Melanie Rieback urges a rethink of traditional business models in cybersecurity

DoorMichelle Wols
Melanie Rieback urges a rethink of traditional business models in cybersecurity cover

Dr. Melanie Rieback, the CEO and Cofounder of Radically Open Security, spent years building privacy-enhancing technologies to protect us from tech giants. “After probably 15 years of doing this, I grew frustrated because I realized that I was building technological band-aids for business model problems,” she said.  That is when she realized that “We need to fight business models with business models.” Now, she advises security professionals looking to build companies, and who have a social orientation, to consider new forms of social enterprise (“Post Growth Entrepreneurship”), including applying Steward Ownership, which is a model of corporate governance where profit rights are strictly separated from voting rights.

In this article, we share her perspectives on the need to challenge the traditional, profit-driven approaches that have long dominated the cybersecurity industry. Unlike many of her peers, Melanie and her team avoid the path of Venture Capital and acquisition, opting instead for a not-for-profit structure of which 90% of profits are given to a foundation.

The importance of national sovereignty

The Dutch government invests heavily in cultivating the startup ecosystem, “and our companies are basically for sale to the highest bidder" said Melanie. She has taken a different approach with her own company, Radically Open Security, which she describes as a not-for-profit company that is "fully owned by a foundation."

Explaining her unique business model, Melanie said, "About 10 years ago, I gave the company away. I sold it for one euro to a foundation to ensure that the company would never be sold again." This decision was driven by her belief that the cybersecurity industry is often more focused on financial extraction than on cybersecurity solutions.  "The vast majority of cybersecurity companies get venture capital at the beginning, they grow exponentially for three to five years, and then they get acquired.   Selling cybersecurity products and services is not even at the heart of the business model."

In the Netherlands, this is an issue.  Dutch cybersecurity businesses have been sold to foreign interests, resulting in the confidential data of Dutch corporate and governmental customers going to other countries.   Melanie explains: “It sounds quite populist, but we need our Dutch companies to stay Dutch.  There is otherwise a data governance and privacy problem, plus the cybersecurity company no longer optimally serves our local ecosystem – and Dutch time and money went into creating these companies in the first place.”

Challenging the ‘acquire-and-discard’ mentality

Melanie emphasized how easy it is to get a cybersecurity business sold.  There is a talent shortage in the industry, so “if you can get enough cybersecurity staff together in one place, you’re already an attractive acquisition target.”  Upon acquisition, products and services are frequently discarded as these companies are absorbed into larger entities.  “The culture of the acquired staff also tends to culturally clash with the acquiring party, and after a year or two there's generally huge attrition, and most of the senior staff also leaves.  It’s pure value destruction.  But the shareholders who sold the company,  don’t care at that point they have cashed out. So what happens to the company afterwards isn’t their problem.  Many cybersecurity companies (large and small) are pretending to be a part of the cybersecurity industry – but they behave more like financial institutions.   Their real business model is selling equity, not cybersecurity products and services.  And this distorts the market for everyone else.”

Melanie’s solution: Post Growth Entrepreneurship

Melanie's solution to this problem is to challenge the traditional business models in the industry.  Radically Open Security reinvests what is needed for growth and stability of the company, and then 90% of the profits (which would otherwise be dividended out to shareholders), goes to charity.  Over the course of ten years, ROS has donated just above a million euros to NLNet.   Please note: ROS donates 90% of its profits, not 90% of its revenue.   According to Melanie: “We charge market conform rates to our customers, and pay market conform rates to our staff members..  otherwise they wouldn't work for us.”

Radically Open Security also offers services at cost-price (zero margin) for nonprofits, NGOs, and civil society organizations.   According to Melanie: “our customers include Greenpeace, Oxfam, and tiny free-speech organizations for refugees of authoritarian countries.  They have the world’s scariest attacker model: they have a nation-state after them.  And they have almost no budget. It’s nice to help these kinds of NGOs/civil society organizations for a soft price they can afford, so the rest of their income can be used for their activism.”

Toward a more ethical and sustainable future

Melanie's vision extends beyond cybersecurity, as she sees the need for a more ethical and sustainable approach to entrepreneurship in general. "Post Growth, Degrowth, and Doughnut Economics provide a great macroeconomic framework for building nonprofit social enterprises.”

Melanie has developed a methodology called Post Growth Entrepreneurship (PGE) which focuses on eliminating financial extraction from business and finance.  Melanie started an incubator called Nonprofit Ventures five years ago, which has incubated almost sixty startups across four cohorts, focusing on Steward Ownership, non-profit entity forms, and cross-subsidizing charity with profits.  Melanie also designed and teaches the ‘Post Growth Entrepreneurship’ class at the Business School of the University of Amsterdam, which is worth 6 EC points and is part of the Economics and Sustainability minor.

By sharing her experiences with others and urging a rethink of traditional business models, Melanie Rieback is challenging the cybersecurity industry to consider more innovative and socially responsible approaches to entrepreneurship. Her call for a shift away from the ‘acquire-and-discard’ mentality towards a more sustainable and ethical model could have far-reaching implications for the future of the industry.

Dr. Melanie Rieback is CEO and Cofounder of Radically Open Security, a computer security consultancy company. The course she teaches “Post Growth Entrepreneurship” at the University of Amsterdam can be watched on YouTube. She is also CEO and Cofounder of Nonprofit Ventures, an incubator for Post Growth and Degrowth inspired startups.

Vergelijkbare berichten

Richard Franken: “Als je blijft rommelen in de marge, dan kom je nooit tot grote innovaties”

Richard Franken: “Als je blijft rommelen in de marge, dan kom je nooit tot grote innovaties”

DoorMichelle Wols

Richard Franken bespreekt de uitdagingen en noodzaak van innovatie in de Nederlandse securitysector, de afhankelijkheid van buitenlandse producten, en de rol van de overheid. Hij benadrukt het belang van toekomstbestendige risicoanalyses en samenwerking voor duurzame groei en security-innovatie.