Surviving hacks and other tumult: Q&A with MJ Freeway CEO Jessica Billingsley

(This story has been updated from an earlier version to correct the number of MJ Freeway clients.)

As a co-founder of MJ Freeway, one of the best-known names among cannabis seed-to-sale companies, Jessica Billingsley is widely seen as an industry pioneer.

When she and Amy Poinsett co-founded the Denver firm in 2010, seed-to-sale tracking wasn’t a thriving sector.

Today, it’s an indispensable element of the marijuana industry, and the firm has processed more than $10 billion in legal cannabis transactions.

But being a forerunner doesn’t come without problems, and MJ Freeway has had its share.

It suffered a 2016 cyberattack that resulted in the theft of client data. The firm suffered another reported attack in January 2017 as well as multiple software outages later that year. More recently, MJ Freeway’s software system hit a new glitch in Washington state.

Despite those woes, the firm has continued to win contracts. Today, MJ Freeway has clients in 23 U.S. states and the District of Columbia as well as eight countries with legal marijuana industries.

Billingsley held the title of chief operating officer until May when she took over as CEO for Poinsett, who became chair of the firm’s board.

Marijuana Business Daily spoke with Billingsley about becoming CEO, leadership lessons learned and how the company tackled some of its most difficult challenges.

What are your biggest short- and long-term priorities as CEO?

Short term is a continued focus on relationships, with employees, clients and strategic partners.

Long term is to continue to innovate and to provide more value to our clients. A good business always provides more value than what its services cost.

If they’re using our services, they should either make more money on their top line or save more money on their bottom line.

The hacks and outages that MJ Freeway suffered in 2017 – could those have been prevented?

Could the hack have been prevented? Yes and no.

Now we know the specific points of vulnerability, they’ve been fortified, and we’ve added many additional layers of security.

However, as systems age and hackers get more sophisticated, the vulnerabilities are ever-changing.

So, in theory, every hack is preventable, and yet hacks are never 100% preventable. No company can claim they will never have one. Any company that says so is either lying or unsophisticated.

We suffered outages in 2017 that were not related to cyberattacks. We owned that and resolved that by launching MJ Platform, a much more stable, modern, elegant architecture.

It’s also important to note that we recovered 90% of our clients’ data. Former clients remember that we lost their data and that was hard for them to forgive.

When we recovered the data, we put wheels in motion to have it validated and returned it to our clients. I’ve learned that despite our calls and emails, not enough former clients have heard this news.

Why do you think those outages happened?

We just experienced some operational systems issues with our technology and the growth in volume that was transacting on our system. We’re now in the process of transitioning the very last of our customers still on that old platform and want to make sure that everyone’s on MJ Platform.

Is the lesson that companies need to look at these things more frequently, before they become too aged to handle growing demands?

When these outages happened, we had already launched our new platform and we were encouraging folks to transition to it, so I’m not sure what more we could have done.

Was there a better way to get clients to change from the older platform to the newer platform?

With any technology company, when you are introducing a new piece of technology, there’s always going to be early adopters, middle-of-the-market adopters and late adopters.

As a company, we raised our Series B fundraising at the end of 2015 with the intention of building this new product. I don’t think we could have been more visionary in terms of our timing for building it.

I feel we raised the money, we built the product and tried to accommodate our customers as much as possible in the transition to the new product.

Did you ever find out who was behind the attacks?

We have a tremendous amount of circumstantial evidence which points to a specific competitor. Our goal is to have full public attribution and we’re continuing to work on building a legal case.

Many Washington state MJ retailers have expressed concerns that MJ Freeway’s Leaf Data System isn’t recording sales and tax data correctly. What has MJ Freeway done to fix the problems, and is it enough to win a contract renewal with the state?

Leaf has recorded more than $1 billion in sales transactions in Washington state, which is on par with what is expected based on past sales trends. There is no credibility to the claim that sales data is not reporting correctly across Leaf.

We are full steam ahead with Washington State Liquor and Cannabis Board (WSLCB ) and expect to continue a productive relationship. I cannot speak directly to contract renewal at this stage.

To clarify a misconception, tax reporting is not currently a feature of Washington’s Leaf Data System.

Tax data is entered by cannabis licensees outside of Leaf. Tax reporting is a newly requested functionality that did not exist prior. We are able to add this feature and are currently working with WSLCB to set the release date.

What are biggest changes you’ve seen in the cannabis industry in the past several years?

The plant-touching companies are either consolidating or launching on a very large scale.

We’re seeing economies of scale become increasingly important. We’re seeing more and more enterprise cannabis companies that need sophisticated technology.

This interview has been edited for length and clarity.

Omar Sacirbey can be reached at [email protected]

One comment on “Surviving hacks and other tumult: Q&A with MJ Freeway CEO Jessica Billingsley
  1. Morgan Glenn on

    We still have bugs in the platform and they are trying to charge us after saying they wouldn’t. They never reconstructed our hacked data. We aren’t compliant still. And sakes take an hour to update. So we never have our real numbers in real time. Disaster.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *