With a career spanning over 25 years in sales, Duncan Butchart now leads as VP of Sales for OnSecurity. His journey began far from the cybersecurity world – born in Venezuela before relocating to the UK as a toddler, where he grew up in a bustling household alongside his identical twin brother and two older sisters. Behind his impressive track record of sales success lies an intriguing career evolution.
Surprisingly, Duncan never studied business or sales at university. In fact, he didn’t attend at all. “I often wonder what I would have studied if I had,” He says thoughtfully. “Looking back, I think I would have enjoyed Economics or Architecture—two areas I’ve grown increasingly interested in over the years. I find markets and business fascinating, and I feel incredibly relaxed and inspired by great architecture and the thought processes behind it.” However, he expands that he did not feel particularly compelled to pursue higher education. “For me, the ROI just wasn’t there. So, I went against the grain - choosing a different path despite the expectations of my family, friends, and the education system. This decision caused some friction at home for a few years, but ultimately, I outperformed my siblings in many ways, which reassured me that I had made the right call.”
Outside of work, Duncan enjoys spending time outdoors—whether that’s with his fiancée, their children, or the family dog. “I’m passionate about sports and always feel like I don’t get enough time to enjoy them. My love for the outdoors has always drawn me toward the countryside, mountains, and ocean. I love the wilderness, exploring, and the feeling of being self-propelled or powered by the elements - waves, wind…”
“I’d describe myself as a progressive person, both mentally and physically. I’m always curious about improving my surroundings and doing my best—whether that’s in work, family, friendships, or society.”
What initially drew you to the cybersecurity industry?
Duncan's path to sales success began unexpectedly at 19, after what he describes as "a rocky start" while still developing his professional ethics. "I eventually realised I was good at it, and I've never looked back," he recalls.
His career took root in the late '90s communications industry, starting as what we'd now call an SDR in 1999, selling voice and data circuits. "Those who've been in the industry long enough will understand the perspective I gained during those early years," Duncan explains.
When broadband disrupted the market, Duncan made his first pivotal move, joining a startup selling connectivity and security technology in 2000—his introduction to firewalls. "We found a successful niche serving small, geographically dispersed businesses with minimal but critical data transfer needs," he says. Their model thrived.
His performance caught Easynet's attention, launching an eight-year journey riding the wave of modern networking technologies and gateway security products. This period culminated with three years in the U.S. helping establish their American presence.
Upon returning to London, Duncan joined Blue Coat Systems, a decision reflecting a crucial insight: "At the tail end of my Easynet days, I noticed customers cared less about how data was transported and more about data integrity and security." This observation cemented his shift to cybersecurity.
"Blue Coat was an incredible company," Duncan reminisces about his time at the proxy technology leader. "We faced challenges during my first two years but then went on a monumental run—going private, experiencing massive growth, preparing for an IPO, and eventually being acquired by Symantec. It was an incredible ride."
How has the conversation with clients about security needs evolved in recent years?
"Just as companies began to care less about the transport medium - the network - and more about securing and understanding their systems and data, I've also seen a shift in how customers prioritise their security programs and spending," Duncan explains, adding how security practices have evolved from a purely defensive approach focused on perimeter control to a more comprehensive strategy.
As cyberattacks began to grow in frequency and gained media attention, organisations shifted their security mindset. The implementation of GDPR further accelerated this transformation in how companies approach cybersecurity. "While defensive strategies and overall security architecture remain just as important, there's now a correct acceptance that security incidents will happen. Companies have recognised the need to be prepared - not just technically, but also at the executive level - with a clear response strategy and messaging."
"I believe this is still an evolving area," Duncan adds, "but incident response and crisis management are becoming major priorities, as they can determine whether a company survives a cyber incident - or suffers a catastrophic loss in value and reputation. It's not unlike any other major disaster that resonates with society. A massive oil spill for BP is just as damaging as a cyberattack that compromises employee safety, customer data, and critical operations. How a company responds in those moments often defines its future success - or failure."
How has the cybersecurity threat landscape evolved since you began your career in sales?
"In the early days, I saw the criminal behaviour behind cyber threats as something like graffiti - a form of expression, often carried out by individuals with no real intent to cause harm or gain financially," Duncan says. "It was more about curiosity, experimentation, and proving technical ability. But things changed dramatically when organised criminal networks entered the space. Suddenly, we saw the emergence of industrialised toolsets and an entire cybercrime marketplace. The financial returns became real, attracting highly skilled individuals and well-structured criminal groups who optimised their operations to maximise profit. "Then came nation-states," He continues, "leveraging cyber as both a weapon of warfare and a tool for espionage. This escalation made it clear that the motives behind cyber threats had expanded significantly, making the problem far more complex and impactful. Today, we're in a commoditised era of cybercrime—attacks are everywhere, and they've become business as usual for many organisations.” He pauses thoughtfully, then concludes: “The irony is that even companies that prioritise security still struggle because the sheer volume and sophistication of threats continue to evolve faster than defences."
Do you have any predictions for the future of cybersecurity selling as technology (and threats) grow more complex and capable?
"Selling has evolved massively over the last 25 years," Duncan notes. "Today, customers don't just want someone to sell to them - they want partners who truly understand their challenges, offer insights, and help them progress their plans. Expert knowledge is key, and we need to be conscious of that." "One thing that has remained constant for me is the need to simplify the message, clearly communicate value, and continuously validate. The best sellers operate with direct and progressive questioning, always focusing on helping customers buy and transform - rather than just pushing a product." "Cybersecurity sales is particularly challenging," Duncan explains. "To succeed, we need to consistently extract and leverage knowledge from those around us - whether that's from technical teams, industry experts, or our customers. The more we learn, the better we can guide customers toward the right decisions." When asked about emerging threats, Duncan says, "When it comes to new threats, I believe we'll see more of the same - with criminals continuing to refine their methods to turn attacks into financial gain. Cybercrime is now a business, and attackers will keep evolving their tactics to maximise returns." "For companies - and this is where we sit - the real challenge will be improving response capabilities. Businesses must be able to demonstrate what controls were in place, what was bypassed, how it happened, and - most importantly - why it won't happen again."
What do you think sets OnSecurity apart from competitors in client conversations?
“In order of importance, I’d say: our people, our offering, and our teams within the company,” Duncan says.
“From the outside looking in, OnSecurity is impressive - particularly in terms of our platform and customer engagement capabilities. The way we market and present ourselves is also a standout factor. Internally, we run a slick, efficient operation, driven by a lean team and a powerful platform. Our testers are exceptional.”
“In a recent project, we had to submit tester profiles, and while I won’t mention specifics, let’s just say our profiles alone opened doors. Without the right people and expertise, we wouldn’t have even made it past that stage.”
“Lastly, the area we are constantly refining is execution - how quickly and consistently we deliver great customer outcomes and drive sales growth. That’s where we’re always pushing to get even better. This is the sales team.”
