2. Our journey today
This is the story of a successful
B2B Silicon Valley startup
launching a new product into
a new market.
!
I will talk about how we
validated the idea, designed
the solution, and how we
successfully grew and exited
the company.
3. I've seen the story many
times
As a founder, exec, or
advisor to a bunch of
startups
!
The same recipe doesn’t
works twice, but patterns
emerge
7. Enter our intrepid band of
tech dudes
Joseph Ansanelli, CEO!
• Multi-time founder/CEO, Apple, product
management and marketing
Kevin Rowney, CTO!
• Security Architect, Netcentives
Michael Wolfe, VP Engineering!
• Several startups, Entrepreneur in
Residence at Benchmark Capital
8. Kevin’s experience leads him
to an insight
Companies spend a great deal of
money keeping bad guys out of their
network
• Firewalls
• Intrusion detection
• Anti-malware
But insiders who has access to the
network can easily take data out of it
• Via email, chat, web posts
• Via thumb drives, DVDs, or
laptops
• Either accidentally or maliciously
9. A kernel of an idea
Build software that allows
companies to prevent the loss of
confidential data from the inside
10. It might seem obvious now
• Legal risk
• Reputational risk
• Regulatory
compliance
• And other Truly Bad
Things
!
But was it then?
11. Did we do this?
1. Raise venture capital
2. Hire some engineers
3. Build the product
4. Hire marketing and
sales people
5. The product flies off the
shelves
6. IPO!
12. It doesn’t work that way
The graveyards
are full of startups
with products that
customers
"should have
wanted"
13. It usually goes wrong
Too early - there will be a market, but not yet
Too late - competitors already addressing the
problem, or customer has workaround or internal
solution
Not a "top 3" priority for the customer
Building the wrong feature set
Product can’t be built or is delayed!
Pricing, messaging, and distribution never figured
out
14. The industry has gotten
smarter about this
Growing recognition that startups are completely different
than established businesses
15. A startup is an experiment
• Form hypothesis
• Find fastest/cheapest
way to validate
hypothesis
• Test and measure
• Adjust, «pivot» if
needed
16. I will walk through our:
Questions
What were the most important questions we had to
answer
!
Validation
How we got the answer to each of those questions
!
Learnings
What we learned and how we adjusted
18. Careful before you say "yes"
When is the last time you sent an encrypted email?
19. Pre-product validation
• Get meetings with potential customers
• Interview them on their problems and desired
solutions
• Show them mock-ups, examples, anything
tangible that will get them talking
• Ask for follow-up meetings, repeat
20. Getting the meetings
• Work your personal network
• LinkedIn, Twitter, comment
threads, blogs
• Put up a landing page, drive
traffic, gather names
• Cold call, email, twitter - be
persistent
!
Requires "hustle" and may be
painful or uncomfortable
21. Getting them to respond
• Be clear it is not a sales call
• Flatter them - you want their feedback and
advice
• Entice them with the opportunity to work with
a cutting edge company - more interesting
than their usual meetings
• Meet them anywhere, anytime
• Ask for a short amount of time - they’ll give
you more if they are interested
22. Running the meeting
• Listen, listen, listen
• Don't try to "sell" your solutions
• Ask open-ended questions
• Bring screenshots/slides/mockups - get their
reaction
• Close them on another meeting
23. Sample questions
• “Talk us through your top priorities and
projects”
• “Tell us about your existing infrastructure”
• “Have you experienced this problem”
• “How are you solving this problem today”
• “Force rank the following capabilities”
• I'll show you some prototypes - give me
your reaction”
?
24. What we heard
"This is something
we'd seriously
consider"
"We have been
building homegrown
solutions to address
this"
"We are talking about
this problem at the
board level"
"We’d try it if you built
it. Put us on your beta
list"
25. Takeaway:
!
It is never too early to talk to
customers.
!
If you can’t reach customers now, why
do you think you can reach them later?
!
Build the company alongside a few key
customers.
26. Then we raised money
• We raised a $5M series A financing
based on this feedback.
• Normally you’d raise later than this, but
we already had firms predisposed to
give us money.
• Today it would be typical for a company
to get much further along before raising
a round
• Cloud computing and low-cost
distribution channels allow companies
to get much further along before raising
30. What tier?
Start at large companies!
Larger budgets
Most public scrutiny
Largest amount of data to
protect
“Name brand” references
!
!
Start small, build up!
Less demanding
Shorter sales cycle
More innovative
Gain experience before
going big
31. What we learned
The strongest feedback came from
large companies in regulated
industries
In this market, the larger companies
were more, not less innovative
Drivers were regulatory and
reputational risk.
“Keep me off of the front page of the
WSJ”
32. What we did
Laser focus on large companies in regulated
industries, primarily protecting customer data
De-emphasized the rest and even ignored some
smaller companies that came to us ready to buy
This focus meant we would lose deals that weren’t
in our sweet spot
36. How we found out
• Built trust with prospects
• Spent time with them as they walked us through
actual internal breaches and their costs
• We showed them several kinds of policies and
got their reactions to each
• Found that almost everything they talked about
had to do with consumer PII (personally
identifiable information)
37. What we did next
We pivoted away from an
earlier idea - tagging
emails and documents
We focused instead on
one that could identify
and protect large
databases of consumer
data
Contrarian move - at the
time DRM was the next
new thing
38. Next Question: what threat do
companies care the most about?
• Data escaping via outbound
email
• Data escaping via web posts /
web mail
• Data escaping via FTP, P2P
networks, other internet file
transfer
• Data escaping via thumb
drives, DVDs, and lost laptops
39. Do they want block incidents
or simply monitor + notify?
Block!
Prevent the incident from
happening
Avoid cost of the incident
Provide assurance to
customers
!
Monitor!
Less disruptive
Less expensive
Allows education and
policy changes in
response to incidents
40. Our minimum viable product
We did Not
Focus on data loss
Malware, anti-porn, URL
monitoring
Focus on customer data
Documents, intellectual
property, financials
Email only Webmail, thumbdrives, FTP
Monitoring only Endpoint blocking
Tools for remediation Simply logging them
Great reporting Reporting as afterthought
Focus on large companies Sell to anyone with money
Some competitors did “more“ but ended up losing
41. What happened next
• Responded to an RFP from
Bank of America
• Focused and won the deal
• ~$500K, over time grew to
several million
• Needed to promise several
near-term features to win the
deal
• Made them referencable
and a champion
42. Takeaway:
!
The “minimum viable product” can often
be way more minimal than you think.
!
Do a few things, and do them right.
!
Customers will want more, but if you are
solving an important problem, they will
be patient.
43. Example MVPs
• Created an “explainer video”
demoing the product, got > 100K
signups, didn’t ship product until 18
months later
• Went to shoe shops, took pictures of
shoes, put online. When people
ordered, went back to shop to get
shoes.
• Started with one plane and one
route. Perfected their system and
then expanded
45. Other things we learned
• Opportunity to sell high - to the CSO/CIO level
• Bring in experienced enterprise sales reps
• Partners were not a large factor - we had to
evangelize/sell ourselves
• Employees with security experience often did
not do well in the company
49. We obsessed about
Team - Putting tons of time and
money into recruiting, and removing
bad hires
Training and team building -
constant trainings and company
events
Transparency - everyone at the
company had access to almost all
information
Customer success - making them
reference able and our champions
Planning and forecasting - quarterly
replans, goals and objectives
53. Key takeaways
• Validate, validate, validate
• Build your product with customers. Seek face
to face meetings, not just metrics
• Seek focus
• Get an MVP to market as quickly as possible
and then iterate!
• Obsess about people
