Hey, it's Andrew. Each week day I share examples, tips and strategies in the newsletter. Sign up in the yellow box on the home page.
May 9, 2023

214: Enterprise Browsers: Reducing Attack Surface & Saving Money with Moty Jacob, CEO of Surf Security

214: On this episode of Sales Bluebird we talk with Moty Jacob, the CEO of Surf Security, and we dive into the world of enterprise security, company differentiation, and the rise of browser-based solutions. We begin by exploring an open onboarding process tailored to employees' needs and how important it is for new employees to understand the company's capabilities. We also discuss building successful channel partnerships, reducing attack surfaces, and finding talent with strong networks and trusted reputations. Our guest shares insights on enterprise security and how finding a buzz around the industry can attract senior security leaders. Furthermore, we hear a personal story about the Venice Carnival and the challenges of attracting CISOs. Finally, we learn about Surf Security, a browser-based zero-trust solution for enterprise-level security, and how it can collapse all security tools into one power control point for improved agility and reduced security risks.

[00:03:15] "CISO Creates Revolutionary Browser-based Cybersecurity Solution"
[00:08:47] "Chrome-based app offers unbreakable security solution"
[00:10:31] "Surf: The Innovative Browser Combining Security and Accessibility"
[00:15:33] Revolutionary Endpoint Security Solution Streamlines Cloud Access.
[00:19:01] "Stealth tech startup Surf facilitates security stacks"
[00:20:16] "Venice Carnival: The Winter Tradition You're Missing."
[00:22:56] "Claiming and Climbing Mountains Across Italy"
[00:25:10] "Web Platform Revolutionizes Security Market Capabilities"
[00:29:02] "Scaling a Company: Evolution from Founders to Salespeople"
[00:30:43] "Open Onboarding Process for Dynamic Success"

Moty Jacob on LinkedIn
Surf Security website

Support the show

Andrew Monaghan [00:00:00]:

The enterprise browser category in cybersecurity has one of the biggest buzzes around It right now. And today I talked with someone who is first of all, a multi time siso, and second of all, he's actually built an enterprise browser before while he was at a prior company. So he's got the experience of what it takes to build one in real life. Find out where he did that, why he did that, how he started cybersecurity company, how to get attention right now, and maybe most importantly, whether he prefers beaches or mountains. Keep listening to hear from Moty Jacob, the CEO of Surf Security.

Andrew Monaghan [00:00:45]:

Welcome to the Sales Bluebird podcast, where.

Andrew Monaghan [00:00:47]:

We help cybersecurity startups grow sales faster.

Andrew Monaghan [00:00:51]:

I am your host, Andrew Monahan, and our guest today is Moty Jacob, co founder and CEO at Surf Security. Moti. Welcome to Sales Bluebird.

Moty Jacob [00:01:01]:

Thank you very much, Andrew, for hosting me. Great to see you.

Andrew Monaghan [00:01:04]:

Absolutely. It's great to have you on. I'm looking forward to our discussion. You've got an interesting background as a multi time siso and now you've crossed over to being the founder of a cybersecurity vendor company. I'm interested to hear about how you think about that, the challenges, the excitement that goes with it and around building a great new company.

Andrew Monaghan [00:01:27]:

A quick break to say that this episode is sponsored by It Harvest. With over 3200 vendors in cybersecurity, it is hard to keep track of all the latest developments as well as research and analyze categories and subcategories within cybersecurity, which is where the It Harvest cybersecurity platform comes in. Want to know which subcategories in cloud security are growing the fastest? You'll get it in a few clicks. Want to know and track everything about your main competitors and keep up with their hiring and news. Simple search to be done. Want to know the top 20 fastest growing companies based out of Israel?

Moty Jacob [00:02:07]:


Andrew Monaghan [00:02:08]:

Just a couple of clicks to get that.

Andrew Monaghan [00:02:10]:


Andrew Monaghan [00:02:10]:

Harvest is the first and only research platform dedicated to cybersecurity and it's run by Richard Steenan, who has done it all in cybersecurity from the VP of Research at Gartner, a CMO at a cybersecurity vendor, a Lecturer on Cybersecurity, advisor to startups, advisory board member at Startups and a main board member as well. The whole lot. Find out more by going to Salesbluebird.com Research. That's salesbluebird.com research. Now back to the episode.

Andrew Monaghan [00:02:47]:

So, as I said, you're a multi time siso. I looked on your LinkedIn resume. I see at least three roles where you've got SIS in the title. You've got the operational experience, running things, strategy and all the rest of it around cybersecurity. I'm kind of interested though, because I know related to what you're doing right now. You spent some time on something called Next Company at Triana, is that right?

Moty Jacob [00:03:09]:


Andrew Monaghan [00:03:09]:

Well, that was related to what you're doing now. Why don't you tell us what that was all about and what the experience was.

Moty Jacob [00:03:15]:

So triana was an amazing experience. It was a financial services company that was acquired by ICAP and X and then they did a very nice strategy and tactic how to be the first and leader. So we were like one of the latest in the post trade, let's say the latest mover. But we understand very well the market and we succeed to be company that controls 60 in the top, he controls 67% of the post trade and forex with some of our tool and yes indeed, I was practitioner all my life and I was CISO, I was a security expert, I was doing a lot of security consulting. I used to work with Telcom, with banks, with healthcare and others. So I was trying to get in each sector more and more understanding. And when coming into what I'm doing now on Surf security, my biggest challenge as a CISO in the last 20 years was to reduce attack surface. And this is something that this is the main job of a Cecil. You need to reduce the attack surface, make sure that the company actually know to manage the risk and nobody get hacked or we are trying to reduce it to minimum. So if we get hacked, we know how to get out from it without cultural damage. So when I was a Cecil, like my other fellow Cecils, in order to do your job and to reduce the attack surface, you need to add enormous number of security tools and you need to be aware about a sheer number of security tools. Open source vendors, technically. And you need to deploy them in order to get an effective coverage. And this is a real challenge. So this is why I created Cyber Kingdom. That I can discuss. It's a group of CISOs from the industry and WhatsApp we have more than 240 CISOs in this group and we discussed about trade intelligence, about tools, about other stuff and that was a very good validation for me for the market itself. The other thing is that I was hearing, and I was a very enabler CISO, is that security become a blocker. Or let's say, like one of the exec told me in previous company, security slow us down in a way, and in a nice British way they like to say it here there is a trade off between security and agility and me and Ziv, the first co founder, he's our the CTO. He's based in Tel Aviv. We were working together for five years in X and I was the CEO, he was the CTO and while we were working on commune based project, we were thinking about solving the security loop for more corporates so not just for us, but for others. And we were thinking together what will be the right chalk defense powerful point that we can collapse all the security tools into one power control point. And we were thinking about today more than enterprise like we were and we were like walking inside the company and what we saw that the most deployed application inside the enterprise is the browser. And because more and more companies are becoming more agile and they want to use the clouds and SaaS services because they want to develop and for us to be innovative and to release more tools, they are moving into web based work, modern enterprises more or less centralized around the web. And when we were thinking, they were decided, okay, the web browser is displaced, and we already had a very good experience, technically experience with Chromium. And we know all the tweaks and the libraries and how things work and what we can tweak how the engines inside Chromium work, because we already played with this for a few years. So we said what it will do if we will collapse all the security stack into one single power control what it will be. So the browser was this point. So for us that was a momentum that we understand around four or five years ago that if we are going to build something for the area of security, we should not build just a feature or another company. That is one trick pony that is solving one solution. We are going to build something that will be a browser because the browser is a new operating system and the decision was really made to create a really zero trust solution without proxies, without APIs, a really solution that will take it from the endpoint to the resource. So we created the zero solution endpoint that is based on Chromium. So Chromium is the foundation of course of Microsoft Edge and Google Chrome, which is the most famous and popular browser today to the consumer. But they were never thinking about building it for the enterprise level, they built it for consumers that you will be having targeted ads and you will have a very good streaming of video. And now I'm doing with you the call with our browser. So if there are any video streamline, probably us.

Andrew Monaghan [00:08:29]:

This is back in 2016 through 2020. That was a few years back and you were already thinking about touching, building, playing around with Chromium to figure out what it could do in that case for that company and see what impact it could make. I really love that.

Moty Jacob [00:08:47]:

Yes, we had a very good tool that was doing force rate and it was installed on many user base of banks and others and we wanted to upgrade it into a web based solution. And the best way for us was to hard coded it into Chrome you and this way we created an application that was running inside Chrome but it was a website that was hard coded into it. This way we can actually control many aspects. For example, we can define that only with our browser you can access a specific resource into it. So even if the hacker was taken from the user, the username and password, or even the MFA, you will still need to have our browser and the certificate in order to install it and to gain access. And while he's doing so, the administrator can get alert that someone from different region or different IP or suspicious is being flagged now. So this is what we already did, and this product was very successful. It was creating a huge amount of arr back then in 2018. And really soon after, the offer to get acquired by CME happened and the company was acquired in a very big merger and acquisition deal.

Andrew Monaghan [00:10:09]:

So you learned a lot in that iteration of your journey about how Chromium works. All the libraries intricacies, how to tweak it, basically all the guts of what you know or what you need to know, I guess, to make the next big leap for you, which is start Surf and get into this as an actual vendor and build the product. I'm curious, as you and Ziv were sitting there going, okay, we're going to do this, what were the first things you did?

Moty Jacob [00:10:31]:

So first we started thinking about the name Surf. We were thinking that's probably a name that's used by many companies because back then, in the time when I was working in Net Vision, they didn't say, you go in and browsing the Internet, you are surfing the Internet. So for me, using the word Surf was coming into a place. I am also an ex surfer. My co founder son is a very famous surfer, and my in laws are very good surfers and they don't miss any surfing season around the world. So the name comes surf was pretty much the first thing, and we were thinking about Surf and Surf security that make really a reasonable thing about how to do it and how to create. So the first thing is that me and Zev decided that we are going to do so. We were clearing our previous job, clearing the desk. We were trying to do market validation with many people that will be in the future, potential clients. We discussed with them about the idea. There were many people that were skeptic about now replacing and bringing a new browser. We met with several, let's say, security leaders in the market, and some of them were thinking, oh, this is so simple, like why nobody did it until now. And then we explained that Chromium was not ready for building a new browser till now. There are around 28, 27 browser that are based on Chromium. But Chromium back then was not ready to be fork in a way that you can now create your own browser that will have a differentiation from Chromium and the level that we succeed to get in inside Chromium was very good. So we succeed to understand every pips and every biter. So simply by adding several processes inside Chrome, you can create some kind things from security perspective that you can do today. For example, when we ask people what is the worst application, what is the worst experience you have when you are going to work? So many of them mentioned using VDI or RBI solution, they say it's damaging my user experience. I don't understand why the company is giving this tool because it creates the work of going to workday so slow and it takes me a lot of time to fix that stuff. And there are so many vendors that are selling VDI and RBI solution and this is what in many companies are what web browsing is actually being delivered. But if you understand Chrome, you well, you can create on the endpoint, without any servers the same level of security simply by using some sandbox and virtual machine processes before it's actually being rendered on the machine. So you can create the same level of security on the endpoint. And this is something you could have do three years ago. Okay, technically you can do three years ago. So chromi was evolved. And I think that this is where we came and we said, okay, this is very nice feature and technique. Let's take it to the security side and then build on top of it a feature that can now prevent, even if the user go to a malicious website. What we can do on the process. And when I used to work in a security vendor, networking vendor and one of the solution we had was based on DNS and then you define you are allowing people to go to Facebook or Gmail or not and that was a bit not unfair because sometimes people just want to download file from Roblox. They don't want to upload anything. There is no risk to the company. But they want to download the file from the robots because they need it executive needed. So in a DNS solution based on this, you allow it or they don't have access to the space or they have access to the website. What you can do is very granular with a web browser you can define people can access this way you can enable a lot of people go into any website they want and then you can define what will be the consequence. Like person can copy and paste to this website, he can print it, can he download? Can he upload? So most of the use cases we have, for example, people allow people to go to retransfer or to drawbox but they don't allow them to put anything there, they just allow them to download. So it doesn't create any risk to the company probably no, because they're just able to download stuff from drawbox so they can still communicate and collaborate from people and outside. And this is what going back to what I said SSC so you want to be enabler, you want to allow people to go. Especially with millennials, they got used to working in an environment that is they want to use Facebook and TikTok and all the other system while they are on work on the same computer while they can do it. So we can allow with the US browser to go to any website and.

Andrew Monaghan [00:15:20]:

Be enabled if you show it to people when you're showing it to Sisos and potential buyers what's the bit in the demo or the bit in the talk track that makes them stop and go wow, I haven't seen that before.

Moty Jacob [00:15:33]:

Yeah, so there are several peaks moments I think that what make them I need to think about this actually but there are several places that people come and say well one of the things that they really like is hey, I can see my bookmark in Chrome it look amazing, it looks exactly like Chrome. So when people come and see it, that's for them oh, it's just Chrome. So what is the difference here? So they don't see the background and then when they are trying to access Jira or Salesforce or Office 365 and then they are just in and they don't need to authenticate or because we also got an investment from Okta everything that is in Okta portal you can just get in with just saying the name. So we are doing everything in the background so we are making it faster and we are making it much secure and for them it's the same user experience that they used to have. There are several features that again it depends with who you talk. So if you talk with the CIO, they see performance and they can be proactive about things that go in on the endpoint and we give all the metadata and benchmark from the endpoint. But if you talk with CISOs, what they are saying is wow, this is something that really changed a lot of stuff because I can now access or run SAS application much more securely, so I can really define for SAS application every URL. It's not that we are limited to five or six URL. You can do for every URL you can define what is the granularity, what the user can do, you can monitor, you can block, you can allow certain functionalities in the process and this is something nobody can did until now. We can watermark the screen, we can just murate for you. So there is a lot of cool stuff that you can do on the endpoint and when we are meeting with CFOs they are thinking oh, this is interesting, this can unlock some multiple budget for us like you can save me on security, you can save me on virtual desktop, you can send me on productivity. So there are three tools that today I am as a CFO or as a financial I need to take care and when it comes to the CIOs and CTO they are taking it from different and just say okay, there is a very smooth, there is no friction like you have with other old solutions. And this is very good for maybe remote and hybrid work. So people around the world still in hybrid mode working, some of them go full time, some of them work all the time out of work, some of them are consultants like customer services and other use case we have that people have that they need to connect into SaaS services that belong to another enterprise. So we can, for example, mask every filter, so we can mask credit card, we can mask IDs, et cetera.

Andrew Monaghan [00:18:39]:

So I imagine right now that whole cost saving angle, value prop is going to ring very true for lots of companies. I think we've heard that CFOs are getting involved in purchase decisions that they just weren't doing two or three years ago and when money was seemed to be flowing all over the place. Are you seeing that? Is that hitting home with your prospects right now?

Moty Jacob [00:19:01]:

We just recently got out from stealth and we are growing. Especially what we are trying to offer is the technology capabilities and abilities. With many organization we are meeting, they already have an existing set of security tool and for them to handle just the security stack, it's incredibly complex. And the user experience that they feel also as CISOs but also as people, as people coming and approaching them, that it's not the best user experience. So there is a business case for surf in many organizations. So yeah, we are saying that we have a lot of conversions from the first call to the second call. A lot of conversion in this area.

Andrew Monaghan [00:19:47]:

Yeah, I can imagine how you would be seeing that right now. Before we get to the sales side, I've got a list of questions here to get to know you a little bit better. There's 35 questions. I'm going to ask you to pick three numbers from one and 35.

Moty Jacob [00:20:02]:

The first is ten, the other is nine. And the last number is three.

Andrew Monaghan [00:20:10]:

The ten is what's one event in the world you have not been to but would love to attend.

Moty Jacob [00:20:16]:

So I was living in Italy for many years, actually four years, but I never had the chance to be in the Venice Carnival that is actually happening in February. And there is a very good story behind this. In February it's very cold in Italy, especially in the north and Venice. And if you had a chance to be in Venice and I had a chance to be there at least three or four times, it's an amazing city. It's like one of the most touristic place and all over the year there are many tourists. But they found out that during the wintertime, because it's apparently cold, people tend not to be there. So in January and February they're less. So someone come with this amazing marketing idea. Hey, let's take these carnivals that it's coming from the Jewish program that used to be usually in March and the end of February or from the Brazilian Carnival and others, we put like customs and then let's try and make some kind of holiday for this. So they succeed to market it very well as a very good tradition. And now you can see that all over the year. Venice is full with tourists and they have a very good streamline of guests and host there.

Andrew Monaghan [00:21:37]:

I've not heard of that. So it sounds like a great idea, though, to get tourists in the quiet months as well as the busy months.

Moty Jacob [00:21:43]:

Marketing is everything in this area.

Andrew Monaghan [00:21:45]:

Well, since you've talked about things like that, question number nine is what's your favorite season?

Moty Jacob [00:21:53]:

I really like the spring. We're just coming out from I live now in the UK, so generally the winter is a little bit cold, but in the spring the temperature are pretty good. There are some really nice sunny days we can get out, take the kids. We love to go to National Trust places here across the UK, see the countryside, the seaside. I feel much open and much more creative when walking in the nature, through the nature and with the kids. So especially I like the springtime.

Andrew Monaghan [00:22:35]:

I love the springtime. My wife, on the other hand, loves the fall. She loves the colors, the drama of changing leaves into these dark colors. But I love the spring. It's a new beginning, it's the growth buds coming through after the winter. And I don't know, for me it just seems right. Question number three is beach or mountains.

Moty Jacob [00:22:56]:

So, mountains. So I claim several mountains that let's say are Bucano mountains. So I claimed both the Azna and I climbed on the Wazob, which is near aNapoli. So there is a huge difference. For example, in Sicily, in the Aestna, it's amazing. Like you can go and do surfing on a sunny day in the beach of Dormina and then in the same day you can go up and be in minus five degrees with snow and do a ski on the mountain of Aetna up there behind. So up above, it's pretty cold, it's actually frozen. So I had an opportunity to climb on it when it was actually closed for a visitor and it was a bit dangerous experience, but we managed to survive on the Vazob, it's much more calm, it's very touristic area near Napoli. So I am pretty much a mountain, a mountain person. I was doing a trip for a long time in Italy and I had a very good chance to travel across by walk and do hiking on several mountains. And when I was born, I born in a small city in the north of Israel, which is near the common mountains. So going and doing hiking on a mountain that was a step out of my door was one of my favorite ways to relaxation.

Andrew Monaghan [00:24:32]:

Oh, I love that story. I love that you're born and grew up near some mountains right there. I'm in Colorado in the US some mountains are what we're all about. We don't have beaches here, but so mountains for me something about it I don't know is just very special. One thing that is true for everyone I think right now modi in this market is we got about 3300 vendors in cybersecurity, even more who are resellers and integrators. It's a very noisy world out there. How do you think about what you're doing to stand out and be noticed by the right people in this very.

Moty Jacob [00:25:10]:

Noisy market indeed there are many vendors and many vendors out there are very good and they all exist. So there is probably a place for everyone. The thing that I'm seeing that can highlight things is how the value that you create to your customer, what value they were looking, if it's security, if it reduce attack surface fees. This solving a problem that really bother. Them of phishing or MDM or controlling extension or file downloads, the value that you create for them, that's a differentiation. And once you understand what the value that not for me for selling is, what problem or pain that I fix now to a customer and every customer have a different use case. Every customer is in his own domain, is in on word. But when you understand the value that you create, I think that this is something that you can scale and scale fast. And in many ways, a lot of companies that exist today in the security market, they will build a solution for a specific situation. For example okay email or other and I think that what's beautiful in web is that the first thing that you do today when you have a new computer, you install your favorite browser. Browser is more important than any other application that you install. If I now will give you a new computer and I hope now maybe it will change but people got now a computer usually with Windows ten and then the first thing that they will do with the edge is download chrome because people got used to the user experience, the buttons, et cetera. So in my idea we are a platform and we have now a set of features and it's growing every week we are releasing new feature, new capability, we are enhancing and improving existing capabilities and I think that we can touch every aspect of security in one tool. So we are not just playing in the DLP tool, the data leakage prevention, which we have a very good capabilities of everything the user done, the user process, like copy paste. We can do MFA, but we also take on MDM sites. So we can do everything that control the browser itself and the integral system integrals around it. We can control phishing so we can define what are domains that the user is allowed to put his credential and we have out of the box can learn what are the most used application and allow them to be automatically in. So we do a lot of learning and we're trying to enhance and bringing the latest technologies of machine learning into this progress. So just now we have phishing, we have extension management, we have file download and upload control. So we can control if it's going to you allow it to download, if it's going to be encrypted, how it will be encrypted, where the keys will be saved. If you want to scan it before it's downloaded with who you can scan all the file. We can scan just the hash. And we added more and more capabilities. For example, like transactional MFA. So even if you don't have MFA to a native application, we can pop up an MFA for this application just from our system. We have SSH, we have RDP capabilities directly from the browser. So you don't need to install any additional tools except serve. We have web categorization. We have also kind of access allow list and denialist. So you can allow people access just a specific app to a specific area inside this application. This is very good for developers. If you want to allow contractors or offshore developers to go on into a specific repository of your GitHub.

Andrew Monaghan [00:28:57]:

You recently brought on your first salesperson. How did you know it was the right time to do this?

Moty Jacob [00:29:02]:

Oh, this is pretty. So there is evolution of a company that you are in sales mode and then you are moving into you are going usually with people you trust, people friends that give you some feedback about the product. The second phase usually after is to extending the number and you are poaching other people to friends and others that will evaluate your product. So after you receive enough feedback and you think that, hey, this is something we scale and now it's becoming from founders led sales into salespeople that are professional, that's I think the right time to add them. And this is the time we think, okay, we need to hire someone that had an experience of building in a security company from scratch and take it from zero to a specific AR. And this is the way we decided that this is the type of person we need to have. So we hired Steven and did you.

Andrew Monaghan [00:30:05]:

Know Steven already or did you find them through some other network?

Moty Jacob [00:30:08]:

So I found him. The best place to get is from customers. So one of our customer recommended, he sold him to him. So one of our customer, which is a CISO, does listen, if you are looking for someone, he's probably the best. So we are happy to have him with us.

Andrew Monaghan [00:30:26]:

That's awesome. And as he's ramping up right now learning what you've learned about how to sell and how to go to market a position, what surf does, what have you learned about how to do that transition from founder led to sales led to. Enable him to be successful.

Moty Jacob [00:30:43]:

So generally, I don't want to say strict, but we have a very open onboarding, onboarding process because everybody has his own retain, his own pace, and we want that he will succeed. So first we want to make sure that he understand what we are doing and he will create his own page. He will understand what is the value that we are creating. Because again, we are touching in so many areas. Some companies use us, like I told you, just to access customer services, to access information that they have inside the Zendex or NetSuite. So customer services tool, some companies use us for remote work. So he need to understand all of our capabilities and what is the value that we are creating. Once he understand the value, I think that he doesn't need us in the call so he can manage it himself. And to showing a browser, you don't need to be a security expert. You just see the browser. It's with few ticks of the box you can show what are the advantages. And 50% of the feature you can just show in two or three minutes because everybody can see. Everybody use browser. So you can see, okay, this is what you have in normal browser, and this is how you can see it and serve. And when people see it and they see that there is no performance degration, they also really appreciate it.

Andrew Monaghan [00:32:09]:

Yeah, I think essentially what you're saying about user experience and thinking about what you're saying just now, it's a good thing that they see something they recognize. Right. If it looked completely different, the browser looked completely different, it would be a user problem for them, user adoption problem. Then secondly, as people are looking to go, this is completely different to what I was expecting. I thought you said this is going to be chromium. Right. They're almost looking for familiarity to make sure they understand it. Let's switch things right a little bit. Marty, do you have a question for me about the world we're in about building sales teams at cybersecurity companies?

Moty Jacob [00:32:43]:

Yeah, of course. What do you think will be the best approach and go to market to a company like us? After we literally got out from stealth two months ago, we were backed by very good VCs, I think one of the best, like Mango 11.2 and Octave Ventures and a set of angels. What will be our best approach in go to market and scaling the sales team in the United States?

Andrew Monaghan [00:33:09]:

Okay. Yeah. The biggest challenge that most companies have right now is trying to get the attention of senior security leaders. And I imagine you'll be no different trying to figure that out as you bring things to market there's building a buzz around the enterprise security space. So the fact that you mentioned that it's going to attract people to say, I think I've heard about that, is going to really be helpful. Let me figure out how surface difference, you're really kind of keying off what they've already heard about. So there's going to be some intrigue there for them to latch onto. But I know you've also got your own sister network and I think that could be really powerful probably right now, maybe more UK based, based on your experience. But I wonder through that network how you could extend it out to the US. And with a bit of digging around and asking for favors and intros, you probably do pretty well on the back of doing that. That would take time, but obviously no cost way to try and get introductions to more people over here. I think there's also this layer of companies that are between a kind of low level meeting booking company, which in my mind is quite low value, and then the kind of big siso networks. There's probably five or six companies in the US. Which have their own networks of sisos that they work with. And what they do is they take early stage companies to those sisos and they get you meetings one on one with the people that are interested in whatever it is that you do and they charge for that right premium price compared to the low level guys. There's much more value there. And what these companies will be able to do is fast track you into meeting the right people and getting immediate feedback. And the other thing they'll do as well is coach you on how best to interact with their network, what things to say, what things not to say, things like that. And there's a real value to that layer of company. As I said, I think there's five or six of them in the US. That could really make a difference for you. And maybe just tapping into one of those right now might make a difference. As I said, they got different pricing models. They'll charge, some have a monthly fee, almost like a platform fee, and then they charge a little bit more on top for the meetings. Some will be just meeting based, some will also ask for a percentage of a deal, things like that. So there's all different ways to work into, but definitely look into those because they do deliver a ton of value. I think the other way that I would investigate is I don't know how strong it will be, is picking a small number of focused resellers who are looking for the alternative to maybe a couple of other companies in the market right now and they want to go and take something meaningful and something new to their clients. One of the things that's true I think, is that salespeople at resellers tend to be much longer tenured than salespeople at vendors, right? I know some that have been there for their roles for 20 years and through that they build up incredible networks that are really valuable to companies such as yourselves to be able to tap into. So just a couple of ideas there. Is that you meant thinking about how to go by doing that.

Moty Jacob [00:36:12]:

Yeah, exactly. We were thinking always about channel sales and BS direct sales. So really you really helped me with your answer.

Andrew Monaghan [00:36:22]:

Thank you. Yeah, I think the one thing about channel sales is one of the biggest challenges that you're going to have is that these companies, these partners are not short of vendors to work with right now. Right. As I said, there's 3300 vendors trying to get their attention. So you got to think about what you could bring different and more valuable to them as a channel partner. Whatever they do that's going to help them and be different for them, differentiate them, make them more valuable, drive more consulting dollars for them, things like that. Just saying we want to work with them is not going to be enough. The other thing about partners is that, and Steven will probably know this already, is it's not about the company to company relationship so much. It's really the seller to seller relationship because at the end of the day, a lot of the resellers reps view themselves almost like independent contractors. Right. A significant portion of their pay is commission based either on software license margin or on consulting dollars. And it means that they tend to have a view of I'll sell what's right for me and my market and importantly my customers. And that's really who they're most loyal to. And you almost have to go rep by rep and build those relationships, build the trust. And that trust is probably the most important thing for them to think more seller by seller as opposed to channel partner by channel partner.

Moty Jacob [00:37:44]:

Yeah. Thank you. Thank you very much. It's really interesting idea.

Andrew Monaghan [00:37:47]:

Well, look, I've really enjoyed the conversation. Muddy, you're clearly in a great spot in a market that's doing really well right now. If someone wants to get in touch with you and continue the conversation, what's the best way to do that?

Moty Jacob [00:37:58]:

Yeah, so simply go to our website, serve Security, or just ping me over LinkedIn. But just there is fill the form. You can start a free trial literally in one day. You can install and together with one of our AES or Solution engineers, you can install the system across your company. We have a very fast deployment. Some deployments depends if you have a specific IDP already exist, can be less than an hour across all the company. So we simply go to surf security. That's it.

Andrew Monaghan [00:38:35]:

Well, as I say, I wish you all the best this week at RSA. You're in the Early Stage expo. So I encourage everyone to go and see you there and wish you the best for this year and beyond. Thanks, Bonnie.

Moty Jacob [00:38:46]:

Thank you very much. Really appreciate it.

Andrew Monaghan [00:38:48]:

So another fun conversation for me with the CEO of a company, a co founder and someone who was at RSA a couple of weeks back in the Early Stage Expo, had a number of takeaways. Firstly for me was when Monty said about when he was a siso, he thought that one of his primary objectives as a siso was to reduce the attack surface. It was an interesting way to put that. I think I've heard it before, but I think the way he could articulated it and how it governed what he was doing as a soso was kind of important. Secondly takeaway when he was talking about the role and value of an enterprise browser, he brought up a couple of things which hit home for me. One was the whole idea of the user experience and the second one is the idea that it might actually replace tools and therefore save money so user experience wise. So if I went to a company and I'm used to working with something, even the tools I use the most, but even simple ones, right? And then someone said, oh no, we do it differently here. I'd have a reaction to that that wouldn't be positive and be like, oh, that's kind of stupid, I don't understand why we do that. We got to relearn a whole way of doing it. So the fact that he's been thinking about the user experience and making it as close or identical to what they're used to doing anyway is kind of important. And then the second thing about that was the tools replacement idea. One of the core facets of any ROI and of course, we all know right now purchases getting scrutinized by financial people all the time and therefore having a rock solid ROI where you can look at things that can replace real solidity to that I think so important right now. So two different ideas about that that I hadn't heard before. The third thing was around how he found his first salesperson salespeople, and that was he went to customers and said who'd you like working with? And this is an overlooked area of finding great talent, right? And if you got people that your target market wants to do business with, that's a good thing. What often comes with that is good networks and that's certainly something not to ignore. I wouldn't hire purely for that. But having someone who's got a network who's trusted in the community I think is really strong. So I'd encourage anyone to think about doing that with that. It was a really fun episode for me to do and I really wish Surf and Monty the best of luck this year.