The industry has evolved from providing services to developing its own technology, which has aroused the interest of investors and companies, as shown by the sale of 500 million Alien Vault in March.
When Alien Vault started a little over a decade ago, few could dream of a Spanish cybersecurity company becoming a world reference. And much less that it ended up falling in love with an American giant.
However, Alien Vault has broken all the schemes. Last July, the North American operator AT & T disbursed 500 million euros for its technology , according to sources close to the operation who have confirmed to EXPANSIÓN. “It is the largest operation in the history of the sector and marks an important milestone for Spanish start-ups“, remarks Alberto Gómez, founding partner of Adara Ventures and one of the visionaries who knew how to anticipate the company’s potential.
This venture capital , which opted for Alien Vault in 2008, has been combing the Spanish market for scalable projects in the field of computer security for a decade. Among its investments are companies such as Countercraft or Blueliv.
For Julio Casal, co-founder of Alien Vault, who left the firm in 2013 and has held a seat on the board since then, the company could be defined as the Internet Prosegur. “Centralizes all the information of a very wide network of computers in a single point and allows the centralized surveillance of a company”.
The evolution of Alien Vault in this decade has run parallel to the development of the cybersecurity industry in Spain: there are not only service companies, but technology developers are also emerging . “We started with a service company that, for a few years, supported the development of technology, in the morning we took care of customers and in the afternoon we worked on our product,” recalls Casal. He adds: “What happens with the service companies is that they have a ceiling, to grow you have to win many clients in many countries and that costs a lot,” he says.
SERVICES VS. PRODUCT
The appearance of companies such as Alien Vault, Devo or Blueliv, with their own technologies that compete with those of powers such as the United States or Israel, has not gone unnoticed by some investors. “For a venture capital , the companies that develop product are more attractive because they have more growth potential, the service has a lower risk profile, slower growth and different returns,” explains the partner of Adara Ventures.
But in a country where historically no software development has been undertaken, it is almost a miracle that prominent and scalable companies emerge in this field. “If the ecosystem does not take off, it is not due to a lack of talent, but there are very good ideas but there is a lack of support from investors, who usually have a very short-term vision”, explains Pedro Castillo, founder and CEO of Devo , a company of Spanish origin founded in 2011 that has developed a real-time data analysis solution that is also used in the field of cybersecurity.
Devo, which has raised 71 million dollars (more than 62 million euros), has rejected offers to buy millions of US giants, according to Castillo. The former Director of Technology at Bankinter stresses the disadvantage of not having the muscle that North American companies have. “Our biggest competitor is the American Splunk, our technology is better, but they are worth 14,000 million in the stock market and invoice 2,000 million dollars,” he illustrates.
NOTHING TO ENVY
Hence, companies such as the Devo or Alien Vault opted at a point in their career to move their parent company to the United States. In both cases, they placed US executives at the forefront of company management.
” One of the problems we have is that we have a lot to learn from a business point of view, but in terms of technology and ability to innovate, we have nothing to envy,” explains Daniel Solís, founder of these decisions. and CEO of Blueliv , a company that researches, analyzes and prevents virtual threats.
An opinion shared by the CEO of Hdiv Security , Roberto Velasco: “On a technical level we are at the same level as large companies in the United States or Israel, what we lack is the same ecosystem of financing and marketing,” he says. In the United States, Velasco says, 65% of the global cybersecurity business is concentrated.
Hence, the company, which in September announced a seed investment of more than 800,000 euros, is already planning to open an office in the North American country. “If you’re not there, you do not exist and it’s almost impossible to attract US investors,” he says. Hdiv Security hopes to close a round of 3 million by the end of next year with which to finance this expansion.
The truth is that these start up make a titanic effort to survive while developing their products. Castillo recognizes that after spending more than two years writing lines of code, they were very close to running out of money to continue.
“A US company can raise five or ten million dollars in a first round with a staff of three employees and a Power Point , which would not capture more than half a million, we are talking about a difference of magnitude of ten,” says David Barroso. , co-founder and CEO of counter-intelligence startup Countercraft . Founded three years ago, this company is a benchmark in Europe for its technology to set traps for cybercriminals.
To the sum of talent and good ideas we must add another key element when explaining the emergence of the business of cybersecurity technology in Spain: the interest of companies for technology with a Spanish stamp has finally awakened.
“Now there are more people who are encouraged to create these companies and funds willing to bet their money, but above all, there are clients, companies such as Telefónica, Santander or BBVA have traditionally turned to large suppliers but are now willing to try local companies. smaller, “says Gómez.
Although something is changing, there is still a long way to go. “Traditionally, when a Spanish company has looked for a technology provider, local companies have been the last of the line,” complains the founder of Devo.
The fact that historically is not associated to Spain with the development of software can also play against when competing internationally. But Barroso sees elements that play in favor of made in Spain . ” Cybersecurity is a matter of trust and geopolitical tensions can help us, there are countries that do not want to buy technology from the United States or Israel and we can take their place,” he says. And send a message to the European Union: “Europe has to build powerful software companies and not depend on third parties, but there must be a commitment beyond giving small grants.”
Are we dealing with specific cases or are we witnessing the take-off of a solid ecosystem? “There is good raw material in cybersecurity in Spain and a very interesting entrepreneurial ecosystem,” says Xavier Mitxelena, director of Accenture Security and founder of S21sec, a quarry of professionals in the sector. An opinion shared by the CEO of Blueliv.
” This is not a punctual thing, it’s going to have a pull, in Spain there is a lot of talent and we develop state-of-the-art technology that is appreciated outside in a market that is becoming more and more important, such as cybersecurity,” remarks Solís.
And it does not escape anyone that the success of Alien Vault, that few imagined a decade ago, is an incentive for entrepreneurs and investors who seek to write new success stories in the cybersecurity sector.
The family of S21sec
The S21sec services firm is one of the great quarries of Spanish cybersecurity. Founded in 2002 in San Sebastian, some of the names that today are leading the transformation of the sector have emerged from there. “Some companies create others, If there had not been a leading company at the time, probably we would not be here,” says the CEO and co-founder of Hdiv Security, Roberto Velasco. The CEOs of Countercraft and Blueliv, David Barroso and Daniel Solís, also appear on the payroll of former employees of S21sec. Outside Spain, Fermín J. Serna, current head of Information Security at the Google offices in Seattle, is another of the former who has climbed the highest.