That First Big Deal – The Journey and the Impact

When I started Forticode I formulated a set of goals for our technology: our solution should enable a user to access digital records or undertake a transaction of any kind while being watched by someone else, without giving away the password; equally, it had to be immune to credential details being recorded via keylog, screen or mouse capture or via a hacked or compromised network. The password needed to remain hidden in plain sight. Everyone I knew, who I told, said I was crazy and after about six months I started to think that perhaps they were right, because I hadn’t come up with anything that made sense. I‘d set myself a challenge but I was losing motivation.

I knew I was onto something when an IP lawyer who I’d shared a version with called me at 3am, unable to sleep, and told me he’d spent the last 24 hours on a global search and couldn’t find anything even resembling OneTiCK anywhere in the world.

Then a fraud event occurred against a family member that fundamentally altered their trust in the digital layer. They went from being quite open and engaged to totally disconnected – it was destructive. Their reaction was quite confronting. Someone I cared about was suddenly disengaging, so I added a new criteria which was that whatever I came up with must be so simple that anyone could use it, because if I can’t protect the people I care about, there’s no point in doing this.

This is not the place to go through a product description but the solution I designed, what we call OneTiCK matches all the criteria I’ve outlined. I knew I was onto something when an IP lawyer who I’d shared a version with called me at 3am, unable to sleep, and told me he’d spent the last 24 hours on a global search and couldn’t find anything even resembling OneTiCK anywhere in the world. There were a lot of people focusing on complex solutions that didn’t meet our criteria, but nothing that solved the problem in such a simple way.

Within a fortnight of that call from my lawyer I’d raised my first ‘family and friends’ round of funding which gave me enough money to start a patent process, buy a couple of machines, stand up a base level solution…and leave my full time job.

That was in 2011. We’ve gone back to market six times since then to raise capital from friends, commercial investors and high net worth individuals; all via introductions. They were patient while we continued to develop the technology and began the process of making sales and generate recurring revenue. Australian industry can be risk averse when it comes to trying something new, especially if they’re the first cab off the rank. Signing that first major contract has been an exercise in endurance but we got there, doing it our way.

Committing To Australia

I’m a very passionate Australian. My grandfather, my father and my brother, all worked in the local car industry, so I’ve watched that industry go from being the backbone of the Australian economy, providing jobs to many people and being the engine room of Australian innovation, to being decimated then destroyed within a generation. We should be building replacement industries, yet I look around the IT sector and see good ideas leaving the country because they can’t get support in Australia. While there have been some recent successes, many have had to go and get support overseas and then return, which I find really tragic and hard to swallow. One of the principles I set myself was that under no circumstance was I going to take the easy path and leave Australia in order to grow our company. The implication is that Forticode’s ‘Horizon 1’ has shifted forward a number of times, making further demands on the patience of our shareholders and even our staff. It’s meant a longer road for us, but at the same time every line of code has been written here in Melbourne, all of our initial pilots and proof points have been in Australia and our first major client is an Australian company, and that means something to me. We’re in a position where we can say to the local technology and startup community, “It’s possible, but you have to be persistent.”

We went back to the drawing board, literally, and developed graphical versions rather than the text-based versions we were offering, but we still maintained a service-centric mentality rather than a customer-centric mentality.

Throughout the sales cycle you’ve got to have a very thick skin and a steel spine because you’ll get hit and you’ll get told ‘yes, yes, yes, we’re keen’ but never actually get the contract signed. You’ve got to be prepared for all the barriers that get thrown in front of you, and not give up. Ultimately there will be people out there who are prepared to have a shot as long as you can show them that you mean business, that the technology is robust (and exceptional) and that the reason you don’t have a global installation to point to is because of a guiding principle and not due to any product deficiency. It’s been a really hard process but I wanted Australia to be the first to benefit from this technology.

Getting to our first sale hasn’t been a linear process, we’ve had several technical pivots. Right from the start, the technology we developed was awesomely secure and embodied what we were trying to do but, like many technologists, we focused on the technology first and the user experience was, well, uninspiring. We went back to the drawing board, literally, and developed graphical versions rather than the text-based versions we were offering, but we still maintained what I’ll call a service-centric mentality rather than a customer-centric mentality. Old habits were hard to break. By the start of 2016 we had a number of companies engaging in Proof of Concept projects, showing interest in progressing to pilot and then pulling out and picking solutions that, by their own admission, weren’t nearly as functionally rich as ours.

Finally I put down my sword and asked them “Why?” They told us what we needed to hear: we ticked every box on capability but the implementation process was far too long; integration was on a per-application basis; we didn’t have a cloud based solution; there were too many touch points in the business to implement easily; change management would be a challenge; and finally the whole process was just going to take far too long. I sought the opinion of many of our prospects and got the same feedback; our competitors’ products were not as good but could be dropped in with less effort.

The message was loud and clear, so I gathered the team together and told them we were going to shelve five years of work and start over. I then explained to the board and the shareholder group what the idea was and said we were going to totally rewrite the playbook on security and were going to decentralise and deliver a web-based service. We needed to be able to stand up a solution at the click of a button so it could be delivered into an on-premise situation as a virtualised capability. We set ourselves the ambitious goal of building a cloud-based solution by the end of 2016 and we achieved that goal. That’s when we started pushing the commercial sales cycle hard. The team told me to step away from the keyboard and stop coding. My role became Chief Evangelist.

That First Big Deal

In January 2018, a bit over a year later, we signed our first commercial contract with local ERP software provider Pronto. They put us through a full architecture review, penetration testing and every other type of security assessment you can imagine and we came through with a thumbs up. Our technology, Cipherise, is going to be used as a competitive advantage and as part of their digital strategy to move incumbents from on-premise applications to cloud-based applications.

Developing a relationship with Pronto has been a fantastic experience. We’ve been fortunate to have top-level engagement from the CEO down. Before taking this leap they started by playing with the product. They asked for a ‘sandbox’ in which to trial the software and our team hooked them up to give them an immediate sense that this was real and the setup was quick and easy – exactly the opposite of the feedback we’d been getting twelve months before! After a relatively short trial period we signed a multi-year agreement, embedding our technology into their platform.

Our technology, Cipherise, is going to be used as a competitive advantage and as part of their digital strategy to move incumbents from on-premise applications to cloud-based applications.

A deal like this is a game-changer for us. We have a long list of interested parties who didn’t want to be first. They want a case study, they want somebody that they can talk to about the experience, to ask whether the software does what we say it does. Between this deal and our other recent deals we’ll have between 50,000-100,000 daily users onboarded this year. We now have implementation that has scale, that has critical information, and that complies to requirements like mandatory disclosure and other best practice standards and guidelines.

As a result we’ll double our workforce over the course of this year, predominantly in delivery and sales. That’s what one major deal means to a small company. Some startups have a customer before they begin, more often than not the place they used to work, and they develop a bespoke solution and then try to expand to other customers, whereas we started with a problem. We took a global issue, and tried to find the cleverest way to solve it and then once we had a solution we asked who would be interested in it. Ours was a longer journey but it was the right journey for us. We’re not beholden to anyone and we now look to become a global player in the fabric of authentication and identity platforms.

Tony Smales is the CEO and founder of Forticode www.forticode.com