By SGN | 14 Feb 2023
While numerous hackers have flipped from black hats (malicious bad guys) to become white hats (ethical good guys), applying their skills to shore up cybersecurity defences against the very attacks they used to mount, Ben’s turnaround occurred remarkably early – when he was just a teenager.
From around the age of 7, after he was shipped off to boarding school back in the UK, Ben became fascinated and inspired by stories of hackers who broke into computers from their bedrooms. This prompted him to begin tinkering with code and computers and led him into what he calls a “downward spiral”.
At 17, when he was booted out of school for not heeding a final warning to leave his hacker ways behind, Ben came to a crossroads.
“I had to make a decision: Do I go back to school? Or do I go straight into a professional career?,” he recalls. “I chose the latter.” As for the industry he would enter, Ben says he “didn’t have a choice” – cybersecurity had already chosen him.
For well over a decade, Ben worked as a professional consultant, helping large enterprises and organisations understand how their digital assets may be stolen, and preventing such breaches with strengthened defenses.
In 2014, the cybersecurity consultancy Ben was at appointed him to run their business in Singapore. Never one to turn down an exciting new opportunity, and with mere weeks of advance notice, 23-year-old Ben packed his bags and left grey and rainy London for the warmth and blue skies of Singapore.
Eventually, however, Ben longed for a better way of serving his clients. “There was a frustration with the limited impact you can have working with one client at a time, each for a six-month period,” he says, “when the industry is moving so quickly and global demand for cybersecurity is increasing so rapidly.”
Thinking like a hacker
“Traditionally, organisations engage cybersecurity consultancies once a year to do a penetration test,” Ben points out. “But it’s no longer enough to test your systems once a year. Our understanding of cybersecurity is changing on a daily basis, and the tactics of adversaries are constantly evolving.”
Yet, owing to a constant shortage of talent in the industry, there isn’t enough manpower to perform continuous testing at a high frequency. To solve this, Ben turned to tech. He created watchTowr, a first-of-its-kind cybersecurity service that automates testing across multiple clients, fuelled by large-scale data analysis, thus scaling the impact of his work. Because of his ability to think like a hacker, Ben is able to simulate the persistence of sophisticated cyber aggressors, beating them at their own game.
“Our technology takes a very proactive approach, continuously hunting for vulnerabilities and weaknesses,” he explains. “This means that as soon as a weakness arises in any system, we are in a much stronger position to identify it before anyone else attempts to exploit it.”
After its founding, watchTowr grew rapidly, raising over $10 million within its first year from investors such as Wavemaker Partners, Vulcan Capital and Prosus Ventures. The majority of clients acquired belong to banking, financial services and insurance (BFSI), sectors that are no strangers to the reality of cybersecurity threats.
“We had our first client on board within a month. We had our first banking client in two months,” Ben says. “Our technology is incredibly easy to deploy, so potential clients can very quickly trial it to see how effective it is.”
A rising tide of cyber threats
In the past, Ben notes, hackers were typically mischievous kids or malicious actors whose aim was to disrupt and destroy. In the last 10 years, these objectives have expanded. “It’s not just about gaining access to systems out of curiosity now, but about monetising these breaches.”
Ransomware, data breaches and cryptocurrency theft are so lucrative and so rampant today that adversaries are investing enormous resources in researching new techniques to evade security controls. At the same time, offensive cybersecurity has increasingly become an accepted way for nation-states to exert influence or gain an economic advantage.
As the use of technology continues to escalate globally, digital infrastructure offers an endless proliferation of vulnerabilities that can be weaponised. With the rise of AI technology, offensive and defensive capabilities will become more efficient and sophisticated.
“AI is better than humans at spotting patterns in data, especially across huge datasets,” Ben says. “And so we will likely see the realm of cybersecurity become AI versus AI over the next ten years or so.”
The evolution of an industry
On the advantages of founding his startup in Singapore, Ben says the country’s focus on innovation has facilitated the development and adoption of watchTowr’s technology. “Singapore is such a supportive environment for businesses, while being incredibly well connected to the rest of Southeast Asia,” Ben observes. “It has also been a fantastic place to live in for the past eight years.”
During this time, Ben has witnessed the evolution of Singapore’s cybersecurity scene, including the establishment of the Cyber Security Agency in 2015, the passing of the Cybersecurity Act in 2018, and the creation of programmes to bolster industry talent. “In terms of cybersecurity, I haven’t come across a more supportive, more forward-looking government, in both commercial support and ecosystem development,” he says.
Despite a lack of educational qualifications, Ben has sought to prove himself in his career by building industry-relevant credentials from organisations such as CREST, where he has been an Asia Advisory Board member for the past four years.
“CREST is a global body I’m very proud to be involved in, to help upskill professionals across the industry and support certification for individuals and companies to enable baselining of technical competency,” he shares.
Positioned for global growth
Cybersecurity is a global problem that’s not going anywhere, and Ben sees huge industry potential in Singapore. “The great thing about Singapore is that it has tackled the challenge head on,” he says, “and all the work that’s gone into building talent and programmes is paying off, as we see more organisations awaken to these issues and look into solving them.”
As for watchTowr, which is now barely 18 months old, interest in its capabilities is steadily streaming in from markets like Europe and the US. “Ultimately, Singapore will remain our headquarters, and we want to continue to support and give back to the ecosystem here,” he says. “But we do have plans to venture into the West and Australia, and capture clients in sectors like technology, e-commerce and healthcare. 2023 looks to be the year where we expand our operations overseas.
“Singapore is in a very unique position where so-called domestic clients may be regional teams connected to global corporations. This is what makes it a fantastic place to build a business. You have access to this incredibly broad spectrum of clients on the doorstep.”
Named one of Forbes 30 Under 30 in 2022, Ben is the founder and CEO of watchTowr, a Singapore-based cybersecurity tech startup that has raised over $10 million from investors such as Wavemaker Partners, Vulcan Capital and Prosus Ventures.
Connect with him here.