Santiago Bassett is a Spanish-born cybersecurity engineer who has been working in open source cybersecurity for twenty years. In 2015, he realized that the open-source security software he was working on was used by some 20,000 companies. Without having ever started a company before and without even MBA or VC funding, and against all odds, he decided to start his own open source cybersecurity company.
“I realized we had as many users as some of the biggest players in the market. So why not build a business around that and start providing services and start a business around that product,” says Bassett. He is the CEO and founder of Wazuh, based in San Jose, Calif., an open source cybersecurity platform.The story of this founder’s journey is based on my interview with Bassett.
Wazuh is a free, open-source, and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response, and compliance. According to Bassett, he found the company’s unusual name after interviewing friends and family. He settled on “Wazuh”, which has no other meaning, but thought the name was distinctive enough to set it apart from legions of other cybersecurity companies.
The main thesis of the value of open-source cybersecurity software, which sounds like an oxymoron, is that it is open to everyone, more transparent, and with potentially thousands of users looking at the software, they will detect the challenges of the system. open source earlier than proprietary solutions.
The company is part of the exponential growth in spending on cybersecurity solutions. According to a report by McKinsey, damage from cyberattacks could reach $10 trillion by 2025. As a result, organizations spent around $150 billion in 2021 on cybersecurity. As large as the market is today, the total potential addressable market could reach $1.5 trillion to $2 trillion. According to research by Enterprise Strategy Group, some 80% of all organizations use an open source solution of one type or another.
Bassett had moved from Spain to Silicon Valley to follow the company he worked for at the time. But with no past entrepreneurial or business experience, he quit his job to strike out on his own and found Wazuh. “I started on my own without funding. I took a little personal risk. But then I was very lucky, because at the very beginning, one of the biggest companies in the world approached me and asked me to manage their cybersecurity infrastructure,” says Bassett. He declined the job offer but asked them to become a client of his fledgling business, which they did.
“Our goal is to make this free for everyone and increase every company’s cybersecurity posture because I feel like I’m betraying my users by charging them for a feature,” Bassett says. He believes that transparency is the key to his success. And in 2020, it started offering a cloud-based solution so customers don’t have to spend on hardware or worry about software upgrades. “We automatically deliver upgrades and automatically run health checks. And the customer doesn’t have to worry about infrastructure maintenance or infrastructure provisioning, which lowers operating costs,” says Bassett. So how does Wazuh make money?
Wazuh charges for services and support, with 50% of revenue from its relatively new SaaS service solution, with the balance coming from professional services for existing customers who have an on-premises solution. “We do not charge for the software license. We do business around services and software as a service,” says Bassett.
The formula seems to work. Today, Wazuh is approaching 200 employees and has some 100,000 users in companies of all sizes of its free software, with more than 700 paying customers of its subscription-based professional services. These customers include blue chip companies such as Salesforce, Walgreens, Verifone, NASA and PWC.
“We have grown organically and have positive cash flow. It’s been eight years and we haven’t needed venture capital money to grow. We are growing at a rate of about 40% year over year in terms of revenue. I’m lucky to have a good team,” said Bassett. The company has teams around the world, but now has a significant presence in Argentina.
“We have 90 people in Argentina because there was a huge opportunity for us to hire good talent in Cordoba, Argentina. We identified situations where developers were being laid off so companies could move those jobs to India. They had a lot of experience in what we do, so we ended up hiring a lot of people in Argentina,” says Bassett.
Bassett grew up in Madrid, Spain and studied to be an industrial engineer, but never graduated or worked in that field. “I ended up working in cybersecurity for a small company just because my dad had a friend who told me it might be an interesting experience for me,” says Bassett. He then worked as a cybersecurity engineer for a succession of companies in Spain before moving to the United States, becoming director of professional services at AlienVault, based in San Mateo, California, before going on his own to found Wazuh in 2015. .
Although Wazuh is enjoying success and growing rapidly, it hasn’t been easy. “With no previous experience, it was very difficult, very difficult. I had to learn on the job. And I’m sure I did and do a lot of things wrong. Did I get the strategy wrong? VC? Should I fundraise like others are doing? Or should I continue to grow organically and start the business? That’s my biggest concern. I think if I had more experience, I might have raised funds sooner. But I didn’t do that. And it seems to work,” Bassett says.
As for the future? Bassett aims to make Wazuh the largest open source security platform in the world. “I think we have an opportunity going forward in five or seven years, depending on our acceleration, for an IPO. That’s what we’d like to do,” Bassett concludes. companies that went public without venture capital funding.