Andrew Monaghan [00:00:00]:

In this episode, we have another startup that isn't from the US or Israel, and this time it's from Australia. Alisdair Faulkner is a CEO of Darwinium and listen to in this episode for the compelling need for what Darwinium does, what he's learnt about how prospects adopt cybersecurity technology when it was the right time, he thought, to hire a VP of sales and also whether he prefers a suite of the Four Seasons are a cabin in the woods. Welcome to the Sales Bluebird podcast, where we help cybersecurity companies grow sales faster. I am your host, Andrew Monaghan. Our guest today is Alasdair Faulkner, CEO and co-founder of Darwinian. Alisdair. Welcome to Sales Bluebird.

Alisdair Faulkner [00:00:52]:

G'day. Nice to be here. From Sydney, Australia.

Andrew Monaghan [00:00:55]:

I'm looking forward to our conversation, Alisdair, for a number of reasons, one of which is this is the first time I've talked to someone or a company, a startup based out of Australia, so kind of keen to understand more about that angle. You're also a multi time co founder with Exits, so you've got some experience and surprise and battle scars and some huge successes that we can learn from as well. And it sounds like I'm going to go out on a limb here and guess that the naming your company had something to do with being in Australia.

Alisdair Faulkner [00:01:24]:

Well, very astute of you, yes. So Darwinia actually comes from two meanings. So one was, yes, I was born in Darwin, Northern Territory, kind of the outback where the men and men and the crocodiles are nervous. Very much a frontier town, but it was in turn named after Charles Darwin, and so the evolutionary nature is very important to what we're doing. Cybersecurity is always a continuous game of cat and mouse and organizations that don't evolve as fast as attackers eventually become extinct.

Andrew Monaghan [00:01:58]:

Well, let's look at your background then quickly, Alisdair. So when I see your LinkedIn profile, I see someone, as I said before, co-founded previously two companies, NetPriva in 2000, Threat Metrics in April 2006, both of which were acquired net Preva by Riverbed and Threat Metrics by Lexus Nexus. And then you co founded Darwinium in March 2021. However, before we talk about Darwinium, I do have to ask you one thing. You co founded Netfriva in September 2000, and for those that don't recall September 2000, not only was the.com off the cliff at that point, it was probably halfway down and accelerated rapidly into the into the bottom of the cliff. So I'm intrigued to know about the timing of starting net preva right then.

Alisdair Faulkner [00:04:16]:

Yeah, I've always been a little bit of a contrarian thinker and it's always served me well. Actually, the best time ever to a startup is during a downturn. That's when availability and talent hits the market and then it's also when dumb companies stop getting funded, which makes a lot a better environment for competition for your customers. For me, it was always been about how do I bring the future into the present? I'm always happiest in the future, creating and solving problems, I should say, that bring the passion out of me. And that's been a consistent thread through. And I do say Darwinia is the company I've been building my entire life. Most people, I don't know what the end is, it Tony Robbins. People overestimate what they can achieve in a year and underestimate what they can get done in a decade. And I've very much ascribed to that kind of thinking. So everything I've done, I would say, has been a deliberate step towards being able to essentially play in a bigger field. If it's making movies, mel Gibson starts off in a b grade movie, gets a lucky break, gets Mad Max one, and then he's Mad Max two, and the rest is history. And it's very much like that when you're building companies. It's kind of like the right to play. The more at bats you've had and the more success you get. Your ability to attract better people, get the quality funding that you need and the customers willing to bet on you, just the bigger and the more expansive that gets.

Andrew Monaghan [00:06:01]:

And then as we look forward past a couple of different stops right there, we get to Darwinium. Take us back to that moment in time. Where were you, who were you with when you thought, you know what, I think I'm going to do another one.

Alisdair Faulkner [00:06:15]:

Yeah, I moved back to Australia. So Threat Metrics was acquired by Alexis Nexus as a marriage made in heaven. Our digital identity technology protects one in every three transactions online in the US. And credit card transactions and a billion user accounts, which includes some of the largest banks across Canada, the US. And Europe. And that was a very satisfying journey. And LexisNexis was a really great partner, moved back to Australia, personal reasons. I guess the core for me was I'd always fell in love with the problem that we were solving at threat Metrics, which was how do you protect those who can least protect themselves, which is the customers of an organization? And so when we look at cybersecurity, typically cybersecurity has been internally focused, worried about and rightly so, worried about the perimeter networks, things that are running over those networks. But at the end of the day, every business or B to C business has to let down that drawbridge and understand who its customers are. And through my journey, I've had a networking technology company. So I understood pretty well how packets and networks work. And I realized that, hey, the entry point for every organization is typically your primitive security. Unfortunately, in the cybersecurity realm, we've had increase in automated attacks. Now, unfortunately, the theme of evolution is that your bot detection software or solutions that you have in place just don't really understand truly who your customers are. They might be getting better at understanding, is this a human or not? But then to counter that, fraud or attackers have just moved to human farms. So it creates a real challenge because the security, the problem is that you're only in the position of causing own goals. You're typically rarely saving the company from fraud or things like that. Mostly what you're afraid of is accidentally tuning a firewall, changing you after all, blocking an IP address, and then marketing and sales and the CEO come down on you a ton of bricks and say, why did you cut off our most profitable channel or customers? So that was one problem that we saw, is that your fraud detection systems sit behind that and they understand and have better visibility into, hey, what was the identity? What was the behavior? What was the transactional context to make a better fine grained decision? Hey, should we enable that $50,000 purchase, for example, in real time? But none of those that exist today is there's. Nothing exists today that helps share context from your upfront, bot and automation security downstream to your fraud detection systems and nothing that exists from your fraud detection systems to feed upstream to perimeter security such that if you're doing a campaign and there's a big burst of traffic, it understands who your most valuable customers are and lets them through. And I've always had a saying, and I learned it from someone much smarter than I, but 98% to 99% of all fraud threat and abuse prevention is good customer recognition.

Andrew Monaghan [00:09:24]:

Let me go back to the point in time you could have March 2021, right? And it sounds like you have some cofounders. Was it the group for you that got together?

Alisdair Faulkner [00:09:33]:

Oh, yeah, absolutely. So I was on the Bundai beach. I'd eaten all the schnitzels, I could eat all the Beers had as many swims at Bondi's Icebergs as time would allow. And I've always been driven by this mission to help protect those who can least protect themselves. Your customers and my co founders were also work at Threat Metrics. They were the original engineers and product managers that helped build Threat Metrics to what it was. And so it's really much a story of hey, let's get the band back together. One of the folks, Ben David, moved back from San Francisco, an aunt who since moved on from Threat Metrics to move the Commonwealth Bank, Australia, one of the largest banks in Australia, as a senior architect. Caleb Moore, who was working as an R and D engineer at Threat Metrics. We all had this burning passion. And Colin Goldie actually who was the guy who wrote the original core engine that kind of powers one in every $3 spent online in the US. We really had this driving passion to see what you could create and how we could build something that was ten x bigger and better and be able to solve a wider scope of problems. What was good about threat metrics? So there's a number of good learnings there, but there are also some limitations from a learning perspective. We learned that the only way to build fight a collective problem is with a collective solution, with collective intelligence. So we built the world's first pseudo anonymized digital identity intelligence network. So that enabled you to share things like reputation, understand devices, what they're normally associated with, what kind of identities. That was really powerful. But there were some limitations. One of them was that typically these fraud tools and bot detection tools have some kind of sense of some JavaScript or something that needs to go into a web page or into a mobile app and APIs that are called at different subsequent steps in a customer's journey. But what you find is that they're only point in time evaluations. They're a little bit like at the airport where the metal detector doesn't talk to the explosive detector doesn't talk to the person who's checking your identity at the gate. So it's a serial disconnected process and it was through talking to customers and then seeing how hard it was for us to also expand into customer accounts is that invariably it became the bottleneck. Hey, we'd really love to now start doing these fine grained checks at different parts in the customer's journey to, for example, enable step up or even to remove friction from that customer's journey or potentially augment that intelligence with third party, like, for example, recorded future IP intelligence and do that in a way that can be done by configuration and not have to get it involved. And that was really part of the genesis of Darwinian. My background in the networking space and also what we and the other team members was like hey, there's this new paradigm right now which is called Edge computing and companies like Fastly CloudFront and Akamai or CloudFront being part of AWS enable this a new paradigm which is to run what's called web workers. Web workers, bits of code that run every time a request comes into that organization. And so for me, it was always how do we get complete visibility across a user's journey? How do we augment and orchestrate what an organization has in place today? Each of them has the ability to block and deny profit if your bot detection gets it wrong, if your capture serves and the customer goes somewhere else, you're going to lose profit and revenue. If your step up authentication doesn't complete, we've all been there where an SMS message doesn't arrive and so you get frustrated and abandoned or if your fraud detection is inaccurate, you're going to turn away good customers. And so the edge was the primary beautiful paradigm for us to be able to run this code, get complete visibility across users journey, normalize any data in signals such that they could be passed downstream to any solution or service that needed to consume them, but then also be able to take automated remediation action. So if there was an attack under the way, let's say for example, a hacker breaches a customer's account, but they've done it perhaps using hue farms or HueBots human farms who've got stolen data from the web, now pop this account so the bot detection didn't trigger. Now subsequently they use the stolen there's a stored credit card in this account. Why bother steal it getting a stolen credit card when you can use a valid credit card for the valid user account and they go ahead and transact. Now, let's say several months later, the person finds out, hey, where did this transaction come from? What does it mean? Complaints to the ecommerce store. And then there's a whole bunch of manual processes that kick off. It was like, yes, it was fraudulent transaction, it was a good account security does some forensics, maybe they get some log files, see what actually tried to ascertain what went on. Eventually they might conclude, yes, there was unauthorized activity, but all this is a manual process. They might suspend that session, kick off, password reset, you name it. So with something like Darwinium running on the edge, not only do we get that full complete visibility, but we can automate any remediation action that's required given those collected signals and risk scoring that we're doing at every part. Because at the end of the day, and how CISO has described it to me is that what Darwinian is, is really an Internet intent engine, which is the intersection of behavior and identity. And the puck has moved from just trying to verify are you who you say you are, to understanding the intent behind you. For example, you could be a good employee who's compromised, you could be a great employee, but have a computer that's compromised. So you'll authenticate perfectly every single time, but your actions won't correlate necessarily with what you say you're going to do. And then similarly, if you look on banking, the largest fraud losses that we see now in the US and in the UK is scams. That is convincing social engineering, convincing people to send money to places they shouldn't and lose out. It's brutal because it has a terrible impact on your confidence. Pensioners and actually young millennials and pensioners both share a large portion of the losses there. And so that goes right back to the reason why we started Darwinian is we call it survival of the unfitdest. How do you protect those who can least protect themselves? Well, the answer is with better intelligence, the ability to personalize and customize your response to a potential threat or a warning sign, a warning light that just like your car says, hey, you're about to run out of fuel. Something that is personalized to say, hey, you might be doing something that you don't want to be doing. Or if you do do it, it's going to cause you a lot of pain and trouble down the track.

Andrew Monaghan [00:16:41]:

And you mentioned there, Alistair, that sisos were telling you this is how they think about it. Is that your main audience? Is that who your buyer is? Or is it the CTO side of the organization?

Alisdair Faulkner [00:16:51]:

So it's in the different depends based on the market. So there's typically financial services and ecommerce are the broad areas that we look into and they push things slightly differently. But both are converging in the sense that there is a willingness and a need and a want and a desire for the convergence of cybercrime and cybersecurity. There are two birds of a feather that currently don't flock together. What we're seeing in the ecommerce side of things is that there is in some organizations, fraud and abuse and account security and site security. Your bot detection is converging under the CISO. That's not always the case, but we're starting to see that trend where the CISO is now saying, hey, I'm the goalie. I'm trying to protect the organization from all nature of threats. And quite rightly, security enables fraud, lack of security enables fraud. And then fraud attempts or fraud tactics are also used to compromise your security. So for example, if I'm, if one way I can attack an organization is to go to the dark web and pull data, okay, but that can be stale and it's a bit of a scattergun approach. Whereas if I can compromise your employee accounts or your customers accounts directly, I can use that information to do a lot more damage, targeted damage, either through spear phishing, social engineering, but also creating fake profiles, doing purchases that weren't required. And so really it's a continuum. What we've discovered is that there's only a single customer. All they're trying to do is do business with you, hopefully, but yet they're trying to go through all leads, hoops, your account security, your capture, your authentication, your fraud prevention, your anti abuse measures. And they're just trying to get stuff done. And you on the inside from an organization just trying to get your handles across all these different gates and how to make them work together smoothly. And right now there's a lot of profit that leaks, bad customer experience that leaks between each of those gates. And then also there's a lot of redundant cost and expense. So fraud has its own way of collecting data. And decisioning you have on security is collecting its own data, marketing is collecting its own data. But all of it is just different parts of the elephant, the trunk, the legs. At the end of the day, all they're just trying to understand is who is this? What is the next best action that we can take that is going to enable this user to get what they want to get done and hopefully that spend more. Or if you're on the employee side, be productive and alister.

Andrew Monaghan [00:19:30]:

When a prospect sees your product for the first time or you have the first conversation with them, what's the moment? Usually the conversation when they go, oh, I get it, wow, that's different. It's not what I expected. Or that's what I was thinking too. What's that moment in time? Usually.

Alisdair Faulkner [00:19:47]:

Yeah, excellent point. What we found through our selling efforts at Darwinia is that there's actually just like Maslow's hierarchy of needs, there's a customer's hierarchy of risk detection needs. And so first it starts with visibility. And we found it was very much we had to position and organize our message such that we could meet. The customers need an understanding at that point in time. And the first thing that people want to understand is visibility in their environment. And when you can say, hey, we can deploy this web worker within your infrastructure without having to go to engineering it, it reduces the latency in terms of your performance and how you collect this data. It's much more secure because you have control over what gets profiled and where that data goes. And you can do that in 15 minutes by just pressing a button. And by the way, you don't have to compromise and introduce another single point of failure because you're going to piggyback off what you're already using. Your denial of service protection, whether it's cloudflare, cloud front, Akamai and your bot detection. And that's when the AHA moment when you turn that on and then people start seeing visibility across where their users are going, what they're doing, where that's anomalous. And then being able to see turning behavior into identity, actually being able to say, hey, this thing had unusual behavior. That thing is common in cybersecurity. There are things like behavioral biometrics which can provide anomalies if you're typing out of sync and those types of things. And then you have user behavioral analytics that create alerts if your user accounts are behaving in a way that is unusual for that user. But the problem with them is that none of those tools, one, enable you to take a real time action and control and actually do something about that anomaly. And the second thing is, they don't enable you to say, find me other users that look like this. Show me similar users. Show me users that navigate similar to this, that have similar gestures and key straight patterns. Show me users that have similar patterns of devices or access patterns or time of day and do that in real time. And it's been amazing to see how customers eyes light up. And the second part of that is, once you've gone past the visibility piece, the next step in their evolution is to say, look, let's enhance what you already have. Right? So people over the last, they've bought a fraud solution. They have a bot solution. They've got some form of capture. The journey for them is then let's take these digital signatures, which we call them, and these digital signatures can represent both good and bad customers or also segments of users. And let's use those to enhance your existing fraud and security tools, because you want to maximize the ROI of what you have. And then no one's really open to a rip and replace kind of discussion in this kind of environment. Then once we take a customer from there, they go, oh, great, so right, I don't look bad in front of my boss because I justify this purchase two years ago. But we know that there are places, and we might want to be able to do more with these tools, or we want to do the same amount with these tools, but with less people. And that's where our digital signatures can optimize and reduce the number of people working alerts, for example. Then the customer goes, all right, now that we're deployed, we're in stream, getting full visibility. You're now enhancing what you have. Now it's a question of optimizing and orchestrating these user journeys based on where you're seeing the gaps are and where you're perhaps not getting coverage. So that could be things like based on configuration, dynamically calling out a step up at a key part in the customer's journey. It could be something like, hey, suppress your capture if it's going to annoy someone that you know is actually a valuable user based on the other contextual data that you've got. And then the final piece that customers get to is, all right, now that they've got confidence in the visibility, they've enhanced optimize current user journeys and their decisions around those journeys by taking all those intermediate steps and signals into one. Final conclusion is to take some automated remediation, which would be, hey, if we detected that someone's unauthorized access to an account, we can immediately and dynamically terminate that session. We can redirect a user to another Honeypot site if we suspect that they're just a competitor doing intelligence gathering, for example, on your site. Or we can just block or drop a connection. In the case of if it is bot traffic that we convinced it is bot traffic and the customers convinced bot traffic that that can be dropped to save your downstream costs.

Andrew Monaghan [00:24:25]:

Let's get to know a bit more about you. Can you give me three numbers? Seem one and 35.

Alisdair Faulkner [00:24:31]:

20, 915 and twelve.

Andrew Monaghan [00:24:34]:

All right, we're going backwards here. 29. Dive bar or cocktail bar?

Alisdair Faulkner [00:24:39]:

Both, depending what time it is.

Andrew Monaghan [00:24:41]:

What time of the day?

Alisdair Faulkner [00:24:43]:

Well, I'm Australian. It's always 05:00 somewhere.

Andrew Monaghan [00:24:47]:

Very good. Twelve, you said, right. No, 15 is suite at the Four Seasons or cabin in the woods?

Alisdair Faulkner [00:24:55]:

Definitely four seasons.

Andrew Monaghan [00:24:56]:

You like some luxury?

Alisdair Faulkner [00:24:58]:

Oh, yeah, absolutely.

Andrew Monaghan [00:24:59]:

That is my wife, more importantly. And what was the last number?

Alisdair Faulkner [00:25:05]:

Twelve.

Andrew Monaghan [00:25:06]:

It was twelve. Okay. A bit more of a thoughtful one. Best advice you've ever been given?

Alisdair Faulkner [00:25:12]:

Make make decisions when you're even tempered. That was from Sister Mary at St. John's High School in Darwin when I was about a week, maybe a week 15 year old.

Andrew Monaghan [00:25:27]:

Was that a lesson hard learned through Sister Mary?

Alisdair Faulkner [00:25:32]:

Well, I'm sure she's learnt it through her life working with teenage kids in school. It's something that has always served you well. Any business leader well is, you know, not to make decisions whether you're on either extreme of either anxiety, nervousness or whatever, depression, or on the other side, when you're exuberant, everything is going well. Kind of like the stock market, right?

Andrew Monaghan [00:25:57]:

Yeah. Don't do things when you're emotionally high or low. Right. I think I learned that as a teenage kid as well. At one point, I kind of look back and have big recollections of being a complete idiot myself in front of teachers, and my head was a little bit too hot at times. Take me back to an important day at Derwiniam, which is the day you won your first real live customer who said, I'm going to cut a PO and give you money. What was that day like when it came in?

Alisdair Faulkner [00:26:27]:

It's always in startups, you're a zero or a one, or at least you hope to be. It's obviously a great feeling for the team. At the end of the day, people at Darwinum are humble, hungry, with high integrity. That's kind of who we are, the people that we attract. And the humble is definitely there with someone who trusts you to protect them, their site and their customers. So, yeah, very late. And what's even better is when they say, hey, we'd love to invest in you, and hey, we'd love to introduce you to all our customers that we work with. That's obviously a proud moment and that's the best thing. The best problems that we have is customer problems because we're in a position where we can help solve solve something for that customer. And when it comes to building a company that matters and lasts and has an impact. Nothing motivates the team at Darwinian more than doing good in the world and seeing our customers succeed and knowing that we're protecting their customers who can't protect themselves. That gets you out of bed in the morning when you lose that key deal to a competitor or something inevitably goes bad. That's what gives you the fire and the passion to go and the resilience, because I don't want to say it's a higher purpose, but it's something that we're building that is beyond ourselves and that's what we live for, that's what we love.

Andrew Monaghan [00:27:55]:

And that's ultimately where the high impact is right of a company trying to do something different is when you get that reach beyond just your four walls and other people are ecstatic and hungry for more from what you do.

Alisdair Faulkner [00:28:06]:

Yeah, when someone who buys your product gets promoted because, you know, they are able to show, you know, initiative, you know, solving real problems within that organization. We talked when you said, you know, who do you sell to? And I didn't really kind of answer your question, but you have to see. So but what we find is that we solve a business problem first. So that is fraud has gone through the roof. Marketing is complaining that there's too much friction in the funnel and we're losing revenue. Customers accounts are being hacked, which provides regulatory exposure to that PII and that privacy data that's being leaked, which is of utmost concern to many organizations for Darwinia, has been the key to it. The key to our success has been find that business problem that is tangible, measurable, and has a positive upsell ie. Enables you to acquire more users, enables you to accept more revenue while reducing your risk exposure. And then security then becomes the implementation is able to say, hey, rather than going to your It and engineering to fix your problems. Security now has the tool sets to be able to run this with a deployment push of a button. Security loves it because it's consistent with their existing way of doing things. We integrate with their continuous integration, continuous deployment paradigms. We enable full auditing over what's been queried, what's been seen, what APIs have been called, and most of all, what data is being used. And part of Darwinia, one of our unique sales propositions has been we saw the challenge that organizations were having with regulations and PII data. One way that people solve this today is by enabling software to be run in a virtual private cloud within the organization's. AWS instance. The problem with that is that it often turns out to be too costly for the customer and then also too hard to support. And a big important piece of being able to do cybersecurity or customer facing cybersecurity well is by having shared intelligence. You need a network to find a network. And so what's been unique. About Darwinium is we've architected because we run on the edge. One of the things that we can say is that no customer data, PII data leaves that organization's boundaries. Unlike every other fraud tool that's out there. Today security tool which requires you to send data, typically it's over Https or some kind of API. You're relying on that end vendor to encrypt and store that data, do as they say they're going to do, but we don't saying trust but verify. We provide our customers with the ability not to even have to trust us. So no data that leaves their organization boundary without it being pre encrypted, pre hashed or pre sold, whatever their security requirements requirements are, we can meet without this new architecture. So that's really been a great help for us as well.

Andrew Monaghan [00:31:14]:

Yeah, I love that. And then moving forward again in the progress. At some point it was the right time to hire someone into sales and lead a sales team. How do you know it was the right time to do that?

Alisdair Faulkner [00:31:25]:

It's a very good question. In my learnings I found that you need before, yes, we hired Ted Whitehead fantastic hire out in our London office as VP of Sales. Very relevant experience and senior and tenure. Now you only want to do that when you have confidence over your business model and you go to market because typically you bring in sales teams and a sales leader to kind of do what they've done before. Sure, you want innovation, a good brain that can adapt to what customers are saying, but you typically have a playbook and a game plan. So it's when I have line of sight that we are getting repeatability in terms of who we're selling to, why we're selling to them and why they're buying that gives you the confidence to bring seniority in. Dewinia was born global, I should say, by the way, it's not typical, but we were born in a pandemic and we're born global. So actually while I'm based in Sydney is, Darwinia is headquartered in San Francisco, our chairman Retaliate, who is most recently the CEO of RSA Fraud, which was rebranded as Outsea and a number of other hires are based in the US. Including south folks in New Jersey and California. We have a go to market offices in the UK and the reason for that is product management, marketing and sales in the UK is that the UK has been one of the great innovation beds for financial services security. What Lloyds Bank, RBS, HSBC, Barclays, what those banks do, southeast Asia tends to adopt Singapore through its regulatory environment and such and you get good expansion there and then they also tend to be on the cutting edge ahead of the US banks. And so that's where the tip of the spear, the tip of the spear is. So that gives you some thought. We are global. We've got folks coming on in the Netherlands, the UK, San Francisco, as I said, New Jersey, New York and Sydney. And being born remote enables us to do that. From one sense, you do like to go into a country and put the wood behind the arrow. You don't want to spread yourself too thin. Where I've made an exception is that everyone that I've mentioned actually bar this, our VP of of sales. We've I've worked before with before, hand in hand, in the trenches over the years. And so that gives you confidence that folks are capable and able to be productive on their own home turf. And for a relatively small company, it gives customers confidence that, hey, who's going to be there when we have a problem? And I pick up the phone, I'm like, okay, which time zone do you want us to pick up from? Because there's someone awake 24 by seven at William.

Andrew Monaghan [00:34:25]:

I love how you approach the global aspect, right. And putting the right people in the right places. I love that. I also love the idea that you've working with people you've worked with before. I think often that's underestimated, actually, how much of a factor that can be, because with all the chaos that goes on as you're starting, one of the things you don't want to worry about is, is the person, the right person? Do I know they're doing a good job? Things like that. If you weren't before, you know each other really, really well and you know their strengths and weaknesses. They know your strengths and weaknesses, right. And you have a bond that might usually take six months or a year to build up, and my goodness is better when it's already there.

Alisdair Faulkner [00:35:04]:

Now, that's true. As some of my co founders like to joke, it takes a little while to learn how to speak Alastair, but once you do, it's pretty smooth sailing from there. That is very important. Notably, though, our Bps sales we haven't worked with before, and that can also be refreshing to get an outsider's perspective. And also, I should say, one of our early investors, Dean McElroy, who's also been leading the customer discovery for us so very early on credit, where credit is due, is that before we had any full time salesperson, any full time sales, Dean's been working. I understand you would help your customers do the same, your clients do the same sort of thing. Just customer discovery, understanding, hey, what are your problems? We're not trying to sell you anything. Just let us understand, get on the hook. Can we validate some of our thinking? Is this where you're seeing it going? And that's why I said before we hired the first salesperson, we had a really full time salesperson. We had a lot of confidence and conviction about the problems that we're solving and who we're solving for and how to position it. And again, I guess the reason I arched back to that is both Dean and Ed I have not worked with before, and they have a fresh perspective. And if anything, it certainly helps you to level up some of the technology and product feature type of sales that you probably do if you're too close to how the sausage is made. And it is really important to kind of understand hey, is this going to land with a C suite? That's been a great part of the fun of a startup and our sales journey.

Andrew Monaghan [00:36:45]:

When you're looking at expanding the sales team some more this year and next, what's the next wave of roles that you're thinking about? The biggest impact for you that's really.

Alisdair Faulkner [00:36:55]:

Put the wood behind the arrow in the markets that we're in. The reason why we are geographically dispersed is because our customers are geographically dispersed. Like we're born global in terms of where our customers are located. So I think we have some good coverage. We would be expanding into Asia would be the next logical step. But the way I look at it is get a sufficient enough coverage to support our customers and when we know there is demand based on that geography but then take an industry in a use case a year at a time. So essentially sharpening that arrow if you like pointing it at just a few specific use case, a few industries and then methodically move through those users you can't go broad shotgun approach when it comes to selling and scaling. So I'm sure that's something that you advocate to your clients often.

Andrew Monaghan [00:37:52]:

Yeah, I think it sometimes can be tempting to say let's look at 15 different things as new things come at you. But the art is knowing which the two or three that are actually worth investigating and what's the one that you input all the effort behind right now and which are the two or three that you delay for a while.

Alisdair Faulkner [00:38:08]:

Yeah and for us those customer buying pressure points are still related to the fact that hey, many organizations it's like well we've spent all this money on these fraud security capture tools but we're still getting accounts being popped, we're still getting unauthorized access. How do we do a better job about that? Or hey, what we're also seeing is onboarding is becoming increasingly tough. So KYC, you're either providing to know your customers and getting customers to jump through hoops and things like that. It can either be too hard or for us to just walk through with stolen and synthetic data. And we're seeing promo abuse has been one particular pain point where you say, hey, join my gaming company or my exchange, or sign up for a new offer, get 10% in credits, whatever that might be, and Process is just turning that into cash. So there are a few it's really about which market and which core use case you focus on that's different from financial services to the ecommerce. For us the ecommerce provides market provides customers that are able to move relatively quickly and have immediate ROI and effects. Financial services in the neo banks and the fintechs also have that property. They also have pretty good technology teams. The larger tier one banks is really more of a case of softening them up because they have longer sales cycles, but you're inevitably solving bigger and valuable customers. And so I look at that in terms of what you're saying in terms of sales folks, there's two ways of thinking about its geographies, but the other is industries. And certainly the focus has been on ecommerce marketplaces in the medium term and then financial, the tier one financial services firms towards the end of this year. I mean, we're having those conversations, but we don't expect they will bear fruit to the end of this year and next.

Andrew Monaghan [00:40:06]:

Got it. Well, listen, Alistair, I love the conversation. What a great story you're working on there. You're building a great team and a great company. Wish you every success. If someone wants to get hold of you to continue the conversation or talk about getting involved in your next wave of hiring, what's the best way to do that?

Alisdair Faulkner [00:40:24]:

Probably just hit me up on LinkedIn or hit our contact form.

Andrew Monaghan [00:40:28]:

Awesome. I'll encourage you to do that. We'll put a link in the show notes and thanks so much for joining us.

Alisdair Faulkner [00:40:33]:

Thank you. Take care, Andrew.

Andrew Monaghan [00:40:35]:

Well, I'm sure everyone has their own takeaways and thoughts from that episode with Alistair. For me, I've got three things that stood out. First of all, when I asked him about the wow moments. When does someone, when they look at your stuff, your technology, or listen to what you're saying, when do they kind of get it? And he taught us through the hierarchy that people go through and he talked about the visibility enhancing existing tools, optimizing and orchestrating and then remediation at the end. I thought it was a very thoughtful way to think about how to present things to people so they can maybe match what they're trying to do at each stage along the way. And I know in, in cybersecurity, obviously, visibility is often the starting point, right? There's been categories and I'm, I'm thinking about CASB as a great example. Also, you know, in the general cloud security with the CSPM tools, visibility is kind of where they started because there wasn't visibility beforehand. So that's a big win for prospects when you start there. The second thing that I took away was what he was saying about getting the basics of the playbook right, the go to market strategy and the playbook right, and then bringing in the VP of sales and then the team with that. I think it's so important to really be thoughtful about how you do that. Some organizations rush it, some organizations expect the head of sales and the sales team to create their own playbook. There's going to be varying degrees of successes along the way, whichever approach you go, I just really believe there's ownership from the founder and the CEO and the founding team about the basics, the foundations, then they can layer on the team. They've got enough to go on from there. And the third thing that was interesting was he said they've hired globally, but except for one or two hires and the VPs sales is one of them, they're all people that the team knew, the founding team knew, and whether they're global or even in the same office right. It's always going to be a bit of a risk. Right. Until someone's in a role, you don't really know how they're going to perform and how you're going to work with them and things like that. So having the track record with people removes a whole bunch of risk when you bring on new people into the organization. I know there's a thread on LinkedIn recently about someone saying, well, it's a danger of doing that. And I don't know, I feel like certainly early stage right, when things are so uncertain and things are going many different directions and you're not there to manage people, right? You're there to lead and break new ground and try new things. Having people you know and trust, how they work and you can just gel together quickly, I just believe is so important. So those are my three takeaways. I say. I'm sure you got your own, and either way, I wish Alice and the team great success for this year and beyond. If you like this episode, please go to Salesbluebird.com rrforview and leave me a review there. Populate around the different platforms when you do that, it really does help getting the word out about the show and getting listeners and getting more suggestions for great guests as well. Thanks so much for joining me and I'll talk to you next time.