Governance & Risk Management , Vendor Roundup , Vulnerability Assessment & Penetration Testing (VA/PT)
New Cobalt CEO Chris Manton-Jones Pursues Enterprise Clients
Manton-Jones Plans to Push Upmarket and Fuel Product Growth With More Self-ServiceNew Cobalt CEO Chris Manton-Jones plans to push upmarket and go after enterprise customers and leverage automation and self-service to accelerate product growth.
See Also: OnDemand | The Evolution from DAST to IAST: Take AppSec Testing to the Next Level
The San Francisco-based Pentest as a Service - or PtaaS - vendor tapped longtime LogMeIn sales leader Manton-Jones to serve as Cobalt's next CEO, following 60% revenue growth and 53% headcount growth over the past year. Manton-Jones replaces company founder Jacob Hansen, who had served as CEO since Cobalt's inception in 2013 and will remain with the company as a board member (see: LastPass: No User Accounts Have Been Compromised).
At LogMeIn, Manton-Jones says he was heavily involved with product positioning and messaging for LastPass and helped scale the password manager business from $10 million of annual recurring revenue when he started in 2015 to $150 million of ARR five or six years later. Manton-Jones' work with LastPass helped prepare him for Cobalt since both tools have the same target audience and buyer persona.
"I wanted to stay in the security space because it's got real relevance and real purpose," Manton-Jones tells Information Security Media Group. "You don't have to look very far in the world to see the importance of cybersecurity in what's going on around us every day and every minute."
Moving Up the Stack
Cobalt has historically been more focused on small and midsized businesses, but it is looking to take advantage of the momentum it's seeing among enterprise customers with more than 1,500 employees, Manton-Jones says. Enterprise customers tend to have a different buying process than their smaller counterparts and expect the sales reps they're working with to have more domain knowledge, he says.
Vendors looking to succeed in the enterprise need to have a sales process that's a little tighter and more locked down since larger firms have higher expectations, he says. Cobalt's customer segments today are 1-50 employees, 51-100 employees, 101-1,500 employees and above 1,500 employees, and Manton-Jones says the company has real traction and a significant volume of business in all four segments.
More than 70% of Cobalt's business is done in the United States today, and Manton-Jones says security buyers in North America are more eager to embrace new concepts. At the same time, there are opportunities for Cobalt to expand geographically in Europe and elsewhere, he says, and it's important for the company to seek out customers in new parts of the world at the right time.
"There aren't competitors that have the same volume and scale and credibility as Cobalt," Manton-Jones says. "We would say quite confidently that Cobalt is the largest PtaaS provider on the planet."
From a product perspective, Manton-Jones wants to pursue new capabilities that Cobalt can monetize and modify the buying cycle to provide customers with more trial opportunities. Trials should increase Cobalt's reach and allow customers to learn more about the product before making a buying decision, while automation and self-service should allow buyers to extract more value from the product, he says.
"Every technology company that's got a fabulous product will look to increase the value that the customer can derive," according to Manton-Jones. "Whether that's exposing parts of the product or new capabilities that may be able to additional value … there are different avenues that we're working through."
The Need for Speed
Manton-Jones says he is impressed by the speed Cobalt brings to the penetration testing process, which with traditional consulting firms would often take months to start but with Cobalt usually begins within 24 or 48 hours. He says the company's biggest competitive differentiator is the Cobalt Core, a group of 350 highly vetted pen testers who work with Cobalt on a contractual basis to assess clients' security.
Just 5% of Cobalt Core applications are approved, and Manton-Jones says pen testers who make the cut are actively nurtured by the company, which invests in their skill sets. The Cobalt Core has a net promoter score of 92, which Manton-Jones says reflects satisfaction with how it is treated by the company and the tasks it is asked to perform.
"We are absolutely disrupting an archaic process that has massive world issues behind it," Manton-Jones says. "What Cobalt has done is just fantastically simple in one sense but also incredibly valuable by providing this marketplace coupled with a technology platform that really provides groundbreaking transparency."
Cobalt's technology is offered in standard, premium and enterprise tiers, with pen tests beginning within three days at the standard level, two days at the premium level and one day at the enterprise level. Premium customers receive a named customer service manager and native integrations with Jira and GitHub, while enterprise clients are eligible for quarterly strategic planning and maturity assessments.
Standard customers pay $6,000 per Cobalt Credit, premium customers pay $6,500 per Cobalt Credit and enterprise customers receive custom pricing, according to the company's website. A Cobalt Credit represents 33 pen testing hours and can be used to assess the security of web applications, mobile applications, APIs, internal and external networks, and cloud services such as AWS, Azure and GCP.
From a metrics standpoint, Manton-Jones says he's most closely tracking delivery, customer experience, customer satisfaction, employee engagement and employee satisfaction. He also wants to ensure the company's growth is sustainable and that Cobalt is retaining its strongest employees, he says.
"It's just totally revolutionary. It's a great application of cloud technology to disrupt an archaic process."