[Techie Tuesday] This school dropout turned cyber whiz helms the first Indian cybersecurity startup to work with the US govt
In this week’s Techie Tuesday, we meet Trishneet Arora, Founder and CEO of TAC Security, a cybersecurity startup he founded at the age of 19, which is on a mission to secure cyberspace and become the Google of cybersecurity.
Tuesday April 13, 2021,
12 min Read
The walls of Trishneet Arora’s office are lined with certificates, awards, and accreditations he has received. For a tech wizard who dropped out of school after failing his eighth standard exams, Trishneet has an enviable collection, rivalling, maybe even surpassing, those of many executives who’ve graduated from the country’s premier tech and engineering institutes.
But Trishneet does not see these as awards, he tells YourStory. For him, the wall reminds him of how far the 27-year-old has come in his journey as a cybersecurity expert, tech entrepreneur, and business leader. To be precise, that’s over 17 years as a tech and cybersecurity wizard, and 8 as Founder and Chief Executive Officer of TAC Security, which is poised to become the largest global player of vulnerability management in the next three years.
The ethical hacker – who is now on a mission to build the Google of cybersecurity – says the wall helps him to stay calm and stay grounded. It reminds him of where he started and of a journey that began when he was a 10-year-old boy whose interest in cybersecurity was piqued by the findings of an industry-wide study that revealed India would need around 77,000 ethical hackers every year.
That interest soon turned into a passion for ethical hacking which, in turn, transformed into his vision of securing cyberspace and defining the future of cybersecurity – a vision Trishneet has been doggedly driving through, the cybersecurity startup he founded as a 19-year-old boy with just Rs 75,000 seed money that his father gave him.
“The whole journey started with just Rs 75,000 and reached this level. But it is not about the achievement. Nor the destination. It is about the journey. And it has been a phenomenal journey. Meeting new people and new customers, solving their problems of cybersecurity, hiring the right people and a strong leadership team, leading a profitable venture, expanding abroad… all of this has been phenomenal,” Trishneet says.
That journey for Trishneet has also included several other milestones, including:
- becoming the author of his first book, Hacking Era, when he was merely 19-years-old
- executing the company’s first assignment for a Fortune 500 company just a year after its launch
- raising funding from prominent investor Vijay Kedia
- being backed by ex-Vice Presidents at tech majors like Subinder Khurana of Cognizant and William May of IBM, as well as former Singapore-based Regional Sales Director of Imperva, Lawrence Ang
- having a day named after him - Trishneet Arora Day - by the Mayor of Santa Fe, New Mexico in the US
- being recognised by various media organisations such as GQ Magazine, Forbes, Entrepreneur Magazine, and Fortune as one of India and Asia’s top tech entrepreneurs and leaders, and
- being accepted into Forbes Technology Council, an invitation-only organisation comprised of elite global technology executives.
And yet, Trishneet says he is constantly reminded about one of the “best things” about this journey every time anyone asks him if he can use his knowledge about cybersecurity for adverse purposes. He tells them he can and believes it may even have happened, had it not been for the ethics and values his parents imbibed in him early on.
“When I’m asked this question, I say that it definitely could have happened; I could’ve used my knowledge for the wrong reasons. Because this knowledge is very dangerous to have. But this is one of the best things I have learnt from my parents: to always try to be on the good path, instead of going in the wrong direction. So I always value and follow ethics. And that's why the organisation is growing rapidly,” he affirms.
Eight years of TAC Security
Today, eight years after its launch, TAC Security is a next-generation risk and vulnerability management company that secures governments and large enterprises across the globe, including top Fortune 500 and 100 companies, through its Enterprise Security in One Framework (ESOF) product.
TAC Security is also one of the most venerable names today in the field of pentesting – also referred to as ethical hacking or penetration test where the security of an application is assessed by launching authorised simulated cyberattacks on it and penetrating the network’s security to look for vulnerabilities.
It is the first Indian cybersecurity company to work with a US government law enforcement agency, which has been using ESOF for over three years, in addition to working with the Indian government and related agencies.
TAC Security is also the largest auditor of UPI applications, providing end-to-end security for these applications and having assessed over 10 billion UPI transactions for more than 200 banking applications with ESOF.
Trishneet explains, “When you use any UPI application, you are using TAC Security. This means, if you are in India, you can say that for any digital payment you are making, TAC Security is directly or indirectly involved in that transaction. So, we are making an impact on digital payments for more than 50 crore people in India.”
“That's the value that we have seen from turning something we are passionate about into doing something with society for a greater good. It is not about doing something for society. I think it is better to do something with society and that is what we have done so far,” he further adds.
Through ESOF – the company’s AI-powered cyber risk-based vulnerability assessment and management platform which it launched in 2018 – TAC Security is making life easier for enterprises to ensure their security by automating the whole process. ESOF uses remediation playbooks to prioritise the risk of an enterprise and gives them an accurate result and cyber-risk scoring with the help of artificial intelligence (AI) and machine learning.
"There's no single large player who's dedicatedly working on risk and vulnerability management product; we took this decision early to build the next-generation vulnerability management platform, ESOF, and in the next three years, TAC Security will be the largest global player of vulnerability management," Trishneet says.
As a product-focused company – a pivot it made in 2018 from being a security services company – TAC Security is now targeting revenue of $1 billion by 2025. The company recorded 200 percent revenue growth in FY19, 300 percent growth in FY20, and has seen roughly 200 percent growth even in FY21, despite the initial impact of COVID-19 pandemic, Trishneet says.
“The global security and vulnerability management market is estimated to grow to around $20 billion by 2025 from around $12 billion in 2020, and we want to capture 5 percent of the global market by 2025 and expect our revenue to be $1 billion,” Trishneet tells YourStory.
Apart from the five-year revenue target of $1 billion, prod Trishneet about valuation, and what you get is his emphasis on focusing on value creation, rather than on valuation.
“I have never looked at valuation,” Trishneet says matter-of-factly. He elaborates,
“We focus on value. What value we are adding for customers. What value we are adding for people who are working with us. What value we are adding for the company. If we are looking at those things, then we are on the right track, and valuation will naturally follow.”
Get out of your comfort zone
In addition to value creation, Trishneet is a firm believer in stepping outside your comfort zone as an entrepreneur and a business leader.
He uses TAC Security itself as an example.
“We were making good money as a security services company. But the truth is, we wouldn't have been sitting here if we would not have transformed ourselves and shifted focus from a services company to a product company.”
This was one of the best decisions Trishneet believes he made as an entrepreneur and a founder. It was also one of the toughest, he says.
At the time, many didn’t believe TAC Security would be able to make that transition. They said services has been TAC Security’s DNA from the very beginning, Trishneet recalls.
Nevertheless, he was undeterred by the fear of losing. Instead, he was spurred on by the conviction that, if nothing else, this would be an opportunity to learn something new.
And that’s how the company’s ESOF product was born in 2018 – a year after the idea first came to Trishneet following an interaction with one of the company’s large banking and telco clients.
The clients, Trishneet recalls, told him the security assessment report and the services TAC Security were offering were great, but that wasn’t enough. They needed a solution to manage the whole ecosystem of their cybersecurity needs.
In the weeks and months that followed, Trishneet and his team held multiple meetings with existing and potential customers as well as with industry veterans to understand the key pain points in the market when it comes to security and vulnerability management.
That’s when the team came up with the idea of ESOF, a comprehensive vulnerability assessment and management platform that collects vulnerability data across the IT stack and calculates the cyber risk score for any and every asset in an organisation and helps in tailored remediation to mitigate the risk and improve security posture.
“In the past, when I have been asked this question: where do you want to take TAC Security? I said we want to build TAC Security as the Google of cybersecurity. What I meant was this: for anything that you need to search, you go to Google. The same should be with TAC Security and ESOF: anything to do with cybersecurity, it has to be available on ESOF. That's what we are trying to do now,” Trishneet emphasises.
Trishneet Arora’s Triple-P formula
Powering this mission to build the Google of cybersecurity and consistently stay relevant for customers is Trishneet’s simple triple-P formula, he tells YourStory.
By triple-P formula, Trishnet says he means finding the problem faced by the customer, next finding the person who can solve that problem, and finally taking that solution back to the people.
Trishneet says he follows this triple-P formula to stay close to the customer. Following this rule helps him “immensely” to learn from his customers, build solutions for them, and sell these products to the customers.
It helped TAC Security, which generates over 60 percent of its revenue from the US, to win one of its major clients: the US government.
Trishneet recalls being invited by the Governor of New Mexico and meeting a lot of people then. Later, at an international conference for aerospace, the same governor – who was the chairman of the conference – invited Trishneet as a Speaker, to address more than 50 governors of different US states.
That opportunity of meeting people, interacting with them, showcasing the product to potential customers, demonstrating the proof of concept – all of this over a good six-to-seven-month period – helped seal the deal in 2018.
“It looks easy. But it was tough. A lot of back and forth was involved. But in the end, I had a great product in my hand which I could show to them and I was with the right people. Again I would say, I am a people’s person. So I was with the right people, selling the right product that helped them,” Trishneet says, referring once again to his Triple-P strategy.
A simple life
Indeed, this ‘people’s person’ believes people offer him life’s greatest lessons.
For a pukka North Indian Punjabi boy, Trishneet swears he prefers hanging out with ‘good company’ and people he can learn from, rather than partying.
“If I’m with somebody, it should be in good company and people I can gain knowledge from. That’s the first choice,” says Trishneet, who also counts cycling, travelling and cooking, particularly fish and chicken, among his other favourite things to do.
Cooking, Trishneet confesses, is something he does often for his family. Another ritual he shares with his family is celebrating his birthday and a visit to the Golden Temple at Amritsar on his birthday and every New Year. He also travels with his family on occasion, whenever he can get away from work, to locales like Kashmir, among others.
But mostly, Trishneet’s travels have been work-related. In fact, he may have set a world record for the number of flights he took in 2019 alone: 300 in total. That number has since dwindled to around seven since COVID-19 broke.
“I like to live a very simple life. Before COVID, it was different. After COVID, it is totally different. I think I have a different perspective now. I try to keep a simple life. In a typical day for me, I go to office, meet people, try to understand problems, try to expedite any work that is on the plan. And I talk to customers a lot -- whether they give me business or not, doesn’t matter. But I talk to the customer. About what is it going on in his life. That’s more important. We do that,” Trishneet says, reflecting on other changes that have occurred in the new normal.
Trishneet’s day is also spent in working on strategy and long-term planning for the company, as well as with the product and innovation team, even as a capable leadership team handles the operations and business as usual, he says.
“That's how my life looks like. And how my day looks like. I am all over wherever I am required. That's what I do,” Trishneet says. When he’s not working, he enjoys going to Mandirs and holy places to “thank God for whatever I have.”
And that seems only right given the many feats Trishneet has achieved in his life. But ask Trishneet if he believes he has accomplished everything he set out to do and he emphasises that there is a lot more to be done.
“Cybersecurity is such a large domain and there is a lot more to happen. We are definitely trying to do our best in this space and we would be able to do that for sure because we have a great team, product, people, and customers. So we would be able to make TAC Security a great company. But I will enjoy the journey more than the destination,” Trishneet signs off.