Mário Zenha-Rela and Dognædis – computer science prof turns to entrepreneurship
Solving some of the world’s great online security problems wasn’t enough for researcher and computer science professor, Mário Zenha-Rela, from the University of Coimbra in Portugal. He wanted to take his research out into the world to solve real-time, security issues facing businesses today. The first clue came in the form of bank managers who came to Mário as head of the CS department. The executives were looking for a solution. “They told us their problem, and they asked us if we could solve it. I realized that this single client alone could provide us with enough revenue to start a company and keep us afloat for a while.”
So, Mário and his colleagues founded Dognædis (pronounced dog-nay-dis, the word merges two Latin words, Dognitas, or quality, and ædis, meaning temple). They used their initial client, a small bank in the Azores (the nine volcanic islands of the Azores are situated in the middle of the North Atlantic Ocean), to recruit additional clients: in Angola, Brazil, France, and, of course, their home country of Portugal.
Background. Mário Zenha-Rela teaches in the software engineering department at the University of Coimbra where his main research interests are dependable computing, real-time systems, software fault-tolerance, embedded systems, and computer architecture. His expertise is computer security. He is also a member of the Software and Systems Engineering group at Coimbra.
Mário’s path does not follow the usual computer science professor and researcher. He was nominated to lead an initiative to promote tech transfer to industry. Mário tells me, “Industry and university collaboration was still not common in Portugal. Industry didn’t know which door to knock on. So, this initiative was a bridge between the two realities.”
Mário starts laughing as he continues: “I used to say this was my MBA because it was a shock. I found that industry moved so fast. The culture of industry was really different. I was afraid because I didn’t have much experience; I needed to get that experience and get it quickly!”
During those four years, Mário started enjoying his work with industry more and more. He loved the process of gathering together the right resources, people, and funding to get a project to the next level.
Then, in 2007, Mário was offered a chance to go to Pittsburgh as part of the CMU/Portugal program. He recounts his realization: “When I was in Pittsburgh surrounded by all of the entrepreneurial activity around Carnegie Mellon, it made me think in a different way. I became interested in commercializing my own research.” Mário was excited by the close collaboration that CMU exhibited with Intel, Google, Disney and other companies which were located right on campus.
Mário realized that he had been nurturing all of these other startup companies, teaching others, helping them with their business plans and how to go to market: “It hit me that I was teaching students to do what I had not done! I figured that I knew enough to start a company.”
When Mário returned to Coimbra, he became head of the CS department (2008-2010). He instituted some changes, but as Mário tells me, “Things change slowly in Portugal. I had big ideas but I had no effective power to change everything at once. So, I used the bonsai approach…”
The changes included how the faculty interacted with each other and with students, new interdisciplinary degree programs, and a focus on entrepreneurship. Although he would stay on as CS professor, Mário stepped down as head of the department in the spring of 2010.
Building the team. By July, 2010, the bank from the Azores approached them and Mário jumped into entrepreneurship. But he didn’t do it alone.
His co-founders were several of his former students who Mário tells me, “were the really smart students who were playing with the University servers; they were really good at it!” Mário had to turn them from the dark side to doing good with their hacking skills, so he asked them to join him in his entrepreneurial adventure. Mário’s co-founders include:
- Francisco Rente, security architect, age 28, with whom Mário shares executive responsibility and who he calls “a real working hurricane, a mature guy, extremely smart, the real soul of Dognædis.”
- Hugo Trovão, R&D, age 29, who Mário calls, “the creative guy who, if you give him a locked computer or network, will do unbelievable things until he breaks into it.”
- Sérgio Alves, products and services, age 28, who Mário tells me, “is a great engineer who will complete a mission, whatever the obstacles, on time, on budget, and with high quality.”
Mário attributes his quick path to profitability in large part to this complementary and closely-knit team. Mário explains the mindset that is critical to work in security, “You have to have the patience of a hunter to wait for hours sitting and not moving – frozen – and then in a fraction of a second to act and make the kill.” He discusses the inherent duality of being forced to hack into a client’s system (with permission of course) in order to expose their vulnerabilities, while then providing a security solution that protects against the threat(s).
“You have to embody these contradictory aspects in your personality to be successful in security,” Mário tells me. “All of my partners have this capability. And I have that too, although maybe I am not so patient anymore,” he chuckles. “I try to make hackers into process people – that’s my role – and it’s not easy!”
Mário has learned from his experience in the US how to create an open corporate culture. On Fridays anyone can do whatever they want. Then they present that to the rest of the Dognædis team. That translates to top graduating students wanting to work with the company.
Mário tells me about a bit about his recruiting process: “Because of how important it is to fit the profile of a security professional, we make it difficult to get in. Then we end up with those who made it through the challenges, and we know they are the best. And, we constantly make those challenges harder and harder and tougher!”
Building the business. Mário and his team built Dognædis opportunistically, while they were learning about the market and what customers wanted and needed.
Mário tells me a story about being contacted by an elevator maintenance company in France that managed over 1,000 elevators. He recounts, “Their software system could tell them if an elevator was not moving, but it didn’t tell them if there was a problem or if there was simply no demand for that elevator. They could remotely press an up or down button to see if an elevator moved. But they realized the potential security hazard if someone were to break into their system and gain control of the elevator(s).” Enlisting Dognædis provided a secure operation.
Because of market demand, Mário and the team have been able to grow Dognædis through organic revenue growth and have not sought or received outside investment: “We have been cash positive since the beginning,” Mário explains. The company has not had trouble attracting new clients, and, in fact, Dognædis had to turn some projects down because they were too large and Mário feared that his company didn’t have the appropriate capacity to service these clients.
As a well-published thought leader, Mário’s name is known in the security field which has helped the company garner new clients. And Mário has leveraged the special relationship that occurs between faculty and students because many of his clients are former students (I too can attest to this; I feature in New Venturist many of my former students who are now entrepreneurs).
Products and services. To provide a solution, Dognædis has to first figure out a client’s security vulnerabilities. They have to show these holes to the client. Mário explains: “The first step is to assess the current state of security within the organization. We only do this under contract because it’s illegal to do the things that we do.”
It’s obvious that trust is the key here: “The client must have much trust in us. They don’t know what we will do and what kind of information that we will have access to. So the client must be sure that they won’t be blackmailed or that the information won’t be leaked.” So, Mário spends a lot of time with the client, forging that bond of trust and reliability.
The services that Dognædis provides range from custom consulting and auditing to determine security weaknesses (Software Assurance), to products-as-a-service (PaaS) IT management to ensure the overall security of an organization and its information (Business Continuity), to penetration and vulnerability testing and data recovery (Security Audit and Consultancy).
Dognædis also has launched a product, CodeV, a Development Security Wizard, which stems from the technology research Mário and his students conducted at the university. CodeV is a tool that performs automatic source code analysis in search of security vulnerabilities that most developers might not catch.
Mário tells me, “We continuously update CodeV, and we work on new products to keep our technological edge and to surpass the constantly evolving threats to information security.”
The future. Mário wants to aggressively grow Dognædis. He tells me his ambitious plans: “We would like to be known worldwide in security. We want to get recognized for the ingenuity of our solutions. To be known and sought after because of our technology and our expertise.”
And that means the US. Mário intends to market his security solutions to small- and mid-sized banks in the US. This will start with a US visit to Pittsburgh early in 2012 because I am bringing Mário and several other companies to CMU as part of the CMU/Portugal EIR program.
Competitive advantages. The Dognædis team needed to learn a lot in the beginning about business and customers, and they needed to keep on learning. But to stay ahead of the competition and to ensure differentiation they also had to be and stay the very best in security.
Through Mário, the team has been able to stay aware of all of the research that is being performed now. Mário tells me that he thinks it was a “happy coincidence” that he was at CMU, home of the first CERT, Software Engineering Institute, and other programs that are focused on security. It gave him proximity to “the best programs in the world for what we do.”
Mário tells me that the research security community encourages sharing of information and know-how. Mário believes that he harvests the best of both the academic world in terms of research theory and the practical world where hackers break things.”
Mário has to convince his clients that Dognædis can provide the value inherent in both worlds to solve very real and very threatening security problems.
Challenges. Like all startups, Dognædis has challenges. Some of those challenges are more integral to being an entrepreneur in Portugal. Some of these issues were mentioned in my previous New Venturist post, Thoughts on Portugal and entrepreneurship: trying to find their way out of the mess through new venture creation.
In Portugal the government has created many programs and initiatives to promote entrepreneurship. Mário believes that he was lucky because Dognædis was started during a time when starting new ventures was encouraged and supported, at a time when some of the bureaucratic processes to newco formation are in the process of being simplified.
But Mário still finds that it is hard to be an entrepreneur in Portugal. He cites the most critical issues as the following:
- Taxes. Mário tells me that the tax situation is difficult in Portugal. When Dognædis bills a client, they have to pay the tax on the invoice even if they haven’t received payment. Mário tells me “So, we have to manage very carefully how we bill clients so that we can manage our cash flow.” In addition, the tax system makes assumptions about a company’s projected revenues and tax liabilities. If a company doesn’t meet those projections, it is very difficult for the company to prove that it has a lower tax liability as a result of its real revenues. This creates a culture of mistrust that puts companies at odds with existing systems.Mário believes that this complex system has resulted in very few companies reporting profits and paying the proper tax, which means that much of the economic activity in Portugal is happening outside of the normal system, and is therefore not showing up in the GDP. I have seen for myself that in Portugal the restaurants and hotels are fully booked, and everyone seems to drive an Audi, BMW, or Mercedes (including the taxi drivers). There are many commerce markets on the weekend, a seemingly whole parallel economy. Does this create a mismatch between what you read in the news and what is actually happening in Portugal?
- Labor. The cost of labor is about 50% in Portugal. And it’s very hard to get rid of people once you hire them. Mário admits that this is not conducive to entrepreneurship, where you need to hire and fire quickly in order to grow. The overhead associated with on-boarding new people makes early-stage companies hesitant to hire, and their growth rates suffer as a result.
- Legal. Mário tells me that the legal system in Portugal is not favorable to entrepreneurship. For example to collect from a customer that doesn’t pay can take many years. And, as soon as a company enters the legal system, they have to start paying and so most early-stage companies give up before they even start.
Every country has issues like those listed above. While some are more favorable to new venture creation than others, it is important to recognize the importance of streamlining processes in order to stimulate entrepreneurship.
Mário also has typical universal startup challenges :
- Marketing. Mário tells me that his biggest challenge is finding clients. While many come to him, he knows that he has to get better at marketing and sales, two areas where his team’s talent is the thinnest.
- Training the team. Mário has to turn what he calls “unstructured, uncontrolled, almost savage hackers into polished professionals who follow processes and structure without killing creativity.”
- Managing customers. Mário and his team have to hack a client and then reveal the hack. That demands that a client place an enormous amount of faith in Dognædis.
- Scaling. Mário knows that to really make an impact he needs to scale his business internationally. This will require additional talent and skills, and maybe money.
- Balance. Mário works hard and he and his family are fine with that. But he wonders if he should remain a professor or whether he should commit to Dognædis full-time. I know the answer to this but am reluctant to say it because the decision has to belong completely to him.
Dognædis is one of the many companies that I see in Portugal and that I believe are the future of this smallest of European nations. Dognædis has found a big market need, it has a real solution, it has a great team. I think the future of both the country and the company bode well. The story of Dognædis can serve as an inspiration for more of same – more great technological talent turning their skills to creating and growing new businesses that can change the face of their community, their country, and the world.
Good luck Mário, Francisco, Hugo, and Sérgio!