Sometimes we get caught up in our own echo chamber and cybersecurity. You know, the case where you got A-U-S or sometimes Israeli-based company is bringing a separate security secure product to market in a certain way. It's been done many times before. And that's why I actually really love this conversation, which is very different with Mirzra astra beg, the CEO of CTM360, which is a company based out of Bahrain in the Middle East that didn't take any VC funding and brought a multi-capability approach to what they're delivering, not a standalone product approach. Listen to find out the unique offering that they have, how the way merger thinks about how you should be selling cybersecurity products, and why a person called Charlie was important to the founding of CTM360. Welcome to the Sales bluebird podcast, where we help cybersecurity companies grow sales faster. Whether you're a seller, marketer leader, or founder, we give you tips, tricks, experiences, examples, ideas, and inspiration from people who know a thing or ten about building great cybersecurity companies. I am your host, Andrew Monaghan. Our guest today is Mirza Asrar Baig, founder and CEO at CTM360. Mirza. Welcome to Sales Bluebird.

Mirza Asrar Baig 00:01:25

Thank you, Andrew. Thank you for having me on this.

Andrew Monaghan 00:01:28

This is going to be an interesting conversation for me and I hope for our listeners. This is the first time that we've had a founder and CEO on from the Middle East. And I think that presents an interesting angle of conversation for how you're approaching a whole bunch of things, I guess that might be different to how we think about things over here and keen to learn about CTM360, how you're approaching the market, the unique things that you're doing, things like that. You are the founder and CEO of CTM360. What I want to do though, take me right back to that moment in time many years ago. What were you doing? Where were you when you had that moment that said, you know, I might just start a company to do this, whatever this was at the time, where were you and what were you doing?

Mirza Asrar Baig 00:02:18

Well, that's not just one moment in time. I tried to build technology multiple times. Okay. After my business of selling personal computers, I was able to figure out what next to do. And that was in year 1997 when I decided that I wanted to focus on information security. I changed my business from selling personal computers to information security. And the whole point was that I wanted to build my own technology and it's easier to do on software rather than doing some hardware piece. So I said, what software technology should I do? And security was the upcoming field, so I needed to do that. Hence, I started working as a system integrator on information security to learn. But at the same time, I introduced the first email firewall back in year 2000 and it really did not fly. Maybe too early. Maybe people didn't understand it. And then I also tried sock with setting up a satellite sock with a company from Singapore, ecop, that also didn't go. But then I was presenting, representing Mark monitor. Mark Monitor is a global domain registrar. Andrew. Have you ever heard of them?

Andrew Monaghan 00:03:36

No, I have not.

Mirza Asrar Baig 00:03:37

There are corporate domain registrars. Microsoft, Google, IBM, all of them have their domains with Mark Monitor. And I represented the brand protection side of Mark monitor's business in the Arab world. And I was not happy with the complete comprehensiveness of the solution. In my view, they were missing a lot of use cases. So I used to argue with them a lot that their technology had these gaps. And one time in 2013, when I was arguing with the sales director, Charlie, he replied back to me, Mirza, why you keep on telling us to do things when you think you know what you want to do? Go do it yourself. That was the time I said, okay, one more time, I'll make it. But this time I wanted to do it by shutting down every other door for me. So I decided I'll pull out of all my other system integration work and only focus on building this.

Andrew Monaghan 00:04:32

Was that an important decision then? Just to burn the bridges and say, I'm not going to rely on anything else. This is it or nothing?

Mirza Asrar Baig 00:04:39

Yeah. And for that I had to shut down a lot of contracts, which I had at that time on information security because it was all inside the firewall. And my problem was there is too much focus and too much technology inside the firewall. We are leaving the outside open. Too many use cases nobody's addressing.

Andrew Monaghan 00:05:01

So we have Charlie to thank for that then.

Mirza Asrar Baig 00:05:03

Oh, yes. He keeps on asking me where is his part of the company.

Andrew Monaghan 00:05:09

So then you decide you stub everything else. I'm in full 110% mode working on this external in as opposed to internal ad. What's next? Do you hire developers? Do you hire contractors? Do you sit on a whiteboard architects in something? What you do next?

Mirza Asrar Baig 00:05:29

Okay, I'll just give you a little more background on what I was doing and how I was approaching it. Andrew the part is that in the world of cybersecurity now, which is called our information security or It Security, the biggest confusion is the terminologies. And in my view, if you differentiate it, then you would understand it better what to do. And the confusion can be cleared. In my view. In the way I will describe it to you, IT Security is similar to, like, the police who is trying to cater for the citizens. And the job of the police is to enable the citizens to go around with the police being transparent. So that's what IT security is. It's about the end user, how to enable the end user to do more without hindering them. And then comes information Security, which is not about the people, it's about the assets. And the job of the military is to secure the assets. And if people die during that, that's called collateral damage. So Information Security team is supposed to be looking after the information assets and they need to negotiate with the It security team for the users. But some of the users will get hampered at the time or certain manner. Then comes cybersecurity, which is not about people, which is not about assets, it's about the attacks on the attacker, which is the CIA, the intelligence agency, whose primary thing is that they need to take out the attacker before they land onto the soil. And that is what cybersecurity is. Also the part of cybersecurity is that this intelligence has to assess the information security and IT security. So I distinguished that and that's where I said we need to build cybersecurity. And that's why my company name is Cyber Threat Management. And in doing that, to come to the question which you said, what do you have to do? First was to the architect part and my logo represents that. The logo has white, which is you, then the gray, which is suspicious, and the black, which is malicious. And the architecture all started with thinking, you know what, what is white first, what is yours, which is visible across the internet. So at that time I called it the digital footprint and I'll inventorize the organization. So the architecture was based on this aspect. Let's look at what is your white, then let's identify anything which is gray or black. Black we need to neutralize. So there will be the takedowns and gray we need to figure out with the organization, my customer, is it going to become white or is it really black and we neutralize the black. And for that, what I did was initially I started working on It, that I was fortunate that I already had customer relationships. So let me just show the customers the data side, the data layer presentation part, and let's work at the back manually. So I hired a few fresh graduates, fresh minds, who will accept my idea. But that's another challenge when you're trying to come up with radical ideas. The people who have already spent time in the industry, they come with the baggage and you will have hurdles with them. So I started by hiring and to date I hired fresh graduates on maximum with one year's experience and then getting them into the mindset, the way we operate.

Andrew Monaghan 00:09:00

I love that though. So you start off with something to show the people you already knew. And there's a lot of people working hard manually, behind the scenes to try and make it work, right? But then as you get validation, including myself, including yourself, working at Nights, trying.

Mirza Asrar Baig 00:09:15

To find out the data for them.

Andrew Monaghan 00:09:17

And then as you get validation, then you know what to build, right? Okay, this is where the focus needs to be right now. Was there a moment though, in that process where you're thinking, oh no, this might not work out? Was there a moment that was I'm not getting the feedback I wanted, it's not coming together fast enough. When was that moment?

Mirza Asrar Baig 00:09:36

No, there wasn't a moment like that. Rather, the moment was always a lot of excitement because of this validation that all of these use cases which others nobody was addressing. When you take it to the customer and he feels value and they turn around and say, oh, excellent, this is something which we require. So that gives you more validation and you want to do more. So there was rapid growth in that sense for us from the very beginning, from the very first year we were making revenue. We are self funded as a company. There is no money I have taken from anybody yet.

Andrew Monaghan 00:10:13

Okay, it sounds like things were going well then at that time.

Mirza Asrar Baig 00:10:16

Oh yeah. And we are profitable.

Andrew Monaghan 00:10:18

Was there a moment in that whole motion where you were like, wow, this really is a lot bigger than I thought or a lot more important than I thought, as you were getting the validation?

Mirza Asrar Baig 00:10:31

Yeah, okay, I already from the very beginning thought of it like this is a data company, so it has to be really big. So the moment was about, okay, we are still far away from that data company. How do we get to be that data company? I don't want to be a security company. I rather would like, and this is how I am today internally, if you look at us, it's all a data company. Otherwise, normally when you go outside the firewall and all those other technologies, most of the time you're working based on what is the customer, who's the customer, and only trying to do focused on the customer all the data which you gather. Whereas what we want to do is to gather the data for anybody and everybody all the time. Hence, a new customer onboarding will not cost us anything. They just need to log in and all their data is there from the very beginning. So the moment was, in that sense, the time when I felt now we have that level of data because it takes a lot of efforts manually to do it. So when you automate it, then you get to a point where you can feel, you know what, now my systems can gather all this data. Which means now you have brought it to that scale. And we are doing that, by the way, on the data side, like I've profiled many organizations, all the banks in the world, I'm profiling all the publicly listed companies, I'm profiling a lot of the major vendors in the world for my customers. But when I'm doing so, the data, the way we structure it is very different than anywhere else, which is in the manner that if there is an organization with 30 legal entities across the globe, we'll profile them all individually, separately and they can see it all in a structured manner.

Andrew Monaghan 00:12:17

Well, let's talk about that slightly higher level. First of all then, mrsa. So, imagine, as I am, I'm a simple person from Scotland. We're simple people. Imagine I was a twelve year old sisso from Scotland. If there is such a thing, how would you answer my question? So I understand it. What does ctm 360 do for me?

Mirza Asrar Baig 00:12:40

Ctm 360 is your private police and guard who is monitoring the city on your behalf to look out for anybody who has bad intentions about you and to take them out before they reach you.

Andrew Monaghan 00:12:53

Okay, I understand that. And then is it the ciso that buys or is it someone else in the company? That's the main point of contact or buyer for your solution.

Mirza Asrar Baig 00:13:04

The primary buyer is cesar, but nowadays it's getting a little higher than cecil. It's the chief risk officer or the chief operating officer. Because the way we present all the use cases, it's not only the security team. Like if we are providing you the security risk posture of your vendors, then the procurement department is also very interested that they want to know the security score for the potential bidders on a certain project. They want to use it within the qualification. And the compliance officer is also interested in that as well. The way we present the external attack surface, the Chief technology officer is also interested in that. And that's, by the way, the starting point for us that we want to start with what is yours. And it's not the security team, it's rather the technology team which should be more interested. So the transition will happen and is happening, but yet most of the time it is a CISO we go to. Then he opens the doors to the other department.

Andrew Monaghan 00:14:07

That presents an instant challenge for your sales team. When there are so many stakeholders to try and corral. Are they mostly going after bigger enterprises or is it mid-market is your sweet spot?

Mirza Asrar Baig 00:14:19

We primarily focus on the financial sector. Something which I learned at the very beginning when I started doing the security business, was that organizations will only be investing in security when the gun is pointed to their head, meaning the regulator is saying you have to do this otherwise. I've noticed that even the organizations which get breached, even if they don't spend money, after a while the knee-jerk reaction is there, but then their game go back to business as usual and they don't realize that investing in security has a big return. The first thing is your efficiency will improve, but then it has to be made quantifiable and people should put efforts in that if they want to really understand it. One of the questions, and you may have come across that Andrew, we ask is that? Why do you have brakes in the car? A lot of people will say to stop the car, but it is not about that. It's to enable you to drive faster.

Andrew Monaghan 00:15:22

Exactly.

Mirza Asrar Baig 00:15:23

That is not yet getting into the organizations in the management. So we end up normally talking to the financial sector. And in the financial sector, in our part of the world, we don't have those large banks like City or standard charter type of banks who have their own teams as well who do this. So it's more challenging to get business from them. But I say medium to large size of banks is the ones which we are primarily approaching. And they will sign up because they can see the value immediately from both the angles, the value they get for their protecting the banks. Plus they see the compliance value as well because the regulator has this as a requirement anyway.

Andrew Monaghan 00:16:10

Yeah, they're highly regulated, right. So, to your point, they have that metaphorical gun to their head saying things are going to be coming at you fast if we can't meet these regulations. I'm wondering if I look at your website, I see a couple of or a few phrases. It's external attack, surface Management, cyber threat, intelligence, as you were talking about data leakage protection. There are, as you know, this is a credit space with a lot of companies doing those things. What is it about how you do it that companies go, well, that's unique, that's different. I like how you're doing that.

Mirza Asrar Baig 00:16:46

Okay, primarily the first piece is that we are very unique because we built all of these pieces when I started building it with this white, gray and black thing in mind and the architecture across that. This is validated by analysts from gartners and foresters of the World. We are saying that all of these technologies should merge together. So we see a lot of mergers and acquisitions. So if somebody was in easm, they're trying to buy a drp, and if somebody is in drp, they're trying to buy a cti, cyber, the intelligence and so on. So we see that consolidation. But we are unique because we built all of those pieces. So that's one uniqueness we have. The second uniqueness is the quality of the data. So in our systems, this is my claim, and somebody can validate the way we structured the data. The way that we present the data is unique. It's different than others. And organizations don't need to fill in a long list of questionnaires or something to get on board. They're already there, everything is there. As soon as they get access to our system, all the data will be available vetted with quality. So that's the second piece of difference. And obviously this brings in automatically the third piece of our uniqueness. Because of this consolidation and the way we present, we are very much efficient in pricing also. So our price point is also very good all of this is integrated within the system so the price comes down, plus the price also comes down in the way we operate.

Andrew Monaghan 00:18:32

Let's go back to the first thing you said there. You build it all yourself. One of the questions I asked my, my clients when they, when I asked them about this is a so what? So why would I was the CTO at a bank that you talked to? Why would I care that you, you've built it yourself.

Mirza Asrar Baig 00:18:49

That we built all these pieces together. Yeah, because otherwise you will have four or five different systems who are not talking to each other. So you're not leveraging your external attack surface, which is all your data points, which is your white. You need to have that to profile to look for all the malicious and suspicious. So who will do that? Profiling. So now you take it that you have an external attack surface. You'll have to take the data manually from there and incorporate it in your digital risk protection system and you'll have to keep on doing it, whereas it's not automated at the back. So that brings about plus the usability. The way your users will use will be different on both the platforms. So user experience will be different. Whereas with us it's the same user experience, same themes, same menu style, same functions. So if you know one, you know the next one.

Andrew Monaghan 00:19:50

Yeah, it's interesting thing about the industry we're in is that it's plagued by these point tools that don't integrate, don't work together, and in many ways the conflict. Right. You get alert from one that isn't matched up to alert from the other. And then you try to decide, well, what do we trust and what don't we trust? There's lots of teams that struggle with that all the time trying to figure that out.

Mirza Asrar Baig 00:20:15

And data categories are also different.

Andrew Monaghan 00:20:17

What's that?

Mirza Asrar Baig 00:20:17

The same data is categorized differently in one system and categorized differently in another.

Andrew Monaghan 00:20:22

Exactly. And coming in with that message of what's going to be unified, I could imagine how people would be intrigued by that, at least to say that's interesting to me because I don't like this other world of too many alerts and too many conflicting alerts is a challenge. Right.

Mirza Asrar Baig 00:20:39

And don't forget the price point because now you will end up paying much less for more.

Andrew Monaghan 00:20:44

Yeah. No, I get that. Tell me one thing, Mrs. So. You're on the journey, you're creating what you're creating and you're getting the progress. You see, things were going well. What was that day when you had the first non-friendly customer, not someone you knew who was kind of doing your favor, actually came along and stumped up some hard cash to pay for your stuff and get access to the value? What was that day like?

Mirza Asrar Baig 00:21:10

A non friendly customer?

Andrew Monaghan 00:21:12

Yeah. Someone who's not a friend of yours, who's doing you a favor.

Mirza Asrar Baig 00:21:16

Okay. A non friendly customer? No, I think we had to even in the beginning because I had relationships was easy to me, easy for me to get the first customers and then next onward in the region, though it took me with some customers multiple years till I get them on board. But I've not had really somebody who is non friendly and then he is buying and trying to show off like it's a favor or something because maybe the culture in our part of the world is slightly different.

Andrew Monaghan 00:21:51

Okay.

Mirza Asrar Baig 00:21:52

People spend a lot of time just knowing each other and they're being very polite all the time.

Andrew Monaghan 00:21:58

I get it. So you're building that relationship over time anyway and you've got a whole bunch of relationships. Yes, got it.

Mirza Asrar Baig 00:22:04

So there are people who I've been seeing or meeting up for seven years, eight years, and then only they signed up with me and they're very good friends of mine, but they never signed up. The relationship continues.

Andrew Monaghan 00:22:18

What's one question about ctm 360 that no one asked you but they probably should.

Mirza Asrar Baig 00:22:24

One question which they should ask. Yeah, I'll tell you the challenge rather I'll shift it and rule. I'll tell you the challenge which I have been trying to the challenge was that because I was building the technology out here and it was with all this young team, people always have this intuition at the back, like it's not us doing it. We are buying this technology from somewhere. So they would rather always be trying to ask questions to figure out who is the company at the back, who is building this technology for us or who are we paying and getting this technology from? And that was a challenge, which is the biggest one, I think, still now at times it happens and it happens even with the ones who are our customers. Sometimes they try to after using the system so much of the time and talking to my team, they still try to find out who. So I'll meet some of the senior manager and then they will be saying, okay, we can understand it's your but it is white labeled. Right. You bought from somewhere this technology piece. And I'm trying to tell them, no, we built it right here. There's nobody else. But you have somebody somewhere. No, all the team is here, all the development is here nothing is outsourced. We're sitting in Bahrain, fully operationally from Bahrain, servicing 24 by seven everywhere. So that has been the the part which has been sort of a challenge.

Andrew Monaghan 00:23:48

Yeah, yeah. Mostly frustrating when when people have that viewpoint. Right.

Mirza Asrar Baig 00:23:53

Yeah. But that was the passion. That was the whole reason I wanted to say that we can build this kind of a global level technology sitting here and sell it to the rest of the world.

Andrew Monaghan 00:24:04

Tell me about your sales team right now, marsa.

Mirza Asrar Baig 00:24:07

Okay. I'm not so much of a fan of the typical sales team.

Andrew Monaghan 00:24:15

Tell me more.

Mirza Asrar Baig 00:24:15

I've been selling for a long time myself. And if you see on my LinkedIn profile from the very beginning there's a last statement which says that I don't sell for money, I only sell for value. And the value for all stakeholders. And the typical sales process is different. A salesperson's mindset is they need to just sell. And you will offer on a moon and the sun on both the hands and you will say everything and anything to get the sales people. I don't want that. So a typical salesperson doesn't gel with me. And all my life the way I have sold is based on value only. If the value is not there, even now, I'll tell my customer, you know what, you have signed a contract, you have paid us. But down the line you come back and say, no, scrap it, give me the money back, I'll give it the money back to you, it's okay. If you're not happy, then you shouldn't be working with me. It's my job to make sure that you see the value which I'm bringing to you. So the salesperson for me is the one who will understand how to translate and talk about value and build that trust based on value. And it has to be a long term, it's not in and out. So I didn't hire sales team like this. I hired fresh graduates and told them exactly how to go about doing these sales. So I have a very young sales team. It's very challenging to have them do the sales in this manner because they go out and talk to other people and the sales is done entirely differently. Like we don't send out cold emails to tons of people. We need to find out how we can establish in a niche manner this trust relationship. First show the customer the value and then we can deal with them.

Andrew Monaghan 00:26:11

So merz I would imagine that it's important therefore to make sure you do hire the right people. That one, they're not your traditional salespeople, but also having the capability from a cultural standpoint, the way they carry themselves and their intellect, to be able to have that value conversation over a period of time is very different. I'm wondering how you thought about selecting people.

Mirza Asrar Baig 00:26:37

And still is a big challenge because we need to hire a lot more people and we need to hire people in the western world as well. How do we find people who will be focused on the value side rather than, yes, there is a number we want to reach, there's a number we want to do, but we want to do it based on value and how do you get this thing across? So one is of course I've been doing is that I've been hiring the people which are not yet into the market in the sense of salespeople, but now I need to hire them. So that's what I'm looking for now. But it will be much tougher. I'll have to go through maybe a bigger pipeline of people to look at in the sense of how do you establish the trust relationship? So we have to judge based on that. One approach is that I want to look into the Us or UK market for people who have already spent enough time building such trust relationship and who have done some initiatives on the trust relationship, and then we can work with them and they can be joining us for that sales side. You need to help us there, Andrew. You understand my mindset then, or you tell me, how do we go on looking for such people?

Andrew Monaghan 00:27:52

I think they're hard to come by. I tell you one friend of mine's CRO at a company back a few years back, he was working at the GRC company archer, and what he did was he actually hired GRC people, not salespeople, but GRC practitioners. That was the people they were after because they, they had that a they understood the needs of the GRC market and the people they were talking to. But they're thinking about that whole value thing about well, how do we solve these significant problems as opposed to just focusing on the sale. And they, I believe, I think they did a lot of success by doing that with, with proper GRC folks to do it. I wonder maybe there's a role in there.

Mirza Asrar Baig 00:28:35

See, Andrew, with our systems, it's pretty easy to see the value also. You log in, all your data is there, you immediately see the value. And it's always a big wow. Whenever the first time somebody looks at our system, it's all their inventory, but they never saw it like that. They're not able to maintain it like that. It's all about getting somebody this message that there is this technology piece. Have a look at it once and tell us where do you feel the pain and how we can solve it from this technology for you. And we don't want to drop money, we only want to see if we can add value to you. Then we can only look at money part, especially for the financial sector where they are already having a lot of frauds and scams and issues and they have the regulatory pressure at the same time. So the market size is big, it's a very huge market size. And this is what I'm just saying on the financial sector. And I know now that regulatory frameworks are now moving on to other industries. Also health care, they've got now regulations in place where they need to be doing certain aspects on the cybersecurity side and also at the national level. So many industries are being now asked to do on their third party supply chain. Supply chain is becoming a very big issue, and our system also provides you the complete view of the supply chain. So value part is there. It's only somebody who will. Say, you know what, let me focus on the value part and take it to the customer from the value perspective only.

Andrew Monaghan 00:30:12

Let's get to know a little bit about you. Believe it or not, I've got 35 questions here. But the good news is I'm not asking you 35 questions. I'm going to ask you to pick three numbers of team one and 35, and I'll read you the questions that they corresponded.

Mirza Asrar Baig 00:30:27

Okay? First number six.

Andrew Monaghan 00:30:30

Number six. Favorite band? Favorite band, music band.

Mirza Asrar Baig 00:30:37

Okay, you know, I'm not such a band follower on the music side, but I listen to a lot of those songs which are slow and melody, but I don't follow a particular band, sorry.

Andrew Monaghan 00:30:50

Okay. Do you like do you like the tone where it's a bit more softer? Not a hard rock guy, for example.

Mirza Asrar Baig 00:30:58

No, not a hard rock.

Andrew Monaghan 00:30:59

Fair enough. Another number between one and 35.

Mirza Asrar Baig 00:31:02

Okay, let's go do 25.

Andrew Monaghan 00:31:04

25. What was the first computer you ever owned?

Mirza Asrar Baig 00:31:10

What? The first computer I ever owned was an IBM comparable, which I started selling. That was back in 1985.

Andrew Monaghan 00:31:21

You started selling them, okay.

Mirza Asrar Baig 00:31:24

Yeah, because I used to be in the sales of IBM's first computer land. I sold personal computers just after my graduation because I graduated in computer science back in 1983. So one year I worked and then I identified this opportunity that the market did not know about comparable computers which were coming at one 10th of the price.

Andrew Monaghan 00:31:49

Right.

Mirza Asrar Baig 00:31:49

So I started selling them and that's why I owned one of them as well.

Andrew Monaghan 00:31:54

That's great. I'll tell you a quick aside. So when I was a teenager I'm from Scotland originally, and I was at boarding school in Scotland, but my parents lived in Dubai and my dad picked up he bought an Apple. I don't know if it was a knock off on an Apple or I can't remember, but that was the first computer in the family house was this apricot computer that I don't know what it worked on, but I'm sure it's long gone and dead by now.

Mirza Asrar Baig 00:32:24

Oh yeah.

Andrew Monaghan 00:32:25

I wish it was an IBM compatible PC. One more number. Team one in 35.

Mirza Asrar Baig 00:32:31

Okay, let's go to 1717.

Andrew Monaghan 00:32:35

What is one event in the world that you haven't been to but would love to attend?

Mirza Asrar Baig 00:32:40

Not an event, but I would say the place where I still want to go to is to go and wash the Northern Lights event. It's okay, there are events come and go, but there's no ambition to go to those places. But there's a lot of ambition to go and visit natural places like Northern Lights.

Andrew Monaghan 00:33:01

No kidding. Friend of mine just went there and she just posted pictures. She went up to far north of Finland to see them. And I think the first few days there was nothing, and then suddenly one night they showed up, which is must be incredible. I haven't done it, so I can see the attraction of it though. Pretty amazing to watch, I would reckon.

Mirza Asrar Baig 00:33:22

I love to watch this guy. This is why that's one thing which I want to go and look at.

Andrew Monaghan 00:33:27

Yeah, no kidding. Well, let's transition over the business side of this. It sounds like you've been building a really good business in the Middle East and surrounding areas. Sounds like also you're ready to make that investment to move into the UK and the Us. How did you know it was the right time and you're ready for that move?

Mirza Asrar Baig 00:33:47

That was part of what I term internally is the scalability that when you feel that you can scale, that is the time I wanted to go there. And the feeling of that, that we can scale is when our systems were automated enough that I can onboard any customer within a few minutes. So the way we onboard any entity, let's say, that is not even a customer today. And I'm profiling all the organizations, I just have to add in their primary domain and the system does the rest. It will identify the company, the location and the rest of the data about the company. We have got many data points which we collect across the globe. And once we were at that point, that we could do it with certainty that at least 90% of the data with accuracy will be collected in an automated fashion. That's the time we want to be in the Us and UK and the rest of them. So for us, yeah, the customers who were here actually helped us build to that level. So I give a lot of credit to those customers.

Andrew Monaghan 00:34:52

When you're thinking about what it's going to take, first few hires of people and things like that, where are you thinking they're going to be and what type of roles are they going to have for you in the Us and UK?

Mirza Asrar Baig 00:35:05

Rather than sales, they need to have more of that trust relationship, which I'm talking about. If you already have a trust relationship, let's say we go to the Us. So in the Us. I'm not going to be, of course, hiring people who are direct competitors of mine. I'm not going to be hiring the people. I would rather be looking at somebody who is a reseller. So there was a system integrator who was selling some of the products which are indirect competition to us. So this means that the person there, he understands that area and if he has built and nurtured relationships across a customer base based on those kind of technologies which we have, then that's the person we are looking for, because he can for us hit the ground running, as we say. And it could be like we could have people in different regions within, let's say in the Us. If we are talking about so on the east coast, there could be somebody who is very well-versed with the customers on the east coast. This could be somebody for the West Coast, somebody could be in the south and even we want to look for the North American market, Canada as well. So we'll be hiding for all of these regions.

Andrew Monaghan 00:36:16

Yeah. A lot of financial institutions for you to talk to over here.

Mirza Asrar Baig 00:36:21

Yeah. And credit unions.

Andrew Monaghan 00:36:24

Yes, there's loads, right?

Mirza Asrar Baig 00:36:25

No, Us has a lot of credit unions.

Andrew Monaghan 00:36:27

Yeah. Couple last things, mrsa. What's the big vision for Ctn 360 over the next five years? What are you trying to achieve?

Mirza Asrar Baig 00:36:37

We want to be the data company of the world when it comes to data site, which is helping not only cybersecurity but also analytics. The way we profile, we can provide you analytics across regions across the world. So my system should be able to provide you how many fish attacks happened in Asia today or how many organizations in Asia today are vulnerable to this kind of an attack or which organizations or which sector is more vulnerable in the Us. In comparison to other sectors or a sector across the world. So I want to have data of that level where we are considered as a data company which provides you all the analytics and insight across the globe.

Andrew Monaghan 00:37:30

Very good.

Mirza Asrar Baig 00:37:31

Does that make sense?

Andrew Monaghan 00:37:33

Yes, it does. I love that vision and I love the fact that it's not just very cyber security issue. You talk about data and using it and having that sort of impact I think is the way how you did.

Mirza Asrar Baig 00:37:47

That, Andrew, the value is all into the data. Yes, you can you know, this is also what I do a lot of times. I'll ask people that if you understand that. I'll ask them what is Facebook? They say it's a social networking platform. No, it's a data company. They have created the social networking as a hook to collect the data from you. And same thing with all other such platforms. They're all data companies, but they have to create a hook by which they can collect the data.

Andrew Monaghan 00:38:18

Yeah. And many of us have been on the end of what happens when you have a company collecting our data and not looking after it very well. Got it. Last thing, Mirza.  So you know the business that I do. Do you have one question for me that you'd like to me to try and have a shot at answering for you right now?

Mirza Asrar Baig 00:38:37

Yeah. You have understood the way I've described what we are doing and how we want to go about. So you tell me what should be the first person I should hire and what should be the profile of that.

Andrew Monaghan 00:38:49

Person given what you've just talked about? I've got a couple of thoughts. I think that what I've seen work well most of the time is finding the up-and-comer. I want to say sales because that's the one that I know. Right. So up and comer sales person, sales leader. You don't want the person who's done it four times already because they've probably either burnt out or they've made their money or whatever it is, and starting again from scratch is going to be difficult. You can't have someone too junior because they won't have the trust that you talked about. They wouldn't be in the market long enough to have relationships and have that age 35 around. Yeah, they've been doing this for a while so they can say, yeah, I've got my base, I know some people and I can truly deliver on that. But they've also got the, I call it the goldilocks zone, right. They're not too experienced, they're not too inexperienced, they're not afraid to roll up their sleeves and really get into contacting people and going back to their network and doing that. But they still got an eye on the more strategic things about trying to open up a market in a whole different part of the world. So he's going to be in that middle bit right there. That was one thought I had that's probably more traditional, how companies break into like, the Us.

Mirza Asrar Baig 00:40:16

So not a senior person age limit, 35. That's the limit. That's the highest. So look for somebody around 32, 33 years of age and who has already got context in this specific area industry and the digital risk protection and who has done some business on that and established some trust.

Andrew Monaghan 00:40:35

I agree.

Mirza Asrar Baig 00:40:36

And has a good and deep understanding of this project, I think.

Andrew Monaghan 00:40:41

So, just an aside, I mean, we're for big companies with big HR departments. I get nervous when people say ages, like somehow someone's going to hit me up or say you're ageist or whatever it is. But I totally agree with you that's to me, the sweet spot, I'll tell you. The other thought I had, though, was that who has the longest and most in depth trusting relationships with banks, companies, It teams, security teams are resellers. You can go to these resellers and an individual seller at these resellers might have been in the market for 20 years, right. And they just built up their whole business. And the idea that I'm not going to know everyone in the Us, I'm going to know everyone in Charlotte, North Carolina, that's in security, and I've worked with all of them at different times in the last 15 years, that's a person is really valuable. Right? So two things about that. One is maybe there's someone that might be ready to actually go to a start up, go to a vendor. But maybe what you do is you pair up the person. We just talked about it with a few very, very highly curated partners who are willing to work with someone like you, the company at an early stage in the Us company, and deliver on things. So maybe that might be a meetup right there. That makes sense.

Mirza Asrar Baig 00:42:06

What about just partnering with an mssp?

Andrew Monaghan 00:42:09

If the mssp has those relationships as well. That's the key, right?

Mirza Asrar Baig 00:42:14

Yeah. An msp who is already working on security side because they're already having that mindset. They have customers and they're very close to the customer because that's what they do all the day.

Andrew Monaghan 00:42:27

Yeah. Say channel partners, say mssp. I think the dynamic is kind of the same in terms of they've got those in depth relationships, they've been working with them for a long period of time, and maybe marrying up someone with that sort of model might be the way to go. Off the top of my head, that's why I would think about it.

Mirza Asrar Baig 00:42:46

Okay, great.

Andrew Monaghan 00:42:48

But Mirza. I've enjoyed the conversation. If someone wants to get in touch with you and continue and talk about how you're expanding in different parts of the world, what's the best way to do that?

Mirza Asrar Baig 00:42:58

They can reach out to our salon, Arsalan's email address is arsalan at ctn 360.

Andrew Monaghan 00:43:10

Com. Great. I'll put that in the show notes so people can do that. I'll put your website in there as well so they can learn more about what you're doing. Love the conversation. Thanks for being my first founder, CEO, company at the Middle East. Love what you're doing and really wish you all the best.

Mirza Asrar Baig 00:43:26

Thank you, Andrew. Thank you for having me. I hope it was useful.

Andrew Monaghan 00:43:31

Certainly was. Thank you. Well, that was an interesting conversation with Mirza. I really enjoyed that. It was different to other conversations I've had. Billy is someone who's thought a lot about this whole space that we're in, especially what he's delivering as well. He's learned a lot, as he said, a couple of things that didn't go very far originally. And now with CTM360, it seems like he's broken through and it's looking to expand. I had three takeaways. I'm sure you had a bunch of different ones or more than that. First of me, it was really interesting how he talked about the shift from originally It security to then information security, and then cyber security's security.  And these are all terms we've used over the last 25 years, probably in a kind of all encompassing way. Sometimes it wasn't quite right. Describe this world that we're in where we're trying to protect things in the cyber world at companies. And I thought his take of thinking about like that, especially when he's aligned to people assets and then attackers, was interesting. The second thing for me was one of the advantages of having a product that does have multi capabilities is it can be based on the same data set. And when they're feeding each other, that data set becomes very rich and very useful in terms of what it could deliver for an organization. He talked a lot about how essentially my read was they're a data first company with some cybersecurity capabilities around that. I thought that was interesting. And then finally I loved this story. At the start when he said how they got going was he had all the people that he knew, which was seemed to be a lot of people in his network. He was able to take a front end to go and show them what they could do and the value they would get. But behind the scenes he had a team of people who were working really hard doing a bunch of manual things at the start until they got the feedback from their prospects to say, well, this is what's really important and this is things that are valuable and that would give him the guidance. Okay, let's change this bit from more manual into actually building it and making it product eyes. I love how he mentioned and thought about going about doing that. So those are my three takeaways. So CTM 360 will be an RSA this year. They'll be exhibiting right there. And I've got the in the show notes contact information for who to contact if you want to get in touch with them and have a conversation, either what they're doing, interested in some of the roles that might have opened and either way, I really wish Mrs and the team CTM360 success for this year and next. And also for the RSA columns.