Tim Junio knew as a high school student that he wanted to join the CIA. He even wrote as much in his college application to Johns Hopkins University, where he would go on to nab both his undergraduate and master’s degrees before heading to the University of Pennsylvania to complete his PhD. (Hungry for more education, he then spent a year at Stanford on postdoctoral research.)
Along the way, his CIA dreams came true. Junio worked for the agency as an intern during his early college years, then in a part-time role. Eventually, he joined the outfit full time as an analyst for several years, where he was tasked with assessing foreign adversaries’ ability to do harm to U.S. interests.
Eventually, Junio began consulting for DARPA, where his career took a turn. While identifying weaknesses in the government’s digital framework, he met several like-minded PhD students with whom he formed a company. Called Qadium, the four-year-old, San Francisco-based company has seemingly been killing it since. Indeed, today, Qadium is announcing $40 million in Series B funding led by Institutional Venture Partners. Others in the round include TPG Growth and earlier backers New Enterprise Associates, Founders Fund, and Susa Ventures.
Qadium didn’t need the money, says Junio, who claims the company still has half the $20 million it raised last year in the bank. Given the types of customers Qadium has been signing up, however — CVS, PayPal, Capital One, Allergan — investors came knocking with ideas about how the company might move even faster.
One of these strategies involves hiring more salespeople. What will they be selling, collectively: an “automated global internet intelligence” platform, in a nutshell. Using technology that indexes every device on the public Internet every hour, Qadium uses the data to monitor the global internet for large organizations’ true network boundaries. In today’s day and age, they go well beyond the firewalls on which companies once relied, with risks that include shadow IT, misconfigurations in cloud hosting, lost devices owing to M&A events, and unauthorized or unmonitored IoT equipment.
Taking it back a level, Qadium does what search companies do for the web by crawling web pages all the time, except Qadium is scouring not just the web but streaming video and streaming audio, as well as a whole chunk of the internet that’s machine-to-machine communications, so its customers have a full, real-time picture of every thing that could impact them. (The company leases space in data centers around the world so it can communicate with the internet in different geographies.)
Customers like what it’s selling. Subscriptions start at $250,000 per year and reach in some cases to more than $1 million annually. You can’t get away with those prices if your product doesn’t work.
In fact, some of these big customers have already recovered their expense, says Junio, pointing to one customer that Qadium saved from the WannaCry ransomware that spread like wildfire in mid May. Junio declined to name the client, but he says it has a “regional office with exposures that we were able to show them. They’d had no idea that they had corporate assets that mattered in this location. I don’t know how far up the chain [the ransomware] might have spread” if Qadium weren’t on the case.
Perhaps unsurprisingly, the United States government is one of Qadium’s highest-paying customers, representing a “meaningful” percentage of the company’s revenue, says Junio. Part of that owes to the sheer scale of government. The U.S. Navy alone involves hundreds of thousands of active personnel, in addition to contractors, meaning Qadium has a higher number of users.
Qadium is also monitoring different geographies. Knowing the language of government helps, according to Junio, who says that, owing to his cofounders’ experience at DARPA, they understand government customers “deeply,” and in a way that most Silicon Valley startups do not.
Right now, Qadium sells yearlong and multi-year subscriptions to its software and services. What customers receive in return — beyond persistent monitoring for anything that shows up anywhere — includes push alerts (some critical, some merely warnings); a web-based product called Expander that gives customers access to their own historical network data going back to 2014 (when the company began tracking network data); and plenty of ongoing support.
Now the plan is to add to Qadium’s 60-person team and, relatedly, stay a few steps ahead of competitors in the process.
Junio doesn’t sound overly concerned by the last. “If you want to scan the internet, we think we do the best job of that. Our data is more complete in any comparison we’ve done.
“I can imagine top engineering companies coming after us,” he says, “but it’s very hard to solve the whole system as we’ve done. It’s really very complicated.”