Ankur: So, in the last two years, you've managed to hire about 200 people, have six products with over 30 cloud connector, which is kinda mind boggling under any circumstances, especially, given what we've seen in the last year, how the hell did you hire so many people so fast in the middle of a pandemic?
Rehan: A little bit on that we had 10 products and over 100 connectors.
Ankur: Oh, Holy cow. I may have written this question two weeks ago, Rehan!
Rehan: Probably part of the blog had, which was that we launched having written six products.
Ankur: Hello everyone. Welcome to another episode of ZeroToExit. This is Ankur. In today's show, we are excited to have with us Rehan Jalil, CEO of Securiti.ai. Rehan is a serial entrepreneur who has had two very successful exits with WiChorus and Elastica on his 3rd Sojourn at Security.ai. Rehan wants to solve the data privacy and security challenges in the cloud and AI era.
In today's show, we want to ask Rehan about his product and company building philosophies. Talk about the state of data, privacy and security, and get into the psyche of a serial entrepreneur. Hi Rehan, welcome to the show!
Rehan: I'm good. Thank you so much for hosting. Excited to be here.
Ankur: Yeah. Thanks for taking the time. I know the life of a CEO in a young company is always busy. But I certainly appreciate that, to kick things off, I was really curious about, you know, you've been sort of the people in product building mode, right? Like you're still in the relatively early stages of a startup journey, in the midst of a pandemic, what's been the biggest surprise for you in the last one year?
BIGGEST SURPRISE FOR THE CEO IN PANDEMIC, Securiti.ai
Rehan: I'm great. Ankur, more than the surprise is a bit of an internalization that if you did not have these high-speed global networks, and if it did not have this rich set of apps and services that sit on top of it, like collaboration, e-commerce and healthcare-
Rehan: -and the cyber security that protects all of these things, the suffering would have been a lot more. The key thing is to enable collaboration that you have the most advanced am I on the biggest vaccines they came in at a record times. and if any, thanks to all the technologies that are working hard out there to have a neighbor, this is infrastructure that, you know, we're able to pass through it or in terms of surprise, I'm thinking that the sentiment swing that happened from almost like a nuclear winter almost been declared in the early days to almost like rubbing against the living for Dodge point in that in a matter of few quarters.
Ankur: (Laughs)So many exciting, surprising things, obviously, vaccines in record time, nobody had predicted doge coin and AMC and GameStop stock to go so high and the state of SAS and security, right? Like all the trends that I think people who are in technology and take for granted, like they all got accelerated, right? Like everything happened, basically, a decade happened in two years. but yeah, I couldn't agree more about the infrastructure that was able to support this. going right into your company journey, right? Like, before you started Elastica you were in the cellular and networking business, especially with WiChorus and Tellabs, which WiChorus also got acquired by Tellabs, but then you made a switch at some point, to cybersecurity. Why did you get into cybersecurity?
REHAN’S ARRIVAL TO CULMINATION IN CYBERSECURITY
Rehan: Yeah. Actually, it's quite an interesting story. I probably would take you all the way back. When I was a young teenager, cyber security probably wasn't called cyber security. I just joined engineering school the first year of engineering, my dad bought me, you know, I've been competitive with PCs. They used to be calling at that time. It was for a teenager to have first year engineering. We noticed a weird thing. You should floppy disks. then in the boot sector of the floppiness, they would have weird texted characters. And some machines. you would put the floppy disk, the skip, any machine after the floppy disk, it would have the same characters.
What would we really learn and what we were dealing with? One of the very first viruses ever for DOS machines, it was called Sebring. so my friend, TZ and myself, and of course led by him. We built the very first antivirus, McAfee didn't exist at that time. And based on our marketing brilliance recorded anti-brain(4:27). and we're driving a truck straight to sell it, sell that software if you remember, in those days, at least in that part of the world, where I come from, there was a new on-record on software licensing, so it was stolen pretty quickly. So that was definitely the first thing, but I could've never imagined that it would kind of become the profession over time.
LEARNINGS FROM A THEFT
And similarly, I think it was part, a bit of a need driven. At that time you could remember the environment, at least where I come from the place where there used to be a lot of Theft. My dad had got me a motorbike, perhaps my mom's prayers, it had got stolen and we ended up building some security systems.
So, the next thing that you have a car or something, you know, the gadget, then if something was stolen, it would kind of shut things down and lock things up. Right. You couldn't really productize it. It was my second year for engineering because the cost(5:15) was too high. and seeing those who are in Homeland tutored detection systems in the journey, kind of, perhaps I can now connect the dots, looking back that perhaps there was always an inclination, but I could have never imagined this would be the profession, This is the life goals because I already passionate about building processors and chips. And these things look very easy and the processes and Silicon, and, they look like rocket science and really passionate about doing that. And that I ended up in my first job, but I didn't know and I eventually ended up in cyber security.
Ankur: Yeah, I loved that part of the story. Were you always, as a kid and even growing up like a hacker programmer type guy, or more like asking people to build the stuff that you like, all like Steve jobs, what was your brand back in the days?
Rehan: I think it was a kind of a mix. It was about concepts as well as I loved coding. But at that time off air(6:08) coding didn't seem to me as rocket science. Frankly, it was perhaps a wrong interpretation. I was much more into electronics and building gadgets and understanding how the magic of Silicon works. And that looked like rocket science to me and all the crack that code. And frankly, initially went on that path, working with some Microsystems on building, where you did Multi-core processors be part of as an engineer in that. But I think it's a mix of a journey. I mean, very hands-on in the early days and then of course, subsequently you have to come to your amazing team members, to pick that responsibility.
Ankur: Yeah, no doubt about it. So, going from the college to your first job, fast forwarding all the way, timescale going, getting back to Elastica. I've been fortunate to obviously see your Elastica’s trajectory. One of the things that stood out for me and a lot of the people who were sort of looking at the company and the product was that you've always been sort of a very product focused CEO, more specifically somebody who had an eye for design.
So, you know, just the user interfaces, even with your current product and back in the days were just really beautiful products. Now, the reality is that obviously with Apple devices, like everybody wants to talk about the design first principles, but the reality is that, and I won't name names, there are tens of hundreds of billions of dollars of market cap companies who actually have a really crappy design.
But design was a thing that your product always stood out. So, tell us a little bit about why is that such an important part of B2B and security professionals? And why is that such a thing that you made sort of your own, in your journey?
ROLE OF DESIGN AND ITS LYNCHPINS
Rehan: Yeah, I think in my own thought process and then perhaps just an inclination, but more importantly, the design and user experience is not about predication(8:02), but it's about empathy with the user of the product is the relationship between the human user. And the product running on a machine, right? So what does it really mean?
What it means is that certain products. Not all, certain products, need to have a really complex information exchange that will happen, has to happen between the product and the human. And that information exchange has to be fluid. It has to be frictionless. There has to be very high bandwidth between these two people where things that are frankly, you know, make sense of each other.
“VISUALS STANDS FASTER THAN TEXT”
And if you have a few facts to keep in mind, 50% of the brain cortex is dedicated to processing visual information. So if you actually have something, this visual, you probably do the information exchange much faster, and the brain can actually process images tens of thousands of times faster than text. And some people say about 60,000 times, I don't know who knows, but it stands a thousand times faster.
So, if you're going to achieve-- cyber security is complex. So, if you can take all the goodness of the product and establish that relationship, information exchange that is happening, I mean the human and the machine, using the impact of the design and the user experience, at least we believe that you add value to what you're trying to give to the customer.
And I can not be true for all products, but at least the price that we picked up on how it makes a difference in VC investing a lot of time on it.
Ankur: Yeah, well said, I think it was a tweet or something one of these days, it said Apple is an example of why design matters and Amazon is an example of why design does not matter. So you've got sort of these two opposite ends of the spectrum where two companies, and this is not to say Amazon doesn't design good product interfaces, but like, just very different philosophies in terms of running the product.
WHERE TO INCLINE?
“Apple is an example of why design matters and Amazon is an example of why design does not matter.”
Rehan: I want to disagree with whoever said that, think of this way, whoever came up with Alexa, they really thought through what relationship the machine should have with the human and they took out every friction possible that you do not have to look at it. You don't have to point your fingers at something you want to communicate the way you want to communicate you do.
I mean, the human that's user interface design, right. It doesn't have to be visual. So I think it's kind of, not giving them the credit that enabled them to actually open the minds of hundreds of millions of billions of people, perhaps, and then all the people followed what Alexa was able to do, frankly, for each other there's an in mind(10:42).
So, I think they did a brilliant job in creating that user interface, which doesn't have to be just visual.
Ankur: Yeah, absolutely. Yeah. That is true. It's not just a visual design, but it just interacts. And, like you said, how humans interact with the machines and, it has a lot of importance. How have you been able to attract like some of the top designers in the industry? Like, is there a trick to it or is it just sort of having, found the right people, they've kind of stuck with you over the course of your company, building and product building journey.
I asked this question, sorry, Rehan because, like, finding amazing designers, especially in Silicon Valley and just generally, it's just a tough, tough thing. But you've managed to sort of always crack the code on that. So I wanted to get a little bit of insight into that.
BIRDS OF A FEATHER FLOCK TOGETHER
Rehan: Yeah. First of all, certainly the credit goes to the security team(Elastica). I think a bit of that as the birds of a feather work together in some ways. So if you have one initial few key members who will achieve value design and then other team members who are not in your team, but the value design, they will probably go and try to join the mission along with you.
And then again, it's important that it is not just a certification(11:52). It is going to be the essence of trying to establish a relationship with the user. And I think when you are building the team., you really want to assess that they actually stand for just the colors. Or they stand for actually, you know, the information exchange that has to happen on both sides and making it easy. And that's really the trick.
Ankur: No doubt about it. I think finding people with an eye for design and then sort of, like you said, birds of a feather, I think they'll, go and get attracted to companies who actually value the importance of design, kind of switching the gear a little bit from sort of designed to sort of your own kind of company building and category building journey.If you look at your career in the last decade, you've helped define several categories, right? So with Elastica, you were sort of the pioneer in the what's called CASBY (Cloud Access Security Broker Category). Now you're on the path to creating a new category in data.
And, one of the things, the oldest playbook in starting a building is like, well, tread the red ocean, not the blue ocean, because red ocean, existing markets, existing category, you can just have a little bit of a better mouse trap and people will buy. treading the blue ocean is hard because it requires a lot of investments and marketing and getting your word out there, but you've not been afraid to tread those blue oceans and create new categories.
So a two part question. One is obviously like why this fascination of category creating, products and two, why do you think a category needs to exist? A completely new class of products needs to exist in the data space, which is what you're passionate about.
Rehan: Ankur this is really the core question.
“WHEN YOU ARE ABOUT TO START YOUR JOURNEY ON, DO SOMETHING NEW, AND I THINK IT'S MORE ABOUT IT'S A FUNCTION OF”. What do you really get inspired by? Others, are you trying to solve something that has either not been solved because the problem is going to be new or not being realized as yet. Or you try to find a brand new view of trying to solve an existing problem either actually gives you opportunity to find and build the category right now, if the market is big and then you have a shot at it that it's going to become important enough, a word file enough to get people's attention, to achieve, so first of all define the category and that's not sufficient. You really want to be the category leader where you define a category and, you know, go sideways. You actually have to do both.But these things have to be lining up. Now for the case of Elastica, we started back in 2012, we did some initial prototyping, we took it to customers.
I can tell you. Almost all meetings. We got smoked out by some of the big time CISOs, because why, because it was not common sense. SAS wasn't there. And we were kind of preaching that you need security for SAS. And they were telling us like, “Hey guys, we don't have SAS”. We probably have one or two apps and we're probably never going to go SAS.
And even if you do go SAS, why would we achieve having a third party connectors assets and start controlling and monitoring it? Like it's not going to happen. The level of dull I can tell you, early days, last week in 2012 was so high in everyone's mind, including mine. but you actually had to have some level of conviction that, you know, pack(15:07) is going to go there.
And that's your NorthStar. And I think, again, luck has to line up. You could have been too early. The luck lined up that in the next 18 to 24 months, the SAS was an option that I took off the Office-365 game and that wasn't sufficient and we had to perform. And performance really means that you basically have the category defining products where Forrester(15:43) put us as number one leader magic guardian port is the MQ leader. And the story kind of goes along the line, but I think that really is needed. And that's something, what you aspire to do.
Second example would be Symantec. I mean, Symantec when, even after acquisition, but clear thought, and the thesis acquisition(15:44), Symantec was that we can define something as an executor. You sassy name didn't exist. And we had the swig, we had the chasm, you had the firearm, we had the reverse proxy and we essentially didn't do acquisitions like Fireglass and luminary(15:55) to define something on the edge. And of course later it became SAS. That was an attempt towards, of course, again a category definition.
And securities is I think we frankly, here aspire to define multiple categories. One on the privacy side, privacy ops. Already, if you Google it, you'll see people actually have titles of privacy ops and the needs now. and I think we are helping to define it and Forrester's putting us as a year an IDC is, but I think it's the story's going to continue because data, and we'll talk more about data, is the center of innovation and the center of obligations.
And I think there's more opportunities which I'm happy to share with you also.
Ankur: Yeah. Yeah. I know we want to talk about data, obviously. That's a big part of the conversation today, but before we get there, one of the things that you mentioned, and I wanted to double click on that, in 2012, you started Elastica you're starting to see the need for SAS security before even CISOs. Your customers could realize that a lot of product and company building and entrepreneurship quite frankly, is looking around the corners for the next big wave and what, over the course of your experience have you learned, like, what are the skills you need to always look for where the puck is going to be? What skills are required? Is it a deliberate practice? Is it talking to like-minded people? How do you get there in terms of making a bet on what's going to be the next big thing?
Rehan: That's really the hardest part. First of all, you have to be very honest and clear minded in yourself. I mean, in the sense that you, can be, can just have some emotional attachment to certain concepts that you kind of, it shouldn't be some technology looking for a problem.
When you literally try to see the trend trend lines and where this thing is going to go, and whether those trends actually have, underlying, big tectonic shift, that it can create. and of course we predict a bet on it because you could be very early, and you may run out of cash by the time that shift actually happens, or frankly you could completely get all completely off base.
Right. And I do have to say that's the hardest part of achieving company building or category building, kind of, a process itself, and there's no easy answer to it. Only easy answer is that your customers, I would say, are almost never going to be able to tell you. They don't want to tell you the exact meat that goes to the burning fires, what that quarter, the next couple of quarters. They're not thinking through that. Whereas you actually have to pick all the signals, inform the picture in your mind that yes, this is a tectonic shift happening potentially. Just like in WiChorus when we're doing 4G and application controls on packet core networks and then the Elastica, and then not only that but also privacy alts and other things. But you're taking a bet because you could completely be wrong and your luck has to be on your side. There's no right answer to it.
Ankur: Yeah, there is none. One of my startup CEOs used to say you're on a startup journey. You're either too early or too late and timing, it is like a fool's errand, like Apple was not the first, touch device, right? Like there were a lot of experiments made, same thing with iPad, but it's sometimes you gotta experiment. Some of them will stick and some of them won't, And that's a hard part of the journey. So switching gear to obviously, data as being the big, next big challenge. So, let's talk about the state of the union of data and why you see that as a big opportunity. I mean, you obviously have an explosion of unstructured data sets and more and more SAS applications.
AWSs three, all kinds of applications, but also you've got a lot of structured data such as Snowflake, the BigQ , DataBricks. I'm going to just every other day, there's like a new data store out there. AI and ML is just making the need for data and analysis of the data even more and more important.
So, I think data is a big thing, a huge market opportunity. What do you see specifically in the security space that hasn't been solved yet? And people are not thinking about it, what is that gets you super excited to obviously, you know, build Securiti.ai and, and have your passion about?
GET A NOTE ON UNSOLVED QUERIES IN SECURITY SPACE
Rehan: Yeah, just like you mentioned,
“DATA BRINGS TWO BIG O’S. ONE IS THE BIG OPPORTUNITIES THAT ARE THERE. THE OTHER IS A BIG OBLIGATION” and those obligations are in broad buckets of keeping it secure, have responsibility to use with respect to privacy, because individuals have rights on the data and of course, really are different kinds of compliances that you have to make sure that you're meeting those.
“BIG OPPORTUNITY AND BIG OBLIGATION”
Right. As you rightly pointed out, there's an explosion of data and it has gotten even more distributed. And because there's an inflection point here going to multi-cloud and systems that are inherently multi-cloud, which means people are already looking at how the control that existed in the on-premise world.
Do other portables. or this is the right disruption point to rethink through and have this all three big O’s to be sorted in about holistic way, rather than looking at it in silos. and scale is very different because you know, now you're talking about hundreds of terabytes of data coming every day, perhaps even more for many companies and the downside is actually very--it is significant because of the new privacy laws and other things that are coming along, so that I call it as the, again, it's a point in time opportunity for a certain number of years, then transitioned what is going on. You can redefine the architecture, how you can do it holistically, not look at the lens of traditional DLP only, not look through the lens of traditional on-premise appliances only, but also look at the lens of, what we call sensitive data intelligence. Established intelligence across all these touch points, establish an architecture where you can actually handle these volumes of data at scale, establish a common grammar across all these different disparate systems and give something to the, to the world where they can handle all these three big Os of securing it, keeping it private and being compliant.
And we clearly can see in the landscape right now, it is not being done. Either. People are taking the old approaches of, whatever DLP systems existed, you know, taking them 14 as applies, on the multicloud side of things or, frankly doing it in silos. Even the cloud native systems have their own things.
Everyone has their own thing. So I think we clearly see that this is actually going to be a need of unifying it all together over time. And I think if somebody does it right, there's an opportunity to be able to be aware. Now, one last thing I would say, It is not simply about intelligence, it is the automation of controls that you need to have for security which includes all kinds of identity. You have to fuse identity with the data and the access and dynamic controls that have to be there. It has all the automations that are needed for privacy ops. So you have a responsible use of data that has to happen, and then mapping to all kinds of compliances that have to be more automated.
And if you look around, it hasn't been done. People are just focused on either SP(23:12) or focusing on some, you know, different, silos I think really is an opportunity to do it more holistically.
Ankur: Got it. I do want to talk about the privacy part of it, but let's just focus on security. What would you say to somebody who'd say, “Well, I'm the CDO( Chief Data Officer). I've got a data DLP tool. If I'm a FinTech or somebody in a highly regulated industry vertical, I'm doing a DRM type solution, why do I need yet another tool in my tool bag? What would you tell them?
EYE ON DATA PRIVACY AND ENCRYPTION
Rehan: Yeah. And so I think you've, you're saying what encryption, DRM or encryption, first of all, the encryption implies that it's gibberish, right. And gibberish implies it has no intelligence and which implies it is useless, which implies that frankly, what's the use of the data, which really means that if you really want to make use of data, you want to be opening it up.
You're going to be sharing with some machine. You're going to be sharing with some users. You're going to be shooting with some software to process it. You're going to share with AI look at it. That's where the problem starts because it's all jumbled up. You don't know what is sensitive, which is not, you don't know who's touching it, which machine is touching it.
And I think that's where-- and that's the reality. Some magic homomorphic encryption pops up and we can say, look, I can figure it out within the gibberish. I can figure this thing out. and that's why I think that's the reality that we need intelligence at scale and we need controls at the granular level and privacy. What it brings is actually very unique. DLP never dealt with it. And what is the uniqueness?
TAKEAWAY: “Privacy requires the individual’s data and the individual’s right is about an individual's data.”
You need to figure out whose data it is, which DLP has never detected before. So I think it is clearly disruptions, which are happening in the market and I think new innovations will define new and better visions.
Ankur: Yeah, well said. And one more thing on data security is, “Are the solutions to solving structured and unstructured data, which is, again for everybody's databases versus like documents. Do you think the problems and the solutions are similar or they're vastly different domain problems (domains as it pertains to security)?
COMMONALITIES IN SOLVING STRUCTURED AND UNSTRUCTURED DATA
Rehan: Certainly, commonalities because the definition of data has to be common. You really can actually have multiple different grammars to define that data. And you get an opportunity here Ankur actually to learn the data from the structured systems and bigger to unstructured and vice versa, especially when it comes to privacy, because it's seeing humans, data sitting, both sides of that equation. Now, in terms of the controls, unquestionably, it's not just structured and unstructured, but let's be system by system. Even with an unstructured system, you may have different kinds of controls that need to be applied, as you know, with all the machine learning and all that, they could be clogs, they could be unstructured data sitting in structured systems, right.
audio files sitting in structure systems. so which means that boundary is going away or Amazon S3, there could be a lot of structured data cities. cause you're taking snapshots of your databases and so forth, right? So I think you have to look at it more holistically, and solve it in a way that you can apply common grammar, common detection, common policies, and disparate controls, whatever is suitable for that system. And that is not being done today. And I think that's really the opportunity here.
Ankur: Pretty vast opportunity. A complex problem. Right? I mean, average applications and, the ones that I've built historically in SAS, just this teeny tiny application relative to the big ones, you know, dealt with like 10 different data stores, just within a single application, within a business unit, within a big company. You multiply that across all organizations right now, pick your favorite data store. I mean you've got a data store sprawl. So I think one on one spectrum, we need to solve the problem of like, how do we reign all the data stores in through a single pane of glass, like you said, but then second solve it holistically.
Like not structured and unstructured data. It's gotta be all, but it's a complex problem. And, I'm glad at least you were starting to think about it and are building a solution in that area.
THE BIG O - OBLIGATION HAS:
Rehan: And the things that you laid on top of it, you look through the lens of security, privacy compliance. It cannot be either one of them because the obligations are all three. It's not this one.
Ankur: Yeah, 100%. So, that definitely adds another dimension to it, which was kind of the segue I wanted to get into, which is beyond security. Let's talk about privacy. So obviously, you know, over the last two, three years, no, thanks to all these breaches. I mean, the average consumer has a lot of awareness about privacy enterprises.
Certainly Zach in his prediction for the next decade, talked about privacy being the top 10 trends that he wants to focus on. Fred Wilson talked about privacy being the top 10 technology trends in the coming decade. So this is becoming a big thing. Yet Rehan, the problem is that the average privacy persons that I have had to interact with, or when I look around, we're still filling up forms and paperwork. So my question to you is- What does Nirvana look like? Right? Like, is it sort of like, we're just gonna play, pay lip service to GDPR and CCPA and say, yeah, like we have, we have filled out these forms and can tell you we've got a separate stack or is there a bigger change that needs to happen?
And what does the solution even look like? Right? Like what, like what would we need to prove, or enterprises need to prove that they can, they can tell confidently, not to just check a compliance box, but to really meet the local regulation requirement that they are, they have the privacy down because the reality, today's reality is pretty sobering.Like we're making this prediction, but not a lot of tech innovation has happened in that area.
Rehan: Yeah, I think this is exactly how the chief executive describes the problem statement. and I think it is, it is a symptom of a few things. The first is, even the regulation came in the state of the technology that existed and because people still needed to get a check Mark and whatever was offered in the market at that time that got adopted, which was like, a quicker way to get a check Mark that's all.
And I've seen that. I mean, part of the reason they kind of picked this problem, because we saw it for the first time that it just took two weeks of surveys and maybe a couple of weeks of surveys to declare that you are GDPR(29:51) compliant, which means almost nothing got done. And I think the reality is that privacy is actually about data privacy, right?
And you know, this is exactly what the laws are about, which means you have to understand an individual's data, title, the rights with their consent, revocation of consent, awareness, transparency which means the stack has to literally be tied to the data of a single individual inside of the organization.
It's not that organizations would not do it. It's a matter of what technology can be given to them if it's given to them. it's just a matter of time that this is going to be adopted because this is not going away. If you really look at the trajectory of this, this is not going away, which means more and more awareness is going to be there.
And if the awareness is created that “Guys, this is the right way to do it.” Don't do it in a way where you have a checkmark, but actually you have no compliance, you know, by check Mark is there, but you actually have actually not compliance. And you're disrespecting in some ways that holding and many companies were actually building over like Microsoft, Google, I would say you go and commend them even go and exercise your rights and they’ll give the data. They've tied it back to the data. and there are these, some of the leading companies like in particular Microsoft's Satya openly talked about it, from Apple’s Ben has talked about it and then tied it back to data. I think more and more companies, we clearly see, and we have customers at this point would take this as brand building exercise.
The thing is privacy is good for business, good for trust. And I think that that's what we frankly enable where the PrivacyOps and PrivacyOps is all about tying it to data and automating the things with headaches for the companies. That lesson is not about just getting a paper check Mark.
Ankur: Yeah, well said. So, now you've got the category or what you want to build down, which is in your case “data” and, the next phase of the journey is obviously, you know, getting the people to build the product you want. Right? So, in the last two years, you've managed to hire about 200 people, have six products with over 30 cloud connector, which is kinda mind boggling under any circumstances, especially, given what we've seen in the last year, how the hell did you hire so many people so fast in the middle of a pandemic?
EXPEDITING THE HIRING PROCESS AMIDST THE PANDEMIC
Rehan: A little bit on that we had : 10 products and 100 connectors.
Ankur: Oh, Holy cow(LAUGHS). I may have written this question two weeks ago.
Rehan: Probably part of the blog had, which was that we launched it at a city of six products and since then we have launched four more. frankly, the answer simply lies in people. It lies in the culture, and it lies in the market opportunity. And secondly, it lies in your approach on building products. Right? First thing I would say, the security team is really a special game. We have worked on four different companies together.
Many, many people there is no magic. I would say if the team has so much learnings from all the previous scars that we have from pre-previous companies that there's a fourth one, if it would not have been possible without this specialist team, frankly, that has come together. And frankly, just like you're asking the right questions.
Like the things that normally have been getting done the right way, they clearly see the problem exists. It's a matter of building it and creating awareness and creating another category I sent you already. Right? If you were trying to rank one at a time at the end, it would not certainly have been, certainly impossible.
Now, we stand right now. If you want to grow even faster, we started in Canada(34:37). You would probably see that in the coming days, another approach, which frankly was only possible because our investors gave us a big credit for our previous projects. We literally innovated for Slack for the platform(34:40).
We've literally put that picture and say, you know, this is a platform we're printing. I think we have three use cases here. Why? I don't know which one is the first one.But most likely is this one, but that's what they're going for. And I think many investors would have walked us out the door, but these, these guys, may feed live in literary junk couches, that didn't, they give the credit to the team and this will be go ahead and do it.
And it's like, here's $30 million and because of the platform we invested in, which we took about a year to actually invest in, we are rapidly writing apps on top of it. Because if you really think about the core of a cyber security on a mean platform, personal things are common. That's the reality. Well, people would be rebuilding the same thing or wouldn't know it again. I mean, if you look at how you build connectors and hardware, data analysis, hybrid reporting, how do you control? It's harder. It's the same thing or when the other thing that I should be saying, and if you can dig the commonality kind of out of the way, and then keep expanding on the platform.
You could write parts. I mean, I can tell you many other companies have reached here or TX more times, perhaps buying five, six companies. but I think it's a lot of artwork that peanuts with red goes to them entirely goes to the team(34:56).
Ankur: Yeah, for sure. you know, you mentioned that, the investors obviously made a big bet on you, especially because you have a phenomenal track record. But one of the interesting things about this one relative to the other ones is that you raised like $81 million and in startup land, like, at least a couple of years ago, they used to say, you know, scarcity breeds innovation, but you've raised a lot of money. Why is that?
Rehan: Yeah. I think firstly, the platform vision that we had, we had to raise a longer session and we thought $31 million that we kind of got to was actually quite a big round. Frankly in hindsight right now, at least not because of the situation that you've seen right now, it looks like a tiny seat. I know people that are losing hundreds of millions of dollars, as a CDS-A and CDS-B, I didn't take any credit for raising that money(35:44). It, frankly, came in just after announcing CDS, we had inbound interest and we took it in hindsight. It was the right thing to do because of COVID hit and the early days of COVID. Frankly, there was a lot of uncertainty, regardless of who you were in the first couple of months. And we were like, okay, thank God. We took this money two months back right.
Now the story's very different. Now people are raising different ways out, hundreds of millions of dollars and Unicorns are not a reality. We get approached almost every week to take more money. Frankly the money the CDS-B kind of helped out with, and I think it was the right thing to do for the mission of the kinds of knocks on that paper.
Ankur: Yeah. It makes a lot of sense. I mean, I think the landscape is very different right now. I think raising more to build out that once in a decade type company, I think the liquidity is there in the market and the investors are willing to bet on you, which is pretty incredible, Right? Like I think security needs one holistic solution, not yet another point solution.
So, kudos to the investors and, and yourself obviously to, to have that bigger vision. So, now let's say, you've got the category down, you've got the people, you've got the product down, the next series of questions I have is related to sort of going to the market. Right. And kind of scaling it, right? Like when people kind of break it down into initial traction and product market fit and scaling and then exit, et cetera, et cetera. The question I have for you is obviously breakers break down different stages of the journey, like acquisition of first 20 customers, then 100, then 500 and 1,000.
But more importantly, are you seeing any fundamental tectonic shift in the market in terms of the go-to market? Right? Like, is it still tops down, sellers selling into CSOs using a lot of bottoms up, go to market motion, take us through the different phases of the product market fit or market traction, if you will, security or otherwise, right. Based on your experience and based on what you're seeing nowadays
Rehan: I think if you're starting from scratch, the very first thing is what are you doing? What are you building? And why are you doing it? And why you? and these have to be answered more honestly, otherwise, frankly, you may have been, you may start a company, you may do a company, but may not be worthwhile.
So, and there's a lot of uncertainty that comes along with that phase of starting, because there are no Google maps that you put in some address to go to, you're almost clueless. You're literally looking at the stars and you're trying to figure out how these things would line up.
Right. So I would say that is the hardest part and that part actually doesn't go away for quite as quite some time, because you're constantly trying to collect the data points and making sure that your conviction is not just your emotion, So I think that's really the first, first phase of it.
And many customers,if you are basically doing a slightly better thing, and that,some people are passionate about it. That's okay. Then maybe customers may be retent to you. Then talk to customer redundancy reports and you can try to figure it out a slightly better thing. But if you're trying to do something different and to come back, then that's the hardest part of the journey. And, after that, of course you want to make sure that why you really means that you actually even have your team yourself, how the ability to not only built something, but build something that is category defining and that's the other thing, team really is the king, your team who's basically equally empowered and is able to execute, and enabling basically, then to actually, execute on it, especially on the product side.
And then when you take to customers, early days, at least my learnings are, frankly Elastica and others. This is not always, you're going to get a hundred percent, because it's not that you have universal acceptance, you don't need to have in there some acceptance but your really diehard fans should be really your biggest advocates. Like you can clearly see these are ‘looking forward’, kind of customers. And they have the same conviction. There may be a smaller number, but you basically work along with them along the way on all the journey. And if he was taking a bet on it, I think execution becomes a lot easier, after that because if you have defined your path, you can, frankly, just like, don't know the path in a highway, then you achieve all this looking and we're anxious, but when you're on a highway you're going straight and that it's about like okay now you're executing.
And then because of lack of uncertainty, there have been established principles and established mechanisms to make execution and the escape happen. That's at least the way I have experienced, that's the way I've looked at now, of course, no question along the journey, the transition points from which you have to scale, and you can talk more about that, but the goals you have to recognize those and shift gears in those points in the journey.
Ankur: Yeah, it makes a lot of sense. I guess, find the first 20, 30 passionate customers and then sort of make them super happy and then find a cohort of customers that looks very similar to the first 30 and so on and so forth. Are you seeing any big go-to-market paradigm shift?
Like, people are nowadays getting too enamored by sort of this bottoms up, go to market motion, self-service trials and trial to conversion. Do you think security and SAS security kind of is ready for this? Or is it still going to be by and large sales, sleds? Top-down motion and then sort of augment that with bottoms up. What's your perspective on that?
BASIC PREDICTION ON GO-TO-MARKET PARADIGM SHIFT
Rehan: Yeah. I think first of all, bottoms up is awesome. If you can, if there's a match, not every product actually has a match with bottoms up. Right. And you can give a few trials to attract those who care because there's so many free trials out there. Right? So now, if your audience is a practitioner who has the ability, any practitioner, one could be software developer could be DevOps, could be any practitioner who has the ability. I could be literally a Slack user who is able to take your product and meet its use in a very short time and drive value out of it.
Right. if that's your persona, that you're targeting, if they do not have the ability to get there by themselves, the bottom up doesn't work at all, right. I mean, it doesn't mean the business doesn't exist. Business can still be pretty awesome, but you have to make the recognition and call right upfront because not all products can be bottoms up and frankly, the things that can be bottoms up, if you don't do it, you're actually doing a big disservice to your business, right.
Because somebody else would do it and they would actually go and beat the crap out of you, in the market rate. So I think that’s really an upfront assessment. And then of course, why are you designing? That's where the design and user experience can actually play a huge role. If you do think that this is bottoms up and self-serve, and adoption can happen, then you really have to make sure that there is a mindless, and I really mean the mindless way to actually enable it and get some outcomes that can show you value. And from there you can see, okay, at least now I can go from there. I think that's really the answer. So, there's no one answer. You actually have to introspect and then pick the right path.
Ankur: Yeah, no question about it. So let's say, you found the market fit and initial traction and off to the races. and now, sort of is the hard question, right? Which is when to exit, which is obviously, coincidentally the theme of the podcast and one of the hardest questions, you know, you've had two successful exits, Elastica exit is a public knowledge, but let's just say hundreds of millions of dollars, we had Stuart McClure, just a few weeks ago, Cylance CEO, and, he sold his company very successfully over a billion dollars and point security, but then obviously George Kurtz is running CrowdStrike and is now over $50-60 billion depending on the week. So it's a hard question, right?
Like, I mean obviously when the startup and the company are struggling it's easier, but when you're doing well, how do you know when to exit?
“WHEN TO HAVE A GOOD EXIT?
Rehan: In fact, I would say instead of, let's say the way whichever way you define the exit, if somebody is there who has to look at it, as somebody is trying to sell the company, I think they're already in trouble. It means they have laid off the mission and maybe something has gone off. Either the aspiration has gone away or whatever like that.
Right. In both cases, I can openly share with you the case of Elastica and WiChorus. And this is because we never actually hired a banker. We never actually went out and tried to sell the company. In fact, in the case of Elastica-
Rehan: -the two offers, which came in earlier eminent things that aligned very well and we passed on it right. And passed on the way we knew is a great, great brand, but it's something that either you're not going to be aligned or not gonna take the mission forward. So I think the key thing, if you really want to, at the end, what you're trying to create is a value, first of all, for the market and the customers.
And by that, if that you can do that. And then of course you though, your shareholders, your employees, your team members and all that yourself but, the key thing if I were to say is to first focus on heads down, focus on building categories, defining products, building an iconic brand. along the journey and if somebody knocks on your door, you can evaluate it at that time. And, you know, it may accelerate our mission, in a dramatic way. Or if that's the path you take, you can actually take it. Or you can say Look on our own path, we can actually be really accelerated in the market, time is usually going to be right.
I think that's really the release of the goal, the way they should kind of look at in the team’s case, even, when Elastica was merged with Bluecoat the entire team pulled altogether to actually put Bluecoat in position as a cloud company. And the outcome for Bluecat was one thing and even at Symantec, the entire security team, you know, made CloudSOC off with the fastest group business there which lined up for the mission, and you need to get in seven or eight different Symantec products and kind of what the journey goes on. I think that's what I would say was a good outcome . Today CloudSOC itself is a cloud platform for Rocco(46:14). I think that decision is there. If you think somebody is going to take your product and a little big, big into a whole,I think that is one big video that you really have to account for, unless you've done this, you've wrapped up the end of your road. Sometimes. Of course, that happens too.
DESIRE TO BE MORE USEFUL
Ankur: Yeah, of course, it does good stuff. So that brings me to my thing, I'd say my last question, maybe second last. So we'll see,which is, you know, you've had multiple successful exits, you're on your obviously most recent sojourn at Securiti.ai. Basically you can retire now, but, somehow you like the pain more, you like to take more risks. Why is that?
Rehan: I think maybe, you want to be useful. Maybe it's the desire to be more useful, seriously.
Ankur: (Chuckles) That's what my wife tells me. Can you be more useful in the house or so?
Rehan: But I think, it's a bit of a reminder in some ways. And, I think you still feel-
Rehan: -it at the core, it is what energizes you, if what energizes you every day is to do something more that you call it in your record, useful then you're going to do that. And in my case, I think frankly, it is creating some more value to like that.
Just like, I would say when I go hiking perhaps several times a week,I like the incline much-much better than the peak line. Maybe there's some metaphor relevant to you.
Ankur: Of course it is. Yeah. I guess speaking of energizing, I mean, this can be all too draining day in and day out. Like there is never a dull moment in a CEO GM's life. How do you recharge and re-energize yourself?
RE-ENERGIZE FROM DULL MOMENTS
Rehan: I think one thing is if you're really fired up to do something, perhaps, you know, you have a reason to wake up, but having said that because there's still a lot of work, literally, recording this whole weekend. Right. And, feel as a thing, at least I think, it needs to recharge. One is of course, physical recharging.
- PHYSICAL RECHARGING
It's straightforward, you just have to stay active, you have to eat wisely. But the second thing is your emotional charge-up, and whatever gives you that, for me,
- EMOTIONAL RECHARGING
I would say, from your relationships, your kids, your wife, your parents, your siblings, your friends, and then you.
“THE PHYSICAL RECHARGING PROBABLY GIVES YOU A BIT MORE CHALLENGE ALSO.”
- SPIRITUAL RECHARGING
you really need to have a sense of purpose, and sense of being so, maybe getting yourself involved with other things, which gives you more satisfaction, which is, may not be material, but connecting to maybe higher powers, whichever high powers you believe in and whichever way you, So, when you practice that, I think sometimes it can give you kind of a more grounding.
And then I think you also can keep you very humble, because you realize you are not even a dot on a planet, which is not even a dot itself in the entire universe. You don't take yourself too seriously. Yeah.
Ankur: Yeah, very well put, we can obviously do this all day long. I mean, there's so much to learn, myself and for our listeners, but I want to be mindful of your time. So that brings us to the final segment of our show i.e rapid fire, Rehan. So, I'll just ask you some simple questions and you answer.Yes or no answers, short answers. All right. Are you ready to go?
Rehan: (LAUGHS) All right, let's do it.
Ankur: So I'm going to start with a googly or in baseball as they call the curve ball. Right. So, there's an India v/s Pakistan cricket world cup match, and it's the finals. And our listeners, I mean, you know, obviously I'm from India, Rehan's from Pakistan, you know, diehard cricket fans. You've got to put half of your wealth on one team. Which team are you picking? Rehan.
Rehan: I think I would be rooting for Pakistan’s team and will put money whichever is my favorite.
Ankur: Okay. All right. Your half the wealth is gone, Rehan! You know that based on recent games (BOTH LAUGHS). Okay, got it. Good one. I mean, obviously I didn't expect anything less from you. So, second one, you're a venture investor and you got to invest in one of these three founders in their early twenties. Okay. Bill Gates, Zach, Elon, and Jeff, rather four founders, who are you putting your money on?
Rehan: Bill Gates because nonlinear drones are the great(50:34) impact he's creating, in hindsight, I would say Bill Gates.
Ankur: Yup. Love it totally. Which technology or technology trend will have the biggest impact over the next decade in how we work in play?
Rehan: Unquestionably, I think it’s deep learning. And of course it's sitting on top of amazing infrastructure that has been built together. It is sitting on the shoulders of that. No question about it, but it's deep learning.
Ankur: Look, we're in the 20th episode right now, 21st, I would say, 80% of our guests when I asked that it's consistently the same answer -AI,ML,DL(Deep Learning). Yeah, love it. If you weren’t building a company in security, what would you be doing?
Rehan: I still find Silicon and processors and GPUs(51:22) very fascinating.
Ankur: Love it. Oh yeah. What people, person or thing has had the biggest influence on you?
Rehan: I think my father and my maternal grandmother. She lost it is a vinegar(51;56). She lost her entire family, almost the entire family, and while she was expecting, she single-handedly took my mother, and stood for our principles, throughout her life and had a big influence in our openings, my upbringing. So I'm really thankful to her. I miss her every day.
Ankur: Yeah. Inspiring stuff. And the last question, how can people learn more about your recent work? Is it securiti.ai. Is it Twitter handle? Anything else you want to share with the listeners?
Rehan: I think secret beach(52:14) and it's not just my work. I definitely don't take credit for it. It is an entire team’s work. In fact, more of their work than mine. I'm actually at the service and publicly. So yeah, they will learn more about triggering team work? I think that's a good idea.
Ankur: Awesome Rehan. Well, that wraps up the episode of ZeroToExit. It's been a pleasure to have you on the pod. We appreciate you taking the time. Good luck for the rest of your way and with your latest venture Securiti.ai, as you go from zero to whatever the journey takes you to thank you, Rehan.
Rehan: Ankur! Thank you very much for giving me the opportunity. Great discussions. You had really great questions. Thanks so much.
Ankur: Love it.
I absolutely love this podcast and also I am a repeat listener as the conversations are very intellectually stimulating. In a short span of an hour, I feel I get to spend time with some of the best minds in the industry and hear their success stories, lessons learned on diverse business and security topics. Ashwinto Ankur
A Valuable Resource!
Ankur and Neelima do such a good job covering a variety of topics. The guests offer valuable insight as well. I would recommend this podcast to anyone looking to be inspired and informed!
Love this podcast
A lot to learn from these insightful stories! Great job guys. Highly recommended for product managers and anybody with an entrepreneurial mindset.
Amazing speakers & pearls of wisdom
WTG Neelima & Ankur! This is by far my favorite podcast. I’d imagine the 1000s of PMs in cyber security feel the same way. Thanks for the lineup of great speakers, many of whom are legends in the industry.
Very refreshing and engaging podcast !
This podcast is very very refreshing and relevant. One thing I will cherish is rishi bhargavas attitude, aptitude and skill in hiring :) ofcourse there are plenty more learnings from all of you, keep them going Neelima and Ankur !!!
Great format. Very concise and to the point topics for folks interested in opening startup. Love this podcast !!!
Great podcast! I really liked the format and I thought the choosing of the guests were very great. It was very engaging and it felt very friendly. Would definitely recommend to anyone in tech startup!
Great insights from start up leaders!
Interesting, Informative, Entertaining
Really like this podcast, great guests with compelling stories! Very cool to hear how some of the industry leaders in Info Sec grew up in the market. Most people just know who the guests are today, which is a testament to their success, but everyone went through the startup life to get there....the highs and lows and the wild ride! What I found really interesting is hearing everyone’s personal story to how they got to where they are and learning where their passion was born and the unyielding persistence it takes to get to the top
Really interesting guests and topics
In today’s show, we’re excited to have Yaniv Vardi, CEO of Claroty, an industrial cybersecurity startup focused on extended iOT. Prior to Claroty, Yaniv was the CEO of Panoramic Power, a pioneer in the energy management solution. The company was acquired by Centrica where he led their global expans...
Heather Gantt-Evans, Chief Information Security Officer at Sailpoint. For our listeners, Sailpoint is a leader in Identity and Access Management. Heather has previously held leadership roles at Home Depot, E&Y, Booz Allen, and the US Army. If you want to know how to build a stellar resume in th...
Hitesh is the CEO of Vectra, a leader in the threat detection and response for cloud and data center workloads. Vectra was founded in 2011 to leverage AI/ML to detect network threats and has since seen phenomenal growth in the business. In this episode, we’ll talk about security, the state of the p...
In today’s show we are excited to have Dan Adika, co-founder and CEO of WalkMe, a Digital Adoption Platform company. Dan started Walkme in 2011 when product-led adoption and growth wasn’t a thing. Dan grew the company from Zero to over $150M in ARR and just recently took the company public. If you ...
In today’s show we are excited to have Bob Tinker, former founder and CEO of MobileIron, one of the leaders in mobile security. Bob took the company from 0 to $150M in revenue and the IPO. Under Bob’s leadership, MobileIron became one of the fastest growing tech companies in the world from 2010-201...
Tim Sadler is the co-founder & CEO of Tessian, a human layer security startup. After a career in investment banking, Tim and his co-founders started Tessian creating a solution - "Email Security for "OH SH*T" Moments". If you want to learn about the future of security, you d...
Aaref Hilaly is a Partner at Bain Capital Ventures and a proven technology veteran with over 20 years of experience as a serial entrepreneur and early-stage investor. Prior to joining BCV, he co-founded two companies and spent seven years as a partner at Sequoia. If you want to know how to instantl...