Fresh off the heels of Raleigh-based Security Journey’s acquisition by Pittsburgh-based HackEDU in late May, Chris Romeo—the CEO and Founder of Security Journey—has a wealth of insight from his business journey.
The ‘security journey’ all started with Romeo’s time working for Cisco around 15 years ago. It was there he created the Cisco Security Ninja, Cisco’s own product security training program. The program aimed to teach developers and engineers the foundational pieces of security and secure coding.
Once Romeo arrived back from a conference in California, he knew there was an even greater demand for such a program outside of Cisco’s doors. Upon finishing his speech at the conference, there was a line of people asking where they could buy the program.
Initially, Romeo thought they were joking. When he brought the idea to Cisco, they shut it down since it wasn’t part of their core business, Romeo said. But this couldn’t stop Romeo from launching Security Journey in 2016. It was his own take on providing developers greater insight into security. Just last month, Security Journey made it onto the Triangle Tweener List.
The cloud-based platform delivers a training experience for developers, beginning with a foundational white belt all the way up to a black belt, which means the learner has begun to improve security within their own company.
Pre-acquisition, Security Journey had a team of more than 20 as well as 70 clients from all types of organizations, small, medium and large. As Security Journey was attracting more attention from private equity and VC firms, Romeo said HackEDU truly stood out for its interest.
HackEDU had been a competitor in the same space, but by bringing Security Journey and HackEDU together, customers could finally get everything they wanted.
“When I thought about our programmatic content-driven product, combined with their hands-on coding sandbox-based environment, putting these two things together was just a really good combination,” Romeo said. “It provides really the best of both worlds from a customer perspective.”
Having been in the security application world at Cisco for 10-plus years, Romeo said every decision he made at Security Journey has been in the lens of what would have been valuable to him as the customer.
“People always ask, what’s your unfair startup advantage?” Romeo said. “My secret weapon was, I am my customer, and I’ve sat in the chair of my customer.”
That’s part of what made the acquisition offer so compelling, as Romeo knew just how much it could transform their offerings to customers.
“Sitting as someone who’s been in my customer’s shoes, I immediately saw the combination of these two things and said, ‘Wow, this is going to be something that’s really going to help people to change security culture inside of development organizations,’” Romeo said.
Integrating Security Journey and HackEDU is the first step so customers can use the individual platforms—or both—without any friction. HackEDU will maintain its office in Pittsburgh while Security Journey maintains its office in the Triangle. The company is also keeping all employees on board and even looks to hire more, Romeo said.
“This is one of the beautiful acquisitions, where everybody’s moving forward with the company and has an opportunity to grow in their career as we grow the business,” Romeo said.
Post-acquisition, Romeo plans to focus primarily on the content side of the business, building new courses and guiding HackEDU in helping enterprises change their security culture.
Along the startup journey, Romeo feels he’s learned a hundred lessons or so, but at the same time, he realizes there’s no substitute for experience.
“There is no class, there is no book that you can read going into the startup experience,” Romeo said. “You just have to experience it. Even though you can read about the case studies, you have to make the mistakes—and you’re going to make the mistakes. I’ve made plenty of them, and you just have to learn from them.”
The HackEDU acquisition was the first money that came to Security Journey from the outside. Romeo said bootstrapping for so long brought along significant advantages.
“There’s a time for outside investment in startups, but the longer you can go without taking money, the better deal you’re going to get in the process, because you’re solving problems on your own and growing the business from within,” Romeo said.
He’s also leaned on one of his lessons from the very first company he worked for (Arca Systems in Virginia) back in 1997: build a company you want to work for. Look at decisions through the lens of how fair others will see them.
“If you want to build a successful startup, yes, you have to have a great idea,” Romeo said. “Yes, you have to have passion and drive, and you’re going to have to put in a lot of effort to do it. But don’t build a company that you don’t want to work at because there is more to life than just the startup. Part of the experience is having a group of people who are sharing your visions, sharing your passion, and going along with you on the journey.”
It was with these team members that Romeo and Security Journey made their way through the dark month of April 2020. That was when, because of the pandemic, nobody was answering calls. No one would say yes to demos. Things looked incredibly bleak, Romeo said.
One month later, people started answering the phone again, and deals started to move across the pipeline. The company had got through the worst.
The majority of the team is based in the Triangle, and the quality of talent here has been a strength for Security Journey and the overall region, according to Romeo.
If he did it all over again, Silicon Valley or New York could never top the headquarters Security Journey has already made here.
“If I was going to start another startup,” Romeo said, “this is where I would do it because it’s the best place to live.”