Honestly I think it’s unhealthy thinking to have a ‘get acquired, be rich’ goal for your company. Focusing on market problems and being pragmatic about how you get there is important. If you want to be acquired, then create something worth acquiring.

Ian Hassard—Director of Product Management at Arctic Wolf

We recently caught up with Ian Hassard, who—while running Product Management and Marketing at RootSecure—became our first customer.

RootSecure was acquired in late 2018 by Arctic Wolf, and we thought it would be instructive to hear about Ian’s experiences and to get his thoughts on cybersecurity, acquisitions, local competition, working with your friends, and the importance of being able to punch above your weight.

You were our first customer—and hey, thanks for getting the Cromulent ball rolling!—back when you were VP Product and Marketing at RootSecure. A few months after our project, RootSecure was acquired by Arctic Wolf. What’s your role now, as part of “the pack,” and what does it mean in practical terms?

It’s been a wild ride.

My new role is effectively being the business owner for the RootSecure offering—now known as Arctic Wolf’s Managed Risk solution. Essentially, it’s back to basics for me, being pragmatic and working with my Product Marketing and R&D counterparts to identify market problems and deliver solutions to those problems.

I guess the only real difference from my past lives is this is a managed service so understanding how to operationalize and deliver the service with our teams is now part of the job description, too.

How does the RootSecure managed risk portfolio fit into the larger Arctic Wolf portfolio?

It’s a peanut butter and chocolate story really. If you look at the CyberKill Chain or NIST Cybersecurity Framework, there’s a need for proactive and reactive security.

Arctic Wolf previously was focused on the MDR (Managed Detection and Response) aspects of their business. That is mostly reactive in nature: detect bad things as they happen and block/remediate. RootSecure, now the Managed Risk service, focused on shoring up our customers’ security posture to make sure they have maximized their defenses and understand all the possible attack vectors.

Arctic Wolf is growing very rapidly—what does that mean for the company, and specifically for the marketing department? How have things changed now that you’re part of Arctic Wolf? What things have stayed the same?

I can’t speak to revenue but when we were acquired, I was/am employee 175, and now we’re over 400, crazy!

What’s stayed the same are the problem statements. We are still trying to tackle the same issues of people’s complacency around security—the big competitor is “doing nothing.”

Just like at RootSecure, we still do shows, make collateral, update websites, do demand-gen activities, but what’s great is we now have the resources and a team to drive those activities full-time where before it was something we couldn’t focus on.

Just like at RootSecure, we still do shows, make collateral, update websites, do demand-gen activities, but what’s great is we now have the resources and a team to drive those activities full-time where before it was something we couldn’t focus on.

Arctic Wolf is a very distributed organization, with multiple offices and staff spread over a large geography. What does it take to get everyone coordinated and on the same page?

A good video conferencing system!

Honestly, the technology component is one of the biggest enablers here. Sometimes we go into meetings where we have three of our four offices, and some remote employees…and nothing skips a beat.

I think the unique property of Arctic Wolf is that we had these locations pretty early in the company’s life; so it’s not as bad as a foreign office introduced by acquisition or some power-play dynamics. Instead, it’s just always been this way so it’s just how it is—in a good way.

And Arctic Wolf is almost a bit of a reunion of sorts, too—a number of our former colleagues from the Sandvine days are part of the team. How important is it to you, or what benefits does it bring, to work with people you’ve worked with for years?

I think one thing people forget, is how small K-W truly is, and I don’t mean that as a negative.

The tech community is always evolving and growing here, but you make friends and you’re never very far from them. And talented people are typically friends with other talented individuals.

So naturally there’s an urge to try and work with your friends.

At Sandvine, Dave* would always say one of the number one reasons people stay at a company is because they work with their friends. That’s so true. Although I think it’s possible to go it alone and be successful, why bother when you can be successful with your friends?

*Dave Caputo, Sandvine’s then-CEO

I think one thing people forget, is how small K-W truly is, and I don’t mean that as a negative. The tech community is always evolving and growing here, but you make friends and you’re never very far from them. And talented people are typically friends with other talented individuals.

The Cromulent project for RootSecure involved crafting a messaging guide, producing a brochure, and building an overview deck. Have any of those resources been used within Arctic Wolf?

I think what Cromulent did in helping us build our messaging guide was critical to our success—that outside-in unbiased opinion gave us a fresh perspective on the product and messaging. We used the messaging guide heavily at RootSecure to drive website updates, content, resources, etc.

I think it honestly helped present our company to appear larger than it actually was. Appearance is important with security companies.

When the acquisition happened in December 2018, I think we shocked Arctic Wolf with the level of content we had prepared, our competitive intel, the messaging guides, customer docs, and branded collateral. Most companies our size you’d think are bootstrapping and wouldn’t have that content. This was largely because of the foundation set down by Cromulent.

Practically, these materials really helped with the transition into Arctic Wolf, because the people who were already there could quickly learn what we did and how we fit.

When the acquisition happened in December 2018, I think we shocked Arctic Wolf with the level of content we had prepared, our competitive intel, the messaging guides, customer docs, and branded collateral. This was largely because of the foundation set down by Cromulent.

The Waterloo region now has a fair number of security companies: why do you think that’s the case, and what are the pros and cons of having other security companies—in some cases direct competitors—as neighbours?

I think Waterloo is a perfect region for security. We have tons of math, computer science, and business grads… Plus no shortage of AI and Machine Learning expertise.

I think it’s only natural more security companies are developing here, or moving here. The problems are endless, the technology is cool, and the industry is in a perpetual state of growth.

I see competition as a good thing: it means you’re doing the right things. More interestingly to me are the few giants in town, and what are they doing? BlackBerry’s acquisition of Cylance is a leading indicator we will see more big moves by sleeping giants.

More than a few local companies aspire to be acquired some day: what advice do you have about how to bring about that outcome, and how to ensure closing and integration proceed smoothly?

Honestly I think it’s unhealthy thinking to have a ‘get acquired, be rich’ goal for your company.

A wise man once told me capitalism is the most sincere form of democracy. People and companies pay for services they like, need, or want… Focusing on market problems and being pragmatic about how you get there is important. If you want to be acquired, then create something worth acquiring. If you want to go public, then figure our when/if that makes sense for your company.

From an integration aspect it’s all about setting the expected outcomes and working backward. Agreeing to what the outcome of the integration will look like will help define the steps needed to get there. Every company is different, culture matters and setting clear success criteria helps to keep people on the same page.