Branching out

Cybersecurity MSPs People
Comms Business spoke to Expel’s CEO Dave Merkel and VP international business Chris Waynforth about the company’s expansion into the UK market.

When co-founders Dave Merkel (pictured above), Justin Bajko and Yanek Korff conjured up the vision for managed security services provider (MSSP) Expel, their hunger to provide a more simple, transparent and improved cybersecurity experience was fuelled by a tweet criticising the customer service seen among the MSSP market and pointing to potential for disruption.

“The opportunity we saw in 2016 when we started the business was nobody was talking about what I’d call ‘the big swing’,” Merkel told Comms Business. “Nobody was really going after it in the way we thought was honouring the size of the opportunity, and there were two dimensions to that.”

Those dimensions, he explained, were firstly that many offerings were niche and narrow – Merkel pointed to the market’s need for a broadly applicable, high-quality offering. Secondly, he pointed out the need for a technology-first approach whereby scale and quality don’t have an inverse relationship.

“The [idea] was, if we start out with this technology premise, we can build something that’s massively differentiated that promises way better outcomes for customers and then financially, a much more valuable business,” he said.

Expel provides managed detection and response (MDR), remediation, phishing support and threat hunting services, priding itself on the transparency and efficiency of its technology and people. Its Expel Workbench SaaS platform allows for flexibility so that customers can choose how to run their security operations, with the ability to receive alerts at every stage.

A channel-first model

The company went into market in the US in 2018 and is now experiencing fast growth, having seen opportunities to expand internationally. The MSSP is now working to expand its presence in the UK, as well as Ireland, the Netherlands and Sweden, with a channel-first sales model aiming to leverage resellers’ regional and industry-specific expertise.

Brought on board to take charge of these efforts was Chris Waynforth (pictured below), VP of international business, who is based in London and has 20 years’ experience in the cybersecurity industry.

Having worked with some of the largest banks in fraud prevention, Waynforth evolved his career into enterprise cybersecurity after seeing that many of the tactics employed in financial crime against banks had begun to be used against companies around the UK.

“The conversation we’re trying to have at every turn with every partner is, how do we make a difference to your business?” Waynforth said. “Whether it’s revenue, or actually making your team happier in the way they deliver their service … For me it’s how we differentiate.”

One approach that Expel is leaning into is understanding the technographic fit of its customers and where they are on their cybersecurity maturity journey, he said, to ensure they are getting the best value.

“We can be quite intentional in that approach … so what technologies are already deployed, and how does that help us, our partners and our customers maximise the value of what they’ve already got.

“We let our customers and our partners in, we let them see we’re doing good work and that they can learn from it. And one of the other outcomes is that if things don’t go quite as well, we’ll offer recommendations – if a customer has technology deployed and it’s not necessarily configured correctly, we’ll make those recommendations as part of the report.

“From a partner’s point of view, it allows them to be that trusted advisor … it gives them a lens into how efficient the security environment is being … What we’re trying to do is cut through the noise and rather than use feeling to make decisions, we’re providing more hard data.”

The new endpoint

At the time of writing, Expel had just released its latest threat report for 2022 exploring cybersecurity trends and threats in Q3 2022. A key takeaway from the report, Merkel explained, was that identity is “the new endpoint”.

Attackers are becoming more successful in bypassing MFA (multi-factor authentication), he told Comms Business, adding that attempts to get end users to make the wrong move with their MFA is likely to increase over the next year.

“We’re going to see a lot of headaches,” Merkel said. “End users are going to bear more of the brunt of some of the pain associated with what attackers are doing.”

In addition to this, attackers have become “less lazy” with regards to where they attack from and the social engineering behind attacks, he pointed out, adding that ransomware groups continue to be very active.

Waynforth said that in Europe particularly, countries in EMEA have been used as a “staging” environment for hackers to try out some of their approaches before they go after targets in the US or elsewhere.

“As we start to have more customers in the region it’ll give us the ability to detect some of those forward staging environments before they go after some of the bigger targets,” he said.

“What I’m seeing is definitely a lightbulb moment. There’s a recognition that [cybersecurity] is a good thing for companies. They’re starting to recognise that it’s easier for them to say, we need to make the investment here because it has a direct impact on our ability to make money, to save money or to reduce risk.

“It ties back much clearer to the business outcomes customers are trying to achieve, whereas in the old days security used to be seen as an insurance policy.”

This interview appeared in our January 2023 print issue. You can read the magazine in full here.