How do you go from hacking as a hobby to becoming a booming startup in Palo Alto, landing a whopping €72 million in investments in the process? During the VentureClass last Thursday, HackerOne’s co-founder Jobert Abma shared his story about the road from Groningen to Silicon Valley.
HackerOne is a bounty based platform, where hackers earn money for finding security leaks, for major companies like Salesforce, Dropbox and Benchmark, to name just a few. The company was founded by childhood friends Jobert Abma and Michiel Prins, who both studied at the Hanze University and moved the company to Silicon Valley a few years back. HackerOne still has an office in Groningen where the majority of development is done and has just opened an office in London.
Coding by example & hacking the local TV station
Jobert and Michiel started coding and when they were 11 years old. “Michiel’s nephew was a little older and totally into programming”, Jobert explains. He sent us a CD with code through good old-fashioned snail mail and we got a book about coding at our local library. We had no idea what we were doing at the time, and we just copied lines of code and changed things until it did what we wanted it to do. We basically learned to code by example.”
“I can’t really talk about the things we did during most of our teenage years”, he continues, smiling. “Sufficed to say, we didn’t really understand the ethical implications of hacking at the time. For us, it was just a fun challenge to find vulnerabilities and snoop around. We had no bad intentions, it was just curiosity. Funny story, I got Michiel a little present for his graduation: the login for the broadcast teletext of our local TV station. The TV station was shocked and unhappy but our school saw it for what it was and didn’t punish us too badly.”
Nobody gets a cake
At age 17, they started their first company together, an online security consulting agency called Online24. “We weren’t old enough to officially start our company, so both our fathers had to come with us when we registered at the Chamber of Commerce in Groningen, where we went to study”, Jobert adds. “We didn’t want to make money on the side working at a supermarket, but initially nobody wanted to hire two really young guys consulting about security.”
“So we tried the Oprah tactic, like, handing out free cars”, Jobert continues. “But with cakes instead of cars. We offered to buy cake for the whole company if we couldn’t find a security flaw. Nobody ever got a cake from us”, he laughs.
Silicon Valley: hack your network
The two met Merijn Terheggen, who was living in Palo Alto and also still had a home in Groningen. “We always dreamed big and wanted to work with the big tech companies in Silicon Valley. Merijn invited us to drop by and crash at his place, so we could try to set up meetings. Facebook and Google of course get hundreds of emails requesting meetings, so we decided to hack Messenger and Gmail and tell them about it, which got us our meeting. Alex Rice, the Head of Security at Facebook actually invited us over for a bbq at the Facebook office, which was incredibly awesome. We also became close and Facebook hired us a couple of times.”
“We basically hacked our network and contacted them. The funny thing is, about a third never got back to us, and never even fixed their vulnerabilities. Another one third never got back to us, but did fix the problem. And the last third were like, this is cool, please come over and meet us.”
Who’s your CEO?
“Silicon Valley is a place where you find talent, but also where talent is worth something. We would make in a week what we would make in a month in Groningen, so we decided to make it our home base and hire more people. Basically the foundation of HackerOne”, Jobert explains. “Merijn actually signed us up for Y Combinator, the biggest accelerator in the Valley, and we actually got an interview with Paul Graham and his wife.”
However, the Jobert, Michiel and Merijn didn’t get accepted into the incubation program. The reason, not being to answer a single question: who’s going to be your CEO? “We never thought about that, but it’s really important if you’re going to make it. A CEO, a strong leader, especially when you have big plans, is essential.”
Finding investors and challenges
Despite being turned down, Michiel and Jobert decided to continue, investing their own savings. “And Facebook also paid for a lot of our HackerOne costs. In fact, when we decided on our idea to crowdsource security, Alex Rice came on board too. He had just left Facebook and had the same idea, but we were a little farther along, so he decided to join.”
At first, they decided to find their investors in the Netherlands. “We needed 2.5 million, which is a pretty big amount. We even turned down an investor, which was a really scary thing to do. He wanted to give us the first 800,000, then have us build something, and we would get more investments, and so on. Investors should never have a say in the operational side of things, just in strategy and vision. If you find an investor who wants to be involved in the operational side, get rid of them.”
Saying no really paid off for HackerOne. With a total of €72 million in investments, 80 employees, a community of more than 100,000 from 80 different countries and $16 million in bounties paid so far. “We’re not there yet though and we’re not doing it for the money. If that were the case, we would have done a lot of things differently. We’re a mission first company and our values of making the world a safer place is what matters most to us.”
“So, if I have to give some closing advice: stick to your values and be an advocate of them. Take a leap of faith and make sure you never lose sight of why you’re doing what you’re doing. We exist because of the community of hackers. If we lose those values, we lose them too.”