This Week in Startups - TWiST 500! Huntress, TollBit & Cyera | E1989
Episode Date: August 5, 2024This Week in Startups is brought to you by… Oracle - Oracle Cloud Infrastructure, or OCI, is a single platform for your infrastructure, database, application development, and AI needs. Save up to 50...% on your cloud bill at https://www.oracle.com/twist Intercom - Intercom’s AI-first service is the best thing to happen to your customers since you. TWIST listeners can get 90% off Intercom’s platform at https://www.intercom.com/twist Lemon.io - Hire pre-vetted remote developers, get 15% off your first 4 weeks of developer time at https://www.Lemon.io/twist * Todays show: We are kicking off our coverage of the TWiST500 with three fantastic founders: Kyle Hanslovan of Huntress (11:44), Olivia Joslin and Toshit Panigrahi of TollBit (36:40), and Tamar Bar-Ilan of Cyera (56:44). * Timestamps: (0:00) Introducing three founder interviews from our TWiST500! (1:23) Huntress CEO, Kyle Hanslovan joins Alex. (2:04) Celebrating a milestone in ARR and discussing growth strategies (4:19) Impact of cybersecurity incidents on Huntress (10:30) Oracle - Try OCI and save up to 50% on your cloud bill at at https://www.oracle.com/twist (11:44) Huntress's services for SMBs and endpoint detection and response (20:09) Intercom - TWIST listeners can get 90% off Intercom’s platform at https://www.intercom.com/twist (21:46) Selling to SMBs: Challenges, strategies, and early lessons (29:05) Addressing internal IT departments and IPO considerations (35:12) Lemon.io - Get 15% off your first 4 weeks of developer time at https://www.Lemon.io/twist (36:40) TollBit’s Olivia Joslin and Toshit Panigrahi join Alex. (37:38) Tollbit's early development and fundraising journey (41:03) Media readiness and increasing publisher onboarding (50:31) Flexible pricing models and expanding data types for AI partners (56:44) Tamar Bar-Ilan of Cyera joins Alex. (57:23) Cyera and its data security mission (1:04:07) Overview of Cyera’s data platform and recent funding (1:08:53) Company growth, AI adoption, and demand drivers (1:17:52) Encryption's role in data security and future IPO plans * Subscribe to the TWiST500 newsletter: https://ticker.thisweekinstartups.com Check out the TWIST500: https://www.twist500.com * Subscribe to This Week in Startups on Apple: https://rb.gy/v19fcp * Check out Huntress: https://www.huntress.com/ Check out TollBit: https://tollbit.com/ Check out Cyera: https://www.cyera.io/ * Follow Olivia from TollBit: X: https://x.com/oliviajoslin LinkedIn: https://www.linkedin.com/in/olivia-joslin-13a9a4a2/ * Follow Toshit from TollBit: X: https://x.com/tollbitofficial LinkedIn: https://www.linkedin.com/in/toshit-panigrahi-a6496076/ * Follow Kyle from Huntress: X: https://x.com/KyleHanslovan LinkedIn: https://www.linkedin.com/in/kylehanslovan/ * Follow Tamar from Cyera: X: https://x.com/cyera_io LinkedIn: https://www.linkedin.com/in/tamar-bar-ilan-67bb481a7 * Follow Alex: X: https://x.com/alex LinkedIn: https://www.linkedin.com/in/alexwilhelm * Thank you to our partners: (10:30) Oracle - Try OCI and save up to 50% on your cloud bill at https://www.oracle.com/twist (20:09) Intercom - TWIST listeners can get 90% off Intercom’s platform at https://www.intercom.com/twist (35:12) Lemon.io - Get 15% off your first 4 weeks of developer time at https://www.Lemon.io/twist * Great TWIST interviews: Will Guidara, Eoghan McCabe, Steve Huffman, Brian Chesky, Bob Moesta, Aaron Levie, Sophia Amoruso, Reid Hoffman, Frank Slootman, Billy McFarland * Check out Jason’s suite of newsletters: https://substack.com/@calacanis * Follow TWiST: Twitter: https://twitter.com/TWiStartups YouTube: https://www.youtube.com/thisweekin Instagram: https://www.instagram.com/thisweekinstartups TikTok: https://www.tiktok.com/@thisweekinstartups Substack: https://twistartups.substack.com * Subscribe to the Founder University Podcast: https://www.youtube.com/@founderuniversity1916
Transcript
Discussion (0)
to all the founders listening to this podcast when we set out to start the company,
not in our wireless dreams, did we imagine that DSPM and Daera become a domain of its own?
We turn your robots text file from a passive compliance to active enforcement.
So if someone is not supposed to access that, we actually force them.
A lot of the institutionals, these big folks that have these massive funds,
because the companies are smaller and we have less IPOs,
they have a ton of dry capital to deploy.
So they want to put a giant chunk, not a couple million, but hundreds of millions in your company.
And if those hundreds of millions now represents 20% of the share price and they need to get liquidity and it's now going to tank the stock,
they don't want to do that to a company they're supporting.
So this is a real problem we have that not enough growth stage entrepreneurs are even addressing.
This week in startups is brought to you by Oracle.
Oracle Cloud Infrastructure, or OCI is a single platform for your infrastructure, database, application development, and AI needs.
Save up to 50% on your cloud bill at orcal.com.com.
Intercom's AI first service is the best thing to happen to your customers since you.
Twist listeners can get 90% off Intercom's platform at intercom.com slash twist.
And Lemon I.O.
Hire pre-vetted remote developers.
Get 15% off your first four weeks of developer time at lemon.io slash twist.
Welcome back to this week in startups.
My name is Alex.
I am at Alex over on Twitter, and we are back with another interview from our Twist 500 series.
If you're not aware, the Twist 500 is a list of private market companies that we are building.
The most interesting startups out there in the world, and one of the first ones that we added
was a company called Huntress.
You may not be familiar with it unless you are an S&B in search of cybersecurity solutions,
but the company is a unicorn, has raised hundreds of millions of dollars, is growing quickly,
and says that it's approaching 100 million in annual recurring revenue.
and today I have it's CEO Kyle Hanslivan.
Kyle, welcome to the show.
I see you're in a hotel room.
I take it.
You're on the road.
You can never expect where you're going to be as a CEO,
especially hustle and entrepreneur.
And you're right.
I'm here in New York today.
And by the time your listeners hear this,
we will have crossed 100 million in revenue.
So things are going real good.
And that's 100 million in ARR, right?
Yeah, pure recurring revenue.
No product, no one time.
It's ARR or bust here.
Okay, so I want to double click on that just before we dig into anything else.
When did that milestone actually occur?
The fun part, right?
Most folks don't know that all these episodes are recorded and released.
So by the time, in the next week and change, we will pass the $100 million in revenue.
It's that close.
In that case, crossed into the nine-figure revenue range, which makes you, what's that phrase?
A centaur?
I think Centaur is the new word.
It's the one thing you can't fake, right?
Valuations get inflated, but you can't lie about revenue unless you're cooking the books,
and that's a whole different problem.
Thinking about where we are, 2004 company founded in 2000.
2015, nine years to 100 million in ARR. And if I recall, you guys have grown at over 70% for the last two years. So I'm kind of curious, what's the next year's growth look like? Are you going to keep that same pace up? Or do things decelerate as the base revenue gets a little bit larger? What's wild is 70% has been our lowest performance when you typically hit big numbers, you see your performance scale. But it's actually our execution is the biggest reason. The market size, when you're really going after from the smallest businesses to like mid-market enterprises, the total addressable market.
is near ad infinem, right? It's huge. And so there's still a good chance that we actually exceed
not only 70% this year, but next year looking at what the market could support could be another
two X year. It's just that large. The biggest question is, do we fall apart while doing it,
especially as we've moved from like one flagship product to many that turn out to be
kind of capturing lightning in a bottle multiple times? So we'll see, but it's not going to tip down
below 70 in the near future. I love to hear that because growth is what makes startups super
fun. Now, we are talking in late July, and that means we are sitting here in the wake of the
CrowdStrike mess, I think is the right word for it. I'm kind of curious from your position.
I know you work with SMBs, CrowdStrikes, much more enterprise focused. Does a catastrophe
like the CrowdStrike Microsoft mess hurt or help your company because you weren't the problem,
but also people now think that people who do InPoint Security can be. I think the answer is,
yes, it hurts and helps. And what was wild is day one, when everything broke, uh, simultaneously,
We did CNN, ABC, CBS, you name it.
We were the face that the media chose to put on to help explain what was going on.
And the big question folks asked were, like, are they competitors?
And people forget, like, CrowdStrike really does well for the kind of Fortune 5,000.
We're the Fortune 5 million plus.
So we really are peers, you know, kind of CrowdStrike for the small enterprise,
mid-market enterprise, small business.
Sure.
So that helped in the sense that folks finally knew that there was an option for below.
We've seen a ton of Demandgen come in.
people didn't realize there was a quality equivalent below kind of the, what we call the
enterprise poverty line.
However, you can imagine any of this has led folks to just asking, like, how do QA failures
happen?
How did this slip in?
I mean, day one, most people still thought it was Microsoft, right?
There was an unrelated Microsoft issue earlier, but people hadn't realized the real hurdle
was so many of these Windows endpoints stuck in a blue screen, a death loop that couldn't
boot back up.
And so I will say, yeah, there's been some pros.
But to be very frank, it's brought a great question in mind, which is like resiliency.
Cyber security and all those are supposed to be protecting, you know, productivity.
And when our products get aggressive trying to stop hackers, but we make a mistake and actually cause that productivity outage itself, you can imagine my number one question on the support line right now is, how is this not going to be you?
What are you doing to make it, you know, impossible to happen, which is not possible.
So that's my long way of saying, we're ebbin and flowing with the good and the less good.
So a question that I have about this, because to me, cybersecurity is this thing that I know is very important, very technical, and slightly distant from my personal knowledge base.
So how do you ensure from your perspective, your company's perspective, that an issue like that doesn't occur?
Is it increased investment in QA? Is it more automated testing?
Like, what do you do to prevent that? Because you keep people secure, you can't afford to make them,
less secure or broken.
Yeah, my nightmare fuel is like while trying to protect folks.
And you got to remember, hackers are just so creative and so shady that you have to be very
aggressive in our own.
And we take offense to the offense is really a lot of our internal mantra.
And I will tell you, like, QA of course helps.
Good architecture design patterns help.
The problem is that like it's kind of a, your known knowns, you can, you know, dot eyes,
cross-tees, button yourself up and you can put process behind it.
unknowns are the ones that again, like, you just don't know when you might have. And we have,
by the way, at Hunterist, we've actually caused small outages ourselves. Usually it's an environment
that didn't match what we test against. It's something very unique and creative. So usually it
targets like less than 1% of our business. And if you think, we've got 150,000 businesses.
So less than 1% is still a really big number and it's still kind of a catastrophe. I will say that
some of the bigger question I've even been asking on this is, is it time that we, not just as
cybersecurity vendors, but we is like Microsoft and think about architecture. Is there something we can do
in the Windows kernel? That's this really sensitive place of code that it's great for being able to
look for the most shady evasive malware, but it's also really dangerous, really unstable. And as a
result, when something goes bad there, it really breaks bad. And we're asking the questions of like,
is there anything even not just from us as a vendor? Can we help Microsoft think through a little bit of
what does this next architecture look like? So when things do crash, can they recover? So after maybe two or
three things in a row, you do an automatic revert. And that's something that other operating
systems have some of these protections or have created an architecture that just doesn't let folks
like us have that type of same access, which means it provides more stability. So if you can't
tell, there's a lot of places people could point fingers. I'm kind of asking both short term,
what can I do to make sure it doesn't happen and button it up, continuing to do that. But if you can't
tell by like the sound of my voice, hackers are going to hack all the band aides and all the things we put in
place could make more stability happen, but could also weaken us as security vendors from not
being able to find hackers that do make it into that sensitive part of the operating system.
So I think this is a big question that while the crowd strike recovery is going to take weeks,
maybe even months for undersourced, resource companies.
Yeah.
I don't truly know how long it's going to take for us to get to the point and say,
this isn't going to happen again because I think it's very likely it will.
Your point about working inside the kernel and that being a very sensitive place to look for
bad actors, sounds.
a little bit like hunting for rats with a large stick inside of a nuclear reactor.
Like, you want to hit the rat, but you really don't want to miss and hit the wrong thing
and cause a big mess.
Yeah.
Or don't hit too hard, right?
You know, that's a great analogy, right?
It's, you have to find it.
You don't want rats in a nuke silo causing something like to detonate by accident because
it was chewing on wires.
At the same time, you taking down or maybe making a great trap, if your trap happens to
spring at the wrong time, could also set off the nuke.
And in this case, I will tell you, we've played out these scenarios, we've tested these scenarios.
I never considered, because usually when you do deployment of software, you do it in phased,
you know, hey, let's start with 1% of the base, rank it up to 5, then to 10, and then you slowly deploy.
This was one of those cases that I think that's probably a big question that will continue to ask more answers of like,
how did it slip by, not just through QA, but how did it happen to go straight to 8 million plus computers at that time?
And it does look like they prevented it from going completely in the wild.
But there is some big questions about like we probably needed something that wasn't a foot gun.
So if you find it, it's so much nicer to find it on 10,000 computers, which still is terrible, but
10,000 is a drop in the bucket compared to 8 million.
Yeah, 10,000 probably doesn't take down Delta.
The hospital group, my spouse works at at the same time, right?
Very different industries, different parts of the world, and yet exact same problem.
And you're nailing it.
That surge capacity problem, right?
Most folks, it's okay if we have these one at a time in disparate places. That's how we maintain. But I think
what we really ran into is surge capacity. None of us were prepared to go have physical touching
of all of our laptops, especially in this post-COVID, semi-remote, purely remote world. It's kind of
wild. All right. I hate seeing companies overspend. Gosh, don't waste your money startups. That's why.
I am so excited to share an offer from our friends at Oracle. If you
move your startup to Oracle's cloud, and that's called the Oracle Cloud Infrastructure, OCI.
Oracle will cut your current bill in, wait for it, half. I am not joking. Move to OCI, and you will save
money, and you will build on a cloud that can handle all your database, all your infrastructure,
and all your app development needs. And they have AI embedded everywhere you need it.
Oracle wants to help your startup accelerate and save you money. Okay. So,
So don't wait.
This offer is valid until September 30th, 2024.
Here's your call to action.
See, if your startup qualifies for this special offer at oracle.com slash twist.
That's simple.
This is Oracle showing their commitment to me and the startup community.
They're here at this weekend startups,
and they want to cut your cloud bill in half.
So just go to oracle.com slash twist.
Limit to new OCI customers in the U.S.
minimum financial commitment and exclusions apply.
I want to narrow down on what Huntress does because I was prepping for our chat and I know you guys did
endpoint protection and I know what that means from a very high level.
But I'm hoping you can break down a little bit more of what you guys offer to S&Bs,
what parts of their business you protect and then if any, what parts you don't protect
and they need another vendor to step in for it.
Yeah, yeah, and we're really clear on this.
It turns out to be a good vendor.
You just listen to people's problems and be very clear.
on what you do and what you don't do. So I think this is a perfect chance to take a crack at that.
For us, I started an offensive cybersecurity at NSA. My whole mission was gathering intelligence,
which means making the implants, air quote, malware, and then deploying them to gather intelligence.
That's what cybercriminals are largely doing against, from these very small businesses to, again,
mid-market enterprises. They don't have the ability to hire folks like me or other really great
cybersecurity talent. Usually, they just struggle to find them. And even if they do,
affording them is a whole different thing.
And usually if they can afford them and can find them,
somebody wants to go work at a crowd strike,
a Sentinel 1, a Huntress.
They don't want to work for these smaller entities, right?
Right.
And so the problem,
when I took a step back leaving NSA,
I was like,
all right,
I've been hacking just about everything for 10 plus years.
I'd won the World Series of hacking
and I was feeling guilty about
who could I give my skills to and make a real difference?
You know,
that's that soul searching that you do
after you do something really well.
And so I looked,
And it just turned out that the market was underserved.
Like, nobody really cared about this.
Again, imaginary kind of poverty line.
And I realized, like, if I was going to deliver and protect, well, what was I going
to protect?
You know, there's like a mile wide of cybersecurity.
Is it devices?
Is it servers?
Is it cloud?
Is it data?
And so I looked and I realized everybody had a laptop workstation or a server, whether
they were moving on the go.
And I needed software that went with them.
And so the natural decision, just like malware, you push it to somebody's laptop.
up, I looked and said, what if you had a 24 by 7 team of experts that were actually fully
managing all that great enterprise level tech? And if I could deliver this with good cogs,
you know, cost of goods sold, you know, and at the price, essentially any small business
could afford, even if they're not a small business, if you could deliver world class human
expertise, world class enterprise talent at the price of a product, that could be differentiated,
that could be disruptive. And it turns out like, I didn't know how I was going to do that at first.
And it turns out the guesses that I made were mostly correct.
People wanted the software protecting their laptop.
They wanted to protect their servers.
And even though they have all these other devices, that's where the most sensitive stuff happens first.
Absolutely.
And it turns out, like, even though the whole world was talking about like an ounce of prevention is worth a pound of cure,
the real hard problem is kind of like when you and I go to the doctor, you mentioned,
do you say your spouse or your partner works somewhere in health?
Yeah.
So, like, think about like modern healthcare.
Like, we don't promise anybody like you're not going to get sick or you're not going to get cancer.
like that's kind of crazy talk still.
Sure.
And we shouldn't do the same thing in cybersecurity.
Like you are going to get compromised.
Not an if,
it's a when.
The whole idea, though,
is like we do preventative medicine by routine checkups.
And like,
could you find a human that's maybe you want to find something that's stage
zero,
stage one,
not terminal because you don't have the time to correct it.
So our whole bet was,
could I go?
And again,
world class talent,
world class infrastructure and technology.
And can I put a light piece of software
that we hunt down the hackers
that slip by prevention?
And that's where we started.
It's called endpoint detection and response.
The whole idea is find it early before the situation's terminal.
And when we do it, we don't just create an alert because there's nobody there to action an alert.
We have to take care of the full thing.
We have to enable whatever junior IT talent they could hire, right?
How could we turn them into the heroes?
How could we give them the full recipe book, the whole playbook?
And within one button, they can just say, all right, I'm going to run the playbook and the hunter's team takes care of it.
And it's all of our SaaS that does it.
It's not the actual humans clicking the buttons.
That's how we're able to deliver.
it at a cost that makes sense. And it was this one thing that started cute. By 2018, we kind of came out of, I guess, what people now call stealth. We started going to market and realize that not only was this an acute problem that was solving the geeky side, CFOs and moneymakers were like, this is going to improve my margin. It's going to help my staffing problems. And it turned out like the wallets kind of just open. It was an actual valuable problem, not just a typical add another layer of security because geeks want to be geeks. And that is just blown up. That's what powered the first couple of
years of triple revenue growth and double revenue growth and now 70 plus percent.
Okay. So using a lot of software essentially to offer a product at a gross margin that works for
you and a price point that works for SMBs and bringing them kind of, you know, much more expensive
skills and capabilities to them in a delivered fashion. Okay. That sounds almost like too good to be
true because you don't need the humans. You can do it with software. You can offer top and stuff
and at a price that makes sense. Normally things aren't win, win, win, win, win. So what's
it? It is. Yeah. I love it.
that you ask this because it is too good to be true. It turns out, like, think about, well, let's make a
simple car analogy. My mom is my biggest, like, champion. And I always have to, like, put things in
the way that mom can understand. So, like, if you were in the enterprise and you wanted to chase down
hackers or outpace hackers, you would need something very fast. Let's call it a Formula One, right?
Fastest cars on the planet. And think about a Formula One car, right? They, every part on them is custom
made for performance. You can break within nanometers of, like, pounds per inch of how you go
around a corner. On top of it, you need a whole pit crew to manage his sucker. And drivers alone,
one, they're rare to find somebody who can perform at that level. But two, they're like,
I don't know, a million dollars plus salary a year if you want a driver. That is a good solution
if you have infinite budget and you're in the Fortune 5,000. Crowdstrike is the most
amazing, sexy, cool Formula One car. And I mean that. Even with this issue, they're a great team,
great product. We have huge respect for them. But think about this. If I was walking into an IT
department or that health firm, whether they're internal or they're an external IT department and said,
here's keys to the Formula One. They wouldn't even know how to drive it, right? It's complex.
They don't know how it works. But if I came in with keys and said, here's keys to the high-end
sports car. Think of Porsche 9-11, Lamborghini, something along those lines, and said, hey, you got a
driver's license, take it for a drive. You can still outpace the speed of hackers. You can still chase
them down, whether they slip by or not. And what's wild about this is we've used this analogy,
not just on the endpoint.
We've moved to protecting people's like most sensitive digital identities, right?
That's Microsoft 365, Google, stuff like that.
And we've also moved to protecting humans using this same analogy.
And so Hunter's at the end of the day, the too good to be true is we are not a Formula One car.
We are a very sexy high-end sports car.
And what's wild about it is for the price of that driver alone on that Formula One analogy,
you can usually buy one or two of these sports cars.
Right.
So for us, we win because of total cost of ownership.
We actually focus on what are the problems that actually face this kind of 99% that falls below,
again, the poverty line.
Yeah.
And the whole goal is, let's build the right car that they need still has to be fast enough to outpace.
Yeah.
So part of Huntress's magic isn't what we chase after.
It's actually the opposite.
It's what don't we chase after?
What data is so low signal to noise ratio that we can actually just say, we're not going to
collect it, we're not going to store it, we're not going to have to worry about retention.
We don't have to do compute against it for algorithms.
We don't have to do human analysis.
And as a result, we're able to deliver that right-priced solution for the right-price risk model.
And it's just been like, to me, it's very obvious of a decision if you kind of come from the beginning.
But what happens is most people start an enterprise.
And then they're trying to like, how do I adapt my Formula One car so you could use it?
And that just doesn't work.
So again, you called me out.
But it is true.
We're not the Formula One, but we're saying.
still fast enough that we just wreck hackers all day.
I'm just trying to imagine adding like a shopping cart to the front of my Formula One car
and maybe like a kid's seat on the side.
It wouldn't quite work in that setting.
Yeah, you know, they wouldn't even add an extra seat, right?
Because it would add extra weight because you needed that performance.
But like you can still drive.
I mean, even think of like your high-end Tesla, your Model S.
You can put five people in that sucker yet you can go zero to 60 in two seconds.
That is a good analogy.
Totally safe and a great idea for all new drivers out there.
Yeah.
endorsed by Kyle.
He says,
buy your teenager,
a Model S. Platt.
Hey, startups,
you've probably heard the saying,
better, faster, cheaper,
pick any two.
Well, AI has changed that equation.
And Intercom is all in on AI.
Intercom built its first AI customer service platform
so that no company has to compromise
when it comes to caring for their customers
or saving money and controlling costs.
These things are important.
Intercom's AI tools are so smart
that 50% of their customers have their issues resolved in just seconds.
That's thanks to Finn, an AI co-pilot.
Yes, Intercom has an AI co-pilot.
It's called Finn.
Think of it as like a personal AI assistant for each of your customer support agents,
so they get really, really good at their jobs.
It makes them so much more effective.
Finn is a big deal.
It's going to boost your agent efficiency by 31% or more.
And managers of customer support teams that use Finn are reporting happier customers
and very, very productive teams, all while staying on budget.
That means when it comes to faster, cheaper, and better customer support, you can pick
all three.
No sacrifices.
And that's all thanks to Intercom's AI First software.
So if you're an early stage startup, if you're a high growth startup, you're going to get
access to Intercom at a massive 90% discount.
That's right, 90% off because Intercom and the team over there love startups and innovation
as much as we do.
So go to intercom.com slash twist to apply.
Or if you prefer, you can just do an email at startups at intercom.
One of the reasons why I wanted you guys on the list we're building of cool companies
was because of your S&B focus.
And when I hear about people who are using, you know, cutting edge technology,
usually you're thinking about big clients, big customers, you know, fat net retention,
thinking about multi-year contracts.
S&Bs, every VC and founder has told me are hard to sell to.
They churn too much.
the ASP is too low, et cetera, et cetera, et cetera.
But you guys have clearly found a product that works inside of the SMB world.
So do you just have lower gross churned than other SMB-facing products?
Because the growth seems to imply that this is just not a weakness for hunters thus far.
Yeah, we being shady hackers, we had to figure out a way, how do we hack go to market?
Because to be honest, everything you just said from VC is not only true.
It's what we were told and denied, like, you know, you started this out talking about, yeah, I've raised a
a couple hundred million,
300 plus million in venture capital.
Yep.
But I'll tell you,
I've had a hundred plus nose
that people are like,
you are insane,
this isn't going to work.
And so we really had to figure out
what were the problems
and how to overcome them.
Notice every single bit of this model.
Like,
I can't go and say,
I'm going to do it,
Sintana 1 or CrowdStric
or all these other cool cybersecurity companies,
Cisco,
I have to build my own model.
And so our inspiration was closer on like,
how did Toby and the team at Shopify get it done,
right?
How did the team that people who've done this before,
but really,
you know,
reinvent ourselves. And so when we started, I tell this story often, but I have to. Like,
it's known that founders have to fail, fail, fail often. I'd rather just not fail. I've still made
a pretty handsome number of these mess-ups. And my first ones were, I started calling these small
businesses. And by the fifth call, people were like, listen, idiot, we don't even have an IT
department. So when I started, I was going after people who didn't even have an internal IT
department. And it took like five of these, like, you're not talking to the right person calls to
realized, why don't I call the outsourced IT department? And it turns out these people called
managed service providers. And there's lots of flavors of them. Some call themselves value added
resellers. Some call themselves MSSPs. But there's like 50,000 plus of them just in North America,
not even like Europe, Amia, let alone APEC. There are tons of these. And the average service
provider might have anywhere between 20 to 100 of these mid-market enterprises and small businesses
and they maintain them all. And so if you figure out that for a go-to-market, it's kind of like
one to many. And so we would not only sell to these service providers, we would fulfill through
them, meaning we wouldn't have a direct relationship. Most of my 150,000 SMBs are reached through
5,000 of these partners. And so if you could imagine, all of a sudden, my LTV, right, was very good.
I was able to retain customers when I started, and the lifetime value was solid. They weren't churning.
My gross retention right now is over 90%. But what's wild is these service providers are
constantly adding new customers. So my net dollar retention or net revenue,
retention, in 12 months, it's 140% larger because they're growing themselves. At 24 months,
it goes over 180%. Uh-huh. And at the 36-month cohort, I'm closer to 220 or so percent
net dollar retention. It's crazy because you can land, adopt, and expand. So what do you want to
throw at me? So, so I'm just thinking, I'm just listening. So essentially, working with MSPs,
you have put churn onto their side of the fence, but as they grow their business, they bring more
customers into your domain. And so you get very limited gross churn and very strong net retention.
Again, that feels like cheating. Good job. It is a bit, right? And we have to give a margin.
We actually go and like when we're working with a partner, it's not like, please resell my
product and I'll give you 10 to 20 percent margin like yesteryear. Our product, no joke,
they do the full sales cycle, which means top of funnel marketing all the way through the bottom
of funnel. They do the retention renewal and tier one and tier two support. You know, my most
egregious or aggressive side of our business, it's 50% plus margin that our service providers are
grading up front. And some folks would feel like uncomfortable with that, but they're earning it.
They are doing all of it. And as a result, you could imagine my deals, like truly my ARPA or my
average revenue per account, these are like $10,000 annual deals, but there are so many of them
that I'm closing a couple hundred of these service providers per month that were helping protect
their partner base. And if you think about that, that one to many, that might be $1,000, $2,000 plus
businesses every month like clockwork in a 35 to 45 day sale cycle. It doesn't look anything like
the enterprise. It doesn't feel like the enterprise. It almost more closely matches to like a B to C
style model or a B to very small B model. And you just have to have a very big tam and a very
different way of doing business. So thinking about the MSP market, I think about that usually
from the domestic context. Businesses in the U.S., that's the market I know best. Does that model
apply around the world and then if so, does Huntress in its current form work in its other markets
or would you need to retool a bit to sell into MSPs in Africa and South America and Southeast Asia,
etc? So we had to test this because to be honest, I didn't know the answer and there's no like
Gartner of the small enterprise to small business. Like that doesn't exist. They want to talk about the
large. So a lot of what we had to do is experiment. We've also had to work with great analysts like
at William Blair to be able to actually publicize what we've learned to the bigger market.
Because you can imagine, I will go public one day, almost certainly, where a company that
from the get-go have been designed to be a long-term company of consequence.
Stealing my closing question, by the way. But anyways, we'll get back to that in a second.
We'll get back to it then, because I'm glad, because there's good questions of when and why
and how. But for me, I had to educate this market. And so I didn't know. And it turned out that
a lot of what we were doing in North America, U.S. and Canada specifically, it almost perfectly
pattern matched the Australia, New Zealand market.
And we had to figure that out by we were just like, we're going to treat this as a startup
within a startup.
We're going to put one person on the team that's essentially the CEO of Australia, New Zealand,
and you own it all.
You own all sales, all marketing, and just try to repeat this playbook so we can find out how
far off we are.
And it turned out almost perfect pattern matching in Australia, New Zealand.
So we did that in 2023.
In 2024, we made the bet in English-speaking Europe.
And so just this year, we moved into, and you know, notice I haven't done any of the crazy, like, internationalization.
There's all kinds of localization that you have to do if you really want to truly be global.
But for us, it's about small iterative steps over and over, still at the scale.
We're taking small iterative steps.
And I'll be darned.
We set up a team in England and Ireland.
They're servicing the English-speaking part.
So you can imagine Benelux area and some of the other places.
that speak other languages but also English,
and we are also crushing this model.
And that was a cool, good old-fashioned hypothesis,
and we're still testing just like we did back in 2015
on go-to-market, still learning these things
because there's nobody else to really copy off of.
We're having to blaze our own trails.
And so I'm stoked to share with the audience,
like, this does work.
I will give you one caveat, though, Alex, that's worse.
And we don't have to dive in.
I'll let you decide where we go.
But it turns out while a lot of these companies
kind of below 100 employees
don't have their own internal.
IT department. Above 100 employee companies, a lot of them start to have it. And there's even
some contention where like an IT department director is like, uh-uh, I'm not letting an outsourcer to come in here
and steal my budget. Or if I do, I'm only going to let them help me with security. I'm not going to
let them touch IT. So one of the hard lessons I learned in 2023, and it was part of the reason we
only had 70% growth. We were bringing in so much demand from people that were excited about us,
but when we would bring them to our partners, they weren't closing. And we ended up learning
these internal IT departments did not want to fulfill through a service provider. And so we went so narrow,
so narrow scope through service providers that we weren't fulfilling our mission to elevate
kind of the small and mid-sized businesses of the world. We were just missing it. And so this year,
we had to open up that scope. It's a very conflicting thing. If you bring people in and go direct
and through the channel, you can cause channel conflict. Right. And so we run a model that everybody we
try to fulfill through the channel, we call it channel first, and only when they refuse. And they say,
no, I want to go direct. I don't have a channel partner. Then we'll do it. And that minimizes
conflict. It protects our partners. At the same time, it lets us fulfill our mission. And oddly enough,
we watch just revenue now. Same product, almost the same pitch. And now it's being used by these
mid-sized enterprises now. And that's something for six plus years. I got wrong. I completely ignored.
And so while I have a lot of Ws right here, that was a pretty big L, not going international
sooner to these countries that I just didn't know if it would work and not expanding my segment
to that kind of mid-market mid-enterprice.
Okay, but still, one or two Ls aside, companies over 100 billion ARR growing very quickly,
and that means you are in the IPO conversation, as you mentioned.
The other big piece of cybersecurity news from the business perspective recently has been
the Google Wiz possible tie-up that fell apart.
Google was offering reportedly $23 billion for a roughly $350 million AAR company,
and I got to ask you as a cybersecurity guy,
if you were Wiz, would you have taken that deal
or would you have said, hell no?
That is a great multiple.
I mean, at the end of the day,
if you don't have just endless conviction,
you take that deal, period.
And I'm still, I don't think we completely know.
It sounds like it might have fallen apart
because Wiz walked away,
but me being a part of a lot of these M&As,
we get people that ask us once a month
and I kind of have to turn it down.
Yeah.
My bigger point that I would mention here
is you just never know
when to say no
and I think that sometimes
you can do things
in due diligence that uncover
maybe that 23 billion
if that was the real number
maybe that valuation wasn't
going to stick
or maybe people realized
the multiple was high
but if it was real
you would have to have again
conviction of steel
and for me
even going public is just the beginning
well I mean
that's where every single founder
has ever told me on a pre-IPO calls
well you know
the IPO is more like
graduation and then you come back to school
the next day at the next level
and I'm like I know I know
but you can still celebrate
the fund
amazing moment, the press, the hype. It's still fun. I would harass you about when you're going to go
public, but I also know that probably a couple years out is my read, just giving you a growth rate scale
a little bit of a little bit of thought on that. I'm doing this. The fun part of these like
podcast for me is they don't have to be stuffy. They don't have to be, you know, there's no legal
team telling me what to say. Yeah. So for us, if you go back and especially as a high growth startup,
if you have the right gross margins, which I'm at, by the way, humans in the loop, I'm over
85%. Most times I'm in like 87% percent.
gross margins. And if you have all these things, great KPIs, great vision, large enough, Tam,
you get the benefit of everybody wants to talk to you. And so for us, I still have access to near
unlimited, cheaper venture capital. It's something I've earned though. It's not a pitch. It's not a
big vision. It's I've earned it through great KPIs, great discipline. And as a result, if you think about
what an IPO means, it really means one is a source of fundraising, two, an opportunity for liquidity.
But because I have such little venture capital I actually need, because I am efficient. Like when I
race this last series D. I still had 70 plus million in liquidity. I raised it because I wanted to
bring partners who have been at this post IPO stage to help me prepare for this last leg of the
private journey. And so for me, I'm not racing to become public. To be honest, all the hurdles that
the SEC expects out of us isn't really worth it for me that now has to be very private. We're a very
transparent company. And so you could imagine, I don't have a desire to go public tomorrow, but it is
inevitable if we want to keep making the difference. And as you mentioned, it'll be a cool moment.
It'll be a great press moment. We'll be, you know, whatever, whether we choose NASDAQ or whether we choose
New York Stock Exchange, we'll high-five each other. But then the next day, we go right back to
wrecking hackers. So you are right. For us, we'd love to see ourselves closer to a 350 million
in, you know, ARR. The reason I say that is a lot of the institutionals, these big folks like
Wellington and Fidelity, Tiro Price, that have these massive funds, they don't want to put a
tiny little bit of money. They got a ton of dry powder and there's an actual problem right now
in the market that because the companies are smaller and we have less IPOs, they have a ton of
dry capital to deploy. So they want to put a giant chunk, you know, not a couple million,
but hundreds of millions in your company. And if those hundreds of millions now represents 20%
of the share price and they need to get liquidity and it's now going to tank the stock, they don't
want to do that to a company they're supporting. So this is a real problem we have that not enough
growth stage entrepreneurs are even addressing. So you can imagine on my end, I'm having to spin up,
navigate this and figure out it's not an if, but when is the right time? And who knows? Maybe
somebody crazy comes along and offers a number that's too big. But we've got pretty big conviction
that our mission is a lot longer than just, you know, let's get acquired and go. So there's a new
rule on twist that I'm going to make up right now, which is if you come on the show and you're
candid about your company's financial performance and future IPO plans, you are now banned
from accepting any external acquisition offers.
You can't do it.
So thank you for committing to that now on the show.
I'm glad I signed the contract ahead of times.
But I do agree, right?
You got to put it.
If not, you come off as hollow, right?
You come off.
And for me, I get them once a month.
I have literally in nine years never brought an M&A offer to my board, not one time.
We're the ones doing the acquisitions, not the ones getting acquired.
Well, growth rates, nice valuations, plenty of cash.
That all adds up to you being in control.
Kyle, we have to leave it there.
I'm so glad we had you on.
I'm so glad we had Huntress on the Twist 500.
Thank you for your time.
Good luck in New York.
And when you hit 150 million ARO, we'll have you back on.
We'll talk about what's changed.
Awesome.
Thank you so much for just having me and asking great questions.
Appreciate you.
Right now, startups have to do more with less.
We all know that.
And founders have to be smart with how they deploy capital.
Investors are very tuned in to being capital efficient.
So if you need great tech talent, but you don't have the time to interview dozens and
dozens and dozens of candidates.
so you need to check out Lemon.io.
They have thousands of on-demand developers to choose from,
and these devs are vetted and their experience.
And most of all, they're results-oriented.
They're going to get you the result you're looking for.
They're not going to leave you hanging.
And guess what?
They charge competitive rates.
Great developers can be incredibly hard to find.
We all know that.
And when you do find them, it can be hard to integrate them into your team,
but Lemon.io will handle all of that for you.
Startups choose Lemon.i.o because they only offer handpicked developers.
with three or more years of experience and strong portfolios.
In fact, only 1% of candidates who apply get in.
And if something ever goes wrong, lemon.io will get you a replacement ASAP.
A couple of launch founders have worked with lemon.io, and they've had great experiences.
So here's your call to action.
Go to lemon.com.
To find your perfect developer or tech team in 48 hours or less.
And Twist listeners get 15% off their first four weeks.
Stop burning money.
hire developer smarter, visit lemon.io slash twist.
All right, everybody, welcome back to this week in startups.
You may recall that we are working on the Twist 500.
It's a list of the 500 private market companies that you absolutely need to know about.
And in the very first set of companies we added was a firm called Tollbit.
It is a startup that has raised one round of capital and is doing things that I am incredibly excited about.
So I'm very happy to bring to you today, Olivia Jocelyn, co-founder and C-O, and Tositpon,
Graahey, who is the co-founder and CEO of the company, Tosate, Olivia, welcome to the show.
Thanks for having us.
Thanks, Alex.
Really nice to meet you.
Yeah, absolutely.
And the reason why I was so excited about Tollbit and I put it on the Twist 500 right away
was I was very curious to see what would happen at the intersection of people who have
content or essentially online words and data and the world of AI model companies.
You guys are right in the middle of it.
So let's start with a bit of a summary about how you started the company.
And Tosso, I want you to tell me how it came to be.
Well, we have to go back actually to April, early 2023 almost, right?
I think this was right after GPT4 had just come out, you know, early 2023, right?
And when you, you know, I was obviously on it, I was tinkering around, I was poking around with it.
And, you know, if you asked a certain questions, right, we realized that because it was connected to the internet,
I was doing some research about apartments.
So when I was typing it in, it quite literally told you right.
there, oh, I'm Googling this, or rather, I'm searching on Bing for this.
I'm looking for apartments in this area.
I'm looking for apartments.
And then it was visiting Apartments.com, and it was visiting Zillow, and it was visiting
Realtrow.com.
And I think that was when we first realized, I actually called Olivia right after that,
and one of my friends Martin, who would become our CTO a little bit later.
And we had a call and we said, look, these tools, it's just going out and scraping the web.
And this was before there was an API for GPT4, and we simply said, well, let's extrapolate this for a second.
What happens when everyone's using this tool?
Does this mean that everyone's just going to be using a tool that's going on scraping the internet?
And at the time, it was really early.
We weren't really sure, you know, where do you enter the market?
You know, APIs obviously exist.
How do you go to a site like Realtor and say, hey, there's a problem here?
It wasn't really clear, right?
And then that fall was when we started seeing that, you know, late summer in the fall was when we started
seeing all those headlines, you know, the news media lines were upset. Medium was upset
and sites started blocking Open AI, right? And the New York Times lawsuit, obviously, and that's
when we said, Olivia and I looked at that and said, this is actually the same problem. It's just
digital publishers are the first to feel it. And we realized it was coming for everyone, right?
Because we had seen those early days, right? It was going on and scraping those sites.
So this is when we said, there needs to be infrastructure about this.
And then we decided that, you know, we should build that.
Yeah.
So, Olivia, tell me about when the company got named, incorporated, and when you raised that
first round of capital.
Yeah, that's a great question.
So we officially incorporated in November of last year, actually October, I want to say.
And Tosa and I in November, December, we started talking about quitting our jobs because we
were having some initial conversations with publishers that they highlighted.
That just really told us that now was the time, things were picking up in the emerging
market even more quickly than we had anticipated. And so we were like, all right, let's take the leap.
So come January, we were fundraising. And by February, we had done both a pre-seed and a seed round.
We expected to raise just a very small amount of capital. And obviously, you can see in the headlines,
it turned into about a $7 million round. I didn't know that that was a combined pre-seed and seed round.
I thought it was one funding event. My mistake in the intro saying you'd raised once.
What was the breakdown between the pre-seed and seed? Yeah. So our seed round was about,
3 million, it was led by AIX.
They are obviously more on the AI side,
have companies like perplexity,
hugging face, et cetera,
and their portfolio company.
And some of our pre-seat investors
span like media companies,
such as the folks that Luror Hippo have great connections there.
So that was kind of the breakdown.
And how many people work at the company today?
So we have about nine full-time full employees.
Most of those are obviously the engineering team,
our CTO, our chief architect,
folks on that side of things.
We also have an amazing chief of staff that's obviously helping us
with our primarily founder-led sales motions right now and helping the client communications and all
that. So that's where we are now. I want to start by talking about the media aspect of this.
And then I want to expand our remit to talk about more data types because Toset mentioned,
Zillow and Realture.com. So clearly we're talking about more than just journalism. But as you guys
mentioned, one of the early flashpoints was the world of media. And I'm kind of curious where
the state of play is today. We've seen some one-off deals. We've seen some lawsuits.
It's behind the scenes when you guys are talking to publishers, how ready are they to jump into a solution like Tolbit versus going it alone and trying to extract, I don't know, kind of single party deals out of these major model companies?
I think one of the coolest things that we've seen is how quickly the space has evolved.
I mean, we start, you know, the publisher pitch cycle back in January, right, in December, January.
And just the education around the space, right?
And, you know, there's a different flavor and sort of reception to the pitch today than there was back in January, right?
As folks are learning more and more about these tools, right?
And it's interesting to see how quickly this has happened as well.
And then in the beginning, right, when, you know, people still weren't sure what is rag, what is training, you know, how are these AI tools working?
You know, the first AI deals had just started happening.
I think folks since then really realized, you know, there's only a handful of these deals done, right?
and there's everyone, you know, is curious, like, you know, everyone has an opinion here,
whether you should do the deal or you should not do the deal.
But I think our message to them is, is there is chaos right now.
There's uncertainty.
It's a bit of the Wild West comes up quite often in our conversations.
And we tell them, look, it's the Wild West right now.
We're trying to put some structure, some protocols, some infrastructure, because the norms are
not written.
The access protocols are not written.
More importantly, the unit economics are not defined.
So let's figure out how to set up a system where publishers can
and be fairly compensated because on the other side, we've talked to, you can imagine every major
AI company, small AI companies, and the rules are unwritten. They also don't have an answer yet.
Yeah. No, I think the Wild West is a very apt analogy. My question then is, does that make you guys
the sheriff or like the stagecoach? Like, what? In that analogy, where do you fit in?
Because the Wild West had a lot of different players in it. I don't know. Perhaps the sheriff would
be the right way to think about it. Or they either market. General store? Something along those lines.
Now, on the supply side, you guys said on your website that there's, I think, 50 websites that are currently working with Tolbit as of May.
Where is that number expanded to now that we're sitting here in late July, early August?
It's definitely gone up from there.
I'd have to take a look at our data and speak with the team about where folks are exactly an onboarding.
But I imagine you may have seen some of the headlines recently about what our publishers found on our analytics platform in terms of AI companies circumventing robots TXT.
And so after some of those articles came out, as you can imagine, there is an onslaught of onboarding on the publisher front.
And so I think to host its point, like, this has always been a pants on fire problem for them and existential to their business.
I think there's understandably so, some hesitancy in terms of how do we approach this in the right way that continues to, I guess, make sure that there's a reoccurring revenue model for publishers in this new world.
It isn't just one-time checks for training on your content and data.
there's a basis of needing to access that content data on a reoccurring basis.
That's really important.
Did you just say there's an onslaught of demand from publishers to get onto the platform?
Yeah.
We actually had to open up self-serve onboarding on the platform for folks.
Because before we were actually going to these conversations 101, I think latest count last I had seen was over 110.
And you can imagine all those early publishers, it was all like very founder-led,
very, you know, this is what told it is.
this is the agreement, this is what we're doing.
And then after that, and it's quite interesting because I think a lot of that synergy does lie
with the long tail, right?
Because I think the longtail publishers really understand that they are not going to get
one of these one-on-one deals, right?
The independent publishers, the independent bloggers.
And this is an opportunity for them to say, hey, there might be a better way to get compensated.
Okay.
Let me just make this about myself then, because I run a little blog for myself on the side.
It's a passion project.
It doesn't make a lot of money.
But if there was a way for it to make more money, I mean, who wouldn't want that?
And so I'm kind of curious, like, how far on the smallness scale can you guys go down until someone's content, depth, reach, or whatever the metric is, becomes too small to actually fit into the Tollbit model?
So does it work for the small blogger or do you have to be at least the teen-sized publication?
We work with publishers of all sizes.
I mean, that was something that was very important to us from day one and also very important to the demand side of things as well, because they need access to the long tail of content and data and doing these deals doesn't scale well for them either.
So the niche content that's out there is really important for them still to have access to.
Is that because they want to have like the edge cases covered?
And so if people are going to ask them about badger farming, they need to make sure that they have access to badger farming content?
Absolutely.
I mean, you use one of these tools.
You can see exactly what they're scraping.
And the way we look at it is, you know, on one side of our supply side, right?
The way if you think about the market is there's no limit to what site you can scrape, right?
It's not just, you know, when we Google things, we're not just going to the big.
big brand name publishers, right? We're consuming content from all sorts of, you know,
independent journalists and authors as well, right? Like lifestyle bloggers as well. So I don't think
there's a limit to, you know, which content can be accessed or should be paid for by these AI
systems. Okay. Before we get into rates and how you guys are letting publishers and websites set
that up, I'm just curious about the other side of the supply demand equation, which is the AI
companies. You guys mentioned that you were speaking to them. Are they excited about what you
offer? Are they hesitant to pay? Would they rather get it all for free and just steal it? I'm curious
about how that side of the equation is looking. One thing that has been very interesting to us is
there are aligned incentives. I think they understand that you need to support journalism. You need to
broadly content creation. All of these models for their core training, they need the tokens.
They need access to breaking news, right, for powering their rag systems, for example, right? And you can't,
you can't cut off that supply, right? So there is an incentive.
on that side to keep it going. Question is, and I think where the waters get muddy is,
no one wants to say pay for content because everyone wants to protect their fair use argument,
right, if you will, right? And so what we're doing instead is we're focusing, we're shifting
the focus here, right, in which we're saying, actually, you're not paying for training content per se
through toll bit. What you're doing is you're paying every time you go and access a page for that
for that rag use case, right? You're paying a toll for a bit of information. That's where the name
comes from. And I think the incentives are aligned there. And this is where we're starting
our pilots with two AI companies right now, where they're going to be using our model to compensate
publishers, with two of them. Yeah. Which too? Can't say yet. Can't say just yet. How long until you
can tell me, just so I can have a general expectation there? Like weeks, months, years. It might be a few
months. Okay. I think we're all waiting. And I think this goes for the biggest AI companies out there.
everyone wants to see both on the publishers and the AI company side, what the unit economics
of this world looks like. And this is why we're approaching it with such care, because what we're
saying is people might not visit websites, right? You can't just put up a piece of content,
sprinkle some ads on it and then expect to make revenue, right? The world is shifting.
So if there is a new unit economic model emerging, right, where every time one of these AI
agents come, they pay some money to tax on content, what does it look like, right? What is the market
willing to bear. That's why we're selective about which partners we onboard on the demand side
and make sure that the publishers are also comfortable with those partners.
So quoting from one of your blog posts, imagine a future where micropayments are
seamlessly integrated into our interactions with AI assistance, every article, research paper,
and expert blog posts contributing to an answer prompts a tiny transaction. So essentially,
you guys really do view this as when a company that has a total bit of
agreement goes to, let's stick with Badger Farming, BadgerFarmine Information.com to collect
information, there would be some sort of transaction happening there, which implies that there's
going to be a set rate between that publisher, Toll Bit, and the AI company. Do the rates
eventually become standardized in your vision, or does everyone kind of pick their own pricing
and then there's kind of competition amongst Badger Farming websites to have the
lowest price, best content for AI ingestion?
Yeah, so I mean, to start out, we're having, you know, publishers are certainly setting their rates.
And we're massaging that for some of the pilots and working with folks.
I think where this definitely goes out in the long time, there's a couple different ways it could go.
I mean, one is what, you know, we could see a world where there's kind of a bidding kind of going on in an automated fashion and search pricing based on where we could help some certain publishers who may have niche content capitalize more on their revenue.
That's certainly one direction it could go in.
But I think fundamentally, you know, there's just going to have to be so much work that we do to kind of get to that place in the interim.
Right now, according to your guys' docs, there's kind of a hierarchy of how rates are set.
There's the bot level, the page level, keyword, time directory, essentially a way to sort how to determine what to charge.
With the now 100-7 publishers that you guys have on board, are you seen a similar vibe from them about how they want to price access to their content?
or are they all guessing in different directions as well?
Yeah, so it's interesting.
Those vectors for pricing have all come out of conversations with over 100 publishers at this point, right?
Yeah.
And I think the key is to set up a system that's flexible across all of them, right?
So, for example, there are folks who say, hey, I have tons of archives.
I have tons of content, you know, tens of thousands of articles every single year.
We need to find a way to apply a rate for all of them, right?
So this is where a directory base, you know, things this year might have a higher price than last year versus things in 2020 might be because it was an election year, right?
Might be super valuable again, right?
We have folks who have APIs.
So, for example, 12 bits sits in front of an API.
So instead of the partner onboarding every single, say, you know, content API consumer one or a time issuing new API keys, they can do basically a page-based.
So an API path, for example, can have a specific price.
And we enforce that and we debit the consumer as the API consumer has to use it, right?
Similar for keyword.
Someone was like, hey, I want my Taylor Swift articles to be worth more because she's very in demand
right now, right?
So all of these vectors, right?
And the goal of this is to say, we need to figure out, again, it goes back to the Wild West.
The laws, the rules are unwritten.
So we can come out and say, this is the way that we're going to start thinking about how
to price access.
And the key is, and sort of the world that we're ushering is we realize this sort of licensing,
It's a very time-consuming paperwork-heavy partnership-heavy process, right?
Is there a way where for infractions of a second and fractions of a penny, you can get a license
to use that content for rack?
And suddenly it's not illegally scraped information anymore.
So this is actually more complex than I thought it was going to be, but in a cool way,
because I feel like all the stuff that technology has done to extract money from consumers,
search pricing, differential charging for different things, when they're in demand or not,
whatever. Now we, the scribblers of the world, the word cells, are going to get to use that against the tech companies and they're going to have to give us more money when our stuff is in more demand. I think this is fantastic. You guys have turned the tables. It makes me very, very excited. I'm not going to lie. But Olivia, sorry, I catch you off.
No, no. I think I was just going to expand upon to to this point, like how folks are thinking about the pricing of their content and data and going back to what we were talking about with retrieval. It's really what is the value of one page view. So oftentimes that's really comfortable for folks to back into versus there's a lot of
about how you would price content for training use cases.
But the things that Toastet just outlined, whether you're pricing it by, you know,
the time and age of the content, et cetera, are really valuable and very, it's oftentimes
something publishers have thought a lot about in terms of the value of their content,
whether that's the CPM rate or RPM rate or something that's familiar for them to back
into.
Okay.
Now, let's expand here and talk about other types of data.
We started off talking about Zillow and Realtor and other real estate data sources,
which is incredibly valuable information.
There's also data about the stock.
market and global economies and sports and just we can make a big list.
Do you guys envision working with everyone, I don't know, from like the ESPN stats team through
like the NASDAQ?
I mean, it seems like the aperture here is almost infinitely wide given the types of data
that you could ingest into the total system.
Yeah, absolutely.
I think it started with publishers.
We've expanded beyond that, right?
So we have folks who like, and I think this is why we, for example, have the page base rates,
right, which was super important for especially our API driven partners.
So we have partners who have, and this is going to be very important for the election coming up, right?
They have really up-to-date high-quality election content, right, that can be available through TOLBid, right?
And we send from their APIs and you could act as you could pay to get real-time election coverage, right, from this partner.
We're working with folks, for example, who too have, I think, a lot of sports content, right?
So as sports scores get updated, right, you can consume this information.
You don't have to go out and scrape it.
You can get it directly from the source, right?
And it oftentimes comes, it honestly oftentimes comes at fractal.
of a penny in some cases.
Okay, so clearly people want to get compensated for their content.
You're working with two AI model companies that shall be named later on to get the process going.
The aperture is quite wide.
When does the system begin to fully operate?
Are you guys running revenue from your two AI model partner companies through the system
to publishers now or does that happen later on this year?
That'll happen in a couple of months as part of the pilot we're working on.
In a couple of months.
Okay. When that happens, you guys have to let me know because I'm so curious to see how it all
kind of works when it turns on. But just before we go, there is a shift in the wind, I want to say,
for a long time, the robots exclusion protocol, REP or just robots.txte has been the
unofficial rule of the internet, essentially letting websites say to crawlers and other sources,
hey, go away or here are the rules. And there's been some push by, I was going to say,
perplexity. I didn't know they were a fellow portfolio company with you guys, but the perplexity
CEO said, that's not law. That's kind of good manners. If
robots.TXT falls and people no longer respect it. Does that represent a material threat to the
Toll Bit model? Actually, no. I think it dovetails pretty nicely with I think some of this reporting
that came up in those last month, right? So I think, Olivia alluded to this earlier, right? We had
dozens of companies using Tollbit that saw in the analytics product that we, content was still
being accessed, right? You know, there were companies that weren't supposed to be accessing the content
that we're technically blocked, that we're still coming and accessing it.
The argument on the other end is, yeah, well, it's a best practice.
It's a guideline, right?
It's not really enforceable.
So, well, we went back to, I think that speaks to, I think, the onboarding that has happened
since then, right, in which we say, well, we turn your robots text file from a passive
compliance to active enforcement.
So if someone is not supposed to access that, we actually force them to a bot paywall.
We tell them, we take them to a page that says you are not authorized to access this content.
We put them on notice, right?
So now you have two choices.
either you go and you make a licensing deal with this company,
or you continue to act surreptitiously and bypass this paywall and go scrape that content.
So you're not only offering people a door that they can come in through if they pay a fee,
but you're also building a wall to make it more enticing to go through the door.
Ah, so kind of carrot and stick, if you will.
Okay, I love that.
All right, well, guys, thank you both so much.
I'm very glad we put you on the Twist 500 because you guys are doing very, very interesting things,
and I can't wait to see what comes next.
And when you do get those AI partners live, give me a call.
In the meantime, I'm Alex, Olivia Toset.
Thank you so much.
And we'll see you again later on on Twist.
Welcome back to this week in startups.
We have yet another Twist 500 interview for you.
Now, if you care about the era of AI, if you care about cybersecurity, you know, it all boils down to data.
So we've been taking a look at the startups that are working in the realm of data that are growing the quickest and are the most excited.
And that's why I'm very glad to have Sayera on the show today, C-Y-E-R-A.
It's short for Cyber Era Shmushed together.
And we are very lucky to have Tamar, Bart, along with us.
Tomorrow, welcome to the show.
Thanks so much, Alex.
Really happy to be here.
So we put Sayera on the Twist 500 for a couple of reasons.
One was the recent fundraise, the valuation increase, and the cadence of the work that you're
doing on the financing side, but also just because data seems so important today that
it's impossible to ignore from a startup perspective.
It's a little complicated when we talk about enterprise data management.
So what I want to do is start with just you breaking down.
what Sayyar does in your own terms for folks out there who may not be yet familiar.
Data is really changing the world as we know it.
And Gartner says that by next year, there will be 180 Zabites of data in the world.
And just to put that in perspective, and I assume most of the audience is asking what the hell is a Zabyte.
So if you sum up the number of grains of stands in the entire world across all the deserts and beaches,
and oceans, you get to one Zabyte. So 180 times more than that. And we're seeing how every enterprise
now is becoming data driven and hiring data analysts and data scientists and data engineer. And that's a
huge, huge revolution that almost every enterprise in the world is undergoing. And Satera,
the goal of our business is to enable that revolution and to enable these enterprises
to leverage data and use data to benefit their customers,
but to do it securely and to do it according to all the regulations and compliance frameworks.
So TechRanch and my friend Ingrid London over there described you guys as having built a platform that quote,
takes a full assessment of an organization's data, where that data was created,
where that data is stored, and where their data is being used.
Is that a good summation of kind of what the business does?
100%.
Okay.
The background here, given the Zeta,
comment is that there's the world is a washing data. But I also presume that the average company
out there has never generated and therefore needed to store and protect more data than they are
today just because it seems that everything is kicking off more total information as time past.
Yeah, exactly. And it's not just the amount of data. It's the number of different data platforms
and data technologies. And you have snowflake and data bricks and Redshift and BigQuery and ETLs
and a bunch of different platforms,
and they're all making that data landscape much more bigger
and much more complex.
Yeah, and you guys talk a lot about how Sayera will link to existing native APIs
to let companies sort out where their data is
and kind of get a better visibility into it.
And you discuss how that part of your business is agentless.
And because I do not do data work for large companies,
agentless is just a term to me that I know kind of loosely what it means,
But why is that an advantage for Sarah as you guys approach the market?
In one word, because of time to value.
If you have thousands or even tens of thousand of data stores and data technologies across
your environment, you need a very, very, very simple way to connect into those data
stores.
And if you need the opposite of agent list is agent-based, so if you would need to look at
these data stores one by one and install software on them or connect H-1-1-1-Southware on them or connect
page one separately, that just doesn't scale an environment where you have tens of thousands of
data stores and hundreds are popping on and off every day.
Okay. So essentially, it's a complexity point and you guys don't need to have people go out
and do it. Okay, that makes a lot of sense to me. Now, DSPM is data security posture management,
and this seems to be a very big deal for both Saera and also, I would say, the larger data
cybersecurity space. So visibility into where there is sensitive data is part of
that, but it seems to also be a question of who can access that data. So should I think of
DSBM as kind of like a map and then a set of keys, perhaps? Yeah, totally. A map, a set of keys,
and maybe most importantly, highlighting where you have data at risk and where you have problems
and where you have exposure. That is what it essentially comes down to. Say, DSPM, it's a super
exciting space and from our perspective, a space that didn't exist three or four years ago
at all when we started the company. And you know, to all the founders listening to this podcast,
when we set out to start the company, not in our wireless streams, did we imagine that DSPM and
Zaira become like a domain of its own? So like you said, now this is a space that's recognized
by all the largest security companies out there and largest customers and largest research firms.
So it really has been an incredible journey to see this just blossom and just become a thing that from thin air, you could say.
Or as people like to say from zero to one, so my question is, companies have had data for a long time.
The cloud isn't new, having, you know, data spread around a hybrid environment, not new.
So why is DSPN something that just kind of came into being in the last couple of years?
or what drove the need for this that wasn't there before?
It was always, always a problem and you always had a lot of data.
And at no point was it easy for an enterprise across its thousands, tens of thousands of employees to know what data they have out there.
But this question has really come to the forefront now that enterprises are looking to leverage data as their business driver and as their key to.
success. And we're seeing so many companies where we're speaking to the tech executive there.
And they're saying the CEO is speaking to the entire company and talking about data as their
business differentiator and as the way this company beats its competition and serves its customers
more. So suddenly, I feel like the entire enterprise is putting data in the front. And
chief data officers, actually a sea level executive that's in charge of data, something that didn't exist or was very rare 10 years ago.
And suddenly we're seeing this in so many of the largest enterprises in the country.
So this is putting a huge focus on data at enterprise-wide, and this also includes security.
So suddenly, data is becoming a much more important pillar and element to security teams as well as to the entire company.
Okay, so the overall data platform that Sayera offers to customers does two main things.
One, it helps people keep their data secure, understand where it is, you can access it, and so forth.
And it also allows companies to better leverage it to generate insights, build better stuff, and so forth.
So it's a shield, and it's also kind of a sword at the same time.
Is that fair?
Yeah, it's totally fair.
I'll give an example.
I think now Chad GPT came out around a year ago it was, and suddenly,
a lot of enterprise want to leverage chat GPT
because what's more amazing than getting twice
that amount of work done in half of the time?
Right.
But then these enterprises are asking,
how do we use chat GPT?
What data are we sending into chat GPT?
Are we sending our most sensitive IP or customer data
into these tools?
And even asking, wait, are there things
we're not allowed to use chat GPT for?
Because if you're a financial,
You can decide whether to give a loan to a person based on chat GPT that would violate the fair lending rules.
So you want to, there's so much potential, but a big enterprise can just turn this on and hope for the best.
They really need to understand what's going on.
And that brings on the question of what data is going into these technologies and what are we using these technologies for.
Yeah. Well, I wanted to kind of work our way towards your recent funding round by kind of unpacking the different things your company did because I think it shows that it's doing a bit more than just what we might bucket as cybersecurity. Frankly, although I do think all this lands under that loose umbrella. I want to just talk about the recent round for a minute because a lot of founders watch the show and they're always curious about how people who are successful fundraising or approaching it. So you guys put together a massive round and I think it was announced in April.
roll $300 million, $1.4 billion post, about a year after your proceeding round. So how did you
manage to raise two very attractive funding rounds within about a year? I think the answer is simple.
Don't focus on the funding rounds, focus on growing your business. And I meet with a lot of founders
at different stages and a lot of time the conversation is around how to approach fundraising.
And for my limited experience, funding is you have to do it like very, very quickly and efficiently
and not to think about it when you're growing your business.
Because it's so hard to focus on the customers and to focus on closing deals and on giving
value when you're distracted by fundraising.
So honestly, it's not like something that was so remedated or,
it's not like we were
blotting the fundraising round
months ahead of time. We were
focusing on the business and we
had achieved a lot of momentum.
And then it was more of
a split second decision to
go and try to
capitalize on that momentum
to raise capital.
I think that has to go into the history
books as the most polite, humble
brag I've ever heard.
Because I think if you do have the
metrics to make fundraising quick and easy,
is something you don't have to focus on.
It does go pretty smoothly.
I just think that probably more startups than it fit into that bucket
are probably being a bit more strategic because they don't have as much momentum perhaps.
So can you tell people who are listening anything about the company's financial performance
in the last year, 18 months?
I'm very curious.
Yeah, totally.
And now it's just to go back to the point.
I agree.
It's not like the circumstances aren't always favorable.
And sometimes you have to raise funding in not ideal.
I guess my point was more that it's easier to achieve favorable circumstances when you're not focusing on the fundraising.
Oh, absolutely.
But totally agree.
The reality is not always ideal and not always like the way you want it to be.
The company now were at tens of millions of dollars of ARR right now and grew, I think, 7X from 2022, which was the first year we started selling to 2023.
Wow.
That was 700% growth on ARR between year one and year two.
And now we're in the middle of year three.
Just closed a very good U2 two days ago.
So July 31st and shooting to 3 to 4X that revenue this year.
So in the old days, we used to talk about the triple, triple, double, double, double.
I've never heard the 7x, 3 or 4x.
That's very, very impressive.
Now, there's been a lot of conversation in and amongst the startup world about balancing
growth and profitability, growth and burn essentially.
What's the Sirea perspective on cost containment while also pursuing incredibly rapid growth?
Our perspective is higher as fast as we can while keeping the bar very, very high.
So if you have an opportunity to hire a great person, that's an easy decision always.
So we're pushing on engineering and sales and marketing and across all the departments
to hire very fast while maintaining a very high bar.
And I usually find that it's not easy to find great people.
So when you set the bar very high, that kind of limits your ability to grow fast.
So yeah, that's the...
the underlying
methodology here.
I like that.
I think sometimes companies are willing to
not loosen their hiring norms per se,
but simply be a bit more aggressive in staffing up.
And I think that can lead to cultural drift,
for example,
as certain companies are just,
you know,
people that don't quite fit in with the overall vibe.
So I quite like that.
Now,
going back to product,
on the Chad GPT point
and companies getting ready
for kind of an AI,
AI future,
how far along is the average
say, a customer in terms of getting themselves ready to use their data safely inside of an AI
feature. Because to me, I know everyone's getting ready or preparing or talking about it,
but I don't know how much progress they've made so far.
So usually the business determines the pace and security is trying to tag along.
I haven't seen many businesses where security is the one with their hands on the wheels,
setting the pace. So it's usually enterprise adopt, you know, the business drives the
business. Not a groundbreaking statement here, but really there's pretty meaningful initiatives to
adopt AI. And security teams are trying to tag along for the ride and make sure that's done
securely. But as a security team, it's not easy because it really, it's not like you can set the pace
and it's not like you want to hold the business back. So I think a lot of CISOs and
and security teams now are looking to be enablers and looking to see how they can help drive
this data revolution forward rather than hold it back. So I'd say that job is not easy to
both make the transformation secure while not wasting valuable time.
You joke that saying the business drives the business is not a shocking statement,
but it's good to keep in mind that that will help us striate or differentiate
AI adoption levels, which will then impact overall purchasing flows.
So for founders who want to serve, companies that want to use AI, that should help them stack
rent, kind of what industries to look at.
So it's useful, even if it is, in retrospect, not the most globe-shattering revelation.
But I appreciate that all the same.
It's also good to know what is true versus what is it.
Now, I'm curious about demand, because we know, we talk a lot about cybersecurity,
and I feel like there's a breach every week that makes me sit up and want to cry.
And there's also this, you know, very exciting AI future out there.
And you guys can kind of help on both sides.
So when it comes to like demand for what Sarah's building, is it the, the cybersecurity,
help me figure out my data and keep it secure side?
Or is the we want to get ready for AI that's driving more of your growth today?
It's both.
I think when there is a business driver like enabling AI that makes the projects much more
of a top priority.
And that makes budgets bigger.
At the end of the day, when we go to the CFO and when our project needs to be approved by the CFO,
it's much easier when the reason for the project is it's an accelerator for AI adoption than purely risk production.
So that definitely helps us with the economical climate in the last couple years,
we're seeing a lot more interactions with CFOs and CFOs want much tighter control.
on spend.
So the fact that we're
like tying into a critical
business initiative is
amazing and really helps
Zairea's business. So essentially
CFOs are willing to spend money on gas
pedals, but are a little bit less
excited about spending money on seat belts.
Okay, I can see that.
That also helps me understand kind of
where people are putting more of their folks today, because
it does seem that overall software growth
has slowed. So I think that
companies wanting to do more with data to help,
drive more revenue makes a lot of sense, given where we are economically today.
From a business perspective, like when the market dropped a couple years ago, we were really
bracing for a difficult time. And I think we were very pleasantly surprised to see that at the
end of the day, software that helps drive the business forward is still very much in demand.
So we were able to accelerate back very, very quickly, and that was great.
Yeah. I'm not surprised that software has recovered in certain areas, but I am a little bit surprised at some of the enterprise numbers we've seen from tech companies large and small. And one thing tomorrow that I've been kind of tracking is just changes in net retention at a lot of software companies. And they just seem to be pretty lackluster compared to recent historical norms. Has Sayer run into any kind of like pricing pressure or anything from a macro perspective that could be impacting results? Or is that a bit too far?
away from where you guys are today.
Yeah, so we have been feeling price pressures and customers are tightening budgets
and it's harder to get larger spends.
I guess if the climate were different, maybe we would have been able to grow even faster.
Actually, that's really interesting.
I wonder if you're a 7x would have been an 8X, for example, going back to 2020.
You can always do better.
You can always tell our CRO.
No pressure or anything at all to keep those numbers up, though, right?
Yeah. I want to talk about just cybersecurity from a general perspective for a minute, because I don't live in a cybersecurity world. My last major corporate job, I was so far down in the Oregon, I didn't have any real visibility into how we were trying to keep ourselves secure. How are we doing as a species on cybersecurity? Because it feels like we're doing worse. But I know that that might just be me reading some headlines. So how are we doing, generally speaking, in cyber security today?
there is a lot more, a lot more growth in this space and a lot more understanding that exists
in this space versus four years ago. Like I said, a second ago, you could always be doing better.
And it's usually the most fundamental problems that keep tackling and keep biting companies
and are the hardest to solve. It's not necessarily the most sophisticated
grand cyber security attacks that only the top espionage agencies in the world can carry out
that are causing the largest breaches or the majority of the breaches. Usually it's the fundamental
problems like having data that's just publicly exposed because somebody accidentally turned
access on wider than he should have. Usually it's those kinds of errors that end up causing
the most damage. And I do think that there's progress, but it's a big problem to solve and
things take time. On that point about how easy it is to make a mistake and how data be exposed
to the public, we always hear about leaky S3 buckets, for example. That seems to, it's just a never-ending
issue. And also, when I was prepping for China, I was going through the different Sierra things
that you guys do. And one of them is data access governance, which I kind of summarize as like passport
for data access, like who can do what,
that to me is like locking a door
and making sure that only some people have the key,
which is good.
But we also have a lot of encryption technology today
that I think both at rest and for data and motion can do quite a lot.
And I know the CEO over a company called Skyflow, Antusharama,
who's taught me a little bit about zero trust encryption and so forth.
So I think about this, but do we need to have more companies
just do a lot more encryption of both data at rest
and in motion to prevent the public access mistakes from becoming so dangerous and damaging to
the digital economy?
I'm not sure that's a magic solution.
I think that applying encryption could be incredibly valuable, but there is a perception
sometimes that, okay, let's just encrypt everything and that will solve all our problems.
And that notion I don't find to be true.
At the end of the day, you need the right people to be.
be able to decrypt that data and to be able to access that data.
And if all the data is encrypted, then it can't provide any value.
It goes back to the problem of how do I control who's able to decrypt the data.
And it kind of goes back to the access problem that we've been talking about.
All right.
We have to leave it there.
We will have you back on the show because I have many more questions.
But just before I go, can you please promise to not sell to Google before you go
public? 100%. I think the same way,
Nvidia and is now the biggest company, or at moments, the biggest company in the world,
and that's thanks to the data revolution that we've been talking about.
I truly believe in all my heart that the data security company at the future will be
the biggest cybersecurity company out there, and that's just too big of an opportunity
for us to give out. All right, folks, you're already here first. Tomorrow promises to go public
that can become the next $5 trillion company.
For everyone who's been tuned in to these Twist 500 interviews,
we have more coming.
Of course,
if you want to check out the whole list that we are growing as we speak,
twist500.com.
If you want to submit a company for consideration,
Alexw atlaunch.com.
I'm Alex over on Twitter.
Jason is Jason over on Twitter.
Thank you tomorrow for your time.
We'll talk to you soon.
Bye, everybody.
Thank you, Alex.