How do you apply human intuition to cybersecurity? Rohyt Belani, CEO of Cofense, speaks with Acuris Capital Intelligence about fighting off phishing attacks, building a long-term platform strategy and the implications of its recent acquisition of Cyberfish, its first under BlackRock ownership.
Interview by Mark Andress
Q. How did you choose your latest acquisition?
Just as Tesla tries to apply the concept of human vision to computers, Cyberfish applies the concept of human intuition—when you receive an email or visit a web page, you can tell if something is off. Cyberfish uses computer vision that can be trained by our data. That’s why it was appealing. We looked at 11 different startups in this space, evaluating their technology and culture, before landing on Cyberfish.
Q. Do you expect to do more acquisitions?
We are always looking at ways to accelerate our road map and strategies—it’s a constant build-versus-buy discussion. For the near-term, we want to focus on integrating the Cyberfish acquisition. But it's not a one-and-done deal. BlackRock is very supportive. We do think that this will be a pivotal acquisition.
Q. In what other areas will you look?
Email continues to be the dominant mechanism of communication for organizations and the flavor du jour for attackers to break in. We are also keeping a close eye on chat applications like Microsoft Teams or Slack to see if there’s something there that will turn into a threat. If that turns into a channel of attack, it will be a natural expansion.
Q. How big are you?
In terms of annual recurring revenue, we are inching up to the magical US$100 million mark. A lot of companies get excited about that and start thinking about going public, but it's less of a milestone for us. It's more about building an enduring platform.
Q. BlackRock first invested in Cofense in January 2018 and then took majority ownership after the Committee on Foreign Investment in the United States (CFIUS) forced Russia-linked Pamplona Capital Management to sell its stake in August 2019. What does a liquidity event for BlackRock look like?
All options are on the table. After the CFIUS decision, we were able to reset BlackRock’s investment time a little bit. We have a long-term horizon with them now. In the near term, we are heads down executing as we build out a viable one-stop shop. We believe we can turn this into a platform for email security—like an app store for email security. The data we have can see which geographies and which industries attackers are hitting and which technologies they are bypassing. A lot of organizations would love to have access to that. For example, let’s say someone in a finance department has been susceptible to phishing attacks and their employer needs to drop their level of access to reduce the risk. We would be happy to give access to that data, with the right financial structure, and organizations can use it and build it into their own security operations.
Bit of background: Cofense combines a global network of 27 million people reporting phishing emails with advanced AI-based automation capabilities designed to stop phishing attacks. Rohyt Belani has over 18 years of experience in technical and senior management roles at leading cyber security companies. Prior to founding Cofense (formerly PhishMe), he served as CEO of Intrepidus Group, Managing Director at Mandiant and Principal Consultant at Foundstone.
This interview has been edited for clarity and length.
