Cyberweek 2021: Navigating the CISO-Vendor relationship


The panel discusses the do’s and don’ts of engagements between CSOs and early-stage startups, the concerns around long integration cycles, the value in quick implementations, and the need to show value quickly.


  • 🚩 Long integration cycles are a big red flag for CSOs when evaluating early-stage vendors
  • 🚀 Quick implementation and the ability to show value quickly are exciting for CSOs
  • 💡 Startups can gain an edge over established vendors by finding gaps in existing products and offering differentiators
  • 📈 Startups have an advantage in being able to adapt quickly to the needs of an organization and offer more value
  • ☁️ The panel talks about the importance of cloud security and the need for organizations to have a defined cloud security strategy.

Transcript (raw)

(00:00) [Music] thank you very much nancy hello everybody um the pleasure being here in cyborg like every week i would like to thank first of all the organizers it’s great to see you all here uh so we are having a an excellent panel now and for this panel we’ll have three highly experienced csos who will sit
(00:30) on my right and three amazing and cyber security entrepreneurs from israel um and basically we’re going to let them fight each other that’ll be for 50 minutes and i i will have uh several questions in multiple areas mainly around the relationship between csos and early state early stage startups the do’s and don’ts of those sometimes
(00:53) complicated engagements and of course we’re going to touch on a few uh specific domains within the cyber security world so without further ado i would like to uh call out to the stage uh the panelists and they will introduce themselves all right so let’s start with introductions starting from you roger
(01:14) thank you for my name is roger hale i’m the chief security officer for big id um we are a startup we’re a u.s and israeli-based start-up my career in technology and security goes for over 35 years operating the security field for companies like informatica symantec brocade communications this is really
(01:37) the world that i’ve chose to live in in the world that i’m passionate about hi everyone it’s a pleasure to be in israel it’s my first time here i’m my name is ryan gurney i’m a cso in residence with wild ventures recently took that position i’ve before that i was a cso at a subdivision of google before that
(02:02) cso at looker which is a data analytics company and then before that i was a cso at zendesk which is a customer support uh platform um it’s a pleasure to be here and i look forward to the the conversation hi i’m andy ellis i’m an operating partner with wild ventures before that i spent uh 21 years at
(02:24) akamai where i was the cso and before that since in israel apparently it’s traditional for founders to always talk about their military pedigree uh i was in the united states air force where i did information warfare for central command all right entrepreneurs hello everyone i’m shiraz omban the ceo
(02:44) of solvo solvo is a platform that manages automatically security configuration for cloud applications automatically based on the needs of every application uniquely it’s like octa for non-human identities hey my name is leo ali i’m the ceo of grip security um we introduced the new generation of sas security
(03:09) technologies allowing organizations to discover what applications they use and how they use them and then govern both data and access governance have data and essays governance capabilities on top of those applications hi i am dotan barnoy i am ceo and co-founder of optimize we do authorization security prior to
(03:28) that i was at a checkpoint i joined after the acquired force knock was the co-founder and ceo at forsknock a prior to that i was one of the two founders of resec in the network security happy to be here excellent so my first question is to you csos what are the things that you evaluate when you start working with an
(03:49) early stage vendor what gets you excited and what gets you concerned so i think that the most concerning thing is long integration cycles that if someone says i’ve got this great technology but as you you start to dig in it’s going to take you you know months and months to actually get it into the environment
(04:10) that’s a big red flag because i don’t know that the startup has the sort of time and energy to cope with my cycle and if their cycle’s already pretty long that’s going to be concerning i get really excited when it’s something i can see value in almost overnight even if i can only see it in a small spot
(04:27) but to be able to see that so i can show it to my peers so they can understand what i’m spending money on so i get a way that i look at startup tech and bringing tech into a company i don’t think is that much different than the way a vc firm actually will evaluate tech for doing an investment at process
(04:47) the life cycle of bringing tech in and operating tech within an organization is could be normally is around three years where you have the first year of where you’re actually doing that implementation that long implementation cycle whatever that time frame is to be able to then identify your success criteria
(05:03) and then being able to start showing the value of the of the technology the second year is where you expand on that to make sure that this is something that you want to have sticky within your environment and the third year is is it meeting those requirements and am i able to maintain it or do i have to look at some
(05:18) type of rip and replace or bringing something else on to gap what i can’t do what i like about working with startups is their speed to innovate and so the feedback loop of identifying things within a new technology to having that come in to actually be able to provide the value that i need to it makes me feel special and different and
(05:40) it allows me to bring in the values that’s contextualized into my organization and how i want to operate and so i see that value with that the other side of that though is i’ve got to make sure that text still going to be around for that three-year time frame and anything from you uh kind of echo this the innovation is really exciting
(06:01) so having been fortunate to work at some innovating innovative companies being able to see a solution that comes in that maybe we haven’t seen before really excites us especially if the founders are very excited about it and then from a practical standpoint i look for solutions that can can it reduce the number of heads that i
(06:20) need in my organization do i need to hire a bunch of people to manage this tool and does it potentially replace other tools more than one tool that i already am paying for those are things that that excite me got it and and probably the same same question from from your side entrepreneurs uh what are
(06:38) the do’s and don’ts of engaging with your first customers if you can share some of your experiences uh around that topic uh i can share a little bit from from my personal experience so it’s not necessarily a do’s and don’ts but it’s what worked and didn’t work for us very often when you find a champion in a
(07:00) big organization uh you feel like they’re going to sprint with you but actually they have their own pace even if this is a solution that that really helps them the a big organization has its own pace of how things work so as a startup even though you found a good champion you need to go and look for another five
(07:21) of those if you want to really validate your product and make sure you’re really on to something so i really like what andy said about having a simple integration of quick integration that doesn’t take time from the team um i think what we find very helpful is the ability to have like a 20 20-minute integration it’s
(07:42) a partial value it’s not all of the value you get from the system uh but as we get questions and and see sales and security personnel ask us about the risk of installing the system we just tell them wait do a small poc it takes 15 minutes you see some of the value you’ll understand the problem that we’re solving
(08:02) and just by having them interact with the dashboard which looks nice because we worked very hard on it and see that the technology actually works we get to a point where we can progress into a larger poc and then a deployment full deployment um and thinking about the the way from the beginning we try to build the product in
(08:23) a way that we can do that and it really paid off amazingly so far yeah so for the early engagement with csos it’s all about listening it’s about getting the feedback for their needs their kind of end-to-end use case how can you help them and working with them towards that goal then it depends of course if you are targeting the
(08:47) enterprise or the mid market or small so it really depends on that the other thing and i think i’m echoing sure here is respect the process uh it it’s not that you’re going to immediacy so he says yes let’s move to the poc and that’s it right tomorrow morning good when he integrated to aws like in two minutes and the fact that
(09:06) integration is going to be 10 minutes or 20 minutes that’s not the that’s not that doesn’t make the difference uh as long as it’s not month and you’re going to build a tent in their kind of office uh the other side of thing is that you need to show the value quick right so you need to um gain that trust
(09:22) so integration needs to be reasonable timing value needs to be relatively quickly and then you can still building more and more of those use cases and work together so another question for the founders it’s always harder as an early stage startup so how can a young vendor gain an edge over more established uh
(09:47) vendors that are competing with you i think that as someone said different is better than better sometimes you need to find the gaps in the existing uh products and how can you make the the buyer’s life easier or better or more secured and get into that gap find a good differentiator we found that automation in decision making can
(10:18) save a lot of time for the security practitioners and we decided to put our edge over there so often i believe you said in one of your podcasts the time for innovation is not when you have customers screaming at you um and i when i look at that when i look at how star startups can move quickly and then they
(10:39) can adapt themselves to the needs of the organization this brings a lot of value to security teams bigger players established players won’t bend for a specific customer unlike startups who are both eager to learn from from the experience of working with the company of an eager to bring more value and they also have the resources to do
(11:01) so and the ability to do so quickly yeah so it’s it’s about the learning right startup is a learning organization you need to do everything quick so the velocity matters so it’s fun for me to be the law so i just can echo stuff and give it back cool um let’s talk about cloud security csos it’s not a new thing right um
(11:24) we’ve been talking about cloud security and the challenges around migration to the cloud for several years now when you look when you look ahead what are the what are still the open issues uh in the cloud open security issues in the cloud and what are the main trends that you are identifying for the next few years
(11:43) thank you for not seeing cyber um just off the just right up jumping right off the off the top on this when everyone starts talking about cloud security they really focus on production production production production right and there’s so much more to cloud security and to be able to truly have that holistic pane of glass
(12:07) and the visibility and what you’re trying to protect from your organization because it’s not just production that may be you know part of your revgen but as a chief security officer the business model our internal people our internal processes that we also have in our own cloud services as well as those that we may
(12:29) subscribe to have just that level of of need that we have to have visibility protection so you know whether it’s our own whether it’s a sas service that we’re looking at we need more visibility transparency we need to actually have more say in the process instead of a contract that says that you take
(12:49) security seriously yeah and and then thinking of production access and thinking of the big cloud providers having worked at companies that built sas platforms on those public clouds for us it’s the challenge of not being necessarily locked into a cloud provider and trying to abstract the security layer
(13:12) up right so there’s really three main cloud providers today you want to be able to have your security architecture and your tooling be able to go across all those players so that you’re you can have that conversation with the cfo if if you need to move some to something else or if you have shadow i.t moving
(13:29) work workflows to a certain cloud that you can support it from a security standpoint and that’s what interests me i think in the cloud we see a similar evolution that we’ve seen with just application programming languages and one of the challenges that security had over the last 20 years is every time developers would build a
(13:49) new platform they’d be like oh we don’t want to develop this in perl anymore so we’re going to be in php and then python and then haskell and then go and they threw out every piece of infrastructure that had been built for the prior language and we’re seeing that same evolution in the cloud you know whether
(14:06) we’re using containers or kubernetes or docker like these this continuous reinvention of the underlying platform makes these security challenges even harder it’s not just aws versus azure versus gcp it’s every one of the deployment methodologies needs to be supported by the users shira i would like to hear your take on
(14:26) cloud security well this is a very a broad question and i think that this is why you have three different companies here that are doing cloud security but are doing very very different things so unfortunately i don’t think there is one solution for all of the problems in the cloud and as an organization you always have
(14:48) to prioritize what in the cloud are your crown jewels and are the more important areas or riskier areas in your application that require a special care besides from the very very good security practices that everyone needs to implement when they write code or with their layer 8 the layer of the users of the people in
(15:13) the organization so i think that the cloud is not really different than on-prem in the sense that it should be protected and luckily today there are plenty of very good solutions that try to automate the the solution for the problem so we can’t we can really avoid the covet related questions so i have a
(15:33) couple i would like to ask the founders what are the general market climate changes that you’ve seen in the past uh 12 months and the differences between uh like pre-covered world and what’s going on these days and even if you can imagine the uh the near-term future so uh the last six to twelve months i
(15:56) don’t think we saw a lot of climate change because we were stuck at home and this is kind of a new way of doing business so i think a lot of salespeople are really sad because everyone was doing their quarter but not traveling as much and that’s kind of proved to us that you can have a relationship a distance relationship and
(16:15) still create trust test solutions it requires the different vendors of course to adjust themselves to have a solution that can fit that but i think this will probably be the way business will be done down the road so things will open up they’re going to be meeting meetings and then we’re going to travel
(16:37) to i guess las vegas now is rsa and we’re going to immediate blackhead and so on and here but there’s going to be a fundamental change in the way we consume those solutions vendors csos organizations and how we test them and and for me that’s actually good i think this uh in certain way kind of leveling the
(16:58) plane between us and the huge kind of checkpoint in palo alto and all of those so i have a flight to san francisco tonight and it’s funny because next week i’ll have less half of the amount of cso meetings customer meetings that i used to have compared to working from home using zoom going abroad you
(17:17) need to spend time driving from location to location have buffers for your meetings and you can meet with less customers and sitting at my kitchen at home with a virtual background and talking about grip um it doesn’t mean we should not go and meet customers face to face i think this week as well was an amazing
(17:38) opportunity to meet many of the people that have been talking with for the last year or so but it changed the dynamics of how you you build relationships um looking specifically at security and what we do i think for many many startups it presented an opportunity because not only sales processes were changed
(18:00) but the way just employees work is different now so it is expected from bigger companies to allow employees to work from the home environment which resulted in a lot of a new security needs that need a solution and i don’t think legacy solutions are capable of handling those so i’m sure it would create a new array
(18:23) of exciting security startups that will come up in the next few years and i think we have some some of those here as well maybe to sum up everything that was said here so far yes we learned that we can make business over zoom but we’re human beings and we still want to meet each other in person and the relationship that we create with
(18:45) one another when we meet for coffee or when we take a trip in tel aviv is so different than the many times that i met some of the people here only over zoom so it’s a it’s a chance to strengthen our muscle of building a digital relationship but also i think that all of us really missed meeting people in person and creating a
(19:08) different kind of relationship and how does that how does that look from the buyers side what what have changed if at all so some interesting metrics in this area from having to operate and i operate not just information security but also i.t in my role a lot of the it operational functions the productivity has actually gone up
(19:36) with work from home um but i think part of that also falls through that the the hours of the day that you actually work are have kind of blurred over that same time frame because now you know everyone is a little bit more of a disparate workforce instead of showing in clocking in starting your business day meetings
(19:54) start at nine um you know in my role i’m operating on tel aviv time i’m up and on on east coast time west coast time and so it’s spanning out the day but i don’t have that travel time and so that i can actually integrate more of that time my teams can integrate more of their time to be able to be available
(20:13) where which is where we see that the operational efficiencies and the productivities go up uh at the same time the where we are missing that face-to-face component which is what builds the trust and builds the relationships that really build those teams together this is the first international flight
(20:31) i’ve had since cybertech last year and so you know this is the first time to get out um to to be able to reach out and actually talk to people face to face you know my engineering team here in tel aviv to actually be able to work with them directly and where we we have we we have more efficiencies in that time
(20:50) frame i had some amazing conversations this week that i would not have been able to have over zoom so there’s the pros and cons on both sides of it you got to measure that operational efficiency with that the team building and the ability to maintain the the staff and and that trust i would just add that
(21:10) you know it’s this pandemic’s given everybody an opportunity to look internally of how they support remote work uh and adjust that helps with recruiting obviously with folks but it’s also helped look at sas applications as viabilities for some businesses that may not have looked at that as much in the
(21:32) past and i think you’ve seen an uptick in management saying what does our bcp plan look like lately that this pandemic along with ransomware makes people look at these things so i think it’s preparing companies for a future i think there’s an opportunity going forward i agree with everything said so far so i’m not
(21:51) going to repeat that but to focus on how to do distributed collaboration in your technology rather than relying on the face-to-face collaboration hey look at this thing i just saw on this console well ryan and i are now in different continents and i want to be able to share what i saw with him and how does
(22:07) that happen like is it something i can even screen share over zoom or is your font so tiny that that’s useless i think there’s a lot of opportunity to look forward and say how do i make my tool the center piece of somebody’s collaborative environment rather than something nobody wants to show because
(22:26) like you can’t look at it yeah um this one is for uh dutan continuing on you know kovid and work from home have you seen any changes to the identity and access management field what have changed are things are more complicated these days you know in terms of managing identities and managing access of
(22:48) employees and entities in general to corporate assets yeah so we saw change of course and i remember a conversation i had with a csu in new york about attribute based access control and he said everyone is working from wherever what’s the meaning of attribute so if they’re not in the office and they’re in
(23:07) jersey shouldn’t they do the same work now because they can’t come come to the office so that’s one thing the other thing i think i think the last 10 years were all about the authentication we talked about kind of octa is maybe one of the big winners but we like to say zero trust i think we haven’t said zero trust yet so
(23:26) zero trust now we have a v on the zeros right so um so you wanna design things from the inside out you wanna have your crown jewels you already have your identities now the question is the map between them so now i don’t trust you i verify that you already say you are now i need to assign to you the right
(23:42) access policies to the asset so i need to understand my assets as well so companies like big idea and other companies kind of give me that side of the map octa azure active directory and so on give me that side of the map and what we we saw and this is kind of what optimize is coming to solve is the
(23:56) connection between those so i think there is a challenge now that is beyond just the authentication and verifying that you always say you are just mapping the assets now we can not long we can’t just rely on uh having you say you are and i’m going to do an attribute base you’re in the office so you should get
(24:15) if you’re out of the office you’re going to get why so that’s a major change any uh additional observations from the cso side yeah yeah and especially after what you just said and by the way i’m always shy and don’t have anything to say ever um the the the coveted challenge in the middle of that is the fact that as we’re
(24:37) distributed workforce we don’t have centralized i.t for distribution you know come to the office come down have that so as you’re doing that you’re talking about how do you authenticate across that process you’re seeing a large shift of uh bring your own device or you know what can you get because supply chain is
(24:54) very challenging right now and you know can you get the equipment that you need to be able to do this even for the cloud providers and so that that ties into even being able to go across hybrid cloud and more disparate cloud to be able to operate those services and then how are you actually going to
(25:10) manage the authentication across that because you can’t go all in with native one cloud and you can’t go all in with this is this is the hardware that i can buy for my entire company and i can and i can bring it out and distribute it because it’s not available i was pretty fortunate because at akamai
(25:26) we’d already made the pivot to a zero trust environment where we’d built this 19-story skyscraper headquarters in cambridge that we occupied for a hundred days um but we built it as a starbucks like it was wi-fi open to anybody and we had to authenticate and authorize everybody continuously so when covet happened it
(25:47) was a non-event for us the there was no worries we just in fact the it team was more worried than i was because they’re like we have to test before we send people home and i’m like we test all the time anyway like every time there’s a snowstorm nobody comes into the building and so having that deliberate plan made
(26:04) covet easier for us and i think there’s more opportunity for people to think about resilient architectures although i guess they got to think a lot about it for the last 15 months let’s switch topic and talk about data security another uh hot space that we see a lot of activity among entrepreneurs and i would like to start
(26:27) with you roger as a a ciso of large enterprises and also now uh cso of a vendor in this space what are the main main opportunities for entrepreneurs to do something unique and interesting around data security one of my favorite soap boxes th this really the the pandemic in kovid um really brought this to light because
(26:54) now as we’re talking about different services running in in disparate types of cloud scenarios not just a different type of sas that has you know the the regular standard enterprise hooks within it to operate is you know that shift in conversation around is it an identity on a person for access or are you first starting looking at the
(27:17) data and risking and putting doing a risk assessment of the data to understand what this data means to you if it gets out how do you protect that but also looking at where that data is migrating to whether it’s from a human identity whether it’s from a digital identity because no data stands alone no system stands alone the value
(27:37) of data is being able to do that analytics and the computation and then sharing that information across systems to distribute it to actually bring your business model together so the data has to travel access to that data has to change and the risk and the value of that data changes based upon the systems that it’s
(27:54) in based upon the access and the decisions that are being made based upon that data so the opportunity when you’re talking about data protection is really especially with the pandemic especially with privacy and healthcare coming in to be more forefront during the same time frame gdpr coming right before
(28:13) the healthcare conversation to understand that data protection isn’t a information security conversation alone it’s a data governance conversation it’s a data privacy conversation and how you operationalize that creates the efficiencies the operational efficiencies that we look to startups to bring in
(28:34) looking at ways of how to do things better be more efficient to give us faster access to that data so we can make better decisions faster ryan what you what were your uh main issues around the data security sure yeah um well as as cso’s for myself and if i’m thinking as an entrepreneur we still struggle as csos with creating
(28:59) policies that are written on documents that maybe we can’t monitor and enforce very easily so if you think about a business idea in that area that’s a great great area the second area is there’s business processes that either people struggle to do and are rife with error or they don’t want to do in security and that’s an area right for
(29:20) innovation in general but if i think about one of those is a topic like information classification right being able even to know what should be classified how it should be classified where my crown jewels are was a struggle many years ago and now we have some interesting innovative tools out there that are coming to the market
(29:42) that i would have loved to have years ago that are available to us now so in general i think we’re getting better at this topic because of the tools and the innovation but it still becomes it’s still a challenge to manage it especially when we think about access to the data and where it can get exfiltrated to especially into sas apps
(29:58) and otherwise uh lior i would like to ask you as the ceo of a sas security company um casby has been with us for years um protecting sas applications so what are the what are the trends that you identified in the last year or so that made you realize that a new uh a new solution is required what has changed
(30:25) sure thank you so i’ll start with the a topic that relates to the data protection question and data today is not only stored in databases of the company it’s traveling around between employees third party vendors which are sas um and servers and whatnot and there’s a game i always suggest people to play open your
(30:45) downloads folder and see how many business critical files you have though i know i have some because every time i need to consult with the company’s budget i go to my download folders and search there instead of going to the budget in the network drive but then do the same thing on your private device
(31:03) and what you’ll realize is that if someone left his computer uh at work and came back and and had a business meeting they would download the presentation before before presenting it and they would not delete this presentation afterwards so the data is moving around outside of the company’s perimeter
(31:21) always um when we look at sas applications sas application uses is growing tremendously for the past 10 years and it’s expected to continue to go for the next 10 years so the average enterprise today uses over 300 applications um when we meet with bigger organizations that probably sometimes use 1500 applications
(31:42) and many of them are used for business critical purpose and i think over 50 percent of them like the top the top 10 will always be secured and they would be connected to to an idp to octo and equivalent but as you go out to the marketing teams and the customer support teams and the security team as well
(32:02) you realize that 50 of what they use is not properly governed configured not even visible to the vendor secure vendo assessment team um and and when we wanted to come in we wanted to help companies understand what they use who is using the applications and add additional layers of data and access governance to those
(32:26) because the challenge casbis are failing to cover is being able to govern applications that enterprise scale being able to actually get a grip on the application and the usage um and there’s a huge gap there that we’re not the only ones we’re trying to solve and i don’t think would be the only solution that would be
(32:44) used to solve the entire problem but we’re building something that would fit into a suite of solutions that will help solve this ongoing on ever-growing problem of sas uh questions to the cso then i would like to ask on behalf of the entrepreneurs that are in the audience ideating thinking about what’s next how
(33:08) can i build a big company in the future can you name one or two domains or problems that you think that big companies can be built on top of them if you solve those problems in the right way grc and third-party risk management i think the third-party risk management space is right for disruption and it could be disrupted from the grc
(33:33) side rather than from the acquisition side i think right now everything comes in from the acquiring companies perspective and there’s a place for the people who are selling their services to be able to solve that problem instead all right it’d be good to clone humans that would help for security professionals but
(33:52) if we can’t go there um i think an area that’s interesting is incident response and around how you manage an incident and a security breach especially when we think about ransomware we think about nation states often at companies i’ve been at you you have your incident response plan it’s ready to go you don’t practice it
(34:13) enough you don’t deal with the situations that you sometimes hear in the news enough and it’d be great to have a platform that helped manage that a little bit better including communication to customers internal dialogue with lawyers you know some level of chat so i think there’s an interesting area
(34:29) there to speed up incident response so andy and i are running our buzzword bingo card up here so um you know the buzz term is continuous compliance um i have to agree with you know the supply chain what the true supply chain is with that you know and actually start taking supply chain and learnings that you have
(34:49) from physical chain and hardware bringing that into the software world but continuous compliance and and but forget about oh i can do sock too because there’s a lot of people that can do that right now take compliance from my position because my compliance is i have to i need to audit once and i need to attest
(35:09) many to disparate regulatory compliance and industry compliance around the globe so bring me something that can actually help me with that that will tie in with the third party as well this is a huge open market and the other one that i want to throw out there as well is give me some portable dynamic
(35:25) masking so that i i can carry with me from system to system to enforce those policies that are right now just written on paper those would be some great areas and when you’re thinking about this the last thing i want to say on this one is if you want to talk to me about it don’t start with well this is the industry conversation
(35:45) my question back to you is going to be what problem are you solving contextually for me not what problem you solving for the for the industry so much but are you looking at this for the way that operators looking at this and let me help so let’s let’s switch gears a little bit and talk also about investors and the relationship between
(36:09) founders and investors and this is a question for you founders what are the main differences in your pitch or the way that you describe yourself and your company when you talk with the prospective investor and when you talk with a prospective customer what are the key highlights that you uh puts in each different conversation
(36:32) i think that uh for for from the prospect point of view they want to understand how can i help them today or in the near future to solve a real pain that they’re having right now whereas the investor would probably like to know uh how am i going to become the next unicorn how can i execute my vision to innovate
(36:56) a specific domain where i work and how am i different than all the other entrepreneurs who want to do the same i think what’s very important for for investors at this stage is traction understanding from you how you experience your relationships with different uh prospective customers and potential customers and
(37:20) i don’t think csos care about maybe they do they they want customer recommendations from other csers that work with you but they don’t care how fast they integrated you how many of them exist and what is the cell cycle you had with with different customers in the pipeline unlike vcs who i think this is mostly what they care
(37:43) about at this point this is also look at how you build a company so can you hire a team can you attract talent can you convince potential executives to join your company and again for for cesars it’s not it doesn’t matter as long as the product is working it always does but they won’t ask you about it
(38:07) um i would say in both cases you are building trust right you’re building relationship but in the case of a vc you’re building a trust you know and you’re telling a big story right now it’s not a problem sarah mentioned you want to solve tomorrow morning it needs to be a big market it needs to be a growing market
(38:24) the team is interesting there’s a lot of kind of parts into kind of the relationship you’re building and they’re trusting your kind of view of where things are going when you’re meeting a prospect uh and you’re you’re building the trust the credibility you have the discussion but it has to get down to the demo i
(38:41) remember this slide that used to be shut up and get to the demo right or something like that get to the really talk about lot like don’t start your 50 minute out of 30 minutes or 15 minutes about the industry and the trends and and storytelling about general things get down to the point let them understand listen to them to
(39:03) their needs and let them understand where you’re coming in and i think it’s tapping into the something we mentioned previously the difference between a startup and you’re not going to be in a large vendor you’re not going to replace a solution because you’re doing something one percent better it needs to be
(39:20) meaningful it needs to have a there’s a lot of problems that need to be solved right you need to tap into something that has an urgency to be solved and it’s a different discussion all together gentlemen you you three were both hats in your uh career so i would be interested to hear from your perspective what are some
(39:40) common mistakes or pitfalls when you engage with entrepreneurs both as prospective investors and prospective customers i think the the biggest mistake that i’ve seen from the entrepreneur side is trying to walk in and sell yourself rather than your your product and your company right there’s a lot of entrepreneurs
(40:03) who’ll walk in and they want to tell you well here was my first and you’re talking as a prospective customer effective customer effective right when when as an investor that’s what you want to know you want to know that this human can execute as a customer you want to know that this product will work
(40:17) because i’ve met a lot of people who were brilliant great history but their product didn’t work and that’s what i want to get to as the buyer i want to know does the product work whereas as the investor you don’t have a product i want to know that you are going to get to a good product and hopefully
(40:34) that is the right fit yeah as the cso and as the buyer sometimes it’s frustrating when popes come in and they don’t understand the actual problem like they haven’t articulated the problem and then why they’re innovative in that space and why and understanding my business and the risks that i care about
(40:53) if you can articulate that really quickly then you start getting tuned out a little bit and then the second part of that is i want to see your product many csos i think are visual we want to see what it looks like how does it help me and sometimes we wait too long to show a demo and we talk about the theory before we get to
(41:13) what it looks like um and so those are a couple of things by powerpoint and we’ve only got three minutes left so i don’t know i can go through all the mistakes i’ve made there’s more than that um the when you’re talking to vcs when you’re talking to customers one of the then you’re trying to sell yourself
(41:36) and sell your product one of the biggest mistakes that i see being made is you tell them right don’t don’t tell a vc because he’s the one writing the check right he and he’s really good at knowing what tech’s out there that’s why he has a checkbook the csos we’re paid to know what our company needs and what our risks are
(41:59) don’t tell us sit down and have a conversation with us right let’s let’s talk about why this is important um and again that’s like what problem can you help me solve not what problem you that that everyone else is having and why this is important to them how do you think about that problem you know it’s to ask you to not
(42:22) step you know not step on your toes but to be able to get to that conversation and get that trust and that that shared communication how do you see the problem and what is the approach that you’re taking and create that relationship and that engagement of communication to be able to then you know expand not
(42:39) just on what you see today as an entrepreneur or what i see today as a season of what i need you know and where i’m going to to ofer going hey what do you got out there because i have a gap here but you know be prepared to take it way beyond that starting point and have that conversation and understand it’s a shared vision and
(43:00) a shared conversation agreed um continuing a follow-up question about investors what are the main aspects in which you as entrepreneurs can leverage your investors and working new investors help the most uh for you to to buy to build a big company so i actually uh been in the industry for a while so i can say there was a
(43:28) shift in the few five years kind of the discussion of the board meeting the way it’s kind of uh you have an investor and they were like a committee that checks up on you every once in a while and then it changed it was a shift for an investor as a strategic partner that helps you and then you most of them
(43:48) our discussion with our investors start with our ask what we need and it’s usually around uh more connection to customers to partners it could be around in israel now it’s extremely hard to do a talent acquisition so it’s that’s a very competitive domain now so that’s something they help with um and i think the vc role
(44:08) they kind of got that and that’s part of the role they’re playing now and this is what part of what they are selling to companies right that becomes a different while knows it quite well you have very substantial uh connections uh cesar connections so i i would probably argue that today it’s a market for you buying a vc
(44:31) kind of you you need to choose the vc that shows you that they can generate the value that you need in the early stage then after afterwards right when you grow so obviously has a lot of experience and i think entrepreneurs should leverage their experience both to meet with customers and find a vc that is able to introduce
(44:49) them to customers but also do the little things like review a presentation before you present it to another investor or to help you pronounce the right called outreach email to a customer um there’s a lot a lot of things that could be done and i think you should leverage your investors for them i think that the most important thing
(45:11) when you choose your your strategic investor is to make sure that it’s the right partner for you i believe in personal relationships and it should be the right person you would feel comfortable calling and talking about the really nasty stuff that happened to you not only the nice stuff about the great customers
(45:31) and the great feedback that we’ve been getting but to talk about the things that you feel less comfortable talk about and to get the right advice at the right time and we’re we’re just out of time so with that i would like to thank you very much to the panelists thank you and have a great conference thank you very
(45:50) much