Former Getronics COO talks through plans to kick-start next phase of growth as SecureLink CEO.
“We are still on a very clear agenda to become the global cybersecurity provider of relevance,” said Thomas Fetten, newly appointed chief executive of SecureLink.
Given the MSSP’s track record over the last three years, it would be foolish not to take SecureLink’s global ambitions seriously. After being acquired by equity firm Investcorp in 2015, the organisation has expanded into the UK, the Nordics, Germany and China in the last two years alone and is now present in 11 countries, employing upwards of 650 staff and hitting annual revenues of around €250m.
Long-standing CEO Marco Barkmeijer, the man who orchestrated SecureLink’s ambitious growth, recently became the firm’s chief commercial officer, with Fetten stepping into the chief executive role.
Fetten boasts a CV which includes more than 11 years at IBM, in addition to five years as chief operations officer of global IT services firm Getronics.
At Getronics, Fetten was responsible for managing and growing a €500m company with 4,500 employees and 22 countries worldwide. With this in mind, it is easy to see how the chief executive’s experience plays into SecureLink’s global ambitions.
“It needs somebody who has a multi-country operational experience, who undertands cultural sensitivities, the complexities of governance and coherence in a group and what it takes to bring that together,” said Fetten.
“For SecureLink specifically, the company is built in various countries with a strong entrepreneurial leadership team. And as we are now in the maturing process and really scaling across these 11 countries, we now have to introduce a more mature management model. Stronger governance, stronger integration from a process and tools perspective and leveraging the expertise that everyone in the group brings to the table.”
In reaching €250m in turnover and with operations across 11 countries, SecureLink has reached a new level of maturity, Fetten claims, saying that he is now responsible for striking a balance between SecureLink’s strong local heritage and its global corporate ambitions.
The CEO drew a comparison between Getronics’ and SecureLink’s management structures.
“When I started, Getronics was in 17 countries, then we ended up in over 22. It was very much the same [as SecureLink]; a very strong local cultural heritage that really benefited from the two things we drove there: integrating and leveraging that expertise but also focusing on a very clear growth strategy,” he said.
“In two years’ time I think we are going to see a market that will require us to make significant investments, train our people differently, look at new product and services. Another parallel to what I’ve done in my previous careers at IBM or at Getronics is focusing those investments correctly. That doesn’t change with regards to the size of the company, or the revenue or the number of countries. Once you are in multiple countries, the complexity doesn’t grow exponentially, it flattens out.”
As SecureLink becomes larger, Fetten said the firm will naturally take on a more corporate management structure, which could mean some personnel changes in the future.
SecureLink has always prided itself on its entrepreneurial heritage. The firm has acquired companies across the UK, Germany and the Nordics, and has mostly left management teams intact, with company founders staying on at the company.
“I see a lot of companies being sold and the managing directors leaving immediately. I think we have found a great balance within SecureLink to keep the individuals on board where it is sensible,” he said.
“I think the crossroads you reach when you do this are: the founders and investors were tremendously successful, but they ran a specific country and a specific unit, and not every founder wants to go into a more corporate-style governance structure, which, when a company reaches €200m to €250m, is going to be imposed.
“There’s going to be a natural time when individuals will move on… At SecureLink you will see new management skills coming in that are more experienced in leading companies of this scale and complexity. This is something that is a natural thing – it is not something we are encouraging or enforcing.”
SecureLink took a step back from the M&A game in 2017, as former CEO Barkmeijer said the firm will focus its efforts on growing organically through hiring 150 more cybersecurity specialists across the group. The firm’s recent expansion into Shanghai, its first push outside Europe, was an organic move rather than through M&A.
But over the next five years, M&A will play a key part in SecureLink’s growth strategy as the company looks to step into new geographies, bolster its scale in existing markets, and diversify into new areas of cybersecurity.
“M&A should never be off the table, never, because the markets are very dynamic and if opportunities present themselves then we will absolutely look at that opportunity. We are continuously looking at companies that are on the market for sale and we will continue to do so this year,” he said.
“Expansion into new geographies continues to be on our road map as well. Our priorities are to focus and expand in Europe, both into new countries but also from a sheer scale perspective. There are conversations we are having with clients to see where there is a necessity to follow them into other geographies, but we are not right now, for example, looking for acquisitions in North America – that is not a short-term focus.”
Fetten will particularly look to grow SecureLink’s UK and German operations, both in terms of building each country’s headcount and customer base. M&A opportunities will play a part in growing out each market, but the CEO also explained that its Nordic business can also be leveraged to assist German and UK customers.
“What shouldn’t be underestimated is the power of having all these companies come together over the last three years. One example of that is that Germany and the UK are benefiting tremendously from the cyberdefence centre we have in Sweden. That’s approximately 60 resources that are trained cybersecurity experts that can be leveraged to monitor environments regardless of geography. What Germany and the UK can do immediately is go out to their clients and offer a service that they can more or less benefit from out of Sweden.”
A new US rival
SecureLink’s fiercest competition has always come from other global cybersecurity specialists such as NTT Security and NCC Group. However, US-based firm Optiv recently appointed European general manager Simon Church to orchestrate a string of cybersecurity acquisitions across the UK and Europe in order to grow the firm’s international presence.
The $2.2bn-turnover giant was also being funded by SecureLink’s investor Investcorp, but was acquired by KKR in December 2016.
Breaking into Europe is never an easy task for US-based channel firms, but some resellers such as CDW, SHI and Insight have become established names across the Atlantic.
“Any market player that wants to expand into a region is going to be presented with the challenge of doing this organically. If Optiv, or any other player, wanted to expand into Europe and hire 650 security consultants, they would be very challenged to find them. With the increased threat level, GDPR and other regulatory requirements, the availability of highly skilled cybersecurity experts is extremely limited. So I think the Optivs and others are going to be very challenged to enter these markets without acquisitions,” he said.
“What our observation is, there are still some smaller companies that are very unique in a single country that are potentially opportunities to acquire. But if an Optiv would do that, it would be a tremendously challenging and longer-term integration process. To get the scale in these countries, you would have to either spend a lot of money or make multiple acquisitions in a foreign geography, which, for North American companies, is very difficult,” he said.
This article was copied from Channelnomics.