CTO interview: Daniel Saul, building Risk Ledger straight out of university
Daniel Saul always knew he wanted to found a startup one day, however, he didn’t expect that it would happen practically the moment he walked out of UCL. The right place and the right time for Daniel were meeting the other co-founder of Risk Ledger, who spread the enthusiasm about Supply Chain Security.
Read the latest CTO interview and find out how lack of experience in the corporate world is perfectly substituted by the “field” experience, how Daniel chooses his tech stack and how organisations can enhance each other’s cyber security.
I see that you started Risk Ledger straight out of university. It’s unusual among the CTOs and founders I Interview. How did that happen?
It is slightly unusual, and I didn’t have any real career path as such leading into it — I graduated from UCL and walked straight into CyLon, the cybersecurity accelerator.
I didn’t jump in completely blind though. I have previously worked as a freelancer and seen the “backstage” of several startups ranging from PropTech to embedded electronics. Moreover, I have spent some time on missile systems, where a common theme throughout was security. That was a moment I realised the opportunity that we have with Risk Ledger.
I met Haydn, my co-founder, through mutual friends and his enthusiasm was infectious. To an outsider, supply chain security is perhaps a niche category, but the more I dug in, the more excited I got for the possibilities and untapped potential in the market.
I’d also always known that, at the back of my mind, I wanted to do a startup. It just happened a bit quicker than expected, but I figured there was no better time in my life. No mortgages, no kids, no big commitments — when better?
Can you explain what is Risk Ledger?
We’re facilitating trust and security between organisations by building a network of organisations all working together to raise levels of security.
Take a larger organisation, for instance, that are outsourcing critical functions or transferring data to third parties such as their cloud provider. It’s now more important than ever that you check these third parties and take their security seriously, as over 60% of cyber-attacks happen through the supply chain.
But we are going further than that. Risk Ledger is more than just a basic questionnaire, which is how most companies run this process. We want every organisation to join us to “defend-as-one”, where we eventually detect, respond, and help fight cyberattacks within our network through real-time continuous monitoring. With aggregated data, we’ll be able to draw insights and identify weak links across different industries, different geographies and so on.
How does that work practically?
We want to be the glue that unites every organisation in this network. We are building in several phases. Up until recently, we were focused on improving current processes that are inefficient and manual by simplifying workflows and reducing repetition. However, now we’re moving into our second phase where we plan to build what we’re calling a data hub. A data hub is bringing in new data points around each organisation recorded by breach monitoring services, external scans and plugins with internal security tools.
Ultimately we’ll be able to provide a much broader view of the supply chain and the risks it poses.
What excites you the most about this company?
It’s getting to the point of having all this data and the potential it holds. It’s quite scary and exciting at the same time. If what we want to do is successful, we will hold a lot of insightful data that could be of interest to many people and we have to answer major questions:
How will we make sense of all this? How can we intelligently bubble up insights to the right people at the right time? How can we correlate one data point with another? How can we propagate these data points through the network to provide value that’s never been possible before? These are some of the exciting challenges we’ll soon be working on.
You didn’t get the chance to see other projects in established companies, so how do you research the best architectures and technologies to use?
I’m the sort of person that likes to research everything deeply, but then ultimately just jump in and figure things out as I go along. Speaking to people and reading a lot is invaluable though, whether it is about engineering, product or management. Investor networks are especially useful for this. Of course, I’ve tried to hire those that have seen so-called best practices elsewhere and who can fill in the gaps in my own knowledge. But if there’s one thing I’ve learnt, it’s that no company has it all figured out, especially with how fast our industry moves!
What tech stack did you choose?
Our backend is written in Go, with PostgreSQL as our database of choice. Our stack runs on AWS Elastic Container Service (ECS), with all our infrastructure nicely managed with Terraform. We make heavy use of several other AWS services too including SNS & SQS for our asynchronous event system.
The frontend is Vue.js, which might seem an interesting decision versus React. This was partially down to an agency that helped out in the early days, but it’s not a decision I regret. Vue is incredibly intuitive with a low barrier to entry and is a pleasure to use. It has a fantastic ecosystem and welcoming community that only continues to grow stronger.
The reason behind Go was personal preference. Coming from a mixed background of low-level C at one end and Python web apps at the other, Go filled a nice sweet spot between the two. There is no magic to it, there’s nothing hidden away, it’s simple yet powerful and easy for anyone to pick up and be productive. It only seems to be becoming more popular.
More recently, we’ve also built out our data stack, piggybacking off our event architecture, and using BigQuery and dbt. With Census to sync with Salesforce and Metabase for anyone to delve into the data, it’s been a game-changer for the whole company.
Can you elaborate on the size of your tech team and how you’re building it?
The company is still pretty small, 20 people-ish but we’re hiring across every area and growing every month.
Product and engineering together are just 8 people. Because of that small size, we’re still a single team with little specialisation. Engineers cover everything, delivering product value to users and maintaining our underlying platform and infrastructure. We do also have a dedicated product manager and product designer in the team too.
Growing the team isn’t easy, especially in the current market where even offering flexible and remote working is now the norm, not the exception. How does a startup differentiate itself? We’re trying a few things from experimenting with the hiring process and offering different alternatives to the typical take-home exercise or live coding, through to dedicating time for regular blog contributions from the whole team showcasing what we’re up to.
If you want to connect with Daniel, click here.
To learn more about Risk Ledger, visit their website: riskledger.com
If you’re a techie working on something exciting or you simply want to have a chat, get in touch with me. I’m currently CTO at Kolleno.com
FROM THE AUTHOR
>> 5 reasons your invoices are being paid late
