He sold his firm for $1b, but believes the next can be 10 times bigger

Tech guru Alisdair Faulkner went from being a “crocodile country” coder to selling little-known ThreatMetrix for a landmark sum. He now has greater ambitions.

Serial entrepreneur Alisdair Faulkner already has a $1 billion-plus exit under his belt, but when you ask him about his experiences starting and scaling cybersecurity companies to date, he describes them as “apprenticeships”.

The 50-year-old from Darwin co-founded and sold cybersecurity risk management platform ThreatMetrix for more than $1 billion in 2018, but he is only just at the beginning of his main act, this time as both the co-founder and CEO of fraud prevention platform Darwinium.

“I wouldn’t personally do something like this again unless it had the potential for something 10x where ThreatMetrix got to,” Faulkner tells The Australian Financial Review.

“The biggest demotivator for someone like me is if you see a limit to where the enterprise can grow. If you see a horizon for your TAM [total addressable market], that’s probably the time to sell.”

The son of public servants, he grew up in Darwin, which then had just two TV stations – the commercial network of which didn’t go live until midday. Entertainment was largely something he had to generate himself.

“Darwin is where the men are men and the crocodiles are nervous … It’s a frontier town,” Faulkner says. “It was a great place to grow up and a fantastic place to leave [for tech entrepreneurs].”

Faulkner was always jealous of his cousins living in Adelaide – what he considered then to be “the big smoke”. However, he does credit his upbringing in the country’s far north for his entrepreneurial flair and interest in technology.

“It was fertile ground for breeding an imagination and curiosity,” he says. “It seemed to be that technology was the closest thing to magic. Everything we see and create started with a thought of someone having a vision for how the world could be.”

He grew up playing sports – soccer, cricket, netball – and no matter the activity, he always played in a defensive position. It’s particularly fitting for Faulkner, whose first name means “man’s defender”, and who has spent his career building cybersecurity businesses.

His first computer was a VIC-20 made by Commodore Business Machines, on which he taught himself to code “really poorly”.

Faulkner left Darwin for university, moving to Adelaide and studied engineering, before undertaking a now defunct master’s degree in technology, which was like a combined MBA and engineering qualification.

His first job outside of uni was in consulting, with Anderson Consulting (which became Accenture while he was there), where he worked for four years. The firm had presented at Adelaide University and was offering to fly graduate employees to Chicago for an induction.

This gave him foundational knowledge in how businesses run, and he was involved in implementing SAP systems, leading companies through digital transformation projects and helping them prepare for Y2K.

It was the height of the dotcom boom, when companies were going from idea to IPO in only a few months and Faulkner had the itch to start his own business.

First rodeo

Even though the market crashed, Faulkner teamed up with friend David Bohn, who he’d met during his master’s course, to create his first business, Foursticks. Later, this became NetPriva.

The company, which pioneered network performance management software, was created after the co-founders identified a core problem with the internet and how it was designed.

“[The internet] was designed to be a best-effort delivery system … it didn’t understand at the time the difference between a voice over internet protocol [someone using the internet to make a phone call], someone downloading an email, watching a video, and someone using a critical business application,” he said.

“These thin parts [of the infrastructure supporting the internet] were being clogged by non-critical business applications, so we leveraged a technology using smart algorithms … [to identify the type of activity being performed].”

Its technology, for example, could detect if a person was making an internet-based phone call and prioritise the speed of that connection over someone downloading a song illegally.

Its small team based in Adelaide won large German conglomerates and US multinationals as clients. Faulkner ran the product team, while Bohn was CEO.

It attracted angel funding from an investor who had made money on the Nvidia of the day, Cisco, and employed Alan Noble. Noble would go on to become a long-serving director of engineering at Google in Australia, and an adviser to the government.

Back from the brink

But, in 2005, Foursticks fell into administration and needed to be restructured.

“Our largest customer with a multi-year contract hit financial difficulty and that cascaded to a cash crunch, which triggered a recapitalisation and rebranding to NetPriva,” Faulkner says.

“Building a deep tech company with first-time founders from Adelaide, without the likes of Blackbird and Airtree in the ecosystem, was the literal definition of doing ‘start-up on hard mode’.”

When NetPriva emerged from the ashes, Noble became CEO, Faulkner became head of business development and another Foursticks executive, Peter Vroom, headed the marketing function. Bohn was not part of the management buyout.

Only three years later, US-Israeli firm Expand Networks acquired NetPriva for an undisclosed sum. The company was turning over “low millions” in revenue, but capital for start-ups in Australia after the dotcom crash had dried up and NetPriva was facing much-better-funded companies overseas.

“It was a good outcome for all. It wasn’t enough to retire on, but it gave me the freedom to look around,” Faulkner says of the deal.

“All good products and good ideas can die being smacked in the face by reality. We just required additional R&D, and we saw the writing on the wall and the tech belonged to a place that could scale [it].”

Following the acquisition, Faulkner did not know what he would do next.

He interviewed with Google and a range of Australian corporations, but they weren’t interested in hiring a former founder who wasn’t necessarily inclined to abide by the status quo.

“What I quickly found out was that corporate Australia, HR, deliberately screens against people like me,” Faulkner says.

‘I fell in love with this problem’

Faulkner ended up connecting with ThreatMetrix co-founder David Jones at a conference, who was already tinkering with creating a “credit bureau for IP addresses” – effectively an automated system that could identify in real time if an IP address had been involved in a denial-of-service attack, or any fraud or spam attempts. It was a meeting of minds and the pair joined forces.

There was a major issue with Jones’ initial proposition, and that was that one IP address could represent tens of thousands of people within a business, or multiple people within a home.

To solve this, they decided to develop a technology that could “dynamically fingerprint” and identify devices on the internet behind IP addresses.

“I fell in love with this problem. Fraud detection was essentially a spam problem. Fraudsters, by using these compromised computers, could pretend to be anyone from anywhere at all times,” Faulkner says.

“What would happen is they’d steal an identity, use an IP address that matched that IP address in the right approximate location, and all these fraud detection systems were defenceless.”

Faulkner, Jones and software engineer Scott Thomas created this device detection technology and paired it with personal identifiable information, such as email addresses or telephone numbers, and created a digital identity network. The company secured early funding from CM Capital and, as a condition, agreed to move to the US and hire a US-based CEO.

Faulkner moved with the company and hired Reed Taussig, who had formerly run Callidus Software (acquired by German software giant SAP for $US2.4 billion in 2018) to head the business.

“As luck would have it, while we were trying to recruit him, his credit card was compromised, and he thought ‘maybe there is something in this’,” Faulkner recalls.

Once in the US, its ability to grow and raise capital improved, but it took time. The global financial crisis hit, which made raising capital and winning early customers challenging.

It took about seven years for the company to start really gaining traction. By 2013 it had won numerous enterprise customers and had hit a point of critical mass in which the sales pipeline kept growing and growing. Its technology was used in various applications, including enterprises onboarding new customers and analysing credit card transactions.

By 2018, ThreatMetrix had grown to analyse more than 100 million transactions per day spanning 35,000 websites from 5000 customers. It was also generating more than $100 million in recurring revenue annually and had visibility over one-third of the world’s credit card transactions.

Its Digital Identity Network tracked 1.4 billion unique online identities from 4.5 billion devices in 185 countries.

‘The dumbest guy in the Valley’

In January 2018, it was acquired by RELX Group, of which LexisNexis Risk Solutions is a subsidiary, for £580 million (more than $1 billion at the time) in cash. It was a big boost on its valuation four years earlier of $US237 million.

When asked why they decided to sell, Faulkner laughs and says the business was getting “long in the tooth”. Its backers, which included Technology Venture Partners, Talu Ventures, August Capital, Tenaya Capital and Adams Street Partners, were keen for a return on their investments.

Faulkner would not disclose how much equity he still had in the company, but he did say that he had not taken any cash off the table before the deal.

The business had raised $US20 million in a Series E funding round in 2014. Based on typical VC rounds, after a Series E raise, co-founders would typically collectively still own between 10 per cent to 20 per cent of the business.

“Before that acquisition went through I was the dumbest guy in the Valley. Friends and competitors would ask me, ‘Why are you still flogging this horse?’,” Faulkner remembers.

“Careers in the Valley are measured in two to four years and if you’re at the same place for 10 years, people don’t associate that with genius. I went from an idiot to a genius overnight, and it was a good feeling.”

Until the deal, Faulkner says, few in Australia had even heard of ThreatMetrix. This was because Australian corporations weren’t willing to partner with or buy from the business in its early years, he says.

“It’s partly an indictment on the Australian ecosystem,” he says. “No one gets fired for buying IBM, essentially. We landed [the UK’s] Lloyds Bank, and it was easier to sell to them than it was to any of our big local banks.”

When people think about ThreatMetrix and its success, much of the credit goes to Jones and Taussig. However, from 2012, Jones stopped working in the business day-to-day, instead staying on as a member of the board.

Faulkner was involved to the very end, heading product management, product marketing and strategy, as well as being a co-founder.

“I always wanted to build a company and be in the driver’s seat, but I thought the best way to do that was to kind of have an apprenticeship, so [at ThreatMetrix] I had a great apprenticeship working for Taussig.

“In the midst of the global financial crisis, having a CEO with tenure who had done it before, did make the difference.”

But now the market has changed. The success stories of Australia’s start-up ecosystem include Canva, Culture Amp and Airwallex, which are well-known names not just in Australia but also abroad.

While the springs of capital ran dry in the mid-2000s, there’s now plenty of money available locally for aspiring companies.

The official headquarters for Faulkner’s latest venture, Darwinium, is the US, but all of its research and development is done from Sydney, while sales is led out of the US.

He has been able to secure capital easily, bringing on Blackbird Ventures and Airtree Ventures, as well as well-known international angel investors including AngelList’s Naval Ravikant and Jeff Fagnan in 2022 as part of a $10 million raise, and following it up in 2023 with an $18 million round. This most recent raise was led by US Venture Partners, with participation from the local funds. The company is also planning to raise a Series B round in late 2025.

Named after his hometown of Darwin, Darwinium is the company Faulkner says he’s been working up to for his whole career.

Darwinium, Faulkner describes, is like an intent engine for the internet. It’s based on the premise that everyone’s identity could have been breached in some way via the proliferation of cyberattacks and data breaches that occur, so its platform also analyses the intent of actions.

It does this by assessing and confirming a user’s digital identity, like ThreatMetrix, and then also adding in another layer – behavioural analysis.

“It’s the world’s first dedicated cyberfraud prevention company that integrates bot detection, identity verification, authentication, scam detection, payments and account management,” Faulkner says.

“It’s not just a data lake for its own sake or an alert generating machine, it lets you go from insight to action and prevention without needing to get engineering involved.”

It claims to already have a range of enterprise clients, but given the nature of the work, was unable to disclose them.

To create Darwinium, Faulkner assembled many of his former ThreatMetrix colleagues to join him as co-founders, including Caleb Moore, Colin Goldie and Ben Davey, as well as former Commonwealth Bank senior architect Ananth Gundabattula. But, in his third experience as a founder, Faulkner is running the show.

“I’m probably the best person for the job. There’s a luxury you have when you’re not concerned about the title,” he says.

In his earlier ventures, money had been one of his biggest limitations. But now Faulkner has the freedom of not needing to worry about money in his personal life. With decades of experience behind him, and easier access to capital than in the 2000s, he can afford to take big swings with Darwinium.

“[NetPriva and ThreatMetrix] required a lot of upfront investment, it [was] the complete antithesis of minimum viable products, AB testing and iterating.

“With Darwinium, we’ve also spent the first two years just building the product … it’s a massive heavy lift to do something important.”