A record label pivots to SaaS

I was a little intimidated about today’s guest because he’s in the security space. And I find that anything in the security space is hard to understand, harder to explain and wrapped in a mystery because the guests can’t tell me details.

But today’s guest is different. He doesn’t come from a security background.  I invited him here to talk about how he built his business despite that.

Darren Gallop is the co-founder of Securicy which specializes in building and leveraging information Security and Privacy Compliance in SME’s to drive growth and speed up sales cycles.

Darren Gallop

Darren Gallop

Securicy

Darren Gallop is the co-founder of Securicy which specializes in building and leveraging information Security and Privacy Compliance in SME’s to drive growth and speed up sales cycles.

roll-angle

Full Interview Transcript

Andrew: Hey there, freedom fighters. My name is Andrew Warner. I’m the founder of Mixergy, where I interview entrepreneurs about how they built their businesses. And, um, I was a little intimidated about today’s guest because he’s in the security space. And I find that anything to do with security is, is hard to understand, harder to explain and wrapped in a mystery because the guests often will tell me, I can’t explain that.

I can’t talk about that. Then I just got rid that he’s a musician and he actually has instruments all over, the, uh, office space where we’re talking today and that this idea for a security company, he came from the music business that he launched and. I wonder to find out about how he went from being a creator of music to a provider of security.

And then I also understood something else about you, Darren. I should introduce you. This is Darren Gallup. He is the founder of security that a lot of times now businesses are realizing that they are only as secure as their biggest provider, their biggest supplier. And if they partner up with someone who’s who’s.

Not taking care of security, not complying with other privacy issues. Then they’re going to screw up their privacy obligations to their own customers. And they’re not willing to do business with people who aren’t protecting themselves. And so that’s where security comes in. Right? You guys help businesses beef up their security so that they could do business with other businesses,

Darren: You got it.

Andrew: business, business, business businesses.

It’s all like, did you think you were going to be a business person when you’re, when you’re a kid?

Darren: No. I had no idea what I was going to be. I’d changed my, my perception or my thoughts of the future. Quite often as a kid, I always wanted to be a rock star, but I mean, that’s kind of like wanting to be in the NHL or the NBA. Like you, you dream that, but

Andrew: Did you think that you were going to be the one that you were going to be on stage though?

Darren: I dreamt about it. And then at some point in university, I was like, why the hell do I don’t like, why am I doing this? Like, why don’t I have enough confidence to believe that I could go out there and actually do something meaningful in the music industry? And like, will I always regret not having tried?

And that’s what made me quit university and go try to be a rock star.

Andrew: Wow. And what type of music were you playing?

Darren: Started off kinda like funk rock, I guess is where I, where I start, I started a band that I sang in and, uh, you know, we, we became like small town, like famous in your own town. So it got a little, like, you know, kind of felt like it was kind of a cool thing, but like, we were never making any money. We were always losing money.

It was always like really tough. Right. So,

Andrew: Then you started a

record label.

Darren: Yeah. So, you know, like I ended up playing in a bunch of bands. Yeah. And then I think somewhere like the third or fourth, one of realizing everyone got bigger than the last one. I think we ended up being like the last group I played with was like Atlantic Canadian, famous, like, you know, we won awards for like music awards and stuff, but like regional awards, like, you know, we weren’t like, we weren’t a household name.

Nobody knew who we were in the States. But it was like still, even at that level of success. Right. Which. Is is still really difficult financially. We were making money. It was our job, but it was really tough. And I think for me that I just got really tired of being on the road all the time. Like started to make a lot of sense.

Why, like a lot of rockstars don’t make it to their thirties and

Andrew: it’s a lot of being on the road, sleeping in bad situations, pushing your body to the limit. And at some point your body’s limit just shrinks and shrinks.

Darren: Yeah, and it creates a loneliness. And I think it, like, it becomes a place where drugs and alcohol are just in abundance and they become like in short term they can be comforting or fun. But I think like, I think like the lack of eating properly in the, in the overuse of alcohol and, and it’s just like combined, I think it’s a really tough spot, sir.

It takes a certain, a certain toughness, motional and mentally in a certain persistence, I think to

Andrew: What about this, Darren? That when you finally give it up, does it shatter your belief in yourself? And the reason I ask is because I had this company that did online greeting cards, we did well, but not, I wanted to be a billion dollar business. We did, we did millions. And when it, when we sold it and I moved on with less than I thought it shattered my belief that I was invincible.

And it, it, it was something that was in the back of my mind that I’m not invincible. And then the other thing was it took away that special magic that I thought that anything I could do business related would turn out great. And when I believed it to that degree, people could see it and they would come on board or get out of the way.

Did that happen to you when you said I’m not going to be a musician?

Darren: I think it happened to be like when my first band fails and then I just kind of get to kept getting back into it and finding, finding new opportunities. So I kind of, kind of like, I think I’m really good at talking myself off, like when I fail. Cause I think like for most people, success is just like, they just kept failing.

And learnings from it and they figured it out and then they, at some point don’t fail. So I just, you know, I, I, I put a lot of thought into that and like looking at other people’s stories and hearing like, you know, the overnight success, like the band, right. That the Dave Matthews band, like one minute you didn’t hear them next minute, they were huge.

It was like, well, there was also like years and years of dragging all their gear around your crappy van. losing a lot before they won. Right. And so. You know, I, I kept recreating myself in different positions, different playing different instruments, playing different groups. And then I think, like, I think I just got to a point where I realized that if I would S I would love to be super successful, but I wouldn’t want it to be being in a band.

Like, like, like I, I came to this realization where like, I have a friend who’s, who’s got a. He was really, he was in a band in Europe and it was, he was huge in Europe, but nobody knew him here. And I was like, damn, that’s a good gig. Like you get to like go out with your friends and your family, and you’re not like signing autographs or being like, you know, you don’t have like paparazzi chasing you around, like watching your kids get into your SUV and things like that.

Like I started looking at like, like thinking about how, like the intrusion that happens and, and if you do accomplish the ultimate. Like fame as a, as a, as an artist or as like a television star or something like that. So that really sort of pushed me more into wanting to you know, do something more behind the scenes.

I was always fascinated with the business of music. So being that, the only thing I knew after spending my entire twenties, it was like, okay, well, I’m going to do a record label. Um, that makes sense. It’s a business. I don’t have to go on the road all the time. I can get good night’s sleep and get on a more regular schedule and eat better and drink less and things like that.

So, Yeah.

Andrew: Hey, you know what? I always thought I liked the freedom of being up at whatever hour I want. I like the freedom of it’s my own company taking whatever money I want out of it. And then I started to. Fantasize about being more like my employees, where they knew exactly how much money was coming in month to month, they weren’t just taking some random amount that they needed or whatever, or holding it all back.

And they knew what hours they needed to be at work, what vacations. And I started to like the structure and structure does help with productivity. So then you create a record company. How does it do.

Darren: Horribly. it started off really well, like. We’re doing these showcase events. We signed three artists. They were all, they were all like new up and coming artists. Very talented. We, we got the EMI signed us. We the became a distributor. They invested in us, we raised capital and like, so it started off really optimistic.

But it just kind of unraveled like about three years in, we, it was right around w this was around 2007. When the markets were crashing in the industry music industry got hit really bad EMI, basically. Um, you know, over the period of about 18 months or 24 months when from a supporting record label to being, you know, Shut down and assets acquired by universal records.

And so like we lost, we, we actually, the, the business that we had built had leaned on the EMI infrastructure and the help they were providing us as well. And so, you know, that was a big hit. We weren’t, we were then like unable to raise capital anymore. So we sorta visions of raising capital again. So we weren’t able to do that.

And we had like, We, we, we certainly went through three releases. Hope one of them would be big enough. Like you hear these stories of small labels. Like if they could just get one good success, then they can like leverage the revenue from that success to build out their company and sort of build more sort of disperse success over a variety of of, of artists and, and.

We had, we had like a couple of good indie successes, but nothing that was big enough and, and record sales were tough. And then we had the EMI thing pulled out from underneath us. And, and then I, you know, I kind of saw the, her road ahead and, and, and had another idea and, and sort of wanted to try a take at something else.

And so that was my obsession with technology and the idea of building a SAS company. So

Andrew: What was the South company? What did it

Darren: it was called. It was called Mercado. We launched it in 2008 while I was still running the label as a sort of little bit of a side project. Um, initially the idea was it was going to be a tool to help artists and artists, managers, manager, their rosters, or managing their tours, their, their, their business band business activity.

And so we were sort of eating our own dog food, I guess, internally at the label because the label existed while Marcato existed. And we were basically building like the dream software. That would make that label run in that, that management activity of the label run smoothly. What we found I think was about 2010, about two years in, just as I was really starting to shut down the label and focus on the tech, we were struggling to find like, again, the thing, when you’re doing businesses, you want customers that have money.

Like, you know, it’s, it’s, it’s, it’s, it’s really hard to make. To take, to just charge a reasonable fee for a product or service when your user doesn’t really he’s really tight financially. Right? So, so bands, we, we, but what we identified was that music festivals needed a lot of the same logistics components.

And, and so, and we had a lot of relationships in music festivals. So we made a pivot in 2010 and in 2011, we started selling to music festivals and we focused initially on local festivals and Northeastern Canada. Um, and then by 2014, 2015, we were doing Bonnaroo and Coachella and outside lands and all these big, like American festivals and festivals all over the world.

So, so that’s sort of the direction we went as we sort of, you know, the, the, the thing we knew was touring bands. This we built software to fit. Does to make the thing we knew better. The thing we knew didn’t have that much. It was really hard to monetize. And there’s been many attempts at that space that have failed, I think, because of that reason.

And then we’ve, we focused on festivals and then that was the focus and

Andrew: What if were you offering festivals?

Darren: So it was backend management that could manage things like artists, submitting applications to play at the festival or artists that had been selected, manage the contracting process. Capturing all of the information like tech rider, um, gathering their dietary requirements per catering and seeding them, figuring their accommodations, the ticketing they need, like, you know, who who’s in their entourage when they’re arriving, when they’re leaving, what credentialing they need.

So it was all that kind of the back end stuff. We never got into any of the sort of like mobile applications or RFID access control or ticketing we partnered with, with, with companies all over the U S and Canada and Europe that did those things. And we really tailored and focused on that back end logistics management component.

Andrew: How do you trans transition from, what did you have before when you were working with artists?

Darren: So it was a SAS company that was managing their tours. So we had all of this stuff, like stage plot tools, technical rider tools, like all this kind of stuff. And, and, and we had show management tools for putting on your own shows as a band. So we really just took those tools and beef them up and built them out in a way where, okay, now you can add multiple artists.

To the show and it started sort of building on those components and modifying those components towards faster.

Andrew: Told our producer that you were thinking about getting into ticketing that you, that it was a limited number of customers that were out there. Right? So the only way to expand was to offer more services. Ticketing you mentioned seems like a natural. Why didn’t you.

Darren: Honestly, like, I think it was that I didn’t have, I didn’t have the confidence and the business, the startup business knowledge to go out and raise a really big round and go after something that big. I think I felt that I was better to stick with w stick with what I felt I could manage in retrospect.

Yeah. I mean, I, I wish I had have had the appetite to think bigger because I do believe we could have done. A lot more and built a much bigger company.

Andrew: What’s the possibility and ticketing. What’s, what’s the opportunity. That’s not there through live nation, right? They do ticketing through event bright on the smaller side.

Darren: Yeah. I mean, when, when I was building this event, bright was still in its infancy. So it hadn’t made the foray into festivals. So you really just had like live nation and a couple of other providers, but there was lots of opportunity to sell integrated solutions. And there was a lot of animosity and, and, and, and, you know, not good sentiments around, around live nation as a, as a ticket provider.

So, so that was, there was certainly opportunity there and there were, so there’s a lot of opportunities as well of, of building the fully integrated solution, which is kind of the direction that some companies had gone now. I mean, all said in retrospect, being in 2021, um, and having sold Mercado and in 20.

18 about a year before the pandemic. I mean, I’m glad that I got out of the business when I did, because I mean, it’s, it’s, it’s, it’d be a very tough business to be and do, but I think the, the, the thing that I would take away on that is that just because there’s a player in the space, doesn’t mean there’s an opportunity for a new player in the space.

I mean, they look at Slack, right? Like we all had messaging capabilities before Slack came out and then Slack comes out and just. Totally plows over the whole world, essentially. And almost every tech company and startup and small business that I know uses Slack now. And, you know, they had a way to communicate before, but Slack was able to come in and do that.

And we see the same thing happened with, with, with like CRMs and different things like that. Right. So there’s, there’s always opportunity to disrupt a space when you have a new perspective.

Andrew: I was wondering also, if you got a little bit burned out on the space, if maybe that’s why you wanted to move on.

Darren: I think that’s part of it too. I I’ve been in the space my whole life. And I think that like, by my, my late thirties, I was kind of like, I’ve been to so many concerts. Like I could do, I could go while without concerts. Like, you know, like I say, I noticed myself near the end, like I’d have tickets to go to big festivals and I’d be like, I think I just want to go like.

Camping with my friends that weekend instead, you know, so I think you’re right. I think, I think I did going to get burned out and I was also like, I was also starting to get excited about security.

Andrew: And so the thing that I understood, it’s very rare for an interviewer to find these single pivotal moments. Is it true that there was this one client six figure deal came to you? What was the six phase deal? Six figure deal for what were they asking for?

Darren: They would have been utilizing our software for a huge percentage of the large festivals in the UK. So it would have been like a big deal that would have at that time would have probably increased our revenue by about 10% error. Uh, yeah, so that deal came to the table and we didn’t close it because.

We couldn’t demonstrate that we had the level of security that they needed. And it was unreasonable for us to try to actually, it was impossible for us to get to where they needed us to be in the timeframe that we had to do it. And we ended up doing it. But, I mean, the way the festival space works, he’s got a very tight window to be selected as a, as a, as a technology vendor for a festival.

Cause they’re very cyclical. So once they start building their festival, they don’t want to be talking to software vendors. So there’s sort of like a time window. And then the next time that you can talk to them or, or, or, or potentially sell to them would be that same time next year. So unfortunately for us, by the time that we made it to that next time and the following year, They had already chosen another solution to their problem.

And then that opportunity never represented itself.

Andrew: Can you help me understand the security issue that they had? What, from their point of view, what were they looking for? What do they need from you?

Darren: They wanted us to have a guess what would have been considered a at the time as a. Enterprise grade information security program. So what that means is that you have a formal document, et cetera, security policies that cover every asset of facet of your business. You have documented policies and procedures around everything.

You have documented employee onboarding, documented employee offboarding. You’ve got hardening policies for every end point, and you’ve got that monitored and tested.

Andrew: does that mean? Hardening policies for end points.

Darren: So like, so an end point would be like your laptop, right? So all your employees that have a laptop, well, a laptop out of the box is generally not that secure, but there’s a whole bunch of configurations that you can just do through the system preferences, where you can turn on features that would enhance the security of the device

Andrew: file vault on a Mac and find my, and wipe out the dry, the

Darren: all these

Andrew: If it gets lost and they want to know you have. Procedures for doing this when somebody gets onboarded procedures for doing this, if somebody’s laptop is stolen, because they’re worried about, I imagine let’s say the musicians, having their information, their personal information stolen because somebody’s laptop was lost.

And that’s

Darren: Or employee they might have, like, you know, there might be 2000 people that are working in the backseat scene of Coachella that all have credentials through our system. Plus, you know, all the artists and the guests of the artists, and there could be phone numbers in there for. For people that you wouldn’t want to get phone numbers that you would want those funds to be exposed.

There could be, there could be the, the lineup of artists that are going to play at a festival that would be in our system, say eight or nine months before they’re legally, you know, contractually allowed to release that information to the public. Right. So every time I would hear Coachella’s Coachella’s lineup was leaked.

I’d be like, checking my email. I hope the hell we, I hope we have nothing to do with this. I hope we have nothing to do

Andrew: I wouldn’t have thought that to be such a secret piece of information.

Darren: Secret internally. So there’s even like, you know, there might be two or three people in a major music festival like that over an entire large staff that know the Hey beyoncé’s plan. Like that might not be even announced internally for fear of it leaking

Andrew: Uh, wow. And so were they asking for policies and checklists or did they also want software in place?

Darren: Everything, every bit of it. So the policies and all that stuff, you know, we were able to pull that stuff together, reasons, timeframe, but you know, you go into your application environment and they want to make sure that you’ve got like, you’ve got a software development process that is involving certain layers of testing, like static code analysis or dynamic code analysis.

They want to make sure that you’re running, you’re running vulnerability, scanning tools in your environment. They want you to, they want you to have regular penetration tests. Where an ethical hacker. So basically a hacker that kind of has the same skill set as the bad guy, but gets paid to do it, to test software would, would go and try to hack your software and they would discover vulnerabilities or weaknesses or things that you need to improve upon.

So, you know, for a company that’s been building and writing code and building a technology for. No four or five, six years, you have a lot of lines of code. If you haven’t been thinking about that software from a security or a privacy perspective, there’s a high likelihood that there’s bad practices in there, or there’s things in there that, that, that are going to require some effort.

We refer to it as like technical security debt, which would be like, Maybe you didn’t update, or maybe you have some gems or some libraries in your code base that are, that have known vulnerabilities and you know, there’s going to be work involved in upgrading them or replacing them. So, you know, you can end up in a situation where you, you put a bunch of these tools in the test, your, your, your, your posture and that what you learn back is that, you know, you have a bunch of JIRA tickets now of things that you need to do.

You have a bunch of tasks now that your engineering team needs to do, and they also need to upskill themselves. They need to learn. Like what is secure software development and how do we implement that better? So we’re no longer, you know, we’re no longer subjecting our code base to having such types of vulnerabilities.

So for us, it was just

Andrew: what’s an example of a, of, of something that a developer would need to know. What’s a common mistake that they make.

Darren: So like a really common one, basic one would be like input validation. So let’s say you have a wa like you have a SAS, like a B2B SAS platform. And in that. Platform I can create a profile or I can create a project. So it says, we’ll enter your project name. Well, if you didn’t have proper input validation, I may be able to put some code in there that your database would, would react to.

So if you don’t have proper controls built in, I might be able to actually take control your database. By entering some code into that field. Uh, and, and that could, that could, that could basically trigger some unexpected results. And now you’re writing commands to a database and then you, you have the ability to

Andrew: I had no idea. Okay. And so does security right now, does it create software that prevents that or checklist that a developer would have to go through to make sure that they’re not making that mistake?

Darren: So our software will develop policies and projects and create checklists of things that you need to make sure you’ve deployed in your organization. And then it’ll give you guidance on, on how you can do that. Right. So some of those things may be a lot of times, you know, a lot of things are very simple.

Like when I talked about hurting your laptop, if you were to go read our checklist inside our app to harden the laptop, anybody could do that. They wouldn’t have to be technical in nature. They don’t have to go into terminal and type in commands. They just go into system preferences and turn on a bunch of features.

But in a software environment, it can get a little more technical. Right. So, um, you know, and we re, we refer to a lot of third party Sources as well, like one example for software developers, that’s commonly used is called the Owasso top 10. It’s the open web application security project. It’s an open source community where they, they have projects where they document best practices for software to protect you from the 10, most common trajectories or vulnerabilities.

So like I was talking about input validation as, as an example would be one of them.

Andrew: Okay, let me take a moment to talk about my sponsor is opto. You probably never heard of . Am I right? Darren?

Darren: I haven’t you’re

Andrew: You, do you get your customers from LinkedIn at all? Probably not. You do.

Darren: Sometimes.

Andrew: Oh, okay. All right. So let me tell you how Zapata would work if you were to use them. And then I’m going to handle the one big objection that you I’m imagining you might have.

So imagine you can go into LinkedIn and say, here are the types of customers that we know are perfect for us, who are the types of customers that you’re especially eager for? Is it a certain size business number of employees space that they’re in.

Darren: Yeah, we’re, we’re looking at like under 150 employees. So 150 employees, we were really our max point. A lot of our customers are like 20, 40, 50 employees. We do have a handful that are three or five that are really just starting, but we’re always looking for earlier stage younger companies.

Andrew: All right. So imagine you put that into LinkedIn. Heck you could do lots of other things you could even say, look, they tend to use this one software. Show me only the people who use that software and show me what’s the level of, what’s the thing. What software did they tend to use?

Darren: Get up, get lab

Andrew: Yeah. Okay, perfect. So I want people who are using get hub, get lab.

I want them to have this number of people and I want who’s this who’s the person who you’re did the CTL.

Darren: often the CTO. Yeah.

Andrew: So you say, I want the CTO, boom. You get a list of all of them. And what Zerto does is this, look, if you could sit down and say, start sending a message to each one of them individually and saying, Hey, I noticed you’re doing this.

I think it might be interesting for you to work with us because of this, or talk to one of my guys or whatever it is. You could do that. And it turns out people open up those LinkedIn messages and they respond back to LinkedIn messages like that. And so you could close sales just doing that one-on-one it was, it would be slow.

What’s opto does is they automate it. They actually will find those people for you, queue them up, send the first message in an automated way. And as soon as they get a response, you or someone on your team gets an alert, says, Hey, respond to this person. They’re in chat right now. You go in your chat and then you can set up a demo.

That’s the way it works. If you go to  mixergy.com/xarelto right now, you get that. Now here’s the big objection that I imagine, actually, what is your objection? I don’t know that I can handle all your objections, but there’s one that I can think of.

Darren: Are you, are you going to guess, or do you want me to, do you

Andrew: I’d love for you to tell me. And I, and I bet that I’m not going to have the answer to that because I don’t have every answer to every objection, but I’m curious, what’s your big objection to it?

Darren: Yeah. I mean, I think the challenge with a lot of these things nowadays is we have all these privacy regulations now, GDPR being the European one that I think made the greatest splash. And in GDPR you’re, you’re, you’re not like the old school sort of pirate days of selling online was like buy big list people and you just start.

You get one of these tools, like a HubSpot or something, you just send it out to the wild and you start spamming. Right. Um, so, so, so legally you can’t do that anymore. I think, I think what’s interesting is there, my understanding in LinkedIn is there’s term the terms of service there allow, allow for a certain degree of options.

So it allows you to do that. The challenge that I see in LinkedIn, I know myself as a CEO of a company, I get so many messages in LinkedIn all the time. They’re kind of that typical, like, Hey, I was looking at your profile and thought it might be interesting to connect. So I guess that’s my challenge is like, how do you cut through the noise?

I think I don’t really, I’m not really concerned about it from a legality perspective. Cause I think it’s covered just from my understanding in, in LinkedIn’s, um, sort of privacy policy, but I think you have to be really tailored to make it

Andrew: And they do slow. They slow down your role so that you’re not bombarding people, but I think you might be an, I am also because I do podcast interviews. We might have a different experience with LinkedIn than most people. I get hit a lot for people who want to be on the podcast. I’ve been looking at the numbers.

Email open rate is 5%. LinkedIn, excuse me, email response rate could be 5%. LinkedIn response rate is over 30%, 30 to 40%, which tells me that I’m not the typical LinkedIn person. I have my assistant go through and respond to people because I don’t want to put them off, but I also can’t respond to them because they get too many.

So I think we’re different. So that’s one objection that I thought you might have. The other is, look, I don’t have time to figure this out. It turns out there are agencies, people who are like two man shops, one man shop who just sit and do this type of thing.  I think that there’s an opportunity for someone in my audience to say, you know what, I’m going to go and create this agency from scratch.

I’ll just sign up to opto. I’ll hit up Darren and other people like him and say, I heard that you’re interested in this. Let me do it for you. And I’ll only charge you when I get a lead. Now you only have to pay when you get a lead with someone who you chat back to who says I’m absolutely interested. So there’s a model.

So the reason I’m saying this, Darren is what do you think of that? Right. They only charge you for a lead.

Darren: You don’t get any results for me. I don’t have to pay for it. The risks you de-risk the investment.

Andrew: And the, and the, and the result is we’ll just get you in a chat with somebody who clearly wants to talk about how they can use your service. So that’s the model, if you’re out there. And you’re curious about that, how this works for yourself, or you say this idea, I might want to turn this into my own little agency and start and build this agency by showing my clients results.

It’s pretty inexpensive to sign up for his opto. I’m going to give you a free demo. You can just go right now and see it in video that walk you through it. You’ll see how effective this is. If you go to mixergy.com/opto, you will get to see it. That’s M I X E R G y.com/z O P T O. And you’ll get to see how amazing the software is.

All right, coming back then to your story, you now have this, this grain of an idea. Do I understand right? That you then went and took classes on cyber security to understand this, to understand what’s needed.

Darren: Yeah. So initially when, when we were sort of confronted with the issue and had to build this security program, you know, like, like a lot of folks do in small business, you go to the internet and you start Googling and see what you find. I started, you know, we started doing some things there. We ended up hiring a consultant to help us cause we had some immediate needs and we needed to move quickly.

So I started finding it fascinating. Um, I was really obsessed with like Coursera at the time. And, and so I, I found a cyber security course on there and I took that over the span of like six or eight weeks and then signed up for some other courses online that, that I was turned on to. And then when after a certification.

A friend of mine that introduced me to this thing it’s called the CIS SP the certified information systems, security professional certification, which is sort of like a table stake, main sort of certification that most cybersecurity professionals in the market have. And it’s basically like a book, like a giant book with like, 1400 pages and it covers all of the domains of, of security.

So you go through like governance, administrative security, you go through like testing and software security and network security, you know, all of the different facets of it. And it was pretty fascinating. Like I, I ended up spending,

Andrew: fascinating. As you’re talking about it, I keep thinking, this is a guy who was a rock star. You’re talking about problems with excess drugs and excess alcohol, too many concerts to go to. And now as C I S S P is fascinating. What was it about it that got you so excited?

Darren: I think what, what got me excited about it is, cause I think it was the lens I was reading it through. So I was reading it through the lens of, of how do we apply this big, complex, corporate thing to an agile. Cool. 1516 person, SAS company. So then everything I read was then it wasn’t, it was like a lot of it made sense too.

Right. So if you understand technology like cybersecurity often when I love this, when I, when I worked with CTOs, now they come in, they don’t, they, they think they know nothing about cybersecurity. And then like, by the time I’ve had a couple of sessions with them, they’re really starting to wrap their head around it.

Cause like once it’s over, once you realize it and think about it a minute, it’s kind of common sense. And then I think, so the thing that, the other component that I always found fascinating is like, you know how I was like, like crime, like, like crime shows and like private investigator shows and like that, that concept of security and like the criminal side.

And when he was like, really start getting into understanding, like, it’s pretty fascinating when you look at the stuff that cyber criminals do to break into companies. And that really was like super fascinating. So thinking about like, The, the criminals on the outside and like their, their covert actions and all that was kind of interesting.

And then trying to take this stuff and distill it into like a palatable, reasonable version of security for smaller companies was where like, I really started sort of finding it. Interesting.

Andrew: Okay, so you were getting into it. And then at what point did you say? I think I know what the company could be that solves this.

Darren: Yeah. It was. I ended up after I read the book, I ended up writing the exam cause I was like, Hey, well this initially it was like, Oh, this’ll be our marketing lever. Right. As Mercado will be like with other small up and coming players will be like, well, we’re the secure one. So, you know, for talking to a big festival, I’m like, well, how much information are you going to be storing in this platform?

Right. I see you’re looking at other competitors. Have you had, are they able to give you a security report? Are they able to demonstrate that they’re following industry? Best practices to ensure that your dad is not leaked. Are they able to cover you on different laws and regulations from a privacy perspective?

So we were using it as a. As a competitive advantage. So I did the, I did the cert primarily to be able to put like, so that our sales team can go, Oh actually our CEO or co-founder and CEO, he’s a, he’s a certified information security professionals. So, so like, yeah, this company is tight, right. So, you know, it was kind of a bit of the, the, the objective from a positioning and marketing perspective, um, where I realized that, you know, thinking about that sort of deal we lost and then sort of by this time seeing more.

Security questions coming up in deals on a re a more regular cadence. I remember posting on social media that I got my CIS SP and a bunch of my friends who were in other software companies that I speak to, you know, periodically we’re like, Oh dude, can you give me a hand? Like we’re getting all these security questionnaires.

And that’s what I kind of like, it kind of was like light bulb. It’s like, Holy shit. Everybody’s going to need to do this, right? Like this is coming down. Like, people don’t even see this and it’s coming down like a S like a steam, like it’s going to steamroll a lot of businesses. Right. And the thing you learn about one of the big things, and I think, you know, one of the big things about security is like, no matter how secure you are, if you don’t secure your vendors, then your vulnerability, your vulnerability becomes your vendors.

So like, what happens is, is one, one company. Implements a security program. Then they then have to go down through their supply chain and either their supply chain has to up their game or they get kicked out and get replaced by other providers. So I sort of seeing this, and then this is where like the, the early sort of like signaling of GDPR coming down the pipeline and, and government involvement.

So it’s like, And, you know, my brother was working with Interpol at the time. So my brothers in law force, my brother, my brother is a very senior police officer with the Canadian federal police force. And he was working in the security and with, with a security context in his job and was always on vacations and family functions, talking to me about the criminal aspect and the growth in criminal aspect.

And I think it was like, 2016 were Interpol estimated that cybercrime passed the drug trade. So like we’re thinking like Pablo Escobar and all these like big like global drug cartels all over the place and all the money they make. Th they have nothing on cyber criminal activity right now. So I think like just seeing the growth in the criminal activity, seeing how it was being pushed down through vendor of requirements and then looking at what was, what was happening in terms of governments starting to talk about, Hey, we need to protect our citizens or citizens or businesses like the, the, the, the, the, the, the core thing of our economy is under attack internationally by cybercriminals.

It was very clear that this was just. This is just going to be the biggest opportunity and that’s happening right now.

Andrew: You know what. Um, I want to continue with your story, but you’re bringing up a real issue for me. I spent so much time looking at my computer security, making sure that I’ve got file vault set up properly, making sure that my passwords crazy annoying for me. And then I’ll see someone who I work with, who.

Doesn’t do that. And they’ll maybe Stu screen-share with me where they type in their password. And as they’re typing it in, they stayed out loud. And I, this is, this is not good because why, why do I have to put up with all the hassle of typing my password, a million different letters in order to log into my computer, and then you do this little, nothing is their password seemed like a real issue for me.

What can I ask people to implement so that they stop with these stupid passwords? And we’ve got last pass. What should we do?

Darren: Yeah, I’m a big fan of having a password manager, because then you really, you only have to have a couple of big complex passwords. So you have to have a password for your last pass account or your one password or whatever tool you’re using in that regard. And you have a password for your device. So then all the other passwords can be managed in your tools.

So then you only have a couple of passwords. So that would, that’s kinda like the compromise, um, There’s also a lot happening in terms of single sign-on. So like we use single sign on internally in urbanization, and that means that you sign onto your sign-on tool and then that tool logs you into everything.

You can

Andrew: talking about Okta

Darren: Yeah, you can, you can use Okta. You can even, a lot of, a lot of companies now are supporting G suite single sign on as well. So like there’s, you know, there’s lots of different options out there. Right?

Andrew: More people would take G suite for business and I’m noticing it right. That more and more apps that if that are for business, take it because with G suite, then you can say the password has to have this requirement. Right. But I have to remember actually you reminded me, I should make sure that we’ve got that set up for everyone else.

Darren: Yeah. And you can enforce two factor authentication using the Google authenticator app as well, which is a good, a good idea. And then, you know, then it gives you a really, and now they’ve, they’ve, they’ve launched some really cool security features as of recently that that we’re making use of where, you know, we get alerts if somebody, if there’s an issue you know, so you can really, it kind of gives you the ability to manage, um, people or if like, if, if an employee leaves goes rogue or is fired.

You know, like you can just turn off one thing versus like, you know, the old school, but, okay. What do they have access to when you’re sitting there, like making a list of like, you know, 14 or 15 SAS products that they may have access to. And you’re like, you know, you’re likely going to forget one, if that’s sort of the process you’re going under.

So having it all sort of tied under a single sign on and, and enforcing it that way just makes like an easier to sort of turn something off.

Andrew: All right now I’m getting the excitement for it and I’m getting the desperate need for it because you’re right. Once you take care of it yourself, you just feel like, well then why is this guy ruining it for me?

Darren: Once you do it, it kinda, it, you realize a lot of, it’s not that difficult

Andrew: I wonder if it’s it, does it become easier? Because I do know that once I got a password manager, my life became easier. I didn’t even have to think of which password do I want to make up for this site. The password managers pops up and says, can I create it for you? So I does everything become that easy where once you set it in the system carries you.

Darren: If you set it right and use the right systems and you take the right approach. Definitely like I, I have to type my password on my laptop, on my computer, in this workstation every morning, but the rest of the day, my watch

Andrew: Yeah,

Darren: break. So I just come over, I press the button. I hear, I feel the click on my watch.

It tells me I’m authentic, Katie and you’re in. Right. So like that’s pretty painless. Right. So, and then I’m in my single sign on, in the morning, once and now I don’t think about passwords all day. I really don’t use passwords all day. I’ll I’ll use password I’ll I’ll I’ll I’ll sort of enter in the morning and, and use my password and then that’s it.

I tend to Kate once and then I’m in.

Andrew: All right. So Darren, now I’m with you see the problem. I see the solution that you came up with. What’s the first thing you did. Did you create a first version solution or did you go to Techstars? Okay.

Darren: Um, I thought about it a lot and. Did more work. Like I plotted out what I thought people need it. Like, I plotted out a bit of like a, I mapped it out. So I’m not a software developer. So I have, I used, I used some old rugged tool. I don’t remember what it’s called that I put together. I built a website that didn’t actually function, but it allowed me to sort of, you know, Sort of wizard of Oz that, and sort of show people, okay, so you click here and you do this and then this happens.

But, um, and, and so I played around with that idea. I, I sort of, I shared the idea with a couple of people that I thought might be interesting investing in it. And this is while I was still running Mercado at the time, I also shared it with a few people that I thought might be interesting and working on it.

And so then by 2017, Um, I had, I was still CEO of Mercado and I had a small group of folks that were just going to do a little bit of a proof of concept. And we built a bit of a wizard of Oz version of what I had plotted up, which was just a tool that really didn’t do anything. And, but it looked like it did something, but it would be, it was in beta.

And it would just say, we’ll get back to you in 72 hours or your policy. So we built a policy build our first, like our thought was like, in theory, You’re supposed to have policies that dictate the things you do or don’t do in your organization. And then everything else is built around, making sure you’re compliant with the policies you have.

So we kind of looked at the policy as being the foundation. And then we actually took it to customers. So in, in, in right before we went into Techstars in 2018 and right before that, cause we had approved some traction. We landed a couple of customers as beta customers before we went into Techstars and we sort of.

Tested it out, even though it was like, not even really built, it was just a tool to collect their answers. And then we would sort of compile stuff from templates we had.

Andrew: Just a policy creator.

Darren: Yeah.

Andrew: Ah, you know what? I think that I would’ve over-thought it, I would’ve said it’s security. It needs to be software needs to be much more. You just had a landing page that said, we’ll create this for you. And then it was a manual process of creating their policies for them.

Darren: Yeah. It was manual for us. Um, we did build templates and then we started building a matrix. So we started figuring out like, what are the questions that we need to ask? What are the variables? So what are the things that would determine what content needs to be in their policies? So we made multiple iterations of that.

And then once we figured we had a pretty decent one. And we started actually, we built it out. So it worked on its own. So by like midway through 2018, we had a tool that would write all your policies and you wouldn’t have to re very rarely have to edit them would actually build policies that were fairly tailored at the time for your

Andrew: Okay. I could understand that. How did you get customers? What did you do to get your first customers?

Darren: Initially we leveraged folks. We knew like tech companies that we knew that we had that trusted us. Um, and then, and then

Andrew: ones in the music industry who you’re working with at Mercado. Okay.

Darren: Yeah. So they were starting to have the problem and needed, needed policies and needed security documentation. So we started with those folks when we got into Techstars and that opened us up to a bunch of companies.

So we worked with a couple of the cohort companies that were in our cohort at texters. And then, and then we kind of got like introduced to the whole tech stars network. So that became like. Like the rest of 2018, like the majority of our customers that we added as we added more beta customers, as we started, like loading this more into a tech and less of wizard of Oz of us doing it, we just kept going through with, with Techstars companies and we had this Techstars perk.

So we had like a, a discount for the Techstars company. We were more concerned about having real companies to test the tool and we were generating money really at that point.

Andrew: And still, and by the way, Techstars stars. Wonderful program. They invest a little bit of money in you. They give you a lot of support and they help you get the next round of funding. Um, but well, let me ask you, why, why did you go into Techstars? What were you looking for from them?

Darren: No. I think part of it is I never, I really never had. I never had any education in a startup. Like I never, I just kind of like Mercado. I just kind of like fake it till you make it just winged it the whole time. So I felt like, I felt like it’d be cool to just like, learn more about how people build startups and like, you know, Mercado was very, very niche.

Like it was totally targeted towards. Towards music festivals. And like there’s only so many music festivals. So your market’s like, there’s a limit, there’s a capture to your market. So getting ready to build a company, going into such a, like a green field of like, just so many possible companies that could use our platform.

I want it to like, I wanted to understand more how people build companies, how they structure companies for growth, like that sort of like expose myself and my co-founder whom for him, that was the first time that he built us, you know, was, was the founder in a business. So I thought it would just be a good experience for both of us.

The other one was. We, we want it to, I didn’t really know. So a lot of investors or a lot of security people in the security industry, cause my whole life was in the music industry. We didn’t actually raise a lot of capital. All the capital we raised for Mercado was, was in our own province here in Nova Scotia.

So we didn’t venture out to like speak to VC firms in the U S or anything like that. So, so, you know, I, I knew insecurity. We are more likely going to be taking that type of approach. So really, really looked at it as a way to like, Play catch up. Like, I don’t know a bunch of people in the tech space. I don’t know these people in the VC world texters sounds like a really good way to like, solve that problem quickly.

And, and, and it did like, that was our focus because our biggest primary focus in Techstars for me was make us the most amount of connections as I can so that I can build and leverage off that after the program.

Andrew: Can you tell me one thing that they taught you about how to build a business bigger than you had before or in a different way?

Darren: I mean, there, there was a lot of focus on KPIs and metrics, like really having proper dashboards and metrics and in the organization, there was a lot around pitching to VCs and how to structure deals and like sort of understanding what expectations would, would be required at various stages of capital raising and in sort of how different types of you know, CA.

Funds operate and, and teach you how to really figure out, like, you’re not just looking for money, you’re looking for the right money. You’re looking for alignment. And so there’s a, there was a lot of good value there, and there’s also a lot of good stuff that, that I learned around recruiting, um, talent and, and, and really, you know, reaching for the best talent you can.

Andrew: What’d you learn about doing that?

Darren: I learned more about the types of questions we could ask and, and how and how important it can be to bring in people. For example, if you’ve never been a VP of sales for a company that’s growing towards 10 million in revenue. Why would like, why would I be the judge? How am I going to judge? If I’ve never done that thing.

So like, you know, I have board members, I have advisers, I have mentors engage those people that are willing to help build the business to ensure and help build out and make sure like that we’re, we’re getting the right person, right? Like these types of hires that you make in your business that like literally can make it or break it.

Right. If you hire, if you hire the wrong VP of sales, For your business that, that could, that, that could be just a detrimental move that you may not be

Andrew: And if you’ve never done it before, and you don’t have experience, at least now you have your mentor, your investors. You’ve got someone at Techstars, who’s done it. They could reach out and they know who, who knows what and who just knows how to, how to fake it. And you told our producer within three months security past the revenue Mark that took Mercado 10 years to reach.

Because of Techstars and the connections and the network that they have.

Darren: I think it’s because of a lot of things. Um, I would say that there is. There, some of the components are that, well, the space is bigger and the outside external factors. So the, the pressure that’s happening from the regulatory perspective and from the customer due diligence perspective. So like the, the vendor assessments people are getting from their customers, those things certainly played you know, the space was ripe.

It was a good space to be in, but yeah, texters was great. I mean, We we all, all of a sudden had access to like over a thousand startups in this network that we could reach out to, and very likely to engage in a conversation. So it was a, it was a really big opportunity for us to, to, to put some numbers on the, on the, on the board quickly, which enabled us to raise our, or pre-seed round.

Andrew: I think it was just before that, that you sold Mercado, right? Just before Techstars or is it just a

Darren: No, I sold it just after Techstars. So the deal was in the works. I’m going into Techstars, but it happened after texters.

Andrew: you finally got, you told our producer, it was the first time I had money that wasn’t immediately destined to pay a bill. It wasn’t life. It wasn’t like set for life money, but at least it was that. How do you go as an entrepreneur in a world where you see all these people who are making it, where your every time you make money, it has to go to a bill without feeling like there’s something wrong with you.

Darren: I think, I think part of like living in Nova Scotia and living in Cape Breton, I think it keeps me very grounded. Like everybody, all my friends and family, for the most part, um, You know, they live a job and they, they make a set amount of income and, and that’s, you know, pretty, pretty normal. So I think it would be harder in San Francisco where there’s, you know, every, every week there’s another, there’s another million millionaire made from a tech, uh, acquisition.

So, you know, that was not something that was happening around me and my friend group very often. So, you know, I was always, I, I paid myself. What I needed to live off of. And, you know, I was also like traveling around the world all the time and doing all this work stuff that was pretty rewarding on a lot of levels as well.

But yeah, the sale of Mercado was the first time that I actually had like. You know, you get used to people often, like whatever your pay is, you sort of like that dictates how big your home is or the nicer car you have. And like a lot of people end up in that predicament where they’re really living, they’re reliving the size that they can sort of, or more and more ties through bank payments, um, for the assets or this lifestyle they want.

So it’s really fascinating to get, uh, an injection of capital that you can

Andrew: What were you able to do? You went to Italy.

Darren: Yeah, we went, my wife and I went to Lee for, for three and a half weeks. We went to Mexico on a trip. We went on a couple of trips actually, um, that year we, we, we bought a new hosts on the water. Um, that year we did a whole bunch of cool things to the hosts, like build this cabin.

That’s on the property. That’s now my home office.

Andrew: This was designed to your specifications, the cabin that you’re in right now, talking to me.

Darren: It sure was.

Andrew: What’s a one fun thing or what’s one important thing that you added to it.

Darren: Uh, that little miniature woodstove over there. It’s a pretty cool thing. You could probably see it in the

Andrew: So you could stay, it’s hard for me to see it, but

Darren: here. Look, I’ll

Andrew: right over your shoulder. Let me zoom in my, my camera

Darren: it is literally 11 inches. It’s 11 inches by 10 and a half inches. It’s super tiny.

Andrew: so that you’re warm in the winter.

Darren: Yeah, but it’s just like a cool color. I mean, I also have electric heat too, so I’m not cold even if there’s no fire, but it’s just kind of a cool thing that, that, that just kind of gives it a cozy vibe.

Andrew: would love that. I do a lot of just thinking work and I like that little, that, that little touch for setting the scene. What were you going to say? Something else?

Darren: Well, w I put a, I put a bunch of audio panels in here as well. So I treated the room with some, with quite a few audio features that would make it sound good in here when I play music, or if I did record things down the, down the line, which also is good for doing podcasts and other types of things as

Andrew: I’m benefiting from it. Do you still play music?

Darren: I do.

Andrew: Do you have a SoundCloud or something where we can hear it?

Darren: No, I don’t. I just, I just practice. I don’t, I don’t have, I practice in play, um, for fun. I don’t, I’m not writing music and like that I’m mostly playing drums, to be honest with you. That’s what I’ve been doing mostly for the last couple of years. So just practice and it’s kind of like a Zen too. I think it’s kind of like a, it’s a way to consume your brain into something that’s not work

Andrew: I get it as a runner. I do that when I run. And do you feel comfortable giving us a range of where the revenue is right now?

Darren: Yeah. So, I mean, we’re, we’re, we’re at the point now, um, like we’re, we’re, we’re sort of moving close to about one and a half million in ARR. But what’s interesting is like, you know, a year, a year, if I go a year back, we were, we were not even at half. So, um, you know, it’s, it’s been a lot of growth in the last couple of months, really.

Andrew: And now you do, what do you, what’s the best way for us to understand what you guys are up to now, what you’re creating now at security is it to tell me some features or give me an example of what your wife, uh, does.

Darren: Yeah. So, so my wife owns a company that does bookkeeping and financial management for, for small companies. And so obviously that’s a lot of confidential information like their financial position and accounts payable, accounts, receivable, lot of different, you know, things like that. So she uses our software to Jew.

She uses it basically to generate. Policies. So they have processes. She’s used it to build an onboarding and offboarding process. She has a whole procedure now for, for allocating assets. So she’ll like, she’ll have a configuration process where she’ll configure a laptop before she issues it to, to one of her employees.

They use a single sign-on. Everything’s really like tied down multi-factor authentication, single sign on they’re they’re encrypting their hard drives all of their tech stack. So like all of the tools they use are configured to enforce either single sign on or multifactor. So she just uses it to make so in her case, she’s not worried about say.

Complying necessarily with a security standard, it’s mostly just doing the best she can to make sure that that, that the customer data is protected. They leverage a lot of cloud tools like zero and, and G suite and, and Slack, and like a lot of these types of things. So, so she has processes that she was able to use our tool to build out that give her like a secure baseline configuration.

So she makes sure that she’s using those tools in the most secure way possible.

Andrew: But you’re, you’re still guiding people to using the tools that they need in the right way. You’re not a software company. Am I right?

Darren: Well, the software guides you to use the tool. So the software writes policies creates checklists gives you guidance on how you can configure your environments. But like a lot of the stuff that you do need to do is actually using the things you already have correctly.

Andrew: What about the single sign-on you don’t, you don’t provide that. Right. You’re guiding them to you. You

Darren: Well, we do not provide

Andrew: Okay. Right. And so, and the reason I ask is because it looks like your free plan basically has. Everything that a smaller business would need and it’s there for free. So if I wanted to have the basic security report, if I wanted to have a policy, if I wanted to have, um, like a lot of what we talked about right now, it’s there in the free plan, right?

Darren: Yeah. You only get a couple of policies though. So like a complete security program for, for say like a small SAS company might have up to 30 policies in it. So the free tool is only going to give you five or six policies. So it gives you a starting foundation there, but it doesn’t get into the details of securing every facet of your business.

And therefore it doesn’t give you all, all of the sort of benchmarking against security standards as well. If you’re selling into, um, you know, organizations that are asking for you to demonstrate compliance to any specific standard or regulation.

Andrew: Okay. Well I’m happy to see this. I want more customers to more businesses to demand it. Yes, because the more they demand it, the more everyone else has to live up to this. I do that. I I’ve talked about this before everyone was talking about superhuman. I knew about superhuman in the early days of superhuman.

I emailed the founder of this email software company to say, what’s the policy about handling email? Well, show me what you do. And I was like a Nick about it for at least a year, going back and forth. I’m kind of embarrassed because obviously he’s, he’s just. Person who, who cares about this stuff, but I wouldn’t sign up for a long time until I knew this stuff was in place because they’re managing my email.

That’s everything. Right. And so I want, I want companies to require this. I want companies to be built from the start with this in mind.

Darren: Yeah, I agree with you. I

Andrew: And you’re saying once they have this, they’re going to have an easier time selling to bigger businesses that are already demanding. This, that the enterprise customers already demanding this type of thing.

Darren: There. Yeah. Every enterprise customer is demanding this now, but even smaller businesses are starting to, to manage it. Like we have, I’ve experienced this all the time. Like recently I was working with a, a consulting company. That consults for say, upper mid market. And they’ve got a couple of small providers, like an MSP and a few other subcontractors.

And like the challenge we ran into is like, okay, we got their security where it needed to be. But as we looked at the, the agreements and the security, addendums, and contracts that they have with their, with their customers, they were required in the contracts to only use vendors that meet. These minimal requirements.

So then we had to go down to these smaller vendors and, you know, in some cases they had, they had to let, they had to change vendors because there were vendors that just don’t have any of it. And they weren’t necessarily willing to go through the exercise for the sake of one customer. So they actually had to move to change to another vendor.

So, you know, I think what you’re going to see, especially it’s going to, it’s really happening. I’m seeing it happen quickly now, but 21 is going to be the big year for it is like, Medium size and smaller businesses are going to have these requirements. So if any of your customers are selling to government or selling to upper mid-market or enterprise, then they’re going to, they’re going to require that you also, as a subcontractor of them are going to require that as well.

Right.

Andrew: I imagine it’s especially becoming more important because people are working from home and I find that their security concerns are there. Their lacks, when they’re at home

Darren: Yeah, the, it, it depends like, I think for.

Andrew: I, you don’t think so. I think a lot of people when they’re at home, they’re not thinking that that way. There’s nobody looking over their shoulder. As long as there’s logging into zoom. As long as they’ve got theirs there, I don’t know Okta and Slack all okay. They don’t care about the rest and they should.

What do you, what are you going to say? I’m,

Darren: Well, I mean, I would say like the organizations that aren’t accustomed to people working remotely. Yeah, for sure. Like, like, I think a lot of traditional business struggled during COVID and it’s been like a feeding frenzy for, for a lot of the, um, the, the hackers out there. It’s like all these enterprise organizations that were classic, like there’s a server in the office and everybody goes to work and they sit down at a workstation that workstation is centrally managed.

Those people were really. Yeah, really challenged with, with working from home. Cause they didn’t have the infrastructure, they didn’t have the culture and it was all managed in an in-house environment. But I think a lot of startups, a lot of tech companies like that are already sort of, you know, working remotely or somewhat working remotely or have remote employees and are using like, You know, modern tools.

So like, you know, instead of having like a, uh, a server in your office, you’re in, you’re in Google cloud or you’re, you know, you’re, you’re hosted on, is on say AWS and you’re using G suite. And, you know, I don’t think it’s that big of a challenge. Like I think those organizations, wherever they are, we’re able to move over fairly easily.

Now, if they weren’t security conscious beforehand, then, well, Th they, the, it wouldn’t change anything. But you know, I look at it like an organization like us now, obviously we’re a security company, so there’s a little bias there. We’re always talking about security. So it’d be pretty embarrassing if you were the person in the business who like, you know, did something stupid, but like, Like for us, we just went home.

Like nothing changed. Technically all our office was, was a wifi hotspot with a place for us all to hang out. So, you know, um, so it, it, you know, I think for companies like that, that are either, you know, SAS companies are working mostly in a cloud-based infrastructure. So they’re not, th they’re not, you know, they’re using like my wife, for example, like there’s laptops, there’s wifi, there’s wifi routers, and then everything else.

G-Cloud and, you know, zero and things like that, like in that type of environment, I don’t think the work from home thing is that big of a challenge. There is, you know, there’s the insider threat fear. You know, I know, I know talking to people that work in cybersecurity roles in enterprise, that’s a thing that they’re trying to.

Figure out. Cause you know, you can see if you have cameras in the office. If people aren’t in computer in cubicles, you can see if people are taking pictures of like that on there, but you can’t really see what they’re doing. So like, you know, I’ve had conversations with CSOs, like chief information security officers from big enterprise and like, well, what do you recommend we do about like, how do we protect so that like, if our employee goes to the washroom that their malicious wife doesn’t come in and start stealing stuff, it’s like, Man that’s, you know, I think that we, we, we, there’s a certain point where, you know, you have to really screen people and I think it’s easier in a small business.

Like, I think it’s easier in a 10 person company to be able to develop trust and get to know people and understand their background. I think if you’re like a 10,000 person company, then people become numbers. Um, and, and it’s, and it’s harder to, to really sort of manage that. And insider threat becomes a bigger problem there.

Andrew: All right. The website for people who want to go and get started right now for free it’s secure rc.com. That’s S E C U R I C y.com. And I want to thanks to sponsors who made this interview happen the first, if you like the way that I lead conversations, you want to get some of the tips that have helped me.

They paid me@unbouncetojustwriteaguideandgiveitoutandyoucangetitforyourselfatunbounced.com slash Mixergy, their landing page company, but they just created it for this guide. It’s unbounced.com/mixergy. And of course, to get those leads, to see how that software works for working with LinkedIn, go to mixergy.com/zapatos Z O P T O.

Darren. Thanks and congratulations.

Darren: Thank you.

Andrew: Bye everyone.

Who should we feature on Mixergy? Let us know who you think would make a great interviewee.

x