On cybersecurity, he means business

First and foremost a business guy with law and finance degrees, William Croutch never knows what will wind up on his to-do list each morning when he reports to Optiv Security Inc.’s largest office in Overland Park, Kansas.

As senior vice president and head of the cybersecurity firm’s legal department Croutch oversees a team that includes six lawyers and eight specialists whose primary duty is reviewing contracts with the thousands of big-ticket clients who depend on Optiv for data protection.

Optiv being a well-run company, there’s little litigation to handle, but there are plenty of mergers and acquisitions. The company has completed six acquisitions in the past two years alone. Same for issues regarding intellectual properties, human resources and compliance with regulations here and abroad—there’s much to tend. And there’s serving as chief privacy officer and secretary to the board of directors.

But there’s one part of the business that never needs his attention: the promotion of Optiv’s services.

“We don’t have to advertise much at all,” says the friendly and well-spoken 48-year-old Croutch. “All you have to do is watch CNN or Fox and hear about the latest big breach. That’s what brings in our customers.”

And that customer base—well represented by large companies that know all too well about the data breaches of recent years—seems certain to grow. Optiv customers represent 74 of the Fortune 100 companies and 680 of the Fortune 1,000.

“There are people out there who do nothing all day but focus on how to hack into a company’s network and demand payment in Bitcoin,” says Croutch, his weary tone suggesting what a better world this would be if such hi-tech miscreants would only apply their skills to legitimate pursuits. “It’s affecting people’s lives and getting worse all the time.”

World of possibilities

That state of affairs being the case, there’s opportunity aplenty for a firm on the cutting edge of cybersecurity solution expertise, and Croutch says such capability was enhanced in January when Optiv was acquired by KKR. That New York-headquartered global investment firm wants to increase its new partner’s footprint on the international front where potential abounds, and talks optimistically, but realistically, about increasing annual revenue from $2 billion to $5 billion.

“We haven’t had much of an international presence until now,” says Croutch, who ironed out many of the details that led to KKR’s prized acquisition. “We have approximately 60 employees in Canada and about the same in India, but there’s a ton of cybersecurity demand all over the world that we want to meet.”

And well they should be.

On the day Croutch spoke to Vanguard, the news included the Australian Tax Office temporarily suspending Down Under’s Medicare cards after a darknet vendor apparently sold 75 of them on an online auction site. In Germany, where President Trump and Vladimir Putin would be meeting at the time of an interview with Croutch, many were the observers wondering if the two leaders would have anything to say in private about the Democratic National Committee’s data bank. Back in this hemisphere, Helpnet Security was reporting that 66 percent of U.S. law firms had some sort of data compromised in 2016.

Small wonder why there’s no need for Optiv commercials. But bold statements are still coming from Optiv and KKR. The kind of bold statements that indicate that the partners are in aggressive growth mode.

A vision shared

“Optiv’s vision is to become the world’s most advanced, most comprehensive and most trusted partner for cybersecurity solutions,” CEO Dan Burns announced at the time of the acquisition. “Our new partnership with KKR gives us the resources we need to better help global clients address their full range of cyber risk and security needs, allowing us to ultimately achieve our vision.”

Herald Chen, head of KKR’s technology investment team, seconded the motion, saying a “leading, global cybersecurity powerhouse” was aborning.

And growing fast.

After Croutch helped smooth the way for KKR’s acquisition of Optiv, he put the pieces in place for the acquisition of Pennsylvania-based network and security solution provider, Comm Solutions, furthering the corporate outreach into the Northeast and mid-Atlantic that began a year earlier when Optiv acquired Adaptive Communications of Portsmouth, New Hampshire.

In November, Optiv closed two additional acquisitions—one of Conexsys to expand its presence in Canada; and the other of Decision Lab to expand its advanced security analytics and big data services.

It’s the kind of business-intense law that he’s most at ease practicing, having majored in finance at Arizona State University and gone to Drake University Law School with the intent of working in-house.

“I never wanted to be a litigator or a rainmaker,” he explains. “I always wanted to work for one client, one customer. Business law was where I really thrived.”

Croutch did well enough at Drake to serve on its law review and be admitted to the Order of the Coif, an honorary scholastic society with a membership reserved for the top 10 percent of a school’s law grads. But as he found out upon receiving that juris doctorate, choice of in-house gigs were few and far between for inexperienced lawyers. So he put in his time with the prestigious Kansas City, Missouri, firm of Hillix, Brewer, Hoffhaus, Whittaker & Wright, honing his business skills well enough to be offered a job at Seaboard Corp. and its Seaboard Marine subsidiary in Miami, where he rose to general counsel and vice president.

That was a fulfilling decade, he remembers, with duties at the shipping company including deal-making in Europe, South America and Africa. But Croutch is a Midwesterner at heart, and his toxicologist wife, Claire, also felt the Heartland would be a better place to raise their son Jared and daughter Grace.

“I’ve been here seven years and can tell you that the threats of today are nothing like the threats of yesteryear. The hackers are so much more sophisticated.”

Their ticket to Kansas arrived in the form of a senior attorney position at Euronet Worldwide, a provider of electronic payment services, where Croutch resolved employment-related matters and assisted with Sarbandes-Oxley Act (SOX) compliance that requires publicly held companies to establish internal controls and procedures for reliable financial reporting.

All that collective business expertise would later be put to use at Optiv’s predecessors, FishNet and Accuvant, which he helped merge in 2015.

There are certain to be more mergers and acquisitions—and the growing challenges of staying ahead of those who no longer need a gun—or even a fountain pen—to commit robbery.

“I’ve been here seven years and can tell you that the threats of today are nothing like the threats of yesteryear,” he says. “The hackers are so much more sophisticated. Every time the good guys put something out there to stop them, the bad guys find an end-around, a backdoor into a company’s data base.”

Croutch’s concerns are shared at Optiv, where some of the world’s most tech-savvy brains anticipate just how much more sophisticated the hackers will be. Customers at retail stores are often victims of credit card number theft. Today, public and private organizations are regularly plagued by ransomware. And the potential exists for hackers to be even more nefarious.

All of which has Optiv in eternal vigilance. Everything’s riding on its cybersecurity expertise that so far has been more than equal to the task.

“Our insurance company has a formula to base its premiums for cybersecurity, and I’m proud to say we’ve had the top score,” says Croutch. “We intend to keep it. We practice what we preach here at Optiv.”