Start-up of the month
IT-Seal GmbH - Social Engineering Analysis Labs
Often, the worst security gap in companies are their own employees. A single click on a compromised e-mail link allows employees to paralyze the entire IT infrastructure. This means, well-trained employees are a key component in the IT security strategy of every company. IT-Seal focuses on this problem and individually trains employees with spear phishing emails and other social engineering simulations. The young technology company carries out simulations of hacker attacks and sends out fake advertising emails and payment requests. If an employee clicks on the link, they will be sensitized directly on an interactive explanatory page about the handling of e-mails of this kind in order to prevent dangers like it in the future.
We ask Alex Wyllie, initiator and founder of IT-Seal, how the path to self-employment has taken place, why innovative IT security ideas are so important, and what he can do to help startups of tomorrow.
Alex, behind the idea of IT-Seal are basically the findings of a master thesis. What prompted you and your team to take this idea and venture into your own independence?
The saying comes to my mind: "I'm feeling like an entrepreneur". I think that was the main motivation. There was the master's thesis in IT security from David, which formed the technical basis of the idea. We have realized that it has great economic potential and hits the ravages of time. The market niche for this was not occupied by any German manufacturer. It was clear that it had to be a scalable solution. Financial reasons were not decisive for the spin-off, it was the adventure.
During my semester abroad in Sydney, a professor who is himself a two-time founder of the biotech scene taught. During this time, I noticed that I have entrepreneurial and innovative thinking. At the end of my biotechnology studies, I researched cancer drugs in the lab and saw for myself how much money was spent on industrial research and how disatrous industrial espionage would be.
In addition there was a personal level. David and I have known each other for a long time and have always got along well, so we could imagine we to found together. While we are very different in our thinking, actions and communication, there is some basic trust. The start was a trade fair appearance at the CEBIT and the promotion by the EXIST founder scholarship, then Yannic came to the founding team. The foundation was a great life decision for me with many ups and downs, which was only possible through the support of my personal environment.
The idea of using phishing e-mails to sensitize employees to the daily handling of electronic messages hits the ravages of time. Why do you think innovative ideas in the field of IT security will be needed in the future?
Awareness and the human factor are hot topics in IT security. Technical foreclosure is very important for the industry. The human factor is the problem - or rather, the solution that needs to be developed. Our technology is a variation of a solution to this problem, but there are many ways to address this problem and, for example, to develop technical protection mechanisms that are not too soft.
In addition I see potential in the field of hardware, but here are other channels to record. Once a newly developed hardware works and is beneficial, it should be sold directly to the customer to generate feedback. Afterwards, the hardware can be produced and distributed to distributors and resellers. Be wary of the existing structures in the IT security market, this makes it easier for a hardware developer to align with these structures. For the IT security market as well as to hardware and software applies: open-mindedness and respect brings one further. The IT security scene is very well connected. If a customer is interested in a particular product or solution that is not offered by that company, then they will refer to one another.That's a huge advantage.
Many ideas of potential founders remain hidden for fear of failure. What do you advise the start-ups of tomorrow, but still venture the way to a start-up and when is the right time for it?
You should carry passion and innovation in you. These qualities combined with a professional competence in orderly channels and as soon as possible "putting something on the street", that's my tip for security start-ups of tomorrow. I therefore advise all new founders: develop quickly. Define clearly what your product is. Find the contact person in a company that should be interested in your product and introduce the product from day one. All you need is a one-pager, a couple of meaningful slides and a phone. Speak directly to the companies, in the best case the IT manager or the IT security officer, introduce yourself and ask for a short meeting. This is also the way to the first pilot customer. So you can try out your idea, collect feedback and improve your product.
There is no better time for founding cybersecurity than it is today: globalization and digitization offer numerous and varied possibilities, and the continuous development of AI, blockchain, IoT etc. is opening up more and more doors. Of course, the right time to start a business is very individual. The university degree gave me security. My academic background has nothing to do with what I do at IT-Seal. Important for a foundation is a personal maturity - and that gives you the time at university. But if you have a good idea, do not wait, because the economy is changing fast. If your idea covers a need gap, get it going!
There is no doubt that inspiration also offers the largest IT security trade fair in Europe: it-sa. IT-Seal is represented for the third time this year. What will you present?
Among others, the it-sa awareness program Lifetime and our partner models will be presented at it-sa. Lifetime will be the first project that will run continuously, so we will accompany a customer for a very long time. In doing so, we adopt the complete security awareness program for a company: the company itself sets a target value that expresses the safety awareness of the employees and the company is subdivided into groups, e.g. according to departments. We measure awareness in all groups and train them as needed. When the safety awareness of a group develops negatively, the employees are specifically trained with short videos, e-learning or classroom training.
Thanks for the interesting conversation, Alex! See you at it-sa.show all news