The following interview is a conversation we had with Austin Gadient, CTO & Co-Founder of Vali Cyber, on our podcast Category Visionaries. You can view the full episode here: $15 Million Raised to Build the Future of Linux Security
Austin Gadient
So happy to be here. Brett, thanks for having me.
Brett
Not a problem. Let’s go ahead and just kick off with a quick summary of who you are and a bit more about your background.
Austin Gadient
Sure, I am the CTO and co-founder of Vali Cyber. I guess as I tell you about my background, I’ll share how the company got founded. Along the way, I started my journey into the cybersecurity space at the US Air Force Academy. I was a member of the academy’s competitive hacking team. After that the Air Force sent me MIT to do a masters in computer science for my first assignment. And while I was there I worked on a DARPA project for my masters thesis. And this DARPA program was called Haccs H A C C S. It was all about autonomously finding and destroying botnets. And the approach that we took was very offensive in nature. I learned a lot about attacking systems, specifically Linux systems like servers, Linux IoT devices. So this very red team offensive focus.
Austin Gadient
And then after that the Air Force sent me to Kurland Air Force Base. Now we’re kirky New Mexico and I worked on two programs. One was called chess, the other one was called Stargate. Stargate was a satellite ground system program. Chess was flight system program, so focused on satellites themselves. And it turns out the flight computers that run satellites and the servers that run ground systems for satellite networks are all Linux systems. This time I was doing Linux security, but from a defensive perspective. I discovered as part of some analysis we did a different commercially available tools to try and defend these systems, that what’s out there is lacking in a lot of ways.
Austin Gadient
We had issues with portability between different versions of Linux, performance on Linux systems, and instability, efficacy issues, so they weren’t so good at detecting attacks, at least the solutions that we tested. And so that’s really what motivated me to start the company? We’re very focused on protecting mission critical systems, and I think that comes from that DoD background and my prior experience trying to defend some of the most critical systems that the United States has to worry about. So that’s kind of how the company got started in the founding story and a little bit about my background.
Brett
Brett, what did the first, let’s say, three to six months look like in the company when you found it? I see it was founded in fall of 22.
Austin Gadient
That’s right, that’s right. So the first few months were really focused on building a prototype of the initial product. And the first thing that we wanted to do was build a Litx security product that could stop ransomware attacks specifically, and to do it in a way that was behavioral, so it wasn’t based on something called signatures. And because it was a behavioral technique, it would be more robust in detecting different types of attacks. So it wasn’t so specific to a specific attack that’s very generic. And we also wanted to have this really cool capability called rollback in the product. Rollback was important because it allows you to restore a system that’s been damaged back to an undamaged state. You can imagine this is an important capability for a mission critical system that can’t really have a downtime, can’t ever go online.
Austin Gadient
You want to have that ability to restore it and bring it back to life if something bad happens to it. That’s what we did initially, and once we perform that testing and built that prototype, we confirm that everything was working as expected. And so that really cost us to funding and launch the company.
Brett
When did you start selling to customers? When were you ready to commercialize?
Austin Gadient
So that took a little bit of time. I’d say it took about twelve months before were ready to commercialize. And I think that something that we did as a mistake was trying to go to market too early. I think we are in a space where there are a lot of incumbent vendors. For example, you have lots of large eR, vendors like Sentinel one and Crowdstrike out there that are kind of the big gorillas in the realm. And to be able to compete with a mature product like that, your product cant just better. It has to be significantly better, and it has to be pretty much error and bug free. So that can be a difficult standard and bar for a software startup to meet.
Austin Gadient
And so we had to develop really mature QA processes early on that helped make sure that were ready for the initial engagements we had with customers.
Brett
What did you do early on to build trust and credibility. If we’re talking about protecting assets like this, I’m sure it’s not like an e commerce widget or a chatbot. This is serious technology and this is serious stuff that you’re protecting. So what did you do to build trust with customers so that they would give you a chance and they would have that trust in the product?
Austin Gadient
So I think the first thing was to inform them about my background and our CEO’s background. Our CEO is also an air force veteran as well. So I think that knowing that we came from an area where were focused on mission critical systems, I think that was an important thing for customers to understand. And beyond that, I think it was very important to be transparent and truthful about what were providing and what our product could and could not do. So you definitely don’t want to oversell. I think that’s very easy way to lose a customer early on if you try to promise things that aren’t true. Another thing that we did is we built some tools that make it easier for someone to validate our claims. One of them is called security perfect.
Austin Gadient
It’s essentially an open source tool that will allow you to measure the performance impact of a security product on a system. Because that tool is open source, anyone can go with the code, you can run it themselves. They know exactly what we’re testing. And that helped us back up a lot of our very bold claims about the performance properties of our product and our platform so that people could validate it themselves.
Brett
From a ICP perspective, how do you think about the ICP? And has that changed since you began to commercialize?
Austin Gadient
Yes, so I think starting out were definitely focused on DoD organizations, but we knew to really grow the company we couldn’t be solely focused on DoD. We needed to focus on enterprises. And we knew Linux was all over the place. Something that we learned along the way is that there’s a best of breed product, which is what we are, which is what zero walk is. It’s the best of breed platform for protecting these mission critical systems. Then you also have platform plays and platform plays really focus on covering every type of system out there. So they’re going to protect your windows, your Mac and your Linux systems as well. And different types of customers are going to prefer these sorts of approaches depending on how much they care about the actual security of their systems as opposed to coverage.
Austin Gadient
And maybe ease of operations can be something that might beneficial about the single pane of class. And so we really needed to find those enterprise organizations that had lots of Linux systems and that also had a really dire need to protect them. So financials would be a great example of organizations that have lots of Linux systems, and the consequences of them failing to protect those systems are very severe. And so those sorts of organizations have been very receptive and responsive to our messaging into our platform and our product.
Brett
When it comes to that messaging, who are you trying to speak to? Is it the CISO? Is it more the security practitioner themselves, director level like who are you really trying to speak to in your messaging?
Austin Gadient
You have to be able to speak to all those different folks, especially when you’re selling the enterprise, because all those different people are decision makers. At some point in the buy in process, the CISO is typically the person you have to intrigue first because they’re the one that sets the agenda and the overall strategy for the organization. And so if they believe what you’re doing would be valuable to them, then they’re going to tell those that work for them to spend time testing it and trying it out. And then you need to be able to message to those folks that are doing the testing kind of in the trenches, doing the hands on work effectively so that a, they can use your product effectively, b, they can really evaluate it effectively and understand its benefits.
Austin Gadient
And I think that we’ve developed different types of messaging for different types of people that we interact with. As a result, we do have higher level messaging which is focused on kind of big picture stuff, and lower level, more technical messaging for those folks that are going to be more hands on with the product.
Brett
This show is brought to you by Front Lines Media podcast production studio that helps b two b founders launch, manage and grow their own podcast. Now if you’re a founder, you may be thinking, I don’t have time to host a podcast. I’ve got a company to build. Well, that’s exactly what we built our service to do. You show up and host and we handle literally everything else. To set up a call to discuss launching your own podcast, visit Frontlines IO podcast. Now back today’s episode. How do you define or how would you describe your marketing philosophy and the general marketing approach?
Austin Gadient
We want to be a vessel for the truth. So we don’t want to say anything that is false, that we don’t want to make any claims that are of overinflated. We want to make sure that everything we say is very objective because our sales cycle is definitely heavily involved with technical buyers. And I think technical buyers are not people that respond to marking hype and fluff and stuff like that. Well at all. Once they hear that sort of language, I think it turns them off very quickly. So we’re very focused on making sure that everything we say is accurate and objective, and that we also provide ways to prove it. And so that tool security perfect was one of these ways we’ve enabled folks to better evaluate our claims and verify that our claims are true.
Austin Gadient
So I think that truthfulness is definitely an important, and focus on being very credible from a technical standpoint. So putting out good technical content that’s going to resonate with the technical audience and hopefully teach them something about Linux security along the way.
Brett
I’ve been to RSA the last couple of years. I’ve been a black hat the last few years. And whenever I walk around I just think, man, everyone’s saying the same thing. I know the products are completely different. Different. They’re in different categories, but it really does typically seem like people are basically saying the same thing. And whenever I’m walking around I just think how do you stand out in this world when everyone’s saying the same thing? So for you, what else are you guys doing to rise above all of that noise that’s out there and capture the attention of ciso’s and everyone else that’s involved in the buying process?
Austin Gadient
Robert, that is an excellent point. I went to RSA last year and I experienced the same thing, but walking around the floor and seeing all the different companies pitching their ideas is definitely a crowded space. And so the buyer is definitely hounded with a bunch of different messages. And something that you’re really competing for is mind share the opportunity to have your message heard and listened to by the buyer. Just because there are so many different companies out there trying to pitch their technology and their products. And I think the way we’ve been successful in doing this really has been relationship based selling. So we have a very experienced sales team that has been in this industry for a long time. They have other sellers that they interact with regularly, resellers essentially, that have been in the industry for a long time.
Austin Gadient
And because they’ve been selling security products for a long time, they’ve had excellent relationships with cybersecurity experts and with ciso’s and other decision makers in the buying process. And I think that has been very effective, especially for us as a small company, to kind of cut through the noise because we don’t have the marketing budget that large companies have. We cannot spend a ton of money on marketing. We have to be very careful about how we allocate resources. And we found a lot of success in relationship based selling and working with sales teams that have a lot of experience in the space.
Brett
When it comes to your market category, is it Linux security or how do you think about that market category?
Austin Gadient
Yeah, so I’d say the broader categories would be EDR and CWPP would be another one, cloud workload protection platform. And EDR stands for endpoint detection and response. And I think that our platform kind of fits in both of those categories. We do a little bit of both of those things as a bit of a hybrid between the two. That’s generally how we describe ourselves when we talk to customers. The last thing we want to do is try to come up with another three or four letter acronym to describe what we do. Because there are already so many of them in the security space. And like you’re saying, the customer and the buyer are already very inundated with lots of different messages, so you don’t want to make it too complicated for them and try to pitch something super new.
Austin Gadient
Another thing that’s kind of unique about us is that we protect hypervisors as well, specifically ESXi hypervisors. And zero lock is the first product on the market to do that to date. And so I think that it’s still kind of an ER, CWPP messaging, but it is focused on an entirely new type of system that has historically been unprotected and results have been significant. Like the MJ impact, for example, was the result of a ransomware attack against ESXi systems. That was quite devastating. So I think that has allowed us to differentiate and stand out a bit, as well as by providing protection for a platform that no one else really protects.
Brett
Today I work with companies in a lot of different industries, obviously do a lot of work in cyber. And I’ve never seen an industry that just loves to make shit up more than cybersecurity. Every company I talked to is trying to like invent a category or create a new category and they just throw on some letters and they say like, this is our new category, it’s going to be big. Why is that so common in cybersecurity, do you think?
Austin Gadient
I think it’s the issue that you were just talking about where there’s so many companies in this space and so many products, it’s really hard to get your message out there. And I think it can be tempting to try to differentiate yourself with creating a new category and creating a new acronym. But our belief and our experience is that new acronyms, new categories, they just confuse the buyer. They make it difficult for your customer to understand exactly what you do. So it’s better to try to fit into existing categories and try to work with more experienced teams that have relationships to get your foot in the door, as opposed to trying to go out and create a whole new marketing message and category that is going to be foreign to a lot of folks in the security space.
Brett
What role do analyst relations play in your general go to market approach?
Austin Gadient
Analyst relations are definitely important. We certainly don’t have the resources to have Gartner and Forrester as advisors that we’re paying in any way, but we definitely want to make sure that large advisory firms like Gartner and Forrester are aware of what we’re doing so that if one of their enterprise customers asks them about us, they’re able to talk about us. And so we’ve basically done briefings with those sorts of analysts. We do have a relationship with a smaller analyst group called Tag Cyber, which is run by Ed Amoroso out of New York City. And they’re very focused on the cybersecurity space. And Amoroso was a CISO for at and T for a long time before starting this company. And we have engaged a lot more closely with them because they’re a lot more directly focused on security and cybersecurity.
Austin Gadient
And as a result, a lot of security buyers tend to listen to tag cyber quite a bit. So we’ve gone with kind of a smaller player in the space that we engage with quite heavily, and we make sure to keep them informed about what we’re doing, new product announcements, and we’ve even done a little bit of co marketing. For example, this ESXi extension of our product is something that we announced through Tag Cyber, and that announcement was quite successful. I think its because tag cyber is really focused on the space that were focused on.
Brett
Preston, what do you think today? Its been the most important decision that you’ve made in the history of the company?
Austin Gadient
I think we had a challenging fundraising round this last time. We had an investor that were expecting to get an investment from. And something thats interesting about VC’s is that once you have one reputable investor that wants to put money in, its a lot easier to get other VC’s to put money in as well. So they kind of follow each other because they talk to each other and they try to understand why a certain organization, certain VC Group, by deciding to fund a specific company. And essentially what happened is the main VC pulled out right before were about to close the round, and that threw everything up in the air. We were definitely low on cash at this point, so it was a scary moment for the company.
Austin Gadient
I think it was critical for us to remain calm and think our way through that situation as opposed to getting overly stressed out or worried about it. Essentially what we did is we just went to the other investors and we explained why this other VC wasn’t able to make the investment at the point. It wasn’t about the quality of the company or anything like that. And we also used this other VC that had pulled out. They took interviews and meetings with the other VC’s that were involved to explain exactly why they were participating in the round and to give them confidence. They felt like Valleyside was still a great company to invest in. We were able to pull the round back together essentially some time.
Austin Gadient
It took a month or two beyond when were expecting to close the round, but were able to get it done. I think having that patience and that perseverance was really significant in that moment.
Brett
If we think about the general 2024 plan, what are those top priorities and what’s keeping you up at night?
Austin Gadient
Yeah, I think the top priorities for this year are really to increase the number of pocs we have going on, so that we increase the sales pipeline and also to grow our revenue. We have a product, the product is quite solid at this point. Its been deployed at lots of SMBs and some Fortune 500s as well. Its performing well. So the goal here is just to increase the footprint of the systems that we cover. And I think thats really what keeps me up at night. Especially how do we get more organizations to engage with us in pocs? How do we market effectively to create more inbound?
Austin Gadient
I think relationship based selling is great, especially for us starting out, but we need to figure out how to scale beyond that as the company grows and build our messaging in a way that will attract organizations to reach out to us as opposed to us reaching out to them. And I think that’s starting to happen. We’ve had a few inbound leads actually come in this quarter, which has been very exciting for us. It’s just something that takes time and certainly some patience.
Brett
Final question for you, let’s zoom out three to five years into the future. What’s the big picture vision that you’re building?
Austin Gadient
I guess for me this whole company has been about protecting mission critical systems and I think the fact that we’re focused on Linux is just a derivative of the fact. That’s why I was focused on AFRL and that’s where I realized that there was a problem in this specific area. But you can see we’re not entirely a Linux company because we expanded our platform to protect EsXi systems as well. So my goal over the next three to five years is to protect as many systems as possible. Because that means that a the product is functioning well for protecting more systems. It’s not breaking things, it’s not having performance issues, and it’s actually being effective at what it’s doing.
Austin Gadient
Especially over that course of time, we’re going to see some attacks, so we’ll be able to prove the value of the product and the fact that it’s going to be stopping attacks. And I think that certainly the more systems we protect that is highly correlated with the amount of revenue that we have. So we’ll grow revenue for the company as a result, and the company will be more successful business. But for me, I’m just really focused on getting as many systems protected as possible because that’s been my mission from day one with this company, is protecting mission critical systems from serious cyber attacks.
Brett
Amazing. I love it. All right, we are up on time, so we’ll have to wrap here. Before we do, if there’s any founders listening in that want to follow along with your journey. Where should they go?
Austin Gadient
They should go to valicyber.com. They can take a look at the website and they can also go to LinkedIn and connect to me there. Austin Gadient is the name, so reach out to me on LinkedIn. I’ll be happy to connect with you, and you’ll get updates through my regular postings about the company.
Brett
Awesome. Thanks so much for taking the time. Really appreciate it.
Austin Gadient
All right, thank you, Brett. It was great.
Brett
This episode of Category Visionaries is brought to you by Front Lines Media, Silicon Valley’s leading podcast production studio. If you’re a B2B founder looking for help launching and growing your own podcast, visit Frontlines.io podcast. And for the latest episode, search for category video visionaries on your podcast platform of choice. Thanks for listening and we’ll catch you on the next episode.
Twitter
facebook
linkedin