Growing up in Leominster, Kevin O’Brien started out writing code on a Commodore 64. In the late-80s, O’Brien subscribed to computer programming magazines, where he learned to program thanks to the interactive stories. “You had to finish the program to see how the story ended and it was written in BASIC,” O’Brien remembers. “It was obviously designed to teach children how to code.”
In his college years, O’Brien kept his interests laid in tech, but did not go for the usual computer science degree. Instead, he studied a variety of subjects, including philosophy, film and world languages. O’Brien also began another outside interest; practicing martial arts, specifically the Japanese martial art Aikido.
Throughout his time at UMass Amherst, O’Brien worked for an early-stage security startup, @stake. “I got the ‘bug’ so to speak,” O’Brien remembers. “It solidified my interest in startups and deepened my interest with cybersecurity.”
Working in early-stage startups started to become a recurring theme for O’Brien’s career. After graduating UMass Amherst, he was hired by QAS and then, Contact Networks. Both companies were later acquired by Experian and Thomson Reuters respectively.
In 2012, O’Brien moved to working with CloudLock, where he held a variety roles, including as a Senior Solutions Architect as well as Director of Product Marketing. Another cybersecurity company, CloudLock was recognized as an early innovator of cloud-based security, helping define the concept of Cloud Access Security Broker (CASB) solutions, as well the concept of aligning security software with business objectives rather than impeding them.
At this Waltham-based startup, O’Brien not only helped increased revenue with his marketing know-how, but he also served an industry expert contributing to several media outlets, including Wired, CISO Magazine, and NPR Marketplace. He also started working the conference circuit as a speaker. CloudLock would later become acquired by Cisco.
After CloudLock, O’Brien joined the founding team at Conjur in 2014 as a Vice President where he built out and led the core marketing and sales team. The company just announced its acquisition this past May.
As you might have noticed, there’s a common theme for the companies that O’Brien has joined. Each company was ultimately acquired at some point. So, how does he keep picking winners? “It’s part luck, part science, and part heart. There’s no single formula; what makes a startup work out is the people who are doing the day to day work. I’ve been lucky to be part of incredibly smart, passionate, dedicated teams,” says O’Brien. “I try to look for organizations that are honest, sincere about what they are doing, and where the timing is right.”
His interest to start his own company was sparked by observations and experiences within the security industry: O’Brien noticed how socially engineered cyberattacks, phishing, and account compromise attacks are increasing, especially as technical infrastructure continues to change and expand.
“We are in a moment of transformation. Cloud applications have created an always-on culture, and organizations and their employees are constantly in contact with each other, whether that’s via cloud-based email platforms like G Suite from Google and Microsoft Office 365, or via new so-called “chat-ops” systems like Slack and Teams,” says O’Brien. “Increasingly, the lines are blurring between what constitutes “work” and “life”, between corporate IT and employees’ personal phones, computers, and even online profile.”
It is this new world which led O’Brien to take the leap of faith to start GreatHorn with his co-founder, Ray Wallace, a friend since his high school days. The duo bootstrapped the business for the first year, renting their first offices on personal credit cards and drawing down savings while launching the first version of the platform, which provides the first cloud-native, fully automated security solution for stopping targeted phishing, email compromise, and social engineering attacks.
As they began to find traction with early customers, and began considering outside capital, an introduction to Alex Iskold, Managing Director of Techstars’ NYC accelerator, was made. As serial startup veterans, they were initially skeptical of pursuing an accelerator, but the opportunity to deepen their networks beyond the Boston area was compelling. They were accepted, joined the Fall 2015 cohort, and packed their bags to move into a small apartment on the Upper East Side along with Chris Fraser, GreatHorn’s VP of Strategic Accounts and final member of the founding team and former colleague of O’Brien’s at both CloudLock and Conjur. The trio used their time at Techstars to drive continued growth and adoption by new customers.
Social engineering attacks are historically the most effective form of cyberattack, because they don’t rely exclusively on technical trickery to work their past perimeter defenses. O’Brien noted that during the early part of his career, security teams hired to test clients’ defenses could often get access to server rooms by impersonating as a UPS employee, relying on someone holding a door when the “attacker” was laden down with packages.
Today’s attacks leverage the same concepts of using social cues and urgency to play on a person’s desire to be ‘good.’ For example, a hacker can impersonate as the CEO of a company and request time sensitive information from a lower-level employee. What does the employee typically do? They likely reply back to the message, which opens the doors for the hackers.
“Unfortunately, we’ve see that kind of attack surge,” the cybersecurity veteran says. “By combining that social pressure and psychological pressure with various forms of spoofing and manipulation on what an email looks like, a data breach happens.”
Today, GreatHorn’s solution helps companies secure email, chat, and collaboration platforms and communicate with confidence. Over the past year, the company’s revenues have grown 565% and just last month, GreatHorn raised over $6 million in capital in its Series A funding led by .406 Ventures and Techstars Ventures, putting the total capital raised by the company at just over $9 million.
O’Brien is passionate about expanding the Boston cybersecurity market. “We are deeply interested in how people think, and intrigued by the ‘why,’ behind effective cyberattack schemes” O’Brien says. “Cybersecurity ultimately comes down to a the intersection between high-technology and basic human psychology.”