SaaS Stories
SaaS Stories is my not-so-secret quest to learn what it truly takes to succeed in the world of SaaS—and I’m inviting you along for the ride! I have the pleasure of sitting down with brilliant minds and industry trailblazers to explore their journeys, uncovering the secrets behind their growth, the gaps they spotted in the market, and what really drives them.
It’s not all smooth sailing—there are challenges, unexpected turns, and moments of reflection where they share what they’d love to change about their journey. Think of it as a candid, insider’s look into the world of SaaS, with just the right amount of curiosity, empathy, and wit.
Join me as I dive deep, selfishly soak up all the insights, and hopefully share a little inspiration with you along the way—one SaaS story at a time.
SaaS Stories
From Tech Visionary to Cybersecurity Pioneer: Vaughan Shanks on Navigating the Digital Threat Landscape and Scaling Startups
Explore the evolving cybersecurity landscape with Vaughan Shanks, CEO and co-founder of Cydarm Technologies, as he reflects on his journey from tech enthusiast in the ‘90s to pioneering cybersecurity solutions for today’s digital threats. Vaughan opens up about the pivotal moments that led him to create his company and the increasing challenges in cybersecurity fueled by rapid digital transformation, geopolitical tensions, and pandemic-driven shifts.
In this episode, Vaughan breaks down how startups can walk the fine line between compliance and innovation—balancing strict regulations without losing sight of a customer-first approach. He shares invaluable lessons on building strong teams through shared values, the power of open communication, and why small, consistent improvements often outperform sweeping changes.
Vaughan also dives into Australia’s competitive cybersecurity scene and the global outlook, giving founders critical insights into scaling a SaaS business in this high-stakes environment. Tune in as he underscores how the pandemic reshaped cybersecurity priorities for SaaS companies and why it’s more crucial than ever to rethink security as a core part of your growth strategy.
Welcome everybody to another episode of SaaS Stories. Today I'm joined by a local Australian, vaughan Shanks, from Sidearm Technologies, the CEO and co-founder. Welcome, vaughan, how are you?
Speaker 2:Great Thanks, joanna, great to be here.
Speaker 1:And great to be speaking to a local Australian. I mean, I'm very honored and lucky to be speaking to people all over the world with this podcast a lot in Silicon Valley, a lot in the US and Europe, but so happy to be on. Finally, on, you know a similar time zone with someone? First question, for you really just fascinated with your journey into the world of tech and what inspired you to start Sidearm Technologies? Tell me all about that.
Speaker 2:Well, so I've been in technology since I was a teenager really. So not to give away too much about my age, but we're talking about the 1990s. I remember before people had email and the web and, yeah, just full of the ground with computers. When I was a teenager I studied computer science and, you know, had a professional career and at one point I was working for an American company, an American data analytics company. This is just a few years ago and I was watching a demo of an analytic platform that they'd built, or an analytic configuration of the platform that could be used for cyber security, and this is a topic I've been very interested in most of my career got really into cyber security in the late 90s and although I'm a software developer, I guess you could say a software engineer and I build things, always taking a very keen interest in the security side of things. So I was watching this demo of how they investigated a cyber incident and trying to track it down from unusual activity on a machine back to someone who had performed an action I think it was opening the wrong email, something like that and they did this amazing analysis in about two minutes flat, probably saved about two hours of work using this incredible fusion platform. We had link analysis and histograms and timelines and you know, amazing technology. At the end of it, they asked for questions and I said this is really awesome, but what happens next?
Speaker 2:And the demonstrator so we're talking about a young developer, this is over in in California, in the bay area uh, he looked at me sort of blankly and said, well, you just get on the phone and call someone and tell them you had a cyber incident and like, well, that's, that's not actually how it works. Right, there's, there's accountability, there's record keeping, there's you know, you haven't even done the response yet. How are you going to contain this threat? And so I got thinking about that and it made me uneasy that we hadn't solved this problem, we hadn't closed the loop and reached out to a few people I know uh, all ex australian government like myself who now work in security operations and and ask them how are you solving this problem? And I found out that actually they're doing the best they can with very generic software to solve these types of problems. And I thought that is an interesting problem to tackle. And so flash forward about 18 months and I formed a company and started working on this.
Speaker 1:Amazing. It always comes from a gap that you find in the market. I think that's how the best ideas are born. It's like hang on, there's got to be a way to do it better. Cybersecurity, though I don't know. I've got to say I don't know too much about it, although I know enough. We've had clients in cybersecurity, so I've immersed myself a little bit into that world and, from what I'm hearing, it's changed a lot in recent years. I don't know if the pandemic caused that or if there were other issues at play here, but what's your experience? How have the threats evolved over the years? What's the landscape at the moment?
Speaker 2:Yeah, it's an interesting point you raise about the pandemic. I will say that, generally, some things stay the same. There are some conversations being had today that we were having in the early 2000s. What has changed, though, is with the pandemic, you had this accelerated movement of business processes onto online platforms and remote access as well, because no one could come into the office. So I think one stat and I think it was McKinsey might have published this is that we had 10 years of online like e-commerce growth in the first six months of COVID. So if you just let that sink in, so 10 years and six months, that's a 20x acceleration, and with an explosion like that, you can bet that not all of it was built right.
Speaker 2:There are a lot of gaps.
Speaker 2:We had people rapidly standing up remote work operations where you could log in via some kind of VPN device or a portal that gives you remote access to your workplace, and your attack surface just multiplied because of all these remote environments and these products that were being rolled out hastily to get corporate workers productive, and so, if you take that, combined with the fact that the world of 2024, I mean ever since Russia's illegal invasion of Ukraine the world is very dangerous now, and there are axes forming between the free and democratic world and the autocratic tyrannies on the other side, and so cyber activity is heating up.
Speaker 2:There is, you know, increasing cyber crime just because of the sheer opportunity it presents. And over the top of all this, you've got citizens that are getting alarmed by these mega breaches, where their data is turning up on the dark web, and governments are responding with increased regulation, and that's both to protect the data of citizens who are getting frustrated, but it's also, in fact, to protect our critical infrastructure against nation state attack. So there's certainly a lot happening, and yet constant movement and challenges in the cybersecurity area.
Speaker 1:Yeah, yeah, I mean, I've certainly heard a lot from you know, cisos. Just it's a very reactive environment rather than proactive, and I just feel like they're constantly putting out fires. What do you think are the biggest challenges security operation teams are facing at the moment, and are you finding that it's a very reactive environment where we just can't get on top of?
Speaker 2:Yeah, I think there's a very reactive environment where we just can't get on top of. Yeah, I think there's a few factors at play. Something that has remained fairly constant is there's just never enough people to be up to the task. Most, but not all, incident response teams that I speak to are stretched pretty thin, and they're always looking for ways to become more efficient, but without sacrificing effectiveness, and that's very hard to do. I think the other thing that we've seen is it used to be all about networks, so finding network traffic Now, what's happened?
Speaker 2:Or finding suspicious network traffic. What's happened, though, is that, increasingly, network traffic is encrypted. I mean, we have a little padlock icon now on almost every website. What's happened, though, is that, increasingly, network traffic is encrypted. I mean, we have a little padlock icon now on almost every website, all our email is encrypted, and the threat actors using encrypted communications too, so that they hide amongst normal traffic. Eight years towards the end point. So detecting anomalous behavior on actual workstations, laptops, servers, wherever, finding things that things that are running there that were not running previously and are not supposed to be there, and the other really interesting maneuver is, uh, the amount of services that have moved into cloud, and particularly sas. It's something you're very familiar with, yeah, uh the modern organization if you're very familiar with the modern organization.
Speaker 2:If you're starting a company today, you don't set up a server rack and fill it with on-prem applications. You go and you get some kind of online productivity suite. You've got online email. You don't run your own email server, you've got an online web server Sign up for a few productivity apps. Before you know it, you might have 30 odd apps running, all with different logging formats, all with different login. You know authentication and access control, sensitivity of data. It's really it's the the variety of of different applications that make up the. You know your estate. Now. It's very distributed and it's a challenge to really make sense of the data in a particular context. You know, from some third-party SaaS app. I mean, can you even get visibility of what's going on in there? It's often very hard.
Speaker 1:Yeah, yeah, for sure. I mean, what are some of the common challenges that SaaS in particular are facing and what are some solutions to that problem? Because you mentioned e-commerce is exploding during the pandemic. I think SaaS was another industry that did quite well in that time. What are some of the challenges they're facing specifically?
Speaker 2:Yeah, saas has done very well. I think probably one of the big challenges with SAS is that when you're using a SAS product you can't tell how it's built. So when you download an enterprise product and you install it on a server, you control the hardware that it's running on. You can see all the network connections coming in and out. Go through some of the software that is installed with that application and find out what kind of dependencies it has and what might be lurking underneath that software that might make it vulnerable, for example. And of course, all the logging right. You've got access to all the logging which can give you a clue as to what's going on.
Speaker 2:Once you put that in the cloud, which means it's running on somebody else's computer, you've got no idea how it's built behind the scenes. They could be trucking your data off to third-party services that you have no idea about. You know maybe some cheeky uh zapier jobs running here or there sending data out. I mean, people stitch together these no code apps where there's just data being shunted all over the place. You don't know how it's being stored. Very often you don't have very fine-grained information about user activity on the platform. So, for example, if I was to you know log into an application that you're using and you know install some like maybe I installed a second email against your account and it's my email that I control and you might not know that and now I can generate password resets or get data to leak out the side of that app. So it's, and if the application are not logging events like this and sending it to you, you won't know that you've been compromised.
Speaker 1:Right. What about data data privacy? Data security Is that a concern?
Speaker 2:Yeah, I really think so, and like there's sort of a couple of sides of this. One is the custodians of the data, where you know we've uploaded our data to a platform and we're expecting they have great security. And of course, they tell us they have great security but let's face it, it's a bottom line expense and they're trying to maximize their margins like any profiting business would. And very often you don't know whether they've taken appropriate measures to secure the data. So we've had health insurers being breached, we've had communications companies, I think it's I mean, t-mobile got done for the umpteenth time just the other week another million or so records, at&t. So, firstly, you just don't know whether companies are doing their due diligence in protecting your data.
Speaker 2:And the other part of this is about uh companies that are taking your data without you even knowing about it.
Speaker 2:So maybe you've used a license agreement, you're using an app that's notionally free, but they actually make all their money by watching you and recording your movements and then selling advertising to you based on your profile, and so that in and of itself is not a crime, as in there's no criminal actor behind it.
Speaker 2:It's all legal, it's all stuff you've agreed to, but that data can then be abused, and so we're seeing things like disinformation campaigns at scale you know that are going after people in marginal electorates. Uh, you do occasionally get data like this breached as well. So some uh company doing you know some marketing tech company that collect all this data on people and a threat actor comes and takes it and you might not even know that your data is being collected. Probably the other really insidious one is uh, a company that's owned by one of these uh or is within the jurisdiction and subject to coercion from a, an oppressive regime who has not the best interests of our nation at heart and can actually get that company to hand over data on our citizens because they're interested in a few of them, and we know we're doing this because we would do the same thing if we had access to their data.
Speaker 1:That's kind of a scary thought, to be honest. I mean, what's the solution to the current problem? How do you see the future of data collaboration evolving?
Speaker 2:So I think this is where regulation has a part to play. So large companies don't really have much of an incentive to look after the data of their customers. People will get angry about their insurer losing control of their personal medical history, but how many people actually follow through with the threat of moving to another provider? Almost no one, because you're going to think the other provider is probably worse. So really, the only way to raise the floor is for the government to step in and make regulations and impose penalties. And you know, until there's a price tag of you know, a few million or billion dollars on a data breach, companies won't have any incentive to take it seriously.
Speaker 2:I'm not a cynic. I honestly believe that the people who work at those companies really want to do the best job they can honestly believe that the people who work at those companies really want to do the best job they can. But when push comes to shove and you've got to meet your targets and achieve the bottom line, security gets kind of pushed down the road like we'll do that next quarter, this quarter. The shareholders are angry. We have to give them a good result.
Speaker 2:Right regulations are good, because what you're doing is, if you say, all of the companies in this industry have to all level up their security standards, then everyone takes a hit on the bottom line, and so maybe the price goes up a little bit. But at the end of the day, you know, if you're in this industry, you're competing with other companies that have the same obligation as you, with other companies that have the same obligation as you. If you work in cybersecurity in one of these large organizations and the regulator cracks down with a new category of penalty for a particular type of negligence, that is good, because that delivers you more resources and more budget. Your job profile just got more important, because you're now not only protecting customers' data, which is probably what gets you up in the morning, but you're now not only protecting customers' data, which is probably what gets you up in the morning, but you're now saving the company's bottom line by avoiding a big fine.
Speaker 1:It's such a shame, isn't it, that you know a lot of these companies don't really prioritize cyber as something that it should have a lot of the budget spent on it. You know they throw it away on things like marketing, perhaps sales, and, of course, you know, profit margins for the board members Taking a step back from cybersecurity and really just focusing on sidearm technologies. How long have you been running it? What were some of the scaling challenges that you found at the beginning and you know what was maybe some key leadership lessons learnt?
Speaker 2:So it's been almost seven years since I stepped away from my very generous remuneration job and went it alone. In that time I've raised capital, I've brought on a co-founder, I've hired staff, got a product into market all the things a start-up does. There's been a lot of lessons along the way. I think probably gosh, it's hard to know where to start. But one thing I will say is and I think most people working in startups, most good founders, know this you really have to focus on the problem that you're solving, not on your solution, and you need to be focused on your customers. You've got to be obsessed with your customers and you have to know who's a customer and who isn't.
Speaker 2:And I think that second part is really hard. Very often you'll get people who are really keen to work with you and it feels like we can close another deal here. This is a no brainer, Like if someone comes to you with a proposition and they're willing to pay, you take them on. But if you end up building extensions of your product or changing your runway not your runway, your roadmap to meet their special requirements, you end up becoming a technology-backed services company, and it's a very dangerous road, especially if you're not profitable, and many startups are spending most of their capital on building an asset while trying to build up the actual operational part of the business into a self-sustaining profitable machine. But you really need to be careful not to get sidetracked into technology-backed services.
Speaker 1:It's so true, isn't it? I mean, I've heard a couple of different stories on this topic about you know, choose your customers. It's so true, isn't it? I mean, I've heard a couple of different stories on this topic about you know, choose your customers. It's very important and just nailing your niche. And one in particular was around you know the first 100 clients that you have very important to guiding how fast the company would scale.
Speaker 1:I had Patrick Gentry from Sprout Solutions on the podcast the other night and he was saying you know, we actually, after a while of acquiring customers, we discovered that it actually costs the same and also it's the same effort to get you know customers that have 50 employees versus customers that have 200 employees, and the ones that have 200 were actually delivering the most amount of profits for us. So it made sense to focus on these. But then I've had other founders of SaaS kind of say it was actually better to focus on the smaller companies that were happy to go ahead with the product that already existed versus the large ones that wanted everything customized and changes, and it just drove the developing team into a frenzy.
Speaker 2:So, um, yeah, I think that's really good advice, kind of knowing, knowing who your customer is and being able to say no, which is really hard, I think, especially as a startup it's so hard when you're just trying to get that revenue number up and trying to move it in the right direction because you're trying to raise venture capital and make payroll and all of that, and you just feel like we have to just close deals and it's. It takes a lot of self-discipline, uh, to to say no, um, and not pursue a customer. That is going to lead you down the wrong path. I'd say to the the um. To your comment about the different size of business, I think it is tempting to go after very large enterprises and certainly if you can and my former employer was very good at doing this but you've got to be very, very patient and you have to have a stomach for bureaucracy because you will deal with a very bureaucratic process, so long sales cycle, versus a much smaller company which will have a very quick sales cycle.
Speaker 2:You're probably talking directly to a C-level exec when you make a sale, but recognising that you'll have to close a lot of deals and get a lot of revenue, and often they don't have the appetite for procuring, I guess, valuable B2B SaaS.
Speaker 1:It's so true. I think enterprise I mean definitely expect 12 to 18 months sales cycles, especially if you don't know the people. There's no connections or prior relationships there. You know it's a brand new logo that you're after. It's absolutely what we're seeing in our world as well. Challenges you faced as a CEO. One of the main things I want to know is you know when you first started out, who was your first hire and why? And then what are some of the people challenges you've faced as a CEO?
Speaker 2:Yeah, so my first hire, if you include contractors. I hired a part-time developer to help me write code so that I'd have more time to focus on sales and other parts of the business. In terms of challenges, I would say I'm going to need some time to think about this. You can probably cut this bit out of the video Challenges it's hard to know where to start. I've had them all. Hang on, let me make up with a good one.
Speaker 2:Okay, I think one of the biggest challenges you have as a founder is knowing when you've made this elusive thing they call product market fit. Now I read an article recently that said product market fit is not even a real thing. It's an idea that was fabricated by VCs as a way to justify raising Series A and that you'll never really know when you have it, or if you do have it, you might lose it again and you have to find it again. But I think really a challenge that I had or that we had, I should say, at Sidearm is we thought we had a product market fit and we thought it was time to scale.
Speaker 2:When money is cheap and interest rates are low, it's very easy to raise and to go and start spending and expecting that as you spend you'll get. You know you've got to spend some money. You make money, revenue is falling in, everything will be fine. When that doesn't happen, when you spend the capital and then you don't make the revenue and you have a shocking revelation that you scaled too early. I think that is a tough lesson to learn and that I think is one of the biggest challenges is knowing when to speed up and when to keep chipping away and iterating with a small team or as low as expenses as you possibly can.
Speaker 1:Yeah Well, I guess one of the symptoms of knowing that you've scaled too quickly aside from maybe not getting the clients to come in on time that you need them. What are some of the other hints? That possibly wasn't the right time, was it?
Speaker 2:things around the market. Or you know the economy. Yeah, I think when, when you start getting, uh, I mean I guess people will decline to do business with you for a number of reasons. Um, but very often it comes down to um, either the, the product is not a fit for what they need, and when you start having conversations and and it starts to dawn on you that you're sort of two features away from what people actually want, that's quite scary, and you know, at that point you're looking at the calendar and saying, well, how long will it take us to get there and can we afford to keep building for that long?
Speaker 2:And I think the other one is when you're not really sure what the sales process should look like. So when you're constantly second guessing the sales process and thinking we need to make some changes here, you know the top of funnel or the bottom of funnel isn't right, or that's, I think, a sign that you hadn't really solved the problem, the sales problem, yet. And certainly for a technical person such as myself with no background in sales, you know when you're, you know you listen to the conventional wisdom to. You know, create a repeatable sales process. It's like, well, I've never done that before you know how does one do that? How do I know when I have a repeatable sales process and I think that's a real problem is thinking because you've had some good luck and let's face it, most businesses are still alive because they've had some good luck at different points but not mistaking that for actually having a repeatable process a repeatable process.
Speaker 1:It's funny, it makes me. It reminds me of a story someone told me which was about you know a business always, especially a SaaS or a tech business it always does well when it has multiple founders rather than just the one, and typically one has to be the technical one and then the other one has to be the person that they say is not afraid to talk to strangers. So I guess that gives them the sales experience, the market research experience and really just finding out as much about the market as possible and how you know customers could potentially absorb their product. So can you tell me a little bit about your co-founders and you know, as someone who does have a technical background, how do you stay connected to the other aspects of the business?
Speaker 2:yeah, so my co-founder, ben, is, uh, he handles the commercial side of the business. Um, so the way I think about and this is a very I you know, if there's such a thing traditional startup way of thinking is we have the product side and the customer side, and so I'm primarily focused on the product side and he's primarily focused have the product side and the customer side, and so I'm primarily focused on the product side and he's primarily focused on the customer side.
Speaker 2:Makes sense I take a keen interest in the customer side as well, because I am the CEO and I'm ultimately accountable for what happens on both sides, but I'll be spending most of my attention on the product and because I'm technical, that makes sense. How these two sides interact is really interesting and I think you know for a successful team it doesn't matter so much that you've got different skill sets and different experiences. In fact, that's a plus, you know it's. I guess diversity of skill sets is good, but you do need to share common values and have good communication. So if you you know like I consider myself a very high integrity person, if I was working with someone that and Ben is also very high integrity like we trust each other, you know, as just a core part of how we operate. If you were dealing with someone who has a different perspective on integrity I won't say they're like low, but just a different way of interpreting. You know the world like someone who lives by. You know some mantra like move fast and break things or fake it till you make it of these. Like you're going to have problems aligning around strategy and you're going to be constantly at odds about what speed to go at and how to represent what you're doing. So I think having that, having shared values, is very important in terms of how you organize the culture of the team.
Speaker 2:Then I think that, in terms of specifically between product and customer, there's an interplay, a complex interplay. So obviously the customer is the one with the problem that you're trying to solve, and so you constantly need signal coming across from the customer to the product side. On the other hand the product side you've already invested a lot of money into building this asset that you're now trying to sell to customers, and if some customer says they want asset that you're now trying to sell to customers, and if some customer says they want something different, you're not going to throw it all away and start again. You might have to change customers. So you got to do like a small pivot and that's the product people telling the customer people you're selling to the wrong audience.
Speaker 2:So I think you've got these two sort of sides of the brain that are in constant tension and these little micro pivots happening, and I think, as long as you can stay in alignment and keep that communication going, each side informs the other and you end up with, you know, moving slowly, you know incrementally, into the right direction, incrementally in terms of how you're adjusting your ICP and how you're adjusting your product benefits. But that's, I think, the healthy way to do it. I think if one side or the other side has too much power over the other one, then you can end up with a customer team that's dictating the roadmap to the product team, and that's going to be problematic. And then you or you can have a product team that's dictating to the customer team and you know, then you have problems with obviously getting sales it's so true, isn't it?
Speaker 1:I think, yeah, there's so many things at play here. I've been lucky enough to have a co-founder for 20 years now, and I mean everything you just said. We, basically we have the complimentary skills. You know he can't do what I can do and vice versa, I can't do what he can do. But the values are also there as well, Like we've always been, you know, great at communicating. There's honesty, there's integrity, there's. We don't always agree on things, but when we disagree, it's very respectful of each other's opinions, and I think there's also some open-mindedness there. For example, if he wants to try something that I disagree with, I'll say let's try it. But if it doesn't work, you know these are kind of the processes in place. If it doesn't work, you know these are kind of the processes in place. So, yeah, I completely agree with that.
Speaker 2:I think that's crucial if you're going to stay in the business long term. Yeah, for sure.
Speaker 1:And you know I hate people comparing a co-founder relationship to a marriage. But I will grudgingly admit.
Speaker 2:It's totally a marriage. It has a lot in common.
Speaker 1:Yeah, Absolutely. Now you're in cybersecurity, which I think in Australia is a very competitive market. What advice would you give to other founders out there that are looking to enter a similarly competitive landscape in the world of SaaS?
Speaker 2:All right, all right, I would say. In Australia particularly, what you have to remember is we are a fraction of the global economy. I think it's very important to decide early. Are you building something for the Australian market or are you building it for the world? And I think in cybersecurity in particular and this is probably true of almost any product in technology, specifically technology if you're not building for the global market, you will be crushed because a larger, better financed company that has global distribution will land here eventually. They might see the APAC market as a rounding error, but they will eventually come here and they will dominate through just sheer power. And if you're working in technology, there's not really a lot of localization that you can use as a moat technology. There's not really a lot of localization that you can use as a moat, probably some exceptions to that if you're working in the finance sector.
Speaker 2:So banking or lending or what have you we do have local laws. You can build to those local laws. You can build a very customized offering that probably won't work in other countries. But likewise, if a big foreign company came here to try and sell their offering, they would soon fall foul of local regulations and they just wouldn't be able to take off. But if you're going to do that, you need to make sure it's a sufficiently large market. If you were targeting consumers for a financial product, some kind of payment card system or what have you, I think that's a great idea. You know you want to have thousands and thousands of customers with the ability to pay for a service if you want to launch here. So that's been something, and you know the pandemic has made that lesson. All the more stinging for us is that we didn't go international soon enough.
Speaker 2:So I'd say be very, very clear about your objectives. Um, if I could offer one more, I'd say think about the outcome you want, like the destination you want to get to. For some people that's a quick exit, um. For other people it's we want to list on the ASX or the NYSE or something. For others, they want to run this company as a private company for my entire life. But think about what you want and plan accordingly, and that will inform whether you build to a particular partner ecosystem in the hope that someone will acquire you, whether you stay independent and avoid tie-ups where where you could be getting too close to any other vendor, whether you raise venture capital, whether you bootstrap you know what sort of people you put on your team.
Speaker 1:All of it is working towards, uh, some kind of outcome, and the outcome can change, but you have to have some idea at the start of where you want to go yeah, it's very interesting advice what you said, because, um, having spoken to a few uh, not just startups but also, you know, mid-level companies, they actually use the, the location and the region focus as their winning advantage. So you know, they, for example, would say look, a lot of our clients, they like the fact that we're local. But it's interesting, I guess it depends on the industry that you're in, and so, in the world of cybersecurity, especially if you're targeting global clients, absolutely you need to have a global presence and be able to service, um, the global market. Um, I really like your second tip as well. I think it's important. It kind of makes um the key part of the strategy.
Speaker 1:Uh, interesting event I attended on strategy recently and there was a debate about how long a strategy document has to be, as in the top overarching strategy of a company document has to be, as in the top overarching strategy of a company, um and I think they decided at the end it's a one-page document which with exactly what you just said, like what are our goals basically, and how can we communicate that to the rest of the people in the company, so that we're all striving towards the same one.
Speaker 2:Yeah, I definitely think having a simple mission statement, um a a very simple set of objectives and uh, and really pinning it to to a mission um, I think too many companies are focused on all these metrics, you know profit and loss and whatever, and it's really well, of course you're trying to make money but.
Speaker 2:If if you just wanted to make money, you could put it in the share market, you know, just invest it in an index fund and just sit back and do nothing. But you know we do these things because we're hopefully interested in the area that we're working. We want to make a dent in the world. You know, shift the conversation maybe lead to, you know, some better cybersecurity outcomes for people, and so if you're going to do that, you need to have a very strong set of goals that are focused around how you're going to deliver.
Speaker 2:You know your novel solution to solve the problem of of a certain cohort of people and and you know how you will know when you're having an impact I think doing it lately and I realize I've just said that in way more words than I wanted to, but saying that in as few words as possible and using the simplest language you can makes it very easy to grasp and for people to know when they're actually contributing to the goal.
Speaker 1:I completely agree. My last question for you if you could go back in time to your younger self, when you first launched um the company, what piece of advice would you, what would you do differently? What would you say to yourself? Um, that would really change the trajectory of your, of your journey gosh, that's a really thorny one.
Speaker 2:Um, yeah, I I like to operate under the idea of no regrets and I made the best decisions I could when I did, I would probably tell myself. I remember, very early on, a friend and mentor said to me are you coming to RSA? And all the vendors are there and they have these huge, you know often million dollar stands with you know, free giveaways and and merch and bright lights and all this. And, uh, it's a big circus, basically. And I was busy building, you know, building my first, uh, you know my first mvp, and I said no, I'm not going. And he said, why not?
Speaker 2:Like it's the biggest cyber conference in the world, it's once a year in San Francisco. You should go. And I said, well, I'm too busy, I don't want to waste two weeks, plus the cost of all the airfares and the accommodation and and you know, I'm just going to stay here and keep building. And I should have listened, I should have gone there. I think I would have learned so much from you know, three days at that conference, just a glimpse into the cutting edge, like what the future looks like, and probably made a whole lot of connections and it would have really broadened the scope and I would have much earlier started thinking about.
Speaker 1:You know who is my global ICP, so I probably, if I could go back in time, I would tell myself get on that plane yeah, I think, um, yeah, as some people have said this as well like when, when you go to events like this and you meet a lot of other people, you also learn from the mistakes that other people have made just by talking to them. So, yeah, I think who knows right? Who knows how things would have turned out?
Speaker 2:Exactly yeah, you can never tell. And who had a pandemic on their bingo?
Speaker 1:I think Bill Gates knew, but aside from him, no one else.
Speaker 2:Actually I have a very good friend who worked for a particular government department and they actually did a whole series of planning around what would happen if a pandemic hit and they put it all in a ring binder and stuck it in the archive somewhere and all went off to move on other projects. But you know, you just never know when uh disaster will strike absolutely.
Speaker 2:I hope they managed to find that when it did strike I hope they, I hope they did locate that ring binder too. I mean, I think things went relatively well all things concerned, so they probably did yeah okay, well, thank you so much for your time.
Speaker 1:I really appreciate giving up an hour on your friday, uh to have a chat with me. I've certainly learned a lot about the world of cybersecurity and I'm sure all the guests listening today have it on their radar to maybe look into it a little bit better for their SaaS companies.
Speaker 2:Yeah, thank you. An absolute pleasure to chat today, joanna, and thank you for having me on your show.
