How Malwarebytes founder Marcin Kleczynski turned an infected family computer into a multimillion-dollar cyber security company
Tuesday, September 11, 2018/
Despite having millions of customers around the world, more than 10 years of operations to his name, and nearly $US115 million ($161 million) in venture capital, Marcin Kleczynski’s mother still thinks his cyber security company Malwarebytes is just a “school project”.
That’s probably because Polish-born Kleczynski was only 14 when he first began the company what would eventually turn into US-based Malwarebytes, which is celebrating its 10th anniversary this year.
Speaking to SmartCompany while visiting Australia, Kleczynski says the seeds of Malwarebytes were first planted 14 years ago, when the young founder found himself battling a malware infection on his family computer, with no help from his anti-virus software.
“I went online and found this security forum, where all these people, these volunteers, were helping people solve their virus problems. I still consider them superheroes to this day, and it still blows my mind why a community like that even existed in the first place,” he says.
“They spotted the problem in a few hours, and then a woman from Belgium started stepping me through all the instructions on how to get the malware off manually. My anti-virus program Symantec at the time would neither protect from, nor remove, any malware on the machine.”
After three days of screwing around, the family’s computer was fixed, but the founder had caught the itch for solving problems and decided to stick around and help out on the forums.
Over the next four years, Malwarebytes slowly evolved into a proper company, with Kleczynski teaming up with forum regular Bruce Harrison (now vice president of research at the company) to build the startup’s first set of anti-virus tools. These setup days also gave the company its name, with the founder being gifted the dormant ‘malwarebytes.biz’ domain name.
“I actually used to hate the name, but it was gifted to me,” Kleczynski says.
Harrison helped Kleczynski build the software into something easier and more familiar to use, but Kleczynski laughs that he and Harrison worked together for almost a year before actually meeting face to face.
“I was sixteen and building an antivirus software, and for Harrison it didn’t go down too well telling his wife he was working with a 16-year-old kid online,” the founder laughs.
“We actually made our first million before we met in real life.”
“Never in my wildest dreams did I think it would get this big”
Two years later 2008 rolled around, and the founders officially launched Malwarebytes. But Kleczynski still wasn’t running the company out of a proper office, with an apartment at his university’s campus serving as the company’s “headquarters”.
“I remember in my freshman year, I was working online to disassemble a virus and the school network actually kicks me off, and says I need to install one of these three anti-virus programs,” Kleczynski recalls.
“So I call the helpdesk and a kid no older than me shows up and proceeds to download and run Malwarebytes right infront of me.
“It was there and then that I first thought that the company had a chance.”
From then on, Malwarebytes was off to the races, though the company didn’t lock in any funding until a $US30 million round in 2014. Rather, it grew organically through almost entirely word-of-mouth marketing.
Kleczynski identified that his product was highly popular with a cult-like following from individuals who used it in their homes to protect their PCs and banked on those clients “bringing us to work” by implementing the software at their businesses or places of employment. The gamble paid off, with around half of Malwarebytes’ revenue today coming from enterprise customers.
That revenue is estimated to be upwards of $US150 million, and the company now has over 700 employees, but neither Kleczynski nor his family can really believe how successful the company has been.
“Never in my wildest dreams did I think it would get this big. I even stayed at uni for my whole tenure mostly as a fallback plan,” he says.
“To this day my mother still thinks it’s a school project.
“But all jokes aside, I’m incredibly fortunate to be leading such a talented group of people. They’ve helped me get off my computer and opened up my eyes to what we can achieve in the world of remediation.”
And while finding those talented people is a hard task for any startup, Kleczynski says he’s tapped into a secret pocket of tech geniuses: the ‘superheroes’ from his old security forum.
“That same community that helped us out initially we tapped as a talent market. We told them: ‘You know what you’re already doing for free? Come do it for us and we’ll pay you’,” he laughs.
Companies must strive to be experts in one area
Looking forward at the future of the cyber security industry, Kleczynski says there’s plenty of room for innovation, mainly due to the relentless pace at which cyber criminals themselves innovate.
One emerging market Kleczynski can see is mobile phone security; the entrepreneur is “shocked” at the amount of malware found on third-party app stores.
“They’re cesspools of malicious data,” he says.
However, Kleczynski has a warning for any aspiring cybersec companies, as he’s seen many bound into the space with whizz-bang solutions, only to fall over when trying to spread themselves across too many different areas.
“There’s typically a lifecycle of a company here, where they’re very good at doing one thing, and then they begin to expand and start to stop being good at what put them on the map in the first place,” he says.
“I see this with so many companies. You need to be like Apple: very good at one thing.
“Though customers want one company who can provide it all, that’s not the case. Just like how Proofpoint is the best with email security, Malwarebytes is the best with endpoint security. But it all has to be about security being simple.”