Latest news with #ReliaQuest
Hindustan Times
2 days ago
- Business
- Hindustan Times
From broke to $3.4 billion: CEO who risked it all shares the mindset that built his fortune
Back in 2007, Brian Murphy made a life-altering decision. He quit his comfortable job in corporate accounting to start his own IT firm, ReliaQuest. But just weeks after taking the leap, the global financial crisis struck. In a span of 40 days, nearly every deal he had lined up disappeared. Murphy and his team of eight were left with a single government sub-subcontract focused on cybersecurity for overseas satellite terminals—and a steep uphill battle to keep the business alive. For the next nine years, the company faced constant turmoil. But instead of giving up, Murphy doubled down on his belief that the rise of the digital era would lead to a surge in demand for cybersecurity services. 'At some point, you're far enough away from shore. You've already burned the lifeboats that you know swimming back isn't really possible, so let's just keep moving forward,' Murphy told Fortune. To keep things afloat, Murphy took extreme personal risks—he took out a second mortgage, maxed out his credit cards, and stopped paying himself a salary. It was a make-or-break gamble. Fast forward to today, ReliaQuest has grown into a global force in the cybersecurity industry. Its flagship platform, GreyMatter, is used by major clients including Southwest Airlines, Circle K, and Tractor Supply Co. With a team of over 1,200 employees across three continents, the company was valued earlier this year at $3.4 billion (approx. ₹28,300 crore). 'It just shows you, sometimes luck is undefeated,' Murphy said. While Murphy modestly credits luck, those around him point to his tenacity, vision, and no-nonsense leadership style. The company is now preparing for an initial public offering, another major milestone in its journey. Murphy's work ethic was shaped early. As a teenager in Florida, he bagged groceries and pushed carts at his local Publix Supermarket—an experience that left a lasting impression. 'It taught me the customer,' he said. 'And that idea that you don't point the customer to the ketchup aisle, you walk them over there, and you show them the five or six different kinds.' Also read: Indian-origin CEO who bought his first apartment at age 12 is Singapore's youngest billionaire Though he originally studied accounting and finance at Florida State University and began his career as an auditor, it wasn't until Murphy got into tech consulting and learnt programming that he saw the scale of opportunity in technology. Now, as the CEO of a fast-growing tech firm, Murphy says accepting failure and understanding that you can't please everyone are essential parts of the job. 'It's the most out-of-balance journey—ever,' he said. For young entrepreneurs—especially Gen Z—Murphy shares two pieces of advice: be willing to put in the work, and don't hold back your thoughts. 'You're not always going to be right, but if you say nothing, you're always going to be wrong,' he said. 'As you get older, you learn that sometimes the best thing to do is shut up, but when you're young, you want to stand up and talk as much as you can to get that experience.' One defining aspect of ReliaQuest's identity is its decision to stay rooted in Tampa, Florida, far from the conventional tech hubs like Silicon Valley. According to Paul Shoukry, CEO of Raymond James Financial and a ReliaQuest board member, this connection to community has played a key role in the company's culture and success. 'He's got a drive that is very hard to match in terms of his dedication to the business and to his people, and the intensity around which he built the business,' Shoukry said. Also read: Princess Elisabeth returns to Belgium as Harvard future hangs in balance 'He's just very real, and tells you like it is,' he added. 'Whenever you ask him a question, he's never going to beat it around the bush. He's never going to give you a polished answer. For better, for worse, he's just a really authentic person.'
Yahoo
3 days ago
- Business
- Yahoo
This CEO went from bagging groceries at Publix to founding a $3.4 billion cyber company—with little tech background
Despite lacking a ritzy degree or much background in tech, Gen Xer Brian Murphy built ReliaQuest into a billion-dollar firm off the heels of credit card debt and a dream. Now his company is now valued at $3.4 billion and headed down an IPO pathway. The secret? Recognizing failure is inevitable, he tells Fortune. Brian Murphy couldn't have started his company at a worse time. It was late 2007, and Murphy had just quit his cushy corporate accounting job with big plans to build out his own information technology firm called ReliaQuest. But the financial crisis had other ideas. In a 40-day period, nearly all of his business disappeared into thin air, leaving him and his eight employees scratching their heads on how to stretch one single government sub-sub-contract focused on cybersecurity of overseas satellite terminals into a sustainable business. And despite 'turmoil for nine years,' he didn't throw in the towel—he doubled down on his belief that a growing digital age would cause a cyber explosion. 'At some point, you're far enough away from shore. You've already burned the lifeboats that you know swimming back isn't really possible, so let's just keep moving forward,' Murphy tells Fortune. Along the way, Murphy was forced to take out a second mortgage on his house, max out his credit cards, and eliminate his own salary. But over a decade and a half since its founding, the company is now a leader in B2B cybersecurity operations with its flagship 'GreyMatter' software. ReliaQuest has over 1,200 employees across three continents, with top clients including multiple billion-dollar companies like Southwest Airlines, Circle K, and Tractor Supply Co. Earlier this year, a funding round valued ReliaQuest at $3.4 billion. 'It just shows you, sometimes luck is undefeated,' Murphy tells Fortune. And while the 48-year-old may call it luck, others may call it hard work. The next stop? An IPO. Like many people growing up in Florida, Murphy was first exposed to the world of business bagging groceries and pushing carts at his local Publix Supermarket (interestingly, Murphy's brother is now the CEO of Publix). The lessons he learned as a teenager are just as relevant today. 'It taught me the customer,' he says. 'And that idea that you don't point the customer to the ketchup aisle, you walk them over there, and you show them the five or six different kinds.' But Murphy's sights were not always set on the tech industry. In fact, he studied accounting and finance at Florida State University before starting what he imagined would be a long career as an auditor. It wasn't until he was drawn into tech consulting and learned to program that he recognized the industry's potential. Now, as a founder and CEO, the biggest challenge to overcome is accepting that failure is inevitable and pleasing everyone can be an impossible task. 'It doesn't matter how good you are or how much you work, or how diligent you are on 'the grind.' You're always failing someone,' Murphy says. 'It's the most out-of-balance journey—ever.' For aspiring Gen Z entrepreneurs, he offers two pieces of advice: show up willing to work hard, and don't shy away from voicing your opinion. 'You're not always going to be right, but if you say nothing, you're always going to be wrong,' Murphy says. 'As you get older, you learn that sometimes the best thing to do is shut up, but when you're young, you want to stand up and talk as much as you can to get that experience.' One of the things that sets ReliaQuest apart from its competitors in the cybersecurity space is that the company is based in Tampa, Florida, not in Silicon Valley. According to Paul Shoukry, CEO of Raymond James Financial (a fellow Tampa-based company), ReliaQuest's emphasis on staying well-grounded in its community is what's helped find success. In fact, he goes so far to say that Murphy is a 'once in a generation-type entrepreneur.' 'He's got a drive that is very hard to match in terms of his dedication to the business and to his people, and the intensity around which he built the business,' Shoukry, who also is a member of ReliaQuest's board, tells Fortune. 'He's just very real, and tells you like it is,' he adds. 'Whenever you ask him a question, he's never going to beat it around the bush. He's never going to give you a polished answer. For better, for worse, he's just a really authentic person.' This story was originally featured on
Yahoo
3 days ago
- Business
- Yahoo
This CEO went from bagging groceries at Publix to founding a $3.4 billion cyber company—with little tech background
Despite lacking a ritzy degree or much background in tech, Gen Xer Brian Murphy built ReliaQuest into a billion-dollar firm off the heels of credit card debt and a dream. Now his company is now valued at $3.4 billion and headed down an IPO pathway. The secret? Recognizing failure is inevitable, he tells Fortune. Brian Murphy couldn't have started his company at a worse time. It was late 2007, and Murphy had just quit his cushy corporate accounting job with big plans to build out his own information technology firm called ReliaQuest. But the financial crisis had other ideas. In a 40-day period, nearly all of his business disappeared into thin air, leaving him and his eight employees scratching their heads on how to stretch one single government sub-sub-contract focused on cybersecurity of overseas satellite terminals into a sustainable business. And despite 'turmoil for nine years,' he didn't throw in the towel—he doubled down on his belief that a growing digital age would cause a cyber explosion. 'At some point, you're far enough away from shore. You've already burned the lifeboats that you know swimming back isn't really possible, so let's just keep moving forward,' Murphy tells Fortune. Along the way, Murphy was forced to take out a second mortgage on his house, max out his credit cards, and eliminate his own salary. But over a decade and a half since its founding, the company is now a leader in B2B cybersecurity operations with its flagship 'GreyMatter' software. ReliaQuest has over 1,200 employees across three continents, with top clients including multiple billion-dollar companies like Southwest Airlines, Circle K, and Tractor Supply Co. Earlier this year, a funding round valued ReliaQuest at $3.4 billion. 'It just shows you, sometimes luck is undefeated,' Murphy tells Fortune. And while the 48-year-old may call it luck, others may call it hard work. The next stop? An IPO. Like many people growing up in Florida, Murphy was first exposed to the world of business bagging groceries and pushing carts at his local Publix Supermarket (interestingly, Murphy's brother is now the CEO of Publix). The lessons he learned as a teenager are just as relevant today. 'It taught me the customer,' he says. 'And that idea that you don't point the customer to the ketchup aisle, you walk them over there, and you show them the five or six different kinds.' But Murphy's sights were not always set on the tech industry. In fact, he studied accounting and finance at Florida State University before starting what he imagined would be a long career as an auditor. It wasn't until he was drawn into tech consulting and learned to program that he recognized the industry's potential. Now, as a founder and CEO, the biggest challenge to overcome is accepting that failure is inevitable and pleasing everyone can be an impossible task. 'It doesn't matter how good you are or how much you work, or how diligent you are on 'the grind.' You're always failing someone,' Murphy says. 'It's the most out-of-balance journey—ever.' For aspiring Gen Z entrepreneurs, he offers two pieces of advice: show up willing to work hard, and don't shy away from voicing your opinion. 'You're not always going to be right, but if you say nothing, you're always going to be wrong,' Murphy says. 'As you get older, you learn that sometimes the best thing to do is shut up, but when you're young, you want to stand up and talk as much as you can to get that experience.' One of the things that sets ReliaQuest apart from its competitors in the cybersecurity space is that the company is based in Tampa, Florida, not in Silicon Valley. According to Paul Shoukry, CEO of Raymond James Financial (a fellow Tampa-based company), ReliaQuest's emphasis on staying well-grounded in its community is what's helped find success. In fact, he goes so far to say that Murphy is a 'once in a generation-type entrepreneur.' 'He's got a drive that is very hard to match in terms of his dedication to the business and to his people, and the intensity around which he built the business,' Shoukry, who also is a member of ReliaQuest's board, tells Fortune. 'He's just very real, and tells you like it is,' he adds. 'Whenever you ask him a question, he's never going to beat it around the bush. He's never going to give you a polished answer. For better, for worse, he's just a really authentic person.' This story was originally featured on
Techday NZ
22-05-2025
- Business
- Techday NZ
SEO poisoning attack diverts wages using fake payroll websites
Cybersecurity firm ReliaQuest has released an analysis of a search engine optimisation (SEO) poisoning campaign that led to payroll fraud at a manufacturing sector client. The attack, which was discovered in May 2025, involved adversaries creating a fake website resembling the victim organisation's login page, specifically targeting employees' mobile devices. Using credentials obtained through this fraudulent site, the attacker accessed the company's payroll portal, altered direct deposit details, and diverted employees' wages into their own accounts. ReliaQuest's security researchers noted that the tactics, techniques, and procedures (TTPs) associated with this incident closely align with those observed in two investigations from late 2024. This suggests the operation may be part of a wider, ongoing campaign targeting multiple organisations. SEO poisoning is a technique in which attackers use deceptive websites designed to mimic legitimate portals. These malicious pages are promoted to rank highly in search engine results, luring victims into providing their credentials. In this recent case, when employees searched for terms related to payroll or their company's portal using a mobile device, the attacker's site would appear top in the results, significantly increasing the likelihood of a successful breach. The attackers targeted employee mobile devices for two main reasons: many of these devices connect through guest Wi-Fi or remain disconnected from secure enterprise networks, making it easier to evade enterprise-grade security measures such as web traffic filtering. Visits often occurred outside working hours, meaning activity was not logged by company systems, hindering investigation and making it difficult to trace affected accounts. ReliaQuest highlighted, "Phishing attacks targeting off-network devices, like mobile phones, create big challenges for organisations, as they expose gaps that on-premises and cloud networks often overlook. These devices typically lack proper security and logging, leaving organisations in the dark when employee credentials are stolen - and unable to act fast enough." Upon clicking the malicious link from a mobile device, users were redirected to a phishing site mimicking a Microsoft login page, while users accessing the page from a workstation saw no significant content. This approach complicated efforts to detect and analyse the fraudulent website, as it both evaded detection by security tools and disrupted threat analysis. Captured credentials were sent to an adversary-controlled site using a PHP script also observed in previous incidents, strengthening the link between these attacks. Immediately after credentials were entered, an HTTP GET request established a WebSocket connection via Pusher, a genuine platform for real-time web communication. The phishing site's code enabled the attacker to receive stolen credentials in real time, allowing them to act quickly before passwords were reset. ReliaQuest explained the significance: "This phishing attack exposes user credentials without any monitoring or safeguards to block the activity, leaving organisations completely in the dark. By using Pusher, the attacker gains quick access to authentication portals, reusing compromised credentials. This highlights a critical vulnerability: Organisations with lax authentication controls can be easily caught off guard by attacks targeting employees' off-network personal devices, where traditional security measures often fall short." After harvesting credentials, the attacker accessed the payroll system from a residential IP address tied to telecommunications services, reviewed documents related to direct deposit changes, and amended payroll information to divert funds. Security logs later revealed additional access attempts from both US-based and Russian IP addresses, one of which was blocked. The attacker ultimately relied on residential IPs, making their activities difficult to distinguish from legitimate network traffic. ReliaQuest found that traffic originated from home office routers and mobile networks, with many routers identified as brands commonly targeted for compromise. Weak passwords, unpatched firmware, and vulnerabilities such as CVE-2024-3080 and CVE-2025-2492 were exploited to form botnets, whose proxies were sold on criminal marketplaces. Proxy network services, sometimes costing as little as $0.77 per gigabyte, enable attackers to disguise their activities by using apparently trustworthy residential IPs. The report referenced law enforcement actions such as the FBI's investigation into the Anyproxy and 5socks botnet services, which together generated over $46 million in criminal revenue, illustrating the market demand for residential proxy services. The use of proxy networks prevents standard network-based security methods from flagging suspicious access. ReliaQuest stated, "When attackers use proxy networks, especially ones tied to residential or mobile IP addresses, they become much harder for organisations to detect and investigate. Unlike VPNs, which are often flagged because their IP addresses have been abused before, residential or mobile IP addresses let attackers fly under the radar and avoid being classified as malicious. What's more, proxy networks allow attackers to make their traffic look like it originates from the same geographical location as the target organisation, bypassing security measures designed to flag logins from unusual or suspicious locations." ReliaQuest recommends organisations strengthen security controls by requiring multifactor authentication (MFA) and using conditional access policies on payroll portals. Employees should be regularly educated about accessing payroll systems only through approved channels such as single sign-on (SSO), and be encouraged to bookmark official portal addresses rather than relying on search engines. Monitoring payroll changes and maintaining clear incident response procedures are also advised.
Forbes
17-04-2025
- Business
- Forbes
What Agentic AI Could Mean For Security Operations
Security operations centers today are under siege—not just from external adversaries but from within their own ecosystems. Security teams are overburdened, flooded with alerts, juggling a patchwork of tools, and struggling to keep up with the pace of modern threats. The traditional tiered model of detection and response—where human analysts triage alerts across levels—has hit its limit. The result? Burnout, inefficiency, and a widening gap between detection and action. None of this should come as a shock to anyone who works in cybersecurity. The promise of agentic AI has emerged as a potential turning point, though. This new class of artificial intelligence goes beyond traditional automation and machine learning. It's designed to operate autonomously, learn from historical context, and make decisions that reduce the burden on human analysts—without turning the SOC into a black box. The question is: Is agentic AI just the latest buzzword? Or could it truly reshape how security operations are run? Today's SOCs face a volume problem. A 2024 MSSP Market News study found that SOC teams receive an average of nearly 4,000 alerts per day, and almost two-thirds of them are ignored. Many alerts are false positives or duplicates, but the triage still eats up valuable analyst time. Traditional SOAR tools promised relief through automation, but most have failed to deliver beyond workflow ticketing and basic orchestration. I recently spoke with Brian Murphy, CEO of ReliaQuest, about these challenges. He explained, 'All SOAR really is is a ticket workflow distributor. It is a thing that moves a process from one team to another. That's what the majority of customers have used it for, because it was too hard to use it to actually automate.' He cited a recent session with hundreds of customers: almost all had SOAR solutions, but only three had more than two true automations running. That disconnect is what agentic AI aims to resolve. A post from Deloitte Center for Technology, Media & Telecommunications explains, 'As its name suggests, agentic AI has 'agency': the ability to act, and to choose which actions to take. Agency implies autonomy, which is the power to act and make decisions independently. When we extend these concepts to agentic AI, we can say it can act on its own to plan, execute, and achieve a goal—it becomes 'agentic.' The goals are set by humans, but the agents determine how to fulfill those goals.' Unlike static playbooks, agentic AI systems are dynamic. They not only ingest data but actively learn from historical incidents, analyst feedback, and environmental context. They can retrieve telemetry from disparate systems—endpoint, network, identity, threat intel—and synthesize it to make real-time, transparent decisions. Murphy strssed that in ReliaQuest's GreyMatter platform, for example, agentic AI doesn't operate behind closed doors. It makes decisions that analysts can review, audit, and adjust. 'The other thing about our AI is it's transparent to the customer,' said Murphy. 'They see every decision that that agentic model made along the way and why. Each customer is essentially training their own model in a protected way.' This is a critical distinction in an industry rightfully wary of handing over too much control. While agentic AI can act independently on routine actions—such as resolving alerts based on travel patterns or resetting accounts for terminated employees—it should still defer to human oversight for higher-stakes decisions. Perhaps the most compelling argument for agentic AI isn't the tech—it's the human impact. Cybersecurity burnout is real and escalating. A core contributor is the rote, disconnected work of triaging Tier One alerts, many of which are repetitive and low-value. Murphy doesn't mince words here: 'We should stop using human beings to do Tier One alerts. We should stop using human beings to do Tier Two alerts.' He believes AI should handle the grunt work—pulling logs, cross-referencing IPs, contextualizing user behavior—so that humans can focus on meaningful decisions. The implications are profound. Removing the tiered model could free up time not just to reduce fatigue, but to develop more strategic, business-aware security professionals. That, in turn, strengthens the security program holistically—giving teams the breathing room to hunt for threats, analyze risk trends, and build cross-functional leadership capabilities. Despite the acceleration of autonomous capabilities, Murphy is clear that Agentic AI isn't about cutting jobs. The cybersecurity need is still far beyond the capacity of most security teams. Rather, the vision is to up-level skillsets, fill in operational gaps, and create capacity where none exists today. 'We're a long, long way before we see this as like a reduction in the amount of jobs,' he said. 'It's actually going to give us time to build leaders in security and give our cybersecurity teams time to learn the business and develop themselves'. In other words, the goal isn't fewer people—it's smarter work. ReliaQuest's recent $500 million funding round, valuing the company at $3.4 billion, shows that investors are betting big on this new model. The company now serves over 1,200 enterprise customers, with annual recurring revenue exceeding $300 million and a growth trajectory aimed at going public. Unlike many peers, it's doing so profitably, reinvesting in product innovation and global expansion—not just sales. But while ReliaQuest may be leading the charge, the trend is industry-wide. CISOs are increasingly prioritizing AI-powered platforms that reduce dwell time and boost analyst effectiveness without further fragmenting the toolset. The risk isn't that agentic AI will take over—it's that organizations who ignore it may fall behind. Agentic AI may not be the silver bullet for every SOC, but it's a step toward something security professionals have been demanding for years: visibility, speed, and sanity. If it delivers even a fraction of its promise—fewer false positives, faster containment, and analyst relief—it could very well represent the beginning of a smarter, more sustainable era in cybersecurity operations. Because in the end, it's not about replacing people. It's about empowering them—with time, tools, and clarity.
