Founders Field Guide Podcast: Episode 5 - Abnormal Security

Founders Field Guide Podcast: Episode 5

Today, the 5th and final episode of Patrick O’Shaughnessy’s Founder’s Field Guide podcast aired, featuring an interview with Abnormal’s CEO and Co-founder, Evan Reiser. Patrick and Evan discuss Abnormal’s genesis, how Evan chose to build out the Abnormal team, and how Abnormal functions as an enterprise-grade, cloud-native API security solution.

If you missed them, you can find Episode 1 here, Episode 2 here, Episode 3 here, and Episode 4 here.

Listen to Evan’s segment in Episode 5 here:

For the full episode, head over to Patrick’s site The Investor’s Field Guide.

As before, we’ve included a transcript of Evan’s segment below:

***

Introduction:

This episode was brought to you by Microsoft for Startups. Microsoft for Startups is a global program dedicated to helping enterprise-ready, B2B startups successfully scale their companies. In our five-part mini-series, we’re talking to Evan Reiser, CEO of Abnormal Security about his experience with Microsoft for Startups. In this week’s episode with Evan, we discuss the founding story of Abnormal Security, what it is, what they do and how they got started.

Patrick O’Shaughnessy:

So, Evan, I thought a great place to start would be to have you describe what exactly Abnormal Security does.

Evan Reiser:

Abnormal Security is a next-generation email security platform. We use AI to protect enterprises against targeted social engineering attacks, like supply chain compromise, or fraud, or business email compromise (BEC), which is the number one cyber-crime in the world right now.

Patrick O’Shaughnessy:

Obviously, as the world has moved digital and moved to the Cloud, digital security has become ever more important. I’m always interested in how companies like this get formed, what the origin story was or the founding insight was. Can you describe the very earliest days and what led you to decide to start this business?

Evan Reiser:

So in 2018 when we started, there’s probably a trillion dollars a year spent on IT and that was probably 80% on-premise. And you have to imagine that 10 years from now it’s going to be 80% in the Cloud. So there’s going to be something like $600 billion a year of spend that moves to these new avenues of cloud-based applications. So that was the first one, just enterprise moving to the Cloud. The second one is just the asymmetric impact that AI has had across industries. I think there’s just a big gap between the promise of AI, versus the impact that security and IT executives are seeing in their companies. If you contrast a level of sophistication of AI at Google versus the 1,000s of IT start-ups that claim do to AI, there’s just a big delta there. So I felt like as more and more IT and security systems move to the cloud, there’s a big opportunity for a true AI company to take advantage of that trend.

Evan Reiser:

Then the third thing, which is, I think just a good reason for any company to start is customer demand. We talked to probably 50 Fortune 1000 CIOs before we started. They said that email security generally, and specifically the business email compromise (BEC) was their number one worry. And the fact that it was the number one cybercrime was evidence of there’s some sort of missing solution in the market. Then finally, maybe the shift of enterprises into Microsoft 365 as a platform enabled all the APIs in that ecosystem enabled a platform that could support these new technologies that take advantage of AI to help out enterprise IT and security teams.

Patrick O’Shaughnessy:

Can you maybe put some extra meat around the actual vulnerability here that you’re helping companies protect against? You mentioned the demand, say a bit more about that demand, how specifically? What were their security issues that your product solves for these companies?

Evan Reiser:

Email security is very broad. There are 1,000 different flavors and probably all of us have seen a couple of examples of that. For the most part, there are great solutions in the market today for spam, phishing and malware. The trend we’ve seen in email security is the shift from these bulk attacks, these very personalized, targeted attacks. And so the canonical example of a business email compromise attack would be someone impersonating a CFO or CO of a company, using that person’s identity to trick someone into the organization into paying an invoice by leveraging that social relationship or the implicit trust. Then using that to basically steal money from the company. So that’s the most basic example and they get much more complicated. On the other side of the spectrum, we have very sophisticated supply chain compromise where attackers are breaking into trusted suppliers, vendors, customers, business partners and using the real email accounts of those people, which may not be secure themselves.

Patrick O’Shaughnessy:

Well, that’s terrifying. I’m almost wishing I hadn’t asked, but I’m glad that I did. What is the specific way in which you solve or address that problem? How does the product actually work?

Evan Reiser:

It’s a Cloud-native solution, and so if you’re a customer and you want to deploy our product, you would basically go into your Microsoft Admin portal, you click one-click, that’ll install the product, it’ll authorize us to access all these different APIs that power the product. We analyze the data. We basically build these behavioral models that understand how do businesses work? How do people communicate? What does their supply chain look like? Then every time we see a new email, a new Microsoft Teams Message, a new login, we’ll analyze that against this behavioral model of what we think normal behavior looks like, and when we detect an anomaly or something looks abnormal, we’ll go flag that as an attack. So that understand the normal behavior of business, we can detect these sophisticated social engineering attacks that typically bypass business process and ultimately lead to bad things for companies.

Patrick O’Shaughnessy:

I’m curious how you thought about the early team. It seems like one of those products that you would have to spend quite a bit of time assembling before you went to market with it. So how did you think about that early team and what was important for it?

Evan Reiser:

I think when it comes to building a team, maybe in strategy in general, it’s so important to note, what does it take to win, what are your unique strengths and then what are the gaps? So for me personally, I’m a good recruiter and a good culture builder, but I’m pretty bad at every other job function. So I knew that the purpose of this company was to go create a multi-billion dollar enterprise company to go help our customers. So when it came to the team, I just try to surround myself with the best people possible. And so I went to the person I thought was the number one enterprise investor, who had seen multiple IPOs.

Evan Reiser:

I knew that the best in the world machine learning and AI came from ad tech companies. So we hired machine learning leads from Google, Pinterest, Twitter, and a bunch of other companies, to make sure we had Silicon Valley’s best machine learning team. I hired the CRO who ran sales in the number one email security solution today. I hired the Head of Product who built that solution. Generally, my strategy’s been, find that the best people in the world that understand the customer needs and can build innovative solutions that haven’t been seen before.

Patrick O’Shaughnessy:

So basically you built the Avengers of machine learning from all the other places?

Evan Reiser:

Yeah, that was the goal.

Patrick O’Shaughnessy:

You have an unusual funding story, which you basically never hear. Almost all of the successful companies that you hear, that they were turned down 100 times by 100 different VCs. I think you had a very different experience working with Greylock. Can you describe why you think it went so differently for you?

Evan Reiser:

Generally most venture capitalists and Greylock in particular, want to take advantage of these secular platform shifts. They want to invest in world-class teams, they want to build big marquee companies that can transform industries. So I think there’s a couple of things that gave them confidence. Generally, security is a big market. They saw that customers really cared about this problem. Then I think one question to ask is like, “Well, why now? Why didn’t they just build this company two years ago?” And I think that the big trend is just people moving into the Cloud Office environment and in particular, the Microsoft platform. I don’t just mean as an email security stack, but the whole Cloud Office environment, it creates this new way of accessing data all through APIs.

Evan Reiser:

And so, because of that, this the first time ever that a customer could go deploy this type of solution in a single click and then immediately get value without having to wait. Because the API gives you both immediate access and retrospective access, without having to deploy a box in your data center, without having to change around your mail routing, this was basically a new way of delivering this product to the markets. I think that fundamental shift in how enterprises’ using Cloud Offices, which basically created the opportunity for us to build an AI-powered email security product that ultimately had better margins, faster sales cycles, and probably most importantly, just a more effective product for customers.

Patrick O’Shaughnessy:

To find more episodes or sign up for our weekly summary, visit investorfieldguide.com. Thanks for listening to Founder’s Field Guide.

Related content