Redefining Cyber Risk Management with AI: Saket Modi, Co-Founder & CEO Safe Security – Ep 4

Show Notes

Welcome to Episode-4 of What the futr. Sandesh Patel and Chris Brandt host Saket Modi, Co-Founder & CEO of Safe Security, in the latest episode of What the futr.In this episode Saket delves into the world of cyber-security and its growing importance in an age of third-party data sharing.Join Saket as he takes you on his journey from hacker to pioneering the use of Agentic AI to proactively manage digital risk. Whether you're building on the cloud, working with third-party platforms, or simply handling sensitive data (so, basically all of us), this episode is essential listening.Stick around, your future self will be glad you did.

Subscribe for regular episodes.

👉 Explore the platform: https://futrconnect.io

👉 Business inquiries: sandesh@futrconnect.io

Transcript

00:00:00:01 - 00:00:26:13
Sandesh
Thank you for tuning in to What the Future podcast today. We have the CEO and founder of Safe Security, Socket Modi. Now, if you were to go to Google right now and you put in socket Modi, you're going to see this dude is notorious for being a hacker. However, he is using his skills for good. He has built safe security to become the leader in cyber security risk quantification.

00:00:26:13 - 00:00:56:05
Sandesh
In fact, Forrester just acknowledge them is by far and away the leader. The other twist to this conversation is also the piece of AI, and how AI plays a key role in risk quantification for cyber security. So hope you enjoyed the show. Thanks for tuning in. We got to change the game.

00:00:56:07 - 00:01:16:12
Sandesh
Ladies and gentlemen, today we have Saqib Modi, CEO and founder of Safe Security. He's been a friend of our show. Good friend of Chris and myself. Really excited to have him on the show socket. How are you? And, maybe if you want to get a started a little bit on your founders journey here to safe security.

00:01:16:14 - 00:01:36:03
Saket Modi
Yes. And and, Chris, so wonderful to be back on your show. And, it's truly an honor. Thank you so much for having me here. My story is as simple as it gets. I started this company back when I was in school. Still stuck at my first job. I keep telling my team I'm not sure if I'm employable outside.

00:01:36:05 - 00:01:55:10
Saket Modi
So please make sure I have this job. Please do. Well. And, this is this is all I've done all my life. So that's my story. I'm a geek and a nerd. Love playing with technology. And, you know, I truly thought that technology will change the world. And, you know, it didn't need a genius to figure that out.

00:01:55:10 - 00:02:02:20
Saket Modi
And, and obviously, a lot of lot of people got that right. So that's the quick background about myself. Sandesh.

00:02:02:22 - 00:02:14:07
Sandesh
Awesome, awesome. I you've you've been known as a hacker now. I, I just wanted just to get a little clarification on that.

00:02:14:09 - 00:02:35:22
Saket Modi
Yeah. You know, Oxford and Oxford Dictionary definition of a hacker is when, when you basically make something to do. It's not designed to do. It's called hacking. So if you take a toothbrush and you clean the mirror with that, that's hacking the toothbrush. Because toothbrush was not designed to clean the mirror, but you used it to do something else, right?

00:02:36:02 - 00:02:55:10
Saket Modi
So if a person goes ahead and basically goes to a website and gets access to data, what they are not supposed to see. That's also hacking. So so hacking by itself, I mean, I've been very comfortable all my life. I've been called oh, he's the hacker guy. And, some people qualify that to say, oh, is the ethical hacker.

00:02:55:12 - 00:03:18:08
Saket Modi
I'm like, no, I'm very comfortable with being a hacker. I actually think the greatest hacker of our times or Albert Einstein or people like that, because he was able to hack physics like, think about it. Right. Mass and energy can be equated in one one equation. That's a hack, right? Because we could never think before him that these two can be a part of the same equation.

00:03:18:08 - 00:03:46:19
Saket Modi
Right? A hacker simply is somebody who knows a particular concept or a particular space on first principles. And when they know that they're able to see things which other people are not able to see, and that is the reason why they can do things what other people cannot and make those twists. It's like a car mechanic. They hack the car in doing things right because they're smarter than you and I generally, in terms of how the car works.

00:03:46:19 - 00:03:50:07
Saket Modi
So that's the reason very, very comfortable with the term hackers and.

00:03:50:09 - 00:03:52:20
Sandesh
Yeah, I there's a lot of content.

00:03:52:22 - 00:04:05:05
Chris
That's sort of the old school definition of hacker, right. You know, I mean, working on, you know, like programing and doing all those good things. Cracker was the, the one that was the, the what we call now hacker back in the day.

00:04:05:06 - 00:04:13:04
Saket Modi
So yeah, that's why that's why Shakespeare said what's, what's in a name. Right. So yeah they. Yeah. Get it.

00:04:13:06 - 00:04:25:15
Sandesh
So, from your early technical stages, you know, early educational, life and journey, you become a hacker. How did you get to safe security?

00:04:25:17 - 00:04:46:22
Saket Modi
Well, this is all I did, right? I mean, once you understand how hacking works, you can actually use the skill to make sure that other people are not hacking into companies, because, in order to catch a criminal, you need to think like a criminal. Right. So. So, considering I knew how that works, I got a few of my co-founders together.

00:04:47:03 - 00:05:10:07
Saket Modi
This is back in my third year of undergrad and computer science engineering studying in India. And, basically started, hacking into systems. And, when we went to companies, they were like, hey, people can pay for this also. So the fact that we were getting paid for things that we loved doing, and I still feel so, I mean, that itself is the greatest honor and the greatest fortune of my life.

00:05:10:09 - 00:05:32:12
Saket Modi
And, you know, started doing that in, in my, in 2012, from 2012 to 2018. We used to hack for a living, quite literally, because with the permission of companies, I've shown very large banks how to transfer money from any account to any account. We've shown some of the largest airlines in the world how to transfer, and basically book any flight at $1.

00:05:32:14 - 00:05:57:09
Saket Modi
We've shown we've shown hospitals. How do you get into records of personal records of individual and changed the personal record, to anything we want. And we've done all of those fun stuff. And, that's when we figured out a big problem of, cyber security, risk quantification and, and management. And, that's where we ventured into the product side of things in 2020.

00:05:57:11 - 00:06:00:06
Saket Modi
And, and here we are.

00:06:00:08 - 00:06:04:18
Sandesh
Awesome. So who is safe security? What do you guys do?

00:06:04:20 - 00:06:32:23
Saket Modi
Yeah. So what are we doing? A simple term. You know, some days you think about it. Take the world's largest cybersecurity companies CrowdStrike, Palo Alto Networks, Zscaler, etc., etc.. Right. Get me one CSO, one CISO in a fortune 2000 company, or a set up which will say I every day use CrowdStrike to make decisions zero. Nobody does that, right?

00:06:33:01 - 00:07:00:12
Saket Modi
These are phenomenal tools, but digitally two levels or three levels below the CSO. And what is the CSO doing in order to manage their cybersecurity risk? They're very, very simply collating all the data from all of these tools. They're putting that together and then going ahead and giving you a perspective. And I say you it can be either they don't sell the board, the CEO or the CIO.

00:07:00:15 - 00:07:27:11
Saket Modi
Anybody who they are reporting the risk to. And that's very manually stitched together. So what blew my mind was it's a $200 billion industry growing at 15% year over year. And it still does not have a platform that the most important persona in cybersecurity, which is the CSO, the economic buyer, goes ahead and uses on a daily basis.

00:07:27:12 - 00:07:55:22
Saket Modi
Now, if you think about their peers, let's take an example of the chief revenue officer. They have something called Salesforce that they all use to make decisions for strategic and tactical. The CFO has SAP or what you would call it, say Oracle NetSuite, which is again, something that they use both for tactical and strategic decision making. This chief HR officer and chief people officer has something called workday.

00:07:56:00 - 00:08:20:03
Saket Modi
There are enough platforms which are the platform of platforms which aggregate signals from the feed world to enable decision making for the CXOs I spoke about, the CSO still doesn't have that, and that's the problem we are solving. So that is the big gap that we saw during our services days, serving some of the largest companies in the world.

00:08:20:08 - 00:08:43:23
Saket Modi
And we said, oh my God, this is a very clear gap and it will only keep amplifying as the complexity, sophistication, frequency of attacks keep going up and disrupt real businesses. So that is what is the journey we embarked on in 2020. And here we are, five years. In in, in in building a company around that.

00:08:44:01 - 00:08:47:02
Chris
Socket. So.

00:08:47:04 - 00:09:15:00
Chris
What you're doing, I mean, you're giving some really interesting, actionable information to a CSO, right? I mean, you're telling them here, here's, like, your greatest vulnerability points and here's how risky each one of those are, right? I mean, but the other piece of this that's, I find really interesting is you're doing that not just for the internal risk factors, but you're doing this also for external risks, factors like your your supply chain.

00:09:15:00 - 00:09:25:04
Chris
And I know one of the things that we talk about all the time is, you know, watching out for supply chain attacks. And we've seen a lot of that happening lately. Could you talk about that?

00:09:25:06 - 00:09:47:19
Saket Modi
Certainly. And Chris, by the way, by design, we don't talk about supply chain separately because in our mind, in today's day and age, supply chain is no longer something which is actually outside of your organization. Right? Of course. Jurisdiction wise, of course, the different companies that you work with. But think about it like today, pretty much every company is joining the AI bandwagon.

00:09:47:21 - 00:10:15:01
Saket Modi
How many large fortune 2000 companies are actually building the right models? How many of them are actually building their own agent AI capabilities? Probably be next to zero. What they're doing is they're partnering with cutting edge SAS companies, AI startups, and then partnering with them to really redefine and reinvent productivity, reinvent how they do business, and how do they do operations.

00:10:15:05 - 00:10:49:01
Saket Modi
Now, why is that important is because ten years back, I had my data in my data center and all the vendors were important, but not mission critical. Today, the whole script has been flipped, right? Today, the reality is more than 90% of my critical data is going to vendors in some shape or form. So what was important ten years back to just say, I will be my data center and I'll protect that.

00:10:49:03 - 00:11:08:22
Saket Modi
And the vendors are fine and that's okay. But I'll make sure I have a Fort Knox built around my data. That was ten years back today. You can't have that. You cannot be on prem. You you have to be on the cloud with the cloud. You have to give the data to the AI startups. When that happens, what's happening now?

00:11:09:00 - 00:11:35:04
Saket Modi
If they get hacked, you get hacked because your data is out there. And when a tiny startup gets hacked with the data of a fortune 100 company, the Wall Street Journal doesn't say this tiny startup got hacked. It'll say the data of the fortune 100 company got hacked. And that is the big deal. So therefore, for us, when we started in the journey half a decade back, five years back, we started selling in 2020.

00:11:35:08 - 00:11:57:17
Saket Modi
We in 2025 now we started with first party risk quantification and management. We started with that. We went through an automated approach. We take a ton of APIs and then provide risk insights and actions in an automated way in a real time way. But we did that for first party. While we do that, we became the number one player, right?

00:11:57:18 - 00:12:22:21
Saket Modi
Forrester came out with the cyber risk quantification platforms wave, and we're on the top right. We're not just the leader, but we are the number one on the planet. According to Forrester, if you look at our customers Google, Facebook, Netflix, Dropbox, Chevron, ATP, Victoria's Secret, GSK, British Telecom, Telstra, like the largest names on the planet that you can think of are our live customers, right?

00:12:22:23 - 00:12:50:04
Saket Modi
So we clearly have become the number one player in enterprise risk quantification and management. Now, over the last two years when we talking to these very large enterprise customers, they said, we love what you're doing in giving us visibility and helping us burn down risk in the most effective way possible for our own internal risk. Can you extrapolate that and can you build the same framework in the same platform?

00:12:50:04 - 00:13:19:15
Saket Modi
For my ecosystem risk, for the supply chain, for the software that I'm using, which is more and more becoming mission critical? So we embarked on this journey two years back. We launched it at RSA conference, in 2024. We are now shooting this close to RSA conference in 2025. In one year, we've gone from 0 to $10 million of that are in this brand new SKU, which is completely powered with a genetic AI.

00:13:19:17 - 00:13:46:17
Saket Modi
So we've again, my whole goal has been as a company, we take one space and we build something which is ten times, not 10% better than the nearest competitor. We did that for first party risk quantification and management. We ten times not 10% better than than the nearest competitor. Now we take in third party risk management and we are applying the same playbook and our massive success in the last 12 months in a brand new SKU.

00:13:46:19 - 00:14:06:21
Saket Modi
It speaks for itself. So that's the playbook and that's the that's the story, Chris, on what got us from first party to third party. And now we do that together and we call it singularity. So in one platform you can see your own risk and your third party risk in a same standardized platform. My staged way in making things happen.

00:14:06:21 - 00:14:08:14
Saket Modi
Does that answer your question, Chris?

00:14:08:16 - 00:14:34:11
Chris
It does. And well, you know, first of all, congratulations on that. You know, spectacular list of clients. You know, for a company that's, you know, at your stage, that's that's quite, a quite an accomplishment. And I would say that, you know, when I find out there is that, people don't really understand the risk posture of their vendors, like that, you know, they don't know.

00:14:34:17 - 00:14:53:11
Chris
You know, they don't even know that, you know, the vendors may not even have an SLA that is acceptable to them. You know, when they're using these, these vendors and that sort of thing. But could you speak to like what what is that third party assessment look like? I know it's a gigantic and you're going but like what what factors are you looking at.

00:14:53:12 - 00:14:56:01
Chris
And what do you get out of that.

00:14:56:03 - 00:15:21:06
Saket Modi
Got it. So Chris, let's first understand that how is this been done historically? Because this is a $4 billion industry, third party risk management for cybersecurity, by the way. Right. So it is a very large industry. Historically, there was a wave of vendors which were only questionnaire based assessment. So there's vendors like process unity one trust prevalent.

00:15:21:11 - 00:15:43:04
Saket Modi
There's a ton of vendors which are out there, including the traditional GRC vendors, which basically give you a ton of questions. And you need to answer those questions. So your new vendor, your anthropic, and I want to work with you. Right. I want to use your Lem models, which are there. I'll send you a security questionnaire. It'll have 150, 200 questions, whatever it is.

00:15:43:10 - 00:16:03:08
Saket Modi
And you need to answer manually one by one. You know, do you have two factor. Do you have EDR? Do you do periodic VPD. Do you back up your solution etc., etc.. So this was a wave right of vendors. And by the way, it still exists because you know, you need the data and you know that's that's just the reality.

00:16:03:10 - 00:16:27:22
Saket Modi
Then there came a second wave of vendors which promised, hey, questionnaires are clumsy, very, very difficult to fail. So now we will just go ahead and look at your website. So let's assume I want to onboard McDonald's as a third party. So I will just go in and say go to McDonald's dot com and scan McDonald's from the outside.

00:16:28:00 - 00:16:57:22
Saket Modi
Look at the open SPF records, DKIM records, leak credentials, some things around the website, and then come back and say, okay, this is the security posture of that vendor. So there are companies like Pitchside Security Scorecard, up guard. There's a host of companies which only do outside in assessment. Now the good thing about these vendors, they're super easy to use because you're just, you know, entering the domain name.

00:16:58:00 - 00:17:20:18
Saket Modi
The the problem of these vendors are they're very narrow. It's almost like saying I'll click your picture. And based on how the picture looks like, I will tell you how healthy you are. Now maybe sometimes I can, you know, get some things right because, you know, some of the diseases show on your face. But 99% of the times, no, you will not get that right.

00:17:20:21 - 00:17:57:21
Saket Modi
Right. And that's been the fundamental problem with these companies. Think of us as a third wave, which, by the way, is not the first or second. We've actually got the best of both those worlds together and powered with a genetic AI and supercharged with that. What does that mean? Let's double click on that. We are the first vendor ever to achieve 100% automation, 100% automated third party risk management alone.

00:17:57:21 - 00:18:15:18
Saket Modi
What does that mean and what is 100% automation? And the geek in me, the moment somebody said like, the easiest way to disprove somebody is when they say everything or nothing and I'm the same guy who's saying 100, right? So hold on. Yes. For sure. Talk to me more about what does that even mean? Is that even true or is it marketing bluff?

00:18:15:20 - 00:18:40:16
Saket Modi
Let's double click there. So today when you have to onboard a vendor in most fortune 2000 companies, you go in entered the details of the vendor. There is. Then you prepare a questionnaire depending on the tier of the vendor send it out to them, get those. Then open a security scorecard or a bit site. Get the outside analysis, get that assessment.

00:18:40:19 - 00:19:11:00
Saket Modi
Keep chasing the vendor for weeks because you know, one 5200 questions. You keep doing that 80% 80, 80% of a day of a third party risk analyst today is just about chasing vendors. It's such a it's such a terrible job in my view. Yeah, right. Because it's it's so unfortunate because and by the way, every week there's a bunch of new third party vendors that somebody in some part of the business is throwing at you.

00:19:11:02 - 00:19:35:14
Saket Modi
And by the way, you are not seen as as somebody who's helping. You're only friction in that process because think about it like, oh, the CFO wants to work with a new fintech startup, and oh, I need to get the security review done. And the CFO has the budget already approved? They've gone through a bit of everything is done and you're the person who's holding it back, right?

00:19:35:18 - 00:19:57:07
Saket Modi
So I can't do so many third party risk analyst conversations. And I said, how long have you been doing this? Like, oh, five years, seven years, ten years? Okay. In those ten years, how many third parties have you ever been able to bar from working? And, you know, believe it or not, most of them said never. I'm like, hold on.

00:19:57:09 - 00:20:18:08
Saket Modi
How crazy is this? Right? Yeah. Imagine for ten years you're doing a share whose result is not binary. It's a unilateral. The cost the vendor always gets through. Now you being there or not being there doesn't make any difference. And they're like, yeah, but I mean, I just tell the people this is the risk and everybody's okay with the risk.

00:20:18:10 - 00:20:42:23
Saket Modi
So what we've done is we've taken a fundamentally different approach. We've totally changed the game. There. Have you ever experienced Tesla. Full self-driving. Waymo. Have you guys experienced it? Okay. Yes. If you have, you know, when you sit in a room or a Tesla FSD enabled, right. You just entered the destination, hands on the steering and that's it.

00:20:43:01 - 00:21:08:08
Saket Modi
The car takes you there. Every decision is made by the car. We have unlocked that degree of autonomy with third party risk management. What we've been able to do, Chris and Sandesh, you just go ahead and basically write that look. We will go ahead and provide the third party vendor name and the domain name. That is all we need.

00:21:08:08 - 00:21:26:10
Saket Modi
And by the way, sometimes you don't need to add that. I can go in integrate with your contract lifecycle management tool and pull that in also. And I can get all your thousand vendors and put things together. So it's totally possible. So long story short, all I need is the name and the email address of the third party vendor.

00:21:26:12 - 00:21:52:03
Saket Modi
The moment you do that, our journey agent will first go to their website and look for their privacy policy. We look for the Trust Center to download the Soc2 report. It will go to the SEC to see if there are any ten keys or eight case file, which is specific stuff around cyber security. Then we will go to the point of providing what is the overall view that?

00:21:52:06 - 00:22:21:07
Saket Modi
Is there any leak credentials about them? We will also do the outside assessment and from there we will now auto generate an email which will go to a vendor, which basically tells the vendor, hey, very, very excited to onboard you. Out of the 150 questions that you had to answer. We've already pre answered 75 of those. Whatever the number will be depending on what data we get.

00:22:21:09 - 00:22:42:03
Saket Modi
You're just required to answer these 75. And this is an auto generated email. Suppose the vendor does not reply in a day or 2 or 3 days. We again go back and we say, hey, you have not responded to it. We are waiting for your reply. Now when the vendor looks at the email and says, okay, I want to work on this now.

00:22:42:03 - 00:23:09:18
Saket Modi
So they click on it, they come to our portal. We've gone to the point with agent AI where we allow the vendors to upload any security document any. So we don't need now Soc2 or SIG report only in this format. We say just drag and drop anything that you have and our Jenn-air agent will read that report. And by the way, with that report, because a lot of companies already have existing security audits done and security compliance done.

00:23:09:20 - 00:23:37:11
Saket Modi
So we read that and we said, hey, you just uploaded a new report through which we were able to answer ten more questions, 20 more questions. And then you can just go ahead and add 5 or 10 more things. So that's the thing. And the whole interaction with the third party vendor is happening via an agent AI. And this is recorded as an activity log to say this is the day when you kick started the onboarding, this is the day you this blah blah blah.

00:23:37:14 - 00:23:53:09
Saket Modi
And then from there you write things around that. So I'll just pause here for a second to see, you know, does that now give you a perspective of the end to end workflow and why we say it's 100% automated. Now what happens if somebody is not responding or responded wrong? We'll of course do the check with the agent okay.

00:23:53:11 - 00:24:13:13
Saket Modi
Is it 100% accurate? No it's not. But so is Raymore. So is Tesla fully self-driving? Right? Yeah, I tried to drive Tesla FSD. It started with only the highways. And today also in the in the in the city. I have a problem with that because it just won't take a left if there is a car and it doesn't go in ten blocks down because that's how it is.

00:24:13:15 - 00:24:35:05
Saket Modi
So that is the the thesis or why we say 100% automation. And again, we don't know any vendor which is even close to this. And as I said, we always want to build something which is ten times not 10% better. And that's why this crazy growth that we are able to see. So I'll just pause there to see if that answer to your question.

00:24:35:07 - 00:24:55:05
Chris
It does. And I'll say I've been on both sides of that equation. I've been the one asking for that data, and I've been the one having to provide that data. And in the early days, right. You know, like you said, you had that question and it was it was miserable. And, you know, like you get somebody on the inside, you might get 30 of those a month and it's impossible to respond to everything.

00:24:55:05 - 00:25:12:00
Chris
And that's why you had that's why you pursued compliance. Right. Because then you can just say, hey, you know, SoC two here. Here you go. But the problem is nobody read those soc2 reports. Nobody reads, you know, your PCI, DSS reports, nobody reads any any of that. Like you said, they just kind of go, yep. Let's go. Good.

00:25:12:04 - 00:25:37:23
Chris
That's good enough, right? So, you know, I think what you're talking about is really, really beneficial, like having the ability to fill those in and then being able to decipher those reports, you're already getting a level of scrutiny that probably wasn't previously there to. Which is nice. And then then the ability to ingest any kind of other I mean, you know, ISO 27,001, are you, you know, whatever.

00:25:38:03 - 00:25:56:16
Chris
And I think the other thing that's interesting about that, too, from taking the approach that you're taking, is, you know, the scope of that audit might be very narrow. You know, like a PCI DSS audit might only cover just the parts where there's card services, you know, but not the whole rest of the environment, which could be problematic, right?

00:25:56:21 - 00:26:08:13
Chris
So you're both you're capturing a lot more, of valuable information to kind of set those risk scores, which I think is really interesting.

00:26:08:18 - 00:26:35:08
Saket Modi
Yep. And the beauty there is that, as you rightly said, right, Chris, the dimensions are so many because, you because there's hybrid environments, you have cloud, you have on prem, and there are different degrees of assessments that actually happen. So for us to be able to leverage everything which is out there, the whole goal is productivity gains both on the third party side and also the first party side when they are going ahead and doing this.

00:26:35:08 - 00:27:02:15
Saket Modi
And by the way, this was just the first part. When you get the data, what do you do with the data? The data. And this is where we are super champions already. We are already super champions. About remember getting the data in and converting it into the actual business risk, the likelihood and the impact. I was in call, just yesterday with the head of third party risk management of, Tampa General Hospital, which is a live customer of ours with this.

00:27:02:17 - 00:27:26:07
Saket Modi
He said in the last three months, he's been able to offer three vendors directly based on our output. Why is that? Because now you're not just going on a random number of abcdef, or a number between 300 700, which doesn't really mean anything. What we now give you is here are your top ten riskiest vendors for data exfiltration.

00:27:26:09 - 00:27:56:12
Saket Modi
Here are your top ten riskiest vendors for ransomware. Here are your top ten riskiest vendors from a probability perspective. Now, if it occurs, how much will it cost you? So now we have another agent which does contract analysis. So now we can say what should be your limitation of liability. You know one of the crazy things today, the legal team which negotiates limitation of liability and the security team never talks to each other.

00:27:56:14 - 00:28:22:00
Saket Modi
It's so crazy. Every vendor is signing up on a limitation of liability of contract value. While if that vendor goes down right, like the contract is 100 K. And if that goes down, it'll cost me $200 million in most cases. And this is where we come into as a breach. I'm integrating with the contract lifecycle management tools in now getting in things to say.

00:28:22:00 - 00:28:43:14
Saket Modi
Hey what is the limitation of liability versus the dollar risk that you're sitting on with the vendor depending on their security controls? If they don't have data back up, the impact actually goes up because your data is sitting with them. And if they are down with ransomware, what happens then? So we talk about that. We read the contract and say, what's the AI risk of the vendor?

00:28:43:17 - 00:29:06:01
Saket Modi
What is the data localization strategy of the vendor? There's so much that can be bought from a contract. There are contract reading Genii agent is able to do so. That's true. Autonomous, you know, driving stuff where you don't have to go through line by line stuff. It does that work for you and just pops the whole thing on the top, and then you're able to take decisions based on that.

00:29:06:03 - 00:29:33:22
Chris
That's amazing because, you know, that disconnect between legal and security is so real. And, and and like, being able to, you know, do a gap analysis between these two disparate groups who just don't talk to each other totally is amazing. The other thing I was going to ask you about, you know, one of the challenges from a security assessment perspective is you're sometimes dealing with, companies of very different sizes, right?

00:29:33:23 - 00:29:51:12
Chris
You know, you can have a small company and they're going to do a security assessment of, you know, Amazon or Google. You know, that's they're going to get absolutely nowhere on that or vice versa. You know, you know, you got a big company and you're trying to, you know, get security information from a small company that may not have, you know, these security reports and things like that.

00:29:51:12 - 00:30:03:04
Chris
So, you know, by providing that automated approach to doing that, you have a higher chance of success in getting the information you need, it seems.

00:30:03:06 - 00:30:26:00
Saket Modi
Yeah. So a couple of points there, Chris. The first piece, which is very important here in my view, is it doesn't matter whether the size of the vendor is big or small. It matters what kind of critical data you share it. Right. Because if you're sharing critical data with a small vendor or a big vendor, you're worried about their security.

00:30:26:02 - 00:30:46:14
Saket Modi
So the way to think about it is that those are your tier one vendors who you provide data access. You provide network access. So somebody who has network access to your internal systems. Oh my God. That is a tier one vendor. Because that means if they get hacked and there's a hacker in their network, it'll be in my network.

00:30:46:19 - 00:31:09:13
Saket Modi
So data access, you know, network access. We even go to the point of saying that, what really, really matters there is, Chris, that, when somebody has access, even the business, this dependency, a good example would be change health. So if you think about the change health thing, right, they generally didn't have data access or business access, right.

00:31:09:15 - 00:31:31:22
Saket Modi
They had partial data, not complete data, but more importantly, because they were the only vendor where there was no redundancy. And when change went down, most of the hospitals went down because the claims processing was actually happening from there. That is that is the overall, side of things, with where and how things are. So that just at a very high level, Chris, in some things, that's the way to look at it.

00:31:32:01 - 00:31:39:11
Saket Modi
And with our automation, you can absolutely look at both large and small companies and, and align on that.

00:31:39:13 - 00:31:57:11
Chris
Yeah. Yeah. Well, and so if, if you were to say here's the ideal kind of customer that I have, here's, here's who I'm you know, looking to talk to here's, here's who really can make use of my product here. Who would what would that look like.

00:31:57:13 - 00:32:11:07
Saket Modi
So ideal customer profile for us is Chris. Typically companies which are heavily dependent on suppliers and tech parties, which by the way, is most of the companies out there. Yeah, that's that's so everybody. That's that's good.

00:32:11:09 - 00:32:12:22
Chris
That's good to say. That's everybody.

00:32:13:00 - 00:32:20:18
Saket Modi
However. Yeah. It's very good. Down. It's a $4 billion market. It's an existing $4 billion market. It's a very large and.

00:32:20:18 - 00:32:21:08
Chris
Growing.

00:32:21:12 - 00:32:44:04
Saket Modi
And growing very, very fast. Now, the problem there is we are still a young company, so we can't go after everybody. So our sweet spot generally is companies between 1 and $20 billion in revenue. So over $1 billion is our sweet spot. The reason why I'm not a biggest fan of companies with over 20 billion in revenue. There are too many signatures.

00:32:44:04 - 00:33:03:06
Saket Modi
There are too much bureaucracy to actually get the deals through there. So I still have the largest companies on the planet as my customers and, but but the place where my sales team thrives and, we are able to deliver value extremely quickly is generally companies between 1 and $20 billion in revenue. Chris.

00:33:03:08 - 00:33:19:22
Chris
Yeah. And and do you find that, you're coming into these companies more like when they've had an incident or, you know, like what? What point are you are you entering into their life cycle with regard to the need for cyber risk quantification?

00:33:20:02 - 00:33:40:00
Saket Modi
Yeah, I would say that, you know, most of the companies, Chris, this is I'm not an incident response tool. Now, a lot of times when somebody has had an incident either themself or they've had incident in their industry, they wake up to say, oh my God, I don't want this to happening to us. What is our risk of this?

00:33:40:02 - 00:34:00:14
Saket Modi
And if the answer is I think our relative risk is reddish amber. Okay. We need something better there. Right? And that's where we come into the picture, Chris. So that is, generally that definitely happens. But it's not like, okay, during the incident, it's really like I need to quantify this better and make that happen better on the on the other side.

00:34:00:19 - 00:34:26:09
Saket Modi
It's also about evolution. So if somebody is going hot and heavy on cloud on I it's like having brakes in your car. Why do you have breaks in your car. Not to slow you down. It's so that you can move faster with a higher degree of confidence. That's exactly what we are, that we enable faster digital transformation, faster enablement of AI.

00:34:26:11 - 00:34:34:02
Saket Modi
Because you can understand the risk. Every single model, every single new vendor actually brings in your environment.

00:34:34:04 - 00:34:57:03
Chris
Okay. So if say there's a security person watching this and they're like, this sounds amazing, this is exactly what I need, right? But they've got to go in and they've got to sell it internally. They've got to sell it to, you know, the, the, the, the executives they got to sell to the board. They got to sell it to legal, you know, like, hey, here's a tool for you, right.

00:34:57:05 - 00:35:02:09
Chris
What's what what would you say to them. Like what what's the ammunition you would give them to go and do that?

00:35:02:11 - 00:35:28:14
Saket Modi
Chris, on the third party side, it's actually super simple. It basically says cover pretty much your entire stack of third parties with a lower amount of headcount. When I say lower, because typically people are very, very, very few foreign few in third party risk management. And that's why what we enable is we actually say the skip the hires, let I take over.

00:35:28:14 - 00:35:55:15
Saket Modi
Right. So we're a zero touch, 100% automated third party risk management. And that is a bitch. Generally, in today's day and age with productivity going up, it I, I don't know if you saw the Shopify CEO's note. He said every hire we will do moving forward will be an AI agent unless proven other way around. Not that we'll hire humans and then you can hire some agents.

00:35:55:20 - 00:36:19:01
Saket Modi
He said every hire we need to be an AI agent and then you have to prove to me, then why can there be any task that cannot be with them with an AI agent? I have 25 genie agents solving your third party risk management problems, right? Because there's not one agent, you need a cluster of them reasoning and preparing complex grabs.

00:36:19:01 - 00:36:41:16
Saket Modi
And you don't have any one neural network anymore. You have a cluster of neural networks which are now pulling the context based your on your company and then interacting with third party vendors. So I would say the productivity and we've heard this from our customers that this has taken their productivity up by 100 x, not 100% 100 x.

00:36:41:18 - 00:37:09:00
Saket Modi
So that's the degree of impact we are talking about on the third party side. On the first party side, it's actually pretty straightforward. How do you sell your own risk posture? It's almost like you cannot manage what you cannot measure. And if you're going ahead and still living in the red, amber, green world or saying, I think I know my risk rate, that might not be as accurate because it's it's almost like, you know, it's like why you wear a, a wool band or a Fitbit, right?

00:37:09:04 - 00:37:29:14
Saket Modi
Because, you know, you want to know exactly how healthy you are, how what is your heart rate variability? What are the exact number of steps, how many calories did you burn today, etc., etc.? Because when you do that, you can be in control and actually that enables you to eat more junk food in a more guilt free way.

00:37:29:20 - 00:37:36:18
Saket Modi
Rather than saying that, you know, I want to jump down on all my junk food which is out there. So that's the first party side of story. Chris.

00:37:36:20 - 00:37:39:15
Chris
Well, I always love looking at my blood sugar before I have a snack.

00:37:39:16 - 00:37:40:08
Saket Modi
Exactly.

00:37:40:12 - 00:37:51:00
Chris
That is like how much? How much can I get away with right now? So, so I didn't know if you wanted to jump in here.

00:37:51:02 - 00:38:05:11
Sandesh
Yeah, I think we can start wrapping it up, but we we've gotten through all the other big questions. The one thing I wanted to ask you, I see a lot of your posts about hiring. So, you guys are growing, looking for salespeople. Sounds like. Tell me a little bit about that.

00:38:05:13 - 00:38:08:14
Chris
And these are not just a tech sales.

00:38:08:14 - 00:38:11:14
Sandesh
Yeah, these are actual humans. Haven't gotten there yet. Humans?

00:38:11:16 - 00:38:26:00
Saket Modi
Yeah. Well, you know, the one thing that agents cannot get is building their relationship. Chris in Sunday ish. Right. And the reality is that you buy because of emotions and later justified by logic, not the other way around. That's just how humans work, right?

00:38:26:02 - 00:38:29:11
Chris
People? People don't buy what they need. They buy what they want.

00:38:29:13 - 00:38:54:18
Saket Modi
Exactly. It's 100%. So why I said that? Is that your to your questions? And there's we are hiring a lot of people. Let me start with some numbers. 80% of my sales team this year. And when I say this year, I'm in my Q4. So till Q3, three quarters, 80% of my sales team is 100% or more of their quota attainment.

00:38:54:20 - 00:39:12:00
Saket Modi
The average quarter attainment right now across my sales team is 168%. Every quarter. I've had multiple people who have made more than $200,000 of commission. That's my pitch.

00:39:12:02 - 00:39:35:06
Sandesh
Hey, why is that? What? That that's a so I want to point this out. That is extremely rare in this business right now. Very, very rare. As a sales guy, I can tell you, Chris knows that doesn't happen these days. So it used two years ago. What do you attribute that to?

00:39:35:08 - 00:40:05:09
Saket Modi
So there are a couple of things on this. First, the unlock on the market. There is an evolution in the market. To understand risk. Look at the SEC compliance. Look at more AI. And when you get more AI you want to understand your risk of vendors. So the tailwind of the market is massive. Then comes the unlock with the differentiated product because yes, the market is there, but you are 10% better than competition.

00:40:05:11 - 00:40:27:22
Saket Modi
I mean, I don't use deals to competition. Summation. Chris, I hope you understand, because that's the meaning of having a ten times better product, right? Because I still lose deals. But those are the deals where I'm not in the room, right? I'm still a young company, so it's not like I'm in every room out there, right? So if I'm in the room, I don't remember the last time I lost a risk quantification deal.

00:40:28:01 - 00:40:50:16
Saket Modi
I don't remember the last time when we went head to head with a third party risk management company for PRM for automation, we've ever lost a deal. That's because our product stands out now. That's why we don't say we do everything. I have the data today to do exactly what went on right? Or does I can just launch compliance automation tomorrow, I can launch GRC automated day after tomorrow.

00:40:50:16 - 00:41:09:02
Saket Modi
I don't do that because I want to take a small part of the market and do it so well, so well, and do it again. And again and again. And then, by the way, when we master something, then we move on to the second and then the third and then the fourth. Of course, I keep adding stuff and that's why people make money.

00:41:09:06 - 00:41:31:18
Saket Modi
So what is the then demand of in the market is clearly there. We have a differentiated offering and we can prove to you, with our bluest of the blue chip customers, those are the only awards that matter. Yeah. So those are the three simple layers of saying that, you know, why we win and our right to win with where and how things are.

00:41:31:22 - 00:41:35:19
Saket Modi
And that reflects in the W-2 filings of our salespeople.

00:41:35:21 - 00:41:45:06
Sandesh
Now that's great. You know, the thing that Chris and I have been the reason we even met you three, three years ago, right. We're always trying to find the next great companies, and then we want to promote them.

00:41:45:07 - 00:41:52:20
Saket Modi
I think. And that was thanks to the other person. Where this happens with salespeople is before, I think people was the one who connected us.

00:41:52:22 - 00:41:54:20
Chris
Yeah. It was it was a lot.

00:41:54:21 - 00:42:09:03
Saket Modi
This by the way, he continues to be an advisor. So a lot of smart things I've spoken on this podcast is things I've learned from him. Anything stupid you heard today? Probably originally. My idea, I can tell you that. Yeah, I'm just surrounded by smart people. That's all I do.

00:42:09:05 - 00:42:13:18
Chris
And on that point, I mean, you are doing some interesting integration work with Rubrik to write.

00:42:13:19 - 00:42:40:20
Saket Modi
Absolutely, Chris. So we are very, very closely working with the go to market team, not just integration. So we have multiple live customers which are using both Rubrik and safe. And remember, we suck in data from over 100 security products, so Rubrik is one of them. But more importantly, now Rubrik sales team and solution architects are able to go and say that look, without Rubrik, what is your ransomware cost?

00:42:40:22 - 00:42:52:23
Saket Modi
If it occurs, what will it cost you? And with Rubrik, look at that drop. If it's a 50 million drop and I'm asking you for 500 K, it's very well while the investment.

00:42:53:00 - 00:43:11:07
Sandesh
Right, right. Yeah, yeah. No doubt in a lot of the things that you highlighted to there when Chris and I are looking for those next winners and that's what future connect for us is we want to find the winners, the next winners, and we want to promote them. And that means 90% of the vendors out there are not going to make our list.

00:43:11:13 - 00:43:30:09
Sandesh
And we're really looking for that 10%. And what you said about that value proposition, that, my friend, is the key the Chris and I are always looking for. Where does the vision align with the value proposition? Because 10% you have a feature, you're a little bit better, but you're not going to make an impact on the market right?

00:43:30:09 - 00:43:54:01
Sandesh
So, our goal here is to help safe security be successful. And we're not hiding that. Like we are going to help promote you the best we can. And with that being said to anyone that's listening, reach out to me personally, and I'm happy to connect you with safe security in any way that you would like. I just want both the customers and for safe to be successful.

00:43:54:01 - 00:44:18:04
Sandesh
I think we are. We are in this point in time where we we need our security companies to do well. We need our our companies in America to be secure. This is the time. So, I will happily promote you, as much as I possibly can. Thank you so much for joining us. Really appreciate such a great conversation.

00:44:18:06 - 00:44:21:23
Sandesh
And, can't wait to have you back. That's for sure.

00:44:21:23 - 00:44:32:22
Saket Modi
Thank you. Sam, these. Thank you, Chris, for the opportunity. It was truly a pleasure. I look forward to doing more of these over the years. And, I'm very, very grateful for our partnership. Thank you.

00:44:33:00 - 00:44:57:11
Sandesh
Well, that's the show. But before you roll sales pitch warning, we're building more than a brand here. We're building a community. So your support means everything to us. So please like, comment, subscribe, follow us, and also reach out to us directly. We want to hear from you. Thank you so much for your support. Until next time.