.png){kind=logo}
In this Cyber Thoughts episode, Lucas Nelson sits with Sameer Malhotra, Truefort's Founder and CEO, to explore his journey from the financial sector to cybersecurity innovation. Sameer discusses Truefort's genesis during a pivotal time in cyber defense, emphasizing their mission to halt lateral cyber threats through advanced technology. He also touches on the significance of partnerships, utilizing platforms for growth, and the evolving landscape of cybersecurity. Tune in for an enlightening conversation on navigating the startup world and envisioning the future of cyber protection.
Welcome to the Cyber Thoughts podcast, where we explore the world of cybersecurity through the eyes of practitioners and leaders in the field. In each episode, we invite a guest from the world of Infosec to share their insights and expertise on the latest trends and developments in the cybersecurity market.
Whether you're a seasoned Infosec professional or just starting in the field, this podcast is for you; our guests will provide valuable insights and perspectives on the challenges and opportunities facing the Infosec market.
Join us as we delve into the world of Cybersecurity and learn from the experts on the Cyber Thoughts podcast.
PODCAST TRANSCRIPT
Lucas Nelson:
Today is my great pleasure to introduce Sameer Malhotra. He's the founder and CEO of Truefort, one of our great companies. Sameer, you've got a great background. You start out in places like JP Morgan, Goldman Sachs, and Salmon Brothers. So how did you get your start in cybersecurity from your background as a Sys Admin?
Sameer Malhotra:
Hey Lucas Nelson, thanks for having me on. It's always fun to chat with you. So if you think about cybersecurity in the earlier days, you didn't necessarily have a team dedicated as cyber engineers used the systems management team or system administration team to support all those activities, whether it was patching or hardening environments and you know, that's a route in. So whether you came in from the network side or the systems administration side, you were supporting the cybersecurity requirements at the companies.
Lucas Nelson:
So you start out with a pretty technical job, it sounds like. Where at different stages did you make the jump from, let's say, pretty technical to now you're a CEO. So where did you make the first jump to management? How did that look?
Sameer Malhotra:
I wouldn't define the CEO job as non-technical. I think if you're running a technology company, you've got to have your credibility in the technology side. But over the years, I started obviously in financial services. I worked for many years at Goldman Sachs, where I went up the management rungs from the many years that I worked there. I did spend a few years at Bear Stearns and then back at Goldman. And then in 2011, joined Bank of America where I was the Global CTO for capital markets and the Head of Enterprise Engineering across all lines of business.
And my last job in the enterprise was at JPMC where I was the Head of Engineering and the Head of Global Compute. So, you know, spent many years in the technology management side grew in terms of the number of people in the budget that I've been managing, but always stayed true to the technologies. If you look up my background, my co-founder's background, we've published many articles and obviously some IP out there at the various organizations that we worked with.
Lucas Nelson:
So I've always thought of banking to become sort of the forefront of cybersecurity. My view has always been the ROI is really clean for them, right? So when money gets stolen, you prevent that ROI is easy. So they've been kind of the earliest spenders. How do you view, you know, FinTech and banking with respect to cybersecurity? You know, is it the hotbed that I think it is? Do you, you know, where do you view that?
Sameer Malhotra:
Yeah, I mean, look, it's fairly obvious that anyone that is non-nation state, let's take it that way, is looking to commercialize data. And what's the best data to go after is obviously financial services or healthcare type of data. And that's why if you see earlier regulations like PCI to secure transaction processing and the likes, all came from that elk. Over time, obviously, the ability to monetize different types of data have become something that the perpetrators are going after. But financial services were the first early victims, if you think about it. And having seen our fair share, whether it was at the big banks or the investment banks, there was always constant attacks at those organizations just because they were a target. Today, combined with nation-state, it's broad, right? So now you're looking at not only financial returns on investment, but nation-state type activities that risk critical infrastructure in countries all over the world.
Lucas Nelson:
So before I get to Truefort, because that's where I really want to drive to, but before I get to Truefort, while you were at the banking sector, did you all work with startups? How did you view working with a startup, right? Because there's the cutting edge nature of it versus the, hey, they're small, they could go away. How do you view that when you were on that side of the table? And then we'll use that as a launching pad to talk about the other side of the table.
Sameer Malhotra:
Sure, I mean, given my remit of running all of engineering, whether it was infrastructure or data, middleware, or different attributes of software, we were always looking at the new technologies that were available that would help automate many of the things that we were trying to achieve. It's not always that, although big, large financials have massive technology teams that we're looking at constantly innovating different things, but the startup ecosystem definitely helps because just think about the earlier days of Chef and Puppet in the automation today. You're looking at HashiCorp, but those were, you know, those are just the newer iterations of what that looked like. You know, think about columnar databases versus standard databases. There was, there's many innovative things and it's not necessarily that you can develop all the type of products that you need. So from an engineering perspective, we continuously looked at the industry and tried and adopted various things. I think today it's a lot more stringent with the way software is acquired with open source and vulnerabilities. But I think, you know, many years ago, you know, you were just trying to be innovative and trying to bring products. And if something worked, then you figured out to work with your procurement organization or your controls organization on how to bring those products in. So innovation's always been there. Otherwise products like Java and stuff would never have gotten to where they are.
Lucas Nelson:
All right. But I mean, Java came out of Sun, which was a giant company. I mean, how, you know, there's, there's innovation out of big companies, but there's also, you know, you're working with a small team like yourselves. How would, how would you, when you were in the other side of the table have dealt with a team where, yeah, you've got funding, but you know, it's still sub a hundred people.
Sameer Malhotra:
Of course. So what typically used to happen would be somebody in the R&D or the engineering team was looking for a solution, right? It's seldomly where the solution is looking for a problem. It's typically the other way around. And then once you're trying to look for a solution, that's where you start to look at, you know, who has... You look at the startup ecosystem, there's various ways of looking at it. And then that reverse comes into how you acquire products across. So although you see many startups talking to various organizations with new innovative ideas, I think the most important thing to realize is the customer you're talking to experiencing a problem you're trying to solve, or you're just looking for a for a problem, I mean, it's a way of potentially educating the customer, but that's a longer sales cycle than the other.
Lucas Nelson:
So you talked about being problem focused. What was the problem that you saw that made you leave that side of the table and come over and start a company? Because as you know, you have to be a little bit crazy to decide to start a brand new company. It's a ton of work. And so what was the problem that made you pick the leap?
Sameer Malhotra:
So having been through some cyber challenges, we realized that protection of critical assets and real-time visibility was the most important thing. Because once you get breached, lateral movement kicks in. And there's two major ways of lateral movement, one via the network and second via identity. And with Truefort providing the visibility and the capabilities of looking at detecting and blocking lateral movement on both of those vectors was what we were looking to solve. And that's why we came to industry.
Lucas Nelson:
Very cool. And I didn't do it in the intro. So would you give us a one or two sentences on what does TrueFort do? That's on me.
Sameer Malhotra:
Sure, so Truefort's focus is helping our customers prevent and block lateral movement. So with that, we offer visibility. We have integration with the top leading EDRs in the world like CrowdStrike and SentinelOne. We integrate into those. We have our own capabilities. But what we offer is succinctly micro-segmentation to stop network lateral movement and non-human ID visibility and detection to stop the identity lateral movement. And we offer that as a SaaS platform so that our customers can easily adopt our capabilities into their networks.
Lucas Nelson:
Very, very cool. All right. So what's the journey been like so far? So you had an idea in a small team. I met you relatively early on. But what's it looked like from, yep, a whiteboard and an idea up to kind of your first round and then maybe your second?
Sameer Malhotra:
Yeah. So when we started in the 2016, cyber investing was still young. And I'll tell you this, pre -COVID, if you were a company in the Northeast, you used to go out and raise capital and venture capital companies in the valley would be like, well, you're not in the valley. I think that's changed now. I think the world's opened up to investing, so it's not hot zones of investing. Like the typical story, bootstrapped, raised seed funding, got a product, went to market, got to a certain revenue number, and then in 2019, I guess that's when we met, we raised our first institutional round series A of $10 million. And we got started and then building out the platform and scaling out. In 2021 we raised the series B and we're just continuing to grow.
Lucas Nelson:
So I got to meet you guys out at your spot out in New Jersey just across the bridge. Are you still in that same kind of, you had a giant space for kind of a small company. It was really cool. Can you describe it at all? Like I'd love to see people go for it.
Sameer Malhotra:
Yeah, absolutely. We're still there. It's a converted warehouse. We've been lucky to find the space, obviously. Now there's a lot more office space available with the work from home culture, but we continue to be in the space. We've been in the space since 2016 and it's kind of worked out for us. It's allowed us to develop it in our personality versus a standard office space. So we enjoy it and having parking is a key benefit.
Lucas Nelson:
So, I mean, COVID spread everywhere now. Are you guys still mostly based in one spot? Do you have people everywhere now, like a lot of companies? Like how do you, and then as a CEO, how do you view in-person versus remote?
Sameer Malhotra:
Sure. We have folks in the office, obviously, we have, as you've grown over the years, you've got people in different states. We have folks in Canada, we have folks in Europe. How do I view the culture? You know, on-prem for you know, the management team, we're, we're all here. So it's, it's easy to keep the communication lines and, and really as you're, as you're a young company, you have to react, pretty quick on opportunities or the likes, but, from an R&D perspective, right we try to get the teams together as often as possible. And then, you know, people work remotely. But we do maintain an office presence. We do try to bring people together as often as possible. We find that that collaboration is important. It's not only a collaboration from a mind share perspective, but people build relationships and trust factors. And we think that has worked well for us because when you're in a tough spot or you're trying to do a release then those relationships or something breaks, those relationships are important to deliver capabilities.
Lucas Nelson:
Very cool. So you had a kind of a long background managing people. What were kind of the big surprises, you know, from either being in a startup or being the CEO for the first time, what were your biggest learnings, what were the takeaways you want to share with others about that?
Sameer Malhotra:
Sure, when you're working for a big global organization, you typically have an easier choice of hiring the top candidates that want to come to work for you. You'll have the payroll capabilities to hire the people that you need. When you're at a startup, that's a little challenging, right? You have to work with the people that are willing to work with you. Some of them are excellent. Some of them may not have experience in certain things. And so that's, you your work is not as distributed as it is in larger organizations. You've got to, you know, tie your shoelaces and jump in opportunities, bring people along and train and grow from that perspective. As you raise more capital, that frees you up to improve the talent. But the early days, you know, it's, it's a core team and you're doing the best with whatever capabilities that you have. So that's, that's a, you know, that's always a challenge. And then, you know, some of the, the benefits of a large organization, like support staff and other things are, you know, are obviously missed, but you, you just grow into that over a period of time.
Lucas Nelson:
And kind of what was the most surprising thing in your kind of startup journey? What was the thing that you didn't see coming or you hadn't heard about before that you want to hear about that?
Sameer Malhotra:
Sure. You know, people make assumptions that you have a great product and that, you know, you can easily walk into a customer and they'll be like, wow, this is great. Let me just buy it. Doesn't work that way. You know, if you haven't had the experience, you have to learn the process of selling and understand that selling is an emotional or buying is an emotional process, not necessarily. a complete, completely objective process, right? You may have the best product, but you may not fit the customer or the customer needs are slightly different. Or you expand to Europe where it's a completely different model of software acquisition or Middle East or Asia. And so you have to understand that, you know, once you've got a product, you've got a, apart from the education perspective, I mean, we're lucky the cyber ecosystem is healthy. There's a lot of education when it comes in, but if you're in a different space, you might have to do the evangelizing. It might take longer. Getting the right partners is important. We were lucky that we were able to build the partnerships early with like CrowdStrike. Today, it would have been significantly more difficult because they're a larger organization and they're busier doing other things. So timing is a perspective, but understanding who your ideal customer is and then focusing on that is important. People will come and tell you, well, you should all sell to the biggest banks in the world. The biggest banks cannot acquire 5,000, 20,000, 30,000 products. So understanding who your ideal customer is very important.
Lucas Nelson:
So you guys had a really cool kind of, I'll say growth hack. You mentioned partnering with the likes of CrowdStrike. If I remember correctly, you were one of the earliest companies on their platform, right? So CrowdStrike is an endpoint agent, so on and so forth, but they started building their platform. You were early to that. Can you just talk about how you viewed that and how that helped you grow in the early stages? That's a pretty unique approach you all took. I think it's been really successful.
Sameer Malhotra:
Yeah, if you really think about it, like, it's fairly obvious when you talk to customers, they don't want another agent, right? And so when we decided to work on the platform, I was lucky to get introduced to the top leaders at CrowdStrike and more specifically Amol, who was the Chief Development Officer back then, and CrowdStrike always had this platform view. And so we were happy to have worked with them to materialize that. But, you know, ever since we're doing that, that's been how we thought adding value to customers would be. Not that we don't have our own native capabilities, but partnering and bringing a strong eco where customers get more value from existing investments is an easier conversation than starting like, hey, you need to install this to get value. So that's been very helpful and then having the right partner that thinks that way like CrowdStrike is also significant. So we've been lucky.
Lucas Nelson:
For those that don't know, can you explain the endpoint agent issue and why, you know, like why not just install another agent, right? But there's a, there's a big problem with the orgs there. What's that?
Sameer Malhotra:
So I'll put it very simply, right? Coming from the customer side, when we buy infrastructure, you buy it for a business purpose. And then what happens is you load on 30-40 agents and all of a sudden those agents are consuming your resources. And so the business infrastructure piece is getting X percentage of the resource and they're also getting, you know, non-guaranteed performance, I'll kind of say, you know, because they want to have a guaranteed performance. For us, the biggest eye-opener was when we started working with Ericsson, who invested in our B round. And we realized that when they distribute software, their images might be very, very small and very specific. So if you put an agent on top of that, then you are the major consumer and they're performance driven. Now think about this. If you are say a 4 % or let's just take round numbers, right? So you're a 10 % consumer of resources on a server. If a customer puts you in the cloud and you're 10 % of your software on the agent side and the prolification of agents and the number of agents is consuming that, that means 10 % of their cloud spend is on agents versus the business that they're trying to solve. So mathematically, as you go to the cloud, it starts to become expensive and just the management cost of that. So what we tried to do was stay away from that as an integrate as much as possible so that the customer doesn't have to deal with that, that complexity and expense over a period of time.
Lucas Nelson:
Very cool. So what problems keep you up at night? What are the things that you're focused on today in the business or in the ecosystem?
Sameer Malhotra:
Well, I mean, it's ease of deployment and making sure we can continue to deliver faster value to the customers and how do we automate all of that? Many customers are dealing with resourcing problems themselves. So the more you can operationalize and automate your capabilities by integrating is key. And, you know, the other thing is, customers are requiring to spend on various different things. How do you, how do you make sure that you're in the mind share? And, and, and I think the other most important thing is just making sure your own customers are happy with what you're delivering and continuing to help you grow. So I think it's a multifaceted answer. There's a lot of things that keep me awake.
Lucas Nelson:
Nice. All right. OK, so if you weren't focused on the problem you're focused on, what other parts of the cybersecurity ecosystem do you find interesting today?
Sameer Malhotra:
You know, I just think the response capabilities are getting more real time. And, you know, now with AI and the automation on the adversary side, how do you continue to innovate or what are the ways that customers can continue to harden their environment? And so I think the basic thing is that the more you can harden, and do the fundamentals, then all the innovation on the other side of the attack spectrum, whether it's AI or anything else can be prevented and blocked. Also interesting is the supply chain risk issue, right? How much technology, I mean, like we spoke earlier, like R&D teams are always innovating. You can't stop innovation, but how do you secure the innovation? I find that space very interesting. Also, you know, it seems like nobody's solving the identity issue. And that continues to be troublesome. So it's going to be interesting how we innovate through those type of issues in the future.
Lucas Nelson:
Nice. All right, so taking it up a higher level, what info sec resources do you love? Where do you get information? How do you keep abreast of what's going on in cybersecurity?
Sameer Malhotra:
You'd be surprised how much information you get on LinkedIn. If you've got a great network, there's a ton of stuff that comes in. I do spend a portion of my time just reading updates and it kind of gives you a sense of new things coming out, new ways of what people are saying and doing, and obviously if there've been issues. So that's one avenue. Then there's definitely the conferences. Smaller regional conferences where you can get to have intimate conversations. And then other events. So it's a combination of events and just reading.
Lucas Nelson:
What's your favorite visual conference? Like give a shout out to the, to somebody you like.
Sameer Malhotra:
You know, we, you have the big ones coming up. So that's always a fun one to walk around RSA. Right. But you know, there are, there's a whole cycle around the regional cyber conference. I mean, you can look it up and they, they have meetups in, in various regions. So, getting in front of that. And then many times when you're talking to your resellers, those are good conduits of what they're seeing moving and why things are moving and why things are not moving. So there's many avenues of getting information. It's just creating a block of time in the day so that you can consume information and think about it.
Lucas Nelson:
Very cool. All right, so this is the rapid fire section. I'm gonna ask you two quick questions and then I'll let you give plugs. But first, what's your favorite book? What are you reading?
Sameer Malhotra:
Because in the startup you're working all the time, I don't read self help or I read things that allow me to do other things. So I'm in the Dan Brown series right now. So totally enjoying that, keeps me in a different world. So that's where I am today.
Lucas Nelson:
And what's your favorite information medium? How do you like to learn? You like movies, TV, podcasts, books? Like what, you know, how do you like to take in your information?
Sameer Malhotra:
I'm a voracious reader of current events. So I think I read about five or six newspapers a day. Most of them on my phone. And yeah, just input.
Lucas Nelson:
Very cool. All right, so first of all, thank you. But any plugs you'd like to add?
Sameer Malhotra:
Yeah. You know, micro segmentation is becoming a key critical portion of Zero Trust and the thing that TrueFort does is helps you through our integrations get faster visibility and quicker time to deployment versus competitive tools. So take a look at us, www.truefort.com and look forward to having conversations.
Lucas Nelson:
Thank you so much for taking the time to speak with me and educate our listeners. I appreciate it.
Sameer Malhotra:
Lucas, it's always been a pleasure. Thank you.