CEO Aaron Warner is shown with an ATM in the company's Coralville office. The ATM is also occasionally used for security training. CREDIT RICHARD PRATT
A lot of people claim to love their jobs, especially when they’re being interviewed by a reporter for a business profile. But in Aaron Warner’s case, it’s tempting to take what he says at face value – especially when he volunteers the catchphrase so readily, and without overt prompting. “This is the most fun, most […]
A lot of people claim to love their jobs, especially when they’re being interviewed by a reporter for a business profile.But in Aaron Warner’s case, it’s tempting to take what he says at face value – especially when he volunteers the catchphrase so readily, and without overt prompting.“This is the most fun, most rewarding thing I've ever done,” said Mr. Warner, CEO of ProCircular in Coralville, who’s been named the Corridor Business Journal’s 2022 TLC Entrepreneur of the Year.“It’s also the hardest thing I’ve ever done, and the most challenging. Honestly, I have to be careful, because this is so personal, and I enjoy the work so much that it's easy to overlook the things in your personal life that you should do. When it doesn't feel like work, it's really easy to overdo the amount of time you put into it. I love spending time with my family, so I have to remind myself to balance it out.”
Work-life balance
As the leader of a cybersecurity firm like ProCircular, nestled in a modern office building in the Oakdale Research Park, it’s easy to become consumed by the ever-changing landscape of digital security. As Mr. Warner notes, it’s not unusual for his firm to be contacted in the early-morning hours or on weekends to deal with a crisis that demands immediate attention.And being responsive to those urgent needs, Mr. Warner said, is one of the characteristics that sets ProCircular apart from its competitors – and has driven the company’s rapid and steady growth in recent years.“That's a big part of our business,” he said. “If a client calls us and says, ‘Hey, I think I’ve got a hacker in my computer system,’ because we’re based here in the Midwest and most of our customers are in the Midwest, we can usually have somebody on site within six hours. And time is extraordinarily important in a scenario like that. Every minute can mean thousands of dollars.”Having ProCircular employees on site to deal with a security emergency, however, isn’t just about resolving the technical problems, Mr. Warner stressed.“A big part of our job is bringing the calm,” he said. “We make sure they know that we've been through this before. These are the things you can expect, and these are the steps that you need to take, but be confident that there's light at the end of the tunnel. We'll get you through this.“You have to have empathy for the people who are the victims,” he added. “It's easy for all of us to look technical. But at the end of the day, it’s people’s jobs we're talking about, people's personal and private information, like their 401k or their medical insurance. It's all very personal. Ask anybody who's been part of a breach. It’s often the worst day of their professional life. A big part of our job is to get everybody on the same page and get them to the other side. There's actually a little bit of therapy involved.”
Career foundation
ProCircular has grown to 63 employees since its founding in 2016. And Mr. Warner said he believes his foundational roots were critical to the company’s ongoing success.Attending the University of Iowa, Mr. Warner followed in the footsteps of his “very academic” parents, and as an undergraduate in 1994, he came in contact with “a little biotech company” doing business in Coralville as Integrated DNA Technologies.“I was employee number 13,” Mr. Warner recalls. “I started there with one of my best friends in the world, Trey Martin, employee number 14. And Trey ended up being the president and CEO of the company and I ended up being the chief information officer.”That “little biotech company” grew exponentially, to 250 employees, and was acquired in March 2018 by Danaher Corporation in a deal valued at $2.2 billion.Mr. Warner describes his 22-year career at Integrated DNA as an “interesting ride” involving substantial domestic and international travel, along with a broadening spectrum of data security challenges.“I got to cut my teeth in an environment that was right in the middle of the life sciences revolution,” he said. “It was increasingly clear that cybersecurity was becoming a mainstay issue that we discussed in every meeting. And I was tasked with protecting the intellectual property, not only of IDT but of its clients. IDT served pretty much every company in life sciences, so it was a pretty large responsibility.“But I couldn't find, at that time, a good company to help me in cybersecurity,” he added. “I could hire in expertise from Deloitte or PwC, but it was way too expensive for a company of our size in the Midwest. Or I could find a little company that would sell me stuff, like a firewall or a piece of equipment. But I couldn't really find a Sherpa to help guide our security organization-wide. As a result of that, I left the firm and started ProCircular.”
ProCircular’s business model
Indeed, ProCircular has carved out a specific business niche, serving mid-market clients located primarily in the Midwest.“Medium-sized firms are probably the place where we can be the most effective, helping them to deal with the entirety of their cybersecurity risks,” Mr. Warner said. “We do work with some very large firms, and we've worked with a few Fortune 500 firms, but most of that work is very tactical and tends to be very technical. For a mid-market firm, our work can be more broad and take on the role of various people-, process- and technology-related risks for the organization.”To address those risks, ProCircular focuses on three different tactics. First, Mr. Warner noted, is helping customers understand their technical risks.“Generally, we do that with offensive work,” Mr. Warner said. “So, we will hack banks, hospitals, school districts and all sorts of companies, then we show them how we get in and how to avoid that situation. It’s not really about breaking in, it's about showing them how we got in and how they can solve those risks, so they find out about it from us [instead of from hackers].“If you think about it as a house, we drive around the house, see which windows are open,” he added. “In some cases, we pull on the windows to see if we can get in, see what kind of trouble we can find.”The second phase is defensive, securing and monitoring clients’ environments to halt intrusions from hackers and other nefarious actors.“If they have work stations at a branch office that are starting to show ransomware, for instance, we can help them to shut that down before it becomes a problem,” he noted. “We help them to detect, but in most cases, we help them prevent problems early. We also monitor code that a company is receiving. More than anything, it’s a process, making sure that a hospital is HIPAA compliant, or helping a defense manufacturer to make sure they’re properly secured so they can sell to the Department of Defense. We make sure (clients) have an overall security program that’s prioritizing risk properly. You can make yourself crazy with things that could happen. What's more interesting is to find the things that are high impact and most likely to happen.”The third phase involves crisis management, as referenced earlier, but for a variety of reasons, Mr. Warner said, it’s best to take a proactive approach by halting cyberattacks before they occur.“The thing that people really don't get about breaches in cybersecurity is that you can quantify the costs associated with the breach – the lawyers cost this much, the recovery costs that much,” he said. “But the real cost is opportunity. A cybersecurity breach takes the attention of everybody in executive management for three to six months at a minimum. And the cost of that is really hard to calculate. It’s much higher than the incident cost itself, because it takes everybody away from trying to accomplish the goals of the organization. Instead of talking about that bank you’re going to acquire or improving this part of the school district, you’re talking about only cybersecurity-related things.”
Best business practices
In terms of workplace environment, Mr. Warner stressed the importance of ProCircular’s core values:It’s all about people – Support one another for the common good, fueling the company’s growth potential.Fear is the mind killer – Don’t present a problem without providing realistic options. Serve as solutions-people instead of fear mongers.Strong opinions lightly held – Everyone has a voice and a chance to speak, offering a variety of alternatives to business choices.Quality over speed, speed over cost – High-quality work comes first, and while speed is significant, don’t choose an inexpensive solution that could adversely impact quality.Cool heads, warm hearts – Don’t hide from mistakes or ignore them. Use empathy, humor and fun at critical moments.R-E-S-P-E-C-T – Keep it light, don’t yell and don’t be condescending, and extend the same principle to customers.Tomorrow just happened – Learn from the past, address the present, then look to the future. Take extra time to learn and plan ahead.“Every company talks about core values,” Mr. Warner said. “At ProCircular, they are central. They are in everybody's interview, they're in everybody's review, they’re in everybody's exit interview. We talk about them at every all-hands meeting, they’re around our awards. They’re not just placeholders, they’re how we operate and the environment of the organization. You have to have that compass so you know what direction you’re all going. Otherwise, it's very easy to wander off and just get wrapped up in the chaotic future.”Innovative approaches are also key at ProCircular. Mr. Warner pointed to the development of a new ProCircular cybersecurity game that will employ an “escape room” theme, offering collaborative approaches to real-world security threats. The online game will be released this fall, Mr. Warner said, with regular updates to remain current with security challenges.In a comprehensive sense, Mr. Warner said he’s developed a philosophy that predicates ProCircular’s success on the strengths of its workforce.“Most organizations try to manage to outcomes,” he said. “We're going to be profitable, we’re going to do $10 million or $100 million a year, we're going to do this or that. I tend to manage to capabilities. As a CEO, most of my thinking is around what we could do if we were to add this resource or bring in this person. How would it change how we do what we do? I think a lot more about the capabilities we have than I do about the end result.“The future is unpredictable,” he added. “Cybersecurity is chaotic. And frankly, I would be making stuff up if I told you I knew what the space of cybersecurity will look like five years from now, because I don’t know that. But I do know that if I get the right resources in place, and I get the right people together, we will be able to weather that storm, no matter what direction it takes.”
