WEBVTT 1 00:00:00.480 --> 00:00:02.130 Michael Novinson: Hello, this is Michael Novinson with 2 00:00:02.160 --> 00:00:05.820 Information Security Media Group. I'm joined today by Dean 3 00:00:05.850 --> 00:00:10.260 Sysman. He is the co-founder and CEO at Axonius. We're going to 4 00:00:10.260 --> 00:00:14.010 be taking a look back at 2022, as well as the look ahead to 5 00:00:14.010 --> 00:00:17.370 what to expect in 2023. Good morning, Dean, how are you? 6 00:00:18.330 --> 00:00:20.070 Dean Sysman: I'm great. Thank you for asking, Michael. 7 00:00:20.930 --> 00:00:23.210 Michael Novinson: Thank you for making the time here. I want to 8 00:00:23.210 --> 00:00:27.560 start off by talking about the $200 million Series E funding 9 00:00:27.560 --> 00:00:31.400 rounds you closed back in March, achieving a valuation of $2.6 10 00:00:31.430 --> 00:00:34.970 billion. What has that investment allowed you to do in 11 00:00:34.970 --> 00:00:35.780 recent months? 12 00:00:36.950 --> 00:00:39.470 Dean Sysman: Great question. You know, from the time we started 13 00:00:39.560 --> 00:00:46.640 Axonius, since 2017, we've grown at one of the fastest pace, a 14 00:00:46.640 --> 00:00:50.660 cybersecurity company has grown, both in revenue and in number of 15 00:00:50.660 --> 00:00:53.750 customers, number of employees. And even we were ranked the 16 00:00:53.750 --> 00:00:57.260 number three fastest growing business in North America over 17 00:00:57.260 --> 00:01:01.490 the last three years by the Deloitte Fast 500. So for us, 18 00:01:01.490 --> 00:01:05.900 funding rounds, fortunately have never happened because we needed 19 00:01:05.900 --> 00:01:09.590 funding, they've always been preemptive, just because we were 20 00:01:09.590 --> 00:01:14.840 a great business. So actually, most of that funding, we have 21 00:01:14.840 --> 00:01:18.530 not really utilized yet, we have a very healthy balance sheet. 22 00:01:18.740 --> 00:01:21.740 But what we've done every year in our planning is to really 23 00:01:21.740 --> 00:01:26.150 think about what's the best and most efficient way to grow, and 24 00:01:26.150 --> 00:01:29.900 not grow at all costs, not try and chase after top line 25 00:01:29.900 --> 00:01:33.020 numbers, but really make sure that we're growing, hopefully as 26 00:01:33.020 --> 00:01:37.970 a business, and continuing to measure our efficiency. Because 27 00:01:38.000 --> 00:01:41.630 that's very important for us with our vision of becoming a 28 00:01:41.630 --> 00:01:44.930 long-term, large, high-growth business. 29 00:01:46.940 --> 00:01:49.473 Michael Novinson: Absolutely. And on that note, I know you'd 30 00:01:49.533 --> 00:01:53.152 mentioned being number three at the Deloitte Technology Fast 31 00:01:53.212 --> 00:01:56.891 500. How have you historically approached responsible growth? 32 00:01:56.951 --> 00:02:00.691 And what steps have you taken to make sure that you're growing 33 00:02:00.751 --> 00:02:04.370 with profitability in mind and not just growing at all cost? 34 00:02:04.000 --> 00:02:07.073 Dean Sysman: I think first of all, there's a lot of metrics 35 00:02:07.140 --> 00:02:11.417 that help you measure if you're growing efficiently or not. Some 36 00:02:11.484 --> 00:02:15.694 of them you can look up online, like CAC Payback Period, or the 37 00:02:15.760 --> 00:02:19.636 magic number. And I think those help you to see how you're 38 00:02:19.703 --> 00:02:23.378 spending compared to your increase in revenue. But more 39 00:02:23.445 --> 00:02:27.455 than anything, it's the question of what is a good engine of 40 00:02:27.521 --> 00:02:31.798 growth that is scalable, that is repeatable, that also makes you 41 00:02:31.865 --> 00:02:35.741 very approachable to your customers, right? There are many 42 00:02:35.807 --> 00:02:39.884 types of growth, some of them cause your customers to be very 43 00:02:39.950 --> 00:02:43.893 happy with the way that you become their vendor, you become 44 00:02:43.960 --> 00:02:47.969 their technology partner, some of them less. And it's really 45 00:02:48.036 --> 00:02:51.444 important for us that relationship you build with a 46 00:02:51.511 --> 00:02:55.119 customer, because in many different kinds of problems, 47 00:02:55.186 --> 00:02:59.463 spaces and many different kinds of categories, the solution that 48 00:02:59.530 --> 00:03:03.806 the customers are looking for is very clear to them. And they're 49 00:03:03.873 --> 00:03:07.615 just picking from a number of competitors. For us, we're 50 00:03:07.682 --> 00:03:11.758 really creating this category, really creating a new thinking 51 00:03:11.825 --> 00:03:15.567 of how people address the problem of understanding their 52 00:03:15.634 --> 00:03:19.777 infrastructure and securing it. And it's very important for us 53 00:03:19.844 --> 00:03:23.653 that our customers are very vocal fans of what we do, and 54 00:03:23.720 --> 00:03:27.729 they're very vocal about the value they get. And another way 55 00:03:27.796 --> 00:03:31.137 that we measure our growth through is how much our 56 00:03:31.204 --> 00:03:35.414 customers promote us, we use a metric called Net Promoter Score 57 00:03:35.481 --> 00:03:39.691 (NPS). And historically - that shifts around by score over time 58 00:03:39.757 --> 00:03:43.834 with variants. But we've always been around 80 or higher than 59 00:03:43.900 --> 00:03:47.843 that. And we're ultra proud of the fact that that's how our 60 00:03:47.910 --> 00:03:49.180 customers value us. 61 00:03:48.480 --> 00:03:50.755 Michael Novinson: I'd like to talk a little bit about that 62 00:03:50.812 --> 00:03:53.656 asset management market landscape. I know you were 63 00:03:53.713 --> 00:03:56.842 referring to yourself as a category creator here. I was 64 00:03:56.899 --> 00:04:00.084 wondering when you do find yourself in a competitive bid 65 00:04:00.141 --> 00:04:03.782 scenario with prospect, who are you most frequently encountering 66 00:04:03.839 --> 00:04:07.252 first off? And then secondly, what do you feel distinguishes 67 00:04:07.309 --> 00:04:10.779 what you're doing at Axonius from some of the other solutions 68 00:04:10.836 --> 00:04:12.600 that customers are considering? 69 00:04:12.000 --> 00:04:14.521 Dean Sysman: It's a great question. So I think when we 70 00:04:14.583 --> 00:04:18.027 started, and we realized this problem existed, it was as 71 00:04:18.088 --> 00:04:21.779 simple as asking, you know, CISOs and CIOs, do you even know 72 00:04:21.840 --> 00:04:25.592 how many devices do you have? And either people would say, "I 73 00:04:25.653 --> 00:04:29.405 don't know." Or they would give, you know, a very wide range, 74 00:04:29.467 --> 00:04:33.280 that means the same thing. And if you don't know why you have, 75 00:04:33.341 --> 00:04:37.216 you obviously can secure it. But that question is so small as a 76 00:04:37.278 --> 00:04:40.845 part of the need to understand and view everything in your 77 00:04:40.906 --> 00:04:44.904 infrastructure, especially today when we have people working from 78 00:04:44.965 --> 00:04:48.594 anywhere. We have multiple form factors, operating systems, 79 00:04:48.656 --> 00:04:52.038 types of assets. Right now, we have devices and we have 80 00:04:52.100 --> 00:04:56.098 identities, we have applications and we have learn abilities, and 81 00:04:56.159 --> 00:04:59.111 we have all these things that are a core part of 82 00:04:59.173 --> 00:05:02.802 understanding. What we have in an infrastructure and making 83 00:05:02.863 --> 00:05:05.754 sure it's secure and operational. So the legacy 84 00:05:05.815 --> 00:05:09.751 approaches to this problem, the reason why it hasn't been solved 85 00:05:09.813 --> 00:05:13.319 is that all the prior solutions have been either based on 86 00:05:13.380 --> 00:05:17.255 looking at the network traffic or trying to install an agent on 87 00:05:17.316 --> 00:05:21.007 everything. And we know those solutions, give you some data, 88 00:05:21.068 --> 00:05:24.143 but they don't solve the problem, right? It's like 89 00:05:24.205 --> 00:05:28.080 opening a box of a puzzle. And having all these pieces be mixed 90 00:05:28.141 --> 00:05:31.708 together. And each control that our organization has, each 91 00:05:31.770 --> 00:05:35.276 control that creates data, whether it's an agent, whether 92 00:05:35.337 --> 00:05:39.212 it's a network system, whether it's an identity system, whether 93 00:05:39.273 --> 00:05:42.594 it's a cloud platform, whether it's a, you know, CI/CD 94 00:05:42.656 --> 00:05:46.408 solution, that's one piece of the puzzle, and the real answer 95 00:05:46.469 --> 00:05:49.237 to what you have in your environment, in your 96 00:05:49.298 --> 00:05:52.866 infrastructure, the real answer to gain that full security 97 00:05:52.927 --> 00:05:56.740 visibility is to take all those different pieces, and put them 98 00:05:56.802 --> 00:06:00.369 together in the right way. And that's exactly what Axonius 99 00:06:00.431 --> 00:06:03.752 does. And that's how it's radically different. We have 100 00:06:03.813 --> 00:06:07.442 over 500 adapters that we come into your infrastructure, we 101 00:06:07.503 --> 00:06:11.255 don't deploy anything new, we just take all the existing data 102 00:06:11.317 --> 00:06:14.269 from your existing infrastructure, your existing 103 00:06:14.330 --> 00:06:18.267 controls, and we know how to put that data together. And when we 104 00:06:18.328 --> 00:06:22.141 started, we were the only ones who took this approach. We were 105 00:06:22.203 --> 00:06:25.401 a unique, innovative new approach. And that's what's 106 00:06:25.463 --> 00:06:29.030 caused us to grow so fast because of the value that brings 107 00:06:29.091 --> 00:06:32.535 to customers. And today, you know, Gartner's coined this 108 00:06:32.597 --> 00:06:36.349 category name for themselves as CASM, you know, cybersecurity 109 00:06:36.410 --> 00:06:39.731 asset and attack surface management. We call ourselves 110 00:06:39.793 --> 00:06:43.668 cybersecurity asset management when we started about five and a 111 00:06:43.729 --> 00:06:47.296 half years ago, and we chose that term because nobody else 112 00:06:47.358 --> 00:06:50.802 had chosen it. And we knew that's how our customers, and 113 00:06:50.864 --> 00:06:54.738 our market thinks about it. And it's become such a big category 114 00:06:54.800 --> 00:06:58.060 so quickly, then many new companies are now trying to 115 00:06:58.121 --> 00:07:01.627 follow in our footsteps. And we're very proud of the fact 116 00:07:01.688 --> 00:07:04.948 that the market is waking up to how important and how 117 00:07:05.009 --> 00:07:06.240 fundamental this is. 118 00:07:07.740 --> 00:07:09.720 Michael Novinson: So, what do you think distinguishes you from 119 00:07:09.720 --> 00:07:12.270 some of the newer competitors who have sprouted up in recent 120 00:07:12.000 --> 00:07:23.991 Michael Novinson: Let's go into the crystal ball here and look 121 00:07:12.270 --> 00:07:12.690 years? 122 00:07:24.263 --> 00:07:40.070 ahead to 2023. Off the top, I wanted to get a sense of the 123 00:07:40.342 --> 00:07:57.239 biggest market opportunity that you're hoping to tackle in the 124 00:07:57.512 --> 00:08:00.510 year ahead. 125 00:08:00.000 --> 00:08:05.491 Dean Sysman: Yeah, so I think this problem, the most acute 126 00:08:05.613 --> 00:08:13.302 surface level of it was devices, right? That's where we started 127 00:08:13.424 --> 00:08:20.502 from. People had no idea what devices they had. And if you 128 00:08:20.624 --> 00:08:26.360 look at almost all the regulatory or compliance 129 00:08:26.482 --> 00:08:34.049 frameworks, the number one, you know, part of it, like the CIS 130 00:08:34.171 --> 00:08:42.103 one, and it's true for SOC 2 for many other compliance frameworks 131 00:08:42.226 --> 00:08:48.938 is you need to know what hardware you have, right? What 132 00:08:49.060 --> 00:08:55.772 are the devices that are connecting to you. But as soon 133 00:08:55.894 --> 00:09:03.583 as we started doing that for our customers, for our users, they 134 00:09:03.705 --> 00:09:11.149 started saying, "Hey, you're already connected to all my data 135 00:09:11.271 --> 00:09:18.716 sources, all my controls. What about looking at identity?" My 136 00:09:18.838 --> 00:09:26.160 identity is fragmented across many different silos. And then 137 00:09:26.282 --> 00:09:33.971 we added that as well. And then they start asking us, "Hey, can 138 00:09:34.093 --> 00:09:40.317 you do this for my vulnerabilities?" And this year, 139 00:09:40.439 --> 00:09:47.395 we launched a vulnerability model that helps you see your 140 00:09:47.517 --> 00:09:54.718 vulnerabilities from every source, and even enrich it using 141 00:09:54.840 --> 00:10:02.284 the asset context. And using the CISA non-vulnerability list, 142 00:10:02.406 --> 00:10:09.729 even knowing how likely it is to get exploited. But then the 143 00:10:09.851 --> 00:10:17.417 biggest thing we realized was - this is true for every part of 144 00:10:17.539 --> 00:10:25.106 the infrastructure, every entity there is relevant as an asset 145 00:10:25.228 --> 00:10:32.428 for security and IT teams. And we even launched a whole new 146 00:10:32.550 --> 00:10:40.117 product that does a huge jump of value from our existing asset 147 00:10:40.239 --> 00:10:47.439 view, which is around SaaS applications. And today, we have 148 00:10:47.561 --> 00:10:54.761 a SaaS management product that is part of that one platform 149 00:10:54.884 --> 00:11:02.450 that even lets you see all the SaaS applications you have, and 150 00:11:02.572 --> 00:11:10.261 what risks are there, what kind of configuration problems, what 151 00:11:10.383 --> 00:11:17.461 kind of security issues, what kind of operational problems 152 00:11:17.583 --> 00:11:25.150 even like spend and usage and rogue IT and shadow IT. So, it's 153 00:11:25.272 --> 00:11:32.228 really important for us to continue to become that system 154 00:11:32.350 --> 00:11:39.062 of record for everything infrastructure, and be able in 155 00:11:39.184 --> 00:11:46.873 one place to give answers around everything. And I think that's 156 00:11:46.995 --> 00:11:53.951 where that this category and this mean, for the customers 157 00:11:54.073 --> 00:11:55.050 will go. 158 00:11:57.580 --> 00:11:58.810 Michael Novinson: You highlighted the number of new 159 00:11:58.810 --> 00:12:01.240 modules or capabilities that you've introduced in recent 160 00:12:01.240 --> 00:12:04.660 years. What's the fastest growing part of the Axonius 161 00:12:04.660 --> 00:12:07.840 business? Which of these modules or features are you seeing the 162 00:12:07.840 --> 00:12:09.010 most growth rounded? Why? 163 00:12:10.320 --> 00:12:12.990 Dean Sysman: If we look at it from a business sense, we sell 164 00:12:13.350 --> 00:12:17.490 as a platform, so we don't differentiate that much in 165 00:12:17.490 --> 00:12:21.420 looking at the difference in growth. But I will tell you, 166 00:12:21.420 --> 00:12:25.620 they're all growing together. Because if you think about many 167 00:12:25.620 --> 00:12:28.260 of the use cases that organizations need, let's take 168 00:12:28.260 --> 00:12:31.950 the example of an employee, a rogue employee, right? Let's say 169 00:12:31.950 --> 00:12:36.300 some employee disappeared, and we're concerned about what 170 00:12:37.020 --> 00:12:39.060 they're going to do with their information, what they're going 171 00:12:39.060 --> 00:12:42.450 to do with their access. And you think about that person, there 172 00:12:42.450 --> 00:12:45.630 are so many different elements that have relationships to each 173 00:12:45.630 --> 00:12:49.380 other that we need to be able to be on top of. So obviously, 174 00:12:49.380 --> 00:12:53.310 there's their device, let's say their work laptop that they 175 00:12:53.310 --> 00:12:55.800 took. And we now need to understand, is that locked down? 176 00:12:55.830 --> 00:12:59.820 Is that still being used? Was that encrypted? But then you 177 00:12:59.820 --> 00:13:02.940 need to understand this person's identity. Is their identity 178 00:13:02.940 --> 00:13:05.970 still being used to access the corporate email or the corporate 179 00:13:05.970 --> 00:13:09.420 resources? And then there's another question of, did they 180 00:13:09.420 --> 00:13:12.210 have any access to any SaaS applications that they were 181 00:13:12.210 --> 00:13:15.000 using? Is there any data there that we need to be on top of, 182 00:13:15.000 --> 00:13:18.330 that we need to be concerned about. So all those things have 183 00:13:18.330 --> 00:13:22.080 relationships to each other. And they work really importantly 184 00:13:22.080 --> 00:13:25.590 together as much as they work standalone. And that's why it's 185 00:13:25.590 --> 00:13:28.800 so important to cover all of them together in one platform. 186 00:13:30.360 --> 00:13:32.280 Michael Novinson: Looking ahead to 2023, what do you feel will 187 00:13:32.280 --> 00:13:34.950 be the toughest challenge for customers as it pertains to 188 00:13:34.950 --> 00:13:35.910 asset management? 189 00:13:35.000 --> 00:13:37.981 Dean Sysman: I think especially in security, and it's true for 190 00:13:38.042 --> 00:13:40.963 everything around IT and infrastructure is in an 191 00:13:41.023 --> 00:13:44.553 environment where we're in a deflationary environment. The 192 00:13:44.613 --> 00:13:47.899 stock markets are not going up, it's likely we're in a 193 00:13:47.960 --> 00:13:51.611 recession, the inflation is very high, and organizations are 194 00:13:51.672 --> 00:13:55.444 going to be very cost-centric. And yet, at the same time, they 195 00:13:55.505 --> 00:13:59.156 would want to continue to grow. And they want to continue to 196 00:13:59.217 --> 00:14:02.381 utilize technology as a competitive advantage. Every 197 00:14:02.442 --> 00:14:05.849 company wants to be a software company these days, every 198 00:14:05.910 --> 00:14:08.953 company has an app, every company wants to acquire 199 00:14:09.014 --> 00:14:12.725 customers in a digital way. So in order to do that, they have 200 00:14:12.786 --> 00:14:16.741 to be secure, they have to be on top of their infrastructure. And 201 00:14:16.802 --> 00:14:20.331 I think one of the biggest things that the market is going 202 00:14:20.392 --> 00:14:24.286 to really become much better at, and I think it's very important 203 00:14:24.347 --> 00:14:27.998 for both the vendor and the customer side to get much better 204 00:14:28.059 --> 00:14:31.588 at, is the return on investment. If they want to look at a 205 00:14:31.649 --> 00:14:35.604 solution, they want to look at a tool. There's all the prior ways 206 00:14:35.665 --> 00:14:39.194 of selling security of the fear, uncertainty and doubt and 207 00:14:39.255 --> 00:14:43.088 saying, "If you don't buy this, something bad will happen." But 208 00:14:43.149 --> 00:14:46.922 I think the right and healthy approach to the market is to say 209 00:14:46.983 --> 00:14:50.755 what's the return on investment? When we're buying this, can I 210 00:14:50.816 --> 00:14:54.467 show this justification to my senior leadership, to my board 211 00:14:54.528 --> 00:14:58.057 that might not be digital or security informed? Can I show 212 00:14:58.118 --> 00:15:01.647 them why this is a very solid, very obvious, good business 213 00:15:01.708 --> 00:15:05.298 decision? And I think every customer and every vendor needs 214 00:15:05.359 --> 00:15:09.010 to get to the point of saying, "Is this an obvious return on 215 00:15:09.070 --> 00:15:11.870 investment that my business wants to take on?" 216 00:15:13.650 --> 00:15:16.080 Michael Novinson: Finally, I wanted to get a sense of your 217 00:15:16.080 --> 00:15:18.390 top priority for 2023. What is it? 218 00:15:18.870 --> 00:15:21.330 Dean Sysman: I think it's very similar to what we've done 219 00:15:21.330 --> 00:15:27.270 before, which is consistently and relentlessly be thinking 220 00:15:27.270 --> 00:15:31.440 about what value do we drive for our customers? Are our customers 221 00:15:31.440 --> 00:15:35.280 really seeing the return on investment that they initially 222 00:15:35.280 --> 00:15:39.420 thought? Are they seeing their return on investment that they 223 00:15:40.140 --> 00:15:42.960 thought that we had talked to them about that they would 224 00:15:42.960 --> 00:15:46.710 achieve? Are they still seeing immense value? Are they still 225 00:15:46.710 --> 00:15:49.950 keeping us as one of their most favorite vendors? Are they still 226 00:15:49.950 --> 00:15:54.360 recommending us or talking to us when they move to new roles? I 227 00:15:54.360 --> 00:15:58.080 think that's the essence of everything. How much value are 228 00:15:58.080 --> 00:16:02.070 people perceiving and receiving from your solution? Obviously, 229 00:16:02.070 --> 00:16:06.750 the other aspect of it is to be as good of an employer as we can 230 00:16:06.900 --> 00:16:10.650 during these times that are challenging in the market. Where 231 00:16:10.680 --> 00:16:14.790 many companies are doing layoffs, many companies are 232 00:16:14.790 --> 00:16:19.020 changing their goals, are changing their future vision, 233 00:16:19.260 --> 00:16:22.560 and we want to be as agnostic and as consistent and 234 00:16:22.560 --> 00:16:26.940 comprehensive as we can in our mission and our vision. And we 235 00:16:26.940 --> 00:16:30.090 try and be unique as an employer. And that mentality and 236 00:16:30.090 --> 00:16:33.600 mission statement that we have of growth of us being the place 237 00:16:33.600 --> 00:16:36.270 where if you want to grow your career, if you want to grow 238 00:16:36.270 --> 00:16:39.840 yourself as a person, we want to give you the most opportunity, 239 00:16:39.840 --> 00:16:43.530 we want to give you the most tools to be able to do that. And 240 00:16:43.530 --> 00:16:46.410 I think it's evident in many ways in our organization where 241 00:16:46.530 --> 00:16:49.770 we have people who started here as the first employee of a 242 00:16:49.770 --> 00:16:52.980 department and now leaves that department with hundreds of 243 00:16:52.980 --> 00:16:53.940 employees under them. 244 00:16:55.500 --> 00:16:57.720 Michael Novinson: Absolutely. It'll be interesting to watch 245 00:16:57.720 --> 00:17:00.780 the space and what you're doing at Axonius, going forward. Dean, 246 00:17:00.780 --> 00:17:02.130 thank you so much here for the time. 247 00:17:02.580 --> 00:17:03.840 Dean Sysman: Thank you very much, Michael. It was a 248 00:17:03.840 --> 00:17:04.320 pleasure. 249 00:17:04.980 --> 00:17:06.930 Michael Novinson: Same here. We've been speaking with Dean 250 00:17:06.930 --> 00:17:11.130 Sysman. He is the co-founder and CEO at Axonius for Information 251 00:17:11.130 --> 00:17:14.580 Security Media Group. This is Michael Novinson. Have a nice 252 00:17:14.580 --> 00:17:14.880 day.