Nanaimo-Born Startup Grows Into Digital Security Juggernaut In Just Five Years
VICTORIA – One would not expect a fight against digital bad actors across the globe to originate from a home office in a small town like Nanaimo. And yet, in 2015, that’s where HYAS Infosec Inc. drew its original battle lines in the perpetual fight against cyberattacks and the criminals who commit them.
There, CTO and co-founder Chris Davis, together with partner Steve Heyns launched the now Victoria-headquartered HYAS with a strong and clear vision.
“I wanted to establish a cybersecurity company that could preempt attacks, something we call pre-zero-day security, before they could harm consumers or businesses, in a way that would provide significant efficiency for security analysts and significant value for enterprises,” explains Chris. “I realized the key was understanding attacker infrastructure, and the way malicious actors use assets on the Internet, and to be capable of collecting enough data to become the de facto expert in adversary infrastructure.”
If anyone had the pedigree to shoulder this task, it was Chris.
A twenty-year veteran of the information security industry, Chris launched a number of successful startup firms, as well as operating in senior roles with cyber security companies, amongst them as Director of Threat Intelligence at Damballa, Inc. and Endgame, both in Atlanta, Georgia, Senior Security Consultant for Global Information Security Assurance at Dell’s headquarters in Round Rock, Texas, and as technical advisor for The Citizen Lab in Toronto, an organization focused on global security, human rights and information and communication technologies.
Chris was also instrumental in dismantling the Mariposa botnet, a complex malware scheme comprising one of the largest networks of hijacked computers on record. More than fifteen-million PCs in nearly every country were compromised, with infiltration of massive corporations and government computers worldwide, including numerous Canadian banks. For his troubles, Chris became the first Canadian and one of very few non-FBI employees to receive the FBI Director’s Award of Excellence.
In short, Chris knew his stuff.
Many organizations struggle to respond to attacks, playing an online version of “whack-a-mole” where security teams plug security holes only after discovering an attack, essentially entering a cycle of defensive response rather than offensive deterrence. The destruction wrought by repeated attacks can create a snowball effect of lost revenue and reputation difficult to overcome. Largely organized criminal gangs and repeat offenders, these bad actors relentlessly pursue their targets for illicit profit. HYAS helps enterprises get ahead of the attackers through a superior understanding of their infrastructure so they can block attacks before they breach the walls.
“HYAS plays in the cybersecurity space, where criminals are always scheming new means to steal,” elaborates Chris. “The Internet uses a set of protocols called the Domain Name System (DNS), similar to a phonebook of web addresses, to ensure information passes between intended sender and recipient. HYAS has a superior understanding of attacker DNS infrastructure. We help enterprises understand attacks, and how to preempt future ones. HYAS observes DNS network queries to websites and blocks attempts to reach “bad” websites with a questionable reputation, or that may be utilized for malware command and control or phishing.”
These tactics keep a variety of sensitive information out of the hands of criminals, including banking and personal information of citizens, and the tools organizations and governments use to protect sensitive data and vital digital and physical infrastructure. One of the more nefarious schemes saw HYAS discover highly-targeted cyberattacks against France’s nuclear power stations, rail system, and additional critical infrastructure. HYAS traced the attacks to a single individual in Morocco, providing details of their investigation to French authorities via the US Embassy in Paris.
With success like this, it stands to reason HYAS has grown by leaps and bounds over its relatively short existence.
Since receiving its initial seed funding from global investment management firm Wesley Clover, to being awarded $6.2 million from Microsoft’s venture capital arm M12 in 2019, today HYAS employs a team of almost thirty, with a growing clientele across three continents and multiple countries. Their customers include two of the Fortune 5 enterprises and numerous Fortune 100 enterprises, from financial services firms, insurance companies, large technology firms and federal governments.
Even with an expanding international profile, HYAS remains connected to its BC roots and Canada as a whole, drawing from an exceptional pool of technical talent coming from provincial universities and other Canadian institutions. And, it still maintains a small office in its birthplace of Nanaimo.
With the cybersecurity market at around $120 billion USD annually and cyberattacks rising, HYAS and its partners are never short of work, and it remains dedicated to expanding its product portfolio with innovative, disruptive technologies to help enterprises block attacks before they can happen.
Concluded Chris, “We will continue to capitalize on our strength in threat intelligence, and move into new spaces allowing us to better combat cyber fraud, hunt for threats, proactively respond to cyber incidents and pinpoint perpetrators.”
As Chris noted to Fortune Magazine in a recent interview, “My drive is to locate the bad guy.”
The business of being one of those bad guys seems an increasingly dubious path.