Q&A: FairWarning CEO Kurt Long On Launching Startups, Investor Relationships

When CEO Kurt Long started his information security company FairWarning, he built the organization from the ground up—but it wasn’t his first time doing so. Long has founded three companies over the course of his career and has learned the importance of partnering with outside investors to help take them to the next level.

FairWarning protects patient information in electronic health records for over 8,500 hospitals and clinics around the world as well as confidential information in financial services companies with over $500 billion assets. Last month, FairWarning received a $60 million investment from growth equity firm Mainsail Partners to scale and accelerate product innovation and expand the company’s focus on customer success.

Long spoke with Chief Executive about the challenges of starting a company from scratch, the importance of developing partnerships with investors and what CEOs should be paying attention to in the world of information security. Here’s what he had to say:

Building a team from the ground up

First off, it begins with a vision. I think every great business always has a really clear vision, and the clearer that vision is, and the clearer the founder and creator make sure it is in everyone’s mind, it makes things a lot easier. So we had a really clear vision and growing trust in the marketplace between patients and care providers. And without us, there would continue to be breaches and eventually identity theft. And I really felt like information in this industry is really vulnerable, and I think we have a huge opportunity to step in. We do catch bad guys misusing patient data, but we have a chance to protect and grow trust between care providers and their patients. So it started with that vision.

When you think in terms of who you start hiring you always attract—especially in the early days—you’re going to attract people who get it. They understand. “Hey, this happened to me once or it happened to a friend. My information got compromised at a hospital or at a bank. And if I could play a role in protecting others, I’ll leave IBM,” or “I’ll leave PricewaterhouseCoopers,” or “I’ll leave the bank I work at as a software developer and start the business.”

So the first role I hired was literally a software developer who built the product in accordance with the vision that I had, and then I served as the salesperson for probably the first 5—certainly not 10—but 5 to 5, 6, 7, 8 sales. It was just the two of us for a short period of time. And as soon as we got customers, we began bringing on other people to support them. But the core of it was a developer who believed in the vision and the mission, and then support people to help our customers become successful.

This is the third company I’ve founded from scratch, and I’ve always been a person who pays people, try to make every effort, even at the earliest stages, to pay people fair wages. I’m not a “Hey, work for free” guy. I’m just not that guy. So, I was paying. But the first employees always see something extra, for some reason, that they should take a chance on this company and this guy and give it a go, “And maybe I could be an important person at a company that’s going to grow,” and they see the opportunity.

“if you’re really focused on your customer, if you have a really clear vision and you can evidence that vision with proof points, the money happens.”

Building relationships with investors and demonstrating the value of your business

I’ve raised quite a bit of venture capital and private equity now during my career—nearly $100 million worth of venture and private equity. And I’ve developed some really, really clear beliefs. And my first belief is that money is rarely the problem in a business. When the story is there, the vision is there, the opportunity is there, and you can provide proof points that support that vision, real customer success proof points, real revenue, ideally real profits, that the investors want to invest in you. And my personal experience is that too often entrepreneurs are taught that raising capital is the key to success. And that’s a trailing edge indicator of your success, and that if you’re really focused on your customer, if you have a really clear vision and you can evidence that vision with proof points, the money happens. So that’s the first message.

Then the second message is it’s all going to come down to relationships. When you own a business that’s good and valuable, if you’re desperate, you might be willing to suffer through any relationship and be treated in any way to get investors, but that’s not what I believe in. If you have a good and valuable business that fits the criteria I’ve already given, then it’s a privilege for the investor to get the opportunity. So you can be picky, and you really start working with whatever form you choose to take the company market, whether you have investors paying, you can do it yourself, whatever the method is that you go to market. You can take the time to build relationships with investors and find people that you trust. And you can even work with them before they become investors and you have little projects to see how well you would work together, but what’s going to make your company successful post-investment is the trust and relationships that you have. So that’s a broad-brush strokes way of thinking about it.

You’re going to go through stress together, and I think we all know as adults that any time you go through stress together you either are around people you can work through the stress, or there are going to be relationships where you go through stress together and it doesn’t work. And you want to key in on those investor relationships that can withstand the test of pressure because you’re going to grow, or if you’re struggling, that’s going to be a different kind of stress.

What CEOs should focus on in the information security space

It’s a really complex space. Information security is evolving and it’s very, very complex. So to pick one thing out that a CEO could think about in terms of what they should think about is hard. But what I can say is that boards of directors and CEOs who let everyone know that your IT team has the support of the executives and of the board to secure the business more than anything else, and that includes showing a commitment through budget. It’s really tough to say there’s any one thing. It’s a true commit.

It’s really clear that businesses have invested in the perimeters of the business to try to create moats to keep the bad guys out. There is the shield with the cloud world, there’s fewer moats. We’re all interconnected. And what the bad guys have figured out is they can collude and take advantage of insiders within the business to grant them access. In other words, insiders can grant the bad guys access into the business to your cloud applications, or they can collude with the insiders to share and field data. So, if there is any one topical thing, it would be to make sure that with respect and for the sake of all employees and all people who count on the business, we take insider threats very, very seriously because it could bring the end to the business.

How his leadership style has evolved

I started out as a tech guy, and like a lot of tech people, wanted to do everything myself and at different times probably felt that if I take over this guy’s job because he’s not doing it right that I was helping the business. And I’ve come 180 degrees from that thinking. It’s all about empowering people. It’s all about getting the right people, training them, making sure they’re in a position to succeed, truly letting go and letting them run with it, letting them make some mistakes, knowing that they’ll course correct, how to grow talent, grow people. I think in the early days, you’re just hanging onto everything and you really can’t do anything alone at all. And so, today, I’m pretty much the opposite. I’m all about how do we empower people and recruit great people.

I would say I became very, very sensitive to alignment and believing that people are going to do roughly what’s in what their self-interest. And you can ask them to do what’s in your interest or try to force them to do what’s in someone else’s interest, but in the end, we all will act in our own interest. So if we can find alignment, where my interests and shareholders’ interests are aligned with the management team’s interests, are aligned with the customers’ interest, or care providers in this case, and their interests are aligned with the patients’ interest, all of that alignment together. Alignment is the most powerful force that you can get in a leadership style, in a business where we can get all of us acting together toward one common vision because it’s all good for us. That alignment piece is the one piece I learned the hard way.

Related: EnableSoft CEO On The Power Of Robotic Process Automation