Dean Sysman: Betting on a boring problem and scaling Axonius past $100M ARR

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Sid Trivedi (00:04):
Welcome to Inside the Network. I'm Sid Trivedi

Ross Haleliuk (00:08):
I am Ross Haleliuk.

Mahendra Ramsinghani (00:10):
And I am Mahendra Ramsinghani. We have
spent decades building,investing, and researching
cybersecurity companies.

On this podcast, we invite you to join us inside the
network where we bring the bestfounders, operators, and
investors building the future ofcyber.

We will talk about the hard parts of the
founder journey, launchingcompanies, getting to product
market fit, raising capital, andscaling to an exit.

And, yes, we will also be talking about
epic failures.

But, Mahendra, we're here to make the founder
journey easier.

That is correct, Sid. But we cannot make
it too much easier becausestartups are hard, and, of
course, you already knew that.Alright, YouTube. Enough. Let's
get started with this week'sepisode.
Guest today is Dean Sysman,cofounder and CEO of Axonius. He

(01:12):
brings a contrarian message. Donot start a company unless
unless you absolutely have noother choice. Tempered by the
failure of his first startup,Dean has a good reason to issue
that fair warning. His firststartup, Cemetria, was a
deception security company thatwent through the ups and downs.

(01:34):
They got accepted by YCombinator, which was a high
point, but then they struggledin the noise of a hype driven
market. They could not raiseadditional capital and
eventually had to shut thecompany down. But that failure
did not break Dean. Knowing whathe now knew, having seen this
battlefield of startups, heabsolutely had no other choice

(01:57):
but to start again. Now thistime around, Dean two point o is
a bit more savvy, a bit moremature, and a lot more
strategic.
His company, Axonius, crossed100,000,000 in ARR in just under
five years, has raised over half$1,000,000,000, and has valued

(02:19):
over 2 and a half billiondollars. Dean Spap has been
unconventional from the start.Teaching himself to code at a
very young age of 12, winning aninternational robotics
competition at 15, and at 21,leading a team in Israel's elite

(02:39):
unit 8,200. In our episodetoday, Dean shares what those
high stakes environments taughthim. Responsibility, resilience,
and why startups should be yourlast resort.
We dive into the lessons behindhis first failure and how that
helped him to create a newcategory, cyber asset

(03:02):
management, and his recent200,000,000 capital raise to
fuel his growth by acquisitions.From a military cyber ops leader
to building a unicorn, Dean'sstory is a reminder that in this
world of startups, failure canslow you down, but it cannot
stop you. Dean shows us that youcan turn that failure into a

(03:26):
gift, and you too can use yourskills and tenacity to make our
digital world a much safer and abetter place. Let's get started.

Dean, welcome to Inside the Network.

Dean Sysman (03:41):
Thank you. Thanks for having me.

I've heard you were a really bright kid growing up
in Israel. You taught yourselfto code at 12, and you won an
international roboticscompetition at 15. What sparked
your passion for computers andcyber as a kid, and how did
those formative experiencesreally shape that that
trajectory of being a founder?

Yeah. I think it's just my lack of success with
people that drove me to my loveof technology and computers
specifically that when I startedto play video games as a young
kid, it was so fun for me. Iwanted to create my own game.
And then when I learned aboutprogramming, that made it even
more interesting because insteadof just playing a game with

(04:25):
fools you're trying to win, youcan actually create the rules
and create your own world, andthat made it, like, a big
passion for me. And then when Igot the opportunity to be in the
robotics competition, when wewon the gold medal, we got back
to Israel.
Like, we got our fifteen secondsof fame. Right? We're in, like,
morning shows and newspapers andwhatever. And I suddenly
realized, wow. This isn't justsomething that's fun for me.

(04:46):
I can actually create impact onother people by this work that
I'm doing. So that was sort ofhow I got down the path of
understanding the meaning andthe fulfillment of doing very
interesting things withcomputers.

And was cyber ever a, you know, topic that that was
interesting in those earlyyears, or did you ever consider,
you know, hacking and trying toget some of these games for
free?

Yeah. So funny enough, I never had a way of
getting into hacking orcybersecurity. And, actually, my
biggest topic, it's which isironic today, that I really
loved was when I did mybachelor's degree before the
army. The biggest topic that Ilove was actually AI or machine
learning. That's what I did mybachelor's degree and course in

(05:35):
and my research seminar.
But then when, obviously, I gotinto the army without talking
about what I did there because Ican't, it's pretty obvious that
I have a lot of cybersecurityexperience. And I was fascinated
by the story of hackers as akid, but I was never able to
really learn anything. I did,like, try and read, you know,

(05:55):
the 2,600 magazine and Freck andall those kinds of things. But,
honestly, I just was neverreally able to understand it
well enough to start to practiceit.

Very interesting, Dean. I've written extensively
about the IDF and its elite uniteighty two hundred and the
impact this unit has had on thecybersecurity innovation and the
startup ecosystem globally. Youwere leading a team at the Unit
eighty two hundred by the age of21. What did that intense
experience teach you? What didyou learn that has later on

(06:26):
informed how you buildcompanies, how you navigate
situations as a leader, and,ultimately, how you operate as
an executive of a of a securitycompany.

Yeah. So I got into the army when I was 19. I'd
already finished my bachelor'sdegree. I already knew how to
program pretty well. And I hadnever really had any person
around me my age that that wasas deep into computers as I am.
And then I got into the army,into this very special secretive
course that was part of theintelligence community around

(06:57):
cybersecurity, and I was withthese 30 other kids, same age as
me. And once I got to know them,I was, holy, you know, holy
shit. These guys are way smarterthan me. Like, I am one of
probably the least knowledgeablepeople here about programming or
or networking or cybersecurityor OS internals or all that kind

(07:18):
of stuff. And as the courseprogressed, I just realized how
much the bar could be higher.
And that's one of the thingsthat makes Unit eighty two
hundred so special. They canpick whoever they want out of
the age group that gets into theinto the age of getting drafted
into the army. But the otheraspect that I think people don't
talk about enough is as soon asI finished the course and I got

(07:41):
assigned to the section I'm in,they put me into a team. They
said, hey, Dean. This team isworking on this project.
Now this project had a technicalangle, but it was part of this,
you know, country level,national level intelligence
project or requirement that thistechnical need tied to that, you

(08:01):
know, intelligence project orintelligence need. And they told
us, look. It's your team that'sworking on it. If you guys fail,
then the whole intelligence goalis not gonna be met because
it's, you know, it's part of therequirements chain of it
working, and there's nobodyelse. Right?
It's like, we were five guys.You're it. That's it. And you

(08:25):
sort of realize, wow. My familyback home don't know anything
about what I do, but they'redepending on me to help make
sure that they're safe.
And, you know, some people,like, at that age might not be
able to embrace that level ofresponsibility, and that's
completely understandable. Butif you can embrace the level of

(08:47):
responsibility, you realize,woah. I have five years now in
the army. The people who do myconcourse and and, you know, our
officers, and end up doing aservice of five years at least.
And you're like, I can dedicatemyself during these five years.
And, one, I will be able to dothings that I'm very proud of
for my country and and for myfamily and the people I know.

(09:09):
But secondly, I'll benefit fromthis professionally in a in an
immense way because I'm gonna beworking alongside people who are
way, way smarter and deeper intechnical knowledge than I am in
a very competitive way. All Ihave to do is to go all in.
Right? I have to seriouslyimmerse myself.
And, you know, I I would be, youknow, doing all nighters just to

(09:34):
try and be able to succeed inwhat we're doing at any point in
time. In those five years, Ireally dedicated everything I
could to trying to besuccessful. And me and my two
cofounders and Axonius to, youknow, to in the future, we did
some amazing things together. Idon't think I'll ever, as as an
IC, will do things that are moremeaningful than what I did

(09:55):
there. And and, you know, thethree of us, we got a lot of
different awards for it, eventhe highest commendation you can
get for noncombat activity.
And I'm insanely proud ofeverything we've done there in a
very different way than, youknow, our success in the private
sector.

Dean, we had Tomer, the CEO and and founder
of SentinelOne, at the showtalking about some of his
perspectives about the, Unit8200 as an outsider, as some not
go to the unit. And I'm curious,from your perspective, there is
a lot of talk. Like, almosteveryone in in the cybersecurity
space or probably everyone inthe cybersecurity space knows

(10:33):
about the unit's existence. Theyknow that they do something
very, very deep and interestingabout cyber. What is it in your
view that people don't fullyunderstand or don't fully get
about the unit and the reasonswhy it is so powerful in
producing and then raising thatnext generation of cybersecurity
founders?
Like, what is somethingnonobvious in your view?

Yeah. So we we talked about the responsibility
factor. Right? Like, the love,like, the people who embrace
that responsibility, it drivesthem to be very, very committed
and, like, really have thatmentality of you can't quit
because there are other peopledepending on you.
It's much bigger than yourself.But I think maybe the other
thing is that the the unit, justlike any by the way, any

(11:17):
government organization in anycountry, in any place is
bureaucratical. It's broken.There are a lot of stuff in
there that don't make any sense.And one of the things that I
think is the unit also taught mea lot about how to do enterprise
sales because, like, there areso many conflicting rules.

(11:37):
There are so many conflictingand people with different
incentives, sometimes fightingwith each other over the same
goals, sometimes havingcompletely opposite goals even
though they're trying to achievethe same things. And you have to
sort of learn how to both bevery successful technically in a
in a world class way to achievewhat you're trying to do, but

(12:00):
you also have to learn how to,like, get through all this,
like, organizational sort of,you know, obstacle course to
figure out how to get the wholeorganization to actually achieve
what you want. And that's verytrue for enterprise sales.
Right? Like, sometimes you'll goto a person who might even be
the economical buyer, who mighteven have the budget, they'll
say, oh, I wanna buy this.

(12:21):
But that's never, like, thewhole story. Right? They have
their colleagues who they wannaget their approval, or, for
example, they wanna make surethat the team who's gonna own it
are up for it. They have to makesure they're not competing
against any other objective thatthe company is doing. They gotta
make sure that, you know,there's all these feathers you
don't wanna ruffle, and you haveto create this, like, momentum

(12:44):
to create a win in anorganization that's that's not a
small number of people.
So I think that's also a bigpart that nobody's really, I
heard, has talked about. Like,the bureaucracy of the army
helps you understand how to doenterprise sales. And by the
way, to some people, it becomescrushing. Right? Like, some
people can't handle it, and theythey go crazy.

(13:06):
But some people, if you just,like, understand it is the way
it is, the only thing you can dois to understand how to how to
play that game. You actuallylearn a lot that helps you in
the future.

Yeah. Dean, it's interesting how you
you sort of correlate this withplaying a game and going back to
your video games childhood.Like, if you look at hurdles as,
you know, the ping pong game ora Mario game, then you can
easily overcome them. Now 80 to100 has also taught you
something that that it's like amindset that if you don't do it,

(13:35):
who else will? Who will?
Right? And that mindset sort ofis a very interesting one. You
have translated that mindsetinto telling a lot of your
entrepreneurial friends that donot start a company. Do not
start a company unless unlessthat's your last choice. So help
us understand why Axonius wasyour last choice, and how does

(13:57):
that philosophy play out in inbuilding companies?

Yeah. So I my upbringing, my my childhood,
and, you know, all the way untilI became until I joined the army
and then became an adult andindependent, Me and my family
went through a lot ofchallenges, both economical and
social, and that made me from avery young age realize that I
have to be independent, and Ihave to earn everything I would

(14:24):
want out of life. Right? I'd I'dnever be gifted anything. I'd
never be given anything.
And I always set out to say,like, I wanna find something
that I'm passionate about thatmakes me feel like it's creating
meaning for me in my life, but,obviously, also, gonna make me
successful. It's gonna make mebe able to provide for my future
family and be able to get thethings in life that I never had

(14:47):
as a kid. And I think that'swhat made me really
entrepreneurial. Right? Thatunderstanding that you just
can't depend on anybody else forwhat is the most important
things that are in your life.
But, you know, now having beenthrough, you know, our my first
startup, which was calledSymetria and wasn't a great
success. And and by the way,Mahindra, you know, we tried to

(15:08):
raise funding from you as anangel. We you said no and
rightfully so, very smart of youto do that because we were in a
in a bad market position to bein, bad category, and we didn't
even execute the best out ofthat category. But that taught
me a lot of lessons that I tookinto Axonius, and we built up,
you know, an amazinglysuccessful company that's

(15:30):
delivering so much value. Butit's never worth it.
Right? Like, if you're trying tothink of the outcome versus the
amount of stress and emotionalhardship and dedication and
sacrifice, I wouldn't be able totell anybody that it's worth it.
Actually, I think it's much morebeneficial to be an investor,
which two out of three of youare are already doing, so you

(15:50):
guys are way smarter in yourlife choices than I am. But to
be an entrepreneur doessomething that that has no
comparison, which is you feellike you really created
something that's bigger thanyou. Right?
When I met my wife, we startedto talk about Axonius as her
adopted kid. And even today, youknow, we had a son that was born
five weeks ago, and weconstantly talk about how our

(16:13):
kids make us prioritize betweenthem. Right? And Axonius is one
of those. Right?
We have our daughter. We haveour son. We have Axonius. And
the three kids, I gottaprioritize between them
depending on on, you know, whoneeds who needs my attention at
any point in time. And we reallyfeel that way about the company.
So I think if you don't wantthat level of responsibility, if

(16:33):
you don't want that level ofcommitment, if you don't wanna
feel like your identity is verydeeply wrapped up with the work
you do, then you shouldn't dothat. So there's a quote from
Elon Musk that I love withoutgetting into into the persona of
Elon Musk, but I love the quote.I think at some point, this was
during, you know, the theinflationary period couple years
ago, somebody asked him, youknow, what are your words of

(16:56):
encouragement for entrepreneurs?And he said, if you need
encouragement, don't be anentrepreneur. Right?
Like, that's what it boils downto.

Well, you talked a little bit about Cymmetria, so
let's let's go into the firstfounder journey before we get
into to Axonius. Right afterfinishing in the military and
and unit eighty two hundred, youcofounded Symetria, which for
context for our listeners is awas a cybersecurity deception
startup. And at the time thatyou did it, deception security,
I remember this, was the numberone category identified by

(17:27):
Gartner. I think, you know, manyfolks don't realize this, but
there were several majorplayers. It was considered very,
very interesting, you know, asubmarket to go after.
And you went through YC. You'repart of the summer twenty
fifteen batch. How did thatopportunity to work with your
first cofounder, Gaudi Efron,come about? And what was it like

(17:48):
building your first company asa, you know, 20 founder and
really learning those ropes?

Yeah. So I was coming up to the end of my army
service, at least the initialcommitment. And I loved what I
did in the army, and I wouldkeep doing it. But, honestly,
one of the things that's reallyhard for me is I have to if I
can be obviously a leader, butif I follow somebody else, I
really have to believe in them.Right?
Like, I I really have to say,like and at that point in time,

(18:16):
actually, the leadership in thein the unit that was above me, I
just didn't I just didn'tbelieve in them. Like, I it was
very hard for me to follow them,so I said I'm not staying. And I
left I left at the end of of thefive year tenure. And I was
like, what am I gonna doafterwards? Because I knew that
if I have like, I'm gonna joinsome regular job somewhere, I'm

(18:39):
gonna go crazy.
And I knew I didn't know enoughabout the world to be an
entrepreneur. I was like, I Iknow technically, like, really
well a lot of stuff in cyber,but I have no idea what it's
like to run a company or build aproduct or sell to a customer.
So I just started to ask peoplearound. Hey. Like, what do you
think should I do?
And one of my best friends todayin the industry, Ron Ryder, who

(19:02):
was the founder of Crosswise,now the one of the founders of
Centra, and was, you know, inthe same place as me in the in
in the unit. He introduced me tothis guy. Said, look. He's very
experienced. He has an idea.
He already started raising somefunding. He's looking for a
technical cofounder. And by theway and, you know, let me say
something controversial. Right?Like, knew that a person like

(19:25):
that who doesn't already have atechnical cofounder, like, it
means that something's wrongwith them.
Right? Like, because if you'rethat experienced, if you're
like, you know, people know you,you're that successful, why
don't you have a technicalcofounder? And and I met him.
I'm like, let's see what this isabout. And I understood, like,
he's one of those people whohas, like, these amazing

(19:47):
strengths, but, also, mostpeople don't understand him.
It's like he's not you know,he's sort of an acquired taste,
and I have a lot of, you know,admiration and respect to him.
But I understood why, you know,some people might not get him. I
was like, great. I know exactlywhy I'm a match for this guy. I
loved his idea, and his ideareally appealed to me coming

(20:10):
from an offensive background.
Right? And the idea was, let'sjust take, you know, what people
talked about as honeypots, whichare these tools to detect
attackers by basically laying atrap, right, inside the network.
The only advantage a defenderhas is they know their network
better than the attacker. So ifwe put these things out there in
the network that nobody knowsabout, only attackers are gonna

(20:34):
interact with them. But nobodyever took that to be, like, an
enterprise level solution.
Right? It was all these, like,open source tools and
everything. So that was theidea. And to me as an offensive
cyber background person, thatreally appealed because I was
like, woah. That would actuallyreally, you know, deter me or
slow me down or frighten me.

(20:55):
And here's where, you know, youstart to realize that that was
the wrong perception to whatmakes a successful company
because I wasn't thinking fromthe perspective of the customer.
I was thinking from theperspective of the threat. And,
you know, we joined forces, andthen we start we wanted to
continue raise our it was atthat time where you don't just

(21:15):
get a blank check to you know,with no idea. Right? You got you
actually had to do a real angelround, which is like you start
to raise from a bunch ofdifferent small checks and you
sort of rolling it up.
And one of Gotti's greatstrengths was he's so good at
creating relationships withpeople. And somehow, we got you
know, we went to the Bay Area.Somehow, somebody told us, you

(21:38):
should join YC, and we didn'treally know what it was. And
back then, YC was way smallerand also didn't have almost any
Israeli founders that wentthere. But, you know, we heard
about it.
We said, like, wow. This is,like, so super impressive, and
we joined there. And to metoday, that's really funny
because some people are very,like, famous today, like Sam

(21:59):
Altman. You know, we would just,like, spend, you know, just days
in the office with them, justspend talking to him. And and by
the way, he's as unique of amind as as you think he is.
Like, everything he says soundslike a pitch. Like, literally,
like, you would ask him thisquestion. He doesn't have any
answers besides, like, the mostconcise, most accurate way to

(22:22):
phrase something. It's it's,like, insanely amazing. And Paul
Graham, also the like, he he'svery similar in that way too,
maybe a little more thoughtfuland more deep.
But what YC really taught us isthat you have to really
understand how fundraising worksby understanding what are
investors looking for, not likewhat your customers are looking

(22:45):
for, not what has made greatcompanies be successful in the
past. You really have to putyourself in the shoes of an
investor just like the bestproduct strategy is when you're
able to put yourself in theshoes of the user and the
customer, which is sometimes aretwo different people, but
sometimes it's the same person.So that, you know, that led us

(23:06):
to raising our series a, whereit's about $50,000,000. And we
started to get some customers,and our product was was pretty
good. And it actually worked inmany ways.
Like, we caught several very,you know, high level threat
actors. We even did one APTreport around a threat that was
unknown before us and, has beentracked as a nation level, actor

(23:29):
since then. But, ultimately, theproblem with cyber deception was
that it was a Ferrari. It wasthe thing that you only buy
after you've already boughteverything else and, you know,
you still felt unprotected andyou still wanted that extra
thing. And the worst part aboutabout cyberception is the the

(23:52):
greatest challenge in cyber isthat you wanna avoid selling
insurance.
Right? You wanna avoid selling.We're gonna reduce the risk of
something bad happening that youcan't measure today because then
how are you gonna get, you know,justification for it? How do
you, you know, do pricingdiscussions? Right?

(24:14):
Nobody wants to spend a lot ofmoney on insurance. They wanna
see the outcome. They wanna seethe value immediately. Right? So
it was very hard to sell cyberdeception because nothing would
happen.
Or if something did happen, youjust get lucky. But most of the
time, nothing would happen. Andthen, you know, people started
to say and this is not just us.It's also the other companies in

(24:34):
the space. Well, you should runa pentest or have a red team try
and attack and catch it.
But then it becomes this, like,such a convoluted sales process.
And even if that's successful incatching the red team, it's
still not that impressive.Right? Like, you know, okay.
Maybe the real threat is notgonna be how do you know that
the real threat you're gonnacatch and not the so that's when

(24:56):
I realized, like, the businessdynamics of how you demonstrate
value are even more importantthan what, you know, your vision
is for the value you'redelivering.
If you're not able to show valuequickly, then it doesn't matter
what's gonna be the end valuethat you think you're gonna
deliver.

I'm curious, Dean. Today, a large percentage
of the cybersecurity startupscomes out of Israel. But if you
look at YC, you mentioned thatat the time when you joined,
there weren't almost any,startups from from Israel. But
then even if you look at ittoday, there aren't all that
many proportionately to thenumber of startups coming out of

(25:34):
the country. Why is that?
Like, why is YC not asattractive for, Israeli
startups, especially for theIsraeli cybersecurity startups?
And, also, would you joinknowing what you know today, if
you were to build acybersecurity startup, would you
join YC, or would you not?

So I think the both answers are tied to each other
because we actually thought ofgoing through YC with Axonius,
but what ended up happening waswe didn't expect to get funding
quickly for Axonius. If youwant, I can ask me that
question. I'll answer why. Butwe thought it'd be really hard

(26:11):
to get funding, and we weresurprised that a fund that
specializes in giving the firstlarge check of funding to a team
with just an idea, no like,nothing else besides an idea,
They just gave us their funding,and then that sort of eliminated
our ability to go through YC fora bunch of reasons. Like, if you
already get a large seed roundcheck with nothing, then it's

(26:35):
sort of conflicting to gothrough YC for a bunch of
reasons.
So we didn't end up doing that.And I think Israel has become
so, like, such an expert. TheIsraeli ecosystem, I mean, has
become such an expert atidentifying and funding early
stage cybersecurity companiesthat there isn't that much of a

(26:57):
of an advantage of trying to go,you know, and apply for YC and
and, you know, work really hardat at getting into it for much
less money and, you know,obviously, much lower valuations
at that at that funding level.

You know, Dean, just to sort of finish up
on Symetria and the lessons thatcame out of that first rodeo, if
you will, you know, there are somany different angles to this,
and you as an individual havenow come out of it and built a
very successful company now. Soobviously, you've learned some
lessons and you've applied it.You know, the other angle that

(27:32):
Sid and I often chat about whenwe are two beers down is this
whole category of deception. Imean, Sid mentioned that it was
the number one category. I mean,there were six companies.
And I remember this verydistinctly. There was a
conversation I I was having withone of the I would put this
person in literally top 10 inthe world when it comes to
cybersecurity. I mean, this guyis off the charts smart. And he

(27:55):
said, if I have a gooddeception, I don't need any of
those security products. I mean,just think about it.
There is so much depth in thatthat if I have a good deception,
I know that the attacker is inmy SIM, my firewall, none of
those matter. Right? Mydestruction is the most
important thing. And still thatcategory kind of just didn't go
anywhere. So maybe that's aseparate conversation about why

(28:15):
can some categories take off andothers don't.
But to your journey, and you'venow successfully come out of
that symmetry journey, what aresome of your top lessons that
came out of that, quote,unquote, failure?

Yeah. That cybersecurity effectiveness and
the effectiveness of selling acybersecurity solution are a
Venn diagram with only partialoverlap. Right? And what that
means is there are veryeffective cybersecurity
solutions that are very hard tosell and make into a successful

(28:48):
product or successful business,and deception is one of those.
That's why the open sourceprojects have been around for
so, so long, and yet, you know,that hype cycle that we went
through sort of died out.
And now it's just a featuremaybe in some other products,
maybe not even a feature. Like,it's not nobody will will claim
that that's their competitiveadvantage today. And and by the

(29:09):
way, there's also the opposite.Right? There are, like, very
good products to sell forcybersecurity.
They are completely ineffectiveand don't do anything, and, I'm
not gonna mention any of them.But, like, obviously, there's
some major companies who haveadded, an endpoint protection
capability that if you knowanything about how to research

(29:30):
something, you realize, like,this is all bells and whistles
and doesn't protect fromanything, and yet it's billions
of dollars in revenue somehow.You see that? And that's like a
very that was, to me, as atechnical cofounder, like, the
most important lesson thatallowed me, I think, to become a
CEO and be successful is that,like, those are very separate

(29:53):
dimensions. What is a successfulbusiness sale of a product and
also what's an effectivecybersecurity product?
And the the magic happens whenthose two overlap, but they are
almost completely interdependentof each other.

You you talked a little bit about Symetria, and
we've kind of dived into whathappened with deception. Let's
now talk about Axonius and how aboring idea, you know, the the
area that that Axonius wastargeting was was considered if
if we were to say deception wasthe hardest thing, the the
vision the initial vision forAxonius at the time that you
were thinking about it wascertainly not in the bucket of,

(30:30):
you know, top you know, numberone category for Gartner at that
time. How did that boring ideabecome a unicorn? And, you know,
the idea for Axonius you sharedcame to you while you were still
at Cymmetryia, and you sawcompanies that were struggling
just to inventory their devices.You you famously called, you
know, Axonius the Toyota Camryof cybersecurity.

(30:52):
It was the pitch, you'llremember this, that you used to
win the 2019 RSA sandbox. It wasa you know, the Toyota Camry was
not flashy, but it was anessential car. Tell us about how
Axonius got started. How did youconvince two unit 8,200 friends
of Free and Avidor to come andjoin you in tackling this unsexy

(31:14):
asset management problem. Andwhat was that moment like when
you said, hey.
I'm gonna leave Cymmetria, andI'm gonna pursue Axonius.

Yeah. So everything started with us working with a
very, very large, you know,American company that we were,
you know, deploying oursolution, and then we discovered
something that we saw this IP intheir in their network that was
touching our our decoys, ourhoneypots. It was even starting

(31:42):
to deploy code on some of them.We look at the code. We see it's
a very well researched group by,you know, a lot of different
other vendors that wasattributed to the Chinese
government.
So as a cyber deception company,like, what's a better outcome
than finding a Chinese APT inthe in the network? Right? So I
go to the to the team there, andI tell them about it. And
they're like, okay. Great.

(32:03):
Like, you know, let's keepworking. And I'm like, what?
Why, you know, why is this yourreaction? I was expecting shock,
surprise, like, something. Andthey were like, listen.
We got tipped off that this washappening, and that's one of the
reasons why we start to look atdeception. So that's why we
brought you guys in and others.But the other thing is there's

(32:24):
not much we can do about it now.And I knew, like, the incident
response basics, right, is like,hey. Here's here's the infected
machine.
We have the IP address. We havethe host name. Let's go research
this. Right? Like, let's goinside that machine, see the
file activity, the processactivity, network, identity
activity, all that kind ofstuff.
And then we can map out thethread and and continue to do

(32:47):
internal response. Right? Butthey told us, like, we have no
idea who this machine is ownedby or or what's managing it. And
to me, that was a shock becauseI had naively assumed that an
organization of that scale, oneof the best funded security
programs in the world, right,like billions of of dollars,
they had no idea, like, what wasreally going on in their

(33:09):
environment. And we spent manyhours just trying to go through
all their different controls,going through the SIM, going
through the NOC, just, like,trying to identify what this
endpoint that was infected was,and we never did.
And to me, like, my mind gotreally obsessed about that
problem because it was so hardfor us to sell deception because

(33:31):
everybody was like, look. Youknow, I'm not gonna buy
deception if I don't haveendpoint. I'm not gonna buy
deception if I don't have emailsecurity. I'm not gonna buy
deception if I don't have afirewall. Right?
They're like, you know, this is,like, the last of the line. And
then I realized, like, thesepeople don't even know what they
have. Like, this is the thingyou solve before anything. So I

(33:51):
started to to ask so many peoplelike, hey. Like, if I'd asked
you today to tell me how manyWindows devices do you have,
what would you do?
And the more I asked, the morepeople were they were asked.
They're like, look. I'll giveyou some range, but, like, I
have no way of really knowingthe exact number. And I started
to realize that this problem washappening because the IT

(34:15):
environment started to becomevery fragmented in terms of
number of controls and number ofenvironments. Right?
Like, if you go far enough intothe past, computing environments
were very homogenous. It waslike one operating system, one
device, one network, onemanagement tool. But the more
time has passed since then, themore products, the more

(34:37):
controls, the more networks, themore access points their
organizations have. And then youend up with these, like, a lot
of different pieces to thepuzzle that nobody knows how to
put them together. And everybodywas still trying to solve this
in one of the legacy ways of,you know, what people would call

(34:58):
asset discovery or networkdiscovery, right, which would be
either to scan the network orlook at network traffic, or they
would assume that they couldjust deploy one agent on
everything, and that will betheir solution.
And we knew from working withevery every team that we worked
with, that never works. Like,nobody got their, you know, one

(35:18):
agent on everything. That'sthat's impossible. And nobody
really understood what washappening in their network just
from looking at network traffic.So that's what led us to
realize, hey.
First of all, there's thisproblem here that impacts
everything. Right? Like,everything starts from
understanding your assets,whether it's moving to the cloud
or patch management or instantresponse or even m and a. Right?

(35:41):
Like, all these things startfrom understanding your
environment.
And the second thing is thatsort of everybody gave up on
thinking that there's a betterthing. Right? When I would talk
to people, they're like, yeah.You know, it is what it is. And
there were just so manycompanies that promised that
they could solve this with theirnetwork or agent based

(36:03):
technology that everybody wasjust cynical and just accepted
that it's never gonna be great.
And that's the opportunity thatwe saw. And when I went to my
two cofounders of Free andAvador to talk about this, they
had no idea what I was talkingabout. Like, because they they
didn't really they were still inthe army when I approached them.
They were both about to finishtheir service and thinking about

(36:25):
what to do in the private sectorand their, like, you know,
career post army. And I was justlike, look, guys.
This idea, I really believe init. It's, like, very
fundamental. Every team suffersfrom it. And here's this new
technological approach that cansolve it, and we're the only I
think we're the best team in theworld to try and solve it using
this new technology. And theydidn't really get what I was

(36:47):
talking about, but what had soldthem was, first, we had gone
through everything you canimagine together.
We probably know each otherbetter than our spouses and for
better or worse. But the secondthing, told them, listen. To me,
I'd already failed in myprevious company. It did end up
getting acquired, but not for agreat outcome. I have no public

(37:08):
sector experience.
Like, if I fail this time as anentrepreneur, that's it for me.
Like, who's gonna bet on me athird time? So I'm all in. I'm
committed. And I actually toldthem I already told my
cofounder, Agadi, and so muchI'm I'm leaving.
I'm all in. And I think thatshow of commitment to them was

(37:29):
what convinced them because theydidn't get the idea, at that
point, right, because theyhadn't really seen it enough.
And I think this is my lastpoint, because it's a long
answer already. But companies inthe world of cybersecurity and I
think also in enterprisesoftware in general go through
their go to market success inthree different really different

(37:51):
ways depending on what's theproblem they solve. The first
one is if you're going after anexisting budget line, an
existing category, and you'rejust doing it with a new
technology.
This is the classic next gensomething. Right? Next gen
firewall, next next gen endpointprotection. And there, your
buyer is very mature. They knowexactly what they're looking

(38:12):
for.
They have usually an RFP that's,like, a thousand different
items. And every POC, every dealis competitive because there's
obviously an the incumbentsalready. So the way to win there
is very similar to sports.Right? You don't need to win by
a mile.
You just need to have one morepoint once somebody blows the

(38:34):
whistle. So it's super, like,narrow, and most of the time,
the companies are successfulthere. And you can look at all
the next gen something. They'rea very sales focused, like,
organization. They're really,really great at sales,
understanding how they're gonnawin a deal.
They still have to do otherstuff really well, right, like
product and marketing,everything. But if your

(38:55):
superpower is sales, you'regonna win that kind of motion,
like, very effectively.Mancalito and CrowdStrike are,
like, the best examples of that,I think. The second category is
when there's somethingcompletely new and nobody knows
what to do there. Right?
So cloud security or now AIsecurity or, you know, mobile or

(39:15):
whatever. There's, like, thiswhole new area of technology,
and people have no idea what todo about it. So what they do is
they flock to the biggest brandor, like, the most attractive
brands. Right? So for example,in in cloud security, like, most
people, for the first CSPM theybought, they had no idea what to

(39:36):
evaluate in a CSPM.
Right? What would they do? Theywould go to their colleagues.
They would go to their partners.They would go to the people they
respect.
They're like, what's the bestout there in cloud security? And
they would, you know, pick on athree and then just, like, POC
it. Right? And there, thecompanies who are most
successful are the ones who areable to create the most, like,

(39:56):
biggest and most attractivebrand and not necessarily, like,
from a big company standpoint,but more from an innovation
standpoint. And, obviously, Wizdid, like, a, you know,
historically successful story indoing that.
But then there's the third kindof motion, which I think is
ours, and I have one very goodother example of, is that when

(40:20):
it's not a new area, and it'salso not a next gen existing
thing. It's sort of when a bunchof different problems sort of
shift around, and they becomesomething else gradually. Like
and nobody noticed. Right? Like,nobody came out and said, like,
hey.
It's the age of, you know, cyberdeception or whatever. It's

(40:41):
just, like, slowly thingsdrifted along. And then when you
talk to the practitioners, youask them, hey. Is this painful
for you? They'll say, like, oh,man.
It's one of the most painfulthings I've ever done. But then
you'll ask them, well, how manyproducts say they solve this?
And they'll say, oh, I can giveyou a 100, but none of them
really do. And that was thejourney that we went in. And

(41:02):
that sort of category creation,you have to really name the
problem in its new way, in itspresent way that it is.
And the best analogy I give forthat that's similar to ours, and
that's what we did with cyberasset management. Right? Like,
we create that category. Wenamed it that way. Gartner
embraced enforcing, and it wasand became Chasm.

(41:23):
And then we actually calledChasm dead, and, you know, we
can get into all of that. Butanother great analogy is what I
think Datadog did withobservability. Right? I remember
when we started, I'd start tohear about Datadog. I'm like,
what is this thing?
And I'm like, is this adebugging tool? Is this like a
application performance? Is thislike a log management? And it

(41:45):
was none and all at the sametime. I was like, what what does
all this mean?
But then you realize once theycalled observability, you're
like, ah, now I get it. It'slike all these different past
solutions now have to worktogether to solve the present
problem. And that's what we sawwhen we created Cyber Asset

(42:07):
Management.

Dean, Axonius has raised nearly 600,000,000 and
hit a 2,600,000,000.0 valuation,surpassing, 100,000,000 in ARR
in just four and a half years.As a first time CEO, how did you
manage challenges of such arapid, fast growth? And also,
what key principles helped youmaintain the company's culture

(42:29):
as it scaled and grew andexecute as it went from a small
start up to such a big globalunicorn?

Yeah. So the first thing I will tell anybody to
explain what a high growthorganization or team is is that
there is always somethingbroken. Like, always. There is
not a single moment in timewhere everything's working
correctly because you're justtrying to meet the pace of
growth with your own executionand your own buildup. There is

(42:57):
never enough time to thinkahead.
You're almost always justreacting. So every every
morning, you start by seeing abunch of stuff that are feel
like a crisis, but then yourealize, oh, that's just like
every day. That's what it feelslike. And you sort of have to
embrace that and understand thatin order to to be able to manage
it and just try and internalizethat the way you respond to

(43:22):
those challenges is way moreimportant than preventing them
in the first place. Right?
And it it becomes like anorganizational muscle. Do your
people, you know, break down andcry when there's a huge mistake
or huge fail that happens, or doyou use that opportunity to say,
like, okay. Here's the learningthat we can have from that to

(43:43):
avoid that in the future. Right?It's like the Shaquille O'Neal,
like, I either win or I learn,which I've said many times in in
the most embarrassing placeswhere I I've lost and outside of
business as well.
So it's easy to say, but it'sincredibly hard to implement in
in an organization. And the wayto do that is you have to lead

(44:04):
by example. At least that'sthat's how I've seen that it
works for for me and for us.I'll give you some examples.
First of all, if I make amistake or if I'm wrong, I try
to be extremely vocal about thatinternally instead of hiding it,
right, or instead of avoidingit.
Because the more as a as a CEOor as a cofounder, I talk about

(44:26):
the mistakes I do, that givespeople the the mandate and the
safety to talk about when theymake a mistake or when they had
a failure. And if you don't talkabout those things, you'll never
be able to get to the point oflearning from them. The second
thing is is to prioritize speedto value rather than minimizing

(44:47):
mistakes. Right? And that's alsoanother like, it sounds like it
makes sense, but day to dayexecution to really show the
examples of that is really hard.
So, for example, keep saying theenemy of perfect is the enemy of
great. Right? You know, at somepoint, you just gotta, like,
okay. Just ship it. Like, youknow, stop spending more time on

(45:09):
this.
Sometimes speed and iteration isway, way more important than
just getting things perfect oralright, and that applies to
almost everything that you canthink of. Even I remember in the
beginning, we something thatreally, really worked well for
us is to really define what is aproof of concept, what is a

(45:30):
proof of value of our solution.And we sort of really forced
ourselves to say what's theminimum amount of things that we
need to show to make somebodybuy because everything on top of
that is just wasting time. Itmight be, you know, nice for the
customer to see or maybe even wemight get a bigger price, but

(45:51):
that's not important becausewe're they're gonna get those
value. They're gonna get thosefeatures after they become a
customer, and we're gonna stillhave that opportunity.
But we wanna minimize the amountof time that we're being tested
to a minimum. And you reallygotta hit those, like, core wow
moments, those activationmoments very clearly and as fast

(46:13):
as possible. Because if you'regonna try and maximize the
amount of value you show, it'sjust gonna turn into an endless,
you know, science project. So Ithink being able to lead by
example, by doing those things,that's what makes an
organization be able toconsistently be a high growth
organization.

And, Dean, just to build up on your notions
of speed, speed to value, youknow, we're now looking at this
AI wave that is upon us. Youknow, there is obviously a lot
of hype. That is a reality.Customers are reacting in
different ways. So we'd love tohear Axonia's plans to use AI.

(46:52):
And secondly, what are youhearing from the market? What
are you seeing from thecustomer's vantage point?

Yeah. So first of all, from, like I told you, I
feel like, AI was my passionuntil I got into cyber. And now
when I'm in cyber, the world hasrediscovered, like, what AI is
capable of, and I feel I feelFOMO for the first time in my
life. I'm like, wow. I I wish Iwas I was part of this.
But then, you know, I realizedthat there's so much that we can

(47:18):
do as part of this revolution.It is a revolution of what
technology is enabling us to do.The first is how to secure the
use of AI. Right? So in ourplatform, we don't only discover
devices.
We discover everything in in theenvironment, identities,
vulnerabilities, but mostimportantly, like, as well, both

(47:39):
installed on devices but alsoSaaS applications. And then we
realized that people need tokeep track of which AI apps
they're using and what's goinginto those AI apps. Right? And
we start to see that ourcustomers were using our SaaS
application discovery in thenarrow goal of let's see which

(48:00):
LLMs people are using, whichother type of GenAI tools we
don't know about, and is ourcorporate data going into those
things. Right?
So that's a use case today thatwe we provide to our customers.
And the second is how do weutilize AI to make our platform
more effective. And this year,we launched a new product in our

(48:21):
platform around identities wherewe don't only just discover all
the identities organizationshas, human, nonhuman, you know,
service accounts versus, youknow, regular workforce and and
all those. But we've alsorealized that it's very, very
hard problem to get the accessof identities correct. And in

(48:42):
the age of AI, that problem isgonna get, like, exponentially
much harder with AgenTeq AI, anda lot of the mentality around
access management today is gonnajust get destroyed by the way
people want to use AI agentsbecause there's so many best

(49:02):
practices today that are aroundmanual granting of of access
that are just not gonna berelevant for the future anymore.
And what we're trying to do withour identities product is to
help organizations, first ofall, take all of the manual
aspects of that and be able toautomate that or at least be
able to make that as automatedas possible. But also, secondly,

(49:25):
use AI to try and and leveragethe understanding of your
organization to do access andentitlements and all of that and
the right and permissioning inin a leverage way. Right? So
have the AI offer what is theright access, what are the right
access changes, how to managethat. So we've seen some amazing

(49:48):
outcomes by using thattechnology to do that for
organizations.
I mean, I think we're justscratching the surface. Right?
This is just the start of whatwe can we can do with with AI
for that.

As we get towards the, you know, the last part of
our conversation, Dean, we wouldlove to chat a little bit about
m and a strategy, and you're ina very unique spot in that
you're a private company founderand CEO. And I remember when you
and I'd envisioned thisconversation, you said, hey.
This is one of the uniqueopportunities, Sid, where I can
be super direct. And youactually had told me that we

(50:21):
have an acquisition. It hasn'tyet been announced, Sid, but I
would love to come on the showand talk a little bit about the
thinking and strategy behind it.
So let's talk a little bit aboutthe Cynerio acquisition and even
beyond that as you think aboutstrategy. And maybe let just
let's set the stage before we gointo all this. Axonius just made
its first ever acquisition.Yeah. It bought Scenario, a

(50:44):
health care IoT securitycompany.
It was labeled as an all Israelideal. Some of the newspapers and
you know that newspapers inIsrael are pretty, you know,
direct with with random numbers,but we've heard it was somewhere
around $200,000,000. What wasthe strategic reasoning behind
the move, and why did you pickgoing into health care? And why

(51:06):
was Scenario the player that youchose to enter that new kind of
subsegment in health caresecurity, new sub segment? Yeah.

Excellent question. So let me start on unpacking the
the layers here. So first ofall, the reason that I wanted to
talk about this was one of thethings that I've realized as my,
you know, job grew in scale isthat most of what I do today and
the most of the value that Icreate is decisions. Like, I

(51:36):
would not you know, if I'd goout and and sell our product or
if I go and and write code, I'dcreate value, but the leverage
the highest leverage that I haveis over decisions. And what that
means is the better decisions Ican make, the more value I
create in my job.
And the only way to make betterdecisions is to learn. So I
spend a lot of my time learning.I, obviously, am a huge fan of

(51:58):
of your show, and I read a lotof your content outside the
show. And I listen to earningscalls, I really try to
understand what companies do.And one of the things that I
never really found a greatsource of information around is
how companies approachacquisitions.
Like, it was this thing that,like, never anybody really
talked about deeply, and Iwanted to share how we got to

(52:22):
find our strategy around that,especially as we did our first
one, I mean, just just announcedit. So when we started to think
about acquisitions for the firsttime, it was actually very early
on. It was you know, maybe wewere two years in or three years
in, and we started the companyin 2017. So way back when when

(52:43):
the world was a a much rosierplace, there was no pandemics or
or, you know, huge economiccrises or wars going on
everywhere. And things were,like, very optimistic.
And, obviously, 2021 was, like,a huge peak of of hype and
valuations. And we were startingto think about, you know, how do

(53:03):
we expand from our first productoffering? And like I said, you
know and by the way, I haven'teven said what we do until now
in in detail. What we discoveredwas that the best way to see
everything in an organizationwas to connect to all their
existing products. Right?
So what we did was we built alot of integrations. Today, we
have over 1,300 of of thosecalled adapters that you

(53:26):
basically just give an API oruser credential access to any of
your existing tools. It could becloud tools, endpoint tools,
identity, network, whatever. Andthen we do the work of putting
the puzzle together. We take allthe different pieces, and we
know how to put them together.
We show you everything you have,and that started from devices.
But very quickly, people startto tell us, you should do this

(53:47):
for other things as well, likeshow me all of my identities.
And then the one thing thatpeople start to tell us is
around SaaS applications. Showme all the SaaS applications I
have. I have no idea what wehave.
So we said, okay. Interesting.There are these other smaller
startups who that's what theydo. Maybe we should think about
an acquisition. So I started totalk to all of these companies

(54:09):
and their CEOs and founders, andI started to, like and this is
me, like, starting to grow intounderstanding acquisition.
I'm sure I was I seemed likesuch a noob to some some people
I talked to about that. And Iwas like, hey. What would you
think if somebody offered to buyyour company? And they would,
like, give me the random, oh,we're we're not for sale. Like,

(54:30):
we're gonna be a unicorn, and,you know, thanks for for asking.
And then I sorta started tolearn a little bit and got more
advice from other people. And Iwould just start to ask people
like, hey. What would be a greatoutcome for you guys? Like,
yeah, obviously, you wanna be aunicorn or whatever, but, like,
most companies get acquired.What would be a great outcome
for you?
And I'd still hear, like, atthat time in 2021. Right? Like,

(54:53):
I remember there was this onecompany who did end up getting
acquired, by the way, afterwardsby, like, one of the large cyber
vendors for, like, a few$100,000,000. But I talked to
them when they had, like, theirfirst few customers. Like,
literally, they were juststarting to generate revenue,
and they had raised $5,000,000.
And I asked them, what would bea good outcome for you guys? And
he said, yeah. Like, 250,000,000at least. I wouldn't consider

(55:15):
anything below. I'm like, dude,like, you raised $5,000,000.
You just started to getcustomers. Like, what is that?
And I think back then, I was toonaive that people would be
honest, and it was just like youknow, they would just, like, say
their dream and not, like, whatthey realistically would wanna
do. But I got a littledisillusioned, and it was also
the times of the day. So Iactually decided to do something

(55:38):
else.
I said, hey. Instead of buying acompany, why don't I buy the
product market fit? And what Irealized was the reason why it's
so hard to build a new productwas not because you need another
company. It's because you it'shard to do product market fit.
Right?
So I was like, let's do thisexperiment. And we actually call
this Axonius X, and it's a teamin our company. We just hired

(56:03):
three founders who are gonnastart another company, and I
told them, hey, guys. We'regonna give you, like, the same
risk equation of, like, a greatoutcome. If you do a great job,
like, you're gonna have an anamazing, like, outcome for
yourselves, But you don't haveto deal with fundraising.
You don't have to deal withlegal. You don't have to deal
with, you know, you know, HR andall that kind of stuff. And

(56:24):
you're gonna have access to alot of customers. Just go out
and get the product market fitand just do that. And that's how
we built our SaaS managementproduct.
We hired those three founderswho had all gone had, you know,
exits before successful exitsbefore. We had made them a team
within our company and made themgo after product market fit. But
that's how we started to look atacquisitions. And then we start

(56:46):
to realize when does anacquisition make sense. It's not
when you can build it yourselfbetter, or it's not when you
just have money or equity do youwanna throw around.
It's only when you wanna move ina certain market direction and
product direction that if youtry and do it yourself, you're
never gonna catch up, or you'reyou're gonna miss a very

(57:11):
important point in time in themarket. Right? And from the day
we started, customers alwaystold us, hey. You should go
after understanding non ITdevices better. And today, we
discover all of them.
Right? Like, we discover everyIoT, OT thing in your
environment. We actuallysometimes discover them better

(57:32):
than the products that arefocused on that because all the
products in that market arearound network traffic. Right?
See the network traffic,understand what is the OT, IoT
device because those thingsusually don't send stuff in an
encrypted way.
They send, you know, everythingplain text over the wire. And
that's the best way to identifythose things. But sometimes we
would even discover stuff thatthey wouldn't because it's very,

(57:55):
very hard to get networkcoverage over everything unless
you have what we have, which isconnecting to all the different
data sources and thendiscovering what are the network
areas that have activity. Right?So we would see these things,
but then we wouldn't be able toget deeper into them because
they're very verticalized.

(58:17):
Right? Like, medical devices arevery different than, you know,
factory robots, and they arevery different than point of
sale systems. And the more weexpanded our platform, the more
customers would tell us, hey. Wejust wanna be able to do
everything in your platform, andeverything's a lot of things.
Right?
But that's sort of what led usto realize in the world of non

(58:39):
IT, there are all these teamswho have this very deep industry
knowledge over something that itwould take us so much time to
learn or so much time to getinto value from. We're just
missing on the marketopportunity that's worth it to
make an acquisition becauseacquisitions are very hard.
Right? Like, they you spend alot of time until you find who

(59:01):
who's the right fit from a dealperspective, and then you also
have to find the right fit froma culture perspective. Right?
Are these people gonna work wellwith you the day after? Do they
really wanna be employees inyour organization? Do they
really share the vision ofwhat's gonna happen in the
future? And that's why so manyacquisitions fail. Right?

(59:22):
And you can even see in theworld of, like, cyber physical
systems, there was the initialwave of acquisitions that most
of them failed, and none ofthose products are the leaders
in the market right now. Theleaders in the market are the
ones who are start ups backthen. And when we looked at that
field, the one that by far wasthe most interesting was the

(59:45):
medical or health care side ofthings. It had the the biggest,
you know, revenue potential. Ithad the most important technical
expertise.
It was the most different fromIT that you can get. And we
realized that the team ofScenario, we knew those guys
from 80 to 100, obviously.Right? And we saw, like, an
amazing cultural fit. We saw anamazing product and strategy

(01:00:09):
fit, and that's what made itreally make sense for us to go
after.
And that was after a process ofmany different categories that
we expected to make acquisitionsin. And by the way, I think we
gave offers to about fourcompanies before we made this
acquisition. And and thoseoffers, by the way, were in
other categories and otherthings that we thought of

(01:00:31):
acquiring in the past, and wejust never got to an agreement
with those companies. And by theway, some of them had bad
outcomes. Like, some of themhave closed by now.
Some of them, I think, wouldhave wished that they would have
taken it, and there were somethat ended up getting a great
outcome. So it's

Sid Trivedi (01:00:48):
Sounds like buying a house in Silicon Valley.
That's what it sounds like.

Dean Sysman (01:00:51):
Yeah. Yeah. For sure.

Ross Haleliuk (01:00:53):
Take us behind the scenes of the of the of the
Cynerio acquisition. How did thedeal come together? What were
some of the biggest challengesin pulling it off? I'm going to
assume that this time around,you probably weren't going
around and asking founders howmuch money they would like to be
to be happy. So you have learnedsomething.
Talk to us towards that. AndYeah. Also towards what you've

(01:01:14):
learned so far about executing mand a while still running a high
growth company.

Yeah. So I'm a very direct person, just my nature.
And I also think that in manyways, it's, like, much more
valuable to to do thingssometimes that way. And, you
know, even my wife, on oursecond date, I asked her how
many kids do you want us tohave? And my wife was as direct
as me.
That's what like, it was love atfirst sight. We, like, talked

(01:01:41):
about our entire future lifewithin, you know, the first few
hours of meeting each other. Imean, that was, like, amazing.
But if, you know, you go on adate with someone, you tell
them, hey. You know, when are wegetting married on the first
date?
It's probably not gonna work.And that's what I had to learn
about m and a and acquisitions.Neither party wants to seem too

(01:02:03):
interested because it's gonnahurt them in, you know, whatever
potential conversation I'm gonnahave later on. So it's sort of
like this, like, inching towardseach other. You sort of start to
have to find these ways ofinching towards each other.
And, you know, for those out inthe audience who don't know what
corp dev is, if you talk tosomebody who has a corp dev

(01:02:25):
title, their job is to eitheracquire you or to get enough
information about you so theycan compete with you. Those are
the only two reasons why a corpdev person's gonna talk to you.
So you better know which one itis because, otherwise, you're
you're at risk of of reallyhurting yourself. And they will
never tell you that, by the way.They will never tell you my
entire job is to either spy onyou or acquire you.

(01:02:48):
They'll tell you, look. I'm intomaking strategic partnerships
and, you know, these, like,strategic initiatives. They say
the word strategy a lot, whichand once you know what that
means, then you're fine withpeople saying it. But I remember
I got very confused about thesethings in the beginning. Like,
what's the difference?
There's, like, another guy whoruns partnerships. What's what's

(01:03:08):
the difference between astrategic partnership and a
regular partnership? Like, wouldyou tell those people they're
not strategic? Like so it's it'ssort of like just the game.
Right?
We talked about the game. Thereare the rules to the game you
have to understand. So when westart to think about acquiring
something in this domain, yousort of just try and start to
inch towards other companies.You would get an introduction

(01:03:32):
either from them or or for you,or you'd end up having a deal
together. Right?
Like, we have we have joinedcustomers with almost every
vendor in the cybersecurityworld because of the way our
product works. So we alreadyknow, like, about a lot of
products, how well they'reworking, what kind of customers
are using them. So we sort ofhave a we have a cheat code

(01:03:54):
around corporate developmentbecause we know all those
things. We can see when productsbecome really popular or not. We
can see which products aredeclining.
So you start to talk to othercompanies, and you start to give
them a reason to inch towardsyou. Right? I mean, you start to
say, like, hey. You know, thethe enemy of my enemy is my

(01:04:14):
friend. Right?
Like, I would say, like, hey.We're both competing against
this. Like, let's let's start towork together more. But I think
the real important part is youhave to know when to flip the
script. Right?
Like, you have to know, okay.We've been dating long enough.
Do you wanna get a court? Like,let's let's talk about that.
Let's put that on the table.
And knowing when to do that andknowing how to do that, I think,

(01:04:37):
is what ends up making makingthat strategy successful versus
unsuccessful. But I'm alsospeaking from a very small
amount of experience. Right?Like, I'll be very interested to
hear what I said on here in adecade from now when I'm much
smarter about m and a andacquisitions and co dev because
it's incredibly hard to getright. The vast majority of them

(01:05:01):
don't end up being successful.
And, you know, we talked aboutTumor and SentinelOne. You know,
the the best outcome thathappened from the cyber
deception space was Ativo thatgot acquired by SentinelOne for,
like, a half billion. At leastthat was a report number, half
$1,000,000,000. And, Sid, I evenremember I was talking to you
about Ativo right when I left,you know, Metro. I was like,

(01:05:23):
what?
You know? Because you were aninvestor. I'm like, what do you
think is gonna be the outcomehere? It's gonna you know, this
doesn't work as a category. But,you know, evidently, you did
well.
But, look, Sentinel One acquiredthem, and they sunset that
product recently, I think in thelast few months even. So, you
know, I don't know how theywould say that it went for them,

(01:05:43):
but it doesn't seem like itended the way they perceived it
would. And those outnumber thesuccessful ones by a lot. But
when you see the successfulones, man, they're like game
changers. So let's take theother example of, like,
CrowdStrike with Humio, which iswhat made their, you know, SOC
and and Synprox immenselysuccessful.

(01:06:04):
I remember when I heard aboutthat acquisition, I was like,
man, SOC is is alreadyoversaturated. How does that
make any sense? But, obviously,like, from a platform
perspective, it worked reallywell, And it matched the market
trend of the of the unbundlingof of SIEM or, like, the
rebundling of SIEM, let's callit, from being the things that

(01:06:25):
stuff bundled into to being thething that bundles into other
stuff. So it's reallyinteresting in retrospect what
worked and what didn't.

Mahendra Ramsinghani (01:06:34):
And, Dean, recently, Axonius has announced
a $200,000,000 round in part tokind of build up on
acquisitions. So, you know, thisstrategy of growth by
acquisitions is something thatthat could look very interesting
in this next phase of journey.Look. I met you a decade ago.
You were a very technicallysavvy nerd, and here we are ten

(01:06:58):
years later.
It's my good fortune to see youblossom into this wonderful CEO
building a global company. So Icould bet that your next ten
years could be very interesting.Give us an insight into how this
200,000,000,000 could bedeployed. Can Sid and I send you
all our portfolio companies toget acquired? Or what are you
looking for?

Yeah. So when you start a company, you have to
choose between, like, sort ofthree outcomes. Right? The first
is it could be a lifestylebusiness, or it could just be
profitable and you run it. Assoon as you take any any money
from investors, that directionis closed off because no
investor is gonna want you torun a lifestyle business if they

(01:07:38):
invest in you.
So the other two outcomes isyou're either gonna get acquired
or you're gonna become anindependent large scale company.
Those are the only two outcomesthat investors would would be
happy with if you take theirmoney and they invest in you.
And those two outcomes areactually very different. Right?
Like, if you know you're if youhad a crystal ball and you knew

(01:07:59):
you would get acquired versusbecoming a public company and
and, you know, very long tenuredindependent company, you would
make very different decisionseven maybe from a very early
stage.
Right? There's so many factorsthat play into this. Right?
Like, do you really wanna hypeyourself up as the most
technically sound product in onevery narrow area that's more

(01:08:22):
acquisition target, Or are youreally thinking about becoming a
platform having multiproduct andoffering a lot of different
value to your your users? Andthat's more of a, like,
independent public companymentality.
But it's also a lot in, like,your everyday decisions. Right?
Like, think about legal. Right?In every single deal that you

(01:08:42):
close as a vendor, you have thisrisk equation of how much time
do you spend reducing the riskin the legal and financial
contract that you have with thecustomer.
And I could tell you the thespectrum there is, like, very
wide. Right? Like, for a companythat wants to be public, there
are things that are veryimportant. You might even lose
some business because you'regonna say, I'm not gonna take on

(01:09:04):
these terms. But if you're justlooking to get acquired, like,
take any any deal you can getand just, like, get the growth
up, get the error up.
Like, who cares? That risk issomebody else's at some point
down the line. So thosedecisions make a very big
difference as to what kind ofpath you're gonna get into. And
the most important, if you wannaget acquired, then realize that.

(01:09:27):
And there are two very, veryimportant things that I think
most people don't understandabout what it means to get
acquired or what makes youattractive to get acquired.
The first is don't maximize yourvaluation. Right? Like, I've
seen so many companies andfounders that, like, think the
higher evaluation, the moresuccessful you are, and that, in

(01:09:51):
most cases, is absolutely wrong.It's actually most of the time
the opposite. Like, obviously,you don't wanna dilute yourself
for no reason, but also thehigher valuation, the less
likely it's gonna make for youto get acquired.
And it makes it very, very hardif your valuation's, like,
really high and and bloated andall that. So if you wanna get

(01:10:12):
acquired, don't maximize yourvaluation. Keep it realistic.
Keep it fair. Keep it good.
Right? Like, don't, you know,don't work against yourself from
a dilution perspective, but,also, it's a vanity metric that
can hurt you. The second thingis that companies don't acquire
companies. They acquire abusiness need. Right?

(01:10:35):
And when when a company acquiressomething, it's because that's
their only way that they thinkthey can achieve a high priority
need. Right? So nobody willacquire a business just because
it's good. Well, maybe PE, youknow, private equity does. But
by the way, this is anotherthing that I learned that I'll
share with the audience whodoesn't.

(01:10:57):
Private equity is nothing to beashamed of, but they will always
look at you under a financialperspective. Right? At the end
of the day, that's what aprivate equity fund is. They're
trying to find numbers that makesomething a good acquisition.
And what that means is they theyreally don't understand or will

(01:11:17):
pay for the potential of yourbusiness.
They will pay for what it is atthat point in time. So nobody
wants to maximize on beingacquired for private equity.
Everybody wants to be maximizedfor being acquired by by what
corp dev people will callstrategics. Right? Again, the
the use of that word that has athousand meanings that nobody

(01:11:38):
really knows until they know.
So strategics or or, you know,are the vendors. Right? They're
like the Microsoft, the Cisco,the CrowdStrike. And sponsors,
which I don't know why peopleuse that word, but that's the
word, that's private equity. Soeverybody's like, how to get a
strategic versus a sponsor isbasically code words for you

(01:11:59):
want, you know, Palo Alto to payfor you because they're gonna
pay a lot more than what TomoPeralta was gonna do.
Right? So if you wanna do that,what you have to think of is
what is the most importantpriority for that strategic.
Right? And you can see thebiggest deal, the biggest
acquisition deals, or, like, themost lucrative ones, that was a

(01:12:19):
strategic buying something thatthey had to show the world they
are not they are not behind intheir strategy. Right?
Google and cloud security, PaloAlto and identity. Right? You
can keep going down the list.Like, if a large strategic
acquirer wants to show theworld, hey. I am not gonna be

(01:12:41):
behind on something, that'swhere they put a lot of money in
acquisition.
So that's my advice on that.

Dean, as we sort of come to the end of
our program, what does thecrystal ball look like? You
know, we look at thegeopolitical challenges,
regulatory and financialchallenges. When you look at the
future of cybersecurity, everycompany is trying to be the
platform, wondering to rule themall. You know, tell us what do
you see in your crystal ball forthe next few years.

So I'm I'm real really curious to see what's
gonna be the rebalancing ofprivate to public cyber
companies and how that will alsoimpact organizations' ability to
to secure themselves. Because Ithink, you know, when I talk to
customers today, they tell methere is a very clear line as to

(01:13:31):
what tools are valuable for me,what platform are used between,
like, the platforms that arestrategic to me, and I'm gonna
move as much investment as I canto them and buy more products.
And if you don't make that line,you're just a point product,
then I'm gonna look to to sunsetat some point. And the reason,

(01:13:51):
by the way, is not because offunding because it's cheaper or
more expensive. It's because ofmanpower.
It's because you can train yourperson that knows the
CrowdStrike endpoint to also usethe four other CrowdStrike
modules, but you can train thatperson to know how to
effectively use five differentproducts from five different
companies. And I think that theway we're gonna see how the IPO

(01:14:16):
market, you know, receivesNetskope and and where the
multiples go there and and I'msaying that's because that's at
the current time of thisrecording, the next big, you
know, cyber IPO that's about tohappen. But we're gonna there's
a big backlog of othercompanies, including us that are
pre IPO companies, that aretaking this platform approach

(01:14:37):
and are becoming strategicalvendors for these customers. And
I wonder how that's gonna playinto, you know, best of breed
versus platform that people areusing. One of the things that
we've seen as very successfulfor us with customers is we'd
love to be the place where youget all the advantages of a
platform.
Right? It's like people can betrained on having a lot of

(01:14:58):
different capabilities andfeatures all within the same
platform. But because of ourintegration approach, we allow
you to use the point productsyou already have and not need to
replace or maybe even understandwhich are duplicative and reduce
that number. So I think that'sthe biggest aspect of how things
are gonna change for securityteams and security companies

(01:15:19):
over the next few years.

Dean, thank you so much for joining us. Thank you
for being a regular listenerfrom the early days, and thanks
for coming on and sharing yourvision and and perspective and
kind of learnings, both positiveand negative, with our
listeners.

Yeah. It was a pleasure. And please keep doing
this podcast and having theseamazing people on. It's it's an
it's a wealth of knowledge, andI'm I'm just happy to continue
being a listener. And thank youfor having me today.

Thank you for joining us inside the network.

Ross Haleliuk (01:15:53):
If you like this episode, please leave us a
review and share it with others.

If you really, really liked it and you
have some for us, wrap it on abottle of Yamazaki and send it
to me first.

No. Don't do that. Mahendra gets too many gifts
already. Please reach out byemail or LinkedIn.

All Episodes

Episode Transcript

Popular Podcasts

Las Culturistas with Matt Rogers and Bowen Yang

Crime Junkie

The Brothers Ortiz

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Dean Sysman: Betting on a boring problem and scaling Axonius past $100M ARR

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Las Culturistas with Matt Rogers and Bowen Yang

Crime Junkie

The Brothers Ortiz

All Episodes

Dean Sysman: Betting on a boring problem and scaling Axonius past $100M ARR

Las Culturistas with Matt Rogers and Bowen Yang