James Henderson

Architected in Australia, on Filipino foundations

There’s an old proverb in the Philippines, “he who forgets where he came from will never reach his destination.”

Often attributed to Dr. José Rizal – a national hero who inspired the Philippine revolution in the late 1890s – the English translation originates from the Tagalog version… “ang hindi lumingon sa pinanggalingan, hindi makakarating sa paroroonan.”

In short, don’t forget your roots.

“He picked up that my headspace was somewhere else so I was just upfront and said, ‘I’m thinking of setting up my own business’,” recalled Ferdinand Tadiaman, sharing his candid conversation with fellow co-founder Cameron Cumming.

“That’s when he said, ‘I’m thinking exactly the same’, so we made the call early to divide and conquer so we could get up and running as quickly as possible.”

Ferdinand Tadiaman and Cameron Cumming (Nueva)

That’s the 30-second version of Nueva – a company backstory based on past partnerships and a commitment to create new value in the highly competitive field of cyber security. All built from the ground up in Sydney at the height of COVID-19 in 2020.

Armed with an original mandate to serve an untapped and unprotected mid-market in Australia, Filipino influence flowed through the start-up from day one.

As the Spanish word for ‘new’, the business is named after Nueva Ecija – a landlocked province in the Central Luzon region of the Philippines – which is the hometown of Tadiaman.

Throw in a brand logo proudly housing a carabao – the national animal of the Southeast Asian country – and Nueva goes to market as a business architected in Australia, on Filipino foundations.

“The Philippines and Asia represents a huge opportunity for growth,” added Tadiaman, speaking as company CEO.

But launching into the Philippines is no public relations exercise. This is not another one of those surface-level arrivals in a market – hire a venue, throw a party, fire out a press release and make a big song and dance about nothing.

That approach only works if the growth pillars are in place, such as building a strong foundation of highly skilled local talent with growth anchored on a flagship customer.

“We have more than 40 employees in the business, 50% of which are based in either Luzon or Cebu regions,” Tadiaman explained. “We are leveraging our strategic work with Anytime Fitness in not only the Philippines but across Asia to kick-start our expansion plans.”

In a nutshell, Nueva has bona fides.

Building a talented Filipino team

The security specialist’s official launch into the Philippines follows more than four years of groundwork in the local market. This is a nation jam-packed with highly skilled talent across technical, operational and commercial functions, with notable attention directed towards a blossoming community of cyber security specialists.

To provide a scalable service that included not only implementation but ongoing management and maintenance, Nueva required a solid base of exceptional expertise to service current customers in Australia and future customers in Asia – namely in email security and identity management.

“We now have people based all over the Philippines,” Cumming said.

“Our first hire in the country was Ruvie in a sales support function, who continues to do an excellent job and has been promoted internally to now lead our sales operations. Ruvie knows our business inside-out and is growing all the time – she’s a great endorsement of what a standout employee looks like.”

In a sense, identifying talent was the easy part given this recruitment drive came in the middle of one of the world’s longest COVID-19 lockdowns. With the Philippines closed, team building in a pandemic represented a “very new way” of doing business for the early-stage start-up.

“We actually didn’t meet any of our team face-to-face until 2023 even though we set up the business in 2020,” confirmed Cumming, who holds the position of company CRO.

Looking back, Tadiaman acknowledged that setting up Filipino operations in such an environment was a case of offering “trust on steroids”.

“Big time,” he elaborated. “But we have a good judge of character and test candidates aligned to our values which focus on creating the right culture through hiring the right people. We do turn people down who are highly skilled on paper but don’t fit culturally.

“It’s very hard to gauge your new hirings at the start, especially in a virtual setting. Likewise, it was a case of vice versa in that our new team was also assessing us and the potential of what was then, a very new business.”

Whether launching in the Philippines or Australia, Tadiaman cited recruitment as the most challenging aspect of building a viable business in any market. While standout talent has the power to propel a company forward – it’s not always plain sailing.

“We underestimated hiring at the start,” Tadiaman shared. “The most challenging part – which is going to sound harsh – is actually knowing when to let someone go.”

In four short years, Nueva has made the mistake of keeping people on-board for too long even though under-performance and a lack of delivery was evident.

“We’ve learned the hard way,” Tadiaman said. “We always try to be transparent to people and we’re very trusting by our nature but we’re learning to not overshare and keep a balance. Because it only takes one bad apple.”

Building on Tadiaman’s authentic assessment, Cumming accepted that being compassionate leaders can be a “good and bad” quality for aspiring entrepreneurs.

“You have to be trusting and supportive but be careful because that can bite you as well,” he cautioned. “We’re growing as business leaders because of it and we both remain aligned on exactly what needs to be done. We just execute, then move onto the next task.”

One of those tasks was incorporating the business in the Philippines.

“Now that borders and markets have started to open up – and we’re selling into more territories – it has become more cost effective to set up shop locally rather than deal with third-parties,” Tadiaman acknowledged. “That equated to more margin and increased profitability.”

Ferdinand Tadiaman (Nueva)

Entering the Philippines was akin to delivering a large-scale complex project – the launch was reverse engineered with Nueva working backwards to set up the business for local success, aided by project management tools such as monday.com.

“What do we need to set up operations and process transactions?” Tadiaman asked. “What are the HR implications? How can we on-board ourselves through partner applications with vendors?

“It’s a lengthly and challenging undertaking but the beauty of it is that because it’s our business, we did everything we could and nothing was off limits in terms of effort and patience.”

Nueva has a small investment from a Singapore-based venture capitalist (VC) who is also supporting expansion efforts from a contractual and legal standpoint.

“We may grow to a point in which we both dilute our shares as a way of expanding into new territories – nothing is off the table,” Tadiaman said.

Anchoring growth ambitions on strategic customers

Nueva enters a local market with value-added resellers (VAR) and system integrators (SI) in abundance, challenged by the emergence of managed service providers (MSP) and managed security service providers (MSSP) seeking to capitalise on heightened demand for outsourced cyber security expertise.

With a solid Filipino team in place, customer conversations have also picked up pace in tandem.

Namely in the form of Anytime Fitness, a leading health franchise with gym branches located in Australia and New Zealand, plus Singapore, Malaysia, Indonesia, Philippines, Thailand and Vietnam. This is in addition to Hong Kong, China, South Korea, Japan and India.

“Having Anytime Fitness as a flagship customer in Asia is a huge endorsement of our capabilities,” Tadiaman added. “We are trusted to deliver outcomes and have the track record of delivery and transparency which resonates among executive management.”

As a strategic partner, Nueva is tasked with delivering IT and cyber security services to company headquarters and local branches – seat sizes range from 300 to 5-20 depending on the make-up of each franchise operation.

In essence, this is an ecosystem within an ecosystem – a right of passage to service an expanding base of gyms launching in every corner of Asia through the company’s approved partner program.

“Our focus is on following the growth of Anytime Fitness in the region which is initially in the Philippines but likely Singapore next, then Malaysia and Indonesia,” Tadiaman noted.

“Because we have executive-level relationships, we understand the forecast of how many new gyms will be opened up and when the refresh cycles are. There is more than 300 gyms currently and the plan is to ramp up to over 900 – so that will equate to X amount of laptops, hardware, software, security licences etc.”

Also on the table is expansion via Anytime Fitness market suppliers and partners in Asia, as well as Australian affiliate, Collective Wellness Group, and parent company, Self Esteem Brands.

“The Anytime Fitness opportunity isn’t just in the Philippines, we’re seeing growth across the region which has allowed us the opportunity to assess how each country is ran from a business model perspective,” Cumming shared. “That helps shape our strategy in terms of planting future flags in markets at some stage.”

Expansion isn’t solely dependant on Anytime Fitness however, as the company continues to acquire new customer logos outside of Australia.

“We were dealing with a bunch of customers in Australia – primarily in New South Wales and Victoria – and as our work expanded, so did our introductions into key executives focused on Asia,” Cumming recalled.

“Then the groundswell started to happen and we realised that this opportunity was a good fit for our business and what we wanted to achieve. That’s how it all evolved.”

Despite being primarily focused on 200-2000 seats – defined as mid-market to corporate – Cumming acknowledged “some anomalies exist” in the form of large-scale enterprise and public sector organisations.

“But our sweet-spot is between 200-2000 seats and of the 150 organisations that we are currently working with, approximately 70% fall into that category,” he calculated.

Nueva’s focus on strengthening the protection levels of Filipino organisations comes amid a resetting of end-user and ecosystem objectives in the country.

According to Business Insights: ASEANproprietary research produced by Moxie Insights – the top solutions and services that partners will deliver to customers across the Philippines during the next 6-12 months span:

  1. Applications (Migration, Modernisation)
  2. Cyber Security
  3. Data / Analytics
  4. AI / Machine Learning
  5. Cloud Management

This comes as 66% of local organisations prepare to consolidate outsourcing partners in an attempt to reduce product portfolios and drive enhanced levels of return on investment (ROI) from existing deployments (62%).

Creating a cutting-edge cyber portfolio

From a go-to-market standpoint, Nueva’s capabilities span Governance, Risk and Compliance (GRC), managed services and a combination of offensive and defensive security.

Offensive in the context of penetration testing, red teaming, phishing simulations, threat hunting and compromise assessment, alongside audits across applications, cloud, smart contracts, containers and microservices.

Defensive covers security across endpoint, network and cloud environments, supported by expertise in Identity and Access Management (IAM) and Security Information and Event Management (SIEM). This is in addition to management of vulnerabilities, patching and third-party risk plus security awareness training.

Cameron Cumming (Nueva)

“We can start from a blank canvas but it’s usually in the more traditional sense of businesses already backing a horse and tackling legacy issues,” Tadiaman explained. “But that’s not cyber security as a modernised approach and is more focused on product placement rather than deploying a complete solution.”

Despite point product fixes remaining rife in the mid-market, Tadiaman cautioned against such an approach given that new threats emerge on a daily basis in all markets.

“Legacy solutions is a common problem,” he shared. “Too many tools that are too difficult to manage. That creates a different GRC conversation and a need to understand the different security standards, whether that be by country or industry sector.”

In response, Nueva also takes the time to continually learn such standards – whether that be the Australian Essential Eight or ISO 27001 – before using this knowledge to help build cyber strategies for organisations.

“That’s a big differentiation because most partners attack the problem purely from a product standpoint,” Tadiaman added.

“We have ethical hackers who are very smart cookies and are capable of breaking into customer environments. We show those insights to customers and they are shocked because they still believe that breaches won’t happen to them – so we break in and show how common it is.”

In the early days, Nueva helped one customer tackle an overload of IT Service Management (ITSM) controls. More than 600 controls to be precise.

“We ran a gap analysis and it was huge,” Tadiaman recalled. “This massive spreadsheet mapped out every control and every solution to fix the challenge and become compliant.”

Drawing on more than 20 years of experience in enterprise and government sales, Cumming is well-versed in the below-surface conversations taking place within the market today.

For example, those new deals emerging in the Australian education space following a breach in which the responsible MSSP didn’t respond adequately. Or MSPs over-extending themselves attempting to build cyber capabilities to remain relevant and failing.

“It’s all used as a learning to tweak our own go-to-market strategy and ensure our team is showing up properly to customers,” Cumming said.

Whether in Melbourne or Manila, the default practice of “product flogging” stands tall as a raging epidemic within the partner ecosystem. Portfolios housing thousands of vendors, each possessing a catalogue of offerings that seldom integrate or operate in tandem.

Despite misguided vendor observations, cyber security isn’t like the early days of cloud, when end-user affinity to specific vendors such as Amazon Web Services (AWS) and Microsoft was commonplace.

Today, seldom do IT leaders bang on the table – fists clenched and eyes bulging – demanding the deployment of vendor A over vendor B. No longer does it matter if the colour of the box is red, blue or green.

“Do customers name drop vendors? Infrequently,” Cumming confirmed. “The vendors that we partner with understand that we are completely agnostic from the outset and only position best fit for business environments.

“The art is in asking the right questions from the outset to not only understand exactly what the vendor can offer but also how that may or may not translate into value for the customer.”

Within that context, Nueva has divided vendors into three core categories:

  • Strategic: Based on solid customer use cases and deep ties at technical, commercial and marketing levels.
  • Emerging: Up-and-coming players that are gaining market momentum and require further evaluation.
  • Supplier: Used in a handful of deals as tactical deployments.

Upon launching in Asia, strategic partners include AMD, Arctic Wolf, Cloudian, CrowdStrike and HP, as well as Illumio, KeepIT, LastPass and Skyhigh Security.

“The mature vendors are aligned with our approach,” Tadiaman added. “We have to be truly customer-centric because vendors can’t adopt that stance – whatever product they have is what they will always try to sell.

“Most of the time, it’s a case of too many solutions and the answer isn’t to throw another tool into the mix. Rather, turn on some of those capabilities and help overcome the under-utilisation challenge facing businesses today.”

Despite advocating for an end-to-end approach in security, Tadiaman acknowledged that point products offered a useful landing point upon which to launch a recurring revenue business from day one – starting with email security.

“We needed to start somewhere and our focus was on implementation and then monitoring – just focus on delivering a lot of value,” he outlined.

“Once we did that, we started delivering our own professional services which were initially sub-contracted until we were able to scale. Once we had a positive forecast and cash flow, we then hired additional people and built from there.”

Nueva’s MSSP business is also “growing quite drastically” under the leadership of Jeremy Paton as Field CTO and Pre-Sales Manager, who joined the business in October 2023.

“We’re building out a new service to take on 24/7 contracts and uplift our customers in terms of additional levels of support,” Tadiaman said. “Within the next year, we will split the revenue from MSSP, resell and professional services – both offensive and defensive security – to better understand how and where we should make future investments.

“Alongside Asia, Victoria will also be a huge growth driver for our business. We want to replicate our success in Sydney and build our on-the-ground presence to support our organic customer expansion so far.”


Inform your opinion with executive guidance, in-depth analysis and business commentary.