Ex-BAE security startup seeks to SOC it to security risks

Released from the UK defence giant, SOC.OS wants to help midsized businesses deal with the threat deluge.

Most startups come from humble stock: garage and dorm-room kids with dreams or else richly funded scions of Silicon Valley, replete with contacts and connections. Few come from ancient industrial names but SOC.OS does.

A divestiture from BAE Systems, SOC.OS (say SOCK-oss) is a small company and not even by the standards of the British defence, security and aerospace giant. Like many behemoths, BAE had an internal effort to come up with new ideas which led to the creation of this SaaS security effort.   

CEO Dave Mareels is from Melbourne, Australia and had only been at BAE for three years but had already clocked up military, maritime and cyber projects as part of his tour of duty there. When BAE decided it had other fish to fry, Mareels suggested that the effort had promise and asked if he could be part of an effort to make SOC.OS an indie. BAE agreed and now Mareels leads an eight-person company that's out from under the umbrella of BAE, a company that had over £18bn in revenues for its last financial year.

"BAE were double-clicking on where they have the best right to play and that has left us as a young, small and agile wanting to go for gold," Mareels says of the unusual journey to independence. He sounds happy with the outcome which sees BAE remaining a minority shareholder and also recommending SOC.OS for companies that aren't in its target audience. SOC.OS is primarily after midsized and public sector businesses with about 1,000 staff, although some outliers among its current user base are way larger.

The BAE extraction is a notable calling card and a good story to tell but of course there has to be more than that. Mareels says his strategy is to "pitch with pain", targeting companies that need information security console smarts but are overwhelmed because they don't have the skills to deal with the ever-growing, ever-morphing threatscape. That pitch has a component called "Meet Shaz", an imagined persona with "a small, stretched internal IT team" who basically needs a "superhuman analyst". SOC.OS deals in the cloud tools that become that virtual figure.

SOC.OS lassos and triages security alerts so firms can safely ignore, deal with and prioritise. In short, it's a weapon to beat up false positives and the sea of troubles that companies face when they can't afford a full-on security operations centre (hence the name: an OS for SOCs).

It's a formula that has already led to the Natural History Museum, the UK Atomic Energy Authority and Sussex University becoming customers: precisely the sorts of not tiny, not large operations that can't afford another hefty security outlay but can't afford to ignore risks. SOC.OS the company is pretty lean too, with a cadence that revs code every fortnight based on sprint cycles that cleave to customer challenges.

Mareels' polyglot existence probably helps in listening to what customers want. The child of Belgian and Croatian parents, he grew up in Australia but has travelled widely and now resides in London, England. He still tutors in maths and mechanical engineering as a side hustle and passion that brings him into contact with a broad audience. "It sounds basic but you sit on panels and ask [entrepreneurs] ‘what problems are you solving, for whom and why?' and people can't answer," he ponders.

SOC.OS recently pulled in £2m ($2.6m) in funding and says that the next stage it's shooting for is to get to 50 customers but, despite a seemingly easy-going, very Aussie nature (as best as I can tell over Zoom) there's no shortage of ambition. "We want to be a big, massive business and eventually to IPO," Mareels says.

Being unshackled from the BAE mothership has its pros and cons: there's the freedom to move fast but also the lack of infrastructure support such as crack legal team. But he's confident that even if the security space is among the most crowded in a crowded tech market, that very complexity affords opportunities.

"I'd hate to be a buyer in the IT security space," he shrugs.

Related: