'Lessons from a CISO' with Tammy Moskites

Show Notes

Welcome to the Scale with Strive podcast, the place where you come to listen to some of the world’s most influential leaders of the SaaS industry. 🚀

 Your host today are Sales Manager, Dylan Hoyle, and Strive's Founder, Adam Richardson. 

Today, we're very pleased to welcome Tammy Moskites from CyAlliance. 

Tammy is an ex-CISO for the likes of Venafi and now runs a Consultancy advising Early-Stage Cyber Security startups. 

Today's conversation was a little bit different than our typical, with some of my key takeaways being: 

💡 What is keeping a CISO up at night - and how their priority initiatives have changed. 

💡 What parameters a Founder can look at to determine Product Market Fit - and how Founders can successfully drive growth at the top of the sales funnel for the company. 

💡 How we can tailor our message towards CISOs in today's market. 

 Let’s Dive In!

 _________________________________________________________________________________

Watch the episode on YouTube 🎥 – https://youtu.be/SnQFuuyPDFg

Connect with Tammy here - https://www.linkedin.com/in/tmoskites/

Connect with Adam here - https://www.linkedin.com/in/saasheadhunter/

Connect with Dylan here - https://www.linkedin.com/in/dylanhoyle-saas-recruiter/

Learn more about Strive here - https://scalewithstrive.com/solutions/

 _________________________________________________________________________________

11:36  Prioritizing CISO Initiatives and Messaging

21:30  Navigating Challenges in Cybersecurity Startups

31:33  Startup Marketing Strategies for Traction

37:10  Networking and Buying Strategies for Success

47:09  Budget Prioritization in Risk Management

50:33  Career Advice and Humility in Leadership

Chapters

• 0:14: Influential Leaders in SaaS Industry
• 11:36: Prioritizing CISO Initiatives and Messaging
• 21:30: Navigating Challenges in Cybersecurity Startups
• 31:33: Startup Marketing Strategies for Traction
• 37:10: Networking and Buying Strategies for Success
• 47:09: Budget Prioritization in Risk Management
• 50:33: Career Advice and Humility in Leadership

Transcript

Speaker 1: 0:14

Welcome to the Scale With Strive podcast, the place where you come to listen to some of the world's most influential leaders within the SaaS industry. Your host today is myself, dylan Hoyle, and Strive's founder, adam Richardson. We're very pleased to welcome Tammy Muskite from Cy Alliance. Tammy is an ex-SISO for the likes of Vadafi and JP Morgan and now runs a consultancy advising early stage cybersecurity startups. Now, today's conversation was a little bit different than our typical, but with some of my key takeaways being what is keeping a SISO up at night and how their priority initiatives have changed. What parameters a founder can look at to determine product market fit, and how founders can successfully drive growth at the top of the sales for the company. How we can tailor that message in towards SISOs in today's market. Let's dive in, tammy. It's amazing to have you on the Scale With Strive podcast. Thank you very much for joining us today. Obviously, I've been familiar with your background for quite some time due to your portfolio, but I'll let you introduce yourself to the viewers.

Speaker 2: 1:22

Well, thanks for having me. First and foremost, A little bit about me, Tammy Muskite. A lot of people are afraid to say my last name, so don't be, it's not as bad when to hear it. I've been a career SISO forever. It seems like I've been in the industry over 30 years, but super excited to see so. At Tom Water Cable Home Depot, I was at Huntington Bank, I was at Accenture for a while. I worked for a technology company as their CIO and SISO at Venify for a lot of years and I started my own company about four and a half years ago, which is SILENCE, which I'm super excited about.

Speaker 1: 2:02

Sure, sure. And you were obviously with JP Morgan back in 2002 as well, so you've had quite a varied background as a SISO.

Speaker 2: 2:10

Yeah, it was actually Bank 1. Then they got acquired by JP Work and Chase. I was the business information security officer there for technology.

Speaker 1: 2:18

Amazing, amazing, and then obviously skip forward to 2019 and SILENCE was started. Give us a bit of an understanding, I guess, of what SILENCE does.

Speaker 2: 2:31

Well, silence was kind of a brainchild of mine that I've been thinking about forever of something I've wanted to do. And when I left Accenture I started SILENCE with one premise and that was trying to bring the best of the best to the SISO community. Because I know from the other side of the table I was always challenged of who do I trust, who can I talk to, what things can I do on a day-in and day-out basis and know that the advice that was given to me is something that I can use. So the brain, that's kind of where SILENCE really started. But SILENCE as a whole, our company again, like I said, is four and a half years old, but what we do are three primary things.

Speaker 2: 3:12

About 10% of our business is just focusing on job placement, from engineers to SISOs, to CIOs. The other 10% is professional services. We do a lot of going in and out of companies and talking about everything, of how to talk to a board, organizational restructuring project, pen testing, those types of things. And then the other 80% is the portfolio that you're referring to is. Some of them are seed investment companies, companies that I've actually invested in at a seed level. Some are companies that joined our SILENCE portfolio. Some are very early stage, some are not, so we have a really good mix of products and companies that we're proud to have under the SILENCE umbrella.

Speaker 1: 3:59

Amazing, Amazing and I guess, despite what we started in 2019, the portfolio it is really impressive, right? Creative shield group security, open security, PSY, code, KDO the list genuinely goes on. So I guess to work with that amount of businesses at that caliber in such a small, say short space of time is obviously credited to yourselves and what you guys are doing over there, I guess just to give the viewers a bit of an understanding then. So you were an ex-SISO, obviously now operating with SILENCE as a fractional SISO, offering many different types of support. When, say, you work with an organization, what's the sort of typical involvement that you'd have within a business when you initially start the partnership?

Speaker 2: 4:47

Well, we don't call ourselves fractional SISOs anymore At least I don't. But there's a host of reasons for that, but mostly is because, just because of the amount of liability there is in the market just for a general SISO within an organization, we aren't covered by their insurance coverages and other things coming in as a fractional SISO. So we really refer to ourselves more as executive advisors or things like that. At that level. It's a little CYA thing, but it is what it is right. We've seen a lot of crazy things in the SISO lawsuit market over the last few years, but what we do just like a part of what we do, is just going in and helping folks identify where their projects, what level of in their portfolio, the things that need to be done.

Speaker 2: 5:37

Some SISOs are brand new, you know, coming into an organization and they just need to step back and ear to listen to. So we'll come in and talk to them about things like that. We'll come in and look at their organizational structure and see where they have gaps. We'll also help them with RFPs or RFIs, and they're not always within our portfolio companies too. I mean we host a, like you were saying. We have a whole bunch of companies under our purview, but we'll come in and we'll provide them the best, the best level of service, the best customers, the best opportunities, the best vendors that will fit their needs.

Speaker 1: 6:12

Nice and you've already had an exit within your portfolio right.

Speaker 2: 6:17

Yes, so some of our portfolio exits are ones that we've invested in and some, like I said, our investment companies. When those exit are always awesome because obviously that's a bigger bang for our butt. There's companies that actually, you know, pay to be part of our portfolio. So there's the other side of it. They join us right to help them grow, right to help them grow in the market, and so, whether you know to watch them get acquired or watch them IPO, that is exciting.

Speaker 1: 6:47

Yeah, it is really exciting. We've seen it like getting into a business early, helping them build the plane while it's flying, essentially going through all those challenges, taking numerous punches to the face, right Going through that whole journey to then obviously get the reward of an exit, ipo or acquisition at the end of the day In terms of, I guess, some of your first partnerships back in like 2019, 2020, obviously it was a bit of a turbulent time over the last few years about COVID and economic downturn, essentially like I guess what's a bit of a story about maybe one of your partners, whether you've helped a founder or a company, how you supported them and how they've grown, I guess, despite any challenges that they faced.

Speaker 2: 7:30

Yeah, that's a great question because you know, when I look at when we started in 2019, it was, I always say, you know, six months BC, before COVID, right? So we're at six months BC. We started company really focused on helping organizations and working with boards and working with all these companies all over the place, and then, all of a sudden, a lot of your business stops. It just stops March 13th. Everything go home, right. That message goes out and go home. So you know we're home and then I'm trying to figure out what does home mean?

Speaker 2: 8:06

And so we had some initial partnerships with some companies and our one of our biggest and first primary partnerships was with a company called Risk IQ and we worked with them through, you know, growing their pipe, helping them get their message out. We started doing virtual events. My partnered with Buffalo Trace Distillery and the infamous Freddie Johnson there, the bourbon guy. I mean we were doing. We had, you know, 30 plus people on drinking bourbon throughout all COVID, which was awesome. But the boy I was trying to get is we closed so many deals with them. It's like we brought so many amazing CISO leaders to them and they got to learn about them, even if it was over a glass of bourbon or two, right.

Speaker 2: 8:59

But what ended up coming on the other end is, obviously they were acquired right, and so that big acquisition for them was outstanding. It was exciting to watch a company literally grow so rapidly, fast and within 18 months, you know, have so much in their pipe and so much closed and they just killed it. So, like I said, it's sort of like your kids you know when they're growing up and you're watching them do this. All he walked, oh, he went to school, oh, he rode a bike or whatever it is I always think of, even though my employees back from you know bazillion years ago I was like, oh, they got a promotion, oh, they got this. So it's the same thing. You just get excited and watching their brand become recognizable For sure.

Speaker 1: 9:45

And I think, like seeing the significant impact that some of the CISO alliance can have in a business is exciting and the reality is you're guiding a lot of the time. You're not telling someone what to do, but more guiding them through ideas and the concepts. I think the best business is often done with a couple glasses of bourbon as well. It loosens the mood, I guess, with risk IQ, for example, because obviously you partner with them. Bc just before COVID. What were, I guess, some of the key challenges that they had to navigate? Because there was a lot to it in that time period.

Speaker 2: 10:19

Well, I think it was the massive right. You know, traditionally we are companies or or it's whether it's a startup or, you know, a company that's, you know, above over a hundred million in revenue. It's they didn't want to get in front of people, right? So it was always that human interaction, that handshake, that that trusted one on one type of thing, or getting in front of people to spread your message. We had to find new ways to spread your message right and still generate that interest.

Speaker 2: 10:49

To take another call, People were still trying to figure out Zoom for goodness sakes, People are still trying to figure out how their kids were gonna, you know, eat lunch and breakfast and they were still gonna have to work in front of the screen and keep their company secure and protected. So it was all of those interactions and finding ways to get the sales team in front of the people they were needed to get in front of, and I think we did a very good job of it. I think that most of the sales calls that we did take were very relaxed. It was a very different atmosphere and most people we weren't all in suits and ties and whatever we were in, you know, polos and t-shirts it was a very, very relaxed.

Speaker 1: 11:36

Yeah, you lead us onto a really good point there, because it's now more prevalent than ever that getting the first meeting and driving real growth at the top of the funnel is like one of the biggest topics that I personally see. We've found us today and I guess, would that being said, like priority initiatives of CISOs and like quite senior security stakeholders have changed immensely over the last couple of years. I guess I wanna come onto the messaging piece in a second, but, with that being said, from like a priority initiative and like what is keeping a CISO up at night at the moment, I guess going into 2024, what are some of the biggest things that that gonna be focused?

Speaker 2: 12:17

on. Yeah, it's interesting, sidelines just pushed out our first quarter survey, so we've been gathering information. I'm not exactly sure how many responses we have, but what we did do is I extrapolated kind of an idea of what are the. We had a whole list of like what are your top focus things for 2024? And it was interesting because last year when I was looking at this, very similar things. People were worried about stuff around identity, ransomware. There was like the same things this year. The top three so far because we're only halfway out with our survey the top three that people have chosen or put other in was cloud security, ai threats and security, and the other one that came up on top and these are the three that were like of a huge list. These are the three that floated to the top because they can choose a bunch of things or put in their own was third party risk and governance. Else at the top so far.

Speaker 1: 13:25

And that's changed quite a lot from last year.

Speaker 2: 13:27

Yeah, it really has. It's like. So when I look at this third party risk and governance, I think about the amount of time they spend with security questionnaires and compliance questionnaires. So I'm thinking that and the amount of ability of, from breaches and other things, how important it is for your connections with your partners and with your security partners or technology partners. That importance is finally bubbling up to the top Because I think it's something that's kind of been it's important but right, but that's cloud AI.

Speaker 3: 14:05

I thought the AI threat thing would be higher this year, but the third party I was in third party privacy risk governance is way at the top and Tammy, just to qualify that when you say the third party risk and governance, do you mean that them as an individual, our third parties have into complete risk assessments and governance for partners of theirs, or you mean that how they risk and assess risk within their third party, like external partners?

Speaker 2: 14:34

You know that's great. So I asked some follow up on that so you know when they answer that. And so what it was both right Is like we wanna know how, like the third party questionnaires are things that, the things that we're entering to make it faster, to make sure it's more accurate, so they understand our risk, but in Converse, is looking at the other way and saying, hey, we're connecting to you, we wanna make sure it's safe. So it's both ways. And the privacy and governance pieces also are around compliance. You know initiatives like you know PCI, et cetera, et cetera. So it's that whole compliance piece. I think that kind of mixes it all into one. The way I broke it out where people wrote comments was you know, we need to improve our third party risk questionnaires, we need to improve our internal risk profile around you know risk acceptance and things like that, and around controls and compliance. So those were a lot.

Speaker 3: 15:25

It's interesting that that came up, because I had a conversation with the CRO just before Christmas and they were just about to land one of their biggest deals. It was a seven figure multi-year deal and one of the processes that we currently go through to get it over the line just before Christmas was that every single employee within the organization had to pass a cybersecurity assessment and it was positioned as like a 20 minute multiple choice Q&A, but it was actually taking the employees like three hours to do it, so the whole organization had to complete and be signed off from a security perspective before they could actually close the deal with the vendor.

Speaker 2: 16:05

That's crazy and get it, but it's a lot of work, right. There's just a lot of stuff around it. I mean, even in my past lives, when I my security risk team, they were always doing risk assessments internally, for, like people that wanted to do projects internally to assess the security risks or we had, you know, just like you said, when we were trying to buy a new product, or vice versa, we're partnering with somebody that's going to be connecting to our world. The amount of people that I have allocated to that was crazy. So I think people are just trying to find ways to utilize a lot of the information they already have and be able to populate it in a way that it's true, accurate and being able to be faster, more agile.

Speaker 1: 16:49

Yeah, and like the three things that are important at gas for sea, so has gone into 20 foot and four cloud security, the governance, risk and compliance piece and the AI threats within security. I guess that's their three priority initiatives for CISOs going forward, and I think a big part of what CY Alliance will bring to the table is really being able to tailor in our messaging so it like really does resonate with CISOs and security stakeholders. Like, let's say, I'm a founder of a seed stage security company and I'm just determining my product market fit. I really need to like tighten my messaging and making sure that it does resonate. What are the some of the things that you're suggesting to these founders?

Speaker 2: 17:32

Project product market fit. Gosh, you know, market is everything. Right, it'd be. People just forget that market trumps everything. Right, you get your market wrong. You get your ICP wrong, right, it requires you to take a step back and rethink. So you know, I always tell folks especially I mean, we have some early stage that are companies that were invested, that are even still in stealth mode, right, so we're talking.

Speaker 2: 18:00

Then it's like, all right, well, you find your initial target market right, what is your initial target market? And then, oh well, it's going to be these people. And I'm like, well, do they feel the most pain? Right, and they're like, well, I don't know. Well, did you ask anybody? I mean, you can have great ideas and you get great things right, but you really got to find that pain point to make sure that your product market fit, truly fits right. So maybe your first instinct or your first way of thinking about the market might not be the right one.

Speaker 2: 18:31

So it's really important to go out there and do that discovery. Talk to CISOs, talk to people in the market, making sure people you like, people you don't like, I don't care what it is, but get that candid feedback, very open-ended questions, and then you have to develop your value and I think that that whole big portion of it to find your fit is really in that right Is what is truly your ICP. Maybe I say right Because it could change because of that but also making sure you're doing that extensive discovery to make sure that your value is truly your value and that their pains actually meet your gain right. So you're going to have to monetize it in a way where you're able to actually take your product or your prototype or whatever you have and actually give that initial feature set to somebody to see the problem.

Speaker 2: 19:29

And I think that especially working early on that product market fit, that piece of it is so important. And you have to be lean. You have to make sure you're focusing on, making sure you're testing it with potential customers and people you trust and then take a step back and say are we doing the right thing? And I think that those are the parts that we work a lot with folks on, looking at their road map, saying does this make sense? Are you focusing on the right thing? Is this product viable to the market? Right, and I think that that's the scariest thing to ask. Right, you're telling somebody that's, like you know, really vested their blood, sweat and tears into something that they're extremely passionate about. But it's hard to make sure that your prototype or your product gets out there to something that they actually need right, but what is nice and neat is easier to sell.

Speaker 1: 20:22

You highlighted something there as well. Right Is that a lot of these founders are extremely, one, passionate about what they provide, but two like they've put so much blood, sweat and tears into it. Do you think that that sometimes can, I guess, limit a business Because they are so passionate, they have so much emotional involvement in the sale and in the business and in the product. Do you think that sometimes is a bit of a? It can be quite negative, I guess.

Speaker 2: 20:47

Well, it can if you take it personal right. So if you have a company and you're starting your company and you're passionate and you're saying that I'm gonna sell this widget and I'm only gonna sell this widget because this is the thing they need to solve but you, I'm trying to explain to you. It's like listen, this is great, but as a CSO or as a director of incident response or whatever your market is, I need to also see this. And you've all. You're giving me the pencil to write. It's not doing me any good if I don't have any paper right. So that whole thing of giving me what I need to be successful, I don't. There's a lot of pencils right. I need a solution, and that's where the problem falls in.

Speaker 2: 21:30

And a lot of early stage companies that are stealth like really trying to figure it out. That's where their biggest challenge is right Is they? And they have to not take it personal. It's a business. It's a business and so, depending on whether it's your first company or your fifth company, you learn through the process of you know, hey, the first time I was extremely passionate about the pencil or whatever. You know what I'm saying. So it's really creating that prototype, that thing that I wanna see, but being open to feedback.

Speaker 1: 22:07

Yes, and I think as well like one thing that impressed me about a founder. Recently there was a founder of a, a privileged access management company, and we were talking and we were talking about what he's done over the last six months in terms of some of the customers that he's met and he the amount of opportunities that he personally withdrew himself from because he didn't feel like he was a fit for that particular customer. So like having that emotional awareness and that understanding of the customer's pain where it's like I don't think we're the right fit for you right now, but let's touch base maybe in six or 12 months when things have materialized a little bit. So it's having that understanding that sometimes you're not gonna be a fit for everyone, but that's the process and story about determining that that product market fit.

Speaker 2: 22:54

Right, and that's a lot with our sidelines portfolio. We work with a lot of different companies, as you know. So when you talk through who we work for and who we work with and who we're invested in, depending on, does it matter? Right, I treat everybody the same. Sometimes they're not a fit. We've had, you know, partners in the past that have, you know, either you know, joined us or rolled off or got IPO or whatever it is, but sometimes they're not a good fit for our partners. Right, they might not be a lot, they might be a fortune.

Speaker 2: 23:24

Next company, you go in thinking that you're gonna bring this huge cloud security solution to them because they're a large company, but they're only 10% cloud. Well, they're not gonna be a good fit for what, what you're trying to bring to bear, right, but I think it's being flexible and being mature enough to sit there and say we are not a good fit for you is a great thing, because you know what? Cisos don't stay everywhere very, very long, right, they cycle through. They're here 18 months, two years. They go to a different company Next time. I was talking to Tanya and she was talking about this particular product. They said it didn't fit there, but we're like 90% cloud here. That would be perfect, right? So still being open to the conversations to educate is important and just they might not be the perfect fit now but having, like I was saying before, having those open and candid conversations with potential and maybe future potential customers is critical.

Speaker 3: 24:20

Yeah, just on that, Tanya, I think you know, having an open-minded CISO, that's, you know, open to have a like, a like, a non-committal introduction call just to understand more about your product, what it is and that you're offering, what problems that you solve, and sounds great. But if I'm a CISO and in the market within, say, cybersecurity which, let's be frank, there are hundreds and hundreds of vendors out there that are constantly approaching CISOs on a day-to-day basis, the day-to-day basis, some doing a good job, some doing a bad job, like what is it that's going to stand out to get that initial meeting to try and establish if there's any kind of synergy between the vendor and the CISO? Because I suppose it's really hard to cut through the noise in a market that's heavily saturated with security products.

Speaker 2: 25:10

Yeah, I knew for a fact that nothing I hated more like, candidly, than a million people coming at me. Quick story, and I'll get into your thing about how I did. Is that my-?

Speaker 3: 25:23

Love the story.

Speaker 2: 25:25

My admin back in one of my roles. I used to have vendors call me like a million times. I never even heard my phone ring half the time. She would pick it up so fast, right, and so we had created an H-NoList. She didn't swear at all, so we couldn't call it a hell-no list, so we called it the H-NoList. And so we created people.

Speaker 2: 25:47

I wanted to talk to people, I didn't, so she had this H-NoList on her desk and so if it was somebody on that list, she'd say no, or if it's somebody that she wasn't sure, she would put it on the I don't know list, right. And then on Thursday she would give me kind of this list at the end of the week. Here's the people that called. It was literally the end of the week, because Friday's I left open to vendors I wanted to speak to in the morning, so we would schedule them for a couple of weeks out after that. So it was funny because, you know, it's like I would have like this many people to talk to this many people maybes, and then like this many people on the H-NoList, because those are the people that repetitively called me. And the reason why I mentioned that is just like what you're saying is that we get bombarded with vendor calls, and that was another reason why I started SILENCE.

Speaker 2: 26:32

Right, I was like I wanted to be that trusted advisor.

Speaker 2: 26:36

I've been in their seats many times, right, but I also know the market pretty well and I partner with a lot of vendors.

Speaker 2: 26:43

So you know with me, when I work with my vendors, partners or my portfolio partners or whatever the best thing about it is that they'll sit there and say, tammy, I really need to speak with some folks in these industries, or vice versa, so say, okay, you're focusing on this product. I said I think you need to talk to like three strong CISOs in finance or three strong retail, and I'll help facilitate that. And it's not always the same people. Like I have a big network and so I'm very fortunate that we have the SILENCE portfolio is large enough where we have a lot of CISOs and directors and a lot of different levels, but you can't exhaust your CISO personerships. So what happens sometimes is that you know you'll bring some CISOs into your advisor as an advisory board, which is great as you can leverage their partnerships but those become stale. So it's stuff that you don't want to be asking the same three CISOs over and over and over and over and over again, right for help.

Speaker 3: 27:44

I think if you go back to the same people over and over again, you sort of get that create that like echo chamber of like bias and their views. You don't get that more of a holistic view of the market and new ways of thinking.

Speaker 2: 27:55

Exactly so. This way it's like when I understand personally the way that I work in SILENCE works. We work so closely with our especially with our early stage startup companies, but with all go, get me wrong but we really try to understand the market or that target market. They're trying to hit right and then get them really smart people or voices in the market. You know, there was one product that's very, very technical, right, and the CISOs love it. But there's some CISOs that are extremely more technical than others, right.

Speaker 2: 28:26

What's better than me being able to call up, you know, joe we're not, you know, targeting somebody out there just Joe, call Joe, because Joe not only is an amazing CISO, but he is so freaking technical that he's gonna be able to provide you that oh, this sucks type of thing or this is great, and you want that feedback. But I also stress, like we talked earlier, you've gotta be able to, you know, take the hits to the face sometimes, right, you just gotta listen. Listening is so important. I always tell people shh, don't say anything, just listen. So it helps Nice nice good stuff.

Speaker 1: 29:06

Well, I guess, moving on to like a next portion of it, right, I think we've discussed, obviously, some of the things that CISOs are gonna find really, really important going into 2024. And again, let's say, like I'm a founder of an early-stage cybersecurity company, I need to start planning ahead for 2024 and obviously mentioned the roadmap and what it could potentially look like In your opinion, tammy, what are some of the things that's important for me to get ahead of? What are some of the potential threats that I need to understand? I guess, plan accordingly, go before.

Speaker 2: 29:43

Well, trying to plan your roadmap. So you're just saying you're just coming out of stealth.

Speaker 1: 29:50

So let's say, let's say, because it depends, let's say it depends.

Speaker 2: 29:55

Like there's one thing I sit there and say you know, you know, make sure you look nice. Right, I was like be casual, I just kind of need to know where you're coming out of, where are you at?

Speaker 1: 30:06

So let's say I landed SEED 12 months ago. I'm in the position of landing my first 10 to 15 customers. Looking to get, let's say, we're at 800 KIRR. We're looking to push over that one million line. That it's now about scalability in regards to our processes and looking to land that series A.

Speaker 2: 30:23

Okay. So we're going a little bit back into product market fit again, right? So when you're looking at your next 12 months of where you are, what we do is we'll actually sit down and say is your product viable? Is it something that those customers wanted? Right? What does your pipeline currently look like? And let's look at your actual market of the things that you've already sold, right? So we start identifying industry, we start identifying ICP who are the best people to talk to and then we have to scope back and reiterate the product market fit again and making sure that the feedback you have and the ability to scale is going to be there, because nothing's worse than going to that next level and not being ready to rock and roll, because that's when you're going to hit the accelerator.

Speaker 2: 31:17

That's when, all of a sudden, you're working with folks like ourselves that we're going to get you. You know you're going to get in front of a lot of people. You're going to start doing a lot of marketing initiatives, getting more out into the, you know maybe, whether it's dinners or events or speaking engagements at conferences and things like that. So it's really starting to make sure you keep your, make sure you're still staying lean enough, right. Just because you're getting more money doesn't mean you spend it all, right. So it's really taking all that. And then look at that bill measure, mern cycle, you know. So it's sort of like you know, add where you need to, learn where you need to and adjust where you need to, and then, after all that, you just got to focus on traction. I think that what we've seen with one of our partners that's just getting ready to go into, actually come out of stealth. But they've been coming out of stealth, but they've been in seed round for a year. Okay, so that's so, it's kind of the same, but it's not right Cause they're actually going to try to build their market. But it's important if you're not getting traction right, even with the 800, you know K and ARR, that's not a ton of money.

Speaker 2: 32:25

Depending on where you're at right, you make sure your product is viable, right. Just make sure that your competent, your product, is viable. It's a tough call, especially if you invested a lot of personal. You know investment right. But make sure that when you're moving ahead, be honest, right, be objective and then focus on getting in front of the people you need to. If your product's there, your market's there. Like I said earlier, market trumps everything. It's time to get in front of the people you need to, and so it's going to be a matter of building that roadmap with what's my marketing initiative. Marketing is really big for you after that round because this is where, after year, when you get that A round of money, you got to use it in a way where you're bringing pipe to get that next round of money. So you have to have pipe and you got to make sales.

Speaker 3: 33:19

And tell me you mentioned traction there a couple of times. It seems like something that you feel is important, particularly at this stage. What are the kind of things you'd be advising to founders that are really going to move their needle from a traction perspective? So like, if we're having these conversations and we're working together and you're saying, right, I don't need to get some traction now, now's the time. What initiatives would you be sort of advising me in which direction you'd be encouraging me to go in that's going to really help move the needle in that respect?

Speaker 2: 33:53

Well, usually traction, there's two reasons why traction isn't happening. Your product isn't good or good enough. I mean it doesn't, I'm not saying it sucks, I'm just saying it might not be good enough yet, right? So that's where you have to take it back and say is your product ready for prime time? Right, think about it. Think of the customers you have, think about the amount of tickets. So think about the traction you have with your product. And then the other piece of your traction is just in your brand marketing. It's hard to sell something if nobody knows who you are, right, so it's, you know.

Speaker 2: 34:30

I think that the executives I work with especially when we host very large dinner events at Silite, and the first thing I always say is like, hey, there's 30 people sitting there for dinner. I was like okay, the 30 people sitting here for dinner, how many people have heard of this company before? And then people look around and maybe two people raised their hand. That's a problem If you're already gotten your A round and two people out of 30 in a city you know the size of Charlotte or a Lanier Columbus, Ohio, for God's sakes, two people raises their hand Right and we have 80% of the people in the room are executives. That's a problem, right? So that traction is okay. Let's focus on where we need to make sure that you're getting the best bang for your buck.

Speaker 3: 35:15

Yeah, we saw a huge spike in demand for product marketing over the last couple of years, particularly for that like getting your products out, like getting people to know who you are. So that doesn't necessarily say that aligns to a lot of the market trends that we saw from a hiring perspective over the last 18, 24 months.

Speaker 2: 35:32

Yeah, and I think that what gets scary for startups especially is they want to put their money into the product, and I get it. They have to right the product has to be viable, but they have to put money into the market and it's sort of like, oh my gosh, you're going to charge whatever a bazillion dollars for a dinner or for a conference. You got to make sure you're hitting where your target market is, but also making sure that you have a budget in that first 12 months that we were talking about that 12 months. Make sure you have a marketing budget and don't strip it down to where you're not getting in front of anybody. Make sure you're getting in front of as many people as you can.

Speaker 2: 36:14

Make sure your website is good. Make sure your LinkedIn posts are good. Make sure you're getting blogs out. Go out you know anything that's exciting. Get it in the press, get it into magazines. Go sign up for awards, whatever it is. The more that your name gets out there and your brand gets out there, the better the recognition and the opportunity for the CISO to take them maybe.

Speaker 3: 36:36

And what have you seen like best bang for your buck in that respect, like if it was your money and you were taking your product to market, and then a slight sweep in generalizations here. But where do you see best bang for buck from a marketing perspective?

Speaker 2: 36:51

I hate saying it depends, but it depends If you're US driven, right, I think that where people make the biggest mistakes is going to some of the initially going to some of the very, very, very large conferences and not having any more of a presence than a little cube in a corner somewhere where nobody walks. You spend a lot of money on a lot of those things. You know, I go to a lot of conferences, I speak at a lot of conferences, but those are the areas that I tend to walk to, but they're usually the guys over there that are playing cards in the corner because they don't have people over there talking, but they just spent, you know, $50,000 on nothing where you could have spent $50,000 on. You know maybe three really expensive dinners and got in front of 90 executives, so you had one on one time. Basically, right, personal one on one time. So it's really, you know, making sure that you are getting something in return. You just don't want to go to a dinner. You know kissing babies and shaking hands and then walking away and never getting an opportunity to talk to them. So it's really working more full cycle in partnership. I think you get biggest bank for your butt there.

Speaker 2: 38:02

Linkedin. Like I said, it's easy to put posts out there. Put posts, put pictures, put you know, studies, put whatever, but always make sure you're branding it. The biggest thing that I've seen lately is that people send out this really great stuff on LinkedIn, right, but the only place that their company is listed is in a little thing in the bottom. But they should shove their freaking logo right in the middle of it, right. I mean, it's what you need to do. You got to get your name out there, your logo out there, so it's all that can be free-ish, right, but it's really, you know, balancing how much you want to spend.

Speaker 1: 38:37

And with the gaining traction piece and obviously, again, I'm the founder of a seed company at 800K looking to get to the next piece, which is scalability. It's really important, I guess, at that stage to be objective as opposed to subjective. Do you have any like quantifiable metrics which would determine whether we're ready to jump ready to? So, I guess, go to the next phase.

Speaker 2: 39:02

Well, not metrics per se, but there are some telltale signs, right. One is do you have a lot of open tickets in your seed round with your current customers? Is there a lot of open items? Right. So if you have a lot of issues and a lot of open items that you still need to address, those are things that are really going to need to be focused on first and foremost. Right, Because you don't want to come out, you know, come out and just sit there and say, oh, we have a great product, but oh, we still are working on this. Oh, we're still working on this, right. So if you're the best thing since sliced bread, you know you really need to make sure you're coming out there and still being able to deliver that.

Speaker 2: 39:45

What I've seen in the past not with one of my particular partners, but with a partner that I was working with. I was helping them out and I was at their event and I was talking with them and people are raising their hands, and they were just after getting their A round and they're raising their hand and they're like, well, you do this right. And they go oh yeah, we do it. Very well, they will. Can you do it in this oh no, we can't do it in GCP. Well, can you do it in? Is no, we only can do our stuff in AWS. And all of a sudden, everybody's just like why are we here? And like it was. So the thing is is that you've got to make sure that if you're saying that you're the best thing in cloud, you've got to support cloud. If you're doing it, you know if you're, if you're, the best thing in identity, you got to support all identity, right. So it's all those kinds of things that I think that is that traction piece, right.

Speaker 1: 40:39

So and I guess, with all that this being said, right, what we've discussed today is all aspects that sideline to yourself bring to your portfolio. And I guess if there are any founders or people wanting to be founders listening to this, I think they'd be interested. Like, let's say, you've got to say your portfolio, how do you position companies in your portfolio to your network of C cells and customers? How does that interact?

Speaker 2: 41:07

Yeah, well, there's different ways, depends on where they are in the maturity life cycle, of course. But we do everything from you know well, those dinners for them, right? And so that's one way. Another way is is they all of our partners? I sit down and go through their pipeline, I go through road maps, I do quarterly discussions with every single one of our portfolio partners, but I also want to understand who they want to talk to, right? So we're fortunate enough to have a network where we're not always reaching out to the sick.

Speaker 2: 41:38

I say, early, the same three or four people all the time, right, you know we have hundreds of people in every city or every major city, but you know we'll, we'll sit there and we'll talk. And we'll sit there and say, okay, you want to talk to somebody in retail? No, I not. And sometimes I'll kick back and say, no, retail is not where you need to talk. Let's talk to somebody at Campbell's soup. Or let's talk to somebody at Nordstrom. Or let's talk to, oh, no, gaming might be better for you. So let's give, you know, dave Temberski a call over at the win, or or whatever you know somebody over at MGM.

Speaker 2: 42:10

It's really just trying to get people in front of the people they should be in front of. It's. It's not a, it's not heartening to do, but the people that we work with and what I who I've, you know, associated with for over the years, I mean I'm very fortunate that they trust me enough where I can sit there and, you know, consciously say, hey, can you talk to this company? I don't need you to necessarily buy it, but just provide guidance or just provide feedback, and we do that all the time.

Speaker 2: 42:41

You know, I have some CISOs in Australia, you know, because some of my folks are focused on Asia pack right now, and they are the most candid people I know. So they come out and they just sit there and they're like damn, damn, damn damn. I was like, wow, you killed them. You know, you just get it, but you know it's, it's like so don't take it personal. But then we also have that other side, where we have CISOs that are looking for specific product and they come directly to us and say, listen, this is what we're looking for, and do you have anybody in your portfolio that we can talk to? And so it's, it's, it's a win, win.

Speaker 3: 43:13

Just on that time. You know, having a warm introduction through someone like yourself, it goes a long way in terms of like buying, credibility for the vendor, for example. But I think one of the things I became to understand is around like buyer behavior of a CISO. So, like last year, the you know things that I was constantly hearing from speaking to people in my network was around how buyer journeys and buyer behaviors has changed and the influence that CFO now has on the purchasing of enterprise level software. That you know sales cycles have been extended and you know how CFOs are so heavily involved in that decision making. But what in terms of like buyer behaviors from a CISO perspective? Like what? What are the things that you, the patterns and trends that you see, all like predictions that you see? You see for 2024 in terms of the buying behavior of a CISO?

Speaker 2: 44:07

Last year it slowed down quite a bit. Actually, sales cycles extended, things got hung up a little bit longer, more evaluation of what needs to be bought and what really doesn't, needs versus wants kind of a thing that we talked about earlier. And also the economy really affected a lot of the buying habits in 2023, especially in the United States. So I think that that's what we're seeing our CISOs taking a step back. Cfos are heavily involved. They always have been heavily involved, but now they're more maniacally involved, which always is in a win, because they don't understand. They don't understand the risk that it's associating or the need. I'm not referring to wants, but the risk and the need for something is really important. So sales cycles on most cases and a lot of our partners double, double the amount of time to get something from, you know, from initial meeting to close by over 2024,. I'm starting to see the purse strings open up a little bit more, seeing people saying, hey, we have to get this stuff done.

Speaker 2: 45:14

This year we kind of you know, we kind of did x, y and z during, during COVID and then the past year and a half or whatever. We're really trying to gather our staff and figure out where we need to be Right. Some companies are required to come back to the office, just so. There was just a lot of mix. Now, where people are kind of taking a step back for 2024, is we kind of figure out where we need to be office hybrid, whatever. Now we have to really focus on the security importance. I'm seeing budgets are being a little bit flatter this year. I don't see a lot of people's money is going up. However, I'm seeing a very, very strong need of prioritization of project portfolio and that's across the whole board. I'm talking about it, security projects, etc. They're getting a much higher look and they're getting a prioritization at a very different level, and I see also that boards of directors are also revealing more and more project portfolios than ever.

Speaker 1: 46:18

And a line item on people's budgets changing, because I think that was a trend that we were starting to see with talking to customers that line items on people's budgets had typically been the same for a set amount of time. However, now there's a lot of threats at code level. For example, it's huge to dev secops market now. Is that something that you've seen?

Speaker 2: 46:39

The money is that I'm seeing that have been bucketed out.

Speaker 2: 46:43

Before, remember, we just had you had a CIO and you kind of had a budget and then they gave some money to the CISO and now we're seeing over the last few years the CISO has their own bucket of money, as I call it.

Speaker 2: 46:54

But now what I'm seeing is a lot of projects are commingled because of the necessity, so you're getting funding from the business area, it area and the security areas that are getting bundled together so they're actually having more money to spend on something to address some of those risks.

Speaker 2: 47:09

The amount of risks coming in are coming in fast and furious, but the prioritization of what they can do for a second and third has to still be addressed to be successful. I can give you a $20 million budget and you can go spend it all, but if you can't implement it all, then it's what's the use of spending all that money? So it's really using the program management offices, and especially in these larger organizations, that help you project prioritize and once they have the prioritization of what can logically be done for a second and third, I'm seeing more of the PMO offices actually taking a proactive approach of helping the security and IT organizations prioritize their needs and focusing on, like, the resource allocation, because we're seeing layoffs, you're seeing leveling of staffing, so that you've got to make sure you can't always do more with less. You can't always do more with less.

Speaker 1: 48:04

Sure, sure, go on Adam.

Speaker 3: 48:08

I was going to say that that's not even like just unique to security. We're seeing that across all the different verticals that you know. In some cases, if you're in a sales process with with an organisation you know, previously it was either vendor A or vendor B who were typically competing in the same space with a similar kind of product. Now that budget you could be, you know, a security vendor that's competing with a data vendor for a whole completely different project and initiative to that organisation, so that that's added a whole different layer of complexity from a sales perspective is it's the. The competition out there isn't as black and white as you know two competitors within the same product vertical. You're actually competing completely cross vertical now because budgets are so tight and, like you said, they're being, you know, put into a central part and then prioritise using central PMO offices.

Speaker 2: 49:00

Yeah, nice also see that. You know, when you're talking a little bit about the larger projects, I'm starting to see that more and more is that you know that a lot of companies are saying, okay, well, we have this transformational project, for lack of a better name for it, right, but we need, you know, we need this in the IT piece, we need this little security piece. Oh well, we're going to have to work with the business development area in our company or app dev and our companies to do this piece. And also and they have this huge project but, like you said, there's a, there's different technologies and they're all bidding on them as one project. That's hard to do because you don't ever get a good idea of how much of that budget that you're going to be able to get allocated into you. So if you're, you know, if you're one of those companies, you have no idea where to go and what's the pricing. Yeah, I always like going with nearly your best price.

Speaker 1: 49:54

And I guess just like sort of wrapping things up here, tammy, I think if there are any viewers listening that would potentially like see benefit in the use of someone like Cy Alliance. I've spoke to a number of leaders and founders and CEOs within your portfolio and every single one of them just has absolute tremendous things to say about Cy Alliance and the value that it does bring and what they did in the early stages of it. So if anybody is listening that is contemplating and did the feedback on Cy Alliance has been great.

Speaker 2: 50:25

Well, thanks for that. If they said anything bad, I'm always open for feedback. It's always always good. You know, there, anybody could always reach out to me. First and foremost, anyone can reach out to me anytime. I try to read all my emails every day. I try to schedule time if people founders want to talk or startups want to talk and talk to them. Gosh, I can't tell you how many times during the week that I actually talk to people about where they want to go and what they want to do. So always willing to do that. But you know when, when you said about the feedback and I was when I was had my huge staffs I mean, I had managed thousands of people over the years and every single one on one at the end of my meeting, I always asked my staff, no matter what level, what could I do better?

Speaker 2: 51:16

And they couldn't leave my office, and so I got a lot of really weird things that over the years. But the thing is is that you know it's okay to ask what you can do better, even as a startup. Ask what could, what could we be doing better for you, because it's so important to get that.

Speaker 1: 51:33

Nice, nice. It says a lot about your humbleness as well, and desire to, to, to learn, even for somebody's been in the industry for as long as you have.

Speaker 2: 51:42

I guess tying it up a lot of stuff. I haven't done everything right. Ask my husband, he'll tell you.

Speaker 1: 51:50

I'm sure I'd have a good conversation with the husband, but I guess, just to tie it up on on some a couple of light hearted questions, as we always do For someone like yourself who's done this for for quite some time let's say Tammy was able to go to her younger self you would just start in your career. What's the main piece of advice that you potentially get to yourself?

Speaker 2: 52:12

You know, early in my career I used to take everything very personal. So if somebody said there and said you did this good, but you could have done this better, I would have sleep for two weeks. I said to what? What could have I done better? Why could, how come? I didn't know that. So what I would tell my other stuff is just don't sweat the small stuff, right It'll that's just stuff right. Focus on what you do the best and just and just kill it, right. I just don't be offended, just rock and roll, have a good time, do what you know and be confident. Confidence is everything.

Speaker 1: 52:48

Yeah, yeah. And what's the best piece of advice that you've ever been given in your career from someone?

Speaker 2: 52:54

Oh goodness. Well, there's some that just made me giggle, that I can't say.

Speaker 1: 53:02

You've got to tell us, you've got to tell us more of them.

Speaker 2: 53:04

Prepare for that. But I did. I did have a CEO tell me once. He says you're always going to work with assholes he goes, just don't become one. But I laughed so hard because he's I could never. I would never say his name because everybody probably knows him very well and I. But he always says that you know, and I think that you know, the other piece that that another really good friend is, is that you know he goes to me, he goes.

Speaker 2: 53:41

The most important thing is that you must make sure that you're always focused on integrity and trust. He goes. That is your personal brand. He goes and that's why people trust you. Because, first of all, I'm a shitty liar. Excuse me, I want to cut out the shitty part. I'm a rotten liar. You can edit that. I'm a rotten liar, but you know, I think that that's why people like to work with me is because it's just I build my foundation on integrity and trust. I mean, I've been married for 36 or 37 years now, so you know it's it's that integrity and trust piece. It's how we, how we function. So that is somebody else's, that that's your brand. So and that's what I've kind of burned myself on, is that, it's that being my brand, amazing.

Speaker 3: 54:28

It's similar to some advice that I was given to me and I feel like we've really lowered the tone towards the end of this conversation, but I'm going to run with it anyway. So I was having having some difficulties with them, with a consultant that worked for the business and they were like arguably a top performer and I was speaking to a mentor of mine about this this individual and, I suppose, the problems that they were causing within the organization but also the revenue that they're bringing in and he turned around to me and he says, adam, you'd rather have a hole than an asshole. So that was the decision maker, and that person is no longer with the business anymore. So, yeah, apologies to the viewers for lowering the tone, but hopefully it's a little dead, but you know it's, it's.

Speaker 2: 55:15

We're so lucky, I feel so lucky in my career. You know, I almost wish I started Sia Alliance earlier, but I wasn't ready. Right, it's just we, you know, going all the way back is about being ready Right, being the bad in the market, ready for somebody like us to do what we do at the timings right. So, like I said, I I can't thank you guys enough for the opportunity to come on and chat and, like I said, relax a little bit more at the end. But I probably should have, but you've been.

Speaker 3: 55:45

You've been drinking that Boba knew we were talking about. Maybe we all should have had a glass of that before we got going.

Speaker 2: 55:52

My coffee mug.

Speaker 1: 55:54

That's not an Irish coffee, is it Tommy?

Speaker 2: 55:57

It's not.

Speaker 1: 56:00

It's been a pleasure to have you on. I think like there's a lot of people who are going to see like extreme value from this conversation. Your career has gotten so many different ways and there's so many different ways and areas that you can add value, so like thank you very much for talking us all through it. It's been a pleasure to have you on.

Speaker 2: 56:16

Thanks for having me Take care. Thanks a lot, thanks, thanks.

Speaker 3: 56:24

Thanks for listening. I hope you enjoyed today's episode. Don't forget to subscribe and if you want more information about the podcast, head over to our website, scalewitstrive.