Bhaumik Shah is the founder and CEO of Securify, a leading cybersecurity consulting firm. Shah has over 15 years of experience in the world of cybersecurity and FinTech.
Shah also serves as a virtual Chief Information Security Officer (CISO) for Mesh.
From his humble beginnings in Ahmedabad, Gujarat, to launching a successful cybersecurity firm in the United States, Shah’s entrepreneurial journey encompasses technical expertise and resilience. Securify focuses on providing affordable and efficient cybersecurity solutions, particularly for small to mid-sized enterprises.
READ: Automating healthcare administration: In conversation with Eden’s Naomi Rajput and Evan Smith (January 2, 2025)
“I got into cybersecurity when I was attending a workshop in 2005 or 2006 in India and as a kid for me it was like seeing magic,” says Shah.
“[…] Getting into someone’s database and hacking all the information out, and I was like wow, that’s cool, if I can do that then […] I’ll be a really interesting person for my friends so that’s how I got into the cybersecurity,” he adds.
In this exclusive interview with The American Bazaar, Shah shares his journey filled with challenges and inspiration that offer valuable insights into the world of entrepreneurship and cybersecurity innovation.
Can you share the story behind founding Securify? What inspired you to take the leap into entrepreneurship?
It’s been an exciting journey for me. Since my college days, I’ve always been inclined toward entrepreneurship. In my final year, my friends and I started a business in a garage, developed a product, and sold it at the age of 18 or 19. Over the years, I explored various ventures, from advising startups to running a YouTube channel about cybersecurity to bridge the skills gap in the industry. Finally, around three to four years ago, I decided to fully commit and founded Securify. My experiences in large organizations like AWS, Mandiant, and the World Bank also contributed to my approach.
Can you explain a little more about how your previous roles at AWS, Mandiant, and the World Bank shaped your approach to Securify?
Each organization taught me something unique. At the World Bank, the work wasn’t high-pressure but had significant visibility. At Mandiant, I worked on high-profile projects, including election security investigations, which were deadline-driven and critical. I think when I joined Mandiant, we had the last Trump election and Mandiant got the contract on investigating Facebook so it was again a very high visibility project and a lot of critical deadlines had to be met. At AWS, the scale was immense. It was a very high-scale service that they were building so again the challenges were very different. I’m able to use this knowledge and apply it to my day-to-day work that I’m doing here at Securify. These experiences helped me understand leadership, team management, and how to interact with customers effectively. All of this informs my work at Securify.
How do you balance leadership at Securify with technical responsibilities at Mesh?
Fortunately, I have a capable team. My role at Mesh focuses on sharing my expertise and guiding strategic decisions, leaving much of the execution to the team. This balance allows me to dedicate sufficient time to Securify while fulfilling my responsibilities at Mesh.
How has the cybersecurity landscape evolved since you started your career, and what are the biggest challenges organizations face today?
Of course, everyone has talked about artificial intelligence so I’m not going to talk about that. But if I go back to when I first got into the field, the fundamentals of cybersecurity remain the same, not much has changed to be honest. Of course, the technology has evolved, now we have AI and LLMs but core components like servers and memory are still at the heart of it all and remain the same. What’s changed is how we interact with them and the tools available to defend or attack systems. The biggest challenge today is keeping up with advancements like AI while ensuring security doesn’t become an afterthought.
I know you said you won’t talk about AI because a lot of people have spoken about it, but my next question is to do with AI since I feel like it’s an unavoidable topic now! So, how do you see advancements in AI impacting cloud security strategies in the coming years?
AI is unavoidable, I agree! I’m grateful that my last couple of years working at Amazon I had transitioned to the team called Alexa. During my time at Amazon, we developed AI models without much guidance on securing them, so we had to create our processes. While larger organizations can afford the resources AI demands, smaller firms may struggle. There’s also the question of shared responsibility—how much security is the provider’s responsibility versus the user’s? Addressing these issues will be critical as AI adoption grows.
What differentiates Securify from other cybersecurity consulting firms?
I have worked with many consulting firms in the past and many of them are run by founders from management backgrounds, while I bring technical expertise. This allows me to engage directly with clients on technical issues without relying solely on my team. Additionally, Securify offers cost-effective services, making security accessible to small and mid-sized businesses that traditionally can’t afford high-end solutions.
I’ve seen the service charge that many security firms are charging and not just the big firms but also other smaller ones and the charges are much higher than the value of service that they provide so I feel like it should be accessible to everyone. Many small and mid-sized businesses don’t care about security because maybe it costs like a million dollars to secure it and for them maybe five or ten thousand dollars is a big amount from their annual budget. So, if we provide efficient services like sustainable services at an affordable cost I think that way everyone can have access to it. And I think that is the main differentiator.
Do you think entrepreneurship is in your roots?
I don’t know if it’s in the water of Gujarat, but ever since my college days, I’ve wanted to do something on my own. When I was in Ahmedabad, we founded a company, sold it, and made some good money. Whether in India, the U.S., or Timbuktu, entrepreneurship is about seizing opportunities and making the most of them.
What are your thoughts on the Supreme Court’s decision to ban TikTok from a cybersecurity point of view?
So, my wife works for TikTok so I’m very up to date with this topic, we have been closely monitoring the situation. Personally, I think it’s the right decision though it impacts her. Until there’s clear segregation of U.S. consumer data and robust independent audits, I don’t think it’s safe to continue operations as is. Security concerns must be addressed first.
READ: Search and interact with data effortlessly using AI, CEO Dev Roy discusses IntraIntel.ai (January 8, 2025)
Is Securify bootstrapped, or have you raised investments?
We are entirely bootstrapped and profitable from the get-go. While many investors have approached us, we currently don’t see the need to raise funds unless a strategic investor offers value beyond capital.
What’s your current revenue, and how is your team structured?
We’re operating at an annual revenue run rate of $5 million. Our team consists of 26 people spread across the U.S., India, London, and Europe to support global operations. This structure helps us cover multiple time zones effectively.
And the last question I have for you is what are your long-term goals for Securify? How do you envision the company evolving let’s say in the next five years?
I recently had a talk with my leadership team about this, so I think a long-term vision is to develop a product tailored for small to mid-sized enterprises, providing an automated framework to cover basic cybersecurity needs at a low cost. This will allow startups to secure themselves without dedicating significant resources to building an in-house team.