, but these things are here to
stay,” she continued.

“As individuals, we rely on them all, and business is nothing but
a collection of individuals. And so, therefore, it was inevitable
that businesses were going to get swept up.”

Darktrace detected hackers
had used an internet-connected thermometer in a fish tank to gain
access to a casino’s systems.
Tomohiro
Ohsumi/Getty

Darktrace’s size has exploded recently — its workforce has grown
by 60% in the past 12 months to just under 800 employees and it
has an unusual hiring strategy for a tech company.

Darktrace’s unusual hiring strategy

Firstly, it employs more salespeople than engineers. Gustafsson
said this is because its development team has already built a
tried-and-tested product, and so now the company needs more
people in sales to meet demand.

“This next stage of growth, our focus is very much we need to be
able to hit the market demand as it’s hitting us, so that tends
to be sales and marketing that we’re hiring in to meet that
demand,” she said.

“We are absolutely hiring in the technical skills as well, so we
continue to expand our dev team, but that real acceleration of
growth is going to be in the sales and marketing function.”

Darktrace also has a reputation for hiring young graduates, which
according to Gustafsson is plugging a hole in the cybersecurity
jobs market.

Nicole Eagan, Gustafsson’s
co-CEO at Darktrace.
Darktrace

“There’s a massive skills deficit in cybersecurity. Organisations
internally are really battling with the fact that they just don’t
have enough threat analysts out there to keep on top of the
problem,” she explained.

“It’s very important for us instead that we create those cyber
specialists. So what we do is we bring in bright graduates from a
range of disciplines and we train them up very quickly into the
particular area that they’re interested in, whether it’s a
technical pre-sales role or a sales role, or marketing. So
hopefully we’re helping to contribute to some of that resource
deficit as well in the long term.”

Gustafsson also said a creative approach to recruitment has been
key to training up specialists. “Some of our brilliant cyber
writers that we have are linguists by background,” she said.

What Darktrace would do differently

For all of Darktrace’s growth, there are a few things Gustafsson
says she would do differently if she could turn back time.

“It’s tempting to want to go and sell [your product] to the big
banks and all the high-end value names,” she said. “But these big
organisations, they’re a massive time-sink and you can get very
easily distracted by trying to slay one of the big banks or
something very early on in your lifecycle. So my advice would be:
Just go out there and sell it in a way that’s repeatable and
practical.”

As a female CEO in the predominantly
male cybersecurity industry, Gustafsson also had a few words
for women who want to get into the field. “My advice would be:
Change is afoot, the future is what you make of it, just don’t
ever let anyone tell you that you can’t do it.”

And as Gustafsson has shown, making mistakes is not necessarily a
bad thing.