Evotek CEO Cesar Enciso On ‘Doing The Right Thing’ For Customer Security Vs. ‘Just Pitching Products’

The fast-growing system integrator specializes in providing advisory services that often result in better usage of the product investments customers have already made, rather than new purchases, Enciso told CRN.

Growth Strategy

For most solution providers, growing to nearly $500 million in revenue in less than a decade would presumably require outside investment and a sizable sales force. But Evotek — which accomplished that feat in 2022, its eighth year in business — has had neither, according to Cesar Enciso, founder and CEO of the San Diego-based system integrator. The bootstrapped company was able to reach that revenue milestone last year with just 19 people in sales because its strategy has never been to drive growth with heavy-handed selling, Enciso said in an interview with CRN.

Just the opposite: Evotek rewards its team for helping to drive services, he said — including advisory services that lead to fuller use of product investments that customers have already made, rather than the purchase of new tools. “It’s easy to win when we are looking at doing the right thing, versus just pitching products,” said Enciso, who was previously a general manager at Trace3 and a regional vice president at Technologent before founding Evotek in late 2014.

[Related: Here’s What 15 Top CEOs And Cybersecurity Experts Told Us At RSAC 2023]

Recruiting and retaining the right people has been another priority for Evotek, and it’s also been a key enabler to the company’s growth, he said. In cybersecurity, for instance, Enciso says that the company has stood out by hiring former chief information security officers such as Chris Forbes, who previously served as CISO of the Federal Reserve Bank of San Francisco, and Matt Shufeldt, formerly the CISO of Cognizant Healthcare and Sports Authority. And when it comes to the implementation of Evotek’s security solutions for customers, “they’re the ones that are actually doing the work,” Enciso said. “We’re not outsourcing it to somebody that has two years experience.”

What follows is an edited portion of CRN’s interview with Enciso.

What are the biggest things you’d want people to know about Evotek?

We started late in 2014, and we have gone from zero revenue to around $500 million last year. We are the fastest [growing] independent integrator in North America. We don’t have any outside investments. We don’t have any [private equity] ties. We don’t have any ties outside of the money that I bootstrapped the company with in late 2014. We have a little over 200 employees. And everything is really based on not just getting talent, but how do you get the best of the best — and how do you keep them happy. I’ve always been a big believer that the best way to move out your ‘A’ players from any company is to start hiring ‘B’ players. And when the ‘A’ players leave, the ‘B’ players hire ‘C’ players, and all of a sudden you had a great company and then you watered it down with OK people.

How are you differentiating yourself in the market?

One of the things that I always saw in my past life is, you would hire these folks that were always pitching just plain products. When we started leaning towards cybersecurity, which was very early on in our organization, the real value is not just doing solutions or products. It’s really the advice and the experience of these CISOs. So we’ve hired former CISOs to be able not just to talk about solutions, but to really actually help our customers be able to put true security platforms together. Almost all our former CISOs are not just former CISOs, they’re former IT executives, they are former auditors, they are former solution engineers. They have real life experience to be able to go and not just talk to our end users, but to also go and help the boards of these large organizations — most of the customers that we have are really in that Fortune 300. And it’s really important for us to be able not just to push product, but to be able to actually put a true platform together. Everything that we do really has a security focus to it. It’s really everything that we touch, if it’s data center, if it’s cloud, if it’s advisory services, if it’s bringing in staff augmentation — everything that we touch, security is at the center of it. And we’ve hired folks like Chris Forbes (pictured), the former CISO of the Federal Reserve [Bank of San Francisco]. To be able to bring him to any of our financial organizations gives us instant credibility from day one.

Our approach is, when Chris or Matt Shufeldt, or whoever touches any of our solutions — they also help with implementation. They’re the ones that are actually doing the work. We’re not outsourcing it to somebody that has two years experience. We don’t do any of that. So our average security professional has 23 years experience in the industry, which is crazy.

What are some of your other differentiators?

We have a very small sales staff. And that’s something that’s always been [a conscious decision]. Last year we had 19 sellers doing almost $500 million. What we do with all our customers, is our customers will come to us with an issue or our problem, and a lot of times what we tell them is instead of buying new stuff, let’s look at what you have. You might have a beautiful Palo Alto [Networks] platform, but you’re only using 20 percent of it. Let’s stop there, and let’s just go and figure out what we can turn on. That approach has been so fundamentally different. Because with almost all integrators, the way salespeople make money is just by selling new stuff. We reward our folks [on] advisory services, we reward our folks for doing the right thing. We had one engagement where the people that we were competing with had a $4.5 million solution that they were pitching. At the end of the day, we sold [the customer] some services, but all they needed was about $115,000 worth of product. It’s easy to win when we are looking at doing the right thing, versus just pitching products.

Is there one service that you offered that’s your biggest service right now?

There’s not one solution or one company that does more than 10 percent of what we do. We’re pretty even across our services. We do a lot of board assessments — having the board understand the risk of the organization that they’re supporting, and making sure that there’s true governance around the organization. We do a lot of advisory services. We do a lot of CISO coaching or mentoring. A Chris Forbes might be mentoring a brand new CISO or a VP, and we spend a weekly session with them on, what are some things that [they] should be looking at? What risks should [they] be concerned about?

We do a lot of strategic sourcing. What we have done is we built so much trust with our partner community, and we have done this for so long, that we understand that if one of our Fortune 200 companies is buying Cisco or Palo Alto [Networks] or Wiz at a certain price — we have a really good baseline to be able to help our customers buy more wisely. Most integrators will try to get the best margin instead of getting the best discount for their customers. I think we’ve done a fantastic job on strategic sourcing, and we most definitely use that as a competitive advantage.

And then I think the other piece is Evotek Labs. We have a group that is run by Mark Campbell, and his job is to vet out all the new technology that’s coming out from the VC and from the PE [backed] industry. He will test out the technology. We’ll get some of our customers to help with that. We then go and have very interesting conversations with some of our larger customers about a certain problem that they’re solving for. And it definitely makes us look a lot different when we’re not just bringing in the same vendors. I mentioned Wiz — we sold one of their first five customers ever. With Cohesity, they have such a big security play with ransomware, and we sold one of their first 10 customers. We get very early into the technology. We [look at] not only whether they have the right technology, but if they have the right investors. And then we go to our customers and say, “We believe that because Lightspeed is putting in $200 million, we believe that this is something that you might want to look at.”

You’d said your labs group looks at 3,500 companies a year — how unique do you think that is? Do you think other integrators are looking that comprehensively?

Absolutely not. I think we’re probably one of the only companies that has. Because Evotek Labs doesn’t really produce dollars, per se. It’s more of a service that we offer our clients. It helps us get ahead of the game. Because us having a relationship with the CEO of Cohesity, when they were small, helps us a lot. If you look at a company like SentinelOne — we know that whole executive team, based on being such an early adopter. So it has created such a lift in our organization. And now we have so much credibility — not just with our vendor community but also with our client. When we go and talk to one of our customers, they are more open-minded and more open-armed about hearing what new technology we are bringing.

In terms of technology areas within security that are a major focus for you, are there certain areas that are really big for your customers right now?

We don’t really have a [focus] on one big solution. Every single one of our customers has very specific needs. The thing that’s really important is that our outlook is everything should start with security, no matter what you’re doing. We hired a complete rock star — his name is Al Diaz (pictured) — from Microsoft, and he was helping run their cloud business over at Azure. He’s helping us run our cloud transformation business. We’re looking at it from a security perspective when we do data center. It always starts with risks you have, and then when you do go international — with all the different laws and regulations — and what they care about. It’s really important to be able to develop those security platforms for our customers with that in mind. We might talk to a customer, and they might not be international yet — but in two years they plan to. So we put that solution, to make sure that they are investing in their protection down the road, and they don’t have to scrap something.

What else would you want people to know about Evotek?

One of the things that makes us unique is we also do a really good job of looking at what our customers currently have. We’re not a big believer that you need to get rid of everything that you have. Cisco is a big partner of ours, Palo Alto [Networks] is a big partner of ours. Sometimes just doing a software upgrade gives [the customer] 20 new functions. They just didn’t know about it. So we do spend a lot of time with some of the traditional players. Because where we believe that Palo Alto [Networks] or Cisco has done a very good job is at making investments into emerging technologies, and then learning how to integrate that to their current platforms.

In November, we hired Dan Danielli from Arrow, and he runs all our alliances and partners. It’s his job also to make sure that when he’s talking to SentinelOne or Thales or Wiz, are those solutions working with our other partners? We get a lot of solutions that we put together. We might put a Wiz with one of our other partners, and it becomes very powerful when you add those two together. The last thing we spend a lot of time on is, once we get these solutions up, we spend a lot of time on training their staff on making sure that they have the ability to run it. And if they don’t, do they want Evotek to help them with that? We do a lot of staff augmentation — we have our Evotek employees help run these platforms.

Most of our competitors are staying flat in this recession, or downsizing. We’re doing the opposite. We’ve done a good job of thinking about our employees. For about 85 percent of our employees, we pay 100 percent of all their healthcare, dental, vision. We encourage people to take breaks when they need them — we have a lot of mental [health] days off. We’re also very involved in community. We’re incredibly proud of our culture.