Andrew Monaghan:
All right, well, Anna, welcome to the podcast.

Anna:
Thank you. Looking forward to talking to you.

Andrew Monaghan:
Yeah, you've just made a big move joining Terra Security, and it sounds like you've got an important role over there.

Anna:
Yeah, it's a pretty big role. Not conventional, you know, sales leader or a channel leader. What we're looking at here is how do we scale the company you know, I don't want to keep using strategy, but in a strategic manner. So a lot of it includes working cross-functionally to understand where we want to take the product, where there is inorganic growth opportunities, etc. So I'm really kind of bridging together all of the pieces that fit in between the go-to-market arm and the product and engineering arm as far as the business and strategy role that I'm leading here.

Andrew Monaghan:
Yeah, it sounds like a really interesting role, slightly different take than some of the traditional roles that we see out there. But let's go back a little bit. Let's go back one step. You moved from an important role at AWS. Why don't you explain what you were doing there and then we'll dig into a little bit.

Anna:
Yeah. So AWS, I was part of the startups team where I had the role of the title. It was cybersecurity venture and startup business development lead, which is quite a mouthful. But that's because I essentially was at the center of the eco ecosystem, managing relationships with strategic cybersecurity investors for AWS, whether it were smaller cybersecurity funds where Terra originally took funding from, and that's where I met them, or larger tier 1 funds where they had focused cyber investors. Then I was also leading the relationships with the founders worldwide for cybersecurity. So on AWS, there are several thousand cybersecurity startups that are being built in any given year. So looking to understand what technology is not just being invested by top funds, but also is relevant for which type of enterprise and which one has the cutting technology. And then I was also an overlay to the security operator and a buyer community.

Anna:
So at the end of the day, I ended up being kind of that center of the feedback where I was hearing which technology is gaining traction, who has some unique features or capabilities that are relevant to a certain industry, and It's really through that engagement of working with the investors as well as understanding the industry need where I came to learn who Terra was and met the founders.

Andrew Monaghan:
So you had an interesting viewpoint there. You were kind of in the intersection of a bunch of different startups, the funds, AWS. Did you see any patterns or something specific about those that just seemed to be continue growing and growing and growing, and those that would grow a little bit and then plateau?

Anna:
Yeah, I don't know about plateau. I think you end up seeing a lot of consolidation. So, you know, throughout time, like, for example, when we think about AI security, I transitioned from a third-party risk space to a SaaS space because from my perspective, a lot of third-party products were the SaaS vendors that we were deploying in our organization, and it was starting to federate how security is being managed and how IT is being procured and deployed within an organization that was creating a big security gap. When we think about the rise of AI security, for example, it's just another layer on top of that, right? So when I think about the buzzy use cases, for lack of a better term, that pop up in security, a lot of them end up being quick innovations that I think get seen as features rather than a platform play. So I'm not sure so much about the plateau as much as I think there's been a lot of technology that's been developed over the last year to 2 years where we've seen mass consolidation when it comes to AI security being folded into platform solutions. And then like the second trend that I observed, which I wouldn't call is necessarily a plateau either, but so much architecture around embedding first-gen AI and now agentic solutions where it makes the space feel so crowded. And because of the way that the technologies are communicated for the sake of maintaining relevance within the industry, the actual value of the product gets lost. So I think the trends that I observed were much more on there are interesting disruptions that are finally happening with legacy cybersecurity space, for example, endpoint or network, which is great.

Anna:
It's ripe for actual innovation where a lot of the meat got lost or the messaging got lost is this industry's overfocus on making sure that we're saying Agentic X or AI-based Y.

Andrew Monaghan:
When I look at the idea about a platform versus a feature, this must be a founder's, I don't know, nightmare, but they have to make some decisions, right? What are we trying to build here? How far can we stretch the boundaries of our feature into trying to make it for a platform? And at the end of the day, we can't have 2,000 platforms out there. So I'm kind of wondering how you see that knitting together even through the consolidation.

Anna:
Yeah, and I think that's exactly where my role comes in and where we started to fall behind when we think about the ecosystem and technology partnerships specifically is I think you're right that not every single technology will become a platform. Even at Terra, we're not necessarily talking about becoming the next CrowdStrike, but every single company has a platform story, right? And what I mean by that is when you're looking to deploy your solution to a security executive or a security team practitioner, or whatever it is, you are looking to solve some type of a specific pain point for them, which means that it's best if you not just understand that pain point, but because you understand their landscape that they're operating in, you can serve as their trusted advisor. In order to serve as their trusted advisor, you need to understand what type of tools they're running today, some of their processes, which then shifts your communication of your value proposition to a, like, I'm here to develop or deliver this pentest testing solution or an identity solution to, I understand that you have this gap, and here is how I can alleviate this pain point for you by working together with everything else that you have deployed. So that's where I think there is a shift that founders can make of just thinking about this specific use case and making sure that they're targeted and how they're approaching the market. Of course, that's important. But when they think about communicating their value proposition to their buyer in a community, being able to communicate in that platform context of how do they fit in in the broader thinking or the scope of the security technology stack.

Andrew Monaghan:
You know, essentially, you think about the broader stack as you were talking about there. When I think about platform, I think about something that raises and knits together our products, but also other ones. It's not a closed platform, it's an open platform. But I don't know, and this is what I'm going to ask you, like, who's doing that well right now? Whose platform is extended beyond their own boundaries and really raising the boats for all the products out there inside an enterprise stack?

Anna:
Yeah, that's an interesting question. I think where I originally saw this done really well was Microsoft when they stood up their, they call it MISA, I think it's Microsoft Intelligence and Security Association. Because they always look to develop their native offerings, but they gave the customers that third-party choice if they wanted to deploy it. And I think the messaging around security is a team sport and bringing in third-party vendors who are competitive to their organic products, that shows that good willingness that you're really trying to collaborate there to solve an issue. And it does help raise all ties. And you've seen companies like Silverfort, for example, when I first came into the identity space, They gained traction really well with Microsoft and continue to do so. You have a company like Ciera who is pulling in their data security solution to help deploy both Microsoft products, but then stitch together the gaps that Microsoft has in its deployments. And I think now Amazon is also positioned really well.

Anna:
They got a new VP of product, VP that's a product leader, Chet Kapoor, and he's really trying to make sure that Amazon takes that fresh perspective of going beyond bounds of just securing their infrastructure. To make sure that the best-of-breed solutions that are built on AWS that are certified to be secure because, for example, they're using Bedrock, that they're now able to bring in that expertise and be part of the overall AWS value add to its top customers.

Andrew Monaghan:
Interesting. With your experience at AWS, you know, what I've seen is a lot of founders They think, I believe, that getting some sort of AWS partnership or getting in the marketplace is gonna be some magical unlock for the growth of their company. What's the reality?

Anna:
Yeah, I have a good friend in the industry who coined the term that I like to pair it of partnerships are like friendships. You have many friends, but a few best friends. And I think that's kind of the approach that you have to take is you pick the infrastructure that you build on, for example, Amazon. And regardless of how shiny of a new solution you are, you can't expect Amazon to start providing value to you from day one, right? Like they need to know who you are, they need to learn your personality. So from my perspective, you really get from AWS as a partner of how much you put in. So I think a lot of the times there is this conventional thinking that you need to wait to build these relationships until you have strong traction in a market. Personally, I'm a very big proponent of starting these relationships early because they take so many months. So with Tara, for example, I met them back last winter around February in person after a few months of working together, and they had a working product they were gearing up for coming out of stealth in the spring.

Anna:
So we started really hand in hand working together, and I advised the founders on getting into the partner program early. Right. So with their traction within the first, I think like 5 months or so of coming out of stealth, as they were starting to close their first million in ARR that they celebrated, that was 1 to 1 with how many marketplace transactions they did. And in addition to that, right, they listened to the advice of, hey, like go-to-market, it's not just about getting sales leads. You can be a design partner for AWS. So that's where Tara worked hand in hand with the Nova team to enhance their LLMs. That is a native AWS LLM. Them.

Anna:
And that got Tara an opportunity to be a customer on stage at re:Invent. For a company that just raised Series A in the summer and has been around for like barely 1 year at that point, that's unheard of, right? So I think it's all about, you know, how much do you lean in with AWS, with the team and the resources that you have, and not just continue to pull and ask and want to get something out of them, but offer something back. And that way it's a reciprocal relationship. It's a friendship. It actually develops into a meaningful partnership. Like we see with Terra.

Andrew Monaghan:
If you're thinking about another company, not Terra, but another early-stage cyber company, how should they resource their AWS relationship? Should they hire someone early to dedicate to it? Should it be part of someone else's remit? How should they be thinking about it?

Anna:
Yeah, I know that a lot of partner programs make the resourcing ask because it stems from them understanding that founders are very busy people and don't have the bandwidth in my mind, you don't really need a full-time person until you have the natural velocity, both on your organic sales side as well as the partnership. So this is also where it comes back to my point about starting early, as soon as you're building that pipeline of paid customers, because if your velocity of customer acquisition is paired up with the information sharing that you're doing with AWS, then naturally, as you're starting to need to hire a go-to-market team, sellers, to transition away from founder-led sales to sales-led sales, you naturally start having that alignment of, okay, now maybe I need a part-time advisor, or maybe I need to bring on someone who can handle some of the ops side of things with Amazon while building up a sales ops process, right? So I don't have a great answer of what the gate looks like, But I think if you're starting early on, then naturally aligned to when you start needing to hire those first 2 to 3 reps, you will have that momentum and velocity where you will start thinking about needing to pull in an Amazon person to be managing that relationship. And most likely, if you're doing it right, it's not just AWS, but you also started that same relationship with partners like GuidePoint. Or Trace3 or DeFi, where you can justify that headcount because it's not one partnership that they're building up. You're already seeing a foundation and momentum for multiple partnerships.

Andrew Monaghan:
So it should just be in the bag of your channel person, you know, initially, right? Because it's one more important partnership that they're building on. And then I guess judge the success from there, whether it's worthwhile putting a dedicated head or not.

Anna:
I mean, I think it depends. I think infrastructure partnerships are unique. So I wouldn't bucket it with just channel. You need to have someone who can be a point person between engineering, product, marketing, and sales to make AWS successful, which is a little bit different than a channel play, which is aligned a lot more with sales and some marketing, right? So I would say that early on, it probably makes more sense to pull in someone who has built a scale partnership. With AWS and have them manage the channel side that you might be building versus doing it the other way around. Because for channel, you're going to want to bring in an experienced leader. Same thing with sales, who has that network and can help manage all of that.

Andrew Monaghan:
Well, you were in an interesting position there. You got to talk to a lot of startups. Why did you choose Tera?

Anna:
Oh man, I mean, first and foremost, the people, right? Like I wanted to make sure that I wake up every morning and I'm excited to go to work with people who I'm working with, that we're all in it together. Every company has its dull moments, its hard moments, and it's always so much easier when you're with people who pat you on the back and are like, we'll get through this together, and then you can celebrate together after, right? So the co-founders, Shahar and Gal, they were fantastic, right? Like whenever I came to them with ideas, the answer was always like, okay, like we're busy or it might be tough, but let's execute it, or that's a great idea. So the camaraderie and partnership that we built early on was number one, very important. And then the tech was a second one, right? Like, I had the privilege of having my hands deep into hundreds of different products, and especially in the current state of everybody talking about autonomous products, I love the humility that we bring to the table that founders really set the ground on to say, hey, agents can't fully operate this. Like, we're not here to do pentesting fully autonomously. We're here to elevate what humans can do to increase that scale and, and speed that we provide to the pentesting community today. So I think like that really is a solid approach even to the security practitioners, right? Because a lot of companies, I think, tend to approach them and say, hey, we can solve everything for you. That's not true.

Anna:
And here, like, we're really coming in with that humility of here's what we can do, what we can't do. We can probably build some of these things, but let's talk about whether that makes sense or not.

Andrew Monaghan:
And that humility means that you might not be doing a cost takeout sell, right? You're not necessarily removing a whole bunch of cost, I would imagine. Tell me if I'm wrong. I'm wondering how the team is thinking about, as you win customers, what the value prop is for the team inside these big companies.

Anna:
Yeah, I think it's several things. I think at the starting point, when you think about pentesting, it's something that happens point in time today, right? It's a pretty heavy service engagement. It happens once, which means that as soon as it's all over, then your posture is not as secure as during the time that you received this report. And a lot of the times it's also a regulatory requirement for a lot of the industries, which means that some security teams treat it as a checkbox exercise. So from that perspective, right, us coming in and saying, hey, like we can offer the same visibility on a continuous basis. Every time that your web app environment makes a small change, we will pick it up. We will do a surgical pen test. And you can now go to your own customers and say, hey, here's my authorized and human verified annual report from a pen test, let's say from January.

Anna:
But you're having a conversation in August. You can pull that same report and say, and take a look of like what we're able to pull today, same report. You can do a gap analysis and say we're still as secure, right? So that actually moves the needle where as an end customer to our customers, you have more of that confidence that they're maintaining their security posture where it's not just a one-time assessment.

Andrew Monaghan:
Yeah. And you said before you've got some pillars to the role. Take me through those pillars again.

Anna:
Yeah. So the way that I'm thinking about how we grow the business as part of inorganic growth, I have the partnership pillar. So this is really that ecosystem play, building that story with the other technologies and then aligning with the core service providers and resellers in the organization I have an industry pillar, which I think is one of the most important ones. So this is where we work with ISACs and drive that conversation and thought leadership, give back to the community. Same thing with the CISO organizations. I have a third pillar that is more of that word of mouth referral trust building, where we have folks that are our trusted advisors that go out and help advocate on our behalf that our approach is a good one. And I think even more so importantly, the fourth pillar around community. We have two segments in this.

Anna:
We have the executive one. Obviously, we want to make sure that we are getting feedback from tenured security leaders, but also the practitioner one. So this one is where it's open to the pentesting community, where we're setting the conversations and driving where is this industry going, what gaps are folks seeing, and creating that space for them to exchange thought leadership and start a conversation, as well as talk about the usage of our product, right? Where are they seeing things work, not work, provide that Q&A to each other, drive conversations, which in turn is great for us because we'll pick up on where we need to drive our product roadmap, be able to get feedback on how the company is doing.

Andrew Monaghan:
There's a lot there. How do you prioritize a sequence of those?

Anna:
So first priorities are where we already built momentum in a partnership, over the last year while I was at AWS. So from technology partnership perspective, Amazon, CrowdStrike was a partner in the Cybersecurity Accelerator. So those are priorities where we have momentum and conversation that we want to focus on. From there, we will look to replicate as we build our technology stack and use cases organically. Same thing with the channel partnerships, for example, right? Like you don't go in and say, hey, I want to sign up every single reseller in the world. You pick a couple of national strategics and then regional ones. And I'm working with my sellers to to make sure that I understand where their relationships are, where, and where they have existing traction. As far as, for example, industries and communities, this is where I am listening to our customer base and our network to see where they find the most value in a community.

Anna:
So for ISACs, for example, today we start with web applications. They tend to be very prominent in financial services and healthcare and retail and hospitality. So Those, for example, out of all of the 20-some-what ISACs are the 3 that I'm prioritizing. And with the CISO communities, this is where I'm listening to our customers and our network to understand where they're finding value so that we can align to those areas better.

Andrew Monaghan:
And as you said before, these are all medium to long-term payoffs, let's say, for the investments that you're doing. How do you communicate internally the leading indicators that this is going well? And what are those leading indicators?

Anna:
Yeah, I think at the end of the day, it always comes back to traction, right? You start conversations and you start some engagements, you provide material, you provide thought leadership and education. And I think after 6 or so months, you will start having those same people come back to you and indicate that they're hearing more and more about the needs of a certain solution. I think that's true for industry groups. It's certainly true for partner groups. So those are kind of our indicators. It's a little bit hard for me to say for the company today because we've done such a good job partnering and building a foundation over the last year that, you know, normally I think I would be starting this role and I would be starting from ground zero. But the reality is, is that I'm starting with 9 months of work that we already put in place. So right now it's more of we have the proof points, we have the beginning of the momentum.

Anna:
So it's figuring out how do we then take and scale that less so starting the relationships from scratch.

Andrew Monaghan:
Yeah, the traditional channels and even the tech partnerships, I guess. I mean, this is an area that has maybe changed a reasonable amount over the last 5 years. Is there something in there that you believe is broken that you think, you know what, we just need to rethink how we're doing some of this?

Anna:
Yeah. You know, when I moved away from consulting and I was starting to work with some startup solutions and went to RSA, I thought channel was such a great thing because the channel players and consulting companies, they looked at customers' environment and were that strategic advisor, right, where they saw which solutions worked well together, where there were gaps. And I think as the market has gotten so crowded, we have so much innovation that comes out every year, it's really hard to keep up. And these vendor relationships, I think they became a little bit more bespoke, where the fault is a little bit on both sides, on the channel side I don't even know if I would even say it's a fault there. They just have a hard time keeping up. They're inundated with so much new information. But on the vendor side, I don't think we do a good enough job to create that platform story for them. So I think when we think about the value of the product and how we communicate it to the channel, the more that we are able to align to the overall security use case rather than just micro-focusing on my company does this one specific thing, if you're able to contextualize it with, hey, I know, Mr.

Anna:
Guidepoint, that like your field priority, for example, you are building up your AppSec services, your pentesting services. Here is how I can help you. Or I know that in some of these large enterprises there is a continuous threat exposure as well as pentest. Tara can fit those two use cases in this way where we can bridge with your SIEM, your CSPM, whatever that story is. The more that you can communicate that platform story to the player, they're listening to customers' overall pain point, right? Like they're not doing that feature checkbox play. So I think if we can transition the industry to that kind of a conversation with our partners, we will see a lot more wins.

Andrew Monaghan:
Yeah, I feel like what you're saying there is, you know, attached to what's important to them, whether them as the partner or the enterprise that you're hoping is going to buy and then show you support it as opposed to just be one of another 3,921 vendors who's saying, here's all the cool things that we do.

Anna:
Yeah, you have to treat your partners as customers too, right? Like similar to how internally when we think about, you know, what does marketing do, what does product do, who are the customers? Like, of course it's the end external customers, but internally too, we have our internal customers where my job is to help my sellers make sure that they can get traction quickly and expand so that we are not hiring a sales org of 100 people. And it's the same thing for sellers to the partners or for me and our partners is we need to understand what they need from us to help their customers. And that trickles down then to the end user of our product.

Andrew Monaghan:
Is it as simple as just asking them, or do you have to be more strategic about how you choose which partners to go talk to, you know, in the first place?

Anna:
You know, I think at the end of the day, it all comes down to relationships, right? You always have to start where you have that relationship. And to me, it's a two-way conversation. Is one of it is starting with explaining, hey, this is what I'm doing, but then also asking those questions of what they're seeing as far as trends and having that reciprocal relationship.

Anna:
With the bigger tech partnerships, and I'm maybe taking out AWS from this, someone that size, but I think there's been a feeling that you have to be a certain size to even be relevant for these people because, you know, they're so big and they're doing something that's much bigger than just a few cybersecurity vendors. Is that true that you have to be a certain size or have a certain impact or? Are there ways to really get in with them such that you can make a difference for them even though you're a small company?

Anna:
I think the key is being able to communicate what's in it for them, right? And differentiating yourself rather than going in with a blanket like, hey, I'm a cool, hot company with these great investors. So if I take a completely separate example, not Terra, not AWS, There is a company called Remedio. They rebranded from GitPol coming up on maybe 8 months or so. They are a company that closed a critical component of endpoint posture management, right? So they approached CrowdStrike. They saw a gap, right? And it's not about the size that they were because they're a completely bootstrapped company. They didn't have any major VC that was backing and speaking on their behalf. It was simply a matter of approaching CrowdStrike and say, hey, We have a couple of dozen deployments with you guys. Here's the gap that we are seeing.

Anna:
We are enhancing your EDR product. Wouldn't it be great if we could have a click of a button deployment that would help you sell better? And honestly, it's the case with Microsoft. It's the case with AWS. With AWS, for example, we have a motion of they had a service delivery team that was looking at providing offensive security and pentesting. So we approached them and brokered that introduction and said, hey, like, would this be an interesting solution for you to bring to the customers? Right. And the same thing if you think about how Silverfort and Microsoft example that I gave when Azure Active Directory was being launched, there was a need for large enterprises who were originally on-prem based to have that hybrid deployment. But Microsoft didn't yet have a way to manage identity in a hybrid environment. And that's where Silverfort was a great Band-Aid where they came in and they added that on so that the Azure security reps were able to deploy Azure Active Directory, right? So it's all about how do you communicate that value.

Andrew Monaghan:
That's interesting. Yeah, you really have to understand the partner to figure out where they perceive their gaps to be almost. So you're, you know, you're not calling their baby ugly, right? And filling in those gaps for them.

Anna:
Well, that's why that platform story is so important because your customers will tell you, like you're building something because you know there is a pain point., and there is a pain point for one reason or another, either it's a niche use case or whatever it might be. So you already know why you're building something. It's a matter of making sure that the message is not just clear on what is it that single pain point that you're solving for, how does it fit into the rest of the toolkit? Because people are tired of just continuing to buy more and more toolkits and having separate dashboards.

Andrew Monaghan:
Yeah, that's a— eventually that system's going to break and they'll have to, you know, retrench from there, which I guess many people are thinking about or doing right now anyway. We're at an interesting point in cyber, and where, you know, we kind of go over the first wave of AI and AI was slapped on anything, right? It was like, how can we realistically just say AI on our website even though we might not be there yet, right? But, you know, you take something like Terra, Terra's really leaned into it. Is core part of what you're doing is the, the Agentic side. I'm curious if you've got any thoughts about how companies can balance that. You gotta be, say you're doing it, but you can't just fall into the, we're AI powered as well, just like everyone else in this, this space now.

Anna:
I think you still need to first and foremost communicate what it is that you're doing, right? So, you know, for us it was always Agentic AI-based continuous pentesting, right? Which is a mouthful. But it's saying that we are doing a core part of security that you are doing every single day that is required to you, or even once a year if it's a full pen test, and we are leveraging AI to enhance it. And in every single communication, we make a point to say that we are human in the loop because, like I said before, we don't believe that agents running wild on their own are able to solve this issue today. Right. So it's that— I think that humility that we talked about before of being transparent about what it is that you're doing and how you're doing it, it needs to come through in messaging too, where it's not just AI, AI front and center, but first and foremost, you're communicating what it is that you're doing and then saying that you're able to do it faster at a larger scale because you're leveraging the newest technology.

Andrew Monaghan:
It's almost like you'd be dumb not to, right? If you want to do this best, we'd be dumb not to do it this way. Well, as you look out at 2026, we're recording this in early March. What's on the table for Terra for the rest of the year?

Anna:
Oh man, I think there's so much coming. Just today we launched a new product where we are enabling pentesters to really have that AI-based interface to scale their job and make sure that they're countering the incoming offensive attacks where the malicious backers are also using the AI tools. Right. And so they're able to run faster at a much faster scale. Now, with the launch of Terra Portal today, we're able to equip the defensive offensive. It sounds a little bit weird, but pentesters that are in-house or service providers that are helping to protect their customers to also be able to move at the same speed that is coming on. We have a couple of additional ideas in line where we're going to look at expanding the coverage that we have of different components of technology. So you'll see expansions there.

Anna:
We have some interesting use case coming out of of, hey, how do we rethink potentially bug bounty? So, a lot of exciting stuff that's in our, whatchamacallit, hopper, I guess, in our hopper. And yeah, a lot of it has partnerships to do with it. So, I'm really excited to see where we start seeing synergies with our ecosystem.

Andrew Monaghan:
Feels like you're gonna be busy.

Anna:
Yeah, definitely.

Andrew Monaghan:
Well, listen, thanks for joining us today. We wish you every success for 2026 and beyond.

Anna:
Thank you.

Andrew Monaghan:
Thanks, Anna.