How ThreatLocker CEO Danny Jenkins Once Saved His Company With Data-Stealing Malware
While struggling to raise investment in 2018, Jenkins recalls that his last hope was writing malicious software to try to beat a local firm’s antivirus tool: ‘If this doesn’t steal your data, I’m actually going to close the company down.’
It was 2018, and cybersecurity startup entrepreneur Danny Jenkins was becoming exhausted from all the rejection emails he’d been getting from potential investors.
Maybe even more importantly, he was broke.
Jenkins firmly believed that his company, ThreatLocker, had a unique and highly disruptive approach to endpoint security based on the concept of “zero trust.” But investors who agreed with him were proving elusive.
“I have thousands of emails from investors that say [they thought] it was a stupid idea,” Jenkins said during a keynote session Monday at the XChange August 2023 conference in Nashville, hosted by CRN parent The Channel Company. “I was really struggling to get investment.”
Based in Orlando, Jenkins then approached a well-connected company in the area, with the hope that it would introduce him to clients who might invest.
“I said, ‘This is what you need — your antivirus isn’t enough,’” he recalled telling the company, which he didn’t identify. “They wouldn’t even talk to me.”
That’s when he decided to write some malware that would steal the firm’s data.
This was done out of desperation, Jenkins recounted. At that point, “I’ve mortgaged my house, I’m nearly out of money. I’ve got to get investment.”
In an interview with CRN Monday, Jenkins added that he also had $150,000 in credit card debt at the time. “I had no money for groceries,” he said. “It was bad.”
And so, Jenkins approached the local firm with his unusual pitch: “‘I’m going to write a piece of malware … and you can run it, and it’s going to steal your data. And if it doesn’t steal your data, I’m actually going to close the company down. If it does steal your data, you’ll talk to me,’” he recalled during the XChange keynote session.
The idea was for the firm to run the malicious software in a sandboxing test environment, in order to demonstrate that ThreatLocker’s application allowlisting technology would stop malware attacks that other endpoint security products could not.
The firm didn’t make it easy, though.
“They wouldn’t tell me what their antivirus was. So I had to test this against all the different antivirus [products] out there,” Jenkins said.
Nonethless, Jenkins told CRN that he succeeded in demonstrating his malware could beat the local company’s antivirus tools. That got him an introduction to a number of angel investors in the firm’s client base — and ultimately, brought in the investment that ThreatLocker needed to stay afloat.
But there’s no doubt about it, Jenkins said: “If we hadn’t done that, we were out of business.”
A Hit With MSPs
ThreatLocker went on to build a partner base of more than 4,000 MSPs that use its application allowlisting and additional capabilities introduced in recent years — such as “ringfencing,” which places limitations on what types of actions an allowed app is able to take.
At one MSP partner of ThreatLocker, Vaughan, Ontario-based Infinite IT Solutions, CEO Joe Ussia said that adopting ThreatLocker has had a massively positive impact on his company’s ability to serve customers.
“They have helped us in ways that most other vendors haven’t — reducing ticket counts, improving productivity, improving security,” Ussia said, adding that ThreatLocker’s support is “probably the best in the industry.” Jenkins, meanwhile, is “brilliant” while also being a “super humble, nice guy,” he said.
Upon hearing Jenkins recount how ThreatLocker nearly folded in its early days, Ussia said there’s no question “that would have been a big loss to our industry.”
“There are a lot of other companies that could go away, and nobody would notice,” he said. “But we would feel it with ThreatLocker.”
ThreatLocker grew its revenue by 300 percent in 2022, year-over-year, and investors have continued writing checks. Big ones, actually: For ThreatLocker’s most recent funding, its Series C round in April 2022, the company raised $100 million led by growth equity giant General Atlantic.