[00:00:00] Hey, it's Andrew here. Just quickly before we start the episode, I want to tell you about one of my favorite newsletters. It's called Strategy of Security. If you want to understand the company's ideas and trends shaping cybersecurity and its submarkets, you should take a look. Cole Gromos runs the newsletter and he has spent the last 20 years in cybersecurity, including stints at PwC and Momentum Cyber, the investment bank dedicated to cybersecurity.
[00:00:27] Recent articles I'd like include, how could platformization work in cybersecurity, where he talks about there being lots of single vendor platforms, but not a multi-estate platform. And also one called demystifying cybersecurity's public companies, where he explores the pure play ones and also hybrid companies, which are in cyber. He lists all of them and then breaks down the numbers in all sorts of different ways. Now, this is not a paid promotion. I just simply enjoy what Cole is publishing.
[00:00:57] Check it out at strategyofsecurity.com. Now, on with this episode. The feeling of Cybr Donut is that they're poised for a growth street. They're poised for a great 2025 to try and get to that $10 million ARR. You know, they fixed some of the go-to-market challenges. They've had some changes in headcount and ended up being a Q1 was their best quarter so far. It was bigger than Q4, which isn't always the case, as we know. And then looking at the rest of the year with excitement, but also frankly, with a little bit of effort.
[00:01:28] And they're thinking it would be good to chat with someone who has taken a cybersecurity sales team through a period of growth, responsible growth, not just throwing headcount at the problem. Tackled all these issues, won the early customers, grown the team, navigated the whole technical sell versus business sell and all the other things that are going on. Which is why I'm excited to welcome Nick Labuzz, who is the VP of sales at Endor Labs. Now, Nick joined Endor in its early stage.
[00:01:58] He was, in fact, the first go-to-market person, salesperson on board and has now grown the team out to 16 people. He's been through shifts in focus of the company, different things in terms of growth and how you skill up the team. And all these things is what Nick is tackling. He's talking about it on today's podcast. I'm Andrew Monaghan, and this is the Cybersecurity Go-To-Market Podcast, where we tackle the question,
[00:02:23] how can Cyberdonut get to $10 million in ARR by the end of 2025? All right. Well, Nick, welcome to the podcast. So we are here. We're in the business of saving Cyberdonut. It's now May 2025, and they're just kind of getting going. You know, the sales from Q1 were positive.
[00:02:53] It was more than Q4, which isn't always the case, right, in the world that we're in. So there's a good uptick from there. They're on a bit of a tear. The CEO is feeling confident, and they feel like it might be the start of a real growth trajectory. So I thought it would be good to invite you on because of what you guys are doing at Endor. If I look at your headcount growth in the last number of years, so I'll read it out so everyone can see this.
[00:03:20] So on September 30th, 2021, Endor Labs had two people. And as of today, which is the 14th of May 2025, you had 151. And when I look at the curve, in fact, it's almost a straight line. It's like the almost perfect, you know, linear growth in headcount. I know headcount doesn't equate to revenue, but in this day of, you know, measured growth, I think it's not a bad proxy.
[00:03:47] So I kind of look at that and think, God, there's something to learn here. I remember I actually talked to Varun, your CEO, two years ago when Endor Labs was selected for the innovation sandbox at RSA in 2023. And actually, one of the things I noticed, let me ask you about this. So back when I talked to Varun, I remember rightly the focus was on analysis of open source code in products and apps,
[00:04:13] and not just from a security standpoint, but I think also from a legal standpoint because it's going to be dense side risk on some of that stuff. It felt like as I was kind of tagging along and watching your development, there might be a bit of a shift. I wouldn't say a pivot, but a little bit of a shift in what Endor is doing. Why don't you take us through what's been going on in the market that has enabled you to make that shift? It's a great question. I would describe it as we've widened the aperture.
[00:04:37] So the engine we built, the initial problem we solved with that engine was software composition analysis, the evaluation of open source dependencies for security and license risk. But that underlying technology allowed us to solve for some neighboring problems in application security. So if I'm building software, the way we think about things is you need to secure everything your software depends on. So your developers write code, first party code. They bring in open source components.
[00:05:06] They have CIC pipelines that move code through the process. They use things like GitHub Actions. They put code into containers. And all of these things need security. They need visibility. They need rules. So we have sequentially gone down the path of adding new capabilities to the platform so that companies that historically had to buy a best-in-breed capability to solve each of those individual silos can now look to a platform to consolidate tools and consolidate effort.
[00:05:34] The modern evolution, if you can call it that, I wouldn't quite call it a pivot. But if we think about when you spoke with Varun two years ago, obviously software development, as we highlighted, was 80% of code was open source, right? Well, we've had this pretty dramatic technology shift since then with AI-assisted code generation. So it's not in the too distant future where we can expect 80% of your code to be AI-assisted or AI-generated.
[00:06:02] Satya, in a press in their earnings release a week ago, just said about 30% of Microsoft's code is already going that direction. So that opens up a lot of opportunity for businesses to think about how they apply this tech. But ultimately, we also have to govern this new wave of code. So that's top of mind for us and some of the problems we're working on solving for our customers. Yeah, it's crazy. Like, you know, even someone like me, you know, I get drawn into some of these apps.
[00:06:32] There's like Bolt and there's, I think it's Canvas, is it? I forget all the different ones. And if listeners don't know, you literally get these apps. You can type it and say, you know, build me an app that is a, I don't know, a podcast booking app. And what I want to be able to do is reach out to a bunch of people, automate the whole process. I then want to do calendaring. I want to do scripting. I want to do pre-production stuff. I want it to look like this. Have a look at these sites. Pull these colors. Build me an app.
[00:07:00] And literally within a few minutes, this app just shows up on your screen. And all you have to do at that point is say, well, I don't really like this. Change that. Maybe change the dates, you know, things, whatever it might be. It just does it. You don't need, I don't need to know any coding or what's happening when the scene to do this. So it seems like this is, well, it seems amazing for one thing, but kind of crazy that someone like me then wouldn't then go in and say, well, let me just check to make sure this is somewhat secure. Right. Which is kind of the world we're in right now. Right. Yeah.
[00:07:26] We call that vibe coding is the industry nomenclature. There's some fun anecdotes out there. The one I would highlight is Y Combinator, I believe, published that 95% of the code generated was vibe coded in their last cohort. So this is a tidal wave. It's exciting for us as a security company, but I think it's also very exciting for organizations that have to think about the pace of innovation and how to leverage some of the good things that AI assistants can do for us.
[00:07:56] And one of the things that struck me about it was, you know, I've got no skills to know the quality of the code. I mean, I know what it's producing works from my standpoint. Right. I kind of had this idea, though, that the quality, both from coding, but also from a security perspective, we pretty good. But I'm gathering as I kind of dig into this more and more, that isn't the case. It's a bad assumption to make. Yeah. Studies show it's less secure than well-written human code.
[00:08:26] So the stats on this, it writes Copilot, Cursor, Windsurf, these AI code assistants. Code velocity increases 40%. Code quality issues, which could be security or quality, exist in about 60% of it. So it's a troubling thing for security counterparts of engineering to face in that, you know, I have the capability to build a lot faster that may be lower quality or more risky.
[00:08:52] How are you on the other side of this going to govern this volume of code? So it'll improve. But as things stand today, oversight, inspection, governance is going to be necessary. I imagine you're probably seeing as well the shadow code generation inside companies. You know, what you thought was the purview of the 15 developers in the corner are something people like me think is a good idea to start developing apps. Totally. Yeah, it's funny.
[00:09:17] I had the same occurrence in my last life with Varun at Redlock, right? We were at a point in time. This was early in the cloud security evolution and cloud adoption. And there were these companies that professed at the time, we'll never put our stuff in AWS or Azure or GCP. And now that's obviously in about every enterprise in the world.
[00:09:36] I believe the stat was 80% of developers admit to using copilots, which means 90 to 95% of developers are probably using copilots. So it's less hidden than one might expect. But it is going to be par for the course here very quickly. Yeah, yeah. Well, you mentioned something there that you'd worked with Varun before. So at Redlock, Redlock was acquired by Palo. Was that 15, 16, something like that? Was that the right time for you? 2018. 2018. Okay.
[00:10:06] And then when he founded Endor Labs, he hit you up back in November 2022, it looked like, to say, come and put the band together again. Yeah, let's go and do this thing called Endor. So you walked in there November 22. Well, I mean, so a lot of things to be done, right? But what was one thing that you looked at and said, okay, this is where I start. This is the thing that you start fixing or building to start building the sales function over there.
[00:10:35] Yeah, there was nothing to fix because, you know, I was brought in to put in the infrastructure. The first thing I think we needed to do was just learn who buys this product and why and how do they buy it, right? So we were pre-revenue at the time. We had had some very great partners on the enterprise that were using the product. And we had to land what is the value to them going to be. Technology, you know, the capabilities at the time were much narrower than they are today.
[00:11:00] So we had to rigorously define our ICP because there was a tech stack we needed to define to be, to show a high ROI to our customers. So it was iterating on that pretty frequently, which is, okay, this is one, this is the components of tech I want to see in a potential prospect. Now let's go find those prospects. Now let's go find some sellers that can find those prospects and execute against that sales play.
[00:11:26] But it was a fun learning in the early days because every conversation we were finding something out. And ultimately, we would have to apply that to the next conversation we were having and continue to do that today. Now, was that difficult to do, though, coming in with a sales title? And really, actually, your main job is learning as opposed to selling in those first couple of months, right? Yeah. You know, I had to walk and chew gum at the same time.
[00:11:52] You build a company by getting great prospects to partner with you on a journey, but there has to be value for both of you. So, you know, I was sellout, right? I was doing – I was prospecting. I was selling. I was trying to build out the playbook. I was trying to understand who that audience would be and what value we were going to offer and how to execute proofs of concepts. But it was, you know, like I said, I think we learn a lot.
[00:12:18] You, you know, implement the plans based on the lessons and continue to evaluate and evolve them. Yeah. One of the things I think that teams or early stage – finders as well. I saw the founder actually a couple of days ago about this. One of the things they struggle with is how to have that conversation about is this company even going to be able to buy from an early stage company like us? How do we find that out elegantly? When do we find that? Do we find that early? Do we cross our fingers and hope it doesn't come up too much towards the end?
[00:12:47] How did you handle that early on? Yeah, I think you have to take it on pretty early, right? There are enterprises that want to be forward-looking, partnering with innovative companies to shape their roadmap to meet their own needs. There are people that want to see technology proven out in the market where their competitors and other industry comrades buy it first. You have to get that line of sight. You have to get that clarity. Because otherwise, you've got to be ruthlessly prioritizing in a startup. We're lean.
[00:13:16] There's not a lot of resources. There's NSE, NSDR, one seller. And they and you should be spending time where the likelihood of partnership is higher than not. And it's okay for people to want to not be on the bleeding or leading edge of things. And they can sit back and watch how the market matures and then raise their hand at a point in time when they're ready to adopt.
[00:13:40] But, you know, I'd rather not spend nine months of our team's time learning that until the decision is, okay, we're still two years away. How did you have that conversation? How did you bring it up? Just about that abruptly. Really? Do you all like to partner with early-stage companies? Why do you like to do that? What do you need to see to get something out of this of value? What are you expecting of us? It's very fair questions, especially if someone's going to lean into you and say, hey, what about the product doing this?
[00:14:08] Or we would need to see this in order to buy the product. So, you know, I think at the right level of a prospect, at the right buyer, those conversations are necessary and not too uncomfortable. Yeah, yeah. Yeah, I think early on seems to be the way to go. I worked as a startup 10 years ago, and we did the first conversation. You know, we got the excitement up. They were excited what we're doing. And then we would say, look, you know, not every company can do it. What about the culture of your company? And they would, you know, talk about that. And then we'd say, what about you?
[00:14:38] Do you have the appetite to do it? Because even an individual might want to take it on due to their career, how established they are, how much risk they feel like they're taking on, things like that. So we would tackle it from two different angles. I would also ask them, from what you've seen, how high of a priority is this for you? Because it's not just the willingness to partner with an early stage startup. All of us have competing priorities, right?
[00:15:02] You know, the security buyers we're talking to, there's no shortage of startups or enterprise security vendors that are trying to capture their attention and solve problems they feel they have. So we were pretty deliberate about leaning into the most urgent thing on your list or a curiosity that one day you might seek to solve. Yeah. Yeah. How did you get those meetings in those first few months? What was working for you? Gorilla Tactics, right? We had an SDR, you know, who was great about getting us in front of people.
[00:15:31] Obviously, you have the network of people from the Prisma Cloud days that we had sold into. You have the introductions from our investors. You have just cold outreach. We had the lookalikes for we're talking to this person and they have a problem. So others in the industry may have the same. So it was all over the place. And I think, you know, we obviously had a very purposeful mindset around sales at everyone's job at the start of this journey.
[00:15:56] Still have that belief where any employee of the company, any introduction they can make where we can position this, get some feedback and figure out if that's the right conversation for us to be having was useful. And I would say everyone leaned into that. Yeah. Take us back to that first order. What was it like? What was that moment? It was a great one.
[00:16:17] I was sitting at an event in Seattle where a design partner of ours had made a multi-year commitment to move forward with us, a six-figure multi-year commitment. And we pulled the company together on all hands. I think it was probably 5 GM Pacific and announced the order and rang a virtual bell and moved the deal forward in HubSpot at the time. We since modernized our CRM. But, you know, it's something I won't forget.
[00:16:44] It's a pretty amazing thing when you have those first dollars the company will ever see on the board. And obviously, you know, I had been there three months at that point, but there had been people that had been building this product for 12 months at that point. So to see that effort pay off and to come to this conclusion, albeit the first of many, this thing we built actually has viability in the market was pretty incredible. Yeah, that's awesome. What a moment, right, for the whole company. Yeah, it was.
[00:17:12] So let's fast forward to today then, Nick. You know, as you kind of think about the growth, how many people are in the team right now? There's 16 AEs on the team and one first-line leader. Okay. And did that first-line leader come from inside or did you hire from outside? Hired from outside. Not to say that we won't be promoting some others internally. We've promoted others through the ranks coming in, you know, SDRs to ICs, but this individual came from the outside.
[00:17:40] And we'll be expanding the leadership team pretty quickly as well. Was there one decision as you look back in the last couple of years about maybe the growth of the team that you made that kind of goes against conventional wisdom a little bit, but it kind of panned out for you? That's a great question. You know, I will say we hired in the central U.S. I think you could have made a couple of bets early, right? So we've been very good about selling across verticals.
[00:18:10] But if you look at some startups, you could say concentrate in the West with tech, concentrate in the East with the banking. We put a rep in the central U.S. pretty quickly and have had very significant production out of that geography. So, you know, could I have put a second person, a third person in the Bay, a third and second in New York?
[00:18:35] But we decided that with this product having sort of a universal audience, it does well in specific verticals, but anyone can and should use it. That just going to geographies that may have been less progressive adopters of tech has actually worked out for us. Why do you think that is? It's a great product. The argument could be made that other people aren't going there sooner.
[00:19:00] So we had an earlier mover advantage to bring this very modern approach to the problems we're solving to the buyers. I think that would be some of it. It's talented individuals. It's a great product. But I think, you know, you combine those three things and, you know, it paid off pretty quickly for us. Yeah, that's interesting, actually, because my inclination would be to say East and West.
[00:19:26] I mean, one of the dirty secrets is that some of the biggest development teams in the world are actually in financial companies on the East Coast. You know, there's like 15,000 developers at a bank is mind-blowing to some people. Totally. I may just have a soft spot, too. I spent, you know, 15 years selling between Ohio and Chicago and, you know, know the logos and the partners after a decade plus of doing that. But, no, it's, you know, I think it was a well-placed bet and it's paying off. Yeah. Well, it's kind of aligned to that.
[00:19:54] The other thing I'm thinking about is, you know, you, Indoor came in, weren't the first, but one of the early ones in this whole shift left idea, right? It was kind of big buzzword, you know, buzzwords two or three years ago. I would imagine there was a lot of noise in the market as everyone was kind of trying to carve out their space.
[00:20:12] Is there something that you look back at that you and the team were doing from a sales standpoint in talk to people that you think enabled your prospects to clearly get what you're doing and how it was different compared to all the noise you're hearing out there? Yeah, I think the thing that we certainly had shift left as a focus. The more pronounced differentiator for us, and still is, is the concept of reachability.
[00:20:38] Uh, we're not the first people to ever claim this idea of reachability and application security. I would argue we have moved the ball forward, the farthest, the fastest, but that establishing that principle in our conversations of why reachable vulnerabilities are, are critical to look at that market is, you can hear that messaging more commonly now.
[00:21:01] Uh, and I would argue part of that is in response to the fact that we were pretty clear with prospects and customers that if you have 10,000 problems, but only a hundred affects you and you don't know which 100 that is, you have to get to that destination. So yeah, we had to, uh, plant the seeds of what reachability is. It wasn't a well understood concept, at least in my opinion, two and a half years ago.
[00:21:25] And then we had to fight the battle of not all reachability is created equal subsequent to us establishing the principle. So it's been, uh, yeah, that was a fun messaging effort to go through in the early days. And now reachability is well understood and is foundational to everything we're doing, but we've had to again, progress into new concepts in software development. I mentioned this AI code assistant thing.
[00:21:51] It's fundamentally changing the way we think about governing the risks we were helping our prospects and customers solve. So it sounded like the market was probably asking you about something else, right? I don't know what ability to find things or where it might be. And you're saying, yeah, we can do that. But you're trying to shift the conversation. Let's talk about the Zora aspect to this. People don't like to be told what to think though. So I imagine that's, uh, that's an interesting shift you have to make in there in the discussion.
[00:22:18] It is, but I'll go back to the Redlock days where I also want to help you understand the problems you are going to incur before you incur them. Right now that the contrast between Redlock and Endor Labs is, is Redlock was creating a category and Endor is taking on a category. Application security, it's not new. But to think about the new approach of solving the problem requires some foresight and anticipation.
[00:22:45] So I need to give you the vision of here's where you need to go and here's how I can get you there. And part of that is being provocative. But others would call that, like, this is going to help you avoid touching the stove if you know it's hot. So, like, let me give you the collective experience of all the people we've helped and understand how they tackle the problem, what the trade-offs were, and decide if that's right for you. Yeah. It's a tough conversation to manage. Some people are really good at it.
[00:23:14] It come naturally to them. And you say being a little bit provocative and being comfortable doing that. What I hear, what I, I don't know if you've heard this or experienced this. What I've heard is, yeah, that might be what the CEO or the founder says, but I'm just a sales rep. I can't say that. Right? What's your thoughts on that? I think anyone can say anything if they have the credibility and backing to say it. Now, I learned how to sell this product by sitting in the room with the founder and doing the first 30 or 40 sales conversations.
[00:23:43] So I may have inherited a dialogue a bit. But I think if you are truly curious about customer outcomes, this is your responsibility, is to be a source of knowledge for these prospects. It's to help them buy solutions to their problems. And the way you do that is being a subject matter expert. So we may not be the right solution for every company on the planet, but they should understand the pros and cons of what we're proposing very explicitly. Yeah, I think that's right. Right?
[00:24:12] Like, if you've got the knowledge and you feel like you understand, then you naturally have the confidence to, when you say things, it doesn't feel weird to you. If it feels weird to you, it's going to feel weird to them. Right? So you kind of have to have that, you know, put the time in to learn like that. Right? That's probably where it goes. And if you don't believe it. Yeah. You know, this can't just be a story you're telling. You have to truly live and experience these things. All right, Nick, let's learn a little bit more about you personally.
[00:24:42] Believe or not, I have 49 questions on my list here. But I have this amazingly, it's actually protected. It's such an amazing random question generator. I've got it protected by some sort of quasi-morphic encryption. And DLP is working so no one can steal it from inside my office or come in and get it through the IPS. The number of IPS I have in my place here. So let's go ahead and spin the wheel and see what questions we come up with.
[00:25:13] All right. Number nine. How did you make money as a kid? Traditional ways. I had a paper route, a cabbie, and one unique one to my geography. I grew up in Speedway, Indiana, home of the Indianapolis 500. And we would go to the track the morning of the race with the wagons and pull people's coolers so they didn't have to carry them. And that was quite lucrative in that day and age. Wow. So they would show up fully loaded, right? And then you would jump in and say, let me help you out.
[00:25:42] And they would leave fully loaded as well. So would you get the pickings at the end of the day? A little bit young at 10 or 11 for that. But, you know, maybe now. All right. And caddying, did you play golf or did you just caddy? I play a little bit. Not as much as I like. And, you know, got my start back then. That's awesome. All right. Let's go to the next one. Let me spin the wheel. All right. Number 29.
[00:26:10] What's an embarrassing or memorable moment in your sales career? One stands out. My first job, I was in office equipment at a time when digital imaging was coming around and people wanted to convert, you know, hard paper to digital images. We did a huge study at a manufacturing plant. We go in, present the study to the CFO. It's my first huge study. He says, this is great. I'm ready to sign. We didn't have any order forms.
[00:26:36] We thought we were presenting some outputs and didn't quite go for the close. So later me would have learned better. But that was a pretty noteworthy lesson for me earlier in my career. Did you whip out the napkin and say, let's just use this napkin? True story. Had three part forms on us. And we sat in his office, filled them out as he waited and inked the deal before we left. Oh, the days of triplicates, right? That's right. All right. Let's spin the wheel one last time.
[00:27:06] Number 42. What is the story behind you getting your first job in cybersecurity? Cold emails from a recruiter, which is not that unique. I'll give a fun anecdote. One of the parts of the interview process was to write a research paper on, I believe it was deep sea mining or deep sea treasure hunting. Wait a minute. Write a research paper? Yeah. Write a two page paper on treasure hunting, deep sea treasure hunting, something to the effect.
[00:27:34] And I actually cold emailed some professors that were teaching the subject. And when I went in to review this with the president of the company at the time, he asked me, did you actually email these people and do this interview? And I said, I did. And he goes, OK, you're getting the job. That's awesome. So apparently no one had ever thought to talk to humans on the subject. Wow. And of course, these days it would be a five minute deep research task in Gemini or Chet GPT for your report.
[00:28:03] If that. And probably better written than the one I put together. Oh, well, certainly. That's awesome. Well, start of a big career, a big career switch. Was that a natural thing for you to do or do you just think, oh, give it a go? No, it was lucrative financially and more lucrative than what I was doing. I was doing sales at the time and this was a bigger brand and a bigger opportunity. So that was really the first, my first just individual contributor job at a well-known cyber company.
[00:28:33] I don't know if it relates to that. You mentioned outcomes there, Nick. I'm always fascinated by this is that, you know, when I think about, you know, what Endor does, it would seem like to me that it could very quickly get a very technical sound, right? You're talking potentially to developers who are hands on keyboards and then development leads and people like that. And yet you mentioned outcomes. So, you know, there's also the business side of this, what we're actually trying to help this company achieve.
[00:28:58] I'm wondering anything you've learned in the last couple of years about how to navigate the need to keep people happy with the features and capabilities, but also to keep focused on what we're trying to achieve here that the company cares about. Yeah, I think it's separation of church and state. Like we have a highly technical product and a highly technical evaluation, but none of that matters if the objectives of that aren't mapped to some business outcomes.
[00:29:23] So when I'm conversing with someone, I'm trying to understand why are we in the room together, right? So what pain do you have today? What problems do you seek to solve? We have a tremendous partner running our customer solutions team who can then help paint a picture of how we can demonstrate our proof to you technically. But, you know, ultimately as sellers, our job should be to be adept enough to speak to the technical considerations of the product, but tie all that back to business value, right?
[00:29:51] CEOs and even CISOs aren't buying the widget of my product. They're buying what outcomes I improve in their environment. Yeah, that's a tough thing. I find it tough for – I see sellers find it tough to do that pretty well, right? I think it's changed maybe a little recently, but traditionally, you know, cybersecurity sellers were product salespeople. You know, there was always products. Well, I sold a firewall. I sold a web gateway. I sold an email, whatever it might be, right?
[00:30:16] And then suddenly it's, well, you got to do that, but you've also got to, you know, be able to hold your own with someone with C in their title and align to business needs and things like that. It's not always that easy to do. Yeah, I couldn't agree more. And I think, you know, you shouldn't be serious enough, again, to speak to the technical aspects of your product, but you have to speak the language of your audience. And if that audience is deeply technical, then that's when my solution architects have come in.
[00:30:41] And if it's a C-level executive that has a question on why this proposal is on his desk, you should be prepared to talk about that. Yeah, yeah. Now, you said you got up to 16 in the team right now. I almost feel like that five to 10, you know, range of sellers is kind of a point, right? It's a natural thing. Okay, we need to get a bit more coverage. We hire a few people. And then it's like, okay, where do we go from here? Any learnings about how to kind of keep going through and growing up to 16 as you were doing that that you're a little bit surprised about?
[00:31:10] I think a few things. One is how critical enablement is in the process. You know, as I described, I got to be in the room virtually with Varun for the first dozens of sales conversations. And then you bring a few sellers on board, two or three, and you personally enable them. You walk them through how to pitch the product and how to do the demo and how to do discovery. And they learn from you. And then the next three learn from those three.
[00:31:35] But all of a sudden, you're a few degrees removed from how people go to market with your message, with your playbook, with all these things. So, you know, the lesson we've learned is to document and iterate this quickly. And I had tremendous partners in sales ops and rev ops and enablement to build this out because I think otherwise the game of telephone starts to lose something.
[00:32:02] And you can quickly get to a point where folks are sort of saying the same thing, but it's not the company message. So that's just been critical for us is making sure that everybody can come in and very effectively grasp what we do, how we do it, how we're different, what our process is. And we're making a lot of investment in that right now. Yeah, I call that go-to-market dispersion, right? You know, everyone starts here. And as you bring people in, they bring their own secret sauce, right? They're successful for a reason.
[00:32:30] But then suddenly before you know it, you've got this dispersion in messaging and how to position things and how to have a discovery conversation that's affected. Before you know it, when you're trying to build a repeatable model, you're wondering, well, why are my new hires not being as successful as my new hires from last year? That's partly the reason why. Yeah, and being realistic, there's also a volume aspect to this, which is you can sit in on two or three reps, deals and calls in the first meetings. You can't attend or 16 or 12.
[00:32:59] So how do you build the model to be giving you the feedback loops you need and correcting things that need to get corrected and highlighting positive things? So that's something that we just continue to think about. And it sounded like you brought in an email person already. Is that right? We did. Yeah. How soon did you do that in terms of numbers? And how did you position that to Varun to say, this is something we need to do?
[00:33:24] Yeah, I think when we got to, we started looking at maybe the 10, 11 rep mark. And it was exactly this, which is we need to standardize all we go to market, what we say, how we say it, who we say it to. The sales process. We did some work on getting more structured. We did some work on getting more structured and defined with our sales stages and entry and exit criteria. And it's one thing to build those things, but it's an entirely different one to reinforce them because we are going to launch.
[00:33:52] We launched a massive launch at RSA. Okay. What's the messaging look like that? How do I enable the sellers to internalize what this is, who I say it to, contacts? So we did it at, again, I'll call it the 11 or 12 rep mark. And I would probably say if I was pressed to do it again, I would do it sooner because the impact of these programs we're already seeing in how we can help everyone be more successful.
[00:34:19] I'd encourage sales leaders, CEOs who are listening to this, Black Cat's coming up in two, three months now. If you want to understand the nature of this problem, go to a booth and go to it three or four times over a couple of days. Pick a different seller or a different person you talk to and ask them, hey, what do you guys do? And ask them, how are you different to others?
[00:34:41] And I guarantee you will get very conflicting messages from those people, nine times out of ten. And you can tell which companies have invested a little bit in this because you can see them much more on point and much more effective. And those that just either don't know or aren't able to invest, it really does have a profound impact. I would actually tell them don't do that because you'll be alarmed. There must be a market for a secret shopper, right, who goes around and says, okay, I'm hired by these 15 companies.
[00:35:11] I'm going to go up to their booths at different times and see how far off message they are. It's not a bad startup idea. It's hard work, though. You have to go through it. But it's rife, though. I mean, and I think that's very forward-thinking of you guys too. Even the 10 or 11 sellers do that. I think a lot of companies struggle with it. I was actually on a somehow I got forwarded a thread. It was CEOs at one of the major VCs in their kind of little world.
[00:35:39] They have obviously some sort of, I don't know, a Slack group or a messaging thread or whatever. And this founder, the CEO said, you know, I'm really loathe to invest in ennealment. Isn't it the job of the sellers? We paid them a lot of money to go and, you know, skill up and get knowledgeable and all the rest of it, right? And this other CEO who's pretty well-known at a well-known company came in and said, look, here's the reality.
[00:36:04] You know, if you throw things over the fence to salespeople and expect them just to all pick up the right things in the right way and do it from there, it's not that they don't learn. It's just they'll all learn different things from your three-page document, right? And unless you help them figure out, now, this is the way to actually take all this, you're relying too much on translation to be uniform. And it's not. It's just not the way humans work. Yeah. And I think there's also the consideration that these great ennealment professionals have is people learn differently, right? Are you visual? Are you auditory? Do you want to see things?
[00:36:34] Do you want to experience things? So how do you make this approachable for everyone? And you nailed it. I can send a 10-page PowerPoint out to my team and say, hey, internalize this. But they're still going to come out with 10 different opinions on it. So, you know, you have to get structured and consistent with these things. Yeah. Well, Nick, I'm looking at your announcements at RSA just a few weeks back. Actually, what was it? Two weeks ago now. Wow. We were just talking.
[00:37:00] Two weeks now, everyone's recovered from the bugs and lurgies they brought back from San Francisco. I was one of the lucky ones. I got away pretty much free, which is nice. But, you know, big announcement from Endor, one of which was in the same timeframe. You found a B round at $93 million. So you're walking around with all this cash stuffed into your pockets. What's the plan for the go-to-market team this year in terms of investments and what you're trying to achieve? Yeah. I mean, bro, bro, reasonably, right?
[00:37:29] I think this is not a blank check to go be reckless and just expand beyond what is appropriate. But it gives us an opportunity to double down on a lot of stuff that's working very, very well. So obviously, headcount is 16 today. That will go up. We had a major, major product announcement. So I think just thinking about the channels and how we accelerate the messaging and the marketing around what we feel is just a critical time in application security.
[00:37:57] So the timing was really appropriate and that organizations are going to have to tackle this evolution of what AI-assisted software development means for them. And we talked about it at the beginning with the volume of code and the quality of code going in opposite directions. And it's a board level and a C-level conversation in all of the businesses we're having. So we need to be prepared to go assist and participate in those conversations.
[00:38:20] And the B, in addition to hiring more people to build these great products and market these great products and sell these great products, it'll hopefully capitalize on that. All right. And if someone is interested in hitting you up to see if you're looking for quality talent in their area, what's the best way to reach out to you? You can find me on LinkedIn, Nick Labuzz or enderlabs.com. We have all of our openings available. And as you may guess, we are always hiring. That's awesome. Well, Nick, we're rooting for you this year.
[00:38:49] We're awesome to see that curve continue to be a straight line up and to the right. Really impressive development over the last two or three years, you guys. Awesome. Yeah, thank you. This was great. It would mean a lot to me and to the continued growth of the show if you'd help get the word at. So how do you do that easily?
[00:39:19] There are two ways. Firstly, just simply send a link to a friend. Send a link to the show, to this episode. You can email it, text it, Slack it, whatever works for you and is easy for you. The second way is to leave a super quick rating. And sometimes that can seem complicated. So I've made it as easy for you as I can. You simply have to go to ratethispodcast.com slash cyber. That's ratethispodcast.com slash cyber.
[00:39:48] And it explains exactly how to do it. Either of these ways will take you less than 30 seconds to do. And it will mean the world to me. So thank you.