Founder’s Field Guide Podcast with Evan Reiser - Abnormal Security

Founder’s Field Guide Podcast with Evan Reiser

Evan Reiser, CEO of Abnormal Security, was just featured in Episode 1 of Patrick O’Shaughnessy’s new podcast Founder’s Field Guide.

Patrick has captured the world’s best business knowledge in a podcast Invest like the Best. ILTB has been downloaded more than 15M times and chosen as one of the five podcasts to listen to by the Wall Street Journal!

This latest series is the Founder’s Field Guide, where Patrick is hosting the best founders and  CEOs in the WORLD to learn about how great businesses, such as Abnormal Security are built.

You can listen to Evan’s segment here:

For the full episode, head over to Patrick’s site The Investor’s Field Guide.

For those of you who would prefer to read, here is the transcript of Evan’s segment:

***

Intro:

This episode was brought to you by Microsoft for Startups. Microsoft for Startups is a global program dedicated to helping enterprise-ready, B2B startups, successfully scale their companies. In our five-part mini-series, we are talking to Evan Reiser, CEO of Abnormal Security, about his experience with Microsoft for Startups.

In this week’s episode with Evan, we discuss the founding story of Abnormal Security, what it is, what they do and how they got started.

Patrick O’Shaughnessy:

So Evan, I thought a great place to start would be, just to have you describe what exactly Abnormal Security does?

Evan Reiser:

Abnormal Security is a next-generation email security platform. We use AI to protect enterprises against targeted social-engineering attacks, like supply chain compromise or fraud or business email compromise, which is the number one cybercrime in the world right now.

Patrick O’Shaughnessy:

Yeah. So obviously a ton more, just as the world has moved, digital has moved to the cloud, digital security has become ever more important. I’m always interested in how companies like this get formed, what the origin story was or the founding insight was. Can you describe the very earliest days and what led you to decide to start this business?

Evan Reiser:

So in 2018, when we started, there was probably a trillion dollars a year spent on IT. And that was probably 80% on-premise. And you have to imagine that 10 years from now is going to be 80% in the cloud. And so there’s going to be something like $600 billion a year of spend, that moves to these new cloud-based applications. So that was the first insight, enterprises moving to the cloud. The second one is just the asymmetric impact that AI has had across industries. I think there’s just a big gap between the promise of AI versus the impact that security and IT executives are seeing in their companies. If you contrast the level of sophistication of AI at Google versus the thousand IT startups that claims to AI, there’s a big delta there. So I felt as more and more IT and security systems move into the cloud, there’s a big opportunity for a true AI company to take advantage of that trend.

Evan Reiser:

And then the third thing, which is, I think just a good reason for any company to start, is just customer demand. We talked to probably 50 Fortune 1000 CIOs before we started. They said that email security generally, and specifically the business email compromise, was their number one worry. And the fact that it was the number one cybercrime was evidence of there’s some sort of missing solution in the market. And then finally, the shift of enterprises into Microsoft 365 as a platform, enabled all APIs in that ecosystem, enabled a platform that could support these new technologies that take advantage of AI to help out enterprise IT and security teams.

Patrick O’Shaughnessy:

Can you maybe put some extra meat around the actual vulnerability here, that you’re helping companies protect against? You mentioned the demand, say a bit more about that demand. How specifically? What were their security issues that your product solves for these companies?

Evan Reiser:

So email security is very broad. There’s a thousand different flavors and probably all of us have seen a couple of examples of that. For the most part, there are great solutions in the market today for spam and phishing and malware. The trend we’ve seen in email security is the shift from these bulk attacks to these very personalized, targeted attacks. And so the canonical example of a business email compromise attack would be someone impersonating a CFO or CEO of a company, using that person’s identity to trick someone inside the organization to pay an invoice, by leveraging that social relationship or the implicit trust. And then using that to basically steal money from the company. So that’s the most basic example and they get much more complicated. On the other side of the spectrum, we have very sophisticated supply chain compromise, where attackers are breaking into trusted suppliers, vendors, customers, business partners and using the real email accounts of those people, which may not be secure themselves.

Patrick O’Shaughnessy:

That’s terrifying. I’m almost wishing I hadn’t asked, but I’m glad that I did. What is the specific way in which you solve or address that problem? How does the product actually work?

Evan Reiser:

It’s a cloud data solution. And so if you’re a customer and you want to deploy our product, you would basically go into your Microsoft admin portal. You have one-click, that will install the product, it authorizes us to act as all these different APIs that power the product. We analyze the data. We basically build these behavioral models that understand, how do businesses work? How do people communicate? What does your supply chain look like? And then every time we see a new email, a new Microsoft Teams message, a new login, we’ll analyze that against this behavioral model, what we think normal behavior looks like. And when we detect an anomaly or something that looks abnormal, we’ll go flag that as an attack. And so I understand the normal behavior of business, we can attack these sophisticated social engineering attacks that typically bypass business processes. And ultimately lead to bad things for companies.

Patrick O’Shaughnessy:

I’m curious how you thought about the early team. It seems like one of those products that you would have to spend quite a bit of time assembling before you went to market with it. So how did you think about that early team and what was important for it?

Evan Reiser:

I think when it comes to building a team, and the strategy in general, I think it’s really important to know, what does it take to win? What are unique strengths? And then what are the gaps? So for me personally, I’m a good recruiter and a good culture builder, but I’m pretty bad at every other job function. And so, I knew that the purpose of this company was to go create a multi-billion dollar enterprise company to go help our customers. And so when it came to the team, I just try to surround myself with the best people possible.

Evan Reiser:

And so I went to the person I thought was the number one enterprise investor, who had seen multiple IPOs. I knew that the best of the world machine learning and AI came from ad tech companies. And so we hired machine learning leads from Google, Pinterest, Twitter, and a bunch of other companies, to make sure we had Silicon Valley’s best machine learning team. I hired the CRO who ran sales in the number one email security solution today, hired the head of product who built that solution. Generally my strategy has been, find the best people in the world that understand the customer needs and can build innovative solutions that haven’t been seen before.

Patrick O’Shaughnessy:

So basically you built the Avengers of machine learning from all the other places.

Evan Reiser:

Yeah, that was the goal.

Patrick O’Shaughnessy:

You have an unusual funding story, which you basically never hear. Almost all of the successful companies that you hear, that they were turned down a hundred times by a hundred different VCs. I think you had a very different experience working with Greylock, can describe why you think it went so differently for you.

Evan Reiser:

Generally most venture capitalists, and Greylock probably in particular, they want to take advantage of these secular platform shifts. They want to invest in world-class teams. They want to build big marquee companies that can transform industries. And so I think there’s a couple things that gave them confidence. Generally, security’s a big market. They saw that customers really cared about this problem. And then I think the one thing that… One question that’s going to be asked, “Well, why now? Why didn’t they just build this company two years ago?” And I think that the big trend is just people moving into the cloud office environment and in particular, the Microsoft platform. And I don’t just mean as the email security stack, but the whole cloud office environment, it creates this new way of accessing data all through APIs.

Evan Reiser:

And so because of that, there’s the first time ever that a customer could go deploy this type of solution in a single click and then immediately get value without having to wait. And because those APIs give you, both immediate access and retrospective access, without having to deploy a box in your data center, without having to change around your mail routing, this was basically a new way of delivering this product to the markets. And I think that fundamental shift in how enterprise using cloud offices, that basically created the opportunity for us to build a AI powered email security product, that ultimately had better margins, faster sales cycles, and probably most importantly, just a more effective product for customers.

[Closing]

To find more episodes or sign up for our weekly summary visit investorfieldguide.com. Thanks for listening to Founder’s Field Guide.

Related content