#0005 - Dominic White of SensePost

Civitas Team

17 ideas from Dominic White of SensePost on running a professional services firm, hiring a CTO and creating great technical talent 

Dominic White is the CTO of SensePost, a consulting firm specialising in cybersecurity. Their team includes some of the world’s most preeminent cybersecurity experts. They have worked with government and blue-chip companies to improve their information security. SensePost is also a leading publisher of research articles and tools on cybersecurity. A Civitas team member sat down with Dominic to discuss running a professional services firm, hiring a CTO and sourcing great technical talent. 

A summary of the best ideas from the discussion

  • Running a services firm is a balance of identify client needs and upskilling staff 
  • Great CTO's have great technical skills, gel with the team, build a team that can operate without them and have good people skills 
  • The best assessment for hiring is to work with someone
  • Best way to hire technical talent is to develop it yourself 
  • Great people produce great work, not processes
  • A strong and unique culture attracts great people
  • Hack client interactions by role playing the right part 

On Running a Professional Services Firm

  1. “You've got to spend time figuring out what's useful for clients. So on the one hand, it's a little bit of listening, you know, what are they building? And then the flip side is how should we do the testing? What's going to differentiate us from our competitors? What's your competitor's messaging? How are you differentiating from that?”
  2. “You're effectively selling time. So what we sell our time to do today and what we sell our time to do tomorrow is mostly a function of what clients buy.” 

On Finding a CTO or Technical Co-founder

  1. “You're looking for somebody with technical ability, so that's kind of hard performance criteria. Do they have the skills to do what we need them to do from a technology perspective? The other skill set or personality I think, just needs to mesh with the other founders.”
  2. “It's certainly something I've had to address in myself is it's great having a Rambo who's got deep technical skills that can run off and do it all by themselves. But if they don't build a support organisation behind themselves, then they forever have to do that. And that's what you end up with, your entire business is dependent upon this one key person and everything falls apart when they aren't there because they aren't building up the organisation behind them. They aren't building up the structures required for them to step away and move to something else. So somebody also with the ability to corral people, organizations, teams              and processes to support what they're doing as they go along.”
  3. “You want to be able to have somebody who understands the tech, able to have a reasonable conversation with business people, investors or key clients that wont to have to translate from tech the whole time.”‍

On Operations

  1. “So how do you sell services that you say are high quality while you're training people up? That becomes quite,it's quite a lot of effort all on its own. And actually, what's been really successful for us is the chief operations officer for that, putting the processes in place to maintain our quality. Once we kind of agreed what that looks like, because you have the ability to change the service quite significantly and quite quickly, you've got to spend time figuring out what's useful for clients.”

On Hiring Developers

  1. “If you're looking for technical people, particularly in South Africa, that's like hen's teeth.”
  2. “So what we've come to do is that we need to grow our own. We run something called the Academy, which is a six month paid position… during which they're evaluated constantly, we get some of our senior analysts to provide training in the classroom for three months. At the end of that is a final test, which is a project that they do on themselves or they need to hack something. They get evaluated on everything from their customer interaction to their reporting to their actual technical ability. That coupled with the evaluation observation for the last three months. We then offer them a position, and they then spend another three              months where they're just job shadowing. So they're on projects doing work, but they don't charge clients for them. And their job is just to learn. So after six months... we've got a junior who meets our quality standard.”
  3. “We have gotten used to the idea that we need to provide people for this industry and we're in a position to. So there's a little bit of a benevolent purpose there.”
  4. “It's why it's very difficult for us to hire senior people from other places because of a lot of the ways in which we do things and what we consider high quality aren't necessarily what they do.”
  5. “What we look for in the academy is people who have some technical ability already and maybe a passion or interest in security and then we can give them a career, plus we pay them for it. So we actually think it's a pretty good deal.”
  6. “Over the years, I've convinced myself that interviewing is actually just difficult. Until you work with someone, that is when you actually find out whether you can work with them.”“The proof in the pudding for me is that most of our competitors have now followed that model.”‍

On Culture

  1. “It's not about having a process which makes sure somebody does good work. Its somebody being internally driven to do good work because that's why they're here. That's what they enjoy. That's what gets them high fives around the office. That's what gets them talk amongst their peers.”
  2. [On the benefit of a strong culture] “I think a lot of people don't get that. You can have a unique style and cultural way of doing things, and that'll actually attract those groups to you, because they want something that's different. That isn't the same as everyone else.”
  3. “Having a unique and different culture doesn't necessarily mean you're unprofessional, you can be highly professional as well as doing things a bit differently.”On Dealing with Clients
  4. “The joke is with consultants that you're kind of playing a role. When you go to a client, you need to figure out what role you need to play.”
  5. “If you go to a client, you've got to figure out, are you playing the role of the hacker? Make sure you wear your black jeans and a black T-shirt with some hacker slogan. Or are you playing the role of the information security consultant? You know, somebody needs to translate what the risk impact of these things are, in which case put your cufflinks on.”

Thanks you have successfully been subscribed.
Oops! Something went wrong while submitting the form.
← Back to blog

© 2019 - 2023 Civitas Network (Pty) Ltd.  
All rights reserved.