Cheltenham’s Salus Cyber doubles in size since start of pandemic
By Rob Freeman | 17th February 2021
Founding a business in Cheltenham sounds a long way from meeting world leaders and looking after the digital and physical security of NATO forces in Afghanistan.
But Jason Kalwa is using the lessons learned finding security failings in Kabul to do the same for businesses large and small with his company Salus Cyber.
Formed in 2017, Cheltenham-based Salus - named after the Roman goddess and Latin for safety - has doubled its turnover since its hard launch just before the start of the coronavirus pandemic.
Mr Kalwa said: "I had been looking after cyber security issues for large, multi-billion pound companies.
"I wanted to work with a smaller subset of companies and believed we could do something a little bit better."
Salus has doubled its staff from three to six consultants with the heart of its service revolving around penetration testing - pen testing or ethical hacking - which digs deep into a security system to find any weaknesses.
"We find the gaps in any system and tell you how to fix them," he said. "We think that's where the value is and the clients we have spoken to think that is the right approach.
"If someone feels they have something that needs protecting, be it a business, an organisation or a school looking to protect student data, we can work out the best way of safeguarding it."
While pen testing is more common among large, international organisations, particularly banks, in the UK, Mr Kalwa feels there is a wider need for the process.
"Most companies do not have expensive structures in place to employ people like this," he said. "We supply these resources to find the holes and to work out the best way to fix them."
"This is the next best thing - it doesn't mean you've got to spend a fortune. It's all about reducing risks."
Having identified the risks, Salus' approach involves working with the client to identify the best ways to secure their system and minimise future risks with a vulnerability management service prioritising things which need improving.
"We look at the most critical areas and give them six specific targets," he said. "Over the course of a 12-month period, they generally reduce their risks by 70 per cent.
"We use technology, processes and information flows that work with any business, so we only give you the data and information you require. We believe in giving value."
"What it allows us to do is see what processes are failing. Those processes are indicative of larger failings and we can pull the levers to find those other failings."
He continued: "If people are after a warm, fuzzy feeling because they have a report on their security, it does not mean they have fixed it.
"We don't just do the test, we set up achievable aims. Some of the fixes are time consuming and expensive so we work out the right thing for them.
"I have to understand people's business concerns, and from that identify their key cyber risks. We are trying to be a truly customer-focused cyber security company. Clients always have expert advice at hand."
That involves moving away from a "one-size-fits-all" approach to managed services offering a range of options.
"We try to work and detect exactly what problems need addressing and deliver cyber security consultancy which is relevant to the customer," he said.
"One of our clients has our presence four days a week because they have so much going on.
"Every organisation has a different set of risks. We talk about what's right and what's wrong but it's not that black and white."
He continued: "It takes time. We find out what makes that business tick, what it is trying to do and we try to align their cyber plans to their business strategy.
"I'd try to understand why someone called us. That starts the ball rolling, to find out what they are trying to achieve.
"Generally, people don't know what they need and that's OK, we are used to this and will guide them in the right direction.
"Our ultimate aim though is to work with companies that are serious about becoming more secure.
With the pandemic placing extra strain on IT staff, the ability of Salus' consultants to work remotely has helped to ease pressure.
"Most of the companies we work with, their IT or network teams are outsourced and overstretched," he said. "With COVID safety, IT teams are really busy.
"We offer to work with them and do as much as we can which we are doing from home.
"We piloted that approach with one of our clients, project managed it, ran workshops and they had a 90 per cent reduction in risk inside four months."
It is a far cry from Kabul where Mr Kalwa spent three years looking after the NATO network, meeting the likes of former US president Barack Obama and Hillary Clinton, Prime Minister Gordon Brown and French president Nicolas Sarkozy
"We effectively built NATO Kabul International Airport (KAIA) and the ISAF Joint Operations Centre for 5,000 personnel and then looked after the in-country decommissioning of bases and IT," he said.
Prior to life with NATO came spells with the Ministry of Defence and the NHS and since returning to the UK, he has been working as a cyber security consultant for various companies, including Thales, IRM and DXC Technology, before founding Salus.
"I have been doing this for a long time, I know how easy it is to make a mistake," he said. "I take my responsibility very seriously and want to help others achieve their goals without over complicating the process"
Copyright 2021 Moose Partnership Ltd. All rights reserved. Reproduction of any content is strictly forbidden without prior permission.