Meet PortSwigger Web Security


Shortlisted Company: PortSwigger Web Security

Category: International Business of the Year


How did it make you feel to be shortlisted in the international category?

We have an amazing story to tell as a company. The growth of the company over the last few years, nearly all of which has been through international trade, is a key part of that story, so it’s really nice to be recognised.

What made you enter the awards?

We are a reasonably small team, based in the North West of England, exporting to over 130 countries.

I think a lot of customers are amazed when they realise who is involved, the size of the team and where we are based. They just assume we have offices all over the globe and a huge sales team. Particularly those based in places like Leeds and Manchester are really surprised that something so big is made just around the corner.

What has happened in the last 12 to 18 months that made you realise that actually you should tell the world about what you do?

It’s partly just becoming aware of what we have achieved. Going back 10 years, it was a tiny little hobby project I worked on in my spare time. I then started spending more time on the product, developing new features, then building the team, and creating a nice working environment for everyone. You tend to get focused on all of that along the way. I didn’t really think ‘let’s put ourselves forward for an award’. But, I suppose after a reasonable time of enjoying that growth and success, it felt the right time to promote ourselves. We have got a good story to tell, and we thought it’s a good time to tell it.

In terms of the awards process, was it an easy process?

I think it was a fairly straightforward process.  Once we had decided we were going to look at awards, we wanted to try and find awards that are credible. There are quite a lot of awards out there, but they are not necessarily the right kind for us.

There’s much more credibility when you are being judged by your peers and people who have been through a very similar journey and similar process to what you are doing. They know the efforts, they know all the challenges, rather than it being somebody sat at a desk making that assessment as to whether or not we’ve done it.

You’ve already alluded to the fact that you are operating in 130 plus countries.  So, how did you identify the markets that you wanted to operate in?

The honest answer is, we actually didn’t, especially in the early days. We went to market with the product on the internet, adopting a totally web-based model and because we are not manufacturing goods that need to be delivered, which you might need to start locally, the logistics are fairly easy. With a web-based sales model, you don’t have to think ‘what are the barriers to getting into this region?’ it’s more a case of offering it for sale.

I think the first orders we had were probably from the US, Australia, the UK, and parts of Europe. The awareness of the product started increasing, mainly through word of mouth, and because it was available on the internet anybody could find us and purchase the product.

It was probably a few years down the line, that we actually started to look at our performance in different regions, and think ‘are there some, where we are underperforming based on the economic strength of that region,’ and I think those were primarily, bits of Asia, India and China in particular, when you looked at the size of their economy and the growth, relative to our sales.

At that point, we decided to look at what we could do to grow further into those markets, and that was done partly around developing reseller channels.  Particularly in China, where there isn’t really as much of a culture of people just going online with their credit card and buying.

What have been the key challenges for you?

I think, if there is anything, it’s around regulation and compliance you need to be aware of in different regions. Things like charging the right VAT for different countries, and submitting all the relevant paperwork around that.  In the scheme of things, it’s not that difficult, it’s just something you need to get organised about.

In terms of embracing technology for your international operations, what have you focused on?

I think the main thing from the early days of business, was to try to automate as far as possible every single aspect of the sales transaction. Originally, when I started, I still had a job during the day and this was just on the side.

So right from day one, I had to figure out a process that would make life easier. Sorting out payment online, generating a time bound email with a downloadable license key to activate the software, means everything is in principal automated. So, we don’t have to go and wrap up a CD in a box and send it to someone.

I put a lot of my energy into that process and then on the international side, there is also the different compliance issues. You have to know where somebody is, in order to charge them, know the appropriate way to do it, and whether they are in UK or outside the UK, in the EU or elsewhere.

What you are most proud of, and in terms of staffing, how have you found attracting/recruiting talent?

Employing world class talent has really has been the key to our success over the last five or six years, and it’s absolutely critical for us, particularly on the software development side. That, and fixating on the quality of the product.

Exceptionally capable developers, who know how to do it properly and make a good healthy product, with the intellectual firepower to solve really weird unusual analytical problems, and thrive on solving them, as opposed to seeing it as unpleasant. It’s a slow process to build, setting the bar very high so we get the right people.

A huge part of attracting that talent has been creating a really nice working environment and just looking after people’s welfare.  So, we are not sweatshop, people do work 9 to 5, we have flexible hours.  People can come in, some people come in 8 to 4, some people come in 9:30 to 5:30 to work around childcare or commuting.

What are your plans for the next three years?

In a sense it’s more of the same.  We fixate completely on the products that we make and the innovation behind those.  We’ve never had any shortage of ideas, and if anything, there is always an element of frustration that it takes so long to do anything. As soon as you have the idea, you know how long it is going to be before it comes to fruition. It’s a case of highlighting the features we’ve got and looking for the next big thing that the users are going to want.

What would you say you are most proud of about your business in recent years?

On the product side it has been the technical innovation. For a very small company based in the North of England, we’ve really pushed the boundary of what software tools like ours can do. We compete globally with people like IBM, Hewlett Packard, and some other companies with deeper pockets, who haven’t grown organically like we have. We’ve genuinely been the first to come up with some really ground- breaking concepts that have changed the way you find security vulnerabilities, with the competition following our lead, so we are really proud of that record.

You have an interesting business model which hasn’t been created in the traditional way?

Generally, the model for start-up software companies is, you have an idea, approach VC’s, who will get you funding to start marketing your ideas and developing the software. Often there is pressure catching up on thing you’ve already promised, with added pressure to grow at crazy rates, with the VC’s profit being the main focus.

It’s great to be independent, where we can work at our own pace, make our own decisions and not answer to anyone else.

In terms of the next steps for the company, what do you think is around the corner?

In August, we’ve got some major releases of the product coming up. This really is a game changing update that we’ve worked on for two or three years alongside maintaining what we’ve got.  That will be a big step forward.

We are also releasing a brand, new product, which is called the ‘enterprise edition.’  It’s aimed at larger companies and software development teams.  So, if you’re, a huge international company with a thousand websites, or in some cases tens of thousands of websites, that you need to think about, the new product will use the same scanning engine and scale up. It can also be used in a software development pipeline, so development teams can run it internally during the development phase to find problems as they arise.



Contact us

General Enquiries

North West, PwC United Kingdom

Tel: +44 (0)161 245 2000

Media Enquiries

North West, PwC United Kingdom

Tel: +44 (0) 7841 468 175

Follow us: