What is success and failure for a cybersecurity startup? The failure of a cybersecurity startup often looks like success from the outside, with most better off selling early. So why don’t the typical startup rules apply in cybersecurity, and why are more traditional unicorns so rare?
Check out these posts for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Ross Haleliuk, author, Venture in Security. Be sure to check out Ross’s podcast, Inside the Network, and his book Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup. Our guest is Sid Trevedi, Foundation Capital.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, Nudge Security
Full Transcript
Intro
0:00.000
[David Spark] What is success and failure for a cybersecurity startup? And why are some of these companies not a great fit for the typical VC model?
[Voiceover] You’re listening to Defense in Depth.
[David Spark] Welcome to Defense in Depth. My name is David Spark, I’m the producer of the CISO Series. And I have a special treat for you all, a special sponsor guest, none other than Ross Haleliuk, who is the author of Venture in Security. Those of you in cybersecurity have been reading Ross’s stuff.
Ross, say hello to the audience.
[Ross Haleliuk] Hi. Hi, Dave. Hi to all the listeners. Happy to be here.
[David Spark] We are thrilled you’re here. We’re going to be talking about something that you wrote. But before we do that, I do want to mention our spectacular sponsor, and that would be Nudge Security, SaaS security for modern work. If you have SaaS applications in your environment, and my guess is everyone listening has SaaS applications in their environment, you’re going to want to listen to what we have to say later in the show.
But first, let’s talk about our topic at hand, Ross, and that is something you wrote. And here’s my question. Why is the cybersecurity startup market so singular? Ross, you said that a failure of a cybersecurity startup often looks like success from the outside, with most better off selling early. So, why don’t the typical startup rules apply in cybersecurity?
And why are more traditional unicorns in cybersecurity so rare? What do you think? And I know this is a big answer, but I’m looking for a quick answer from you here on this one.
[Ross Haleliuk] Yeah, that is a good question. So, first of all, I don’t think that the standard rules do not apply. I think they do apply very well. What is different about cybersecurity is the fact that because of the high importance of trust and trust-based relationships, it’s easier for startups to get those initial several customers and sort of stay at that level where they have enough revenue coming in so that they can continue existing, but not enough for them to grow rapidly and scale.
[David Spark] That’s a really, really good point. And that does make them unique to others because of sort of how the environment operates. And again, I can’t speak for other industries, but I do understand this industry very well, as does our guest here today, who we both know very well, and you do a podcast with this person, and I met him over at Black Hat.
And who better to talk about this discussion than someone who is a VC themselves? So, we have the partner over at Foundation Capital, none other than Sid Trivedi. Sid, thank you so much for joining us.
[Sid Trivedi] Thank you for having me, David. And great to see you as well, Ross.
What is everyone complaining about?
2:40.949
[David Spark] Spencer McGalliard of HealthEquity said, “When I look at the amount of cybersecurity startups, my first thought is we have this many because we have so many organizations that are not able to deliver their own purchased security stack internally, don’t know its capability, and subsequently go out and seek extra luggage they likely don’t need.
Let’s be honest, we are way over complicated in cybersecurity right now. It’s really not that hard to secure and harden correctly upfront. It’s not.” Oh, I know many people who would argue with him on that one, but that’s Spencer’s comment. Keir Lane of ID-Y said, “Many times I feel like VCs are the only market participants that are getting value from how confusing the solution landscape has become.
It certainly isn’t the security leaders. And in most cases, it’s not the vendors as they struggle mightily to differentiate themselves. Startups focusing on systems that help security leaders make quick risk-mitigated purchasing decisions could be an important new frontier in the industry.” So, these are really sort of ambitious opinions here, Ross.
What’s your take on what Spencer says, “Hey, we’re over complicating it,” and I would love that to be true, but I fear it’s not. And Keir’s comment of, well, only the VCs are making money here.
[Ross Haleliuk] So, the way I think about it is that there aren’t really that many cybersecurity startups. And I know most of the people in the industry would disagree but think about it this way. There are about, what, 4,000 to 6,000 companies. Is that a lot? I think it is. And for somebody who has worked in the industry for a long time, it is certainly much more than they had 20 years ago.
It is true. But what else has changed in the past 20 years? There was no public cloud 20 years ago. Amazon launched AWS in like 2004, 2005. There was no iPhone. It was launched in 2007. There was no widespread adoption of the IoT. Social media hasn’t really started. Like Facebook started in 2004. So, the world has changed.
And with that, so did the number of companies in any industry. You look at financial technology, like over 30,000 companies. You look at marketing technology, like the same, like 30, 40, 50,000. You look at HR tools.
My point is this. If cybersecurity is indeed and everybody’s problem, then having 4,000 to 5,000 startups is probably not as many. In fact, I would argue that we do need cybersecurity companies. We need more cybersecurity companies. First of all, we need to have a way to innovate as fast as the adversaries do, right?
They continue to invest their effort into developing technical capabilities. We need to do that too on the defense. How we do it? True security startups. We need a way to educate the market about the new problem spaces, about the best practices. Like for example, the MFA only became a best practice because there were so many great companies, because companies like Duo would go out and would educate the market, would educate security leaders, and would make it incredibly easy to implement.
There are also many other reasons for startups to exist. One of them is that they’re laying the foundation for others to succeed in the space. There are not that many startups. That’s my point.
[David Spark] That’s a good argument right there. All right, Sid, I throw this to you. I like this argument. And by the way, we’ve seen numbers all over the mark. You said like between 4,000 to 6,000. I think there’s somewhere between 3,500 to 4,500 regardless. And this is because I talked to a couple of analyst firms regarding this that have actually been counting.
I don’t think that number really means anything. It’s really the solutions that are being provided. I mean, that’s really the market you’re looking at, right, Sid?
[Sid Trivedi] That’s correct. And I think the advantage here and where I disagree with Spencer and Keir is the advantage of having these solutions is so that we can go after the threat actors. And we have some significant threat actors that we’re dealing with. And Ross kind of pointed out some of the ways that those threat actors have become more and more advanced in their approaches.
We have to stay just as accessible in dealing with those approaches and trying to find ways to defend against them. The second point that I’d probably add to all of the great points that Ross mentioned, and I think there’s this big debate in the security community about platform versus best of breed.
And I think part of that is being highlighted in these two comments from Spencer and Keir.
And look, I’m squarely on the point that best of breed is the right approach in cybersecurity, and there are three reasons why. The first reason is that at the end of the day, the CISO’s a very technical buyer group, and they usually have multiple other people under them. So, they actually have the ability to go and use a whole multitude of tools to go after different pieces of the problem and have the best tool for every specific piece of the problem.
The second point that I’d highlight is the threat actors are very, very unique. They’re particularly smart in how they go after environments. And as a result, you actually do need the best tool that’s available. And then the third point I’d highlight is that there’s actually dollars at work in that if a threat actor gains access to underlying data and is able to exfiltrate that data, there’s a real loss.
There’s a loss of somebody’s privacy. But at the end of the day, there’s at some point a loss of actual monetary value. And when those situations are happening, you don’t want to compromise. You’re in the business of trying to buy the best tool that has the best bells and whistles that are available so that you can go and protect against these nefarious threat actors.
Why are they behaving this way?
8:25.156
[David Spark] Allan Thompson, who’s working at a stealth startup himself, said, “Most cybersecurity startups lack the go-to-market talent at the top. But more importantly, they do not hire the proper sales teams to execute. Most CEOs believe the product will sell itself. That’s only one key part of the overall ingredients it takes to go public or to be attractive to get a positive exit.” I know both of you have strong opinions on this, I’ll get to you in a second.
But let me read Aurelia Wiest’s comment from Illumio, who said, “The lack of go-to-market is one of the reasons they rely so much on POC. Selling features rather than business value is a common thing amongst these so-called unicorns. Unfortunately, it doesn’t cut it anymore. Perhaps it never did, but now it’s plain to see.” So, both of them complain, hey, maybe they’re creating great products, but they don’t know how to sell to the market.
What do you think, Sid? And I’m throwing a very broad brush here. Some are good, some are bad. But in general, how do you see the cyber players playing?
[Sid Trivedi] I think both of them have unique points of view. I think Allan’s point that security startups, and maybe I’ll be very specific in saying security founders, typically lack the go-to-market talent at the top and don’t recognize how important go-to-market talent is. Sometimes they do, as Allan points out, think more about the product and the fact that their product is so unique will in itself kind of sell it to CISOs, and they don’t realize that there’s a whole process to actually getting a product to ultimately be a purchasable solution.
And I think the most important thing that I like to highlight, at least with the founders I work with who are more technically oriented, is recognizing that sales and marketing is its own sub-vertical within a company. And you want to get high-quality talent to go and build out those two functions. And my recommendation for founders who are listening to this is really around empathizing with the other person, empathizing and understanding why sales talent exists, why marketing talent exists, what the CISO is really looking for from those individuals, and then recognizing that there are cross-functional roles.
Like sales engineer, which is a role that sits between engineering and sales and is able to actually explain the product to a customer segment.
[David Spark] All right, Ross, you have written about this a lot. What are the common problems you’re seeing with startups and go-to-market?
[Ross Haleliuk] I think fundamentally the number one problem is the fact that it is incredibly hard to evaluate cybersecurity tools. Well, a lot of the cybersecurity innovation is deeply technical, and the value of those tools is incredibly hard to analyze. Because the value of the tools is hard to analyze, it is also incredibly hard to communicate.
So, what we are seeing in the market is the struggle to communicate the value of the cybersecurity innovation to the technical buyers. And then on the technical buyer side, it is the struggle to understand how is one tool better than the other? Like if you’re looking at two EDR vendors, how can you objectively analyze the efficacy of those tools?
The reality is you cannot. Yes, you could potentially do your very, very best, try to emulate all the possible attacks, see how each of the tools responds, and hope that tomorrow they’re going to respond in the same way and they’re going to continue keeping you safe. But then fundamentally, you’re still making a bet that this vendor is good.
And it doesn’t matter how you think about it. There is no way for you to objectively, once and for all, say that this tool offers a better coverage than this other tool. And because such objective comparison is not possible, companies resort to marketing buzz and having to generate that buzz in all other ways, and that is what I think is causing this, what some CISOs describe as a mess in the industry.
[David Spark] Well, first of all, forget about reviewing it like through a POC. There are many CISOs who buy the product, have it in their environment, and they still don’t know if it’s working at the level that they paid for. Sid, you’re nodding your head.
[Sid Trivedi] 100%. That happens and sometimes they don’t even deploy the product. Forget about knowing whether it works. They haven’t even deployed it.
[David Spark] That I can tell you it definitely won’t work.
[Sid Trivedi] And I’ve seen those situations.
[David Spark] Hold it. How often is that happening? They pay for it, and they don’t deploy it. Because I know I’ve seen this happen in other industries. But how often have you seen this happen?
[Sid Trivedi] I can tell you on the board meeting side because I see this a bunch at board meetings. The larger companies, when I’m thinking about Fortune 500s, my hunch, 10 to 15% of the products they buy, they don’t even deploy.
[David Spark] Really? 10 to 15? So, it’s literally, they’re throwing 10…
[Sid Trivedi] Honestly, it might even be more.
[David Spark] What do you think, Ross?
[Ross Haleliuk] I think what makes the problem even worse is the fact that even if you do your very best, and if you deploy the solution at the moment when you buy it, the tools evolve, and the coverage the vendor offers also evolves. So, the only way you can stay up to date with the security coverage that the specific product offers is if you continue going back every several weeks or every several months or however long that is and making sure that everything is still being configured the right way, you’re still utilizing the best coverage the vendor can offer.
But that doesn’t happen too often.
Sponsor – Nudge
13:53.484
[David Spark] Before I go any further, I do want to tell you about our absolutely spectacular sponsor, and that’s Nudge Security. Let me ask you a question. How big is your SaaS attack surface? You probably don’t know the answer unless you’ve been using a great solution like Nudge Security. You can find out with Nudge Security.
Their patented approach to SaaS discovery finds all SaaS accounts ever created by anyone in your organization, including generative AI apps on day one of your free trial. You don’t need any prior knowledge of an app’s existence, and no agents, browser plug-ins, or network proxies are required. For each SaaS app discovered, you’ll see a list of all the users, the MFA coverage, SSO enrollment status, breach history, and more.
You’ll also have a full inventory of all app-to-app OAuth connections, scopes, and risk scores with the ability to revoke risky grants with just two clicks.
Nudge Security also includes playbooks to automate tedious, time-consuming tasks like user access reviews, employee offboarding, and more. You can actually take control of your SaaS security posture with Nudge Security. Why don’t you take advantage of this? Start a free 14-day trial over at nudgesecurity.com/cisoseries.
And that’s important, include the /cisoseries when you go there, nudgesecurity.com/cisoseries. Check them out.
Who’s losing out there?
15:24.300
[David Spark] So, Jon G. Shende of Cognizant said, “We typically see several cybersecurity startups solving the same problem operate in parallel and generate enough revenues to survive. Now, why others may fail, one reason is a lack of understanding from investors. I cannot tell you the number of investors who say, ‘I don’t know what your product is about, so I’m going to stick with what I know.’ In my opinion, this mindset is why the ‘me too’ and different companies offering a variation of the same ‘solution’ gets funded.”
And by the way, we’ve seen this many times. One company takes off and then everybody wants to buy more of that kind of company in that industry. We’ve seen that many times. Jared Ballou of DirectDefense said, “If IPO was your only plan, trouble is on the horizon, and we are unfortunately starting to see the cracks in the foundation because of it.
Unfortunately, we’re going to see a ton of collateral damage, workforce firings, because of poor planning, irresponsible spending, and bloated valuations.” Bloated valuations, we see a lot. Sid, I’m going to start with this last comment here by Jared about bloated valuations. Do you think the valuations are bloated?
I know you would love them to be nice and high, but let’s get the truth out of you. Do you think they’re bloated?
[Sid Trivedi] Actually, I’d prefer that they’re low because at the end of the day, I’m trying to invest in these companies, and I’d prefer them to be lower value. [Laughter]
[David Spark] Well, I’m talking about once you own them, you want them to be bloated, don’t you?
[Sid Trivedi] No, we don’t. I mean, at least at Foundation, that’s not our goal. We want to build long-term sustainable businesses and if you have companies that are well overvalued, it makes it very, very hard to build a long-term sustainable business when you have a down round happen and employees are impacted with their equity shares.
[David Spark] Hold it. I’m sorry, walk me through the details. Some company has a valuation of X million or billion, who knows? The whole market thinks it’s bloated, but they’re promoting it. They’ve put out press releases for this. What is the negative impact of that? Walk me through that.
[Sid Trivedi] There’s kind of three things that make it hard. One, when you have bloated valuations, you also have to hit specific revenue targets.
[David Spark] Ah.
[Sid Trivedi] So, you’re sitting in board meetings, and I’ve sat in many board meetings where valuations were much higher than they should be, and we obviously went through that in ’21 and ’22, and you’re having to tell the founders that you have to hit X revenue threshold or Y revenue threshold. And that’s very stressful for everybody, not just the founders, every exec team member.
The second issue ends up being that most new employees, when they’re being hired, they look at the 409A valuations and they look at the valuation of the company and they feel like, hey, this is going to get turned around. There’s going to be a down round, and my equity shares won’t be worth what they’re worth.
That makes it very hard to kind of convince somebody to join the company. Then the third thing is that let’s say you do figure everything out and you start to grow, but you’re not growing at that pace that you were expecting, that first point that I highlighted. You may actually have a very good business that’s well overvalued, but it still has to go through some type of down round.
And that’s very, very uncomfortable for all parties. When there’s a down round that happens, customers realize it, partners realize it, investors realize it, and of course, employees realize it.
[David Spark] Very wise explanation. Thank you, Sid. All right. Now I want to talk to you, Ross, about what Jon Shende says here, which is sort of this “me too” behavior of products. One kicks it and all of a sudden there’s a ton more. Now, there is the thinking of, well, I only need two, three, four, five percent of the market to have an extremely successful business.
Why not chip away a little bit at that? Like, is that a legitimate way of thinking of building sort of the next startup?
[Ross Haleliuk] I will probably go in a completely different direction trying to answer this question. And I will ask you, how many social media apps do you use? I use quite a few. I have Signal. I have WhatsApp. I have LinkedIn. Well, I don’t have Facebook Messenger, but I used to have Facebook Messenger.
I use Slack. It’s a lot. Do all of them need to exist? Like some might argue that, “Well, we just need like one social media app, the app, and that’s it.” But that’s not really how the market works, right? The nuances and the differentiation is important. So, let’s now apply the same idea to cybersecurity.
When you look at the same category, you typically see companies that from the outside look very similar or almost the same. The question is, are they truly the same? Often it’s those differences in approaches that turn over time into different products, different directions the company can take, and so on and so forth.
The challenge is that companies are not great at communicating their differences. And that I think goes back to the previous question we’ve just covered, is that it’s the communication of value, the go-to-market strategy, the positioning that seems to be suffering. But at the same time, I do believe that having five or six products of the same category is incredibly important because it is competition that forces innovation.
It’s competition that forces new approaches to develop. It’s competition that forces companies to lower their prices, to improve the quality of the products they’re offering. In the market in which only one vendor is tackling one problem, we end up with high prices, we end up with vendor lock-in, we end up with bad quality, and we don’t want to do it in cybersecurity.
No one said it could be easy.
21:05.773
[David Spark] Jerome Tetreault of Evidence said, “Cybersecurity is a very cluttered space with many good products, many mediocre products, and most often, the customer requires good configuration and hygiene,” that’s key, “Not a stack of eclectic solutions.” This is an argument against best of breed, Sid.
I’m just going to throw to you on that, “But most of these companies will not survive.” Richard Rushing, who’s the CISO over at Motorola Mobility, said, “It is always harder than it looks. Given these macro and economic headwinds in the industry, this will not be the faint at heart. Also, I do come from the world where I used to get asked, ‘Is that company still in business?’ Do not write off companies that are struggling, understanding how they will make it through these issues, and watch closely.
We all know the warning signs of trouble.”
So, first, one of the comments that I have heard, by the way, Sid, and this one just reared its head about a year and a half ago from a few CISOs is, “I look at platform plays solely because I can’t train my staff on 20 different products.” That I have started to hear. Then the other thing is the big argument was, “Well, the platform, they have the integration.” A lot of people are saying, “Well, that doesn’t really happen that well.” [Laughter] That I’ve heard also as well.
Now, but going to Richard Rushing’s comment, I really support this line of, “Hey guys, launching a startup’s tough. It’s really, really tough.” I know you see that all the time, Sid. Yes?
[Sid Trivedi] It’s incredibly difficult, David. I think it is the hardest experience you can have in your career is being a founder. It’s just every day is a roller coaster and there’s fires everywhere and you’re trying to [Laughter] blow out those fires. And every time you think something’s working, something else stops working.
And the number of times I’ve had to have those conversations with founders is I don’t think there’s a day that goes by that those conversations don’t happen.
[David Spark] Well, and also I have to feel, and I feel this myself in my own business is, there is something I know I want to do. I know this will be successful, but I am dealing with so much today that I can’t even put my hand on that any. I’m sure your founders have that problem all the time too, yes?
[Sid Trivedi] All the time. And the most important point for many of these founders that I have to push them to think about is get to the 50,000-foot level. Make sure that you have some opportunity to step out of the nitty gritty, the day-to-day problems, and try to understand where are you taking this company?
Six months from now, a year from now, five years from now, where are we going? Where is the ship headed? Not just what’s happening today, tomorrow, next week.
[David Spark] That’s a very, very good point. And it is hard to get mired in the day-to-day because there’s no question, everyone can fill up their 8, 12 hours a day of doing whatever that doesn’t sort of makes you look productive.
[Ross Haleliuk] Does it not sound very much like being a security leader, right? You could be doing all kinds of different things. You could be being very busy. You could be tackling your day-to-day fires. You could be helping people to achieve goals that may not be as important to achieve. Or you could take a few steps back and you could ask yourself, “Okay, what are the truly important problems I need to solve?” and tackle those first.
[David Spark] Yeah. So, let’s get to the comments here. This first one from Jerome saying, and I think this line is the key, the customer requires good configuration and hygiene, not a stack of eclectic solutions. I think the relationship, the partnership relationship, which we hear from CISOs all the time, that’s what they want.
They don’t want to be sold a product. They want a partnership. Are you seeing more startups understanding the criticality of that kind of relationship, Ross?
[Ross Haleliuk] I am starting to see it more and more often. And I think it comes down to several factors. First of all, it comes down to the buyer behavior and what buyers themselves are emphasizing as important. In some companies, running a security program has been substituted for shopping. And in those kinds of circumstances, when you see security leaders just saying, “Hey, I just need a tool X to cover my Pokémon chart,” it kind of doesn’t matter how much effort it is going to take to implement the solution.
But in my mind, those cases are really the past.
Today, security leaders are incredibly pragmatic, and one of the things that they’re looking at when they’re buying or considering to buy a product is the total cost of ownership. How much effort is it going to take for me to adopt this tool? How much effort is it going to take for me to train my employees?
How much effort it is going to be to keep it up to date? And again, just buying tools and stacking them up on top of one another is not going to solve all the problems. We definitely have to simplify the architecture. We have to try and, as much as possible, avoid the ever-growing complexity of the stack.
We have to allocate enough time for the tooling to mature and not just replace it every year and a half. There are many pieces that come into play, and we are now understanding it, and we are now prioritizing the right things. So, I can only see it moving in the right direction.
[David Spark] Ross, Sid, you two have slammed so much knowledge for our audience. I greatly, greatly appreciate it. But now I’m going to ask you first, Sid, the question of which quote was your favorite and why?
[Sid Trivedi] I think the best one for me was from Allan. And this point that most cybersecurity startups lack the go-to-market talent at the top. I find myself repeating that again and again. We are a community where most security startups are started by very technical founders. And those technical founders, they just don’t empathize with the fact that sales and marketing requires high quality talent, and there’s a whole process to close these deals.
It’s not purely just whoever has written the best code wins. And I think that’s a really important point to highlight.
[David Spark] That is a good line. Whoever’s written the best code doesn’t necessarily win. All right, Ross, your favorite quote and why?
[Ross Haleliuk] I would probably say Jerome’s quote about the fact that the customer requires good configuration and hygiene, not just a stack of eclectic solutions. You see, it all comes down to user experience. I think when I look at the companies in cybersecurity that do become successful, I keep seeing one pattern repeat itself all over again.
It’s the user experience. It’s the ease of use. It’s how easy it is to configure the solution, how easy it is to buy it, how easy it is to do a POC, how easy it is to keep it configured and maintain the currency of the product. It’s those factors that are very, very far away from having the best detection capabilities.
It’s those factors that win deals. And it’s those factors that, in my view, more founders should be prioritizing. Historically, cybersecurity hasn’t had the best UX, but we, again, I think we are now starting to realize the importance of it because we have seen that companies that offer great experience tend to get adopted more frequently, tend to get better reviews, and tend to have CISOs have much better feedback and evangelize with their peers, saying that, “Hey, this is a great product.
You should try it.”
[David Spark] I love that.
Closing
28:37.878
[David Spark] And what a great spot to close. Thank you very much, Ross and Sid. I’m going to let you guys have the last word, but first, I want to thank our sponsor. That would be Nudge Security. Remember, nudgesecurity.com, SaaS security for modern work. Please check them out. They’ve been a phenomenal sponsor of the CISO Series.
They were also the winner of our second season of the Capture the CISO competition. All right. You guys have your own show. Please, I want to hear about that. Please, if people are not reading Ross’s blog, Venture in Security, I mean, the amount that you write about and the research you do on it is phenomenal.
I am in complete and utter awe of you, Ross, with that blog. So, if you’re not already currently subscribed and reading it, you should be, following Ross on LinkedIn. By the way, we’ll have a link to all of that on our site. Guys, please make a plug for your show and we’ll get you some listeners over there.
[Ross Haleliuk] Okay. So, if you are interested in learning from the absolutely best and some of the most successful founders globally in cybersecurity, how they build companies, how they took products to the market, how they exited at billions and billions of dollars valuations, how they got their companies from like hundreds of millions in revenue to billions dollars in revenue, check out Inside the Network.
It’s a fantastic podcast. We launched it several months ago and it’s been a great success so far. If you’re interested, if you’re an aspiring founder or an early-stage founder, you’re interested in learning how to build cybersecurity companies and what to look for, check out my book, Cyber for Builders, on Amazon.
[David Spark] Which is doing very, very well. Sid, anything to add to that?
[Sid Trivedi] No, just we’re really, really excited to have Inside the Network launch. The goal is really to provide another way for founders to learn, and we’ve had some great guests who’ve come on. Doug Merritt was the most recent person. He was the former CEO of Splunk. He’s today the CEO of Aviatrix.
And we’ve had Dmitri Alperovitch, the technical co-founder of CrowdStrike, talk about his journey. Jon Gelsey who’s the first CEO at Auth0, talk about his journey. Ron Gula who’s the founder of Tenable, and Marty Roesch who is the founder of Sourcefire. So, some fantastic guests.
[David Spark] I love that. For the non-cybersecurity, there’s a show called How I Built This, and it sounds like it’s kind of the same thing. I love that model to hear. Because what’s amazing is nobody expects it to grow at the level it does when they start. So, it’s always that fascinating that what was that germ, how that started, and how it exploded.
And then there isn’t a single company that went on a straight line. There’s always bends and curves, always. And that’s always a fascinating part of the story. So, very exciting that you guys are doing this. We will have a link to their podcast as well on the post for this episode. So, thank you very much, Sid.
Thank you very much, Ross. And thank you, audience. We greatly appreciate your contributions and for listening to Defense in Depth.
[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site CISOseries.com where you’ll also see plenty of ways to participate, including recording a question or a comment for the show.
If you’re interested in sponsoring the podcast, contact David Spark directly at [email protected]. Thank you for listening to Defense in Depth.