The cloud security market is super interesting right now. There's lots of sub-categories. It's confusing where the boundaries are between them all. And it's incredibly fast-moving. Things are changing all the time. 

In this episode, I chat with Liat Hayun, the co-founder and CEO of Eureka Security. We talk about why she felt compelled to leave a big secure company and start Eureka. The first few steps that she and her cofounder took to get going. Eureka's positioning in the cloud security market and how thoughtfully they started their go to market motions. And finally, what type of vacation Leah, her husband and daughter, like to go on. Don't go away. Welcome to the Sales Bluebird podcast, where we help cybersecurity companies grow sales faster. I am a longtime cybersecurity seller leader and now go to market consultant Andrew Monaghan. And our guest today is Liat Hayun, co-founder and CEO at Eureka Security. Liat welcome to sales bluebird.

Liat Hayun 00:01:09

Thank you for having me.

Andrew Monaghan 00:01:10

I'm looking forward to this league. Well, for two main reasons. One is Eureka is in a really interesting and much-needed space, but it's very noisy. So I'm keen to learn and understand from you how Eureka is positioned and the things you've learned about how to do that. And the second thing is, you've been in your history at a couple of big organizations, and then you went straight to a small one and co founded the startup. So, interesting kind of dynamic about making that decision to switch over. And I'm sure there was a bunch of things that went into that. 

A quick break to say that this episode is sponsored by It Harvest. With over 3200 vendors in cybersecurity, it is hard to keep track of all the latest developments, as well as research and analyze categories and subcategories within cybersecurity, which is where the It Harvest cybersecurity platform comes in. Want to know which subcategories in cloud security are growing the fastest? You'll get it in a few clicks. Want to know and track everything about your main competitors and keep up with their hiring and use simple search to be done? Want to know the top 20 fastest growing companies based out of Israel?

Just a couple of clicks to get that. It Harvest is the first and only research platform dedicated to cybersecurity. And it's run by Richard Steinnan, who has done it all in cybersecurity. From the VP of Research at Gartner, a CMO at a cybersecurity vendor, a lecturer on cybersecurity, advisor to startups, advisory board member at Startups, and a main board member as well, the whole lot. Find out more by going to salesbluebird.com/RESEARCH. That's sales bluebird.com/RESEARCH. Now back to the episode. 

Well, let's talk about the business side of this then. I looked at your LinkedIn resume here. You spent almost seven years in the IDF in Israel, and then almost six years at Palo Alto Networks. And then after six years there in product management, you decided that what I was going to do was leave there and actually start a startup, go find a start up. So let's go back to that moment, where were you, who are you with? What was the thinking that said, you know what, I'm going to leave the safe world of a big company with benefits and paychecks, things like that and go and do a startup?

Liat Hayun 00:03:42

Yeah. As you already understood, leaving Palo Network wasn't an easy decision. Not from a work-life balance perspective or just benefits perspective, but also not from a professional perspective. It has been and it really still is a great company, but for me it was more around building something new. And Palo has been great at taking products and kind of using that seed to grow something out of. And I kind of wanted to focus on that earlier stage. But really what made me turn that corner was my co-founder Asaf. So Asraf and I have been working for 15 years now, even more than that, working together for over 15 years. And it was just kind of those, one of those meetings where we were both talking about maybe considering leaving our current workplace for Mate, with Palta Networks, for staff. It was Microsoft and what, what would it be that we would, we would do next? And throughout our 15 years of working together and the idea for Palta Networks, we used to kind of think about or make fun of us starting something together. How would that be like? And it kind of seemed like the right opportunity. We also had a great space that we knew we would be focusing on. So all those stars aligned really well from a personal perspective, from a professional perspective, and from a focused perspective. And that was just it. We just decided to take a look.

Andrew Monaghan 00:05:11

And that happened over dinner. Was it in your living room one day? What was the moment?

Liat Hayun 00:05:17

So my guess is that to be honest, I don't know if it was just one point in time or that it was a process. So I think he kind of decided to leave Microsoft a couple of months ahead before that. And it was like, will we, won't we? Should we? And it was just a chain of smaller decisions that kind of led to that. In addition to the professional considerations that I had in mind, it was also as big of a family decision as it was a personal professional decision. We were just coming out of COVID as the world just coming out of COVID My husband was just finishing a very intense parole. He's still in the IDF in the Navy. So it was kind of, you know what, this is going to be it. And I don't even remember, I could probably find the WhatsApp? Text. That was the final call for that. But it was just this process of conversations both for each of us with their families, but also between the two of us. And my guess is that if I'll search through my WhatsApp history, I'll kind of find the text that says, you know what I'm in or vice versa.

Andrew Monaghan 00:06:30

So then you're at that moment, what happens next? Do you start coding? Do you try and raise some money? What's the process?

Liat Hayun 00:06:38

So we were fortunate enough to kick things off when I would say at the height of the market, in retrospect back then was the height of the market. So the challenges were, from our perspective, weren't as much about fundraising. It felt like it wouldn't be, not necessarily. We didn't take that for granted. But we felt like it was more for us to make sure that we can achieve the level of conviction that we wanted to get to in identifying a problem that is interesting enough for the world, interesting enough for us personally and that we're able to solve. So we've decided to take a few months and just focus on that. Just try to talk to as many organizations as possible, leverage as many connections as we could to make sure that that is indeed the case. That kind of the broader space that we had in mind, which is around protecting data in the cloud is in fact something that organizations are struggling with, that we are curious around solving and that we think we know how to address it. And then once we realized that that is indeed the case, that those three things overlap, that's where we decided to start coding and raise funds. We did some very small proof of concept in the process, but it was more around again, making sure that the way we think this could be addressed makes sense and less around a prototype at that stage. So that was how we spent the first four or five months of our journey. Throughout that time, Asaf also had his first kid and I moved home. So it was kind of made sense for us to kind of take that time before hitting the gas battle and starting to move faster. We wanted to take that time to lay the groundwork that we know we needed to from again, from both the personal perspective and from a technical perspective. So once we did fundraise, we could start moving as fast as we could.

Andrew Monaghan 00:08:38

And was it just the two of you still at that point?

Liat Hayun 00:08:40

Yes.

Andrew Monaghan 00:08:41

Okay, what point did you start getting more people coming on board?

Liat Hayun 00:08:45

So we had a few people. Obviously as you start this journey, there's a level of stealthiness that you try to keep. But that being said, people who work closely to us were always curious about what it is that we're going to do next. As I was leaving Palta Networks, as the staff was leaving Microsoft, some people were curious about what we're going to do. And for the folks that we were closer with, we shared a bit of what it is that we're going to do. And we had a couple of people that told us, let us know we'll be there once you start hiring. So as soon as we raise funds, we start bringing in the first team members. And in the first couple of months, we decided to be very deliberate around hiring a small but very strong team of engineers to be able to start building the infrastructure for what is now a broader platform. So there's a lot that we do that can be I wouldn't say it's not repeatable, but kind of from a structural perspective seems very similar to one another. So we decided to build that infrastructure first and then bring the rest of the team on board later on.

Andrew Monaghan 00:09:54

And looking from the outside, it would seem to me that in Tel Aviv or in Israel, it must be quite tough to keep it stealthy because it seems like everyone's from the same spot, everyone came from IDF or 8200 and you all know each other, it must be tough to keep under wraps.

Liat Hayun 00:10:09

Yes, that's definitely the case. I think one of the Israeli ecosystem is very tight and everyone knows everyone. Everyone has a friend in it's, lots of fun, but it also creates some challenges around whether or not you want to keep something a bit quieter or do something without everyone knowing about it. So during the time of I called that initial process, we did validation. We were fending off VCs that tried to figure out what it is that we do and obviously try to be quieter to at least delay any competition that would come up because we knew competition would come up. I wouldn't say we did an amazing job. There's always this balance you need to strike between trying to keep things under the radar as opposed to coming out with what you do. So obviously when we talk to prospects or just security teams and organizations that we wanted to run this idea by, you obviously need to share what it is that you do. So you need to make sure that you're not taking that to an extreme where you're trying to be so stealthy that people don't really get it with what it is that you're doing, but at the same time not to necessarily broadcast what you're doing. But that being said, we very quickly realized that there are other teams in this space that are running in parallel to us at about the same time. So despite of us again being very quiet about what we do for the first few months, we actually decided to come out of stealth as a company only three months after the seed investment. So all the articles and headlines you see about this team coming from this background raised this many millions of dollars. We actually decided to do that three months after the company was officially founded, before we had Ga product. We had a prototype back then and some design partners, but nothing we could sell yet. And part of the reason to do that is because we wanted to make sure that we become synonymous with the space we're in and with the problem we're solving. So those are the trade offs that we felt we needed to balance.

Andrew Monaghan 00:12:18

So I guess the danger is that other teams, they come out of stealth and own the narrative around the space and you're seen as some sort of side player, almost, right? That was the danger, I guess.

Liat Hayun 00:12:28

Exactly.

Andrew Monaghan 00:12:29

Yeah, I get that. Well, let's get on to Eureka. If I was a twelve year old CISO, if there's such a thing as a twelve year old CISO, how would you answer my question? What does Eureka Security do?

Liat Hayun 00:12:41

So many organizations today store data and cloud infrastructure. Obviously. Hopefully any CISO knows that even, even if they're twelve, store information in infrastructures like Amazon Web Services and Azure, and Google cloud Platform and Snowflake and so on and so on. So almost any modern organization uses at least one, sometimes more, sometimes all of the infrastructures that I mentioned, and part of what they use it for is to store organizational data. So think about your we just talked about Twitter. Think about all the personal information that I have there. It might be my phone number for authentication, it might be my personal information, my email address, and so on, that is stored in some server. And it's very likely for that server to actually reside in some cloud infrastructure as opposed to 20 years ago, where it was stored in a room at the bottom at the basement of the corporate offices. Now, the cloud allows many great things in terms of agility, in terms of flexibility, in terms of how dynamic things are. But that nature, that very dynamic nature of the cloud also makes data flow more easily and ease of flow, how easily data flows within the cloud environment. Again, some might view it as a bug, some might view it as a feature, but from a security perspective, it just means that it's much more difficult to protect. So think about trying to protect water, basically, right? So you have these water reservoirs, and then all of a sudden something spills. When you try to transport water from some place to another, someone loses a bucket on the way or spills it over. So we want to make sure that when that happens, and maybe that's where the metaphor kind of breaks, it doesn't put the water at risk. You don't want them to get into a location to the wrong ends, to be accessible to anyone from outside of the organization because, and kind of going back, stepping away from the metaphor, back to what we do, because it's your data. And as much as data can fuel the organization and the business, losing track of it and not protecting it well can also impact the organization's security reputation. They can find themselves in compliant and defined. So the motivation to protect data is definitely there. The risks with using the cloud for data storage and for the movement of data are now becoming more predominant.

Andrew Monaghan 00:15:27

So if I look at this whole space, it's the ultimate list of four letter acronyms. You got CWPP, you got Cnap, you got Kim, you got CSPM. You keep going, you barely run out of different options out there. Where does Eureka fit into that whole ecosystem?

Liat Hayun 00:15:47

I think the problem with all the acronyms you mentioned is that they usually focus on a vertical, right? Take CSPN for an example, that focuses on cloud. Take endpoint security. That's the space where it came from that focuses on endpoints. So you have this focus that is based on the infrastructure. But what is lacking today is to provide the organizations the ability to focus on data. And data can reside in public cloud, it can reside in data warehouses, it can reside in data lakes or databases of service. And there is no holistic approach that exists today, no tool that allows that approach, where organizations can manage how data actually needs to be managed, how data needs to be protected, as opposed to how this SG bucket needs to be configured. And when you're trying to find all the data, or even ask yourself, do I have any sensitive data that is accessible to someone outside of this very specific team in my organization? You need to now actually translate that question into the variety of controls and configurations you have in that variety of technologies and try to answer each of each and every one of those separately, and then combine that back to get the answer you actually wanted to. What we're helping organizations do is have the holistic view of all their data assets and be able to ask data centric questions and apply data centric policies on that data, regardless of the underlying infrastructure.

Andrew Monaghan 00:17:18

So, I don't know, it might seem a little of bit a strange question, but why would an organization care about that, right? If I hear you're right, they're protecting everything that data sits on. Is there regulations they need to care about? Is the policies mostly about data? Or is it policies any more about infrastructure? I'm trying to understand what's the big thing for them.

Liat Hayun 00:17:39

Yeah. So, first of all, the term they protect everything data sits on. We see organizations time and time again leveraging great cloud security tools in the way they should be leveraged, using best practices, having zero alerts, and still have data at risk. And the reason for that is twofold. So from a breach perspective, from a data risk perspective, you can have data at risk even if the asset itself, if the technology is well protected or well configured. So take just a very simple example. Take over permissive credentials, over permissive access to data. You can have the Astri bucket be well configured to be not publicly accessible. So you can't blame anyone for accidentally leaving the door open for anyone to get into. But you now have all those people in the organization have access to this data, and that data might be sensitive. So that could be abused by either purposefully or by mistake by a malicious actor in the organization. And data can find itself in environments that you're not usually investing as many efforts in protecting. So you might have this dev environment, a QA environment that the cloud security team doesn't even care about, but then someone copies data, they test out, they reproduce the bug they just had in production, and they accidentally leave the data there. So those are all things that can happen even though you have all the data well protected. So that's from a breach perspective. And the second motivation that is now increasing is the regulatory motivation. And that's where almost every industry that stores the sensitive data needs to comply with regulations and compliance criteria that are sometimes specific to the specific type of data to the industry they're in, sometimes specific to the geography they operate in. So for any credit card related information, any payment related information, you have regulations like PCI, DSS for health information, you have HIPAA. So those are two types of industry specific regulations. And then probably the most common geographical regulation is GDPR that the EU came up with about eight years ago that regulates how personal information of European citizens needed to be protected, secured, encrypted, who should have access into, and so on. So even if the breach motivation is not high enough, organizations might actually be fined or in the extreme cases, even be denied from operating in specific geographies if they don't comply with these types of regulations.

Andrew Monaghan 00:20:25

Yeah, essentially what you're saying about the risk and engagement side, I remember years ago I worked for an Se who was really good about explaining this. It's slightly different because it wasn't necessary, but he would say, if you think about even something like dates on your phone, whether you do you have a document or a record or something like that, think of all the places that will go. It will go into the cloud somewhere because it's part of some SAS app. It will go into your dropbox, it might go on to your laptop. A laptop might get backed up somewhere internally to the organization. Before you know it, that one piece of data through you do nothing, ends up in like eight or ten different places. And I often get to view data as something that I think one school of thought is, oh, you corral it, you try and contain it. I don't think I've ever worked in the last 25 years of data security, so just recognize it's going to happen and say, well, let's try and figure out how we protect it and control access to where it goes. Seems a much more agile way to do it, rather than worrying about every last place it goes and trying to secure each of those.

Liat Hayun 00:21:22

And just think about organizations today. Right. If you take five, maybe ten years back, AI and ML were kind of buzzwords that maybe the most progressive, most forward thinking organizations started to adopt. Now, you don't have any organization that doesn't use at least some level of AI and ML. Every app you purchase through stores some data about your purchase history and what they can recommend you and how is it similar to other purchases. This is all ML. Right. And to fuel that, I'm not even talking about Chat. GPT and other even more advanced evolvement in that field. But to be able to fuel that, you need to store the data organizations so they can't allow themselves to limit the storage and use of data within your organization. And CISOs cannot be the one saying, oh, we can't protect this. Please don't do this. Please don't move data around. If they'll do this, they'll find themselves in other organizations, probably not in the one day that actually needs to do that. So, as you said, they need to find a way to say, do whatever you need to do for the business to move forward, but we need to somehow understand how we protect that very sensitive asset.

Andrew Monaghan 00:22:32

You have to live under a rock for the past two years not to have heard about the success and the buzz that Whiz is getting in the wider cloud security space. How do you think about that as a company that's perhaps a little bit newer than they are in trying to get your differentiation and your unfair share of attention out there?

Liat Hayun 00:22:54

Yeah. So, first of all, I'm very happy for them. They are very close friends of ours with the staff being personally involved in our journey. So I'm very happy to see their success. And I think in many ways, they paved the way for other tools to be able to use similar concepts and to be accepted in other organizations. And what I mean by that is that before, with similar players, organizations didn't necessarily think that they can do things without deploying tools on the actual infrastructure. Right. They thought, if we want to protect containers, we need to have agents. If we want to see configuration, we need to have something running within our environment. And in many ways, the modern cloud protection tools helped shift that approach and helped shift that mindset into the cloud doesn't only offer the ability to be more scalable, more agile, more dynamic in how we leverage our infrastructure. It also allows us to protect our infrastructure in a way that wasn't possible in an onprem environment that has been great for us so far. Right. We started the conversation, like, five steps forward from where other tools in similar spaces had to start the conversation two years ago. And Dwiz does what it does very well, which is protecting cloud infrastructure, protecting public cloud infrastructure and the assets in it. That being said, what we found is that data requires both a different approach in the depth and in the breadth that we look at. So I'll start from the breadth first, just because it's easier to kind of understand. Very simple examples like snowflake and data bricks already help you understand that protecting data in most organizations can't be done just by protecting public cloud. So from a breadth perspective, if you want to be if you want to be protecting data, you have to be wherever data is found. And if you want to protect the infrastructure in which data is stored, that goes beyond just public cloud from a depth perspective. And I think that's something that folks that aren't coming from this space are sometimes struggling to understand, is that protecting data is a data problem. We talked about all these regulations, we talked about over permissive access to data and so on, to be able to even understand if you have an issue, if you have a gap, if you have a violation. And to be able to understand how to mitigate that risk, you have to understand the data itself. Just one example that we've been talking to with a healthcare provider not recently was around HIPAA. So just to give you some context, your personal information, if it comes into the organization from a medical prescription that you have, that is considered HIPAA regulated information, even your name. But if it came through your registration to a website, that is just pii, it has some regulations around it, but not as restrictive as HIPAA. So understanding where the data came from, where the data originated, is critical for organizations to be able to comply with HIPAA. And that is not an infrastructure problem. It doesn't matter how well you protect your AWS environment or your Azure environment, doesn't matter if you're able to limit access to all your SG buckets. You still won't be able to comply with HIPAA if you don't know where that sensitive information originated from. So being able to understand the data and the context of the data, what is the data, where did it come from? And then to complement that with a good understanding of how is it managed, where is it being accessed from, who is it being accessed by? Which parts of the data were accessed is critical to be able to actually protect the data itself, and not just the container figuratively, not the cloud container in which it is found.

Andrew Monaghan 00:27:02

It's interesting. If protecting data was simple and straightforward, we'd all be doing it already before now, right? But even in the on prem world, actually protecting the data itself is actually quite hard to do because of the thing that you mentioned. So it presents an interesting challenge to lots of people within a day. I often think that how many laws are there around the world about notifying the public about breaches that do with the vulnerabilities and misconfigurations? Well, zero. How many laws are there about breaches and data gets out? Well, lots. Right. So data is what matters. At the end of the day. Let's get to know a bit more about Uliat. I've got 35 questions. I'm not going to ask you 35 questions. I'm going to ask you to pick three numbers randomly between one and 35, and I'll read out the corresponding question.

Liat Hayun 00:27:50

Let's go with 410 and 19.

Andrew Monaghan 00:27:53

Four. What's the scariest animal?

Liat Hayun 00:27:57

Mosquito. I guess that's the right answer for that. It's like a test. Yeah. No, I don't know. I don't get scared with a lot of animals. I don't like bugs, but I'm guessing the normal amount of not liking bugs. I used to dive with sharks, so I don't find them very scary. I guess not, but I really hate mosquitoes.

Andrew Monaghan 00:28:17

Do you get a lot of mosquitoes in Tel Aviv?

Liat Hayun 00:28:19

We do, especially summertime when it's very humid, and for some reason my husband and daughter don't get stung at all, and it's like I'm their mosquito net. It's like every time we go somewhere, I have all these bites and they're like, what are you talking about? It's all fine.

Andrew Monaghan 00:28:35

All right, number ten. Most used app on your phone?

Liat Hayun 00:28:40

Definitely Twitter. Probably to use my email app is up there with them, and then from time to time, the variety of airline apps that I have would be very used as well.

Andrew Monaghan 00:28:56

Yeah, I bet. I actually took Twitter off my phone a few months back.

Liat Hayun 00:28:59

It was probably a smart move. Yeah. It also became very bad.

Andrew Monaghan 00:29:04

Well, that was a thing for me. One is I defaulted it way too much, and then secondly, you get in there and it's just like there's a lot of people talking about a lot of bad takes on things and bad things going on if I don't need that in my life. Really?

Liat Hayun 00:29:18

Yes.

Andrew Monaghan 00:29:18

So now I just shoot myself a desktop, which means I only dip in, like, once or twice a day and very quickly move off it.

Liat Hayun 00:29:25

So for me, it's kind of the opposite. I only do that when I have, like, five minutes, like in the elevator or waiting for the bus or something. I very rarely just sit on the couch at home and watch Twitter or read Twitter, but yeah, it happens more than I would have wanted.

Andrew Monaghan 00:29:40

What was the last number you gave me? 1919. What's your favorite vacation destination?

Liat Hayun 00:29:48

I don't know if they have, like, one place. Me and my family really like hiking, so we actually try to go to different destinations to do that. Most recently, we spent about ten days in Bulgaria hiking the mountains and just visiting. I have a four year old, so obviously hiking, it took a hit how busy or how intense the hikes we do are. But we're getting her there. She'll get there.

Andrew Monaghan 00:30:20

We. Had one of those backpacks for kids that you put on to go hiking with the girls when they were young.

Liat Hayun 00:30:25

So we're at this awkward stage where she's too heavy to carry around. She's four, but she can't walk for 3 hours straight. So we're at that stage. But she's doing really well, so we're getting her there.

Andrew Monaghan 00:30:42

And how did you pick Bulgaria as the last place to go?

Liat Hayun 00:30:46

I don't know. We wanted something that was closed by, again, four year olds. So flying, we didn't want it too long of a flight. Also, taking time off does not come easy these days. So we wanted to make sure that every day we spend away from home and away from work is well used. We heard great things about Bulgaria and about the nature there and just the people and food and everything was true. So it was a lot of fun.

Andrew Monaghan 00:31:11

Yeah. My sister, she actually spent quite a few years living there, on and off. She was based out of London, would go there and she ran, I guess, accounts where the big It firms have big data centers, call centers, your development centers there, and she would run all the HR and recruiting for them for a while. She loved this, spent many months and years there. Good people with what she said.

Liat Hayun 00:31:37

Yeah, I traveled to lots of places for work, but never Bulgaria, just for travel. So I don't know. There's not much of overlap between those two types of trips.

Andrew Monaghan 00:31:51

Let's turn this around a little bit. I'm intrigued to know more about your go to market. Tell us about your sales team right now. Yet.

Liat Hayun 00:31:57

So we have our go to market team. Excluding me is four people, even though I do include myself most of the time. We have two folks on the marketing side and two on the sell side. Three out of the four I didn't mention this in the beginning, but I am based the company is based out of Israel. He talked about Israeli ecosystem and then three out of those four are based in the US. Which is our primary market.

Andrew Monaghan 00:32:21

How did you know it was the right time to hire that first person on the go to market side?

Liat Hayun 00:32:26

So our first person on the go to market site was our marketing leader. We found that there's so much you can do in terms of especially in a market as crowded as ours, not just the data security market itself, but also making sense out of all the tools and all the capabilities and all the companies that focus on protecting the cloud. We realized very early on that the combination of that and our ability to not just gain more interest, but also to actually reach out and be more focused on that outbound motion requires a dedication, which is where we started looking for someone like Manny to lead the marketing efforts. And obviously when you think about our stage we are still a seat stage company. Those efforts already look very different from what I know, from bigger organizations, but are also going to look very different over time. So it requires that specific dedication around what it means to lead marketing for an organization at our stage. A lot of that is defining this category, defining the space, finding the right words, right terminology to how we talk about this both publicly, but also as we are starting to work with prospects and potential customers. So that's where we realized we need someone who knows how to do this and can help us find our path in that journey.

Andrew Monaghan 00:33:55

And then you move on to hiring a couple of people in sales then it sounds like.

Liat Hayun 00:33:59

So what I like about the rest of the go to market team outside of our marketing leader, who we purposefully thought out and looked for, is that the rest of the go to market team we built was, I would say almost opportunistic. And what I mean by that is that as opposed to finding or opening the right position and starting and finding the right people to fill it, we just found great people that we knew we wanted to work with and we realized that great people is much more important than the right timing. So we just brought them on. And that goes to both Ellie, Stan and Kelly. All three of them joined in that order to the team from personal introductions from many, our marketing leader recommending some of them. So it was really around once you identify great people, you know you want to work with might not be the best timing, but you still want to bring them on.

Andrew Monaghan 00:35:01

So when you were starting to bring them on and making the decision to do that and planning for it, was there something that concerned you most or things that kind of occupy your mind to make sure it was going to be successful?

Liat Hayun 00:35:15

So I think it's a combination of three things. So the first one is do they have the qualities that complement what we need at that moment? It probably comes through even today, but I tend to be somewhat technical, I don't know if you noticed. And really just having folks around me in the conversation that's help us focus on the relationship, on the outcome and not just as I get excited, just dive into the tech is really something that I was looking for to make sure. And I think that every team is a puzzle, right? It's all different parts. No part looks exactly like the other, but the combination of all those parts creates that great picture. So what I was looking for for most is make sure that those new pieces in the puzzle help us complete to an even better picture. So that was the first part around it. The second part is do they have what we need today to succeed? So, you know, I've worked with great sales leaders at Palace Networks, for example, that are amazing at leading hundreds of millions of dollars of business a year and leading international teams. I don't know how well they would perform with a low budget, low resources, hands on seed stage company. Right? So whether if it was looking at their current track record and seeing some indications that they can succeed or just being very open with them and talking about what it means to succeed in this environment. So that was the second thing. And then the third thing, which is specifically unique for that part of the team, is whether or not how well they would perform today, but can they grow with us as the company changes? Because at this stage, it really does change every quarter. It's like a different company and it's not just about being able to do that, it's about wanting to do that. There needs to be some passion around it and not just being afraid of changes. And do they have the flexibility to switch from one mode to the other? And that is, of course, in addition to what we what we look for for every employee, especially at this stage, which is still 20 employees total, is being a great team player, being very hands on. No one shies away from any part of the work. So all of those are just being added on top of those.

Andrew Monaghan 00:37:58

Was there a moment as you brought them on that you thought, this is actually going to work out with all that apprehension? When you bring new people into the mix, you think you made the right decision. You hope you have, but until people actually start working together, you're not quite sure. Was there a moment you're like, yeah, actually, this is going to be okay?

Liat Hayun 00:38:15

Yeah, there were various moments. I think every now and again in a customer conversation, they say something. I was like, wow, I never think about asking that. That's amazing. Or they're able to identify as I was talking, they were able to identify some emotion or some movement in how the other side of the conversation reacted. They helped me start, even initiate processes that I sometimes wouldn't have thought about, but even if I had, I might have thought they were too early for us. I think the best teams are the ones that challenge you to go outside of your comfort zone, but in a way that kind of makes sense, right? It's not just about, oh, we should do all these crazy things, but really to be able to think outside of what I would do if it was just me. So I find myself kind of finding those moments with them very frequently. And I think I'm very lucky to say that, but yes, it's quite a team we built ourselves.

Andrew Monaghan 00:39:19

That's great. Let's flip things around a little bit here. Leah, you got a sense of the business that I have and what I do. Is there a question for me you want me to think about or address that might be pertinent to you right now?

Liat Hayun 00:39:31

Yeah, I think what I'm most curious about is what actions or what is it that CEOs and security leader and sales leaders at this stage can do that are not necessarily traits. Right. We are who we are, but what it is that founder, CEO, security, sales leaders. I keep talking about security leaders. You seem where my mind is at sales leaders can do to get better, right. What it is that what learnings or what type of characteristics we should adopt to be able to become better partners to our customers, to better understand their needs and to be able to work together. I think that's the end.

Andrew Monaghan 00:40:24

Yeah. Just as you were talking there, I was jotting a few things down here. I think one thing is the idea of immersing yourself as an individual and the team in the world that we're in, I think too often the temptation is to say look, I've got a lot to do here, I'm wearing five hats. Let me just focus on what I know is going to have a high impact right now. Right. Whereas if we take the time to say, well look, there's other companies, there's partners, there's organizations, there's associations, there's a whole bunch of things out there that if I go and immerse myself in those worlds then I get to learn, I get to adapt, I'll influence how I come to work and what I do. I think it takes a little bit of an effort to say I know it's going to be difficult but I'm going to go do that, whatever that might be. I know in the US we have things like issa. There's always conferences going on where if you show up not to find people to pitch to, but to figure out and learn and understand, then you're going to be a much more empathetic and understanding person when you taught the prospects. That's one thing. The other thing is that I think of all the big advances in sales tech in the last ten years when I was thinking like 15 years ago there was no sales tech, it was salesforce and that was about it. These days the marketscape is like 2000 companies. But I think the one thing that I think has probably the biggest impact, especially at early stage is some of the conversation intelligence tools. Common ones are coerced and gone. So I think people, when they hear about them, think that's really for coaching a sales team. We don't have 25 people in sales. Let's wait till we get a much bigger team before we do that. In my mind that's a mistake. Right? I think that if you think about what's happening at an early stage company, a lot of it is experimentation and trying things out and seeing. Let's try this way, describe what we do. Let's answer this question this way. And trying to be aware of all that, learn and understand and appreciate the reactions just on a live call was really hard to do. Very few people can do that. But wouldn't it be good if you're able to go back and listen through and see, okay, well, a, I didn't ask the question very well so I could approve that. B, the person that I asked didn't really understand what I was asking them, so I need to figure out a slightly different way to do that. But when I said this, they leaned in and started asking me questions, right. And it's that sort of awareness to understand of the dynamics, I think, which is very powerful. And I think the other side of these tools is that you imagine you fast forward a year or two fast forward a year, two, you've got 25 people in sales, you've got a whole bunch of customers, and then that one company you talk to in February 2023 comes back and says, hey, we're ready for you now. Right. Wouldn't it be good if you go back and listen to the three calls you had with them in February 2023, rather than relying on the notes from the salesperson or the the SC, whoever it was, from a time that maybe they don't exist, maybe people have left the company, right? You don't have the record. And it's just so powerful when you can go back and say, well, I remember what we noted was that you said this, this, and this, and you had this initiative. How did that work out, what worked, what didn't work? And you just show that you care about them. Right. I think these are the things that, as you approach them with the right learning mindset, can have a big impact on your ability as a team or an individual to actually show up and empathize and understand with prospects. I don't know if that's the type of thing you were meaning, but that was what came to my mind as you asked.

Liat Hayun 00:44:10

No, it makes a lot of sense. And I think back when I was at Palta Networks, I had this notion, and I don't know if it was a palo thing or anything, or just my own thing, that sales and product management. There's obviously a lot of working together, but in a lot of ways, their relationship with the customer is almost opposite. Sales is all about selling, product is about more. You even avoid promising something just for a sale because you want to make sure you're taking into account a broader set of customers and not just that specific use case and so on. And I feel like what I'm learning in the last year and a half is that there's more in that than I thought. There's more in being empathetic to the customer needs and understanding the customer problem and working together to address it. As opposed to, I have this thing here. Do you want to buy it? I find that you were talking about the course calls, and as you were saying that, I thought it's not just beneficial for ourselves and our go to market team. Even our product managers get a lot from these. As you show a specific demo of the product for a capability, you ask them about something that works or doesn't work. Your ability to analyze their reaction and the way you phrase the question and what it is that they saw in a live conversation is really limited. So the ability to kind of go back and better understand what happened is great, not just for the gotomarket side of the organization.

Andrew Monaghan 00:45:41

That's such a good point. Imagine in cloud security, things are changing rapidly, right? And what you thought people wanted six months ago is not what they want now, and it's going to change in six months again. Wouldn't it be good if you could say, well, here are four snippets from calls where people ask for the same feature that we've never heard people ask for before, and you just package up and send it to the PM and say, There you go. What else do you want me to ask to understand better, or do you want to join this next call? That collaboration, I think, is priceless.

Liat Hayun 00:46:08

Exactly.

Andrew Monaghan 00:46:09

Well lit. I really enjoyed the conversation today. If someone wants to keep going and get in touch and explore opportunities or partnerships or becoming a customer, what's the best way to do that?

Liat Hayun 00:46:19

So the best way to reach out via LinkedIn? My inbox is open, so I'm more than happy to continue the conversation.

Andrew Monaghan 00:46:25

That's great. Well, listen, I wish you all the best. Are you going to be an RSA this year?

Liat Hayun 00:46:29

Of course. I wouldn't be a security vendor otherwise.

Andrew Monaghan 00:46:33

So I look forward to catching up with you to RSA and for the rest of 2023 and 24. Well, once again, I really enjoyed that conversation with Lee. Eureka seemed to have a lot going on with some unique things that they're doing and their approach to run data. I had three takeaways for myself. 

The first one was that they very thoughtfully hired their marketing leader first, and they were realizing, in the process of going out to do their customer discovery, that other teams are working on the same sort of area. I didn't want them to own the narrative around this subcategory inside cloud security. So they decided that coming out of stealth and doing it in a way that helped them get more than their fair share of the buzz and the noise in the market was going to help them in the long term. I thought that was really interesting, how they approached that. 

The second thing was this whole idea of differentiation around protecting data itself. Now, you know, I first sold a data protection product in 90, 98. So I don't know, part of my heart, of my soul and cybersecurity goes way back to that and, you know, the importance of being able to do it. But I learned along the way, it's incredibly difficult to do, right? You got to balance a whole bunch of things to be able to do it well. So the idea that they are coming to market in this space, thinking about data, how to do it effectively, it will be so powerful if the whole data security in the cloud space really comes to fruition and maturity so that lots of customers get the benefit of doing it. It's so impactful when you protect the data itself as opposed to all the things around about it. 

And then thirdly, our discussion towards the end there about the learning to be done at this early stage. It is all about learning. It is all about trying things, experimenting, thinking about different ways to approach people, the types of ICPs that you might have. All that is at the very least is somewhat fuzzy and better ones, where you've got a little bit of clarity. But still you got to experiment and learn and then keep doing that as you go through the scale up process. I love how you team are thinking about that and some of the things that they're doing. Keep that learning culture there. 

So I really enjoyed the conversation with Leah and I wish that you holding a good team. Every success for this year and beyond.