A tech company that is nimble and reactive, SilvaTech has achieved organic growth in the handful of years since its creation. It continues to innovate and explore strategic opportunities that play to its strengths, all while helping to keep clients safe. Here we find out more about SilvaTech’s successes, its strategic growth plans and how Stephens Scown continues to support the Exeter-based business navigate any challenge and seize opportunities.
Doing Things Differently
The company blends being a traditional IT support service, with the role of a managed security services provider (MSSP) for many of its clients. What makes the company stand out is its understanding of the risks around decisions made for each client. Rather than imposing its own views on clients, the SilvaTech team will provide advice and options and give informed choices but ultimately support clients with what they decide to do.
For example, a client might want to get a tool integrated into the business. SilvaTech will look at the data security elements around the tool, figure out how to put systems in place to help mitigate any potential risks, and even at whether it is the right thing for the client to plug in to the business. Is there something within a client’s existing Microsoft ecosystem that would do the job without the extra investment, and where SilvaTech’s consultancy can make it better for the client?
It’s that attitude, making what’s already in place work better, rather than supply numerous, unnecessary bolt-on packages and software, which has helped SilvaTech stand out in the market.
Onboarding
Right from the start, SilvaTech carries out penetration testing against a client’s current environment as part of the onboarding process. From there, it can produce guidance on what upgrades might be needed, and what is extraneous. An added bonus is SilvaTech’s status as a Cyber Essentials Plus certification body. This means keeping clients compliant, with certification needing to be renewed each year.
Rather than waiting until renewal time, the company aligns its clients with the essential requirements throughout the year on a continuous basis. That proactivity means clients are assured that devices are reconfigured to best practice and are cleared of technical debt and legacy items.
Liam Glanfield, founder and Technical Director of SilvaTech, is a recognised cyber advisor for the National Cyber Security Centre (NCSC), accredited to deliver support for the implementation of Cyber Essentials technical controls. He can advise clients and businesses on how to apply Cyber Essentials in the most cost-effective way. As he says, “It’s not necessarily about the gold tier standard, it’s finding what is the most economical way of doing it while remaining secure. I think there’s a misconception that companies have to invest thousands in cyber, and they don’t. They just need to use what they have but use it well and have someone who understands what’s needed.
“I think this is where some MSSPs are reliant on the subscription model, using multiple products, whereas we’re completely the opposite. We ask, what’s the fewest products we can use to support and manage you because the exposure then to your business is minimal. I think we’re using too many tools to do too much security, when we’re not using what we already have effectively enough.”
Being Realistic
It might seem counterintuitive, but James insists that security should never be guaranteed. “Any company that can guarantee security isn’t a company that you should be working with. I always say to clients, you will get attacked, and you might get hacked. Making sure you’ve got the right things in place to mitigate those attacks is crucial.
“It’s about setting expectations and helping people to understand that while we have to get it right every time, a bad guy only has to get it right once to get in to the system. And that’s not even considering the insider risk, where someone’s just sent a file to the wrong person by mistake or similar.”
SilvaTech works with companies of all sizes, some of which are other security companies. As Liam says, “What better way of having your business supported if you’re a security company than by another security company?”
That means undertaking penetration testing to check the safety of those businesses. Much of the work comes from regulated industries too, those in the financial sectors from across the globe, marketing agencies, and other companies who hold vast troves of personal data, a favourite target for hackers. They also work with organisations with an internal IT team, but who come to SilvaTech for external expertise, and for a fresh perspective on what else can be done to improve internal processes and systems.
Having Cyber Essentials Plus certification body status, SilvaTech works with global companies interested in working in the UK and which needs the certification to work with businesses in this part of the world.
Local Support
SilvaTech recently started its fourth year of business, with a steady increase in revenue year-on-year. Profits have been reinvested, and when setting up initially, Liam turned to Stephens Scown for help in putting together the necessary legal documentation. That includes the Master Service Agreements (MSAs) setting terms of services between businesses, contract reviews, and other necessary paperwork, plus subscribing to the firm’s trademark watching service. Working with the firm’s Intellectual Property and Data Protection team for those elements, SilvaTech also took advantage of the Employment team’s HRExpress service to get the company’s staff handbook and employment policies up to date.
The work done with Stephens Scown is part of Liam’s plan for the future direction of SilvaTech. “It’s been useful in helping us with our ISO compliance and preparing the business to be in a position to tender for government contracts, which we’re hoping to start applying for when we have the necessary essentials in place. Our head of security consulting, James Burns, and I have both previously done government penetration testing and we want to get back to that because it’s really interesting work.
“Having the accreditations in place early on was about building the foundation and I had a vision of where I wanted the company to be and knowing what we’d need to get there. Combined with the MSAs you’ve helped with, it enabled us to win some big clients.”
Initial contact with Stephens Scown came about thanks to successful early conversations. As Liam said, “With Tom (Chartres-Moore, Partner and head of the IP DP team) and his team, I thought the customer journey process was very good. I got on a call with him, and I could actually articulate what I was trying to ask for and he didn’t treat me as if I was too small to be of a concern.
“And we’ve built what I think is a really good relationship since then because they took that initial time to sit down and understand the requirements I had. A positive is that I always get a consistent message. Having done lots of work with Stephens Scown, whoever I talk to understands the business and what we’ve done.”
In the few short years since inception, SilvaTech has used Stephens Scown for 16 matters, working with Leanne Yendell, Amy Ralston, Max Miliffe, Joey Medway, Becky Pickford, and James Gill in the Intellectual Property and Data Protection team, plus Chris Morse and Isabel Gibson from the Employment team, a sign of the strong relationship between both companies.
SilvaTech currently operates with a staff of five, with expansion plans in place. Operations Manager Stephanie Wilton has been key in helping SilvaTech to maintain its ISO requirements and acts as the first port of call for clients. James Burns was brought in to grow the security service offering, recently becoming a Chartered Cyber Security Professional, and is Head of Security Consulting. Curtis Adams had been part of the information security team at a law firm but is now a security consultant and qualified penetration tester. Finally, Ben Street is the Senior Technical Consultant, developing SilvaTech’s secure build for managed services and consulting with the company’s global clients.
Future Secured
Liam’s plan is for SilvaTech to continue its steady growth targeting specific industries, such as finance and HR, which hold material most likely to be of value to hackers, and to expand the penetration testing element of the business, and seek out government contracts to do the same, which can bring in good revenue.
Working with Stephens Scown has further future-proofed the business. Liam said, “It’s why I’ve done all those things like trade marking the business name, the logos, and everything else. I want SilvaTech to be a brand that’s widely recognised for the quality that we deliver.”
Being different has become a brand for SilvaTech, and with it has come sustained, steady growth, and a clear message that the company is ready to continue making a difference.