Driven by Effort, Not Outside Funding

When asked about external investors, Simon's response was clear: “It was entirely self-funded.” This organic growth allowed them to concentrate on the fundamentals, learn about managing a growing business, and lead with insight, experience, and determination. To advance further, however, partnerships with Quadrant Private Equity were established to support the next stage of growth within the Bastion Security Group.

Simon has become a tireless advocate for cybersecurity education. His keynote speeches, presentations, and conference engagements have played a significant role in helping businesses avoid the financial and emotional toll inflicted by cybercriminals.

The depth of knowledge gained from organic growth, along with a commitment to protecting intellectual property while openly sharing insights with the industry, has proven beneficial. Simon has successfully forged a robust local and global network within the expanding cybersecurity sector. While maintaining transparency, he has also safeguarded his own intellectual property and streamlined his operations.

The Hurdles of Expansion

Simon noted that the growth phases present the most significant challenges. “Different obstacles emerge as you scale from zero to ten employees, then from ten to twenty, and now we’re surpassing the hundred-employee mark. It requires more structured systems and processes.”

Starting as a hacker and tech enthusiast, Simon has evolved into a leader focused on corporate strategy. His experience has been hands-on, yet he has remained curious and open-minded. As the company expands, the founder must accelerate his personal growth as well.

In addition to running his enterprise, Simon is a member of the Institute of Directors in New Zealand. “My experience and governance training at the Institute greatly enhanced my financial understanding,” he explained. “It compelled me to view the business from a wider perspective.”

Confronting COVID and the Talent Shortage

The COVID-19 pandemic posed a significant challenge, yet they emerged relatively unscathed. Their strong foundation allowed the company to retain clients amidst the unexpected upheaval many businesses faced.

However, the cybersecurity industry grapples with a critical talent shortage due to global demand and the increasing complexity of digital threats. A staggering 92% of cybersecurity professionals report skill gaps, and a projected four million cybersecurity experts will be needed worldwide, according to ISC2.

This talent gap is a global issue. In the last year, 700,000 new professionals entered the field. Against this backdrop, ZX Security has strategically tapped into local talent, recruiting individuals who are just beginning their careers.

When discussing recruitment strategies, Simon mentioned collaborations with the Summer of Tech and hosting a hacker conference for sixteen years. “We have a rigorous selection process that includes a hacking challenge,” he noted, highlighting their thorough onboarding programs for new hires.

Cultivating and Retaining Talent

The training for new employees is extensive. “New team members shadow our consultants before gradually taking on responsibilities,” he explained. As for retention, “we offer generous benefits, bonuses, commissions, and, of course, a workplace culture that fosters loyalty.”

The company provides excellent perks, including free fruits, snacks, and Friday breakfasts. This helps cultivate a culture of trust, commitment, and collaboration, which is palpable when visiting their office—a space that feels vibrant, focused, and dynamic while remaining professional.

Navigating Competition and Collaboration

The cybersecurity market is expanding rapidly, leading to backlogs for all serious players in the field. Recent statistics from CERT NZ reveal a direct financial loss of $3.7 million reported in the first quarter of this year, which rose by an additional $1.7 million in the second quarter. However, the ramifications extend beyond financial losses, affecting company reputations and individual well-being.

Moreover, CERT NZ reported a 36% increase in malware incidents, with phishing and credential harvesting rising by 26%. On a global scale, the cybersecurity market is projected to reach USD 354.7 billion from 2019 to 2027, according to LinkedIn.

A Promising Environment for Ambition

Despite the challenges, New Zealand is an excellent location for establishing a global cybersecurity enterprise. It ranks as the second safest country in the world according to the Global Peace Index 2018. Being situated in a safe, stable, and democratic society allows one to monitor trends and devise appropriate responses. However, as Simon pointed out, complacency is not an option; it’s crucial to engage everyone in cybersecurity awareness.

Interestingly, there’s more camaraderie than competition among cybersecurity firms in New Zealand. “We maintain friendly relationships with fellow business owners in the industry. There’s ample work available for all.”

“Time is our adversary; we must stay ahead of malicious actors to protect our clients,” Simon emphasized.

Global statistics from Fortinet illustrate that the battle is challenging. While cybersecurity budgets increase, so do the threats. Cybersecurity Ventures estimates that protecting against these threats will cost at least $1.75 trillion between 2021 and 2025.

Charting a Path Forward

Despite advancements in technology and the growing influence of AI, Simon believes that fundamental risks remain unchanged, particularly with emerging challenges like cloud security and the Internet of Things (IoT).

“Many still overlook basic measures, such as two-factor authentication,” he stated. One trend highlighted by Gartner is the focus on human-centric security design, which resonates with Simon. Another critical trend involves improving people management for security. The focus is shifting from a purely technological approach to a more human-centric educational strategy, which Simon considers vital for mitigating cybersecurity risks effectively.

During our discussion, Simon mentioned current topics that are at the forefront of directors' and company leaders' agendas. These include IoT, hybrid working environments, state-sponsored attacks, ransomware, and the scarcity of cybersecurity professionals. However, these are merely surface-level issues; deeper challenges require strategic, long-term solutions instead of quick fixes.

Organizations must evolve from isolated cybersecurity practices into frameworks that support comprehensive value creation, positioning cybersecurity as a lever rather than merely a cost.

Cybersecurity is no longer just an IT concern; it should be integrated into every board's strategic agenda.

The Broader Implications of Cybersecurity

While organizations are becoming increasingly aware, private residences and individuals remain vulnerable, often allowing hackers free rein to exploit their systems.

In an increasingly digital world, cybersecurity is now part of everyday life for the average person. With an estimated 43 billion IoT-connected devices, securing these gadgets has never been more critical.

Consider the convenience of remotely controlling your heating system; a savvy hacker could exploit this to infiltrate your Wi-Fi network and access other connected devices. Similarly, an advanced camera doorbell could inadvertently serve as a gateway for cyber intruders to access sensitive files.

Have you identified your cybersecurity vulnerabilities? Are you employing two-factor authentication on your frequently used apps and websites? Can you recognize phishing attempts or discern between legitimate offers and scams? Even the most vigilant individuals can sometimes fall prey to deceptive links.

“Organizations are reaching a maturity stage where capabilities for detection and response are essential. While we lag behind the U.S., we are making progress,” he concluded, emphasizing the importance of individual awareness and engagement.

The pandemic triggered a massive shift from traditional offices to hybrid work models, presenting new challenges for Simon and his expanding teams. The critical question remains: how can we enable efficient remote work while ensuring security? The answer lies in a market where corporate solutions intertwine with the devices and applications used by individual employees, creating a complex and unpredictable environment.

Cybersecurity is not a straightforward path with fixed checkpoints; rather, it resembles a kaleidoscope, shifting with each turn.

The Visible Threats of Cybercrime

Simon pointed out that state-sponsored cybercriminal actions are often a means for countries like North Korea and Russia to finance their operations, including warfare and citizen surveillance.

“We are aware of how these actions occur, yet addressing them seems nearly impossible,” Simon remarked. “People need to maintain vigilance, and governments and businesses should prioritize educating individuals about these risks and mitigation strategies.”

He noted that communication breakdowns and subsequent detection failures often exacerbate cybersecurity breaches, making them more severe. “Take ransomware, for instance,” Simon explained.

Faizan Fahim's article highlights that “the average ransom payment surged to $220,298 in 2021, marking a 43% increase from the previous year.” The global cost of ransomware attacks is estimated to have reached $20 billion in 2021 alone.

“At ZX Security, we provide a comprehensive service to identify risks, mitigate them, and educate our clients to be aware, skilled, and proactive,” Simon explained. “We cover both cloud and physical security, incorporating risk analysis and strategic development. Our close collaboration with clients ensures that we effectively address the human factors, which often represent the greatest risk.”

As Simon advocates, every organization should regularly evaluate its cybersecurity strategies, policies, and practices, and continuously educate its personnel.

“We assess our clients’ cybersecurity maturity, services, and infrastructure to give them a clear understanding of their situation,” Simon explained. “We conduct tests and training and repeat the process because cybersecurity is not a one-time endeavor; it’s an ongoing journey.”

Professional assistance is crucial, but often, reputational risks, feelings of shame, and mere ignorance among leaders leave backdoors open to attacks. The true extent of unreported losses remains unknown, but Simon asserts it is significant and on the rise.

Turning Threats into Opportunities

So, what lies ahead for this still relatively young entrepreneur? “We are on a growth trajectory, exploring new service offerings both in New Zealand and globally.”

As our conversation drew to a close, it became evident that for this Kiwi cybersecurity leader, the mission is far from complete. Whether it involves scaling operations, navigating growth, or confronting constantly evolving cyber threats, the challenges are numerous, but so are the opportunities.

Now it’s your turn to evaluate your cybersecurity posture. Below is a handy checklist to guide your assessment and action.

Have You Conducted Your Cybersecurity Audit? Here Are the Key Steps:

• Strong Passwords: Ensure you use complex passwords that include a mix of letters, numbers, and symbols. Avoid using easily guessed passwords, such as your first pet’s name. Consider employing a password manager for enhanced security.
• Two-Factor Authentication (2FA): Activate 2FA for all accounts that offer it, including email, social media, and banking.
• Regular Software Updates: Keep all software, including operating systems and applications, up to date. Don’t wait for issues to arise—update proactively.
• Secure Home Wi-Fi: Protect your Wi-Fi network with a strong password, and avoid using public Wi-Fi for sensitive transactions. Change the default username and password on your router.
• Firewalls and Antivirus Software: Ensure that you have a firewall activated and reputable antivirus and anti-malware software installed.
• Phishing Awareness: Understand how phishing works and remain cautious of unsolicited emails or messages requesting personal information. Always verify the authenticity of such requests.
• Data Backup: Regularly back up your data. Establish a backup routine to safeguard your information in case of unexpected events.
• Social Media Privacy Settings: Review and adjust the privacy settings on all social media platforms you use, and be mindful of the information you publicly share.
• Device Security Settings: Familiarize yourself with your devices' security settings. Use lock screens and consider encrypting sensitive data. Tracking software can also be useful in case of loss or theft.
• Use of VPN: If you frequently use public networks, employing a Virtual Private Network (VPN) can help protect your sensitive information.
• Regular Security Audits: Periodically review the security of your devices and practices, and stay informed about new cybersecurity threats and best practices.
• Secure Financial Transactions: Monitor your bank statements for unusual activity, and use secure methods for online transactions.
• Continuous Education: Engage in cybersecurity awareness training or courses as available—seek reputable resources online.

Cybersecurity Terminology Explained

• CERT NZ: Computer Emergency Response Team New Zealand — the organization responsible for managing computer security incidents in the country.
• Phishing: A cyber attack aimed at deceiving individuals or organizations into providing sensitive information through fraudulent emails, texts, or websites.
• Ransomware: Malicious software that encrypts files on a user’s device, demanding a ransom for their release.
• IoT: Internet of Things — a network of interconnected devices embedded with software and sensors for data exchange.
• State-sponsored Attacks: Cyber-attacks that are conducted or supported by government entities.
• Two-Factor Authentication: A security process requiring users to provide two different forms of verification to authenticate their identity.
• Remote Work: Working from a location outside the traditional office, often from home.
• Dark Web: A segment of the internet not indexed by search engines, often associated with illegal activities.
• Hacking Challenge: A competition designed to showcase cybersecurity skills, frequently used in recruitment.
• Hybrid Working: A work model that combines remote and in-office working arrangements.

Thank you for engaging with my article. For more insights into technology, creative marketing, and neuroscience, feel free to subscribe to my newsletter, FreshWrite, here.