Cybersecurity News that Matters

Cybersecurity News that Matters

Opinion: Why I went public with the CTI company I founded 19 years ago

by The Readable

Mar. 21, 2023
11:10 AM GMT+9

By Kihong Kim, CEO of SANDS Lab

“Technology-driven intelligence companies, such as SANDS Lab, can have a positive impact on the security market by entering KOSDAQ.” This is the suggestion that I heard from an industry expert after completing the final evaluation for technology special listing last January.

Although SANDS Lab was initially founded as a student venture in 2004, I consider it to still maintain the characteristics of a startup. While the term “startup” typically refers to companies that have been around for three to five years, SANDS Lab has a young and dynamic workforce and a streamlined decision-making process that eliminates unnecessary procedures. Furthermore, the company is continuously adapting to reflect industry trends and expand into new markets, further aligning with the traits commonly associated with startups.

The technology industries that are currently in the spotlight include entertainment, mobile, gaming, metaverse, cryptocurrency, and content-based sectors, with a combined market valuation of trillions of dollars. Stakeholders in these industries aim to list startups and accelerate their growth within 5 to 10 years, ultimately achieving unicorn status. This process also increases corporate awareness, attracting the attention of the general public and shareholders, and it creates opportunities for companies and their respective industries to grow together. Additionally, it provides a platform for young, talented individuals to demonstrate their abilities and become “superstar CEOs,” accumulating wealth and fame in the process.

What is the current state of the cybersecurity industry? Despite the growing importance of cybersecurity, the market capitalization of the largest cybersecurity company in South Korea is less than 1 trillion won ($770 million), and the average market capitalization of the top 20 cybersecurity companies listed on KOSDAQ is approximately 100 billion won ($77 million). Moreover, there have been no new listings of cybersecurity companies in the past five years, not since 2018. Given these circumstances, I believed that a listing would not only accelerate growth but also prove the marketability of the security industry, which was my primary motivation for pushing for it.

The second reason I advocated for listing was to promote change and innovation in the domestic cybersecurity market. Many security companies in the country focus solely on solutions and manpower, either developing and selling solutions to institutions and companies or sending experts to customers and charging for their services. As the number of customer sites increases, the original costs of providing these services are inevitably bound to rise. While it may be beneficial to receive a large payment when initially building a cybersecurity system, the long-term sustainability of the company relies on its ability to continuously provide effective protection against new threats every day. Relying solely on maintenance fees does not accurately reflect this dynamic nature of the cybersecurity sector. In fact, the more customers a company sells its solutions to, the more disadvantageous its cost structure becomes. Ultimately, this business model may not be the most profitable or sustainable for companies operating in the cybersecurity industry.

SANDS Lab’s threat intelligence service differs significantly from traditional security industries. Rather than relying on manpower and solutions, our service is data-based, with the provided and analyzed data itself serving as a valuable source of profit. As the number of customer sites increases, there is no need to hire more personnel because a stable platform can conveniently provide customers with high-quality data that has been collected and evaluated. This allows us to convert all sales into profits, with the exception of the minimal cost of maintaining the platform. By listing on KOSDAQ, I aimed to demonstrate that a data-based business model can revolutionize the security market and serve as the foundation for new growth opportunities. Our service literally represents the market for content and data-based businesses in the cybersecurity field.

The third reason behind pushing for SANDS Lab’s listing on KOSDAQ was to establish our own data center. As a data-driven business, it is essential for us to deliver this data in the form of online services, and a robust IT infrastructure is crucial to our ability to collect and analyze vast amounts of threat information in real time. In other words, a stable infrastructure is necessary to meet both our data analysis and our service needs. Currently, we operate our infrastructure through two IDCs and Amazon Web Services. However, as we continue to operate and analyze petabytes of data, we anticipate that the amount of information that we are working with will inevitably increase in the future. As a result, it is imperative that the size of our infrastructure increases to keep pace with our expanding data needs.

The capital raised through the public offering will be invested in building our own data center. Based on current infrastructure operating expenditure trends, we anticipate that the investment cost will be recouped within 3 to 5 years. A stable infrastructure is crucial to keep pace with the global market, particularly given the burgeoning demand for cyber threat intelligence (CTI) services. By establishing an independent data center, we can potentially expand our business into other types of services, leading to an increase in sales revenue.

The final reason for listing is to expand into overseas markets. Many cybersecurity companies in South Korea have proposed global strategies after listing, but only a few have succeeded. There have been many trial-and-error cases where companies were forced to withdraw their projects and businesses early due to poor results. From these indirect experiences, I have learned that having good products, operating in English, and creating overseas branches does not guarantee success.

My strategy for making inroads into the overseas market is different from previous attempts by other South Korean cybersecurity companies. Rather than simply creating overseas branches and translating our products into English, I am prioritizing the upgrading of our technology to the level of a global company by bringing competent foreign experts to Korea. Being listed on KOSDAQ gives us more favorable conditions for recruiting overseas talent through scout proposals and working visas. With the help of these global experts, we will not only improve our technology but also gain valuable insights into how to enter and succeed in the international marketplace. This expertise will also be reflected in our technology and will create great synergy when entering overseas markets. Additionally, SANDS Lab is seeking both domestic and overseas patents for our core technologies, with a particular focus on obtaining patents in the United States. This will enable us to acquire proprietary technology and sell it to global cybersecurity companies that have an advantage in market share.

Despite the challenging market conditions, SANDS Lab persevered in its efforts to list on KOSDAQ, and it successfully became the first technology-specialized information security company to do so. Despite the institutional competition rate being 1,325:1, and the general competition rate being 868:1, we were able to secure a subscription deposit of 4.2 trillion won, a remarkable achievement in the cybersecurity industry. On the first day of listing, our market capitalization reached 412 billion won, making us the second largest company in the domestic cybersecurity sector and demonstrating our strong presence in the market.

My aspiration for SANDS Lab is not only to be a successful business but also to become a driving force for other domestic cybersecurity companies to push for listings in the future. By revitalizing the stagnant IT security market, I believe that SANDS Lab can serve as a steppingstone for future development. Through our listing, I hope to encourage more people to have a positive view of the domestic security market’s growth, which can boost national investment and contribute to achieving significant results overseas. Ultimately, I aim to make Korea undoubtedly the top security powerhouse globally.

[email protected]Follow the author

This article was copyedited by Nate Galletta.

About the author

Kihong Kim is a renowned expert in the field of cyber threat intelligence (CTI), with nearly two decades of experience in analyzing malicious codes and developing CTI technology. As a freshman in college, he founded SANDS Lab, which he has been successfully running ever since. Kim is dedicated to combatting cyber threats and actively participates in global partnership groups like the Cyber Threat Alliance (CTA). He has received recognition for his outstanding work in tackling various cyber threats in real time and preventing damage to businesses and institutions in South Korea, including awards from the Prime Minister and the Minister of Science and Technology. Kim’s core CTI technology has also been highly acclaimed, earning the New Excellent Technology (NET) certification for two consecutive years in South Korea.


Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

Stay Ahead with The Readable's Cybersecurity Insights