He quit Google with no startup idea, raised $50M from Sequoia with no revenue— & grew to 8 figures in ARR. | Dan Lorenc, Founder of Chainguard Artwork

A Product Market Fit Show | Startups, Founders, & Entrepreneurship

Every founder has 1 goal: find product-market fit. We interview the world's most successful tech founders on the 0 to 1 part of their journeys. We've had the founders of Reddit, Rappi, Cohere, Glean, Huntress, ID.me and many more.

We go deep with entrepreneurs & VCs to provide detailed examples you can steal. Our goal is to understand product-market fit better than anyone on the planet.

All Episodes

A Product Market Fit Show | Startups, Founders, & Entrepreneurship

He quit Google with no startup idea, raised $50M from Sequoia with no revenue— & grew to 8 figures in ARR. | Dan Lorenc, Founder of Chainguard

October 11, 2024 • Mistral.vc • Season 3 • Episode 59

This episode is going to piss you off. Most founders struggle to raise their first few million. Many have to bootstrap for years. Even once there's revenue, many get rejected because they're "too early".

Dan had dozens of VCs asking to invest before he even quit his job. He raised his first $5M with no deck, no story, and no product idea. All it took was two founders who wanted to build something in the security space. To add fuel to the fire, 6 months after he incorporated, he raised a $50M round from Sequoia... with no revenue!

He didn't pitch dozens of VCs. He didn't create a deck. He just spoke to a partner at Sequoia and had a term sheet in 3 days. The reasons are part macro, part team, part market... and part just the insanity that sometimes happens in Startup Land.

It's hard to beleive and makes little sense from the outside. But it often works. Chainguard just closed $140M Series C, has 100s of customers and does 8 figures in ARR.

Here's how it happened.

Why you should listen:

Why launching multiple products at once worked for Dan.
How to raise from a position of strength to get favourable terms.
Why identifying the right markets can be such an important step.
Why time to value and leads to fast growth and high close rates.

Keywords
startup, fundraising, product market fit, Sequoia, security, open source, venture capital, entrepreneurship, growth strategies, technology, innovation

Send me a message to let me know what you think!

Pablo Srugo (00:07.254)

Pablo Srugo (00:00.0)

This is a story that's guaranteed to piss you off because Dan, the CEO and founder of Chainguard, he quits Google without even having an idea of what to build, within months raises $5 million. And then six months later, at literally the peak of the market, he raises $50 million from Sequoia with no revenue, no deck on like a handshake deal after a dinner meeting.

From the outside looking in, it sounds completely just unbelievable. But the fact is, it happened. And just two, three months ago, he closed another $140 million Series C, now has over 100 customers, $250,000 ACV. So he's doing tens of millions of dollars. Which is another way to say crazy things happen in Startup Land.

And sometimes it just works out.

Welcome to the product market fit show brought to you by Mistral, a SeatStage firm based in Canada. I'm Pablo. I'm a founder turned VC. My goal is to help early stage founders like you find product market fit.

Pablo Srugo (00:23.054)

Dan, welcome to the show. How's it going? Good, dude. Can't complain. How things to you? Good. Thanks for having me on. No worries, man. Look forward to the story. mean, you've had a pretty crazy ride and a really wild like just fundraising history. I $5 million out of the gate and then $50 million from Sequoia Capital, which I always wonder like, is the biggest thing raising the money or just getting Sequoia your cap table? Because you know, like every founder starts off and that's like the number one. I mean, it's the number one brand, dude. So.

Well, we'll go through all of that. They're great to work with. That's the question, right? think most founders don't get to discover it is like, are they as good as their brand, right? Because they've just been in the game for so long, back so many of monumental founders. So we'll jump into that. But I guess the first question is, we've had other founders before that have kind of had this path, right? But it's not an easy one, right? You were at Google for what, nearly a decade.

before kind of taking a jump into startup land. So maybe walk me through that, like just really eye level, not too deep, like what you did at Google, but then more importantly, like how that jump happened, what made you decide to leave? So I started there just as level engineer, working on some Google Cloud stuff, like in the super, super early days before Google Cloud and AWS and Azure were really blowing up as businesses. So I felt like a tiny part of the business, like we were off in a corner where everybody else was doing ads.

Worked on a bunch of stuff all throughout Google cloud infrastructure and security. So when I left, I looked back and it was like, Google cloud is like 66 % of Google by head count. Now it's crazy. I was like, when did that happen? like when you stop being an ads company or something. And I think my revenue was probably still ads, but definitely by people, it's turned way more into an infrastructure company throughout that time. But, yeah, yeah, really worried about open source security and sometimes through that timeframe. Cause I watched, what Google did.

an internal security side after like the Project Aurora stuff, like the Snowden papers, really kind of remembers that from like 2012, 2013. It's kind of this shift in thinking about security from like, it's just hackers out to like, no, there's nation states that are like way more funded than even the biggest tech companies that have as much time in the world. You have to change the way you think about security. Then public cloud, open source started blowing up kind of through that time and all that same internal security stuff we had for Google's internal infrastructure, everybody just kind of forgot about.

Pablo Srugo (02:44.686)

And that got me pretty worried. The attack on solar winds happened. All of a sudden, everybody started paying attention to software supply chain security and that kind of thing. This was when, by the way, like what year? winds was end of 2020. And so the whole space, the area I'd kind of been worried about and working on started to blow up and everybody was paying attention to it and security. That's kind of how security happens. You you can talk about stuff all day long and until attackers actually start looking at it, nobody cares.

My co-founder, Matt. And were those, by the way, specifically like open source projects that had security issues? No, SolarWinds was a little bit different. It was an attack on the big company where somebody compromised their build servers and then used that instead of just attacking the company to then like inject malware into the product they were selling to all of their customers. So it was like this pivot from instead of just attacking one company to all of their customers. And like that's a really sensitive one. So it was a huge national security impact.

And it's very different to then instead of just worrying about your stuff, worrying about all of your vendors, all of your dependencies, kind of your whole supply chain, your whole software supply chain. Open source is a huge component of that. So that's kind of how that fits together. But it's, yeah, a big shift in the way people think about security. Open source is a big component of what? Of the supply chain? Like if you write code, you're using tons and tons and tons of open source written by people you've never met. Anybody on the internet, it's a little scary if you look at it that way.

Yeah, my co-founder, Matt, took some time off. took a sabbatical just to do barbecue during the pandemic. And I kept trying to get him to come back to work. And one day he finally texted me and said, all right, I'm done barbecue and ready to work again. How about we quit and do a startup instead? That was me coming back to Google. And I hadn't really thought about it much, but I was like, yep, this seems obvious. Basically putting notice right after that. Why? Like, I mean, walk me through that. You gloss over it, but it's not... I I wonder if you did calculate it. Yeah, I mean, it just didn't...

If I think about this too much, I'd probably change my mind. But this does seem like a good idea. Let's go do it. Did he have an idea, or was just like, hey, let's just start something? Yeah, we started talking about what we do right after that. yeah, we didn't really have too much of an idea going. I mean, it sounds like you might as well take the time within Google to think through what you want to do before leaving. It was a bit of a transition. I mean, I was managing a team. I handed that stuff off before I actually left. But yeah, I basically started planning right away.

Pablo Srugo (05:01.794)

What attracted you to it though? like, you think to yourself, I mean, part of it, there's a rational piece, which you might say like, well, if it doesn't work, I'll just go back to Google. Like, did you do that kind of calculus or how did you think of Probably, but yeah, it's like, yeah, what else am I going to do this? This seems like a pretty good idea. Were you born at that point? 10 years into Google? A little bit. it, yeah, I honestly really didn't think about it too much, which just seemed obvious and a great move. I've loved working with Matt my whole career. And it was like, I see. So was more like the person. It was like, he's the right person to do this with sort of thing. Yeah.

So we in, figured out what we wanted to do. The whole space sort of, I mean, it was pretty obvious like this whole space and security was blowing up. we figured we'd find something to do in this area. So you knew high level, like you knew this is the problem space, like it was probably going to be something around security? I guess we knew the problem area and got going that way. We raised our seat around pretty much right away. I mean, what did you raise your round on? Like what's the story there?

It was 2021, Just quitting Google was enough. A little bit more than that. yeah, I know. what did you... It's because there's truth to that, right? But I think you go in, you're like, we worked at Google for 10 years. But what did you... You still got to like tell us, something, even though it might be not fully big. So what did you cut it? I mean, I just like pulled up my inbox and I was just like, these investors have been emailing me to chat about if I'm ever going to quit. Let me just respond to some of those emails and see. And yeah, I remember we were going to some of those meetings. I was like, cool, you guys are nice. You seem good to work with.

What do want to see before you invest? And they were like, just quit. And it was like, all right then, that's all. Yeah, we didn't do a pitch deck or anything like that. really? OK. But did you say to them, I think we want to do something in security? Are these are the problem areas we want to explore or what? Yeah. Yeah. I mean, it's part of the conversations. Yeah, the supply chain security stuff. Like, I've done a bunch of public work and open source stuff. So yeah, I think they generally had an idea of what area we'd go. But they just said, like, these are too smart. Like, ex-Google guys, like, they know security. Like, they'll figure something out.

And they give you 5 million bucks, not a million bucks, you know, 5 million bucks. Yeah. So we hired a team. There's gotta be a lot of founders listening to this that just pissed, I mean, if you want it to look like that, go back to 2021. I don't think it's that easy anymore. Yeah. It probably shouldn't have been that easy. What does that do for you? I mean, let me, let's like get serious a little bit because it's like, I don't know. I mean, there's pros and cons to raising money. And I think all else equal, if you're super rational and somebody says here's 5 million bucks on crazy terms, you got to take it.

Pablo Srugo (07:25.286)

But the thing is, what do you do with that? Right? Because the flip side is there is something to having smaller or less people being super resourceful in those early days. You know, what did that do to have that $5 million and feel like, you know, we can spend a lot on a lot of like, can spend a lot on a lot of things with $5 million when you're starting from just two of you guys. Yeah. I mean, we got hired pretty quick and you know, that's, the hardest thing. Like the first couple of hires, you have to make it a startup. Like they're taking the biggest risk.

especially when you have no idea what you're going to be doing. Especially back then too, like the tech job markets were crazy, companies paying insane amounts. This is like pre-layoffs, pre-RTO stuff. So iron is hard back then. And yeah, getting that initial team going, it's very focused and then figuring out what we wanted to do kind of at the same time. How many people did you hire like kind of right off the bat? we grew up, let's say 10 or 15, somewhere in that range. Mostly engineering product, that kind of thing.

Now 10 to 15, when you did figure out what you wanted to build or when you were still figuring We had ideas. Yeah. So we tried to build a lot of stuff early on just to see what was going to stick. What were some of those ideas and how did you arrive at them? We were a bunch of open source work. We were just doing a bunch of stuff publicly, getting attention that way. The state of security too, the area we were in back then, it was all over the national news constantly. Log4j, big, if you're familiar with that one, was huge open source vulnerability.

Basically worst case scenario, it hit pretty much everyone in the world. That was like two or three months after we started. And so like the space was just incredibly hot, but early. So like, it was incredibly easy for us to go get conversations with anybody we wanted, any enterprise company out there, like kind of our name somewhere. They knew the space, they knew it was a problem. So pretty easy to get like early feedback, early validation on things. But then the flip side is like, nobody's ready to do anything yet. So it was like a couple of years of like market education and market awareness that we kind of waited.

Why was nobody like if people are getting hacked left brain center on open source, why they're not willing to do anything. It's the roadmaps, maturity awareness. And I think there's also this angle, is like you can kind of look at it like tailwinds. And I think a lot of investors saw it as tailwinds, but like regulation. like there was a lot of regulatory stuff that came down as in the wake of SolarWinds and Log4j from the government, which is good because it means something eventually has to get done here. But then the downside is it runs on government timelines and like

Pablo Srugo (09:49.564)

There's an executive order from the Biden administration about this, but like executive orders don't just say you have to be secure. They're like, this agency is going to go put a framework together and then this other agency is going to figure out how to enforce people are just waiting in C mode. Yeah. They're like, we're have to do something, but like, I'm not going to do it until someone makes me kind of thing. So yeah, it's good because it gets you a lot of attention, but also like when the government's like, you're going have to do this in five years. It's like, all right, I got four and a half more years before we can actually do anything.

And what are some of those early ideas? Cause look at the high level and I'm an outsider to cyber, right? But like, okay, the problem is some of this open stuff, source stuff is not safe. That's okay. The problem is like quote unquote obvious. How do you solve that? Yeah. I mean, from the government, it came out as like this 278 page, like set of requirements from NIST called the secure software development framework that touches everything. So it's like kind of in the space where in two, it's like, there's no silver bullet, no one size fits all answer, like no magic thing. Anybody could go and sell you.

so it was like more of a journey of like, what are people actually going to take action on now, as part of all of this? And it's not just like, cause if you'd listen to security pitches, like you could go to some security pitch day and you're a hundred good ideas and they're all good ideas. But at the end of the day, you only have time and a team and a resource to do one of those. And so it's like kind of hard to get feedback unless the wrong way on some of those early ideas around like, everybody says this is good. Let's go do that. And it's like, but like we're number 17 on a list of a hundred priorities. Like, what do we actually do? That's going to get to get higher on that list.

So we started with two different products, kind of around the same time. One was the product we're working on and selling now called Chain Guard Images. We'll talk about that one in a little bit. The other one was Chain Guard Enforced, we called it. And it was this policy, visibility, control kind of dashboard for the software development process. idea was you'd install this thing, it would watch the way developers were writing code, the commits, the CI systems, how it's built, how it's deployed, and make sure that it's going through all these gates. And it sounds great because you need that level of visibility and control.

And people love the idea of it. then kind of the, end of the day, it's like, nobody wanted to roll this thing out because it made developers jobs harder. And it was like, that's kind of the entire point is making jobs harder. of course nobody wants to roll this thing out. Because what happens every time you want to do a pull request, it's got to go through some new. You've got to make sure it goes reviewed. You got to make sure all dependencies are approved. You've got to make sure the build system secure kind of all this stuff. And, by the way, maybe stupid question, but how does this take care of the open source? Like, isn't the open source the thing that you.

Pablo Srugo (12:10.94)

kind of start with and then I mean you build on top so you're controlling the build on top but yeah it didn't really it was more like is the stuff you're using approved or people just downloading random things from the internet which everybody is doing and everybody knows they're doing it and it's like I remember one customer meeting and they're like alright this tells me none of my stuff is secure right I already knew that like why would I pay you to tell me that and we're like because that will help you get better and we can monitor you getting better and they're like yeah and maybe next year did you get deep on building this product or did you just kind of pitch it and realize yeah I mean we

had design partners, we built it, we sold it. Yeah, and then we're working on two at once, right? We raised all that money. We had a pretty big engineer team. We actually split it in half and we built both products at once. I mean, they say you're supposed to focus. You're supposed to just do one thing. You didn't.

In a sense, it's work because you are where you are now. like looking back, was it the right decision, wrong decision, or like why did the focus maybe not apply? I mean, we knew it was a little bit risky. It's like with enterprise sales like this, it's like three, six, nine month deal cycle. So it's really hard to get feedback of like, people actually going to pay for this thing? And they want it. They're doing POVs. They're trying to stuff out. Things get delayed. And then you sort of hit like the market crash too in 2022 as we're going through all of this and nobody had budgets.

It slows down feedback cycles. So it was kind of a way just to try more things at once knowing that like both probably wouldn't work. It would have been crazy if both ideas we had worked. yeah, we started, it was on purpose. Like we started with two things about as far apart as you could be, hoping one of them worked. And yeah, we got pulled the wrong way early. We signed deals, big customers, started rollouts of it. How far did you get like, let's say revenue wise on that product? About a million an hour on that product. It just took a long time or what?

Yeah, it took a long time and then it basically completely stalled. Like we weren't getting any more pipeline. Even the implementations were stalling even after people bought the thing. How does that happen actually? Because that's a surprising thing. Like I'll tell you as been a main founder and speaking to a lot of founders, there's this belief that like, you know, they say like, if he's all to one person, he's held to 10. Like you can get to a million ARR, like you can get it to 10. You know, there's this kind of baked in belief. It's obviously not true because a lot of companies stall at a million, but what happened in your case that you were able to do, but should be really hard to just go to zero to one.

Pablo Srugo (14:19.058)

but then it just stalled at one and it wasn't easy to get to five or 10 or whatever. Yeah. So we were doing both at once, right? We got to around a million on that first one. The second one, we kept working on it through that. And all of a sudden it just kind of started to shift. Like even the same customers we talked to about both, we'd go into demos and do both products. And they're like, cool, this one makes more sense or something like that for the enforced product. Six or seven months later, we kept working on the other one. It finally got better and better shape. understood it more. Like our pipeline just completely shifted.

Like nobody was reaching out about it for even the customers we sold it to like we're stalling and rolling the thing out and the image products basically passed it in revenue and pipeline was like 10 to one the other way. And then like we couldn't even keep up with the demand for it. Like all of sudden a bunch of big deals closed that we were waiting on and we're kind of like, shit moment of like, now we got to go get the product ready because you're always kind of selling things a little bit before they're ready and everything. And it was like,

I mean, maybe if we kept forcing it, the other one could have gotten there too, but we just didn't have the resources anymore. was like, all right, we got to take everybody, the whole company and just support these other deals that we sold. This thing's growing clearly faster. You can see in every metric, you can hear it in every conversation. And so yeah, in a couple of quarters throughout like 2022 and into 2023, it was just completely pivoting around the other way. So what was this other product, which is your current product, the one that worked? That's the open source one, basically. It's a safe source for open source. So we're building and

so the first one actually didn't even have to do with open source necessarily. not really. I mean, it's part of it. What it looks like today is it's this set of container images that we build and harden and maintain and patch full of open source code. So it's the same open source code everybody's already using, but they get it from us and they, we patch all the vulnerabilities. We update all the dependencies. We keep it all up date for you. So you don't have to worry about it. So instead of like a tool to tell you about your supply chain issues, we just fix a whole bunch of them for you. And you just.

point your developers at that and they're happy. Yeah. So the, really simple ways, if you're a dev, you want to use anything open source, just to go, you just go to chain guard, you get it from there and you know, like it's got that stamp of approval sort of thing. and I mean, we, we keep adding to it. There's like 900 images we have available today. we're adding like a hundred a month, something like that to it. just growing it based on all the open source out there, cause you don't have all of it yet, but, maybe we want to get to that point. And what guarantees like, this may be a stupid question, but what guarantees that

Pablo Srugo (16:39.922)

that because it's on chain guard, it's secure? Yeah, I the simplest one is like vulnerabilities and known ones. So like, if you scan, there's tons of container scanners out there and security products. And if you point them at the containers you're typically running, like the Python image, the most up-to-date Python image, if you're going to start writing Python code and you grab that from like Docker Hub or something like that, it'll have 1,400 vulnerabilities before you even start writing your code. And it's like, they include a bunch of extra stuff that you might not need. Stuff doesn't get updated frequently.

And these are just stuff that everybody already knows is out there, these vulnerabilities. And so that's what we fix. We update everything. We test it. We patch it. We strip stuff out. Yours has no vulnerabilities or just a little less? Yeah. It's a, we have a zero CV SLA where like stuff gets found and we fix it within seven to 14 days, depending on that timeline. So like we keep it at zero. And that's part of the thing, right? Because ultimately like, you know, this stuff's all open source. Like what's the stop, you know, once you fix something that becomes known to everybody or like, how does that, how do you still stay?

kind of keeping, you're obviously building value, but how do you hold on to the value that you deliver? Yeah, it's a lot of work, a lot of automation. Yeah, there's no magic. It's just, we just do it once. it's, there's that kind of analogy when you compare the two products, you've probably heard a bunch of like vitamins versus painkillers. Like, yeah, even if everybody knows this is good, like it's still hard to get people to take their vitamins. Even if they know it's good and better in the long run versus like all my dashboards are on fire, I'm missing SLAs, my customers are yelling about these vulnerabilities.

By this thing, immediately fixes that pain. So it's a lot faster time to value. People get it a lot quicker. And it kind of helps developers instead of gives them more work to do by telling them about more problems that they already know about. And what's the model here? Like, is it just a SAS feed per instance that you're running or like per what? Yeah, so we charge based on the amount of images from the catalog you're getting from us, basically. And then there's like sliding tiers based on how big of a company it is.

We bill it like SaaS. So it's like an annual subscription basically, but like people run it on their own infrastructure. So they just download it from us and run it. So it's kind of like the best of both worlds. We're not running a ton of compute infrastructure for SaaS, but we're still, you know, billing on a recurring subscription for all that update. So give me a sense of timelines. mean, you kind of start this in, you know, 2021, you raised 5 million, which you said was a very easy raise. And then you raise 15 million from Sequoia six months later, like

Pablo Srugo (19:03.378)

in mid-22, what happened? Yeah, so we were just going in 2021. We're planning to raise at the end of that year, something like that. We had a burn rate calculations, the team we hired, that kind of thing. And it was still crazy. The markets were still nuts. We were getting random offers from people to preempt. And we were like, no, we'll wait, we'll wait, we'll wait. Preempt why, by the way? What do you have at this point? I don't know. It was 2022. But I mean, dude, so I get that, but at the same time,

while a lot of that was happening, just to tell you, it wasn't happening to everyone. You know what mean? So what were you doing? I was just writing blogs. Yeah, it's... It's the space. I mean, the team's there, right? Yeah, team, team, the people we're hiring in the space. I see. We're hiring a lot of ex-Google, ex-Alice, whatever, yeah. And then, yeah, all of sudden, there's...

seed investors called and they were like, stuff's getting a little rocky out there. You might want to try to raise. we're like, you just told us to say no to people like three weeks ago. What happened? And they're like, it changed. and, I happened to have a meeting with some of the folks from Sequoia the next day they were coming in town for some conference. So I had dinner booked and I was like, I'll just try to do it then. had a great dinner and it was like, let's stay in touch for when you're going to be raising. And it's like, not right now? and so, yeah, we like shook hands on terms that night at the dinner table. and, yeah, we were like,

Yeah, they originally offered us less money and I was like, how about we take more money because we're trying to survive this crazy market downturn and they were even happier as a result. Did that change? then taking more money mean it was a different valuation or you push that up to? Yeah, so it was like a little higher. They got more as well because we increased the size and stuff like that. But yeah, the whole process took three days before we had a term sheet and that kind of thing. And then, yeah, it takes a month or so to close. And so is that also that was no pitch deck? No, nothing. Yeah, nothing. Yeah.

We've never done a pitch deck even for the later rounds. But yeah, it was quick. It was a month to close. And I still remember at the end of the month, they were like, we wouldn't do this round again today. Like the markets had shifted so bad. Like just in that time. And I was so happy we got it done as quickly as we could. Do you have a sense of how they were backing into, you know, a pre revenue business getting 50 million on? I mean, I don't know what the valuation was to say was 200, 300. Like it must have been in that range. Like how do they think about that?

Pablo Srugo (21:24.43)

So I'm not an investor. Mr. Do not your problem. I could never do your job. And it was a rough year. it, my offset, but it's it, we started to, we had some revenue targets for the year. That's about where we, I think that was the year where we ended, you know, a little over a million in error or something like that. kind of on the raw product. and, then the next year is one thing that really started to shift for us over to our images products. And we went all in there in 2023. Do you have any advice?

for founders raising pre-revenue or do you really just attribute 90 % like some percentage to the team, which, you people have the team that they have. And then the rest is just the timing that nobody can do anything about. Timing helps. mean, it's always part, I mean, the markets change, the markets are up and down. But yeah, I mean, it's the problem space you're going after. mean, the TAM calculations.

I'm sure customer diligence of like, this an area you're actually worried about, especially in security? I mean, even through market downturn, security is always strong. So that always helps. But yeah, I'm sure it depends on the space. But that was post. That's like after the fact of them being interested in the first place, right? The customer diligence. It depends. A lot of investors are doing it proactively. Just get your name out. I guess the one thing I never understood is the whole stealth thing of like, we're just not going to tell anybody what we're working on.

I don't know why you do that. If you're out there, people hear about you, they talk about you, you get more interest to customers, you get more interest to be point arrested, investors hear about all that stuff too. What were you doing to be out there, to get your name? Blogs, random press stuff. Early on, especially in 2022, we knew no one was going to be buying anything and it was a super out space where there are new startups every week doing supply chain security.

We weren't doing sales yet. We didn't have a product yet. We were trying early founder of that stuff. But we made a decision to invest in the brand side of it. Just do as much as we could, get our name out there as much. So was like, let's try to end this year. Nobody's going to sell anything this year because it's so new and the markets are rough. Let's just try to end the year as the most well-known company in the space. And you can do that pretty cheaply. Yeah, what did you, mean, what's actually specifically, yeah, what did you do? I there's always the conference stuff like that too. But when there's news every couple of weeks about the government new regulations or some big hack or something like that, just.

Pablo Srugo (23:34.834)

those relationships with reporters go talk to them and like all of sudden you're getting quoted in stories and people see your name in your company and like all the stuff they're reading security news. What did you do specifically? Did you hit them up? You go for coffee with them? Like how did you? Yeah, yeah. I mean just email them to say, hey, like I've got thoughts on this. You're like you would just post them on Twitter or LinkedIn. That's been huge too, especially as like more people have shifted to LinkedIn. I wish we started that one earlier. Just write your thoughts on LinkedIn.

You'll reporters, if it's on interesting stuff, people are already covering, they'll reach out and be like, Hey, can you comment on this story? Or, Hey, can I use a quote from your LinkedIn post on this story here in there? It doesn't take a lot of time. That definitely paid itself back over the years. So you became like a kind of the authority, like when all these kinds of stories are happening, especially as it relates to security and open source.

You're constantly getting quoted and you just become the authority and then people assume like, you must know what you're talking about. Yeah. Exactly. You like you can't make it like product like blatant product or company pitch stuff of just like, here's what this means to the industry. Like you've got to actually be out there with genuine interesting opinions on stuff. And then what were the blogs about? Were the blogs also about high level problems and like your thoughts on this breach? of it. Stuff we're doing. Yeah. But just the more content you put out there, better. Stuff we're building. Yeah. Like it's just the interesting internal stuff that engineers love to read or

commentary on news, that kind of thing. So you've got the $50 million like on a handshake deal kind of month closed, the market totally turned, your timing couldn't be better. But you have at this point, little to no revenue or remind me like where you at? at that point. Zero. Okay. And you still have the two kind of products that you're working on? think second half of 2022, we finally started to close some like early deals, design partners, POVs kind of thing. On both products? Yeah.

Yeah, mostly on the first one. And then, yeah, ending the year, think we got our tiny first deal on the Images product. What was that first deal? What do we talk about size? 50, 100K, something like that. OK, not bad. Not terrible. But yeah, it was probably like 90 % on the Enforced product. Yeah, wrapped up that year. We're still doing both, as we headed into 2023 and really started to shift focus and lean into the Images product.

Pablo Srugo (25:44.274)

Yeah, when we had that second like, shit moment of like, can't even keep up with the man. This is way bigger than we thought it was going to be way faster. That's when we did our series B. It's kind of like you feel the product market fit. But that was like the end of 2023. you go from like just starting to get revenue, right? Okay. So just, you just starting to get revenue in beginning of 2023. And then what do you end that year with? How long were you at the of the year with? When we did the series B, it was like Q2, Q3. We had just built a real sales team. We had like two sales reps. We brought in a sales leader. We had a good quarter.

That's when we did the series B right after. And you were what, like a couple million era? Yeah. OK. So like very impressive, very impressive growth in kind of that 2023 phase. What clicked? Like what happened? What worked in 2023? I think one of the things I look back at is like, I wish we hired our first couple sales reps earlier. And the normal investor advice is like founder led sales until the first couple million before you do that. And I agree with.

parts of it. Like I think there's like that, you know, stereotype of like technical founder thinks they'll just build a product and then hire a bunch of salespeople to sell it later. I think like, but there's a huge difference in like the talking to customers value selling and doing that vision pitch. And then like actually knowing how to get through a six month procurement cycle at an enterprise. And like, if you've never done that before, like people that have are incredibly.

valuable and I wish we did that earlier because like all of a sudden like conversations we had going forever like just speed up when you know when you have somebody that knows how So you hired like enterprise salespeople to get the thing done not I was thinking more like BDR stuff just to... No yeah we hired two and yeah the advice get two sales reps when you do it yeah we did that and all of sudden everything just started going faster. And who was making those initial calls was that you then like... yeah like you still have to stay in yeah you still have to stay involved in it but like just have sales reps with you.

They can sniff stuff out. Like they can tell right away if like you're just getting led on and the deal's not going to go anywhere. they see, especially if you've never done this kind of thing before, they see signals you're not going to see, or you think something's going nowhere. And then all of sudden they figure out the magic people to go email and procurement and all of a stuff gets done. Like it's a huge skill and like sales reps make a lot of money and they deserve every penny. It's a hard job, especially if you've never done it. So I wish we did that part a little bit earlier, but I completely understand where the advice comes from around like you've got to do all the sales yourself to a

Pablo Srugo (27:56.722)

How many people, like when, after you raise that 50 million bucks, you have like 10, 15 people, how many people do you grow to over the next like six to 12 Probably like 35, 40. Okay, so you're saying pretty the time we did our B, yeah. 40, 50, something like, yeah, mean, markets had crashed, nobody had any idea how long it was gonna last for. It's kind of a whole year where nobody invested in anything. And then finally some deals started getting done again, and I think investors just got a little bit bored sitting on the sidelines and passing for a whole year while they waited to figure out how to value companies again.

Yeah, that was, yeah, toward the end of 2023. When you raise your series B, if you have 35 people or so, you raise 50 million. I you must have like 30 million in the bank. Is that about right? Yeah, we still have money left. When you're looking at scaling of sales, scaling of the market even more, starts to get expensive. And yeah, it's like, you know, you could just keep going this way. You know what the burn is, you know how long you can last. But like, if you want to grow faster, you've got to, you've got to grow and you've got to hire more. And it's that other one too, like you don't want to raise when you're desperate and when you need to. It always gets hard.

Well, that seems like consistently something that you did well and some of came to you, but in general, you're always kind of when you're totally in control. Everybody has a different risk tolerance for how much you want to have left in the bank at the time you go raise, but yeah, you don't want to be desperate. So where are you at today? How many employees do you have? How many customers do you have? 180, 190 employees now, something like that. About 100 customers. And ACVs for you are in that 50, 100k range?

It's probably 225, 250, somewhere around there. They're pretty obvious. OK, so it's really enterprise. It's all enterprise sales. Awesome. OK, cool. Well, we'll end it there. mean, guess the two questions that we always end on, the first one we touched on, but I'll get your kind of specific answer anyways, is like, when did you feel like you had true product market fit? Yeah, it's that saying, you'll know it when you feel it. If you're asking if you have it, you don't have it kind of thing of like.

It's like a slap in the face, guess, of like, yeah, when you can't keep up with the demand, when the pipeline is just coming in, you don't even know where it's coming from. your sales team is busy. It's different in every type of sales motion too. With enterprise, it's like, you can tell when the sales team is busy and you can tell when you need more of it. The last question is if you could go back in time to when you were just starting Chain Guard with like one piece of advice for yourself, what might that be? Yeah.

Pablo Srugo (30:13.618)

Tons of ways to look at that question. You know, there's like this, if you knew the markets were going to like, you know, shit the bed. So without, yeah, without a crystal ball, it's a little harder. I mean, there's tons of mistakes here and there and stuff you learn. I, but this one would have been like, yeah, get those first couple reps earlier. And then yet more confidence in growing that earlier. Reps in what? Sales reps. I see. Okay. We'll stop it there. Dan, appreciate you jumping on the show, man. It's been great. Yeah. Thanks.

I just gave you content that you liked so much, you actually listened to the end. And guess what? You didn't pay a single dollar. Not only that, I didn't even put any ads in your face. So you just got a bunch of content for free. And now that I've delivered that value, I'm asking for something in return. Open your app, open Apple podcasts, open Spotify, open whatever app you use to listen to this and hit that follow button. It's actually going to help you because it's going to help you make sure you don't miss out on the next episode, which you liked so much that you listened to the whole thing.

People on this episode

Pablo Srugo

Host