New Zealand markets open in 2 hours 9 minutes
  • NZX 50

    -1.44 (-0.01%)

    +0.0025 (+0.41%)

    +22.70 (+0.31%)
  • OIL

    +1.18 (+1.54%)
  • GOLD

    +8.20 (+0.40%)

GCE ‘A’ Level dropout founded S'pore cybersecurity startup watchTowr that raises US$10.25m in 9 months

Benjamin Harris founded watchTowr, a cybersecurity started after he was forced to leave school without his 'A' Level
Benjamin Harris, founder and CEO of cybersecurity startup watchTowr, was forced to leave school without his 'A' Level. (PHOTO: watchTowr)

SINGAPORE — Unlike most of his peers, Benjamin Harris does not have a university degree, or even an GCE 'A' Level certificate.

But the 28-year-old is the founder and chief executive officer of watchTowr, a Singapore-headquartered cybersecurity startup, which has successfully raised a total of US$10.25 million (S$14.2 million) less than a year after it became operational.

watchTowr announced on Tuesday (5 July) that it had secured US$8 million in a pre-series A investment round, co-led by Prosus Ventures and Vulcan Capital, and with repeat participation from Wavemaker Partners. This comes after an initial seed round of US$2.25 million in November last year.

Harris, a British national, also recently made it to Forbes 30 under 30 list under the enterprise technology category, a feat which surprised him.

Sitting down with Yahoo Finance Singapore in a media interview, Harris recounts how he founded the company despite the lack of academic qualifications, including his first encounter with a computer as an overactive child.

The youthful founder of the watchTowr — named after a military structure which overlooks and guards a territory — speaks candidly and at a rapid pace.

His work is as similarly as fast-paced. Finding himself having to constantly react to ever-evolving security threats, Harris developed a system to do it for him. His framework continuously tests the client’s interface to sniff out potential vulnerabilities and real-time threats.

This, he said, was an improvement from the more “traditional” model of cybersecurity consultancy, where systems are reviewed at a particular point in time and in reports churned out during working hours, he said.

By the time clients’ received their reports, the same threats might not be relevant, or worse, have been exploited. He likens this method to “whack-a mole”. By the time you receive it is out of date, he added.

First encounter with a computer

While now an expert at his field, Harris' path did not always lead to computers.

As a child, Harris' parents had sent him to a prestigious music school in the UK to become a professional cellist. That did not work out.

Before that, while in a boarding school, a seven-year-old Harris came across a story in The Times newspaper about two individuals who had been arrested for hacking department of defence computers.

“Seven-year-old me had like a click in my head. It was just fascinating — the idea that you could break into computers from your home bedroom, just with a computer and a dial up line. And that was kind of the beginning of the steady decline in my childhood, I would say.”

Harris began tinkering with school computers, trying to get around security restrictions for fun.

“I kept reading about people who could break into computers... I think I see a consistent theme through my life is wanting to understand the how, and that led me down many different paths…it became an obsession," he said.

Asked why computers specifically, Harris replied, “I think computers just make sense. It's binary.”

“I’m a very black and white person I would say, so computers are true or false. There's no emotion involved. There's no confusion. There's no understanding of the other party. It's just if it works, it works. If it doesn't work. That's your fault. Because you haven't done something I haven't written something correctly. And so it makes life a little bit more transparent.”

By the time Harris moved to the music school around 10 or 11 years old, it was the beginning of the end. Instead of using the free time he had for music, Harris would surf the Internet to feed his obsession with computers.

As an overactive child who would often get into trouble, computers were the only thing that could keep his focus.

Forced to leave without his 'A' levels

By the time Harris was 15, the school and his parents came to an agreement that music was not for their son. He moved into a sixth form college (similar to Singapore’s junior college), which had been informed about Harris’ history with school computers.

The school made him signed a document that if he tampered with their computers, they could kick him out, he said.

After a year of not doing anything, "boredom set in", and the school soon noticed abnormal activity in their servers and suspected Harris.

Harris declined to give specifics on what he did, save to say that he was simply trying to see what he could “gain access to” out of curiosity.

Harris was given two choices: be investigated by the police, or leave. He chose the latter.

By that point, formal education no longer made sense to Harris, who decided to go into the growing industry of penetration testing, which is a simulated cyber attack against computer systems to check for exploitable vulnerabilities.

The start of his career

Armed with only his 'O' levels, Harris found a job as a security consultant with Portcullis Computer Security, where he was finally free to work with his one true love — computers.

“I just threw myself into absolutely everything. So it was like an extension of my obsession at that point,” he quipped.

Acutely aware of his lack of paper qualification, Harris said he "aggressively pursued" industry qualifications to ensure his employability, going straight for advanced qualifications. He later switched companies but kept a similar role.

Throughout his career, Harris only re-looked at his educational qualifications once when he considered leaving the UK and realised that degrees were a general requirement for working visas in other countries.

“So I went down this path of exploring how I can get a part-time degree in pretty much anything just to kind of fulfil the visa requirements to move," he said.

His plans for a degree were binned when the company he was with then relocated him to Singapore in 2014 to help with its regional expansion.

Practical skills outweigh paper qualifications

“I think, throughout my career I've had people tell me that there's going to be a glass ceiling, because you don't have a degree you won't get to ever make X amount of money, or how do people trust you?" said Harris on his lack of tertiary qualification.

"It was a theme when I first moved to Singapore in a lot of conversations, where clients like to review CVs...they would asked you where did you go to university and I’d explain well I didn’t really go.”

In early 2021, he resigned from the company and started watchTowr a few months later in August. That was when Harris had help from an unlikely avenue — a friend from the college he was forced to leave.

The friend worked in venture capital and connected Harris to the right people. Within weeks, Harris managed to secure US$2.25 million in seed funding from Wavemaker Partners and Vulcan Capital.

Since then, his company has expanded to 13 staff, has clients from fintech and banking, and has much more than what a degree can offer. On the industry, he said, “I think the space is generally heating up. There definitely is competition. I think we're very lucky that we are a credible group of people both on the engineering side and the cyber side and so because we have that real experience of actually breaking into organisations, helping enterprises secure themselves.

"We're not academics, we're not talking theoretical. We're not selling snake oil. It's from real experience and real capability.”

Stay in the know on-the-go: Join Yahoo Singapore's Telegram channel

You can also follow us on Facebook, Instagram, TikTok and Twitter.