By Elainna Ciaramella
Chad Bennett is a former teenage hacker of the non-malicious kind, who in the early 1990s, got his kicks downloading viruses. Today, Chad is the founder of HEROIC Cybersecurity, based in Lehi, Utah, a company fighting the endless battle to protect the data, devices, and cloud services of companies from hackers and next-generation cyber threats.
In second grade, Bennett’s elementary school purchased a bunch of new Apple Macintosh computers, beginning Bennett’s love affair with technology. During this time, he would go over to his friend’s house and the pair would review the code for computer viruses—they understood nothing at first, but were enamored nonetheless. At 14 years old, Bennett’s family got the internet, and back then, the internet was purchased in minutes; it wasn’t unlimited like it is today. “We paid for 300 minutes a month, ” says Bennett. “After the first month my dad came to me and said, ‘Hey Chad, you went way over the allowed minutes, and it cost me an extra $100 bucks. If you do this again, I’m getting rid of the internet.’
There was no way I could let him get rid of the internet as I had already become addicted.” Bennett bought a thick Visual Basic 2.0 book on software development and read it cover to cover. Along with frequenting hacking and software development chat rooms, he taught himself how to write code. The first program he wrote was to get free internet. “I discovered a loophole in the internet software we had at the time, Prodigy. I wrote software to exploit that loophole,” explains Bennett.
That’s how Bennett’s cybersecurity career got started—as a teenager wanting to find out what he could get into. “I wasn’t trying to steal money or anything malicious, I was just fascinated with the challenge of finding the vulnerabilities of these large companies. It was like a scavenger hunt.”
Starting his IT career at BYU
In college, Bennett took a position at Brigham Young University (BYU) as a general IT technician. About three weeks after he started the BYU job, his boss recognized his cyber skills and approached him about a security related position.
Bennett accepted the position, a big upgrade from what he was originally hired to do. He helped run cybersecurity for the library for a couple of years, then took a position managing technology for BYU’s mechanical engineering department for two more years. Bennett says he loved starting his career at BYU. This was where he gained his first professional experience in cybersecurity and where he received a technical certification as a Certified Ethical Hacker (CEH).
In 2009, he started Lancera, a cybersecurity and IT services company based in Provo. It became one of his first companies to be included in the Inc. 500.
Bennett completed his transition from teenage hacker to fighting hackers. He learned how to compromise systems and what hackers look for when they’re targeting specific organizations. He exploited that knowledge to protect businesses from the hacker’s point of view. Bennett would tell clients, “These are the things hackers will look for, these are the reasons why they’re going to target you, and this is what we need to do to protect you.”
HEROIC, making cybersecurity accessible
In his war against hackers, Bennett has worked with some of the largest corporations in the world, including Dell and T-Mobile. During the early years, he learned how large organizations have a lot of capital allowing them to afford the technology to protect their company and employees, but there was a hitch—that technology is not normally available to smaller businesses, or home users, and that’s where the idea of HEROIC was born.
One of Bennett’s main goals behind HEROIC is to take this advanced cybersecurity technology that can be out of reach for most companies, and make it accessible and affordable for small to medium-sized businesses and home-based workers.
When HEROIC launched in 2016, artificial intelligence (AI) had been the buzzword for quite some time. Bennett wanted to incorporate AI with HEROIC’s platform—to bring this advanced technology to the little guys who don’t normally have multi-million cybersecurity budgets, he explains.
“They have a budget and they know they need protection, but they don’t know what they need,” says Bennett. “They’re looking for someone to come in and say, ‘Here’s the full solution,’ then help implement and manage it. That’s the genesis of HEROIC.”
Before Bennett founded HEROIC, he started and acquired multiple companies, some of which he sold. HEROIC is his fourth company to land on the Inc. 5000 list. In 2022, HEROIC was ranked as the top cybersecurity firm in Utah by Inc. 5000, and in the top 25 cybersecurity firms in the nation with Inc. 5000.
Hackers—a never-ending battle
“It’s not a matter of guns and bullets these days, it’s all about ones and zeros,” says Bennett. And the reality is, this battle is ongoing. “We are in a literal war with other countries, other organizations, and individual hackers sitting in basements and dark rooms wanting to do damage.” The media, says Bennett, is great because whenever there is a large hack, companies realize, “Oh wow, if it happened to them, it could happen to us.”
With enough time and money hackers can compromise anything. HEROIC’s job is to make compromising a target so difficult, hackers will abandon the target. HEROIC starts by auditing a company to figure out their weaknesses. Once found, HEROIC closes those holes and puts barriers around all systems to protect against attackers.
“It’s our job to add layers upon layers of security, to make it so difficult that the cost to compromise something is more than the value of what that compromise is worth. Some of HEROIC’s largest clients are hospitals and healthcare organizations. “We do this for large organizations and are working now to deliver this protection all the way down to individuals, families and home-based workers,” says Bennett.
A lot of founders believe a certain class of cybersecurity expertise or software is so expensive, so high-end, that only Fortune 500 companies can afford it. Often, small to medium-sized companies live with the dread that they’re vulnerable to getting hacked. “It’s a level of risk they’re willing to take,” says Bennett. HEROIC quantifies that risk and provides organizations with options.
“It's not necessarily the price of the individual software that protects everything. It's the layers necessary to protect everything. When those layers are all added up, the cost to the company can become significant. Then there is the personnel that run all those layers—that's usually the expensive piece,” he says.
“What we do is bring all that stuff in-house. We provide a unified platform for businesses to protect themselves intelligently, and manage it as one single solution—the same solution we use for large corporations. Because of our scale, we're able to get those costs down significantly. There is a little tweaking that goes with each company, but the solution we provide is the same from company to company,” says Bennett.
On the enterprise side (large corporations), HEROIC uses a layered approach internally, across all clients—it’s the same software packages. “We have our proprietary software which we integrate with some of the best technology solutions across the industry,” says Bennett.
A good example, he says, is endpoint protection—the new term for “antivirus software.” Endpoint protection is a basic layer of protection that an organization will usually implement on its own, but that needs to be implemented with other solutions to fully unlock its value.
Suppose a company starts with endpoint protection then adds network protection to the mix. Before you know it, there are many different software packages in use to protect the organization, which becomes almost impossible for an IT team to manage properly. That's where HEROIC comes in. “We provide a fully managed, unified solution at an affordable price,” explains Bennett. “Because of our scale, HEROIC’s solution is more effective at a lesser cost than what it would cost a company to implement themselves.”
HEROIC is currently on the verge of bringing its enterprise-powered cybersecurity to the little guys, and gals, at home—an SMB home-user solution that is likely to be more robust than anything currently on the market. It’s in beta right now, and will be available to the public early next year.
“At the end of the day, it's the people running the technology that we're protecting, behind the desktop, laptop, or cell-phone. It’s the lives that are important,” says Bennett. “Protecting humanity from cyber threats, that’s what this technology is there for, and the software we're launching is really the beginning of achieving that mission.”
HEROIC raised a very small seed round from friends and family, shortly after it was founded. The company hasn’t raised additional capital since and has already achieved profitability, “We are cashflow positive, and although we continually field interest from VC firms, thankfully we haven’t needed to bring on additional capital.” says Bennett. With the launch of HEROIC’s upcoming SaaS-based protection platform for individuals, families, and home-based workers, they are preparing to hire en masse, at which time they may explore growth capital with the right partners.
Bennett says he is taking the lessons he learned from his previous companies, and expects the same for HEROIC, growth-wise. “We’ve learned from our past successes and mistakes and we’re ready to scale, 2023 is going to be massive for HEROIC!”
For more information, and to see if your information has been previously breached, see HEROIC.com.
Elainna Ciaramella is a business journalist and writer who lives in St. George. Elainna interviews business owners, researchers, university leaders, and c-suite executives from all over the country. Her curiosity is endless and she is constantly seeking information that will intrigue and inspire readers.