Rick Snyder is still one tough nerd, a tagline he rode to the Michigan Capitol as the state’s 48th governor in 2011, where he served for two terms. But today, he has modified his self-described moniker
“I’m a proud nerd,” Snyder says. “How I define nerd is (that) I love to learn about everything, and so I view it as having great intellectual curiosity to learn about any topic you can think of. That has always been exciting for me, since I was a kid.”
What inspires Snyder these days is SensCy, the cybersecurity startup he launched with three longtime colleagues last spring in Ann Arbor. “I’ve known these folks anywhere from 10 years to 20 years, and they were talking about this idea before I joined them,” Snyder says. “When they asked me if I’d be interested in building a good business and really helping people, I said sure.”
And with that, SensCy — an acronym for Sensible Cyber — was “off to the races,” with Snyder as the CEO. In December, the company announced it had raised $4 million in an early-stage funding round.
“My connection to cyber goes back to my Gateway days,” he says, then laughs, “and to my fish and lettuce days.”
In the early 1990s, Snyder was appointed executive vice president of Gateway, which developed, built, and distributed personal computers, monitors, servers, and accessories. The company was a forerunner to Apple, which followed a similar retail expansion. He also served as president, COO, chairman, and, during 2006, as interim CEO, as the company searched for a permanent replacement.
“The life cycle for product evolution was very quick, particularly personal computers,” the Battle Creek native explains. “Back in those days, new models were coming out every three or six months. The life cycle for product evolution was very quick, and I used to say selling PCs was like selling fish or lettuce. None of it is very good after very long, so to the degree you had inventory, you had to move that product.”
The product clearly moved: In Snyder’s six years at the helm of Gateway, it grew from 600 to 13,000 employees and increased revenue tenfold, from $600 million to $6 billion.
Snyder also had experience as a successful entrepreneur, founding two $100 million venture capital firms in Ann Arbor: Avalon Investments Inc. and Ardesta. In addition, there was the knowledge and expertise he gained during his time as Michigan’s 48th governor from 2011-18.
“I established a Cybersecurity Advisory Board that helped focus on what we needed to do with cybersecurity, not only in Michigan, but nationally and internationally,” Snyder says of his time as governor. “I made cybersecurity a priority. We aligned Homeland Security, the National Guard, and our chief information officer and created a joint focus and mission on cyber. (Michigan was) the first state to have this alignment. Also, we signed a memorandum of cooperation with the state of Israel and made mission trips to (build) economic development ties between us, with a focus on cyber companies.”
Snyder also launched an array of cyber initiatives, including education and awareness training for high school students and all state employees. During his tenure, Michigan began hosting an annual Cyber Summit that brought together public and private educators to engage and discuss cybersecurity.
“We were held up as the model for our Incident Response Plan, which was the collaboration between government, education, and business. Even today, many of these things are still in place, and the National Governors Association refers to the ‘Michigan Model’ when talking about how other states should approach cybersecurity. We were the leading state in the nation by a significant margin, and I’m very proud of that.”
Snyder pauses here, then adds, ruefully, “The interesting part is we didn’t actually tell anyone because that just would have made us a target. If you go out and tell people how good you are at cyber, it’s just like putting a bullseye on yourself.”
When Snyder and his partners began researching the idea for SensCy, the first task was to determine whether there was a niche for a company specializing in cybersecurity on a more modest scale for small- and medium-sized organizations — or SMOs — generally defined as businesses with 500 or fewer employees.
“We did discovery interviews with small businesses, and insurance brokers and carriers, to get their perspective on whether this would be the right solution for the market,” he says.
“There are roughly 6 million organizations that meet that definition, and cyberattacks on those businesses from 2020 were up by over 400 percent in 2021,” says Snyder. “That number isn’t going to go down, because it’s too easy for the bad guys to launch more and more attacks.”
Too easy, Snyder and his partners discovered, because most of the companies specializing in security for SMOs weren’t up to the task.
“What we found is there are really very few people out there that can help them,” he says. “The big thing that really stood out is there is one group of companies called main service providers, and they’re quite often the kind of outsource IT that serves about half the marketplace. They’re hired as an outsource provider to come in and manage networks and PCs and other devices, and a lot of those folks are good people.”
But, Snyder quickly adds, most were sorely lacking in one critical area.
“They tend not to be cybersecurity experts,” he cautions. “There was still a need for somebody to say, Our sole focus and drive is to help our clients become safer and better in cybersecurity and be 100 percent focused in on that. And that’s where SensCy really stands out.”
How can Michigan better attract investors?
Our priority should be to support existing Michigan businesses, and then focus on attraction. Key items would be:
- Invest in creating talent in high demand fields like IT.
- Improve our tax and regulatory environment.
- Do more and better marketing of doing business in Michigan like we do with tourism with Pure Michigan.
What more can be done to support startups?
Michigan has one of the nation’s gems for startups in Ann Arbor Spark. Replicate Spark in other areas of Michigan. For later stage companies, support and market great groups like the Small Business Association of Michigan and the Edward Lowe Foundation. Support and grow Pure Michigan Business Connect, a program which connects Michigan based buyers and sellers. It is one of the best programs that we created when I was governor.
In what ways can Michigan better retain or attract talent?
Create more certificate programs in high demand, well-paying fields. Support great programs for our youth like FIRST Robotics and Girls Who Code. Grow walkable lifestyle communities. Have accessible and affordable broadband coverage across our state, particularly near our incredible waterfront areas.
The SensCy security protocol starts with what amounts to a quiz for the client.
“We ask 30 to 40 questions that are interactive, and we give a health score — what we call our SensCy score, which is sort of like a FICO score for your credit,” Snyder says. “The SensCy score is for your cyber health, and it’s on a 1,000-point scale, just like your credit score. And the nice part about giving a score is it makes it tangible for our clients. Instead of just talking about cyber, this thing out in the ether, it becomes a tangible number they can relate to and it gives them a benchmark.”
The score in itself is significant, and telling.
“Most small businesses that we’ve been scoring are in the 300 to 400 range,” Snyder says. “Our goal is to get them to 700 to 800, or higher. And we come back with a recommendation and a path to get the score up to a much safer range, with a number of activities to help them make that happen.”
One of the first steps is awareness training for all the client’s employees. “Ninety-five percent of successful cyberattacks are caused by employees making avoidable mistakes,” Snyder emphatically declares. “The main point we make is even if you get these techie solutions, the bigger risk is the human side of things.”
And, he adds, cyber-attacks are happening even at the largest companies in the state. “Michigan Medicine got phished last fall,” Snyder says. “They had employees that clicked on an email.”
As a result, almost 40,000 patients had to be immediately notified about the breach and the potential exposure of their health information. And it turns out the health care sector is one of the most vulnerable to cyberattacks because hospitals and other medical facilities, in general, have legacy equipment and security systems that weren’t designed to fend off today’s sophisticated cyber criminals.
“Think about the resources Michigan Medicine has,” Snyder says. “They’ve got training, they’ve got cybersecurity people, and they’ve got all these tools, and they’re subjected to a successful phishing attack. Now ask yourself: How good is the 20, or 50, or 100-person organization going to fare if a place like Michigan Medicine and all those resources is getting successfully attacked?”
That thought process is a significant part of the pitch Snyder and his team make to their clients.
“Our goal is to help change an organization’s culture from being passive to active regarding cybersecurity,” he says. “So, six times a year, once every other month, we’ll have a short video on how to do passwords the right way, or how to look out for phishing emails, with a video and some quiz questions to make sure the learning is reinforced.”
During each of the other six months, the SensCy team will actually attempt to send a phishing email to the client.
“The goal is not to have anyone click on it,” Snyder says. “Some people will, but we’ll track that and then will be able to give them constructive feedback on how they could have identified the things they missed, and how they can be more successful, longer term.”
While SensCy tests the employees, it also analyzes the client’s overall cyber defense system. “We look for vulnerabilities using software to look for openings, holes, and ‘open doors’ in a client’s network,” he says. “We’re also going to look on the dark web, which is the scary place where, if your stuff is taken, it’s liable to end up.”
The videos, quizzes, phishing expeditions, and other virtual tests are supported by face-to-face executive briefings.
“We believe you need to have human interaction, so as part of our service we’ll go in and talk to the people leading the organization. A client may ask, How are we doing on our cyber health? How is our score? Where are we today? What else do we need to do? How do you see other people out there that are our size, and how are they looking? What are the big issues? And we’ve created a nice dashboard our clients can look at any time, showing them what their score was and is today, and how it’s historically changed.”
If the worst-case scenario occurs and a company’s security is compromised, the same kind of Incident Response Plan Snyder utilized as governor should already be implemented, and the company should be on high alert.
“I ask almost every audience I talk to, How many of you have an Incident Response Plan?” Snyder says. “They raise their hands and typically it runs less than 10 percent, which is a really scary thing. If you have a problem, the Incident Response Plan is what you pull out to recover quickly. And it should be in place long before you have a problem. The worst time to figure out what to do after you actually have the problem is when you’re in the middle of the mess.”
SensCy offers three subscription tiers for its potential clients. “It’s basically flat, depending on how many employees with emails you have,” Snyder says. “If you’re between zero and 20 employees, it’s $750 a month. Between 20 and 100, it’s $1,000. And from 100 to 250, it’s $1,500. If you’re bigger than that, we’ll come up with a number, but those are the three basic tiers.”
There are currently a dozen or so employees at SensCy. “We have some shared office space that we rent and we get together a couple times a week,” Snyder says. “But we’re virtual. It’s the way the world is.”
He adds that the company is building its clientele slowly and deliberately.
“I used to joke to people, I have the cleanest garage in North America.”
“We’re in the teens right now, primarily in Michigan, because we want to start in our own backyard and help our neighbors as much as possible,” he explains. “Most of our marketing has been through Michigan-based membership associations, but we can handle clients anywhere in the country. Our goal is to be in the hundreds over the next year.”
Snyder is confident he and his team have pulled together a compelling package for potential clients, but he’s also a realist.
“We recognize this will never be the highest priority for a company,” he admits. “I mean, they have to run their business. But we view education as a huge part of what we’re doing. We occasionally get pushback from somebody in an organization, saying, I don’t think my employees are going to do that. They’re going to get upset that they have to watch a video and take a quiz.”
Snyder has a tough time accepting that rationale.
“Everything the 10 minutes that lesson is going to take out of their life, they should absolutely be taking home to their spouse, their kids, and everyone else,” he declares. “Everything they’re learning there is equally applicable in their personal lives, because a lot of these folks are getting creamed at home by hackers, in some fashion. So a lot of this is being proactive and saying the training is a positive, and let’s portray it that way and promote it as a free employee benefit.”
As far as acquiring the necessary funding for SensCy, the timing for Snyder and his team might be perfect.
“Cyber protection is becoming more and more necessary for companies of all stages,” says Aaron Hodari, chief investment officer and managing director at Schechter Wealth in Birmingham. “Our wealth management arm manages approximately $2.7 billion in assets, and we had a client get hacked (recently). So as a business owner, we’re incredibly focused on making sure we have great cyber security protection, and we continue to invest in having better and better cyber tools. You’re not going see a slowdown in the amount of investment going into cybersecurity.”
As for the specific SMO niche SensCy is focused on, Hodari adds, “As investors, we’re very interested in the cybersecurity sector. Companies that can build solutions that can work for smaller employee teams is critical. Snyder is going to have no problem raising money.”
Meanwhile, the former governor clearly relishes being back in entrepreneurial mode. He admits that once his duties in Lansing ended after eight years and he resumed life at home with his wife, Sue, the adjustment was challenging.
“I would drive Sue nuts,” he says. “I was used to going a million miles an hour, just in terms of meetings, events, running all over the place — and then when you’re done, you go from 200 mph to zero. I used to joke to people, I have the cleanest garage in North America.”
The downtime allowed Snyder to spend more time with his family, which included going on a safari with Sue. “We went to Tanzania, and then to Rwanda, and hung out with gorillas where they’re literally surrounding you. You’re within two or three feet of these big gorillas. Absolutely amazing.”
Snyder chuckles, then adds, “And those gorillas are in charge, you know? If they want you to move one way, or want you to do something? It’s like, Yes, sir, I’m ready to move wherever you want.”
Snyder and his wife also took a 3,700-mile drive from Ann Arbor to Alaska to help relocate and settle their daughter and her fiancé into their new careers. “We spent seven days on the road and it turned out to be a lot of fun, and the best part is we were still speaking to each other when we were done,” he laughs.
There was also time for Snyder to reflect on his eight years in office — “we did an incredible amount to make Michigan a better place,” he proudly asserts — while also reckoning with the Flint water crisis.
As part of a plan to save money and boost local jobs, in 2014, Flint and Genesee County officials, along with then Emergency Manager Edward Kurtz, approved a cost-cutting plan to end a 47-year relationship with the Detroit Water and Sewerage Department and join the newly formed Karegnondi Water Authority, which proposed building a 70-mile-long pipeline from Lake Huron to bring lake water to Genesee County.
The pipeline would save Flint $100 million to $300 million over 30 years, officials said at the time. The plan also called for refitting the city’s water plant to treat the heavily polluted Flint River water for use as a stopgap community water source until the new pipeline was operational in 2016.
The water crisis was a real-life tragedy of lead poisoning caused by government disfunction, undermining of authority, and mismanagement. Mike Glasgow, a laboratory and water quality supervisor at the Flint plant, didn’t hold back in his April 25, 2014, email to the MDEQ: “I do not anticipate giving the OK to begin sending water out anytime soon. If water is distributed from this plant in the next couple of weeks, it will be against my direction,” he wrote.
That same day, Flint officials, including then Emergency Manager Darnell Earley, greenlighted using water from the Flint River. Within days residents began complaining that discolored, brownish water was flowing out of their taps. As many as 12,000 children may have been permanently harmed by lead poisoning, court records show.
“In Flint, errors were made at every level of government,” Snyder admits. “The question is, what do you do about that? I apologized, and I still feel for the people affected by that. We put in the strongest lead and copper rule in the nation that I was proud to see happen. We also were the leaders in dealing with the next big set of issues beyond lead, which is PFAS.”
Of course, Snyder was also a major player behind the decision in 2013 that led to Detroit filing for Chapter 9 bankruptcy, and then helping to spearhead the city’s restructuring and comeback. Ironically, a vital part of that resurgence is the flurry of startups like SensCy that have built and enhanced metro Detroit’s reputation as a global tech hub in automotive, manufacturing, robotics, medical devices, and more.
When the former politician and current entrepreneur pitches a prospective client on the attributes of SensCy, he often relies on a medical reference to make his point.
“Cybersecurity and the whole topic of being safe is much like being a diabetic,” Snyder begins. “It’s a chronic condition and you’re never going to be cured to the point where you can say, Hey, I’m never going to have a cyber issue. It’s always going be with you. But that’s not to say you can’t have a good life.
“If you’re a diabetic and you manage your insulin, and if you diet and exercise the right way, you can live a really great life. The same thing is true of cybersecurity. It’s not the main focus of your life, but you have to be vigilant, you have to be thoughtful, and you have to take some steps to be healthy. And if you do that, you can also have a good life.”
Right to Work
Data shows Michigan’s 2012 Right to Work law is helping attract businesses to the Great Lakes State and has wide appeal among citizens.
Following the mid-term elections last November, Democrats have control of the governor’s office and both chambers of the Michigan Legislature for the first time in four decades, which puts the state’s Right to Work law, a Republican initiative, in jeopardy.
Signed into law Dec. 11, 2012, by then-Gov. Rick Snyder and enacted the following March 28, the measure allows workers to opt out of paying dues in union-represented jobs, although they remain eligible to receive benefits.
Those in favor of the law say it’s good for Michigan — and the data backs up their claim. According to the U.S. Census Bureau, there were 6,102 applications to start businesses in Michigan in March 2013. That number moved steadily northward until hitting an apex in 2021 at 13,148. In October 2022, the number of applications was 11,472.
Timothy Nash, who leads economic research at Northwood University’s McNair Center in Midland, points to the improvement in net population migration since 2013 as proof of Right to Work’s effectiveness.
“Over the 13-year period from 2000 to 2013, Michigan’s net population migration showed a loss in population of 619,147, or 47,700 people per year,” Nash says. “Since 2013, Michigan’s population migration has continued, but at a much slower pace — with a net population migration for 2021 being just under minus 7,900.”
Business leaders, as well as everyday citizens, would prefer the law to stay in place, according to a survey conducted by the Midland-based Mackinac Center for Public Policy.
Right to Work has strong support among Republicans, Democrats, Independents, men, and women, the survey results show. The support held for every age group and in every region of Michigan. Union households supported the law by a nearly 2-to-1 margin (55 percent to 28 percent).
“It’s giving rights to workers themselves to make the choice of belonging to the union or not,” says Snyder, currently CEO of SensCy in Ann Arbor. “The bigger issue, the economic impact it has on the state, is the perception of Michigan and the marketing of our state. In many cases, prior to Michigan becoming a state that had Right to Work, we were disqualified before we had a chance to compete for a lot of economic development projects.
“We wouldn’t even get considered. The number of prospects that came to Michigan (since that time) went up significantly. Michigan now has an open for business sign out, and if we got rid of Right to Work it would be like putting up a closed for business sign.”
Brian Calley, president and CEO of the Small Business Association of Michigan and lieutenant governor when Right to Work went into effect, says: “In the 10 years since Right to Work passed, Michigan has undeniably improved economically,” he says. “And while Right to Work is certainly not the only factor, it played an important role. Michigan’s economic recovery is fragile and the last thing new leadership in the Legislature should do is make big, sweeping changes to disrupt our progress.”
— By Tim Keenan