Eldon Sprickerhoff is in a reflective mood.
After running hard for more than two decades, he’s taking a step back from the day-to-day operations of eSentire, the internationally successful cybersecurity company he founded 21 years ago this month.
“It’s a luxury being able to sort of step away and reflect on how far it has come,” says Sprickerhoff, who recently traded the title Chief Innovation Officer for Founder and Strategic Advisor. “The company is bigger than anything I ever expected it to be.”
Waterloo-based eSentire has been on a roll for the past few years as the global demand for cybersecurity continues to burn red hot. In February, the company announced its latest raise – a US$325-million deal that boosted its valuation to more than $1 billion. It also surpassed US$100 million in annual recurring revenue. The company serves more than 1,500 customers in more than 80 countries and has added over 230 employees this year, bringing its global workforce to 675.
Back in the fall of 2001, eSentire was simply an idea for a startup. Sprickerhoff had been commuting from Milton, Ont. to New York City to work as a network security consultant in the financial services industry. The dot-com bubble had burst. The 9/11 terrorist attack had rocked the city. And his wife, Carole, had given birth to a daughter several months earlier.
“When all of these things were combined,” recalls Sprickerhoff, “Carole’s underlying message was: ‘You need to come back home.’”
But what to do for employment?
After graduating from the University of Waterloo’s renowned math and computer science program in 1991, Sprickerhoff first worked in development, bridging over to systems administration and networking at RBC. This broad skill progression enabled him to develop an expertise in the emerging field of network security.
“There was no obvious career path into cybersecurity back then,” he says. “It wasn’t even called cybersecurity – it was referred to as ‘information security.’”
A hacker conference he attended in New York in 1997 fueled his interest in security. The young techie had found his calling.
“It seemed to match well with my personality and temperament,” he says. “I generally like to look for what the flaws are, to poke in the corners and see what happens. You know when you find that thing and it just clicks? That's how it basically started – it just built on everything that I’d done until then, and I was hooked.”
In the fall of 2001, Sprickerhoff decided to put his experience and passion to work in his own startup.
“It came down to a question of, OK, what can I do?” he recalls. “I knew I was good at it, I knew I could do it, and I could always go back to consulting."
Sprickerhoff rang up his lifelong friend Edmund Dengler and persuaded him to put his PhD studies on hold and come join the startup that would become eSentire.
In his previous work, Sprickerhoff had detected a gap in what was offered by traditional managed security services companies. Most were simply installing and managing a client’s firewall – running antivirus software, monitoring VPNs and performing vulnerability assessments. If they spotted a potential threat, they’d send an alert and let the client take it from there.
The missing piece was a speedy response. Sprickerhoff saw an opportunity to not only manage a client’s network defence but to respond to threats immediately.
“I came from this perspective where it was like, I would like to have at my fingertips the tools that would be available to be an instant response handler,” he says. “The core idea was that I’d like to have as much available data as I can so if I see something that’s a little unusual, I could investigate and do a deep dive and then try to stop it if possible, and be able to eventually report a verifiable ‘all clear.’”
Thus was born the concept of Managed Detection and Response (MDR), an assertive approach to cybersecurity that Sprickerhoff is credited with pioneering.
From the get-go, he and Dengler worked long hours to build eSentire’s services, establish its reputation and win clients. They opened their first office in Cambridge, Ont. Carole Sprickerhoff signed up as the fledgling company’s bookkeeper (Eldon refers to her affectionately as an “unindicted co-conspirator” because she took care of the startup’s invoicing, payroll, taxes, and office management). The company gained traction, was profitable and grew steadily year after year. But after eight years, the partners knew they needed more experienced managerial leadership to expand the company beyond its “boutique” security shop status.
“We were basically just tech bitheads without a single whit of business acumen between us,” says the self-effacing Sprickerhoff. “We didn’t know anything about product-market fit, we didn’t know about the sales funnel or process, we didn’t know how to use marketing, outreach, finance or how to raise capital.”
They started making connections through Communitech. One of the people they met was J. Paul Haynes, an engineer by training with years of tech-management experience.
“We were originally looking to build an advisory board but it made more sense to bring J on as a CEO,” says Sprickerhoff. “We had no idea how to do any of (the business-scaling basics) and J brought all that knowledge. He came in and mentored me in these things and that changed the trajectory of the company like nothing else. We would not be here if not for J. Paul Haynes.”
The new CEO came on board in October 2010. He began putting the business systems and strategies in place that would lead the company to exponential growth over the next decade.
Meanwhile, Sprickerhoff and Dengler were free to focus on technical product development, client services and staying abreast of the rapidly evolving nature of cyber threats.
The need for cybersecurity has soared in recent years. As more data is shared and stored digitally, as more business is transacted virtually, and as more people work remotely, the opportunities for cyber criminals and politically motivated cyber disruptors has never been greater.
One of the current priorities for eSentire is using machine learning to comb through the vast amounts of data generated by cyberattacks and then use these “threat analytics” to better understand and defend against future attacks.
“There’s so much data coming out of all these disparate sources that you can’t just throw people at it,” says Sprickerhoff. “We’re building up machine-learning models, which are basically fancy statistics on huge data sets that can identify anomalies or unusual behaviour quicker than humans searching through it.”
In cybersecurity, change is one of the few constants. The same goes for rapidly growing companies. In 2012, Edmund Dengler decided to leave eSentire to pursue other interests. In 2018, Haynes became President and COO to make room for a new CEO, Kerry Bailey. And in 2019, the company moved to Waterloo from nearby Cambridge, doubling its space to 65,000 square feet.
Sprickerhoff took a sabbatical this past summer. Coming out of it, he decided to shift to a more advisory role.
“There were so many big things that happened this year – a big investment round, we’ve opened new offices – and it came to this point where I felt for the first time that I didn’t need to be a helicopter parent.”
A popular conference speaker, Sprickerhoff is also a mentor. In early 2021, he was invited to serve as an entrepreneur-in-residence at the Rogers Catalyst Cyber Accelerator on the Brampton campus of Toronto Metropolitan University, the new name for the former Ryerson University.
Working with startup founders reminds Sprickerhoff of the mistakes and unnecessary detours he made as a young entrepreneur.
“During my sabbatical this summer I decided to do a writing project – basically a list of all my screw-ups from the early days of eSentire,” he says with a self-effacing chuckle.
This writing project is currently 9,000 words long and regularly updated. When pressed for a sample, Sprickerhoff suggests a subset of what he calls his “TL, DR” (too long, didn’t read) summary:
- Nobody will love your baby as much as you do.
- You need to love what you do because starting a business is so all-consuming.
- All the easy work has already been done.
- Become comfortable with vulnerability.
- At some point things will fall apart.
- You get to define your own measure of success.
""This writing project is part of my own cathartic process to work through the difficult early years of the business,” he says. “It’s an introspective collection of these kinds of little thoughts and replaying of historical bits, sort of half warning, half encouragement pieces. Maybe some of them are really obvious, but they certainly were not to me at the time.”
One of the things he notices among budding founders today is a fixation with scoring a big investment round.
“Congratulating someone on a raise is like congratulating the chef on buying the ingredients: It’s good, but now you've got to actually do something with it.”
Sprickerhoff urges young founders to focus on defining and articulating their core business idea.
“When they’re building these pitch decks, I say: ‘What’s the problem you're trying to solve? Don’t worry about capital raises or company valuations. Can you describe what the problem is that you’re solving?’”
Another learning involves time, hard work and expectations.
“It’s going to take a lot longer than you expect,” he cautions. “Don’t be surprised if it takes 10 years to get any significant measure of success. I have found that that is surprising to many startup founders. When you see any kind of success, it’s not in the first year, or two or five years, it’s sort of eight-plus years where you get established. If you survive that long, you’ve got a good chance of success.”
One lesson Sprickerhoff figured out early on is the importance of taking care of your health and well-being.
“At the beginning there was no work-life balance,” he recalls. “We worked easily 12-plus hours every day and weekends. And I don’t think we could have survived otherwise – that’s just what it took. But you must do something to deal with the stress.”
For Sprickerhoff it was Aikido, a Japanese martial art that emphasizes a sense of “harmonious spirit.”
“I've been practising it for just under 20 years now,” he says. “There’s both a physical aspect and a mental aspect to it… I don’t think the company could have survived without that kind of outlet for me.”
Sprickerhoff, who is quick to acknowledge the contributions of others, says that one of the things he’s most proud of is the ongoing career successes of colleagues who got their start at eSentire.
He mentions one person who had been working at McDonald’s; another came from greens maintenance at a local golf course.
“I’m super proud, without any sort of puffery or whatever, of what we’ve built in the community,” he says. “Some of the earliest hires, they didn’t necessarily have university or college degrees – they were just raw, young people who enjoyed computers and had the ability to grow along with a cybersecurity startup. I could see that, and it just worked.”
As eSentire turns 21 this month, Sprickerhoff is enjoying the freedom of his new role and looking forward to where his talented colleagues take “his baby” next.
“I’m still very involved in the company but I don’t need to be part of the day-to-day operations,” he says. “I’ve never really been one for titles, anyway. When people ask what I do, I’ve always said I do whatever it is I’ve gotta do.”
That could include evangelism (he recently returned from speaking at a recent VMware Explore Europe conference in Barcelona); due-diligence advice around acquisitions; and the introduction of products or companies that he feels could help grow eSentire. Earlier this month, he led a workshop in Cleveland about preparing an incident response framework for manufacturing companies.
“I am equally comfortable analyzing captured raw network packet traffic as I am coaching founders, so I can be dropped into many different situations,” he says. “I am happy to keep doing that until I’m told that it’s time to stop.”