Password list is an area I intrusively get and understand. It's kind of in the name after all, right? But it's not something that I really know much about in depth. Which is why I enjoyed this conversation with Michael Gwynn, the VP of Sales at IDmelon.  Listen that in this interview for the role Microsoft has in their go to market how  IDmelon has a strong time to value story and great magician analogy that we chatted about towards the end that I just loved. So don't go away. Welcome to the Sales Bluebird podcast, where we help cybersecurity companies grow sales faster. I am your host, Andrew Monaghan. Our guest today is Michael Gwynn, Vice President of Sales for  IDmelon. Michael. Welcome to Sales Bluebird.

Hi, Andrew. It's great to be with you. It's great to talk with you today.

I'm looking forward to this, Michael, because we're talking about an area which fascinates me, interests me, but I'm by no means an expert in it and the dynamics of the market. So I'm keen to learn from you about what's really going on in this segment of the market and what IDMelon is doing that's different. Like many segments inside our world, it seems like it's quite noisy. And me as a complete layman, looking inside the outside in, it's tough to really figure it all out. So I'm in education listening mode today to pick it all up from you. So I'm really looking forward to that. 

A quick break to say that this episode is sponsored by It Harvest. With over 3200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as research and analyze categories and subcategories within cybersecurity, which is where the It Harvest cybersecurity platform comes in. Want to know which subcategories in cloud security are growing the fastest? You'll get it in a few clicks. Want to know and track everything about your main competitors and keep up with their hiring and use simple search to be done? Want to know the top 20 fastest growing companies based out of Israel? Easy. Just a couple of clicks to get that. It Harvest is the first and only research platform dedicated to cybersecurity and it's run by Richard Steinan, who has done it all in cybersecurity. From the VP of Research at Gartner, a CMO at a cybersecurity vendor, a lecturer on cybersecurity, advisor to startups, advisory board member at Startups and a main board member as well, the whole lot. Find out more by going to salesbluebird. comRESEARCH. That's salesbluebird. comRESEARCH. 

Now back to the episode. Michael, when I look at your LinkedIn profile, it's varied is what I would think. I see names I don't recognize, that they sound like maybe medical companies. I see merchant processing, I see title company. I see bank of America in there. There must be some thread to what you've been doing before you get into the cybersecurity world that kind of ties all this together in terms of what you were doing in these places?

Absolutely working. I was first of all graduated at West Point, went into the army as an army officer for a while and came in. So since the beginning, when I worked with the biggest of the big companies, with Johnson and Johnson, I've introduced new technology to professional technology. So I spent the first years in civilian world working with doctors, open heart surgeons, telling them what they were doing in surgery was wrong and they needed to listen to me to that.

How did that go down?

It's great. You learn when to talk and when not to talk, but you also learn tact. So obviously you don't deliver the message like that, but you have to be really knowledgeable about what you're doing and how you're saying it. You can't go in and you can't fake through those discussions all the way on, continued through the online process and then work in security from introducing new technologies in security. And I worked with Hard cash security, worked with Bank of America in terms of online payment security, and learned a lot about that. Then I got into passwordless security through a company that deals with security keys and cards in that regard. And finally, the questions that I was kind of tapped answering through in terms of security and password list that we didn't have the answers yet to IDmelon They really went along and came in and answered and addressed each one of those items about passwordless security. So it was an easy transition for me to have the opportunity to become the VP of sales with Baram Perry on that. He is the CEO on that, very educational with his background on passwordless technology. So here I am at IDmellon, and we're looking at a passwordless platform for the technical world.

I'm curious how, as you made these different transitions, you went from really massive companies down to pretty tiny ones and what your thinking was if you had any trepidation about doing that and what you learned from making that big change.

You learned kind of early on in the career the term of you use the large companies for your educational and things like that, and then you kind of take the chance every once in a while on a small company. And with the small company, there's a lot more to do, but there's a lot more upside. So when the Internet was starting out and all the dot coms were there, I have the wallpaper full of worthless stock shares that just like a lot of other people have for that. And that's why, through the processes of doing it, I've also done startups and new medical technology that work great. Sometimes the buy out didn't include you in the buy out. So you have to be careful about the process and really analyze what the company is, what it's addressing into the market, and how it will be accepted and that's why the fit with ID Mellon. What's being presented here, what the market needs, is a great match.

But let's learn a little bit more about you, Michael. I've got 35 questions here. Good news is I'm going to ask you 35. Don't worry. I'm going to ask you to pick three random numbers for you. One in 35. And I'll read out the question they correspond to.

My hockey jersey is number 26.

26 one thing you own that you should really throw out?

Okay. Probably there's some shirts from we played hockey for years in Las Vegas tournaments, and every year you play, you get a New Jersey, and they went all the way back into the 90s. So some of the shirts from the Las Vegas hockey tournaments from the 90s are still hanging on, but they need to meet their departure.

Are they heading away in a box somewhere, or do you have them on the wall?

No, they're in the rotation. They're in the rotation, man. They're bed shirts and sometimes day shirts, but they have the year of the Vegas tournament, and every year they come up with a neat image for the tournament. But again, when you're talking 20 years old, some of them need to be put to rest.

Yeah, I can imagine that some of them get a little bit ragged by now. It's probably for the deal. Right.

But they have great, great memories associated with it.

So you're you're from San Diego. You're from San Diego. Now that's what you're based is that right?

Out of San Diego? Originally from Philadelphia by means of just moved down here from the San Francisco Bay area.

Got it. All right, one more number one in 35.

All right, let's go with number 16, please.

Yeah, you can't pick your own. Okay. Which cyber security startup do you admire.

Most right now and we can pick our own? It's a good question. There's a lot of security around Data itself where it tracks the security of the data. There's a number of different ones. I don't have the exact name, but at the last year's RSA meeting in San Francisco where we were one of the new startups, there was another startup in the area. So a little different than what we're doing, but it tracks all the data of a company and assigns it certain levels of security. I thought that was a great product and a needed technology for the security of data.

Yeah, there's some really cool companies in that space doing pretty amazing things. It's actually quite difficult to do without causing a whole bunch of friction, so it's good to see them figuring it out and really delivering some value. There one last number between one and 35, Michael.

The other number that were occasionally is 88, but since that is not allowed, we'll just go with one eight, please.

One eight. What's your favorite winter pastime?

Come on. Now you roll that in there but it is my winter, summer, spring, and fall pastime of ice hockey. I play least every week again, going to Vegas tournaments, we're going to dust off the skates. I'm headed to Vegas this year again for another ice hockey tournament to get one of those new shirts for the ice hockey tournament. So it's a great way to go out there. Ice hockey is a game where you have individual time, where you have to do things on your own. But I really enjoyed the team aspect of it. So that's where I'll be in the winter, summer, spring and fall.

Yeah. I've never played ice hockey, but I've certainly admired it from looking from afar. In terms of it seems to me it's one of the few sports where people play for a long time after their, let's say their teenage prime or their early 20s prime. And there's leagues and teams and groups that get together all the time to play. And I really like that about it. I grew up in Lrsfit, in Scotland, so in Scotland, we had that with rugby, we had it with soccer, we had it with cricket. Just you could play these sports all year round till whenever you want. There's the older teams and the younger teams, and there's leagues and the whole thing. It's something that I really admire about hockey as well.

Just real quick, this year I got the opportunity to play in the Charles Schultz Tournament. Charles Schultz is the creator of Snoopy and the ongoing dwelling. His office was actually right next to the rink, but he had a long time, still has the longtime tournament, and the players ages start at 45 and go all the way up to actually people over 80s in different levels still playing ice hockey from all over the US. And mostly us. And Canada.

I love that. I love that. Well, that's a little bit more about you. Let's move on to the business side of this. Let's talk about that then. If I was such a thing as a twelve year old CISO, Michael and I walked up to your booth at RSA and I said, okay, so what does IDmelon do? How would you answer my question? So I understand it?

I would first ask you, do you have a mother or father here with you? I would definitely explain it this way. I think even at twelve nowadays, young individuals know that they have to use a password, a username and password, to get into whatever digital device they have. And obviously it carries all the way through to an enterprise organization where all the users have to use the login and password. And I would really work to extend how dangerous threatening it is to the data that's involved and the access to the inner workings of the technology of the organization. That passwords allow numerous information and reports on passwords. First of all, the hacking portion of it.
Most passwords can be hacked in a few minutes, a few hours, even, with some of them. And as a result, organizations want to make the password longer, harder, more complicated, and it's more likely that you're going to have to write it down somewhere to do that, and yet it can still be hacked. So the goal for my discussion with this 13 year old CISO, would be to make sure that they know, first of all, that the passwords, that using a password is very dangerous. And then the second part of that would be let them know that there is a solution about going password list. And you don't want to just go passwordless in certain situations where it's not controlled by an organization. If it's an individual, they can go password list a number of different ways. But as an organization, everyone's access and security devices needs to be managed, controlled, be able to be turned on and off, and be able to be deployed relatively easily. So that's why we say the dangers of passwords, the solution is passwordless. And now IDmelon has the whole platform that allows the organization to go password list overnight with manage security, as well as bring your own device. So organizations that already have access cards, we can take that access card and make it into Fido security key, so it not only gets them into the building, but that same access card can now help them log on to the computers.

So that's interesting. Then what you did there is you kind of get education about why passwords are kind of not good. And then the real value prop for IDmelon, though, seems to be, and we make it easier for you to do that. I'm wondering what barriers do people have right now that's stopping them from going password list that you're solving for them?

And the industry term for that is the password list journey. And kind of the soft line for our company is that IDmelon simplifies the password list journey. The challenges as you're asking for an organization to go, that is that number one, it takes a long time. If you're using security keys or whatever the form factor you're doing, you have to get them sent to you, then you have to distribute, then you have to enroll everybody for that. That not only requires a lot of time, but there are significant cost to that, receiving the keys, sending the keys out, and the time to do that. What we do at IDmelon is that we enable an overnight deployment. So we take that time and cost and effort and make it so that the organization can go password lists overnight. And that's done by a term called on behalf registration, where we can register the individual so they don't have to go in and do a lot of complicated processes. And it's facilitated by a simple email that goes to the users, and then they can follow the very basic process to enroll themselves into the password list system.

And then in that world, are you complementing their existing authentication identity systems or are you in some way replacing them? Where's your place?

It's like the commercial, I forget the company. But we don't necessarily do the password list. We make the password list work better. Was Ever the company that I think that had that line? So pardon me if there's a trademark infringement. There not our usual course of action, but we can take that like an example of Microsoft. We put right over top of the Microsoft process and even work very complementary to that, so that the users on the Microsoft as your platform can easily be downloaded and transferred into our system. So it helps make the enrollment that much faster. And again, everything we have is to help have a quick, smooth and time sensitive enrollment process. So whatever an organization, if they're using a technology solution, we fit over top of that. And the other major part of what we can do is a lot of companies are also using SSO and that's single sign on. So where every time you go to a sub application, you'd have to sign on again, and sign on again and sign on again. And now there are many companies that provide that SSO, so organizations are using those. But the funny part is still at the beginning of the day, somebody's going in with a username and password to get into that SSO and it's like, oh, that's where the security risks and challenges on there. So we can take also that SSO and make it passwordless with overnight deployment, manage passwordless authentication and then bring your own device. So again, if they're all using a mobile phone, they have deployed mobile phones, we can use that existing mobile phone. If they already have the access cards, we can use those access cards so they don't have to go out and buy a new form factor.

I'm interested in the maturity of the market. When I asked you what you did, the first thing you need to do is kind of educate a little bit, right? Are you finding that most companies are actually on the journey already or are there a whole bunch of companies that are still sitting there going, I don't know about password list and you have to almost convince them or educate them that they need to take the step.

So I appreciate the question. I've been doing password list for five, seven years now throughout the process. And with that, when it first started, if you wanted to go password list, it was like, okay, now you have to take this software and download this and then it's only going to kind of work here and here, but it won't work there. And there now the password list applications, there's a number of different solutions and they're easily deployed in that. So you can now go back and do that. I just want to touch on. What was your last question there, just to make sure I addressed the question.

It's really the maturity of the market. Are most companies on the journey or still some of them throwing their hands up going, no, it's not for us?

Absolutely. Yeah, I appreciate that. So from the challenges that when it wasn't part of the system and it wasn't built in, now it is built in. Microsoft does a great job where it's built in. Apple is using it where it's built in. So I won't use my information, but Gardner is a leading report in the market segment, and they're predicting 40% to 60% of the companies now, and this is 2022. Numbers are looking to go, passwordless looking to go and actually going. Not necessarily the same thing, but it's definitely a valid topic. I love to see the reports of all that. Unfortunately, I don't love to see the reports, but there are many reports of ransomware and hackings and another database that we're all experienced has been hacked. And then at the bottom, they'll say, what can you do to prevent this? And one of the first things they can do is multifactor authentication. And that's going to change. For right now, you'll see where the growth of the market is, because multi factor authentication is just putting a second factor on there. The real answer is that is get rid of your passwords. And the people in the know that when you have a password, it's subject to hacking. In a recent interview that I did with Microsoft, they used my video code of you can't hack a password that doesn't exist. And that's really the bottom line in terms of why you go password list, because there's so many hacking and phishing schemes to attack it.

And what you're describing to me, looking at from the outside, is quite a noisy, complicated market. If we step back to just think about IDmelon, how is IDmelon getting more than their fair attention in the market right now? What's working for you that people are starting to hear about you and get to know you?

Yeah. First of all, the quality of what we're doing with our products. We are a Microsoft Intelligence Security Association partner. It's called misa. It's a group of security organizations of security companies picked by Microsoft, evaluate it, and vet it to be some of the leaders identified in the security realm. So we are a Misa member also. Our solution is fido certified. The Fido Alliance is an international organization of the who's who's of every company using a protocol that's available throughout that eliminates passwords. Fido itself stands for Fast Identity Online, and the certification of our product on that puts validity to that. So, again, as we see those articles, and now more and more discussions of getting rid of passwords, that's what helps us fit into the process. People know they have to have password solutions. There are a lot of password solutions that are out there. What we do is we're the third leg of the chair, so to speak, because we take whatever solution that they have and allow it for it to be deployed overnight, have management so you can turn them on and off, and then they can bring their own devices to it. So that access card. We have situations like teachers and organizations, they're not allowed to have mobile phones necessarily in the classroom, but they all carry their access card. So as an access card, we can make that access card as a password list device. And when we say password list, we also mean user nameless, but it's too long to say both of them. So you're not typing a username and you're not typing your password in. And again, for the teachers, they don't have to go out and buy new form factors. We can take their access cards and actually make that into a passwordless security. So when they come into the morning, it's the card that gets them into the school, and then it gets the same card that gets them into their computer.

I'd imagine that ability a reduces cost, but it's also a time to value for someone who's buying what you sell type of value is so important these days.

And that's why the 24 hours or overnight passwordless deployment is key, because it saves hard dollars on getting devices out to people, but it also saves a lot of time and the value of the staff time and also the value of the employee's time. If they have to do a complicated process to become password less, then it's not going to happen. If they have to carry a device that they're not used to carrying, it's an extra widget, or in this case, it's an extra security key that they have to carry and use every time, it's not going to work very well. But if they have the mobile phone, we can make that mobile phone a controlled password list situation or the access cards. And if they do use securities, even if the security keys even if the security keys are deployed, we can take them into the system and give management the opportunity to control those on and off, reset limit where they're used and how they're used. And that management feature also includes reporting on the functions. And if you just have a security key or a password list solution without all the reporting, you're not getting the full value that's needed from an enterprise organization.

Yeah, I bet that's true. Let's switch gears just a little bit here, Michael. I'm interested in the selling and go to market motions at IDmelon. And you joined the company just three months ago. We're recording this in February 2023. Were you the first person with sales in your job title of the company other than CEO?

Because any CEO knows the number one thing that they're doing is selling whether they're selling to get money. So Baron Perry is the master salesperson for the company. But yes, I come from a very strong and experienced sales process, as I understand now that you do too. So kudos to you for your background in cyber sales or It sales, as we discussed. So the process that we have is, again, we're trying to go on a quality train for that. With our partnerships with Microsoft, having the Fido certified devices. We're also going out and attending some of the larger events this year and making sure we're active in that. The RSA conference in San Francisco will be there. The Identifiers conference that will be coming up, it's actually in Las Vegas this year will be there. Gartner. And I quoted Gartner. Gartner is a leader in new technologies and they have a gathering. We'll be there. And then the Fido Alliance, we're also going to be at theirs. They're coming down to my home area in San Diego this year, usually is up in Seattle, but we'll see them later this year. And then we're attending the Hims conference, which is a lot of medical devices and products around the medical industry for security. So with those partnerships, that's our plan to do that. And we're also using a great video service like the ones that you're providing to help get the word out.

That's awesome. I love some companies are using more advanced things such as recorded videos or things like that. What I'm also curious, though, is when you join and you had the CEO who'd been doing all the founder led selling up to that point and you show up, how did you kind of get the information from your CEO about how they learned about how to sell what you have and how to position things like that? How did that transition happen?

Well, first of all, we've known each other from the industry for literally years to do, and that was the good part about it. He knew what I was about and what I was like and I knew what he's about. And that makes our offline meetings great to do that. The transition is that if I go into this company and say that I know it all and an expert on password list, I know a lot, but I never know it all and I'm always looking to learn. He puts on a great trainer's hat and literally this morning there was a few discussions that we have with clients that I needed some extra boxes filled in or some drill down information, so to speak. Barome is great at going through the steps and explaining it and compliment with my experience in that area, and it has to be met in the middle. I don't go in saying that I'm the expert at all this because I have to find out he's done this. The company has been around since January of 2020. So with the start of the new decade was when they started IDmelon. So he's been doing it a lot longer than I have, but we're seeing some great results. And when you go into large organizations and they're kind of blown away or they think that there's some kind of magic in what you're doing, that's pretty impressive. So I go in listening and not talking.

That's great. And you're picking up the knowledge and building out, at least in your mind, maybe the playbook that you can then think about the future. How are you thinking about the logical next step of hiring people in the sales team? When do you know is going to be the right time to do that and what sort of people you're looking to hire?

Yes, my experience has led me to know the term and live by the term of rightsizing, an organization you don't hire just because the sales are growing or fire just because sales are falling. If you're right sizing, you're doing it with the growth, and then if need be, if something goes down, you're adjusting to that. So rightsizing is an organization very lucky that we're in a situation where we're actually growing kind of the spot needs as we have them, we have some extra people in.

The technology behind the product is amazing, and there's always literally including today on learning new things that they're actually developing and deployment. In terms of technology, if there isn't a great technology team there, then it isn't possible to grow an organization. So the technology team is great. And then in terms of sales and marketing, we have some people, website focused marketing, social focus on that to complement what we're doing. So the next step will be as we're starting to get more and more customers in and more and more deployments, more and more ongoing billing and accountability, and then making sure we're shipping if there's someone needs a reader or something else, those admin roles will be needed more, and then the last will be additional salespeople in the process. And the sales people for our organization have to be skilled and knowledgeable in password lists and MFAS. But also, like me, they can't come in and say they know it all. They have to be ready to learn, because our platform, and we call it the IDmelon Password List Orchestration platform is not like any of the other solutions out there. And you really have to come in to listen about our new technology, as I'm still doing, before you can show what you know in terms of the password list knowledge.

I'm curious, as you were saying that, would you optimize your sales hiring for expertise or experience in the area, or would you hire it for the athlete, the person who is just a great person working hard in sales, doing their thing?

It's really important in this situation to have background in this specific environment, in this market segment of multifactor authentication. Because number one is the technical knowledge is continuously updating the use of. Now, if you've heard about Pass keys, the Pass keys are basically microsoft, Google and Apple getting together to have a new version of passwordless. And you can look it up, and we'll provide information that IDmelon is one of the first organizations that has apps to work with the Pass keys and make them more controllable. The systems that are made by Apple, Microsoft and Google. Only Apple is currently deploying it. But they're made for individuals and as an organization there has to be control over the Paskey situation and that's what we do. We're the first organization that has interaction with that. But getting back to the question because there's always something new in the technology or password list that's really required plus to kind of know who's who in the environment, who the players are. It was great that I had previous experience with a prior company working with Microsoft in terms of the Microsoft Intelligence Security Association because that in itself is an 18 hours day job. If you just wanted to focus on all the Microsoft requirements and opportunities, it's a good thing to have. But you want to have somebody that at least has the experience to know about that sounds like that might be.

A natural next hire than someone just to put on the whole Microsoft account, right?

There's so much to it. Microsoft is a great organization, we're lucky to be associated with them. But there's a tremendous lot of opportunities and you can't drop the ball. Pardon? We'll go with rugby since your Scottish background here. My son plays rugby, has played for years. I'm still trying to figure out the game. But you don't want to drop the ball when you're working on a Microsoft project. They have very strict time requirements and production requirements. So that's what keeps me up at night, so to speak.

Yeah. No, I get it. I'm kind of curious as well with this space being full of a whole bunch of different players all coming at it from different angles. When a prospect sees your product or the slides or whatever it is that you do in that first meeting, what's the thing that makes them stop and go whoa, how did you do that? Say that again. Whatever makes them just stop and pay attention. What's the thing that cares them like that?

We have kind of the in some of the presentations. I'll have a discussion before we even start slowing slides of what our audience, whoever I'm presenting to, thinks about. Magicians. Are they the ones that can be wowed by the magic or are they the ones that say wait a second, it's under his hand, it's in his back, he pulled it out. And usually the people who are in the technology space like myself are the ones that try to figure it out. They can't really enjoy the magic because they're too busy figuring out, no, he did it this way and did it that way. So when we say we can take any access card, any access card, and people try to ask us, well, does it have to be Fido certified access card, or can it be this type, or can it be any access card and turn it into a security key? So not only can you get in the building with it, but you can do your password list and username list access with that same device. They swear it's magic to do that. Once the tape stop rolling, I'll be more than kind of happy to tell you what the secret sauce is on that. It makes sense, and it makes sense security wise in terms of the process. So there's no crazy magic on there. And that's kudos to the organization's technology team that they have it so set up on that. And that's the magic where the kind of the needle goes off the record and they say, any security key, not only any security key, but if they have even a key fob to get in the building, we can do those. If they have deployed mobile phones, we can do that. And again, even if they have deployed security keys that they can't control, they can't turn on and off. They can't reset or restrict. That's when we can work with any of those.

I love that analogy of the magicians. One of the things I talk about with my clients is to give people dessert first, which is don't spend 20 minutes explaining all the things that you do and the infrastructure and the architecture and this slide and that screen and this widget and all the rest of it to eventually get to the big thing, which is dessert. Right? Give them dessert first and then explain, you know, how you got there afterwards, right? Because if you do it the first way, you bore people and lose them, and when you get the big reveal, they're half asleep and they'll pay attention. But I love your magician analogy. It'd be like going to a magic show, and the magician sits there and goes, let me first of all, explain how magic works. Here's what I do. I got my sleeve. I got a false block in my hat, and I got a bigger sleeve than you can see right now. And I got a funny mirror over here. Now, let me show you the trick. There's a much better analogy than reserve first.

I love that my son was in the magic, and we went through a show, and the magician obviously does comedy, too, and he's like, well, first thing in magic is you got to hold your hand in, like, a comfortable way so they know that you're just holding your hand there, and you still win the trick. But then they usually do magic to show that that's not really how they're doing the trip.

I love that. I love that. So, Michael, let's flip this around. Is there a question you have for me that I can maybe give some perspective to or some experience too?

I appreciate the opportunity. First of all, I appreciate the whole big picture opportunity to have this discussion with you and to be here with you on this production. The biggest challenge for us at IDMelon is to get our word out to the right people. The CISOs, the CTOs, and different organizations where the right people have to hear our message. I do value and appreciate and definitely invite your opinions from your experience on how we can get our correct password list management system or get that message out to the right technology people.

Yeah. You only went and picked the hardest question than cybersecurity selling today, right.

Well, you look like a smart guy. What can I say?

Looks are deceiving. Yeah, it is the biggest question a lot of companies have right now. How do we get even our fair share of attention? Never mind our unfair share of attention. And there's a lot of sales teams out there right now which are running on reasonably anemic pipelines because it is so hard. Right. There's 3000 or 3200 vendors in cyber security. We're all trying to reach the same people. They got CISOs in their title or some version of that. And there is unfortunately 1000 or 2000 companies somewhere in there. The math is going to collide. Right. It becomes a problem. And there's definitely leaders who just don't bother ever answering their phone, answering email from external people or whatever. Right. But there's things that we can do. And if you want a deeper dive in this and this is in no way teed up last week, I think it was, or say last week, this is going to go out probably early March, right about the middle of February to early February, I released an episode. I think the title of it was Four Ways to Reach Security Leaders. And it's basically just different kind of routes to reach them, as opposed to, say this on a phone call or anything like that. It's a much more overall company approach to doing it. But let me kind of try and apply it to your situation that you're talking about right here. I think with the Holy Grail is a CISO. Right? And when you have something as impactful as what you're doing, it has far reaching consequences. It's not just a box that's going to sit the network somewhere and do some magic, right. It's actually going to affect the whole organization. So therefore they'll want to get involved at some point because like it or not, when it comes to this sort of thing, they're going to be looked at internally to say it was their thing somehow their thing just to do with security. So it is a valid person to go after. I think with Cisco has got to the point these days, it's really with who you know. And you mentioned Microsoft. Obviously that's going to be a great route for you guys to get the attention of them through Microsoft who will have CTO CISO type attention. I know on the endpoint side, Microsoft's got a big footprint supposedly on their endpoint protection products. So that's going to be a great route for you. But there's others and I don't know quite the situation of IDML in terms of your financing, but there are VCs out there. Every VC is going to tell you that they'll do you introductions and they will, right. I don't mean to say they won't, but there are VCs that actually have a whole program about how they do it, and they actually have briefing centers, and they view their job is to fill the briefing center every week with big companies, and leaders of big companies are coming in, and they'll get their portfolio companies to get in front of them. Right. I've heard of some of the Israeli VCs actually flying in people from North America, CISOs and influences into Israel to go on a week long trip where they meet a whole bunch of companies at that level there. Right. And I know that there's variations of that throughout North America. So I think it's important, more important than ever that you'll take money from the right places. But the right places in my mind if you can, should include people with the program as opposed to just people who will say, yeah, we'll make some introductions.

That's one thing, I'm taking notes, I'm not writing love letters as you're doing. I value what you're saying.

We recorded this on the 15 February, so you're one day late for the love letters, I think. And the other thing, there's a layer of companies and I know, but I've heard of about six or seven of them, almost like between a VC and a company that just books you meetings, right. So it's kind of in the middle and really what they usually are is that they're a small company. They have their own network of CISOs that they know and they do things with their network. And the way they make money is they work with a small number of vendors and put them in front of all their security leaders that they interact with and they charge you for it. There's different ways they charge you. Some might do a monthly service, get a baseline platform fee. There might be a fee per meeting that actually happens and they might take a percentage of a deal. But they will have, I don't know, 40 to 50 to 60 to 70 people in their network and they'll say, okay, you guys do password list, I know Jim, Bob, Sally, Mary, John, whatever. And they all have initiatives next year on that, let me plug you in and they'll broker the meeting. They'll brief them beforehand. They'll brief you beforehand. So when you actually have the meeting its eyes wide open, you're there for a reason. It's usually higher quality and you can often get sales motions going the back of it. So if you're able to pay for that, what I've heard is people have really good results from that. Right. The other thing I'd say is that it's not always about going in at the Cisco level. I think it's very few and far between these days where they'll make a lone wolf decision and just kind of pass it down to their team. So I think the thing in your favor is if you can even get into the middle management level, director or VP of the larger company of security or some aspect of security, whatever you touch on your message must be that this will be highly impactful throughout your organization. And therefore we're going to want to involve CIO, CISO, CTO, head of desktop, whatever it might be, and get that group together where the CISO is part of that. Because if I was them, I would want to be involved because it is high profile. If it goes all wrong, they'll be the ones that get looked at by the CEO and they need to be aware and making decisions and the right things. So I think maybe a little bit different from many cybersecurity companies where it's something that actually should be involved in rather than us hoping they get involved in because of the way this might impact the organization. So going in at Middle is easier to get in there with a message that we're going to make your life easier as a Middle manager, but really we're talking about impacting the organization. Let's make sure we bring the right people in. I think is something I would consider as a way to connect, tackle it from both sides and also things to think about as well. There's all these events where they do speed dating events with people. So they'll hold a conference and you'll pay two thousand and thirty k to go to the conference as a vendor to sponsor it. But they'll get you ten or 15 meetings with attendees of the conference and you get to pick who they are. You say they'll give you the list and you say, I want to meet Pepsi, Coke caterpillar, wherever it might be, and they'll broker the meetings. They're less curated though, than the ones I talked about before. It's really just going to show up and they show up and hope they're ready to kind of listen. Usually about 1520 minutes long. And I think about those ones as well so that's I don't know a couple of ideas there to think about if you're not doing them already that are reasonably tried and true ways to get into the market is a little bit different than I think the thing that I would avoid, but you got to walk in very carefully, is let's just do some SDR type outreach, especially as early as you are. It can be a tough, tough road for someone to really make a difference and be over a long period of time and they require a whole bunch of handling from you. So if you knew these are things first, you can spend your money on events and connections as opposed to headcount, but it might have a bigger impact in the short term for you.

Got it. Now, the great guidance there, some of them are new, some of them were already kind of tracking. We're not at the point where we can spend a whole lot of money, so we really have to be careful in that regard. However, the creativity on some of these recommendations is noted and we'll follow them. I'll update you on how we do.

I'd love to hear.  Michael, I've really enjoyed the conversation. You've got some great things going on there. Really sounds like you've got a great value property. I love your 24 hours deployment message. I imagine that's going to at least cause people to say, wait, what? Tell me more about how that's possible. So I love the way you're approaching that. If someone wants to continue the conversation with you, what's the best way to get hold of you?

Well, by email is the easiest way. It's Michael@idmelon.com. And ID is what we focus on is identity. And the melon is because it has seeds in it with our technology. Seeds as keys, as technical keys. We are an asymmetric key pair in that there's a public key and a private key and our technology, so the seeds are sweet for everybody to use. So, Michael@idmelon.com, you can go to the website at idmellon.com and do that. Also, I can do individual presentations for organizations. And we have a great way of giving five user deployment of free version of the software so that anybody can use it and see the magic for themselves and actually deploy it with no cost for the duration of the evaluation. So it doesn't necessarily have to be we'll give it free for two days or two weeks or two a month or so, but during the whole evaluation process, they can have five users on that. So if they want that, they can just contact me at Michael@idmelon.com.

That's great. And you guys are going to be at the Early Stage Expo at RSA. So I encourage everyone to go and get up the Early Stage Expo and look at the idea Mellon right there. And with that, Michael, I wish you every success for 2023 and beyond.

Andrew, very great to talk with you. I appreciate the opportunity.

Well, I got a few things out of that conversation and really enjoyed it with Michael, the first thing I took was his idea of rightsizing. Always the sales team, always thinking about what the right roles to hire for are at the right time. And I think that's maybe something that we got to think about, especially if we do have a lot of venture capital money, right. The temptation and sometimes the pressure from the board is to make sure that we hire ahead of revenue. So we're geared up, ready for capacity for the year or two ahead. And the current climate in February 2023 might be that we backed off that a little bit, but I bet you that's going to come back pretty quickly, pretty soon. And I think as sales leaders we got to think about, we got to keep moving forward, but we can't do it too fast, right? Can we hire a couple of roles that are going to help out right now, have an impact right now, but also in the future rather than what we saw in the past, which is, well, it's our five or ten and rescale this thing before we're sometimes ready for that scale. 
The second thing that I took away was the effect that Microsoft is having on their right to market and on their business. Two edge sword. Working with a company that big, right, you can be the very, very small player and they can bully you, they can do things their way and just expect you to go along with it. But it sounds like they got a pretty compelling program that IDmelon has tapped into. It's actually set up for success for a company such as IDmelon. And there's no doubt when you could draft off the power and the reach and the sales force of a company like Microsoft, there's a lot to be gained by doing that. And if you approach it the right way, you can really advance the company pretty quickly without necessarily having to add a whole bunch of headcount to support that. So, interesting kind of dynamic there that they're doing with Microsoft. 
The third thing I took away was what we were talking about there towards the end about the magician revealing how he does his tricks and not wanting to do that. And I kind of came in with the idea that I talk about right now with my clients, but giving people dessert first. I think in the environment that we're in with 3000 vendors, we don't have the luxury of saying, well, maybe next time we'll talk about what we do and then we talk about what we do, we then kind of lead up to it, right? We explain our architecture and we explain this and we show screens and here's our console and here's our single planet class and here's some reports, and here's this and here's that. Eventually towards the end, we feel like we can lean towards this big reveal of our amazingness. But at that point, people are switched off. They've been distracted to get bored. And the impact of what you show is going to be diminished by doing it that way. And as we said, as I said in the chat with Michael it's like a magician saying, let me explain how magic works, right? Before showing the magic trick. Right? I feel like what we need to be thinking about all the time is, let's do the magic trick first. Let's give them dessert first, and then explain how we got there. Have them intrigued. How on earth can you do that? How does that work? Tell me about this, tell me about that. Right? You got someone who's engaged and intrigued at that point, as opposed to someone sitting back and saying, oh, here we go, another architecture slide with things moving through a cloud. And they use any of the public clouds out there. Yeah, I've heard this all before. Right? So just a great thing to think about when you're thinking about engaging in early stage, for sure. Early stage meetings with prospects. First meeting, second meeting. How can you get dessert first? How can you show the magic trip first and then explain afterwards how you got there? So great conversation for me and for Michael, and I wish to be a success. I look forward to catching up with them at RSA this year.