Matt and Rob visit Kevin O’Brien, CEO and Co-Founder of GreatHorn, to discuss Kevin’s 20 year history as part of early teams within the cloud security space - most notably with CloudLock (Cisco), Conjur (CyberArk), and @stake (Symantec). Be sure to tune in to learn more about Kevin's journey, how he's drawn on his past experiences in his current role, and what they don't tell you about being a CEO.
Uncovered in this episode:
What previous job roles helped prepare Kevin the most for being a CEO
What patterns to look out for when starting a company in a new space and the signals that point to potential success as well as warning signs that point to potential failure
Kevin's thoughts on hiring and building teams at every stage of growth
The realities (and sometimes the not-so-glamorous side) of startup life
List of resources mentioned and suggested reading in episode
About Kevin: Currently CEO and co-founder of email security company GreatHorn, Kevin O’Brien is a frequent speaker, commentator, and author that advises customers and the public on data security and privacy issues. With 20 years of deep cybersecurity expertise, most notably with CloudLock (Cisco), Conjur (CyberArk), and @stake (Symantec), Kevin also serves as co-chair for the Mass Technology Leadership Council’s cybersecurity group.
Outside of security, Kevin is a lifelong martial artist, avid skier, and amateur sailor.
About GreatHorn: Global 2000 companies use GreatHorn to reduce the inherent and pervasive risk associated with the everyday use of email. GreatHorn’s multi-staged approach to email security automatically combines data science, machine learning techniques, and technical analysis with human context to protect organizations before, during, and after a phishing attack.
By treating email security as a risk management function, customers can not only detect and remove more attacks but also warn users in real-time of potential threats and provide response teams with the tools to limit exposure and minimize risk. As a result, GreatHorn Email Security safeguards cloud email from advanced threats such as business email compromise, impersonations, credential theft, account takeover, and other phishing attacks.
Matt and Rob visit Kevin O’Brien, CEO and Co-Founder of GreatHorn, to discuss Kevin’s 20 year history as part of early teams within the cloud security space - most notably with CloudLock (Cisco), Conjur (CyberArk), and @stake (Symantec). Be sure to tune in to learn more about Kevin's journey, how he's drawn on his past experiences in his current role, and what they don't tell you about being a CEO.
Uncovered in this episode:
What previous job roles helped prepare Kevin the most for being a CEO
What patterns to look out for when starting a company in a new space and the signals that point to potential success as well as warning signs that point to potential failure
Kevin's thoughts on hiring and building teams at every stage of growth
The realities (and sometimes the not-so-glamorous side) of startup life
List of resources mentioned and suggested reading in episode
About Kevin: Currently CEO and co-founder of email security company GreatHorn, Kevin O’Brien is a frequent speaker, commentator, and author that advises customers and the public on data security and privacy issues. With 20 years of deep cybersecurity expertise, most notably with CloudLock (Cisco), Conjur (CyberArk), and @stake (Symantec), Kevin also serves as co-chair for the Mass Technology Leadership Council’s cybersecurity group.
Outside of security, Kevin is a lifelong martial artist, avid skier, and amateur sailor.
About GreatHorn: Global 2000 companies use GreatHorn to reduce the inherent and pervasive risk associated with the everyday use of email. GreatHorn’s multi-staged approach to email security automatically combines data science, machine learning techniques, and technical analysis with human context to protect organizations before, during, and after a phishing attack.
By treating email security as a risk management function, customers can not only detect and remove more attacks but also warn users in real-time of potential threats and provide response teams with the tools to limit exposure and minimize risk. As a result, GreatHorn Email Security safeguards cloud email from advanced threats such as business email compromise, impersonations, credential theft, account takeover, and other phishing attacks.
Intro:
Welcome to the uncovered podcast where we take a deeper look into the ideas of companies and entrepreneurs that are creating the future and uncover the stories you haven't heard. Uncovered is presented by PJC and early stage venture capital firm committed to supporting the next generation of entrepreneurs.
Matt Hayes:
We're back with another episode of the uncovered podcast. I'm here with my cohost Rob and we have Kevin O'Brien, uh, the CEO of great horn on the show today. Thanks for taking some time. Um, we'd love to kick off the podcast by learning a bit more about you and about what led you to starting GreatHorn.
Kevin O'Brien:
Yeah, of course. So I am a cyber security guy. I've been doing this since the late 1990s. I was part of a company called app stake and at stake was founded by a group of hackers, uh, called the LOC who were based out of Cambridge. And they came to fame because in the mid 1990s, they started doing a bunch of work that attracted attention of the department of defense and stood in front of the U S Senate 96 97 and talked about how they, about a half hour, they could probably take the internet offline. And perhaps that was a reason why we shouldn't put critical infrastructure online on the internet. Nobody mentioned good for me, bad for the world. Um, but it also led them to, to start this company called that stake. It was one of the first major cybersecurity companies and we really had a great run. So that's med tech back in 2004 I found that the cyber security as well as early stage, I've done five companies. Now this is number six. And over the course of my career I've really fallen in love with doing things in the cloud security space. And so email was an interesting problem and that's what we do. Or a cloud, you know, security company that works with fortune 500 and global two thousands to protect against events, attacks in their email environment. And when I started the business in late 2014, early 2015, nobody was doing anything in that space. And I said, that's in much the same way as some of my other experiences. Fertile ground where there's a confluence of the changing technology landscape, a major security problem, and an opportunity to use some new data science and technology approaches to solve it. What were the various roles that you held in your companies prior to being CEO, and what do you think the most helpful role was as you made the transition? Sure. So if you were able to walk all the way back to at stake, I was reverse engineering pen tester, breaking down code to assembly and looking for vulnerabilities that you could exploit[inaudible] technologies a little bit different than what you see today so that the skills aren't, aren't super useful, but it gave me a real appreciation for the lowest level, uh, you know, assembly level code, uh, risks and things you could do there. Uh, I then spent much of my career as a sales engineer, so I in a variety of different companies would join early stage and help, uh, CTOs cos who might not be publicly facing translate technology into sales cycles. And I think that, you know, the fact that I did it for a decade and half is indicative of this. That was one of the foundational sets of skills that I still use today and still find valuable, uh, be able to run a sales process, being in front of clients, traveling around in airplanes for weeks on end. You get good at the sales cycle. And being a sales engineer, you get good at translating complex technical information to an audience that may not be a particularly technical. Uh, I was then a product marketer, which was interesting. I helped launch a couple of products at CloudLock when we sold the Cisco and was working with the analyst relations community, Gardner and Forrester and all of those folks working on traditional marketing, uh, moving into a VP of marketing role and then a chief operating officer role, both of which gave me some interesting experiences around fundraising. And growing the business from the ground up. I was part of a very, very early stage, privileged access management company, started getting comfortable with how to pitch the venture market and how to raise funds and what that looks like and then found a great mourn, uh, in 2015 beginning of, so all of them were useful experiences. Uh, but I think that from a day to day perspective, being comfortable speaking publicly, being on a stage, working with clients, listening to discovery and translating that to product innovation, which comes straight out of being a sales engineer, that's what's the most impactful as a CEO.
Speaker 3:
Yeah. Interesting. I had a very similar experience which was coming out of the hardware, uh, background. My next job other than design engineer was sales engineering and I found a similar thing. You learn to like deal with customers, learn, negotiate contracts, like all this kind of stuff. It's pretty, pretty cool. Um, you mentioned that you like early areas where there are a lot of, uh, things sort of coming together to change. Um, you know, maybe something about an industry and cloud is one of those. Um, how do you think about the timing middle of when it's too early? Because you mentioned you were at CloudLock. Uh, so given those guys good friends when I was at Backupify and you know, we were very focused on the Google apps ecosystem, all the lesson like that thing, that ecosystem I think got started a little bit slower than we anticipated, particularly in terms of the customer base, realizing that they needed all these other add ons and everything else. So when you started grade mourn, how did you think about uh, whether it was too early or too late? It was the right time. Like what kinds of things did you look?
Kevin O'Brien:
So I think when you start a venture you have to be in a position where you are taking a risk and risk and is can feel it right? If it's a short thing, it's not a good venture deal because they're going to be big players who are already giving it. When we looked at great morning, we started thinking about email security. My cloud lock experience and cloud locker folks aren't familiar, was a cloud access security broker, a Caz B company. Um, and as you just said, it was a security for organizations that had Google initially and then later office and Salesforce and other cloud technologies. While that whole group got off to a slow start, like your club had a really good exit at the end of the day. And yeah, you know, there are canopies, there were still independence today. Yeah. We just saw on raise but$500 million on a non private equity venture out. And that's a big venture. Yeah. So, you know, we looked at that and, and saw an opportunity because precisely because it was early into the adoption curve of a transformational technology. You know, Google drive, you might not, might not think of it as transformational today, but we were talking to customers who are looking at it not as a way to reduce their storage costs from running an EMC cluster or adding on prem hardware, but rather as a way to enable cooperation. And we started agreeing or looking at the cloud email market. And you know, it's funny, right? Email was a 50 year old technology. It's venerable but incredibly vulnerable. And when we founded the company is 17% of the market in the pool, 2000. We're using Google for the amino systems and it was seven and a half percent. We're using it with your 60 bottles. And so I had the experience of starting to pitch this and all of the venture guys that I've chatted with had the given me traditional venture, uh, phrases that it was a vitamin and not an antibiotic or a bandaid, not a tourniquet or, and in some ways that was in part because it meant that we were doing something that nobody else had seen yet. And the bet we placed was this technology quarter will continue and this will become the dominant ecosystem for email. Have we been wrong? While I would have been to earth, but we weren't. And so we ended up being the first to look around and alcohol's about email security space, the, um, perhaps unfortunately named sets of, of security. But it's a very risky bet to make. And so I think you look for those patterns. You say, is there something that's going to have a huge Tam, uh, that is not yet realized, but will be within the next 18 to 24 months, which is our long, you need at least we're an enterprise company to, to build a robust product and get there and can I then do it on charisma and capital for those 18 to 24 month period before everybody's buying whatever the technology is. And you know, we placed that Baton so far, so good. So let's talk a little bit about hiring. I mean, people build companies and you know, you have this, this insight early on. How did you go about putting together the first five to 10 people at the company? What was your process there? Yeah. Uh, you start by saying that the team you build initially in the team that you build in each stage varies and changes. And it's rare that people who join you earlier, the people who are with you in the mid stage, and again, rather than[inaudible] stage, there's some reduction in the number of people who fall off. I think you get more mature. But the profile of somebody who will join a nonentity company, right and is willing to come and be part of an organization so early are typically folks who are not risk averse. They might be not risk adverse because they've done this two or three times and they're very senior. They might be not risk adverse because they're new to the market and they're, they're trying to get in. And we had a little bit about, right. We had a couple of folks who had worked with me previously, my cofounder and I obviously with the first two employees. But, uh, we then took a couple of folks who have been with me a cloud block and then again at subsequent businesses and they joined. And then we grabbed a couple of developers who are young in their careers and wanting to break in. And we're young enough, uh, you know, chronologically age that they didn't have mortgages and kids and those obligations. And they said, we can try this, we can do a joint. Uh, and, and that's one of the profile we hire for today per se. But in the early, early days, it gave us that opportunity to bring people into the business and do some with a, a minimization of risk to them and we got pretty result from it, from that kind of profile. Yeah. I think those can be great experiences for, um, for, for young people to go work at a super early stage startup because like you say, if it fails, it's not a big deal to them. Right. They don't have a high risk profile, their life life yet. Um, first couple of employees usually get a little bit higher equity grants than they might get if they come in later for the same roles. Um, but also you just get to see that first, like that zero to$1 million phase of companies is so hard to get through. And it's actually so rare that companies get through successfully. And so to see somebody do that, I think is, is really, really valuable. Yeah, I think that's exactly right. And I think that, uh, you know, one of the things that's interesting is that the people who will join you early often will bring a perspective on the market that is directly informed by their customer experiences. And that's not what you're going to get later when they're going to be informed by their experiences at previous companies or what they've done before. And so as you start to see and work with your clients, having an entire team that is obsessed with customer feedback shortens that loop to getting a product market fit. And there's somebody who's, who's 23 or 24 has only had one job or just had no jobs out of school. And you tell them, we're trying to figure out is this going to work? They're not bringing the perspective of, wow, the last company I built, we did it this way and that's screwed later. But early. You want that, that feedback loop to be as tight as possible. And so I think there's a lot of ability in the same way that the employee can take more risk in their life. The company can take more risks early in its life because you are not building on anything yet. You're, you're exploring and seeing where product market fit really comes from. Um, talk about how you, you, you mentioned how, um, some of the early VCs that you talked to didn't really understand the market and see this. Um, uh, I, you know, and I, I totally get it. VCs miss a lot of things. I had a bunch of you in my backup of five days in thousand nine, 2010,
Speaker 3:
the number of VCs who told me that businesses were never going to move their data to the cloud was a lot. Right. Which seems like ridiculous thing to say now, but that's what a lot of people thought. And, um, uh, so you know, how, how did you put your first funding rounds together? Did you target security focus firms? Did you do angel rounds first? Or like what was your strategy?
Kevin O'Brien:
Yeah. So I initially pitched both the angel side of things as well as some security and SAS funds that I knew. Uh, the later stage firms, you know, would, would often present that they were willing to give us$1 million in seed and we had at least a hundred thousand in monthly recurring revenue. Uh, which is absurd, right? Like what that$1 million a year can we get out, need$1 million? I need Bob. But you know, that is the pattern match to a first time CEO or founder. And so, you know, the venture market tends to be somewhat ironically risk adverse at a certain state, whereas angels can be a little bit easier to work with. So our first check came from an angel, um, and I was handed a check in a Starbucks in the CambridgeSide Galleria shopping mall. Um, because that individual knew me inside totally think this is the right play. And you know, so far I think we've been good stewards of his money and he'll get it back and States, but you know, the, the steps that are required to get, there were a lot of meetings and and uh, so early customer attraction and more than once in those days when I cook out or not, I said we're going to stop thinking about raising capital because it's not about dollars and we need just enough to survive. We're going to be laser focused on what our prospects, our customers need. You know, more of the former. And then they had to be the latter. But we really found that every time we drill in, we'd have the venture market telling us why it wasn't going to work. We had a whole bunch of customers telling us that they wanted to pay us money because it was working and ultimately the latter overwhelms the former. We were fortunate as well that I had been working with a Forrester analyst who I had known from my quad days and he put me in touch with the Techstars, New York, managing director of kind of analysis gold. And Alex now has a venture fund and it's focused on first time founders. But you know, Alex, because of that DNA or thinking about early founders and as a former operator, uh, offered us a slot in Techstars, New York. So he said, no. Uh, and, and he came back to us a couple of times and we finally did say yes and it was a great move. Um, but we were nonperishable founders and maybe malaria did not and that were slightly older or slightly more experienced. And we had this perception that accelerators were for young kids, not, not for folks in our position. And I couldn't have been more wrong. It was a great move. And with that stamp of approval, we went from a 10 costumer, tiny baby start up to having now, uh, you know, uh, the round this past summer. But you find, I think that you just need one person to say yes. If you get a hundred nos, it doesn't matter if you get one gas. And that's the other side of that which is just written and being willing to work a pipeline. Just like sales, continue plugging away at it, listen to your customers, build something people want, iterate on it. And eventually somebody, whether it's an angel or it's a syndicate or it's a series seed firm or whatever, someone will believe enough to write a check and give you the fuel to then take it to the next step. So you, we talked a, you talked a little bit about your career background and how that helped prepare you for the CEO role. Um, before we got on the podcast, we, you're talking about some of the things that you like to do personally, right, ski, jujitsu. Um, do you feel like some of those activities have also taught you things that have helped you, uh, for the CEO role? And if so, what, what are those? And I always feel like martial arts is good influence. Um, but I've been doing that my entire life and, and I've had a couple of black belts and not SU. Uh, that's new. Uh, yeah, I think that whether it's athletics or sports in any kind of martial arts, the determination, the ability to bear with some pain and keep going and not give up too early, uh, directly correlates to starting a business. Well, if you can go work for somebody else, go work for somebody else, it's a hell of ice here. Uh, you know, I think that those of us who are inspired to found companies or play in the early stage of the market do so because we're terrible employees. We'd have to go do this. And you know, if that's true, then you're signing up for a lot of heartache and a lot of pain. Uh, you gotta get comfortable with it and the rewards can be great, but you know, something that rewards for folks who go down a more traditional path and, and it's just a different lifestyle. So I'm better, it's not worse. So I have always gravitated towards things that are painful, I guess. Uh, and you know, that guy would say that he started the company. So I spend my free time letting guys arm bar me and both of them, I don't know. I man, there's something wrong with me. But uh, yes, I think there is some connection there. So what's something, so you know, the uncovered podcast, we like to figure out what is, what are one or two things, pieces of advice that you would pass forward to listeners that you know are not covered on Twitter or tech crunch about, you know, founding a company and being a CEO. Yeah. Um, first just to be yourself with any idea that being a CEO has anything to do with glamour. Laurie, anything important about you? If you're not doing the hardest and worst jobs in the company for as long as possible, you're doing it wrong. Uh, I think that West coast, Silicon Valley culture, television, movies, et cetera, completely misrepresent what being a CEO is, especially the early stage, um, and tech crunch. And all of these places are going to tell you the stories that you know, the leads leads are going to be the exciting ones, most of it just socks and get comfortable with that and embrace it. And don't do this because there's anything about your ego that's going to be stoked by being a CEO because you're doing completely the wrong thing. If that's what you're thinking about. A venture is hard, early stage company building is par, you're going to have less control than you would think. Um, and you have to, again, you'd have to need to do this, not just want to do it for some reason. So that's the first piece of advice that I would give. Uh, and the second is be absolutely merciless about building the kind of company that you want to work for, which is a way of saying build a good culture, but what the heck is culture, right? We have a whole market that tells us that, you know, culture is something that you get out of. Again, I'm on the West coast, move fast break things, et cetera. Don't do that. Uh, and the answer to culture in my mind is what do you want to work? Chances are you've spent longer working for someone than you've done building your own and pay really close attention to this year. Especially if you know someone's listening and they're not yet an entrepreneur, haven't started something slow down, observe, see what's not working and don't make those mistakes. Let somebody else make those mistakes on their dime and then correct for it. And the corollary of that is, you know, somebody who's the wrong fit. And you've articulated your culture very thoroughly getting out of your business because that is toxic and it's toxic in ways. You can't imagine in the CEO seat, you're going to see 10% of what's going on in your business. And hopefully it's the right 10%. But if you had an inkling that someone is, is a misfit, get'em out of there.
Speaker 3:
What are some of those stakes? You know, as we got to wrap up here, but like Indian culture I think like what are some of the mistakes that you think founders make when they think about culture? Um, if they, you know,[inaudible]
Kevin O'Brien:
about the wrong way or, or don't build good cultures, why, why do you think that is? A solo culture end of the day is to taking the people who worked for you and inspiring them and making them want to continue working for you when everything else is uh, on fire. And that requires that you lead with sincerity and authenticity. Anything that is not about leading with sincerity and authenticity is not culture building. It is some kind of goofy theaters didn't do it. I think a lot of founders confuse the design of their office or the games they have or the beers they drink on Friday afternoon. Culture and culture is about really first coming to terms with whatever it is that you as a founder need and then what your people need and where those things intersect. Giving them to people, being vulnerable, being open, listening, really listening. Uh, if you do that, I think you're going to build a good culture. If you try to do something for some other ulterior motive, it at best is going to be insincere and people are going to see right through it.
Speaker 3:
Great. Well, Kevin, thanks for being on the podcast today. Um, if people want to learn more about great porn is the website just great corn.com insurance. Great. And for those of you listening, if you have guests you'd like to see on the program or questions you'd like us to ask in the future, uh, you can send those to podcasts@pjc.vc. Um, thanks for listening and we hope you'll check out the rest of our episodes.
Intro:
Thanks for listening to the uncovered podcast. To learn more about PJC and the uncovered podcast, visit us at www.pjc.vcoremailusatpodcastatpjc.vc.