The Front Lines
SubscribeContent Studio
Andrew Rubin.
CEO & Founder · Illumio
As Founder, CEO and Board Member of Illumio, Andrew is responsible for the overall strategy and vision of the company. With deep expertise in Zero Trust, segmentation, network security and regulatory and compliance management, Andrew serves as the Executive Sponsor of many of Illumio’s largest customers in the world, including Citi, HSBC, Salesforce, and Microsoft. Andrew frequently participates in panels, articles and podcasts for leading industry events and publications. Andrew was named to Goldman Sachs’ "100 Most Intriguing Entrepreneurs" seven times as part of its Builders & Innovators program and received Ernst & Young’s Bay Area Entrepreneur of the Year 2024. Andrew serves as a Board Member of Emigrant Bank, as well as an advisor to several cyber and technology start-ups, and is an active angel investor as well. Andrew graduated from Washington University in St. Louis with a BSBA in Finance, and he is both a guest lecturer on entrepreneurship and a National Council member of the Skandalaris Center for Entrepreneurial Studies at the university.
Guest
Andrew Rubin
CEO & Founder
Company:
Illumio
Location:
Sunnyvale, California, United States
Loading episode...
Listen onApple PodcastsSpotify

When the market doesn't believe you yet: How Illumio built a cybersecurity category from scratch

There's a particular kind of founder hell that doesn't get discussed enough. You're right. The problem is real. The market will eventually come to you. You just have no idea how long "eventually" takes.

Andrew Rubin lived that for nearly a decade.

As CEO and Founder of Illumio, Andrew built a company around a thesis that now looks obvious: the entire cybersecurity industry is optimized for keeping attackers out, and almost nothing is built for what happens after they're already inside. In a recent episode of Unicorn Builders, Andrew didn't offer the polished retrospective. He walked through what building without a category actually looks like — the decisions, the wrong bets, and the discipline required to hold a conviction long enough for the world to catch up.

The argument hiding in plain sight

Illumio's founding thesis wasn't intuition. It was a data argument that the industry was actively ignoring. Andrew lays it out: "Every year, there are more cyber companies than the year before. Every year, more venture capital is invested in cyber than the year before. Every year, customers spend more money on cyber...and every single year in the last 10 years, we have more breaches."

His interpretation wasn't that the industry needed to be torn down. It was more precise than that. The existing tools were necessary — just no longer sufficient. The perimeter-focused security stack hadn't kept pace with a threat landscape where sophisticated actors were routinely getting through and then living inside enterprise environments for months undetected.

So Illumio was built for the post-breach problem. As Andrew puts it: "We're going to build software that makes sure that when the bad stuff gets in, we find it a lot faster and we stop it from spreading so catastrophically." Not a replacement for the first job. A second job that the changed world now required.

What they miscalculated was how long it would take the rest of the world to reach the same conclusion.

The thing founders building new categories get wrong

The early years forced a distinction most founders blur until it's too late: evangelizing is not selling. They require different motions, different team profiles, different expectations about cycle length and conversion. Andrew is precise: "We spent as much time talking about the problem as we did about the right way to think about the solution. And we had to do all that before we even said the word Illumio for the first time."

Without Gartner or Forrester organizing the landscape, there was no external Sherpa handing prospects a framework for the decision. No annual report telling CISOs what to buy or who to trust. Andrew's response was to stop fighting that reality and build around it. Without category validation, Illumio was structurally only accessible to early adopters — so he made finding them a deliberate strategic mission rather than a side effect of broader outreach.

"We made it our mission to go out and find early adopters. They tend to be large global companies. A lot of times they're in financial services." The profile is specific: organizations with the institutional risk appetite to evaluate something before the mass market has a framework for it. That's a very different ICP than "enterprise" — and targeting it requires a very different sales motion than demand capture.

The execution was less clean than the strategy. "I wish I could say it looked like this very well organized, very methodical process," Andrew admits. What it actually looked like was flying around the world dozens of times a year, sitting in front of customers who might never buy anything, spending hours picking their brains. The goal wasn't to close. It was to accumulate signal.

Building when there's no North Star but the customer

That obsessive customer proximity became Illumio's only strategic compass for the better part of a decade. Andrew is direct about why: "When you don't have the benefit of a big, organized, mature category...the only voice that ultimately matters is the customers."

What made this disciplined rather than reactive was what they did with it. Every piece of feedback — what worked, what failed, where Illumio was losing deals they shouldn't lose — fed directly into product direction, positioning, and eventually narrative. The VOC wasn't just input. It was the raw material that, years later, became the story.

That story eventually compressed into three words: the Breach Containment Company. Obvious in retrospect. Anything but obvious to arrive at. Andrew brought in CMO Karl roughly a year before this conversation and, by Andrew's own estimate, spent what might add up to hundreds of hours in alignment conversations about how Illumio should describe itself. The CPO was in the room too. "When you're talking about something that's so foundational...what is the frame that we want to put around us in the market? It's not one person's responsibility to get that right. It's a team sport."

The deliberate pace mattered. Rather than shipping new positioning in time for RSA 2025, the team made a conscious call to get it right for RSA 2026 instead. "Let's get it right for the next 10 or 20 years as opposed to racing to get it done in a quarter." When they finally went to market with the new narrative, the requirement wasn't just a good message — it was every person in the organization reading from the same sheet of music. Both conditions had to be true simultaneously.

What analyst validation actually does — and doesn't do

Illumio now holds a clear leader position in the Forrester Wave for micro-segmentation and recently received Gartner's Voice of the Customer report, likely the predecessor to a full Magic Quadrant. Andrew is unsentimental about what these moments deliver. "The perception is...everybody's going to buy our stuff the next day. That, of course, is the perception. I'm not saying that perception is informed by any form of reality."

What actually happens is a ramp, compounding over time. Each report builds on the last. More customers adopt, which drives more analyst inquiries, which eventually produces more reports, which accelerates adoption further. "The momentum in the space begets momentum." For founders inclined to dismiss analyst relations as pay-to-play, Andrew reframes the ROI entirely: the analyst conversations themselves are a paid voice-of-customer channel, independent of whether a report ever materializes. "Just like us, they're talking to customers all day, every single day." Start early. Scale the investment to where you actually are. Even the discouraging feedback — Illumio heard directly that the category might never be validated — is signal worth paying for.

A decade is a long time to hold a conviction. Andrew doesn't romanticize it. "I believed in what we were doing the day we started the company. I believe in it every bit as much today. And I wasn't going to give up unless it was apparent that we were really, truly wrong."

The market finally agrees. The question every pre-category founder has to answer is whether they can say the same thing in year nine.

Six takeaways from this conversation.

Actionable for Unicorn Builders founders

  1. Selling and evangelizing are different motions — staff and spend accordingly.
    When Illumio went to market, they weren't walking into rooms where buyers had already identified the problem. They were spending as much time establishing why the problem mattered as they were positioning the solution — and they had to do all of that before the word "Illumio" even came up. Andrew's distinction is operationally important: evangelism means convincing someone to care about something they've never thought about; selling means competing for a decision already in motion. If you're pre-category, you are evangelizing. The implications for hiring, quota design, and sales cycle expectations are entirely different. Staffing a 200-person enterprise sales org before the category exists is how you burn your runway.
  2. Without analyst validation, your only GTM compass is early adopters — go find them deliberately.
    Illumio made a conscious strategic decision: without Gartner or Forrester organizing the market, they were, by definition, only accessible to early adopters. So they stopped trying to sell to everyone and got specific about who early adopters actually are. Andrew's profile: large global organizations, heavily concentrated in financial services, with the institutional DNA to evaluate and adopt something before the mass market has a framework for it. The lesson isn't to wait for the market — it's to map where the early adopters are concentrated and build your entire GTM motion around getting in front of them.
  3. Voice of customer isn't a product input — it's your strategic North Star when analysts haven't spoken.
    For the first eight to nine years of Illumio's life, there was no external report organizing the competitive landscape or telling enterprise buyers who to trust. Andrew's response was to treat every customer conversation — hundreds of thousands of air miles worth — as primary research. What worked, what didn't, where Illumio was failing, what language customers used to describe the problem. That raw VOC wasn't just fed into product. It eventually became the foundation of the company's positioning, narrative, and go-to-market story. The companies that don't do this systematically have nothing to package later.
  4. Positioning is a project, not a eureka moment — treat it like one.
    Illumio has always been a breach containment company. It took them nearly a decade to say it that way. Andrew is explicit that the crystallization of "the Breach Containment Company" wasn't inevitable — it was the result of a deliberate, multi-month project led by CMO Karl and the leadership team, involving hundreds of hours of internal alignment across marketing, product, and the CEO. The tactical lesson: don't race to nail your narrative in a quarter. Andrew's framing — is it better to hit RSA 2025 with a mediocre story, or RSA 2026 with the right one? — is the right way to think about it. Once you have the right message, you also need the entire organization reading from the same sheet of music. Both things have to be true simultaneously.
  5. Analyst relations is paid VOC — start early, size the investment to where you actually are.
    Andrew pushes back directly on the "pay to play" framing that many early-stage founders default to. His reframe: analyst conversations are a mechanism for accessing aggregated customer sentiment across your entire market — and that has standalone value independent of whether a report ever comes out. Illumio was investing in those relationships long before a Magic Quadrant was on the table, including years when Gartner and Forrester were telling them the category might never materialize. That feedback — even the discouraging kind — shaped how they calibrated GTM investment. Andrew's practical framework: start early, but scale the dollar amount to where you are in the journey. Don't treat it as a report transaction. Treat it as a recurring intelligence channel.
  6. RSA is three events happening simultaneously — most companies only work one.
    Andrew's breakdown is worth internalizing. The booth floor is a branding exercise — high visibility, low depth, and that's fine. But there's a second layer: the buyers who come in with a list of vendors they actually want to evaluate, spending 30 to 60 minutes in deep technical and architectural conversations with your floor team. That's real pipeline work, and it requires having the right people stationed there. The third layer — where Andrew spends most of his time — is the 60 to 80 private EBC meetings running in the hotels surrounding Moscone, with customers, prospects, and partners. No marketing, no buzzwords. That's where relationship-driven enterprise deals actually move. The companies that treat RSA as a single event with a booth and a happy hour are leaving most of the value on the table.

More episodes

Tony Jamous & Hadi Moussa
Founder, CEO · Oyster
Natalie Wolf
Chief Customer Officer · Backstory AI (was People AI)
Henry Schuck
CEO & Founder · ZoomInfo
Sean Harper
CEO and Co Founder · Kin Insurance