The following interview is a conversation we had with Jason Martin, Co-Founder and Co-CEO of Permiso Security, on our podcast Category Visionaries. You can view the full episode here: $10 Million Raised to Build the Future of Cloud Security.

Jason Martin
Thanks for having me, Brett. 

Brett
Yeah, no problem. So, to kick things off, could we just start with a quick summary of who you are and a bit more about your background? 

Jason Martin
Yeah. I’ve been in cybersecurity probably 25 plus years now. I’ve been an offensive side, I’ve been on the defensive side, I’ve been a CISO, and I think most relevant to what I’m doing right now is the last seven and a half years. Prior to founding Permiso, I was at FireEye Mandient, where I spent the last four years running product and engineering globally for the company. 

Brett
Did you go to RSA last week? 

Jason Martin
Unfortunately, yes, I spent the week at RSA. Luckily, I was able to stay away from the expo floor, and I think a lot of people who’ve been in the industry for a long time know that the real meetings happen outside the conference. And so I spent my time meeting up with customers, partners, and investors. 

Brett
Nice. Doing all the important stuff. 

Jason Martin
Yeah. 

Brett
Now, a couple of questions that we like to ask just to better understand what makes you tick as a Founder and as a leader. First one is what Founder or CEO do you admire the most and what do you admire about them? 

Jason Martin
This might be a little bit of a strange answer for folks in the tech industry, but Sam Walton, the Founder of Walmart, and if you just really look at his background and how he built that company, it’s just amazing. And some of the principles that he really believed in stick with me. Even in building product and technology, the primary one is have a profound respect for your competition, but don’t let them intimidate you and shop them, but do what they do better. And that’s always stuck in my yeah, he’s a I encourage everybody to go read up about the background and history of Sam Walton. 

Brett
Nice. Yeah. I always love digging into kind of non tech entrepreneurs, and I think there’s obviously great stuff to learn from tech entrepreneurs, but there’s just some fascinating stuff when you dig a bit deeper and get outside of tech. I’ve studied John Rockefeller a lot for the last five years. I became kind of obsessed with him and have read all the books on him and I just learned so much from that and I feel like you learn new insights and new perspectives that are different from what everyone else is reading and everyone else is studying. So love the call out there with the and you know, I think if. 

Jason Martin
You look at the story of Amazon, you’ll find direct lines into what Sam Walton did and what inspired bezos there. It’s like Sony’s impact on Steve Jobs and stuff. So there’s all these indirect lines of greatness that lead up to current great companies. 

Brett
Yep, totally agree. What about books? Is there a specific book that’s had a major impact on you as a Founder and as a person? 

Jason Martin
Yeah, I mean, there’s all the normals that probably people read, but I would call one out that I always think about and it’s thank You For Being Late, which was written by Thomas Friedman. And I would say it’s a non techie’s view of the major technology tailwinds that society is facing will be facing and what their impact might be know day to day life, politics, society as a might for those listening might recognize the name as the author behind the Earth Is Flat, which really called out the globalization of talent and other things way ahead of the time that I think it became largely recognized. So. 

Brett
Yeah. 

Jason Martin
Thank you for being late. Great book. 

Brett
Nice. I haven’t heard of that book, but I will definitely check that out. I guess the joy of doing this podcast is most of the time people have original answers and I get something unique other than hard thing about hard things or Built a laugh. So always like when it’s a unique book. But that sounds like a fascinating read. Now let’s switch gears and let’s dive into the company. So can you just give us the pitch? Consider this the elevator pitch. Let’s talk about the problem you solve, who you’re serving, and really what that product does. 

Jason Martin
Yeah, and look, the elevator pitch is simple. It’s we find evil in the cloud. And that is not an acronym bucket. We’re not following the alphabet soup that analysts will put together. It’s across software as a service environments, infrastructure as a service environments, platform as a service environments, any of the ways in which humans or machines gain access to the public cloud. And then what’s happening in the public cloud. We’re trying to find evil. And that’s really probably at the heart of what we do. And evil has many shapes and forms in the cloud. 

Brett
Right? 

Jason Martin
There’s inadvertent evil being done by your employees where they just might be doing things that are inconsistent with your policies and practices. You have a policy about the way your public cloud should be managed and administered and they’re doing things. Not following that. So there’s kind of that category. Then there’s real evil happening in your cloud environment. There’s the breach of credentials, whether those are username and password or long lived access keys. But there’s a variety of different ways in which adversaries will get into that cloud environment. And we’re focused on detecting precursors. We’re focused on detecting once they’re in that environment. And then we’re focused on helping our customers respond and remediate the impact of those breaches. 

Brett
And now, I’ve worked with a few companies in the past. One was in the Cloud Security Posture Management Space, which is such a mouthful, and the Cloud SIM Space, which is an even bigger mouthful. And I can’t remember what is it? Security information and event monitoring, I believe. So if that’s the security stack, where does Permiso fit into that? Does this replace those? Do you no longer need it? Or is that part of the security stack with those two types of let. 

Jason Martin
Me I’ll answer the first. So. And this kind of goes to the founding thesis of why went after this space is if you look back through the history of security market evolution and you go back to the on prem world, what you saw, in the on prem world was first. You need to be able to answer the question of what do I have in this environment? And is it securely configured? And the analog to that in the cloud world is Cloud Security Posture Management. There’s also Cloud Identity and Entitlement Management and all these other acronyms. But effectively, what they’re trying to tell you is human machines, vendors in your environment. Who are they? And have you securely configured them? Are they exposing you to risk? On Prem, we had vendors like PinAble, who is behind Nessus. We had tools like Nmap. And they were also focused on answering the question of what’s in that environment. 

Jason Martin
So that progression is natural. You can’t really protect any infrastructure substrate if you’re not able to say what’s there. And do I have it securely configured? So I call that day one of cloud security. But day two is, okay, I know who’s there. I know what entitlements they have and how they’re configured. What are they actually doing, and is that behavior normal, suspicious, malicious, or just downright evil? And so that’s how we do not replace a CSPM. I think for all of our customers, they have CSPMs in place. They’ve operationalized that capability, and then they realize, okay, the natural progression is answering the question about what’s going on in that environment and not just knowing what your environment looks like. 

Brett
Got it. Right. 

Jason Martin
And then on the SIM side, one of the things were observing and when I was at FireEye, Mandian, I had a cloud SIM that we sold to customers. I had 20 plus different products that were trying to solve different vectors of attack within enterprises. And what we’re seeing is that customers, instead of going back to the first principle of, like, the cloud, is a new infrastructure and substrate that I have to protect, they’re trying to bring their old stack into the environment. And so they are either let’s just cloud SIM or SIM we’ll just call the capabilities are the same, right? One is delivered from the cloud, the other so cloud SIM, they’re offering it as a SaaS service and you send your logs to them or you’re running something on prem like Splunk or some other data lake technology, and then you’re aggregating your logs there. 

Jason Martin
Now the reality is you need a SIM, right? As a security practitioner or a CISO trying to protect an enterprise, you need to aggregate data from a lot of different sources. But you need a purpose built detection capability for the cloud because of how complex it is. And just pulling logs in from all the services that are completely fragmented and don’t really know about each other just creates a lot of data. So I see a lot of these data lakes, I’ll call them data sewers because there’s a bunch of crap going into them. So what we focus on is we’re not replacing a SIM, we’re going to send signals into a SIM, whether it’s a cloud SIM or an on prem SIM that tell you about things that are happening in your environment. So we’re intelligently aggregating and giving outcomes of that data versus you having to do that yourself in your SIM. 

Brett
And when it comes to your market category, then what’s that term and how do you define it? I had introduced you as a cloud identity detection and response platform. I think I’d pulled that from your LinkedIn. Is that the market category or what’s the market category here? 

Jason Martin
Yeah. That’s interesting. So there’s a category that gartner’s come up recently, which is itdr? I think it’s identity, threat detection and response. Then there’s the broad category of cloud detection and response. I would say there’s a Venn diagram. Our approach is categorically. I’d put us in the big bucket of cloud detection and response. Itdr, I believe, is a feature of that because identity is kind of the new perimeter and you can’t really decouple your cloud detection strategy from your identity and threat detection strategy. Overall, I think that analysts are creating too large of a bucket. Most of our customers when I was at Fire and Mandiant had 70 plus products in their stack and a lot of those were detection. And so saying cloud detection in this big bucket makes it very confusing for customers to understand the nuances of the different things you’ll need in there. 

Jason Martin
You’ll still need endpoint container security, you need API security, you need perimeter security, you need IAS and path security. And there’s just a lot of building blocks. I often say, like in the on prem world, it was difficult to secure, but you had big jinga blocks that you could use and they were very easy to stack on top of each other. The cloud for me is like an already six foot high jinga tower with those tiny little jinga blocks microservices and it doesn’t take a lot to make that whole thing fall over. So it’s very challenging to secure that environment. 

Brett
And you mentioned analyst there. What’s your relationship like with Analyst and how big of a priority is analyst relations for you in terms of your go to market? 

Jason Martin
Yeah, right now it’s about education. I think if you look at that space and you see the broadness of the way it’s being designated to the market, that we have to educate them a lot on the nuances on the way. We’ve spent three years, 300 plus interviews with enterprise leaders to understand the way we view the market. And so right now, most of our analyst engagements tend to be here’s Permiso’s view on this, here’s how we think about it. I may or may not agree with their premise, but it’s really educational at this point. 

Brett
And I was looking back on your LinkedIn, I think it was 2006 was your first security endeavor, is that correct? 

Jason Martin
That is when I founded my first company, correct. 

Brett
How have you seen cybersecurity evolve since then? And if you can try to think back to 2006, are you happy with how things have evolved? Did you think back then that things would look different and maybe some of these problems would have already been solved? Or how do you just think about the space’s evolution in general since then? 

Jason Martin
I would say overall, as a long term practitioner and being on offense and defense, I’m just disappointed. And I think I speak for probably most of the old gray security folks here, that the same problems still exist in new technology stacks. I’ll give you here’s a really good analogy. People said, oh, look at the cloud, it’s really new. And the problems we’re seeing there are exactly almost replicated from what we had on Prem. So on Prem people, when the Internet came about and people were plugging systems into the Internet, they would put SQL Servers directly on the Internet and those SQL Servers would have username SA and a blank password. They’d put Cisco gear directly on the Internet and not change the password. And now fast forward to a cloud world and everyone is up in arms and aware of s three buckets being open and left publicly available. 

Jason Martin
It’s again, hey, it’s about hygiene and it’s about process. So I think if you think about what I’m disappointed about is the people in the process are the most important part of securing your environment. The technology is a challenge, but it should be able to be folded into good practices. And the hygiene of companies and most companies hasn’t really changed much over the last 2025 years. And I think that’s what surprised me. I think cloud gives you an opportunity to reinvent the way you engage and secure that environment. And it gives you an opportunity to do it in a way that you never had on Prem. But unfortunately, companies are just taking the way they did things on Prem in a bad way, and they’re forklifting that into the cloud. Just like early engineering teams, they would bring their VMs into the cloud and they’d say, we’re in the cloud. 

Jason Martin
No, you’re in the cloud when you’re using IAS and PaaS services natively, you’re automating auto scaling things, you’re really using the power of the cloud. And I think security teams are just really lagging and it’s going to really hurt them in that journey if they don’t go back to first principles about how we use this technology to properly secure it. 

Brett
And why do you think that is? Obviously there’s just been an insane amount of capital pumped into cybersecurity vendors over the last few years. There’s obviously a lot of smart people in the space. Why do you think these problems aren’t really getting solved? And it’s just not making that type of progress that you would expect. 

Jason Martin
It’s a combination of things, right? So number one, the security industry still doesn’t have enough skilled people. That hasn’t changed. And so if you take that problem at its core, there’s only a finite number of things that they can learn and do and there’s a very difficult problem around them keeping up to speed with how rapidly technology is emerging. And so what I think caught back to my earlier comment about not being able to rethink how to secure these new and emerging technologies is they’re barely able to keep up with what they know. And then you compound that with the marketing. You talked about all the money that’s flown into cybersecurity and if you went to RSA, you just can’t escape right there’s. As a skilled security professional and former CISO, I’m confused. So I go out and if I had to figure out, okay, I want to stay abreast of things that are changing and I want to be protecting my company properly, I wouldn’t know where to start because everyone says they do the same thing. 

Jason Martin
They use the same acronyms. Now this year it’s AI, this chat GPT. That right. It’s always this buzword. Bingo. So what do I do and what do other CISOs that I’ve worked with, do they trust their network? Right? And so the marketing doesn’t help. I think it really creates a lot of confusion. And you talked about, we talked about analysts earlier as well, and I think they have a very important job to do because they help customers kind of cut through and maybe categorize. These 50 companies are really kind of in this one bucket. So if you’re thinking about this problem, then think about them in this bucket. But I also think they can create issues as well, right? Because there’s all this alphabet soup and people don’t really know how to put it together. And so those challenges just exponentially. To summarize, it’s like don’t have enough people. 

Jason Martin
Technology is moving so quickly that they can’t keep up and then the vendors out there say they do everything, and it’s just not honest in many cases. And so it makes it very difficult, and I just can’t see that being solved anytime soon. 

Brett
Yeah, I was at Black Hat last year and I was just at RSA and walking around, my brain hurt like everyone’s saying the same thing. It was very confusing just walking around. And I can’t imagine that as a buyer trying to navigate that world where for some reasons, everyone’s message is the same, it seems. But obviously their products are different and how their solutions work are different, but it seems like it’s very difficult to stand out in cybersecurity. Which brings me to my next question that I want to chat about, and that’s your website. So obviously I’ll link to that in the show notes, but it’s beautiful. You guys did just such an amazing job on the website and especially in cybersecurity. Most of the websites I see, they don’t look like this. They’re not fun, they’re not engaging. Typically, it’s a scary bird and you go to the site and your heart’s racing when you look at it. 

Brett
It’s very much, I think, based on this idea of fear. And you guys seem to have taken a very different approach, and I’m sure that was intentional. I don’t think you end up with a beautiful website like this on accident and very intentional branding like this on accident. So talk to me about that. What was that process like as you worked through your branding and decided what the brand was going to really look like visually? 

Jason Martin
Look, it was very purposeful to your point. We want to be different. There’s a lot of things that you probably got out of my curmudgeony answer about the industry that we don’t like about security. And one of those is the fear, uncertainty and doubt, like playing on the fear of a potential customer to get them to take action. And so we started out working with a firm called Hermit that really helped us understand our voice as a company, as founders, and what we wanted to put out there. They really took the time to understand who were and what we wanted to be and how we wanted to portray that. And they kind of set the underlying brand guidance. And then we’ve subsequently worked with a great firm called Vessel that has just done amazing things, taking and interpreting, that fun and that playfulness. And you can tell security is a serious business, but we don’t take ourselves seriously. 

Jason Martin
We take our job and we want to do for our customers very seriously, but we don’t think it has to be scary. One of the things we appreciate about business to consumer brands that have been very successful is the playfulness of their design, an elegant experience when you come into their product, there’s little things that make you smile, even in b to b software like Gusto that we use. They have a little playful pig running across the screen when you’re waiting for things to load and it’s just bringing that things that we enjoyed from other brands that are not in security or adjacent security, bringing that in was super important to us. And here I’ll put a little thing out there for anybody. There’s a bunch of Easter eggs hidden on our website. If you can find them, go ahead and shoot me a message on LinkedIn or something. 

Jason Martin
We have a little prize. So there’s stuff you probably haven’t even seen yet, Brett, that would make you smile even. But yeah, super intentional. 

Brett
Thanks a lot, Jason. I’m going to waste my whole afternoon going page by page trying to get these drags. This show is brought to you by Front Lines Media, a podcast production studio that helps B2B founders launch, manage and grow their own podcast. Now, if you’re a Founder, you may be thinking, I don’t have time to host a podcast, I’ve got a company to build. Well, that’s exactly what we built our service to do. You show up and host and we handle literally everything else. To set up a call to discuss launching your own podcast, visit frontlines.io podcast. Now back today’s episode. And it’s funny because I think other industries have been, I think, somewhat quick to embrace that idea of, what do they call it? Like the consumerization of enterprise software, where it’s moving into that world of there should be no difference. 

Brett
The people who are buying, maybe they work for a big company and they have a big title, but they’re consumers at the end of the day. So I think cybersecurity has been late to embrace that. Is that fair to say? And if that’s so, why do you think that is? 

Jason Martin
Absolutely. Look, I don’t know about you, but my iPhone tells me that I spend an average of four to 6 hours a day on it. And so if you think about the apps that I’m engaging with as a consumer on that phone and just the elegance of the user experience, and then I go into almost any enterprise software. And you’re right, there’s definitely exceptions and I think you’re seeing their success in the market as a result of taking that approach. But cybersecurity, well, here’s why. Because cybersecurity is very serious business, right? And it’s very complicated and you need to study and look at grids and I feel like they never cared about the user. Maybe they cared about the persona and the outcomes, but they didn’t care about the user. And that user’s experience in using that product, I never saw it again. Not to pitch what we’re doing, but we hyper focused. 

Jason Martin
So the brand that you see actually carries down into the product. We try to take some of that playfulness and we put it in the product. And I think it’s treating your users like people and creating an experience for them, cybersecurity or not, if any Founder out there is working on something, the outcome the use case to get your product market fit. It’s super important. But be playful, have fun, because that also resonates, right? You can win minds, but if you can win hearts too, you’ll just have a great company and culture and product and your customers will be really happy. But, yeah, I think summarizing that, Brett, cybersecurity super serious, can’t have fun. That needs to change because you can have fun doing your job. 

Brett
I think it’s just so hard to stand out today, right, in cybersecurity and in any industry. And the brands that I see on the B2B side that stand out, they’re the ones that make me laugh. They’ll post like a funny meme or they’ll do something funny on social media or their website will look fun. It brings in this level of almost like entertainment and joy that makes it enjoyable to consume and interact with the brand and then it sticks with you. So I’m sure if I saw some of the stuff you’re posting on social, your brand would stick in my brain, right, and I would remember you. But if it looked like all the other ones where it’s kind of the same FUD based fear, scary images, things like that, it’s not going to stand out and I’m not going to remember it because it’s just like everyone else. 

Brett
So it’s so smart, the approach you’re taking. And I think that’s a really valuable lesson for founders to take away from this interview is make the brand fun, make it cool, make it look like something that you would interact with in your personal life and on the consumer side. Yeah. 

Jason Martin
And find partners that can help you do that. 

Brett
Right. 

Jason Martin
Because I like to think I’m creative, but I’m not as creative as people that do this full time, all the time. And they can help you take your voice and your ideas and you will just be blown away at what they can return. You know, don’t feel like as a Founder, you have to do it all yourself and don’t overlook it. Right. It’s super important. 

Brett
Yeah. And I’ve been following Travis what’s his last name? McPeek, I believe. I’ve been following him for a while and I love what he’s doing. And I was on his site a while ago and I looked and like, oh, this looks kind of similar. And I just looked up hermit and now I see the connection because they have both of you. 

Jason Martin
Yeah. So Travis is a great friend. He’s one of our angel investors. Paul and I, my Co-Founder and Co-CEO are also angel investors in this company. And it’s the same thing. He fell in love with our brand early in his journey and he wanted to do something similar and they’ve just hermit’s spectacular at telling your story in a voice that really resonates with what you want to take to the market. So I’m glad you noticed that. And here’s something secret for your listeners. We are actually working on a super fun little cloud security pixel game that will be on our website at some point. It also makes fun of the industry and is very much on brand with what we do. 

Brett
Nice. Look forward to seeing that. Now, landing your first customers is always tough, right? Getting that trust and credibility, or earning that trust and credibility and really getting them to give you a shot. So what was it like for your first couple of paying customers if you reflect on that journey, how’d you acquire them and how’d you convince them to give you a shot? 

Jason Martin
Yeah. For anyone who wants to go and start something new, this is the formula we used. 

Brett
Right. 

Jason Martin
So we knew were going after white space. That was super intentional. We did not want to fast follow anybody. We didn’t want to get into the bloody red water of these existing markets. Look, that CSPM market you talked about earlier, Brett, is billions of dollars of funding have gone into that. And you’ve got a land war for budget with some juggernauts in there like Wiz and Palo Alto Networks and Laceworks. And so the problem, and you’ll hear this from investors a lot, they’ll tell you, hey, go find a problem that people are hyper aware of, have budget for, and they want someone to solve it because it’s so painful for them. That’s great, but that means you’re going to be in a market that’s probably fairly well understood and you really are going to have to stand out. So we wanted to go into white space. 

Jason Martin
Now, the benefit of that is there isn’t a blueprint, there aren’t a lot of competitors. The problem with that is you don’t have people who are aware of the problem that you’re talking about. 

Brett
Right. 

Jason Martin
You’re kind of looking where the puck is going. And so what we had to do is before we brought on our first CTO or any developers, Paul and I paul My, Co-Founder, Co-CEO, has also been security for 25 plus years. We went to our network. We went to our network and we started doing interviews. So we did about 100 interviews of enterprise security leaders and engineering leaders, technology leaders, and folks that we knew to try to understand what are some of the problems they were facing in the cloud. Where were they today and where did they think they were going? And our very first conversation was with Jason Chan, who ran security at Netflix before he retired recently. And he gave us some of the insight about how Netflix as a cloud native company really tackled cloud security. And they did it successfully and effectively. 

Jason Martin
I mean, these guys that came out of Netflix and Gals that worked there, they’re legends. Most of them have gone on to lead and. Start other companies and stuff and so were able to learn a lot from there. And we just did all these interviews, we just as many as we could do and we documented insights out of that and that allowed us to kind of get to the point where we felt like were ready to tackle the problem and so we started lining up people that were more interested. Out of that hundred, we eventually lined up ten companies that had a high degree of interest and were willing to engage as Design Partners. And we didn’t try to monetize anything at that point. It was just look, we believe in this problem, it sounds like you are like minded and let’s get you on and let’s start trying to see if we can find evil and build some interesting use cases around detecting what identities are doing in your environment. 

Jason Martin
And that’s how we approached it. So, six months we ran a closed beta with ten design Partners. We ultimately converted half of those into paying customers. But it wasn’t about go to market, weren’t trying to sell, it was hey, we effectively demonstrated value in your environment, let’s work out a little bit of commercials here. So we’re not just burning down our money on cogs related to the processing we’re doing in the cloud and continue to work together. So that whole cohort of Design Partners is still on platform and we’ve been able to really build unique and differentiated use cases that are able to be used across. Now we have 35 plus companies on the platform with us and we just started actively selling probably about two months ago now. 

Brett
Wow. And can you give us an idea of the growth that you’ve been seeing since then? 

Jason Martin
Yeah, in those two months it’s been amazing and this is where we feel like maybe the product market Fit is pretty much there now. We’re maybe getting some go to market fit again. When you pick a white space market, you have to do a lot of education. And while we don’t think the market’s really there and matured yet, we’re seeing signs. Some of those signs are competitors are starting to pop up and we’re not scared of competitors. It’s validation that there’s an opportunity there. But more importantly is when we engage now with outbound sales, we’re getting quick response onboarded onto the platform. It takes a few minutes to get us connected into an environment and then we’re talking commercials with them within two weeks. So bringing on our head of sales and when we brought on ahead of marketing, both of them player coaches that we’ve worked with in the past, really exceptional folks. 

Jason Martin
We’ve seen a pipeline has tripled and we expect revenue to double at the end of this quarter. And if we can keep that up, we’re actually looking to raise our Series A given some of those indicators that we’re seeing, it’s time to go and take our first mover advantage and make sure we hold on to that with competition coming in. 

Brett
And something else I wanted to ask, there are two other questions for you that are a little bit out of the flow here, but I have to make sure I ask them. So first one is you mentioned there Co-CEO. Talk to me about what that’s like, having a Co-CEO or being a Co-CEO. I see that a lot with I think Oracle was famous for having that and I’m seeing it more and more with startups. So how did you guys make that decision to have that role be split and what are some of the pros and what are some of the cons of having the chart structured that way? 

Jason Martin
Well, I’m super glad you asked that, Brett, because it does come up periodically with investors and it’s interesting the dynamic we have, me and my Co-Founder versus, I think what some other investors have seen. So Paul and I have worked together for quite a long time now and so there’s just this immense amount of trust. So when I was at Fire, Amandian, I acquired his company in 2016. He was the very first company in the security orchestration market. And so we bought his company invitas and then he worked for me for a little bit and when his lockup was up, Kevin Mandy and I kind of sat him down and said, look, we want you to run product and product strategy for us globally. And so we kind of put the hooks into him there and he stuck around and he and I went through a lot of hard stuff together, right, trying to turn around a product portfolio that was heavily on premise based and trying to modernize that. 

Jason Martin
And so first it was years in the trenches, taking shots at internal and external shots and just working together. And so we built this strong trust so when either of us as multi time founders and experienced executives, we could have each gone off and done our own startup, but we knew, look, some of our principles, he and I wanted to work together. We wanted to build a company culture based on trust. We wanted to go in a market that nobody else had been in, but were seeing the signs that needed to be addressed and doing that together, that was super important to us. So when that happened, he’s like, so you’re going to be CEO, right? Because I was the EVP at FireEye. And I’m like, I don’t want to be CEO. Because, look, for those who’ve never been a CEO and they think it’s going to be amazing, it can really suck at times. 

Jason Martin
There’s the highest highs and the lowest lows. I said, why don’t you be CEO? I don’t want to be CEO. So he had two guys not wanting to be CEO, so he said, let’s share it. And the reason it works. In our case, this might not work for everyone because there’s a lot of ego tied up in like, I’m the CEO, but ours was kind of counter ego. What we both wanted to do. The fifth thing about founding this company, which we dedicated ourselves to, is I want to do work that I’m excited to do every day when I wake up and I can’t say that’s what I did when I was executive at Fireman. There’s a lot of things I didn’t like about that job and there’s a lot of things I loved about that job. For me, I get energy from building a product that doesn’t exist in the market, going after a market, kind of forecasting what it’s going to be like and building product and engineering teams at scale. 

Jason Martin
I can do sales and marketing, but it’s not what I love. Paul loves sales and marketing. He loves turning 100 no’s into a yes. He just gets so much energy from that and building teams to go do that. So we’re like, hey, let’s just yin yang split this here. And so I focus on product and engineering and I have ultimate call about our roadmap and strategy there. He focuses on sales and marketing and he has ultimate call there. The one con would be like, well, who gets to make the ultimate decision? But we’ve never run into that situation at all. We just have such a high degree of respect for each other and we have so much trust built over time that if he says something on sale, I’m like, that is your remit, that is your expertise. Let’s go. And same thing on the product engineering side. 

Jason Martin
So look, if people are thinking about that model, I think you have to have a high degree of trust and you also have to strong delineation of where you’re going to make decisions because you do need single authoritative decision making in certain areas of the company. But yeah, it works for us. Works great. And honestly, he’s on the east coast. I’m on the west coast. Sometimes we have early customer meetings he takes, those late customer meetings I take. And so there’s always a CEO on the call and that’s pretty powerful at times. 

Brett
Nice. Yeah, that makes a lot of sense and I can see the impact. Now, a really hard question, and we’re putting this one on the record here. How do you actually say CISO? Is it CISO or CISO? I hear both. It drives me crazy. I never know how to actually pronounce it. So what is it? 

Jason Martin
Oh, my potato, tomato, tomato man. Let’s see. I think I say CISO. That’s probably how I say it. There’s a few ones. Yeah. Siso, I’m going with CISO. 

Brett
All right, so as long as it sounds like there’s no wrong way though, right? So if I say it either way, no one’s going to look at me like an idiot. That’s my fear whenever I hear someone else say it different from however I’m saying it at the time. Like, oh God, am I pronouncing this title completely wrong? 

Jason Martin
Oh, no, I think you’re good. Both work. It’s like me trying to pronounce there’s that CIEM category and people call it like Kim or just can’t. I just can’t do it. 

Brett
I think some people call it SIM, some people call it Yep. 

Jason Martin
Yeah, I think they’re both tomato. Tomato. Yeah. We love our acronyms. Again, we love to be seen as this unapproachable hard problem. Right. But we don’t have to be. 

Brett
I’ve worked in basically every industry and I have to say Cybersecurity seems to love this stuff more than any other industry I’ve ever seen. It’s so confusing trying to get up to speed. Obviously the CISA one is easy, but when you look at all these different categories, it’s just alphabet soup like you mentioned there. Yeah. 

Jason Martin
One of our biggest challenges is to dumb things down. And I don’t mean that in a bad way. It’s like, look, security, as I mentioned before, they have enough problem with expertise and then our tools take in a profound amount of expertise. So one of our usability goals is always is like simplify, simplify. And it is super hard to do. It’s just a profound challenge in usability and security tools is to simplify it and make it approachable. 

Brett
Yeah. Makes a lot of sense. Now, based on your journey, what’s the number one piece of advice you’d have for yourself if you were starting this company again today? 

Jason Martin
Just stick with your intuition. I would say the benefit of a second time Founder is that you kind of know when to get emotional and not to. As a first time Founder, I think you get emotional a lot. So if it was, hey, what advice would you give to yourself when you started your first company? It would really be about like, look, these are the things to get worried about. These are the things that are just totally normal part of the process and you don’t have to worry about it the second time around. You’d already know those things. You don’t get excited by them. And so it allows you to have a much more emotional balance. But definitely in this round of going back is like, hey, stick with it. You’re right. When you’re trying to future forecast a product and a problem in the market, there’s a lot of uncertainty, right. 

Jason Martin
And you look for a lot of validation. So I would just tell myself, you’re going to be right and so stick with it and you’re going to have fun doing it. 

Brett
And final question here, let’s zoom out into the future. So three to five years from today, can you just paint a picture of what that high level vision for the company is? 

Jason Martin
Yeah, we want to be the company that is the best at finding evil in the cloud. And again, it’s not about SaaS IAS PaaS, it could be kubernetes, it could be on the endpoints, it could be looking at the network, it’s wherever the adversary goes, we want to be right on their tails and helping our customers detect mitigate and respond to that. And it’s not going to be easy, right? We’re going to have to go into all kinds of corners of technology that we probably don’t even really know about today. And then the second is, I hope, look at the fundamental. If you go to our site, you probably see it. 

Brett
Right. 

Jason Martin
Permiso believes that we want to turn cloud zeros into cloud heroes. We hope that through what we’re going to do, we’re going to help find evil and we’re going to help you protect your environment, but hopefully we’ll help you take your existing security teams that have years and years of on prem experience and tooling and know how to deal with evil on the on premise world. And hopefully if we do what we do well, we’ll allow you to easily transition them into the cloud, which is a different set of tools and a different set of languages and it’s like going from English to farsi or something, right? How can we make that as easy as possible? So that’s my hope. My hope is that we’ve helped train up a whole generation of people that are kind of old school into the new school in the cloud and that we’re just catching the bad guys and stopping them wherever we can because that’s what gets our juices flowing. 

Brett
Amazing. I love it. Jason, we are up on time, so we’re going to have to wrap here. If people want to follow along with your journey as you continue to build and execute on this vision, where should they go? Yeah. 

Jason Martin
Find me on LinkedIn. I’m not a big tweeter or Twitter person, but LinkedIn and you can shoot me up an email. Jason at Permiso IO I always love to hear from other founders and learn from other people as well. So really appreciate the interview, Brett. 

Brett
Yeah, this was a lot of fun. I learned a lot from you and I think founders listening in are also going to learn a lot. So thank you so much for sharing insights on your journey. Thanks for inspiring, hopefully more enterprise software companies to not be so boring with their branding and their marketing. And thanks for coming on, really appreciate your time. This is a really fun conversation. 

Jason Martin
Likewise. Thanks, Brett. 

Brett
Cheers, take care. This episode of Category Visionaries is brought to you by Front Lines Media, silicon Valley’s leading podcast production studio. If you’re a B2B Founder looking for help launching and growing your own podcast, visit frontlines.io podcast. And for the latest episode, search for Category Visionaries on your podcast platform of choice. Thanks for listening and we’ll catch you on the next episode. You our.