Many of you may not know Security Scorecard but it’s been behind the scenes scoring the security efficacy of hundreds of top enterprises powered by outside in data. It’s been quite a journey for Aleksandr Yampolskiy and Sam Kassoumeh as Security Scorecard crossed the $100M ARR mark, and they helped create the security ratings category. We at boldstart were fortunate to partner with Alex and Sam from the very beginning as they worked out of our offices for the first 4 months.

While many enterprise software companies never reach this milestone, what I ❤️ most about these journeys is the resiliency of founders - starting companies when everyone doubts you and says it can’t be done, that no one would ever pay for it, and then they just will it to happen (see below).

As Alex says if it was so obvious, then you are usually too late - this is how we feel as day one investors also - we like to see the not so obvious in the hopes that the founders can build and execute their way to obvious a few years later which Alex, Sam and team did.

Finn Thornier did a great job capturing the SSC story from day zero in his Project 33 interview which I highly encourage any founder to listen to!

Here are a few 💎 from the interview:

The pain and solution

Security Scorecard - credit ratings, big problem, no KPIs companies used to quantify and measure cyber risk - hence Security Scorecard was born. Are you 1%, 10%, 30% safer from all of that cybersecurity spend? Non-intrusive using external data and other sophisticated data gathering and ML techniques.

I still remember the first customer which came from an angel investor we brought on in the initial round of funding. Alex had an initial meeting with the CISO of a large healthcare co, and said he would sign a multi-hundred thousand $ deal…and he did a few weeks later. Lesson learned here - you don’t get what you don’t ask for so don’t be afraid to ask for a bigger number if you are solving a huge problem.

ARR Path from $0-12M in 4 years

After the initial seed round, Alex and Sam hit the ground running with a detailed product roadmap and initial 6 month sprint to get a MVP ready. The next 6 months they spent selling. About 15 mos after the initial round, Security Scorecard hit $1M ARR and then $3M ARR, then $6M ARR, and then $12M ARR.

Founder led sales from $0 to >$1M

First 10 customers - use connections relationships, friends, and investors - buyers who will take a chance on you, who know your initial product is not that good, still early on, but who are also risk takers who trust you - deeply listen to them, iterate to make product better, resources are limited so need to focus…Had to also hustle to leverage other people’s networks, numbers game - more leads, get used to lots of NOs, convince people why they take a chance on you and your product, you have to evangelize your idea…

Once able to convince 10 people you don’t know really well to give you money then you go to institutional investors and say hey, if you give me more money I can start building a go-to-market machine with more capital.

Big mistake to hire sales reps too early (a strong belief I also have - founders should discover and learn how to sell and adjust value proposition and find ICP for first $500k-$1M) - they are expensive, cost money, will never do as good a job as the founder to sell, even if you’re an introvert.

Huge congrats to Alex and Sam and the entire team on this huge milestone of over $100M ARR as many companies dream of this milestone but never get there. Here’s to the next $100M ARR!

Once again, you can find the interview with Alex here.

Speaking of sales reps being expensive and not super effective in the early days, take a look at Lightspeed's 2023 GTM & Sales Benchmark Report. This data is especially relevant for seed and Series A companies which represent 41% of the survey respondents.

As always, 🙏🏼 for reading and please share with your friends and colleagues.

Scaling Startups

1. How long does it take for some of best enterprise software cos to get to PMF?

   

2. 👇🏼

   

Enterprise Tech

1. Go Big or Go Home? Databricks using different playbook (The Information) - burn $1.5B over 3 years to maintain 50% YoY growth from 2022-2025

   Databricks, on the verge of raising a new round of funding at a $43 billion valuation, more than doubled its cash burn last year to $430 million and expects to burn a combined $900 million over this fiscal year and next before generating cash starting in 2025, according to two people directly familiar with Databricks’ financial forecasts. All in all, from fiscal years 2022 to 2025, the company expects to tally up to $1.5 billion of negative free cash flow.

   The company is predicting the cash burn will be rewarded with a revenue growth rate of 50% or higher for each of the next three years, as it looks to get more companies hooked on its tools that help data scientists make sense of large pools of data. The company expects to pull in about $1.6 billion in revenue this fiscal year, which ends in January.

   And it’s working as investors continue to support with a new $500M round of funding at a $43B valuation 🤯 or 27x ending forecasted ARR Jan 24

   

2. Steak 🥩 dinnahs: Every PLG co becomes an enterprise co…eventually - very hard to only scale with tiny customers to grow into its $11B valuation from last round in 2022 - sadly Airtable had to let go of 27% of staff to double down on enterprise

   

3. 7 Cybersecurity CEOs That Are Eyeing An IPO from Kyle Alspach - CRN - Rubrik, Snyk (a portfolio co), Armis, Netskope, Optiv, Huntress, and Axonius listed

4. The deepfakes are coming…(h/t Shomik Ghosh)

   

5. Platform engineering still needs to get developers to ❤️ and use - it’s a problem I see often from dev tools startups - they get a huge win by selling into platform engineering team but the developers don’t adopt because developers never like tools mandated from the top down

   Why Is Backstage Adoption Rate Stagnant at 10%?

   Spotify is famously open source by default, which Greul postulates is because “if you want something to become [an] industry standard, there is no way software can be proprietary,” arguing that all technical standardization, at least over the last decade, has been via an open source pathway. This is how Spotify is paving so-called golden paths at more than 260 organizations.

   But Spotify isn’t your average company culture. Greul admitted that many other companies that have adopted Backstage for platform engineering are stuck trying to get past the 10% adoption rate.

   “Oftentimes it happens that they hit a road bump, or maybe the rollout is not as easy as they would have hoped,” she said. “This is where sometimes the adoption kind of struggles or stagnates or it doesn’t go beyond the POC [proof of concept.]”

   It all comes back to the incentives, she said, “Developers have to see how this is beneficial for their day-to-day.” For a startup, their cognitive load could be just fine with the AWS Management Console, and not be motivated to change. “But once you reach a certain scale, it sort of becomes almost a necessity to have the tools to combat the cognitive load.” Usually, an IDP becomes necessary.

6. No one loves Jira - this is how a $35M Series B gets done at a reported $400M post-money valuation - extreme efficiency and profitability - Linear

   

7. The Datadog pain is real on price!

8. Congrats to portfolio co Spectro Cloud on its partnership and investment from Qualcomm to deliver applications to the edge, huge opportunity especially for AI (read more here on why AI on edge is necessary and hard to realize)

   This is the problem space we’ve been attacking as we build Palette EdgeAI, announced today.

   Palette EdgeAI helps you deploy and manage the complete stack, from the edge OS and Kubernetes infrastructure to the models powering your innovative AI apps.

   Without diving too deep into the feature list, EdgeAI enables you to:

   Deploy and manage your edge AI stacks to edge locations at scale, from easy hardware onboarding options to repeatable ‘blueprints’ that include your chosen AI engine.

   Update your edge models frequently without risk of downtime, with easy repo integration and safe, version-controlled updates and rollbacks.

   Secure critical intellectual property and sensitive data, with a complete security architecture from silicon to app, including immutability, secure boot, SBOM scans and air-gap mode.

   The integration of AI and edge computing is not just an intriguing possibility; it’s a necessity for the next leap in technology and user experience.

9. Blockchains are entering their broadband moment from Cuy Sheffield - Visa

   Blockchains today share some parallels with the early internet — particularly more than their fair share of skeptics, hecklers and critics. It’s hard not to hear echoes of the past’s self-certainty whenever an analyst says something like, “blockchains are too slow! Too hard to use! Too expensive!” or “they don’t have any use cases!”  

   Sure, blockchains have been all of those things, and some use cases are more obvious than others. But the internet was once slow, expensive, and hard to use — and today, it’s fast enough to stream live video from space, cheap enough to be free in a lot of places, and easy enough for a six-year-old to use.

   At Visa, we’ve been on the forefront of payments technology for more than six decades. We saw the potential for the internet in its early days and played a major role in helping it scale and support new forms of commerce. Today, we see significant potential for blockchain networks — and many possible futures.

   …Efficient global settlement

   This year, we’ve expanded that settlement pilot to both issuer and acquirer partners, and to Solana — a blockchain whose innovative design enables it to process over 2k transactions per second. In the immediate, this has provided a modern, convenient option for fintech issuers and acquirers to help make and receive payments from Visa’s treasury accounts as well as opportunities for acquirers to get funds to their merchants faster.

   Going forward, we imagine a future where Visa’s network of networks involves more than just multiple currencies and bank settlement rails, but also multiple blockchain networks, stablecoins, and CBDCs or tokenized deposits. We expect traditional fiat and legacy settlement rails to co-exist with tokenized fiat running over global 24/7 real time blockchain networks for a long time. And we see our role as a bridge to meet our clients where they are regardless of preferred currency, settlement network, or form factor.

Markets

1. IPO Pricing - 🙏🏼 Klaviyo goes on high end of range