July 2025 | Michael Fechter
When he’s on vacation, Danny Jenkins works “only” about six hours per day. If a staffer calls him at 3 a.m. to help troubleshoot a problem, Jenkins says he’s happy to answer. He admits to “doing really well” financially, but the co-founder and CEO of the Maitland-based cybersecurity company ThreatLocker says it’s not about the money. An early adopter of “zero trust” security systems, he’s convinced he’s onto something that could all but eliminate cybercrime.
“We don’t do this because we can make a crapload of money,” he says. “We did this because we want to change the world. We were sitting there working on ransomware cases and then another ransomware case. It’s kind of — the world is screwed. The world is going to be destroyed (economically) if this doesn’t change.”
If 80% of the country’s businesses similarly embraced the “zero trust” framework, Jenkins believes cybercrime wouldn’t generate the estimated $452 billion lost in America last year. Take away the profit motive, and the criminals will go elsewhere.
The cybersecurity space is a crowded one, but ThreatLocker is quickly climbing the ranks, placing 49th on DeLoitte’s “Technology Fast 500” with nearly 3,000% revenue growth over three years.
It has 500 employees in Maitland and another 70 in Ireland and Abu Dhabi. The company is aiming to go public with an IPO in 2027.
Jenkins, 44, is self-taught, a high school dropout from a working-class town in central England who found solace in the guts of computer systems. He and his wife Sami founded two email security businesses before founding ThreatLocker in 2017. Customers include the Orlando Magic, the Indianapolis Colts, JetBlue and Emirates Airlines.
A STRINGENT FRAMEWORK
As employed by ThreatLocker, zero trust only allows interaction among programs that the user has specifically authorized, in a system the company calls “allowlisting.” If someone phishes or hacks their way into the system, their reach therefore is limited, keeping the intruder away from the files containing personal or proprietary information and passwords — which are key targets of ransomware attacks that can yield big money. A second element, ringfencing, restricts how applications interact with others on your system.
“The way that most systems work is that they will (look at a file or program to) try to determine, ‘is that bad?’ And if it’s deemed to be something bad, it will shut it down. What we do is we just say, ‘Is this permitted in my environment?’ If it’s a piece of software that isn’t, it’s irrelevant whether it’s good or bad. It’s just blocked,” Jenkins says. “It’s the same principle with securing your house. You don’t let (just) anyone in your house … you say the only people in my house are people I want in my house. My family, my friends. And that’s kind of Threat-Locker’s philosophy is you only let run what the business wants run, and everything else therefore is moot.”
The idea isn’t new — Jenkins used a similar strategy more than 20 years ago — but the challenge was how to accommodate for the frequent updates for everything from your preferred web browser to Microsoft applications. “Everyone has this fear that it’s going to be hard,” Jenkins says, so he relies on demonstrations and test runs to calm people’s concerns. That has become an easier sell: “More people are willing to come and test the theory than they were five years ago because the problem is so bad now, they’re willing to test anything.”
To help customers decide what software should be allowed, ThreatLocker has built a database of 40,000 pieces of software that includes each program’s country of origin and what it could reach within your system.
“Would you install a coupon clipper to save 20 cents if it was made in China and can see all of your passwords for every website you went to?” Jenkins asks. “The idea being, whenever you install software, you create risk in your environment. The question becomes, is the risk worth the reward?”
That’s not just a hypothetical. Most customers who come to ThreatLocker have Russian software on their computers that they didn’t know about, he says. “If there’s backdoors on that software and we go to war with (Russia), they can shut (down) our computers in one button,” he says. “That’s the risk we have. We install all this software blindly trusting it. We’ve got to change the world. We’ve got to control what’s happening.”
Cybersecurity experts stress that it’s not a cure-all. “Zero trust has caught on as an idea” since being codified by the National Institute of Standards and Technology (NIST) in 2020, says Kevin Moran, an assistant professor of computer science at the University of Central Florida. But in the cat-and-mouse game of cybersecurity, there may be no world-changing silver bullet.
ThreatLocker’s platform employs a “zero-trust” framework. It only allows interaction among programs that the user has authorized. Big-name customers include the Indianapolis Colts and the Orlando Magic.
“Threats never go away,” he says. “There’s always going to be things like social engineering and phishing. And really the way to mitigate those is through training of employees. The type of security architecture you implement could limit damage if someone ends up getting in through one of those other attack methods. But companies are going to be facing cyberthreats pretty much indefinitely.” Jenkins remains bullish.
“You can’t train users” enough to stop intrusions, he says. Criminals adjust their attacks, and cybersecurity operators similarly need to change. “But the way we’re doing it, we don’t have to adjust nearly as often or as fast. Essentially, we’re an immobilizer for the car. Is it impossible to get hacked? No, nothing’s impossible. (But) it makes it incredibly difficult. And as long as we keep making it more difficult, it’s harder for them to make money.”
GETTING RESULTS
ThreatLocker claims some eye-popping results.
In a February economic impact report the company commissioned, Forrester Consulting found a 184% return on investment over three years. Consultants interviewed five senior people at four customer businesses, all of whom “reported no ransomware or malware incidents after deploying ThreatLocker.” The ROI estimate includes a resulting 10% reduction in cyber insurance policies and a dramatic reduction in third-party endpoint detection and response licenses.
Forrester, which coined the phrase “zero trust” more than 15 years ago, quotes an unidentified cybersecurity director for an unnamed transportation company with $9.6 billion in revenue and 11,000 network endpoints: “It’s very simple to justify the investment in ThreatLocker to company executives. I just have to pull up records of what it blocked and say, ‘That would have been an incident of a ransomware that would have taken down the entire company for an extended period of time.’ The justification is based on evidence. It’s not a fear-, uncertainty-, or doubt-based argument. It’s based on real events.”
After a six-month proof-of-concept trial, the Indianapolis Colts signed on with ThreatLocker a year ago. The zero trust structure “takes a lot of the worry out of the unknown,” says Colts’ Information Security, Risk and Compliance director Jack Thompson. Traditional endpoint detection and response is reactive, meaning “something has to happen for them to be able to identify that something is happening.”
ThreatLocker’s approach “shifts that posture from reactive to proactive,” Thompson says. “You only let things that should run, or that you’re expecting and know about, to run in your environment.” If a server or a laptop is compromised, “they wouldn’t be able to run anything. They wouldn’t be able to run ransomware on it because we didn’t add it as an application and create a policy to allow that ransomware to run.”
KEEP MOVING
ThreatLocker is not exactly an overnight success, but it’s a far cry from where Jenkins and his wife, Threat-Locker COO Sami Jenkins, found themselves in 2017. Their credit cards were nearing their limits. Danny had to have spinal surgery as he tried to build his product. Then Hurricane Irma hit, sending a neighbor’s tree crashing onto their house, damaging the roof and the pool plumbing.
“It was a bit of a mess,” he says.
Their homeowner’s insurance deductible was too high, and they didn’t want to use what money they had left to pay a contractor the estimated $40,000 in repairs. “I needed it in ThreatLocker. I needed it in the business,” he says. “It was cheaper for me to get up on the roof and get sunburned,” so he spent two weeks hammering in shingles and replacing pipes.
During ThreatLocker’s early days, Danny Jenkins hired two people to cold-call potential customers. At times, he answered calls to the company’s 24-hour support line himself.
“We ended up doing it for five grand in parts.”
He says he never thought of giving up. “Imagine you’re standing on the ground and (it) is collapsing toward you and you just start running,” Jenkins says. “You don’t really think this is a make-or-break moment. You’re just running. And that’s kind of how it was. … At the time you’re just saying, how do I get to the next step?”
He rented a small office that year for $500 per month and hired two people to cold-call potential customers. When he could no longer afford the rent, he kept one of the marketers to continue the calls from Jenkins’ house. In August 2018, he signed a customer with 110 endpoint devices at $50 per unit, which “gave us a stay of execution for a few weeks, and then we got investors.” Two years later, he secured ThreatLocker’s first institutional check from an investor with the company’s valuation at $10 million. A Series D funding round last year brought in $115 million.
Today, ThreatLocker has $100 million in revenue and a $1.5 billion valuation, he says. Jenkins is confident revenue will grow exponentially in the coming few years and plans on more than doubling the company’s staff. They’ve already outgrown the 40,000-sq.-ft. Maitland office space formerly inhabited by EA Sports, so Jenkins is looking for 100,000 square feet in downtown Orlando.
Jenkins, 44, grew up in Telford, Shropshire, which he describes as a working-class “middle of nowhere shithole” northwest of Birmingham, England. He was late to grow and frequently bullied, contributing to his decision to drop out of school when he was 15. He loved software, writing scripts and “pulling computers apart.” To get revenge on his high school tormentors, he created a batch file that would delete their homework from school computers.
This was before ransomware and hacking were lucrative criminal enterprises.
“I never ever considered doing anything bad, I mean other than deleting other people’s homework. I wouldn’t want to go to prison,” he says. Instead, he wrote to every company in town seeking an IT apprenticeship. It paid off. By 18, he was building network servers for a UK government office. When the dot-com bubble burst, he decided to travel around Europe, starting in Ireland, but was robbed of all his cash on his first day.
He wound up staying more than nine years, meeting and marrying Sami while working in corporate IT before they launched the email security business called MXSweep. That venture wound up in protracted litigation with investors over control of the company. The experience “very much has shaped ThreatLocker’s success,” he says. While ThreatLocker has raised $250 million in capital, “we still control the business. We made that decision very early on.”
He briefly moved to Malta after the lawsuit was resolved, but the high taxes quickly became a problem. He came to Orlando on a business trip and thought it was a good place to live and raise a family.
ThreatLocker has a ubiquitous presence across Central Florida, with ads appearing on interstate billboards and airport screening bins. In-person promotion at trade shows also is a key part of its marketing strategy.
KEEP MARKETING
“You have to tell the whole world your product exists and why they need it. (Those have) been the two principles we fundamentally live and die on,” Jenkins says. The more money ThreatLocker makes, the more Jenkins spends on sales and marketing. When seed money started coming in around 2018, Jenkins earmarked more than half to beef up his sales team. A colleague advised him to slow down a bit and make sure the money lasted. “What if it doesn’t work?” he asked.
“We’ll die fast,” Jenkins remembers saying.
As things started looking up, the COVID-19 pandemic shut the world down. ThreatLocker didn’t have much of a digital presence, relying instead on an aggressive schedule of trade shows and in-person presentations. Without those, “we’re done. We’ve got no way to get in front of customers.”
The ground was collapsing beneath him, so Jenkins kept moving. He went to “stupid people trade shows” in the summer of 2020 even though he contracted the virus at one. “Outside of that, we weren’t going anywhere. Trade show. Quarantine. Trade show. Quarantine.”
It’s easier now. Drive down a Central Florida interstate and you’re likely to see a ThreatLocker billboard. Toss your wallet and keys into a TSA screening bin at Tampa International Airport and you’ll see a ThreatLocker advertisement with the promise of 24/7 tech support within 60 seconds.
In-person promotion remains a priority. Threat-Locker had a presence at 850 trade shows last year. Jenkins spoke at 51 events, including one swing in which he visited six countries in five days, including Saudi Arabia, the United Arab Emirates and back to Las Vegas. The company also hosts “Zero Trust World,” an annual threeday conference in Orlando with presentations and training that drew 1,600 people earlier this year.
That’s how ThreatLocker landed the Colts. Thompson saw Jenkins speak at a 2023 conference and wanted to learn more about zero trust systems. “I mean honestly it sounded too good to be true,” he says. When he saw Jenkins at a similar conference later that year, their conversation led to a trial run.
Early on, Jenkins saw the marketing value in keeping the customer satisfied. When a hospital was willing to try ThreatLocker out, it asked for 24-hour support. Threat-Locker had a three-person staff at the time, including Danny and Sami Jenkins. “I just said, ‘Yeah, we offer 24-hour support.’” Support requests would come in via a chat system. To make sure he didn’t sleep through any, Jenkins installed ceiling speakers throughout his house with a loud alert, “New visitor in the queue.” One alert woke him from a dead sleep, and when he responded, the customer could see Jenkins’ ID. “Danny, why are you answering customer support at 2 a.m.?’” the customer asked. “I can’t tell this guy there’s three of us in the company. So I just said, ‘Oh, I was up online and saw your chat come in.’” He anonymized the system so all future responses came from “Cyber Hero.”
“Their cyber heroes are second to none from any other support that I’ve received from any other security vendor,” Thompson says.
With 6,000 customers serving 50,000 businesses, ThreatLocker handles between 200-300 live online chat tickets each day and boasts an average 23-second response time, which Sami Jenkins oversees.
“We run 24-hour shifts 365 days a year,” Danny says. “We never have less than 10 people in this office. And even during hurricanes and things we have emergency teams. We have people abroad, we dispatch people. We always say we go home when the hackers go home. We never stop. It doesn’t matter if the whole of Orlando shut down, we don’t care.”
He’s clearly comfortable as the chief promoter while Sami is more reserved, if not shy. Sharing responsibility for a billion-dollar company hasn’t proved to be a burden on their relationship.
“In some respects … it makes it a lot easier, because now I’m not going through stuff at work and then my wife not understanding,” Danny says. “Sami’s not going through stuff at work and her husband’s not understanding. We’re in the fight together, whether that’s employee problems, whether that’s customer problems, whether that’s investor problems, we’re in this fight together. It’s just really a partnership.”
Her office abuts his, with access through a hidden doorway.
He’s got a whiteboard in his office filled with scribbled ideas for improving their system and creating new products. Developers can get frustrated when promising ideas fail to get approved, he says.
ThreatLocker’s Maitland headquarters once housed gaming giant EA Sports.
“But we’re doing things that no one’s ever done before. When you do that, you get breakage. But it also means that’s how you change the world. If you go out and say I’m just going to copy someone, that’s China. We don’t want to copy. We want to lead.”