This CEO started at the CIA - now he's playing cybersecurity detective for Fortune 500 companies

This CEO started at the CIA - now he's playing cybersecurity detective for Fortune 500 companies
  • Qadium CEO, Tim Junio


    Qadium CEO Tim Junio started his career at the CIA.

    Qadium is a cybersecurity startup that scans the open internet, keeping careful watch for any corporate devices that could be exposed to a potential attack.
  • It's just closed a $40 million funding round that was led by IVP.
  • CEO Tim Junio started at the CIA, and Qadium began as an R&D lab for government projects.

When Qadium CEO Tim Junio walks into a sales meeting, he employs an unusual tactic.

"We tell the prospect something they don't know about themselves," Junio told Business Insider.

It's not a new-age spiritual thing. Qadium is in the business of scanning the public internet to make sure its customers' devices aren't outside of their corporate firewalls, leaving those customers vulnerable to attack. After all, in 2016, attackers used insecure printers, DVRs, and other appliances to essentially take numerous major websites, including Amazon, Netflix and Twitter, offline.


So potential security problems are things that most CEOs want to know about. But when it comes to sales, figuring out how to talk about such issues is also a matter of reading the room, Junio said.

If you point out that a CEO's favorite Android tablet is a risk, you could embarrass him; if you find that programmers have been operating a contraband server for months, you risk embarrassing the same security team you're hoping will buy your service.

"It is definitely awkward, depending on the audience," he said.


Qadium and Junio may be in for a lot more awkward conversations, thanks to a new boost in funding that will allow it to expand its sales team. The company, which counts Capital One and CVS among its mostly big-business customers, announced Thursday that it's raised $40 million in a new round of financing that was led by IVP. That brings its total funding to $65 million.

The road Junio traveled to becoming the head of a fast-growing security startup began at the CIA before taking him to the Defense Advanced Research Projects Agency. Here's how Qadium emerged from that journey - and where the company will go next.

'We didn't know what the destiny was going to be'

Junio started his career at the CIA, working on assessing computer systems for the risk of cyberattack.


His research in that field led him to DARPA, an agency of the US Department of Defense that's famous for helping create the precursor to the internet. At DARPA, Junio met Matt Kraning, a Stanford professor who was consulting with the agency on his own cyber-defense research.

The two hit it off, given their shared interests. They soon they had so many ideas around cybersecurity that they would have to leave DARPA to explore them all. And so in 2012, they formed Qadium. Initially, they lacked a business plan, because they formed the organization as a vehicle for experimentation and trying new technologies.

Qadium Screenshot


Qadium's technology scans the open internet and finds devices that are potentially exposed.


"We founded the company for [research and development]," Junio said. "We didn't know what the destiny was going to be."

Qadium thrived for years, taking in $10 million in DARPA grants and winning deals with government agencies. It didn't have product per se; instead, the agencies called Qadium in to apply its research to real-world problems.

By 2015, Junio and Kraning looked back and realized that, over time, they had done the "foundational development" for a commercial product. And so, the modern Qadium was born.


'How right we were'

Qadium's service, which it calls Expander, scans the public internet on behalf of its customers, looking for exposed devices. The startup promises to alert customers about rogue, unprotected gadgets within an hour of finding them by sending push notifications to their IT departments.

Expander relies on a few different methods to pick a specific customer's device out of the billions of gadgets connected to the internet, Junio said. Sometimes, it relies on a sophisticated algorithm that looks for the characteristics of devices associated with particular customers' networks. Other times, the service can find devices through much simpler techniques, such as taking note when an iPhone uses a customer's company name in its network description, he said.

Qadium is betting that IT departments want to know precisely which devices they they do (and don't) have on the internet, regardless of how those gadgets are detected. While many startups initially target smaller companies, Qadium is pitching its service at larger corporations, with an average deal price in the six figures, Junio said.


So far, that focus looks like it was a smart bet. The company is gaining traction among many of the Fortune 500, he said.

Indeed, Junio said, Qadium has been surprised by "how right we were and how quickly."

With its new funding, Qadium plans to expand from 60 employees to 80 by the end of the year. Many of its new hires will be in sales and marketing.


Those new employees will be welcome additions, Junio said, because he, Kraning, and other executives have been doing the sales pitches themselves. That's despite the fact that they have "no experience in enterprise sales and marketing."