Casey Ellis was still “noodling” with the idea of his bug-bounty startup Bugcrowd when he decided he needed to build it in Silicon Valley instead of Sydney.
“I was pretty strong on the idea of the business, and I figured it would either catch on fire and fail or move very quickly,” Ellis tells StartupSmart.
Seven years and over $50 million in VC later, it’s safe to say Bugcrowd has fallen into the latter category. Ellis’ business is one of the largest crowd-sourced bug-bounty and penetration-testing companies in the world, even being chosen by the US Department of Defence to ‘Hack the Pentagon’ last year.
With Ellis himself starting out as a ‘white-hat’ hacker (one of the good guys), he determined early on there was a market to be made in allowing companies to have their security systems tested by thousands of white-hat hackers, rather than the traditional model of smaller teams or individuals doing the testing.
The company found itself in Blackbird’s Startmate cohort in 2013 and proceeded through four months of accelerating, incubating and demo day-ing, which included a trip to San Francisco.
“I knew that if Bugcrowd took off, I’d want to access the sort of people who ‘got’ our tech and could help us get capital and get customers. Coincidentally, these are all things San Francisco is really good at,” he says.
“I chatted to my wife about the possibility of moving, and when we saw proof of life for the company, we did what we said we’d do and moved.”
Bugcrowd landed in the Valley in April 2013, which was just a month before famous whistleblower Edward Snowden released thousands of classified security documents from America’s National Security Agency, revealing details on previously unknown global surveillance operations established by the US and other countries.
Snowden’s release of these documents was an unintended boon for Bugcrowd, with Ellis saying the release significantly elevated the global discussion on security, with the company in a strong position to take advantage of the hubbub.
However, Ellis was battling being hamstrung by the US’ 90-day visa terms for working Australians, and quickly found himself back home in Sydney building his US-based company while desperately figuring out how to officially emigrate.
After solving his immigration woes, Ellis headed back to the Valley and started seeking US capital to grow Bugcrowd. However, the founder was quickly hindered again due to his nationality, but this time for a different reason.
“Up until that point, investors had told me they’d loved my idea and that I was the right person to do it, but when I went to pitch US investors for a capital round, it was like I was speaking a different language,” Ellis says.
“It’s because Australians chronically undersell themselves. We have it culturally beaten into us from birth that we should never shout our merits from the rooftop, but when you come out to a market like the US it’s pretty much part of the deal.”
“You need to be able to say you’re world-class without flinching or backing down, and that was a learning experience. It was jarring.”
The advice Ellis was given was to emulate the American demeanour, to be brash and loud and “beat your chest a lot”. But that didn’t do the Australian any favours, making him feel like someone he wasn’t.
“In the end, that was terrible advice, because whenever I did that I was 100% faking it. Another thing about Australians is that we’re pretty bad liars,” he laughs.
Instead, one solution Ellis found was to contextualise his experience and “package” ways his Australianism would make him attractive to potential investors. The founder describes the difference much like a language barrier, and what you have to do is learn how to speak it.
“Australians also have a reputation for being a bit crazy and off-the-wall, and that means we can get away with things Americans can’t,” he says.
Tall poppy prevalent
Despite his troubles getting settled, Ellis says he wouldn’t have been able to grow Bugcrowd as quickly as he has if his company had stayed in Sydney.
He describes the Silicon Valley experience for startups as “dense”, with resources and opportunities being available everywhere, sometimes where you least experience it.
“I remember when the Startmate cohort landed in San Fran, we went to a meetup where the chief security officer at Facebook was speaking. I went up to him afterwards, a bit scared, and asked if he’d mind me emailing him from time to time about Bugcrowd,” Ellis says.
“Instead, he offered for me to come to Facebook on Wednesday and talk to him about it face-to-face.”
“The thing about that story, if you tell it to people in San Francisco it’s nothing extraordinary, but I would have flown from Sydney to San Francisco for just that meeting if I had been in Australia.”
For any founders looking to make it big in the Valley, Ellis says Australian need to know their strengths along with their weaknesses, and use both to sell themselves.
“I know we have a problem with tall poppy in Australia, and I think while there are good parts to it, it does us a disservice on the global stage,” he says.
“We need to be reminded that we’re uniquely good at troubleshooting as a culture, and also very good at taking whatever’s in arm’s reach and using it to fix our problems.”
“It doesn’t take extraordinary intelligence to market your ability, it just takes balls to step out and have a go.”