In this insightful discussion from RSAC 2025, Jackie McGuire, Principal Analyst at theCUBE Research, engages with Jason Murrell, Co-Founder of MurFin Group. Murrell shares expertise on the unique challenges and vast opportunities for cybersecurity companies aiming to expand between the United States and Australia.
Murrell imparts experiences and critical insights from a cybersecurity career that began with an unexpected venture into domain name hosting. The conversation addresses cultural business differences, key locations for business operations in Australia and the United States, and Murrell's entrepreneurial journey from domain hosting to launching a company focused on cybersecurity training and phishing simulations. Hosted by McGuire, this episode explores effective market-entry strategies for tech enterprises.
The video unveils Murrell's insights on the strategic decision-making necessary for companies aspiring to expand globally. Murrell notes that understanding each market's cultural context and geographical preferences is crucial, with factors to consider including prime metropolitan hubs and cost-effective alternatives in cities such as Manchester and Virginia. Murrell and McGuire discuss tapping into opportunities in sectors such as mining and government, which can be pivotal for success, especially in underserved markets like Australia that offer significant potential for tech adoption.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Jason Murrell, MurFin Group
Exploring Cross-Border Expansion Challenges and Opportunities in Cybersecurity with Jason Murrell at RSAC 2025
In this insightful discussion from RSAC 2025, Jackie McGuire, principal analyst at theCUBE Research, engages with Jason Murrell, co-founder of MurFin Group. Murrell shares expertise on the unique challenges and vast opportunities for cybersecurity companies aiming to expand between the United States and Australia.
Murrell imparts experiences and critical insights from a cybersecurity career that began with an unexpected venture into domain name hosting. The conversation addresses cultural business differences, key locations for business operations in Australia and the United States, and Murrell's entrepreneurial journey from domain hosting to launching a company focused on cybersecurity training and phishing simulations. Hosted by McGuire, this episode explores effective market-entry strategies for tech enterprises.
The video unveils Murrell's insights on the strategic decision-making necessary for companies aspiring to expand globally. Murrell notes that understanding each market's cultural context and geographical preferences is crucial, with factors to consider including prime metropolitan hubs and cost-effective alternatives in cities such as Manchester and Virginia. Murrell and McGuire discuss tapping into opportunities in sectors such as mining and government, which can be pivotal for success, especially in underserved markets like Australia that offer significant potential for tech adoption.
Jason Murrell, co-founder of the MurFin Group, joins theCUBE’s Jackie McGuire at the RSAC 2025 Conference to discuss how cybersecurity companies can navigate international expansion, particularly between the U.S. and Australia. The conversation explores market entry strategies, cultural dynamics and untapped regional opportunities.
Murrell shares lessons from his path into cybersecurity, beginning with a domain-hosting venture and leading to a focus on training and phishing simulations. He highlights the importance of understanding local business env...Read more
exploreKeep Exploring
What mistake did Australian companies who came to the US early make in terms of choosing a location to establish their startup?add
What are some key steps that need to be taken in Australia to increase participation and diversity in the cybersecurity industry?add
>> Happy Wednesday, CUBE community. On Wednesdays we wear pink and we are live from RSAC 2025. I'm Jackie McGuire. I am the Practice Lead and Principal Analyst for Security at theCUBE. And I am joined today by Jason Murrell. I met Jason at RSA this year. And he is an Australia expert, so I figured it'd be great to have him on to talk a little bit about that. Jason, welcome.
Jason Murrell
>> Thank you. And yeah, no, I missed the pink memo. I think I had that Monday.
Jackie McGuire
>> It just means you're not a mean girl, which might not be a terrible thing.
Jason Murrell
>> Yeah, that's a good thing.
Jackie McGuire
>> So we met a couple of days ago at an after hours. And we had this fascinating conversation about Australia. And a lot of SaaS vendors I'm talking to, as they're trying to diversify away from the U.S. and kind of build businesses outside the U.S., ANZ is one of the first places they look. You were sharing some really, really powerful insights with me about both things that American companies don't think about going into Australia, and things Australian companies have to think about expanding into the U.S. and Europe. So to take a step back, I guess if you could introduce yourself and tell our audience a little bit about what you do. And then we'll jump into those things.
Jason Murrell
>> So, that's a great intro and you've covered a lot of stuff there. But I think like most people, I accidentally got into cyber. And as we talked about the other night, it was we had a domain name hosting business and one of our clients had a phishing email. They did click on the link and it was $782,000 lost on that aspect. But from there, we did our own. I'd done some startups prior to that in whisky and in other areas in goldmine remediation. So, virtually nothing to do with cyber. But after that we created our first cyber company, Cyber Aware, which was a white labeled platform, similar to Node before, which hopefully a lot of people would know, training, phishing simulation type product. But we white label that through MSPs, MSSP. So, we learned a lot about the market from doing our own product there. And we went to RSA the first time in 2018 with that product. And mind-blown. You come from a little place like Australia, 27 million people, there's 50,000 people in RSA. And just walking in there, it's overwhelming, the amount of... But I love the energy here in America because it's a lot more entrepreneurial and stuff. There is a thing in Australia called the tall poppy syndrome where people try and chop you down if you start to get a bit too high.
Jackie McGuire
>> I grew up in New England and there are parts of America where that is the case. In New England we refer to ourselves as townies. And if you get too big, you're no longer a townie and they disown you.
Jason Murrell
>> That's it. And that's Australia, that's a whole of Australia.
Jackie McGuire
>> Yeah.
Jason Murrell
>> So yeah, I think there's differences. And what we want to cover here is what the differences are both ways. For Australian companies coming over here, it's a lot bigger market, so you've really got to pick where you want to land, especially east coast, west coast. There's opportunities obviously in Texas and other areas. A few years ago, Maryland used to do some good deals, now Virginia's doing some good stuff. So for companies, you really need to know where you're going to land because you can't just say, "We're going to do America.", because it's too big. And likewise, when you come to Australia as a SaaS company or a platform from the U.S. or the UK or anywhere else, there is nuance and difference there that you've got to be aware of coming into that market. It's only 27 million people, but you can make some good headway if you actually just get some close contacts off the bat.
Jackie McGuire
>> Yeah. So one of the things you were sharing with me is that if you're coming into Australia, I think Sydney is the first place everybody think or maybe Melbourne. But you were saying that where you land city-wise in Australia, you should really kind of align that with what your business does. Because there are different cities that have hubs for different industries. So if you can mention just a couple of those, I think that would be really helpful.
Jason Murrell
>> The main ones are Sydney, Melbourne, right? Biggest population. I think between the two major cities, they hold pretty much half the population of Australia. So, that's where it happens. In between there right in the middle of Canberra. So if you're going to be doing defense or government-type work, you want to really consider Canberra. If you weren't going to do Canberra, Sydney's closer to four-hour drive. Melbourne really is a lot longer drive, so it'd be a fly-in. So, it's those things. They don't sound like big things, but they will make a big difference depending on where you do most of your work.
Jackie McGuire
>> Yeah. If you want to meet government customers, if you're asking them to get on a plane or your employees have to get on a plane, that's probably not going to be most cost effective.
Jason Murrell
>> You want to take that in consideration. So yeah, Sydney, if you were not going to be in Canberra itself, Sydney would be your next best option there. But a real difference in cities is in Adelaide they've really gone for space cyber and gone down that route. So, that could be something as an option, and have built lot 14 down there specifically for that to land at. So, they're the sort of things you want to consider. And mining, although mining is bigger in Western Australia over in Perth and there are some companies based there, most of the bigger mining companies are actually based in Melbourne, like .
Jackie McGuire
>> So, the OT type, yeah. So, we just-
Jason Murrell
>> And the banks as well, the same between mainly Melbourne but also Sydney.
Jackie McGuire
>> Yeah, and we actually just met with Clarity yesterday, and they're an OT company. And I was talking to them about the fact that I think post-target breach where we actually did see someone get in via HVAC system, there's a lot more emphasis on OT. So, that's really good to know. And I always forget that Australia is a massive mining operation. So that's really interesting to keep in mind for OT tech companies, and even observability and the industrial tech and things like that. All right, so now let's flip the other way. So when companies are looking to expand outside Australia to whether it's Europe. I think there's a lot more focus on the EU right now. Companies trying to diversify away from the U.S. so that they don't have all of their eggs in this basket.
Jason Murrell
>> Eggs in one basket. Yep.
Jackie McGuire
>> So as companies are doing that, how are you guiding them as they're expanding? How do they choose, do we do Europe first? Do we do America first? Where in Europe do we go? How do you help them choose that? And then I think you also mentioned there's nuances in the U.S. too where you land. So, what's that process look like?
Jason Murrell
>> So one of the things, again, the Australian companies who came here early really made the mistake of actually landing in an expensive city. So when you're a startup and you don't have much money, landing in San Francisco or landing in New York can be problematic. So, that's something you've got to consider. And that's where some of these deals with Maryland or other... And Maryland were doing a few years ago, we'll give you some office space and we'll help you with regards to employing people. So, having people on the ground. And if you're a founder, especially from Australia, you should be domiciled in the country 'cause they want to meet the founder at the start. So, you can't really do it remotely. It's a difficult thing. In the UK, and this is something for the US people going into Europe, the UK is great to get into. But again, London's expensive, but Manchester, they do have a hub. And Barclays Bank has done a lot of stuff up there. They've got about a hundred cyber companies in there. So, that would be a better place and more cost-effective if you were thinking of expanding in market than going to London as well. So, these are little nuanced things that people don't often think about when going into a country. I mean Australia, I think we're about 10 billion as a total amount of money spent in cyber, $10 billion. But 97% of our cyber companies, there's 302 in Australia, that's all. And most of the money's come from our offshore for VC funding, so we're not funding our own back home. So, we do rely on the U.S. especially to invest in there. But if you are going to Europe from the U.S., the UK's often good as a doorway to get into there. But, yeah.
Jackie McGuire
>> And I think controlling costs is something that startups don't always think about in terms of, to your point, just cost of living. Being able to recruit engineers at a reasonable salary, having them not get disillusioned with living in a one bedroom flat while they're trying to write code 12 hours a day. So, that's really interesting. So at RSA, what are some of the things you learned this year that surprised you in terms of what companies are doing or how that global expansion is evolving?
Jason Murrell
>> I was interested this time in, because there had been a change of government, and what the sort of general feel was on the floor. Because sometimes that can have an impact on the change of more positivity or not, depending on what the change has been. But I've noticed, and always when I come here, that people aren't scared to sell here and they're talking very positively. But then when we have the conversation on the side, sometimes some people are really struggling at the moment as well. So, it's a tough market. And I'm always interested when you come here, who's got a bigger stand. Someone who was on the back blocks last year and all of a sudden it's like, oh, did they get some VC funding or whatever? Or conversely, the ones that had the big stand last year are maybe going into the middle ground and just get some feel for that. But there is a lot of same-same, but I'm really looking always for that different. So, what's that different product that actually has some capacity to... We've got a lot of gaps in Australia, so we'll pick up tech very quickly. So, this is a good thing for companies coming in. They'll give tech a try. We're very low-level and very open, especially on the critical infrastructure and government side of things. So, there is a lot of opportunity in Australia. And I think you just got to understand that market when you go there to pivot your product. Stories that work here will work there obviously, especially if you're selling to CISO or C-suite. Same stories will work, you just got to anonymize that or change it to be suitable for that situation and get into those key groups.
Jackie McGuire
>> Yeah. And to draw a really terrible analogy, I think just as there's a lot of security opportunity in Australia that people aren't necessarily thinking about. I was actually talking to my friend Marcus Hutchins yesterday about the opportunity on TikTok for security. A lot of people don't use TikTok if they work in security. So for marketers, it's actually a great place to market because significantly less competition for security content. And a lot of your millennial buyers are there.
Jason Murrell
>> Yeah, true.
Jackie McGuire
>> So yeah, I think kind of focusing on where their markets that are maybe under tapped, where there's an appetite for more robust representation is really interesting. Anything else you'd like to add before we wrap up? Anything you're looking forward to tonight or tomorrow?
Jason Murrell
>> Yeah. Look, I always go away from here with a lot more ideas than what I came here with, and actually gives you a bit of a boost I think going back to try and bring the whole industry up. They're not attacking by country or postcodes, they're going and finding where the lowest hanging fruit is. So yeah, I think one of the key things we need to do in Australia is get started a bit earlier in the school system, because kids are getting handed devices very early. And as we spoke about the other night, you wouldn't throw the keys to the car to your kids and say, "Good luck on the road." We need to start a bit earlier. They're trying to unlearn bad habits in the workplace and we're always trying to fix. And most of the products we talk about are fixing things in the workplace. But I think if we just started with the basics really early, strong passwords or passphrases, password managers, whatever you want to do, multi-factor authentication, updates when available. Kids are on their device before they can speak, and you just don't know what they're doing and where they're going. And we could start that career pathway a lot easier. We just did our report in Australia. It was 25% of females in the industry. So we want to sort of bump that up, but you need to make those pathways and those avatars a lot clearer for people to aim for. And we've got to do a better job at that, I think not just in Australia a bit globally.
Jackie McGuire
>> And one of the other things that I've found is that when people think about going into security, they very specifically think about the engineering role or the SOC analyst role. I was at WiCyS in Dallas a couple of weeks ago and none of the women I talked to had heard of sales engineering. And they were like, "I don't want to sit at a computer 10 hours a day and write code." And I'm like, "Well, you've got great people skills. Why wouldn't you go into solutions engineering?" They literally were like, "What's that?" So, I think that's another thing that if we got into-
Jason Murrell
>> And cyber lawyers.
Jackie McGuire
>> Yes.
Jason Murrell
>> There's more female cyber lawyers than there are males. And I know on the awareness and training side of things, and most organizations have it, it's more likely to be a female than not that do that piece work. So, someone with marketing background or skills are really great in that or a sales role because selling that internally within the business. So we need to look for those crossover skills as well. Like GRC. We really should be looking at accounting or law or other areas where we could build people with skills that want transition and do GRC or tasks like that. So it's not just that pathway, but also where can we cross skill and grab people from other industries to bring them in?
Jackie McGuire
>> I love that you said that because I met Lynn Dohm. She's the Director of WiCyS, which is Women in Cybersecurity. And I gave her this document that I had put together that was the top six women dominated fields in the U.S., which was like nursing, teaching, project management, social work. And I correlated the skills in those things to skills in cybersecurity. So if you can respond to a code blue as a nurse, it's all process and playbooks. And-
Jason Murrell
>> And we had that in an incident. So, we did a full on... So, we've done a lot of tabletops with this company. And we actually did an exercise where we actually got them out onto the proper scale, full scale. So, I need to decide so, one other knew. I'll make this quick. But basically, everyone froze. They were completely offline. There was a lady who was a critical care nurse during COVID. She had joined the team only in '23. She was cool as a cucumber, opened the drawer, and said, "We got to get this book and we've got to go through step by step." So, she was cool. Other people hair on fire, running around the office, and she was as cool as a cucumber. Picked it up and said, "Here's what we've got to do."
Jackie McGuire
>> Well, and going from critical care to SOC analyst is probably the only time a SOC analyst would be less stressful than your day job.
Jason Murrell
>> That's it.
Jackie McGuire
>> Jason, thank you so much for joining us today.
Jason Murrell
>> Thank you. Thanks the opportunity to be here.
Jackie McGuire
>> Really appreciate it.
Jason Murrell
>> .
Jackie McGuire
>> For theCUBE, I'm Jackie McGuire. We will be back shortly with more high frequency insights from RSAC 2025. Thanks, everybody.
Jackie McGuire