A Decade of SEP2: Honest Lessons from 10 Years as a CEO

Ten years ago when SEP2 began its journey, the cyber security world was a very different place. The emphasis remained on perimeter security, cloud adoption was still a contentious topic being debated (“Why use the cloud?”), and the concept of a dedicated, round-the-clock Security Operations Center (SOC) was typically considered a high-end service reserved only for major organisations.

Today, our reality has shifted dramatically. Our data boundaries extend far beyond physical offices. We now grapple with managing multiple clouds and an ever-growing list of SaaS solutions, all of which store critical data. Consequently, every organisation demands non-stop protection to secure their increasingly global and connected online operations.

Our decade-long journey building a cyber security services business has been an intensive lesson  in resilience, adaptation, and, most importantly, trust. From the outset, SEP2 was founded on a simple drive for perfect security and service excellence which should be for everyone. This commitment to delivering genuine service value through true partnership is what defined us. This ethos, which we call “Tech Driven and People Powered,” remains central to everything we do at SEP2. As we hit the ten-year mark with a team of over 100 dedicated professionals protecting hundreds of organisations, I’ve been reflecting on what has changed and, more importantly, what has remained constant.

The following ten lessons aren’t just about MDR or Firewalls. They are the honest truths about leadership, culture, and partnership that have allowed us to not only survive a decade in tech but to thrive alongside our clients.

10 Lessons from 10 Years of SEP2

1. The “Tech Driven. People Powered.” Balance
2. Solving the “Root Cause” Not Just the Symptom
3. Culture is Your Best Security Layer
4. The Power of “Plain English” in a Complex World
5. Partnerships Over Vendor Lists
6. Knowing When to Outgrow Your Tools
7. “Committed to Doing Good” as a Business Strategy
8. Continually Review and Plan for Scale
9. Continuous Investing in Learning
10. The Long Game: Relationships vs. Transactions

1. The “Tech Driven. People Powered.” Balance

Many organisations struggle to find the right balance. They often veer too far in one direction, either becoming a detached “tech house” that relies too heavily on “silver bullet” technology, a trend exacerbated by the potential of AI or, conversely, operating as an overly manual services firm that cannot scale effectively.

The Lesson: Technology is the how, but people are the why. A decade has taught me that the best SOC in the world is only as good as the analysts and engineers’ intuition behind the screen. We must apply critical thinking and build on automation and now AI, and continually ask why and can we do it better.

2. Solving the “Root Cause” Not Just the Symptom

Early-stage businesses often focus on clearing the queue or fixing the immediate incident. To grow, you need to evolve to focus on solving problems at their root. However, this can take time, and in the world of cyber security, time is something we have little of. 

The Lesson: In cyber security and business, just fixing symptoms is a treadmill to madness and leads to alert fatigue or ignoring/missing the important stuff. Yes, of course we need to handle the incident in the moment, but we need to always apply lessons learned and apply knowledge and learning to the root cause. True growth comes from the discipline of the “Root Cause Analysis” not just for technical bugs, but for business processes and client relationships. 

3. Culture is Your Best Security Layer

When it comes to securing a business, cultivating the right culture is so important. By fostering strong relationships with your people and partners, you can turn them into your strongest link.

The Lesson: You can’t “buy” a security culture; you build it. A team that feels responsible for each other will naturally be more vigilant for their clients. At SEP2, we understand that diversity of thinking is not just a metric but a crucial defensive advantage. This is why we are proud of employing diverse minds across our 100-employee team and proudly support internal groups like Cyber Schools and the Women in SEP2 initiative.

4. The Power of “Plain English” in a Complex World

Our published case studies, featuring clients like Funding Circle and GWI, frequently highlight that SEP2 speaks their language, a sentiment echoed by many more of our customers.

The Lesson: Complexity is easy; clarity is hard. Over the last 10 years, we’ve found that the most successful projects weren’t always the most complex; they were the ones where everyone understood the mission and worked together to meet the project goals.

5. Partnerships Over Vendor Lists

SEP2’s focus has always been on solving cyber security challenges, not simply selling products. We achieve this by aligning ourselves with world-class vendors such as Google Cloud Security, Check Point, and CrowdStrike.

The Lesson: Choose partners, not just suppliers. This has been important to SEP2, but I believe it should be a focus of everyone no matter what business you are in.  A 10-year view shows that vendor “flavour-of-the-month” technology fades, but deep, strategic partnerships provide the stability clients actually crave.

6. Knowing When to Outgrow Your Tools

Whether it is cyber security, business tools, or solutions, knowing when you have outgrown a solution or service is critical for you to achieve your goals, and how you implement this is critical. 

The Lesson: The systems that got you to Year 5 might be the very things holding you back from Year 10. Don’t be afraid of the “pain of the pivot,” it’s usually less than the cost of stagnation. SEP2 has embraced change and invested in the tools we believe are going to take us forward. Two examples of this are our recent switch to Iplicit for financial tooling, and more recently, our full adoption of Google Workspace, Cloud, and Chrome Enterprise browser.

7. “Committed to Doing Good” as a Business Strategy

ESG initiatives can sometimes be viewed with scepticism or seem uninspiring, largely due to the poor practices of others. However, SEP2 has always been grounded in strong ethical values, though we have often chosen to let our actions speak louder than words.

The Lesson: At SEP2, our commitment goes beyond just securing data; we are dedicated to securing a future we can all believe in. We are actively translating our ambitions into concrete actions by integrating our expertise under a unified ESG vision. This includes significantly reducing our carbon footprint, nurturing future talent through our Cyber Academy, inspiring young people from all backgrounds to explore Cyber Security via our Cyber School, and upholding the highest standards of transparency.

We are establishing a legacy where innovation and integrity converge. We are proving that when world-class cyber security and social responsibility align, we don’t just protect businesses – we empower people and protect the future.

8. Continually Review and Plan for Scale

The growth SEP2 has achieved, particularly over the last three years, is a source of immense pride. However, this expansion impacts every facet of the business, underscoring the critical need to plan for scale, not just growth. While growth is about increasing in size, scaling is about achieving greater efficiency and effectiveness. It involves establishing resilient, agile processes and shared values that facilitate expansion without compromising our core identity. 

Small businesses often concentrate too much on the immediate ‘here and now’ and survival. Still, it is vital to remember that the current business model may not be the same in 6 or 12 months, and proactive planning for this future state is essential.

The Lesson: Growth is extremely important for SEP2, but this can never come at the cost of our values and service excellence. Therefore, a key view at SEP2 is that scaling is a mindset, not just a metric. While growth adds resources at the same rate it adds revenue, scaling allows us to increase our impact exponentially while keeping our foundations stable. We ensure resilience and scalability through several key strategies. We continually review and strengthen our processes, transitioning from “heroics” where individuals save the day through sheer effort to robust, repeatable systems, ensuring that as our client base doubles, our stress levels do not. This has been one of my personal challenges as a doer on being comfortable with ‘working on the business’ and not just ‘in the business’. But it’s so important in order to build and scale.

9. Continuous Investing in Learning

Regardless of your current position, whether you’re a new Security Analyst or a CEO with two decades of experience, continuous learning is essential. You must consistently invest in your knowledge, challenge yourself with new ways of working, and be open to adopting different ideas.

The Lesson: Stay curious or stay behind. SEP2 has always invested in learning and development, which is why we have a strong success with our Apprentices, Graduates or people just starting their careers. But this continuous learning should never stop at any level.

10. The Long Game: Relationships vs. Transactions

The long-standing relationships we maintain with many of our customers and partners are highly valued by the SEP2 leadership. Client retention is a core business Key Performance Indicator (KPI) for us, reflecting its significant importance, but we are never afraid to walk away when it’s the right decision.

The Lesson: Maintaining a long-term client relationship, as we have done successfully for 10 years at SEP2, is incredibly rewarding. It allows us to build on our partnership and mutually support each other’s growth. However, the foundation of a successful relationship is organisational alignment, built on mutual respect and clarity regarding goals and responsibilities.

We value honest feedback from our partners and customers, as this is our most valuable source of direction and improvement. This commitment to honesty extends to challenging conversations. We recognise that if a relationship is fundamentally misaligned, and honest communication is impossible, we must be prepared to disengage. Similarly, SEP2 is always willing to walk away from any opportunity where we are not aligned with a potential partner.

As I write these lessons, I find myself drawn to an eleventh, a unifying principle for all the above. Just as in life, nothing is perfect, and these ten lessons will inevitably present unforeseen challenges. The key, however, is for all our people to believe in the plan and values and to stay the course. 

Therefore, consider this a bonus lesson:

Bonus: 11. The Collective Commitment

The SEP2 that our first employees joined a decade ago shared the same heart and values we have today, but operationally, it is a very different business. As a business scales, the pace of evolution accelerates, and keeping an entire workforce aligned with that velocity is a significant leadership challenge. Growth requires a specific type of adaptability that isn’t for everyone and acknowledging that is a mark of maturity, not a failure of culture. 

The Lesson: I have learned to be less afraid of asking people to keep that pace as the number of people who rely on you for their livelihoods grows. A decade in and the philosophy ‘The whole is greater than the sum of its parts’ brings new meaning to me. It is more than a cliché, it is a survival mandate. As the custodian of the ‘whole’, to safeguard its existence and protect the team’s future, I am duty bound to unapologetically expect the very best from everyone. I owe it to the people who are keeping pace to ensure they aren’t carrying those who aren’t. Being “People Powered” means looking after your team deeply, but it also means ensuring every person on that team is fully committed to the journey ahead.

The Next Decade

As we reflect on these lessons, one truth stands above the rest: the cyber security landscape will never stop shifting, but the principles of human partnership remain constant. I recently came across some notes from a whiteboard session created during the first couple of weeks of SEP2. I was struck by how many original threats and plans remain relevant and still influence our daily operations. This reminds me that while so much has changed, a lot has remained the same.

Today, with a team of 100 professionals and a decade of shared victories behind us, our mission hasn’t changed. We remain Tech Driven and People Powered, ready to navigate the complexities of AI, multi-cloud environments, and whatever the next ten years may bring.

The next ten years will undoubtedly bring challenges we can’t yet name, driven by AI, shifting global geopolitics, and technologies still in their infancy. But if the last decade has taught me anything, it’s that if you get the culture right, choose the right partners, and never lose sight of the human element, you can navigate any storm.

To our team, our partners, and especially our clients who have trusted us with their most critical assets: thank you for an incredible ten years. We’re just getting started. Here’s to the next decade of doing good, staying curious, and staying secure.