How two childhood friends from Odisha bootstrapped a cybersecurity company from a rooftop apartment to a global enterprise worth ₹100 crore without a single rupee of external funding.
In the mid-1990s, when cyber cafes were mushrooming across Indian cities and the internet felt like science fiction made real, two young men from Odisha pursuing their MCA degrees under Utkal University, began hatching an unlikely plan. They would start a cybersecurity company. They did not have capital, they did not have clients and they barely had a company name. What they had was passion, complementary skills, high confidence and an unshakeable bond forged over childhood friendship, and shared dreams.
That company, SecurEyes, recently entered its twentieth year of operations. From a 3-bedroom apartment in Bangalore with four employees to eight offices across the globe with 400+ employees and over a thousand clients including Government of India ministries and international corporations, the journey of Mr. Karmendra Kohli, CEO and Director and Mr. Seemanta Patnaik, CTO and Director, is a quiet masterclass in patient ambition, financial discipline and the power of building from the ground up.
The Name Before the Plan
The story begins not in a boardroom table but on a shared desktop computer during the final semester of their MCA in Hyderabad, where both had deliberately chosen to live together. It was there that the name SecurEyes was first typed as their computer name, long before there was a business behind it. “We said, let us start by giving a name and then figure out what to do,” recalls Seemanta. The name stuck. The plan would take another four and a half years of corporate jobs, deliberate learning and disciplined saving to crystallise.
The two made a calculated decision to take divergent career paths before converging again. Seemanta went into enterprise solutions and headed to Japan; Karmendra focused exclusively on internet security and travelled to the United States. They spoke every weekend and met whenever timelines allowed, driven by a shared conviction that, as Karmendra puts it, “People were putting too much trust on computer systems just because they were easy to use and it was a black box for them. We realised that security is going to be very, very important in the future.”
The strategy paid off early. Their very first project, code-named Goldfinger, and was developed under the GNU licensing for a consortium later acquired by McAfee. Their first informal office during this project was a rooftop attic of friends house who was kind enough to share with them the space and his good wishes. Built to raise public awareness around application security, it received approximately one million downloads at launch, an extraordinary figure for that era. When the time felt right, they joined together and went all in to start SecurEyes.
Starting Up from a Rooftop
SecurEyes was formally incorporated in 2006. The first office was a an apartment in Bengaluru; the first employees, four. Selling cybersecurity in those days meant educating the customer from scratch. The founders would cold-call companies, ride their bikes to client offices and patiently explain why a business that had never been hacked still needed to care about security. Age was another barrier, clients often expected someone more senior to walk through the door. They pressed on anyway.
Family support proved crucial in those early months. When their first client project arrived and panic set in about where to execute it, Karmendra’s father found them their first apartment within 2 days. By 2007, SecurEyes had moved into a proper commercial office. The early roster of clients included ING Vaisya Bank and several Government of India projects which continue to this day.
Financial Discipline as Competitive Advantage
Growing to ₹100 crore without a single rupee of external funding is not an accident. It is a philosophy applied over two decades with near-religious consistency. “Our philosophy was to grow organically, create value for the ecosystem and generate revenue from that value, not from targets given by investors or any external party,” says Karmendra. The principles behind it were straightforward: honour obligations first, spend practically, maintain six months of contingency cash at all times and roll every rupee of profit back into the business.
The founders also made a deliberate choice to balance Indian and international revenue, recognising that while overseas projects yielded better margins, domestic work offered a stability no geopolitical event could easily disrupt. Both had comfortable, USD-denominated careers ahead of them when they chose to return to India and build. That, too, was a conscious call, rooted in a conviction that they were here to create employment, deliver value and build an Indian MNC.
A Platform Built for the Full Spectrum of Risk
SecurEyes today operates across two distinct wings: consulting services and proprietary products. The consulting arm is structured around three pillars. The first is assurance services, end-to-end cybersecurity testing that covers every layer of the technology stack, from network infrastructure and systems to mobile applications, APIs, middleware and cloud environments. The second is Governance, Risk and Compliance (GRC) helping organisations navigate the full matrix of regulatory requirements, international standards, internal policies and sector-specific mandates. The third is training, education and awareness, delivered primarily as a B2B offering to corporates, with dedicated programmes for developer communities within large enterprises. Their education initiative helps fresh graduates and career movers to launch their cyber security careers.
On the product side, SecurEyes builds what it describes as foundational AI-driven risk management platforms. These include a newage supervisory technology platform, cyber risk management, third-party risk management, operational risk management and vulnerability management platforms, all developed in-house and AI-powered. The flagship product currently nearing public launch is an Integrated GRC (iGRC) solution that automates the Governance, Risk and Compliance lifecycle across all three lines of defence within a customer environment: the operational layer, the compliance layer and the audit layer. A supervisory platform built for regulators such as central banks sectoral ministries and healthcare authorities won a global ‘Technology Services Award’ in 2023 from a consortium of 131 central banks and is receiving a significant AI-augmented upgrade.
Beyond its commercial operations, SecurEyes runs a dedicated cybersecurity academy aimed at building the next generation of security professionals. Students enrol directly, receive structured training across offensive and defensive security disciplines and are supported in launching cybersecurity careers. In a field that continues to face a critical talent shortage in India, the founders see this not merely as a business vertical but as an obligation to the ecosystem that gave them their start.
Securing the Future with AI
Keeping pace with a threat landscape that now moves at AI speed requires a different kind of vigilance. Both founders remain practitioners, attending conferences, meeting clients directly and learning as readily from a fresher as from a retired CEO. “With the exponentially changing landscape on AI, we have also started exponentially changing our services and product journey,” says Seemanta. The company that once had four or five services now offers more than twenty, across industries from aviation and shipping to oil, power and manufacturing.
Advice from the Apartment to the Boardroom
When asked what they would tell a student at Utkal University today with a big idea and cold feet, the founders answer without hesitation. Follow your passion relentlessly. Find mentors and pursue them even when they are busy. Build with people whose skills complement your own rather than mirror them. And start now. “There is no better time than now,” says Karmendra. “Once value is created, everything else follows.”
The secret of SecurEyes’ longevity, if there is one, may be simpler than it first appears. Karmendra calls it value delivery and trust. Seemanta reduces it further to a single word: “Connect- whether it’s external connect, internal connect or the connect between us. That comes first, through value, through services, through gaining their trust.” Twenty years on, the company that was named on a desktop in a Hyderabad room is now eyeing its first round of funding to fuel the next phase of global expansion going to the table, for the first time, on their own terms.
From India to the rest of the world. Make in India, go global. The dream, it turns out, was always the same. Only the scale has changed.
