Serial entrepreneur and startup founder Manish Gupta has worked at tech companies that have grown 10x during his tenure. He shares his philosophy on beta customers, hiring, go-to-market strategies, and the future of cloud security challenges.
What advice do you have for other software companies who are currently working with beta customers?
Companies working with beta customers should ask themselves:
A startup’s culture is formed early. How a startup deals with its beta customers will carry over to how that startup deals with all its customers. Focus on customer success and listen intently.
We have been doing a customer-advisory-board discussion once every two months since we started the company. This has been of tremendous importance to validate our assumptions, identify and prioritize the pain points, and understand customer processes that we will have to take into account to implement our go-to-market strategy.
If one has engaged with the beta customers early and often, it should already be clear which customers will pay for the product if it delivers on the value promised. And which won’t. In other words, all beta customers should eventually evolve to becoming paying customers, barring a few exceptions.
There are a lot of prospects out there. For a startup, it’s key to know which 100 customers will you target in the first 6mos - what is the typical size of that customer, is there a certain vertical(s) that is more relevant, is there a certain geography you will be targeting. You will most likely learn this as you are developing your product. Evolve the composition of your beta customers accordingly.
What advice do you have for other software startups when it comes to hiring? How do you compete for top talent on a startup budget?
A startup is all about talent. For a startup, it will have to deal with bob-and-weave based on customer input and market conditions. A startup will be able to navigate these twists and turns only if it has world-class talent that is committed to the startup’s success. So hire the best, and hire wisely; hire people who fit the culture that you are trying to build. Don’t compromise.
Cloud and technology adoption has significantly impacted hiring. It is much easier to build a world-class team that is distributed internationally. After all, neither the US nor Silicon Valley have a monopoly on talent. If you are willing to build a culture that can extend beyond your office, you can hire world-class talent in remote locations and stay within your budget.
What have you learned at your previous companies that you are applying to this startup?
I will point to two key trends; one informs our product strategy and the other our go-to-market strategy.
Future of security can’t be threat focused alone: Most security products are focused on threats (viruses, worms, malware). And because the bad guys have access to the same innovation we have access to, malware evolution is rapid (as an example, in 2016 at FireEye alone we saw more than 100,000 pieces of malware per day). This inherently makes the security industry reactive and inefficient. One of my key observations, therefore, is that to do a better job at security, we can’t be focused on detecting threats alone.
Security epicenter is shifting to smaller, nimbler organizations: The traditional rule has been - the bigger the company, the higher your security spend. And this made sense because bigger companies bought a lot of software, deployed it in their data center and protected the data center with multiple layers of security consisting of traditional security products such as Firewall, Intrusion Prevention System, Web Application Firewalls, etc. The movement of software into the cloud is shifting software consumption to a SaaS model, where smaller companies now have large assets. Smaller, nimbler SaaS companies sell software through a much more agile, self-service model. The security industry also needs to adapt this model - selling security as a self-service model.
Is there any other advice you’d like to share with other software executives?
We live in a very exciting time. Software is the engine for innovation across many industries, including industries that have barely embraced software before – e.g., taxis (Uber), hotels (Airbnb), creating digital twins of machines in the field (GE). As Marc Andreesen has stated, “Software is eating the world.” But there is a dark side – how are we going to protect all this software? The techniques used today aren’t going to cut it. After all, even with today’s software adoption, we don’t have enough talent in the world to address all the security alerts that are created. We can of course educate and train more people – and we should. But we should also rethink security – the adoption of cloud gives us that unique opportunity.
Software executives need to know that wherever there is something of value in the digital domain, there is someone who is trying to steal it. As software is moving to the cloud, many organizations are assuming that their cloud provider (AWS, Google Cloud, and Microsoft Azure) will protect them. Whereas all three are on record saying that while the public cloud providers are responsible for the security of the infrastructure, the customers have to take the responsibility of protecting their own applications (see examples here and here).
Software executives should consider alternatives to today’s traditional security techniques. They have the opportunity to use the characteristics of cloud software to devise a new approach to security. We have a unique opportunity to insert security into the software itself by understanding the specific security needs of the software, as opposed to merely reacting to threats. This approach leverages the pace of change of the cloud to enhance security, making it much more efficient.
Manish Gupta is the founder and CEO of software startup Shift Left. He was the Chief Product and Strategy Officer at FireEye helping grow the company from approximately $70 million to more than $700 million, growing the product portfolio from two to more than 20 products. Prior to that, he was VP of Product Management for Cisco’s $2 billion security portfolio. At McAfee, he was VP/GM where he grew the network security business from approximately $100 million to more than $500 million in five years. He helped create the Next Generation Firewall category in 2005 as the VP Product Management at iPolicy Networks. He has an MBA from the Kellogg Graduate School of Management, MS in Engineering from the University of Maryland and a BS in Engineering from the Delhi College of Engineering.