Inside the Network

In this episode, we sit down with Marty Roesch, founder of Sourcefire. Sourcefire led the intrusion detection and protection (IDS/IPS) wave, raised four rounds of financing from leading VCs like NEA, Sierra Ventures, and Sequoia, and went public, later to be acquired by Cisco for $2.7 billion.

Founders often believe that their first few customers cannot be large enterprises. Marty took the contrarian path. Sourcefire’s first few customers were all six-figure deals - PWC, Intel, SAIC, and International Paper. In addition to that, Sourcefire was incredibly successful in working with industry research firms like Gartner and organizations like SANS in developing a new category. In this podcast, Marty shares what happened behind the scenes and provides founders with advice on how to work with enterprises and gain the interest of industry analysts.

Almost two decades after starting Sourcefire, Marty has gone back full circle to being the CEO of Netography, a network security startup. Marty shares stories from both his Sourcefire and Netography journeys, discusses how he navigated the M&A landscape and explains where we should be excited about AI in security, and where it’s wise to be cautious.

Creators & Guests

Host
Mahendra Ramsinghani
Managing Director at Secure Octane Investments
Host
Ross Haleliuk
Author of Venture in Security
Host
Sid Trivedi
Partner at Foundation Capital
Guest
Marty Roesch
CEO at Netography, previously CEO and co-founder of Sourcefire

What is Inside the Network?

Welcome to the inside track of cybersecurity entrepreneurship. We bring you the best founders, operators, and investors building the future of cybersecurity.

Sid Trivedi:

Welcome to Inside the Network. I'm Sid Trivedi.

Ross Haleliuk:

I am Ross Haleliuk

Mahendra Ramsinghani:

And I am Mahendra Ramsinghani.

Ross Haleliuk:

We've spent decades building, investing, and researching cybersecurity companies.

Sid Trivedi:

On this podcast, we invite you to join us inside the network, where we bring the best founders, operators, and investors building the future of cyber.

Mahendra Ramsinghani:

Our guest today is Marty Roesch, founder of Sourcefire, a company that led the intrusion detection and protection or IDSIPS as it's called. He raised 4 rounds of financing from leading VCs like NEA, Sierra Ventures, and Sequoia, completed a successful public offering later to be acquired by Cisco for almost $3, 000, 000, 000 At the time, it was the largest cybersecurity exit. Almost 2 decades after starting Sourcefire, Marty has gone back full circle to being a CEO of a start up called Netography. In full disclosure, my investment firm, is an investor in Netography. But this is not a commercial for the company as much as the art and science of building a company, taking it public, and doing it all over again.

Mahendra Ramsinghani:

We will hear from Marty about his entrepreneurial bug. It has bitten him twice now, and how founders can find insights and inspiration from his journey.

Sid Trivedi:

Hi, Marty. Welcome to Inside the Network.

Marty Roesch:

Hi Sid thanks. Great to be here. Thanks for having me.

Sid Trivedi:

So we have a few different topics that we're gonna try to cover today. We have 4 different topics. And the first topic, which is the most important 1, is we we describe it as there and back again, which is after completing this entire cycle, the cycle of a founder from starting a company all the way to taking it public, you came back again to an early stage startup, and this 1 is called Netography. And you decided to choose to suffer this pain for another bout of entrepreneurship. I'd love to understand why you did that and what was the motivation?

Sid Trivedi:

How was it different this time around than the last time around with Sourcefire?

Marty Roesch:

Oh, yeah. Motivation. Boy, that's a good one. You know? Like I was saying before we started recording the, the new, fun startup saying we do these things not because we they're easy, but because we thought they would be easy.

Marty Roesch:

It's it's really interesting. So Sourcefire, you know, was a big journey from me by myself in my living room to public company to acquired was a 12 year adventure. And, you know, I learned a lot, and I had a really amazing time doing it even though it's hard, you know, labor and security while you're getting going and things like that. But, know, from a motivation standpoint, I guess I really felt like I wasn't really necessarily done with my career, and I really like working freely. You know, anytime you go work for a big company, you're submerged within that company's culture and priorities and all the other things that come along with that, like, you know, stability and health insurance, which are actually pretty nice, it turns out.

Marty Roesch:

But, when you're doing a start up, you have the breathtaking clarity of somebody with nothing to lose and no established kind of history. And as I like to say when I'm advising entrepreneurs, you're unencumbered by success. You don't have anything that's kind of weighing you down like customers and, these expectations and things like that. So it's this extremely free way to work, and it lets you actually create new stuff. And this is a talk track that I've kinda had for a really long time about where innovation comes from in the cybersecurity industry, and it really comes from startups.

Marty Roesch:

You don't see the big giant mega corporations really driving innovation that comes out of startups, and they eventually either turn into big companies or get acquired by the big companies and their ideas and technologies integrated into the larger whole. So, yeah, for me, motivation was certainly all of that. Chance to go be innovative again, a chance to operate in an unencumbered fashion. But it was also, you know, to some degree, almost a little bit of frustration with what I, I saw. So, you know, after Sourcefire, we got acquired by Cisco, and I worked at Cisco for almost 6 years as the chief architect for the security group there.

Marty Roesch:

And, that was really interesting work, obviously, big company with huge, you know, huge scope, huge remit. But you're back to that, well, it's really hard to innovate in these kinds of environments kind of problem. So I left and I kinda semi retired. I, you know, sailing and went and had some fun, and then the pandemic hit in the beginning of 2020. And, you know, just like everybody else, I was sitting on on my couch in my sweatpants, like, wondering what I should do with myself.

Marty Roesch:

So I had the ability to sit there because that's all I could really do and think about what I wanted to do with myself. And, you know, in the run up to Sourcefire, there was a lot of working by myself alone by collaborating with people over the Internet and things like that, which is exactly, essentially the the environment, the beginning of the pandemic. So I started thinking about doing new things, and I started teaching myself. I needed to get up to speed on relevant technologies that people were, using these days, like, taught myself go and Rust because I'm an old school c programmer, and, like, nobody wants programming c, anymore because it's, you know, quote, unquote unsafe. But, anyway, so I worked on a a variety of things and but I got enticed by the photography team.

Marty Roesch:

I was advising them before I came to the company, and they were really doing something that was fundamentally new, but it was also something that I really believed in because I had very similar notions of the way that kind of network security technology should go. And then what happened once they invited me to come work here, I started looking around the industry and just see what the state of things was, and nobody moved the ball forward. I was like, I was shocked and to some degree kind of horrified that all of the network security architectures for the most part were still on the old models of looking at packets and appliances and central management platforms and all sort of stuff that are just, you know, just don't work in the the world that we're in. So I think part of it was I was interested in doing something new and because, you know, all of a sudden, all had a bunch of time on our hands with the pandemic. I was like, well, I should go do another startup because, of course, what else am I gonna do?

Marty Roesch:

Am I gonna go doing some giant mega corp, or am I gonna go do my own thing? And then the photography thing came along. I was like, oh, this is Oh. This is cool. Oh, and nobody else has moved the ball forward.

Marty Roesch:

I'm

Sid Trivedi:

And and, Marty, how how big was the team, the photography team when you joined, and did that concern you in any way?

Marty Roesch:

The team was, was 8 people when I got here. It didn't really concern me. I'm used to working small. You don't need to have a big team to do interesting things. Obviously, all the way back into the late nineties with Snort.

Marty Roesch:

Right? That was initially just me and then people collaborating over the Internet, and that didn't bother me at all. It's a very capable team. People have been there and done that. This it's not a bunch of kids doing this.

Marty Roesch:

This is a bunch of people who've been building real stuff for a long time. So I wasn't really bothered by that at all.

Ross Haleliuk:

In our last episode, Ron Gula, the cofounder and the and the former CEO of Tenable, mentioned that you were actually roommates at Clarkson University. And, it looks like both of you had a similar journey. We you both built open source projects, which became quite successful products, built startups from their inception to IPO. And that's where the similarities seems to end. Since leaving Tenable, Ron became an early stage investor, started a foundation, and is going down an influencer path on YouTube.

Ross Haleliuk:

What other possibilities did you explore before jumping into the startup world again? And before you answer that question, what did you guys talk about when you were roommates?

Marty Roesch:

What did we talk about? Well, we were, you know, in our early twenties. We were big gamers, believe it or not. We became fast friends very quickly. My freshman year of college, he lived across the hall from me, and, we both loved, flight simulators.

Marty Roesch:

There was a combat flight simulator called Falcon, And, I had the very unique attribute of, having a 90 foot long RS 232 cable that I could stream between our rooms so we could play against each other. So, yeah, that's kinda how things started. We used to talk about, you know, technology and all the, you know, stuff you expect kind of the the late eighties, early nineties, you know, UFOs and aliens and engineering, and we had kind of similar science fiction, backgrounds in terms of our reading and stuff like that. So, yeah, we had tons to, talk about. We were we were very complimentary nerds and had, a lot of nerd things to, always stay in sync on.

Marty Roesch:

Anyway, yeah, let's see the the things the other things that I I considered. So I've been doing some advising. I've been on boards and things like that. Obviously, I've kinda done the startup journey from soup to nuts, so a lot of people get pointed my way and ask for help. And, you know, 1 of the things that I do is, you know, any entrepreneur who darkens my doorstep and says, hey.

Marty Roesch:

I'm starting a new tech company. Could you please help me figure some things out? I always say yes. Because when I was getting started in, 2001 in Central Maryland right after dotcom bubble burst, advisors were few and far between. And so so I'm always willing to help.

Marty Roesch:

So I did some of that, and, I was on some boards. And, I started thinking about, you know, like I said, what I wanted to do. The actual first thing that I really worked on and almost decided to go into was working on essentially, dealing with disinformation and, deepfakes. This is back in, 2020, 2021. I was starting to you know, I became kind of painfully aware over the last, whatever, 8 years that information warfare was being waged at scale on defenseless populations of all the, the western countries.

Marty Roesch:

And, it seemed to me that, there wasn't a lot of effort being expended on, you know, like trying to deal with things like deep fakes, and they were gonna become a huge problem. We're seeing it more and more now as we get into another election cycle. But we also see there's there's other problems out there like, Zoom call hijacking and things like that where you can, you know, put up a convincing avatar in real time to hijack a call. So, anyway, I investigated that, and I was looking at it kind of from the, from the trust side and trying to figure out instead of to trying to detect deepfakes, which, you know, may or may not be achievable over the long term because you get in this arms race with the deep fake generation technologists, I was trying to go to the other side of it and try to figure out how to validate that, you know, validate what was real essentially because there were a number of organizations that kind of traffic in being trustworthy, like media organizations and software companies and things like that. So being able to validate that materials were in fact authentic, I thought was the direction to go.

Marty Roesch:

So I did a lot of work on that. I actually built some technology and, you know, put some provisional patents together and things of that nature. Then, I kind of came to the conclusion that, the amount of money that was gonna be required to actually do the upfront work to, do the trust level validating for this stuff is going to be immense. You'd have to be like a a Google or a Microsoft to pull it off. So, I decided not to to go that direction, but I did I did spend time actually building technology, writing code, things like that.

Marty Roesch:

I also looked at, doing, kind of a a mobile work from wherever a security bastion, like, thing you could carry around in your pocket, but I decided that was silly, after doing some some research on it and building some prototypes. I was like, no, that's that's probably people don't wanna take things around with them. So I decided not to, to pursue that, and then the photography thing came up. So, yeah, I built some stuff, taught myself some stuff, did a lot of advising and things like that, but I like to build things.

Ross Haleliuk:

Tell us more about the UFO. That is probably 1 of the 1 of the most fascinating topics that both you and Ron mentioned. We didn't get like, we didn't have enough time to talk with Ron about it. So now you're the victim. Tell us.

Marty Roesch:

Well, you know, there's always a question. Are they real or are they not? And especially, you know, back then, not everybody was carrying a high res camera around in their pocket. So, it was, there was a lot of fuzzy video of weird things and lights in the sky and stuff like that. And 1 of my hobbies is, astronomy.

Marty Roesch:

And, I got into astronomy when I was a teenager, so I spent a lot of time looking at the sky. I was always interested in that question, especially growing up in that era that I did. And I never saw anything that wasn't explainable up there, but, you know, definitely had a few head scratcher evenings, over the years. Anyway, so, yeah, Ron and I used to talk about, well, what do you think? Are there aliens out there?

Marty Roesch:

Is there, life on other worlds? Are UFOs visiting us? And we had these, you know, discussions. The funny thing, so Ron was in the air force, and, he, was doing pilot training and and things of that nature. He eventually ended up going to the Intel side of the world, and, we had a a pact if he ever, saw anything that, proved it 1 way or the other.

Marty Roesch:

If he just if he told me he bought a cat, then I would know that. You finally found just direct evidence because he was allergic to cats.

Sid Trivedi:

Wow.

Marty Roesch:

And the the real punch line is he he eventually got married to a woman who actually owned a cat, so he did have a cat. But it wasn't related to Ellen.

Sid Trivedi:

But we'll never know. We'll never know. I mean, it could be it could be that that was the the the sign.

Marty Roesch:

Maybe he hit that level of commitment was, you know, him, like, it was a, like, a a side note. He couldn't say it, but you know?

Sid Trivedi:

Well, as somebody who went to Cornell in in upstate New York, just hearing about 2 founders in cyber at Clarkson going and building a building 2 different companies that have had such an amazing impact. It's just truly spectacular to hear. Let's talk a little bit about Netography. What's a problem that Netography is solving, and and why does this problem prevail? I'm just curious how you thought about the the idea.

Marty Roesch:

Yeah. So it it's a bit of a journey. So, you know, for me, the foundation of it goes all the way back to, about 2010 or so. So this is in the late Sourcefire days a few years before we got acquired. And, I was starting to notice the the trends in the industry of companies moving more and more to the cloud, and it was still pretty early in the adoption phase back then.

Marty Roesch:

But, you know, you definitely saw it coming. Like, this was obviously gonna happen. And, also, the increasingly pervasive use of network encryption, which, obviously, if you're doing deep packet inspection, which was our raison d'etre at Sourcefire, is very problematic because you have to either play all these typology tricks to get into the path of clear text traffic, or you have to buy decryptors, or you just have to ignore traffic. And as more and more of it becomes encrypted, it gets to be a larger and larger TCO problem as well. So you have the TCO problem posed by encryption.

Marty Roesch:

How am I gonna deal with it? Get taps and aggregators and decryptors and things like that to present clear text traffic to my inspector. But you also had this dispersion problem of things moving to the cloud. So the networks are dispersing. I I coined this term in metography.

Marty Roesch:

I call them atomized networks. We have all these atoms of presence that are scattered across multi cloud environments plus on prem. And the way that we were deploying, you know, packet inspection technology was primarily watching the north, south ingress, egress traffic only and was completely blind to what's going on across the, across the lateral ocean east west environment. So this was you know, I saw this as a as a problem, and I started thinking about, well, you know, 1 of my jobs at Sourcefire was prevent strategic surprise. Like, don't let us, you know, get caught with our our feet flat as something is, emerging and turning into a problem that we're gonna have to deal with as a company.

Marty Roesch:

So I started looking at architectures for dealing with a world where the networks are increasingly dispersed. The traffic is increasingly encrypted. Also, you've got this, you know, this kind of, ephemeral problem to deal with in the cloud where things come and go very quickly or they can, as well as just the the general diversity of the environments, like multi cloud plus on prem or even IT and OT. And what the implications of this were for for trying to observe what's going on at a network level in those environments. So it turns into an architectural question.

Marty Roesch:

The architectures that we built over the last 25 years really are suitable to the networks that we're in today. So that was the the concept. If you agree with that that notion, then how would you address it? Well, I had a model that I was really interested in, and it was actually based on, EDR technology. So at Sourcefire, we had acquired 1 of the pioneering EDR vendors company called Immunet, and they built a technology called AMP, which is now Cisco's EDR.

Marty Roesch:

And the way that it works essentially is you had an agent that ran on your host. It collected metadata about what was being executed on that host. They shipped it up to a cloud back end. All the detection heavy lifting was done there, then it shipped, you know, answers or directives back down to the agent and said, oh, block that process. That's malware or whatever.

Marty Roesch:

So I thought that was a really fascinating architecture because it it allows you to do really cool things like, you know, update detection 1 time in the cloud and all of your customers simultaneously get protected. So it's not like on Microsoft Tuesday and the old source fire days where it's like, I have to roll out 20 new rules to 35 100 customers, and they have to actually, you know, integrate them on their management platform, test them in their environments, deploy them to their sensor infrastructures, and things like that. It's I update once, everybody's protected. Cool. Super cool.

Marty Roesch:

So I was thinking about, okay. Well, what would we, you know, what would we do if we wanted to do that in the network? And my conclusion was essentially, well, I can't ship all the packets from the network up to a cloud back end. That's obviously insane. That would never work.

Marty Roesch:

But it could ship metadata. Right? Just like the the endpoints are processing metadata, we can ship metadata up to the to the cloud back end to do the detection there and then signal back to the collectors. Hey. I see something that I don't like.

Marty Roesch:

Do something about it. So I kinda, you know, I had a rough draft of this idea, and I thought that that would probably work. It would scale really well. It could operate in the cloud as well as on prem. Doesn't care about encryption because I'm not looking at the application there.

Marty Roesch:

Doesn't care about the environment because the data that we'd be collecting, about the, you know, the activities in the environment, the metadata would be universal every place we were so we could write, you know, generic detection around this. So I thought, okay. This is pretty cool. And I mentioned it to some of my, coworkers, and I mentioned it a little bit in the Cisco days, but we never never really took it anywhere. And then Barrett and Dan, the cofounders of Netography, basically had largely the same observations and conclusions from their vantage point of building Internet scale anti DDoS services and things like that, and they said there's gotta be a better way.

Marty Roesch:

So they started working on this architecture. And as as much as it's anything, it is a modern architecture for doing network security observability across any environment in real time. So it's not like everybody's throwing everything into data lakes right now. Data lakes are great, but they're not real time systems for saying, oh, this just happened. Let's do something about it immediately.

Marty Roesch:

Their dashboards are reporting, things of that nature. So in Netography, we've essentially gone to a metadata driven platform for being able to, in real time, do streaming analytics of the data as it arrives and marry it up with context, not just about the activities that are occurring in the environment, but we also pull context from the tech stacks of the companies that we're in. So if you've got, like, Wiz and you've got Tenable and you've got Axonius and you've got Clarity or CrowdStrike, we can essentially leverage their APIs to access what they know and then pull that in to decorate the, the activities that we're observing. It's not just, you know, this IP address talking, that IP address on these ports for this long or It's not just, you know, this IP address talking to that IP address on these ports for this long with this many bytes starting at this time and ending at this time. It's, you know, Marty's computer, Marty's laptop connected to a vending machine in the break room and shipped 40 gigs of data to it.

Marty Roesch:

Don't know what that is. You're probably not gonna be super happy when you figure it out though. So that's the the idea here. And the other cool thing, here's the the rabbit out of the hat. I can do this without having to deploy anything.

Marty Roesch:

I don't need to deploy any appliances. I don't need to deploy any agents to make it work. It just leverages the infrastructure you've already got. So it's a a live off the land architecture. That's that's what we're doing, and what it really is is an architectural innovation.

Marty Roesch:

You know, taking this thing and really not nobody else does this. Like, there are no real time streaming analytics platforms for network data like this that operate at scale across, you know, multi cloud plus on prem, blah blah blah. I don't wanna turn this into a a commercial. But it is it is really unique, and it's very interesting because, you know, most people hear it and they're like, oh, are you a SIEM? It's like, no.

Marty Roesch:

We're we're operating on fundamental data. We're an event generator, not an event consumer. You know? So it's it's a a very different approach, and it requires people to think about the problem differently and say themselves, jeez, maybe, you know, detecting every log 4 j attack that floats in off the public Internet actually isn't very important, but detecting when somebody breaks out of a 0 trust containment environment actually is really important. And I can do that with this architecture.

Marty Roesch:

I can't do it with the old architecture.

Mahendra Ramsinghani:

Thank you for that wonderful, and very comprehensive description of Netography, Marty. Clearly, your passion is evident in why you have come back to the startup world. Let's switch gears a little bit to go to market. What you did at Sourcefire was pretty fascinating. Right out of the gate, you signed up, like, these 4 amazing logos, Pricewaterhouse, Intel, SAIC, International Paper.

Mahendra Ramsinghani:

Now we as VCs often tell our founders, like, don't go to the big companies too early in the game. Go to the middle market, call your friends. And you took the contrarian approach and, and pulled off 6 figure contracts right out of the gate at Sourcefire. And now you're doing it again at Netography with Goldman Sachs and a bunch of other customers as well. What advice do you have for founders?

Mahendra Ramsinghani:

And how can they tactically change their thinking to to go after the the big customers?

Marty Roesch:

Yeah. Well, I think, you know, it's a bit of a chicken and egg problem. So at Sourcefire, we had this really crazy unfair advantage in that all these places were already using our core technology. Right? Smart is an open source engine is, already embedded in all these places and every place else.

Marty Roesch:

Task was just letting everybody know we existed for the most part for the 1st couple of years. So, because everybody was super excited about the idea of, oh, enterprise grade Snort? Absolutely. Sign me up. So that was and the Sourcefire business model was a very contrarian business model.

Marty Roesch:

This was me with my engineering degree and nothing else, basically, but but confidence in myself saying, I think we can get people to pay for something that's free. And, you know, people did. But, man, when I took that business model on the road and I said, hey. I'm a guy with a computer engineering degree. I've never built or run a company before, but I started this 1.

Marty Roesch:

And not only do I have new technology, but I have a new business model nobody's ever pulled off before. Definitely give me 1, 000, 000 of dollars to go see if I can make this work. People were not super enthused about that idea because let's face it, who's this clown? Right? We know he's a good coder because all these people are using his stuff, but what does he know about building business models and then businesses and things like that?

Marty Roesch:

So going after the enterprises for me, the whole thesis of Sourcefire was essentially, you know, like, why do you rob banks? Because that's where the money is. Why do you go to the enterprise? Because that's where the money is. And in Sourcefire, particularly, the the whole idea was thrown on the small scale sales problems, started on the large scale, causes problems, and the problems that it causes are different than the ones that it solves.

Marty Roesch:

And the companies that it produces the biggest problems for also tend to have the most money and the biggest problem. Right? So just go to those guys, and I was right. So I think you've gotta know your market. Like, you understand your value proposition and who your market really is because, yes, you can go do lot of $10, 000 deals or a lot, you know, AAA stupendous number of $1, 000 deals, but doing the elephant hunting thing is high risk, high reward.

Marty Roesch:

But also if you know out of the gate like I did, these guys are already using this stuff. I mean, I had big banks contacting me, sending me computers. They're like, hey. Could you keep smart ported to true 64 on the deck alphas because we're using it here at the bank, and we don't wanna port it ourselves. So we'll just send you a hardware and bulletproof service contract and just let us know what you need.

Marty Roesch:

It's like, okay. Great. So I knew all these guys were already using stuff. In fact, I was kinda shocked at all the places that were using it. So, yeah, for me, it was kind of a no brainer to go there.

Marty Roesch:

In photography, it's a little different now. And the reason that we're going to the bigs out of the box is because we've been selling to them. The leadership team at this company has an immense track record of building, you know, real technologies for the large enterprise. Nobody doubts that we're serious when we say the things that we say and, talk about the things that we talk about. So that whole, I don't you know, are these guys wearing clown shoes, question from the other side of the table, gets answered in a big hurry.

Marty Roesch:

You know? Oh, this guy is responsible for the IDS, IPS industry, a lot of the core technologies there. My chief product officer is a guy named Dave Meltzer. He was the built the competing technology to source fire when, we started and went on to become, you know, over the years went and did startups and was the CTO at Tripwire for a long time. Like, he's got a big track record.

Marty Roesch:

Dan Murphy, who's our CTO, you know, 1 of the guys who built the anti DDoS industry. So, like, people, you know, going to large enterprise, these guys just take us seriously because they know we're not kidding around, which is great. And a lot of startups can't do that. But you really have to know who's going to be the most interested in the problem that you solve and it kinda doesn't matter what size they are once you figure that out. Because if you find your ICP, right, your ideal customer profile, it just starts spinning like a flywheel.

Marty Roesch:

So you shouldn't be afraid of going to large enterprises. The large enterprise has the problem that you're addressing, the worst because they'll probably be the most interested. But it's a little harder to get into, sometimes. So with Sourcefire, it was a bottoms up approach. We got the techies first and then 1 up the the ladder.

Marty Roesch:

And the tography, we're kinda starting top down because we have the relationships with the CSOs, so we don't need to treat it the same way that we used to. Although right now, I'm thinking about real hard about adding a a bottoms up approach because I feel like if more technologists got an exposure to what we're doing, they would, be picking up adoption faster.

Ross Haleliuk:

I have a fairly big role to play in helping, to create categories and helping to define acronyms and also in educating buyers to ultimately direct their software budgets towards making a certain purchase. Both of these organizations, like Gartner and SANS, played a pretty big role. And from what I understand, had meaningful impact on your decision to start Sourcefire and also informed your thinking around future product development. Do you think these kinds of organizations should play such a big role in the future? And even more importantly, do you think founders should interact and work with them today, and how should they do it?

Marty Roesch:

Yeah. That's that's a that's a big question. So the so Sans is really influential in the early days of Sourcefire because they they're the ones who kind of put the bug in my ear that Snort was a lot more popular than you think it is. I thought there were a few 1000 users of Snort, something like that. I saw survey results in, the fall of 2000 that showed that, they surveyed their student body and 1 of the questions was, you know, check all that apply check all the intrusion detection technologies that you use and you could, you know, select multiple.

Marty Roesch:

So numbers check 92% of the time. I was like, oh, okay. I had no idea. So, yeah, I had that and, Stephen Northcutt, of course, was my first seed investor in the company, helped me get it going. He saw what I was doing and thought it was, interesting and, you know, put his money where his mouth was.

Marty Roesch:

So that was obviously very helpful as well. But SANS is a training organization, and I was I was an instructor there for the 1st couple years of Sourcefire. And even before Sourcefire, what happened was that, you know, it was almost like, get them while they're young, teach them this is the way that you do intrusion detection, and they adopt that kind of mindset. And everything that's not that looks weird to them. So that was hugely helpful and influential.

Marty Roesch:

I still run into CSOs who was like, I took your SANS course in 2001, and it was great. You know, or I use Snort. You know, it's 1 of the tools that I use when I was just getting going in security. It taught me a lot. It's hugely, hugely influential still.

Marty Roesch:

So that's, that's really pretty pretty interesting how that continues to be influential today. And then Gartner. Gartner's, you know, Gartner's an interesting animal. Gartner doesn't make or break a company, but it does make the phone ring. Being in the that, upper right hand quadrant gets the phone ringing because when you know, all other things being equal and people are saying I need CSPM or I need a firewall or I need whatever, especially the large enterprise customers that you're gonna sell to.

Marty Roesch:

If you're a guy like me, 1 of the first places they're gonna look just to get a list of the companies they should be considering is looking at the Magic Quadrants and looking to see if there's a category. And is there a definition for this? And do these guys fit in certain places and not in others? And to some degree, you have to play the game. And it's, I guess, I would say have kind of a nuanced view on them.

Marty Roesch:

They can be helpful. Like, they can help you define your category. They can help you figure out what you you know, how you should be positioning things, you know, review your your verbiage, give you feedback that they're getting from the market and things like that. They also sometimes they I would say they kind of overstep their remit, like, 20 years ago when they declared intrusion detection dead or things like that, which I I think is a little more of a speculative thing. Right?

Marty Roesch:

And they were saying, well, IDS is dead and IPS is gonna replace it because nobody needs to detect these attacks. They just need to block them. But, of course, there's a lot more nuance to it, than that, and you just, you know, you can't make those kind of blanket statements necessarily, although it's become kind of a time honored tradition in this industry to declare, you know, XYZ dead when I've got the new mousetrap. So, yeah, I think, you know, Gartner Gartner does bring stuff to the table. Your need to interact with them in the early days of your company, unless you're selling to the customers that they're advising, I would say you should be working on other stuff, gaining momentum, the business, and things like that because they're not really gonna help you if your customers aren't paying attention to them.

Marty Roesch:

As you get bigger and you do start getting into the enterprise and maybe you do become part of a competitive category, that's when they get a lot more useful because you can talk about how you stack up and talk to them about how customers perceive you and and things of that nature, and that can be really useful. So, yeah, both organizations, I think, are are pretty unique in their own ways and useful in their own ways. I think if I had a, a free to use version of photography, I might go to sans conferences or something like that to show people how to do the new architecture for network security. If you think network security is going direction that I think it's going, then, you know, you might want to check it out.

Sid Trivedi:

Marty, you mentioned Snort a couple times, and I'd love to dig in a little bit on Snort. And before I do that, in our last episode, we talked about Tenable's journey and how Tenable was built on top of an open source project called Nessus. Sourcefire similarly was also built on top of an open source project called Snort, which you referenced, which was an open source IDS IPS solution that you created back in 1998. Now Tenable decided to commercialize Nessus and make it proprietary software, but you chose to keep Snort open source throughout. How did you figure out a way to monetize free software, and what lessons did you learn about commercializing open source that still hold true in today's world?

Sid Trivedi:

Because now we are seeing a significant number of commercial open source projects that are being created. And in today's world of cloud, AI, and this direct to developer motion.

Marty Roesch:

Well, so I think different approaches that, we took with Smart versus, Tenable and Nessus to some degree are driven by kind of the nature of the technologies. And what I mean by that is that I think that well, I gotta be a little careful here because I don't want to, say anything that's technically incorrect. But I think that Nessus as an engine kind of got into a certain shape and didn't have to evolve as much or as frequently as an intrusion detection engine, would because of what it's doing. Right? It's it's connecting to things and interrogating them and running through vulnerability management data and stuff like that.

Marty Roesch:

Whereas, Snort, as attacks evolves, Snort had to evolve with them. As evasions evolve, Snort had to evolve with it. As the complexity of attacks on the network evolves, the complexity of smart detection engine had to evolve. So Snort was an evolving piece of software that was constantly adding, like like, really new functional features to it and incorporating new ideas and things like that. So I would almost say it's more of a living piece of software because it needs to because the pace of innovation on it needs to be so high.

Marty Roesch:

And I think that the problem that Ron and the guys with Nessus, you know, were having with, with Nessus was that it was a relatively more static piece of technology that had content as the primary driver and it was maybe a little too too easy to adopt the engine and generate your own content, and they just felt like they were hemorrhaging opportunity essentially. With us, I believe that driving innovation into the snort engine was the best way to keep everybody's eyes on us across the entire industry. Like so everybody who's doing deep packet inspection based intrusion detection and prevention, and even in the next generation firewalls, I felt that if we continue to drive the pace of innovation where you'd be nuts to look at anything else and give it away for free, because don't forget that's not monetizing necessarily the engine. I'm monetizing solving the problem that people who are using the engine have, and that's different. So that's that was the method to my madness, and and I was very emphatic about it.

Marty Roesch:

You know? Early on in Sourcefire, when I was hiring executives and things like that, I told them, we are going to continue to develop Snort and give it away for free and make it the best engine we possibly can and give all the innovation that we put into it away for free. And I don't wanna hear and we're never gonna have discussions about closing it because that's not the game we're gonna play. We're gonna monetize the fact that operating snorted scale is actually very difficult. Right?

Marty Roesch:

It's gotta be on appliances. They have to run at certain line rates. They have to be supported. You've got this huge curation cycle involved with all of this stuff, the content that's driving the detections as well as the engines themselves, the back end management platform. That's what people were paying for.

Marty Roesch:

Right? So, you know, in a nutshell, the things that people were paying for in Sourcefire days were scalability, manageability, performance, automation, and support. Right? Those were the things that people were giving us money for. Smart, we gave away for free.

Marty Roesch:

But if you wanna make smart perform and scale, you had to pay. And that was the the model. And, you know, and it worked. So it's called the open core model now. It has a name.

Marty Roesch:

And, yeah, more companies, are using it. And open core models and kind of similar approaches, maybe more tenable like approaches where there's a free to use version and then there's a pay version are certainly much more common today. But, yeah, back then they were very experimental, but I had real opinions on it. I actually, the thing that I spent the most time figuring out how to starting Sourcefire was what the business model was actually gonna be like. Thought about it for maybe 4 or 5 months.

Marty Roesch:

I have lots of advice from different people, what it should be. Should it be, you know, should I do CD ROMs and try to, get them distributed at, you know, CompUSA? Should I, you know, make, little consumer size appliances and try to get in the consumer market? Should I do the enterprise model that I did? You know, what should we, what should we do?

Marty Roesch:

So, yeah. And none of these questions were, like, well answered at the time. They were all very speculative. And I I sat there and I thought about, well, you know, what are are the problems that people actually have with this thing? And that's that was the that's what became the Sourcefire business model.

Marty Roesch:

Like, was sort of causes headaches, Sourcefire is gonna sell aspirin.

Ross Haleliuk:

Talking about building a successful companies, we know that resellers and distributors account for a large percentage of the of the revenue of, successful, public cybersecurity companies. And I believe in case with Sourcefire, it did account for over or roughly 46% of the revenue at the time of of its IPO. 1 of the interesting data points that I found when writing my book was that 9 out of $10 is spent on via channel partners in the industry. How did you get comfortable with direct versus the channel mix? And also, when and how should founders engage channel partners?

Marty Roesch:

I got comfortable with selling to the channel as the company matured. We started out as a fairly direct company, and we had a couple of kind of channel initiatives that went okay, but not great until we really kinda locked in on it in, the 2008, 2009 time frame and came up with a kind of a a multistage graduated channel engagement model where, you know, the more effort the channel partner did, the more margin they would get and stuff like that. So we came up with a much more sophisticated channel model as time wore on. But, you know, the channel gives you scale. Right?

Marty Roesch:

If you're going to get sales scale, you really need to have a an effective channel program beyond a certain point because you only have so many marketing dollars. You only have so many people you can put in the field to go find deals and things like that. Channels have the relationships with the customers that you wanna sell to. They know where the deals are. They, you know, might know about deals that you're never gonna find out about.

Marty Roesch:

So there's many advantages that they have. They also have the working relationship and the trust relationship with a lot of these customers so they can really smooth out your, you know, your approach to a new customer. So I think that, yeah, the channel can be really, really effective, but you have to prove yourself in the market to get their attention. There has to be margin there that they can take advantage of. You know, if you are capable of doing only generating $50 a margin for them per deal, that's not very interesting.

Marty Roesch:

Sourcefire would 1 of the plans could run a quarter $1, 000, 000 since they're getting 30 points of margin on it. That's pretty good day. Right? And if they sell 1 of those or if they sell 10 of them to some big enterprise and all of a sudden you're talking some real dollars here. So getting their attention requires you to be able to throw off enough cash essentially so that they're getting paid.

Marty Roesch:

If 50 points margin is only $50, nobody's gonna be interested. But if it's $50, 000, everybody's gonna be interested. So that's the, that's the real thing. But, yeah, to an entrepreneur in the early days, probably, you're not gonna get the channel's interest until you've got a sufficient amount of, sales volume that they see. Okay.

Marty Roesch:

This is a a real repeatable, you know, product market fits there. They've got a repeatable sales motion. We can take them to our our trusted customers and engage with them. And, you know, they've got a support organization that can support us both from a a sales enablement standpoint as well as a a tech support standpoint. They've got a a well developed, sales engineering core that can dig in on the the technical questions that arise, all those kind of things.

Sid Trivedi:

You know, the the only question I had, Marty, as a as a follow-up there was, is there a specific number of customers or a specific revenue dollar that you'd say is necessary, and at that point, you should start engaging channel?

Marty Roesch:

I would say probably the right time to do it is when you're becoming capacity constrained. So 1 of the ways you can look at your your selling is are you capacity constrained or are you opportunity constrained when you're in the market? If you're capacity constrained and you don't have the ability, especially, to grow into the capacity that you need to have because you don't have the cash or whatever, that's a perfect time to go engage the channel. This is at a certain size, probably somewhere between 5 and 10, 000, 000 ARR if you're selling a, you know, an ARR kind of revenue model. That's probably when these guys are gonna start engaging.

Marty Roesch:

We're already in the channel. We already have channel partners that we're working with, and we're still relatively small. But once again, everybody knows us, so they're willing to work with us out of the gate. They know that we know how to run a real channel program. I think the for the the first time entrepreneur, you know, getting the the company up to a certain revenue level, like, probably at least 5 to 10, 000, 000 before you go try to engage the channel is, is important.

Marty Roesch:

And at that size, you should if you're becoming capacity constrained because your demand is extremely high, that's probably a good, time to go engage the channel. But if you're capacity constrained because I only got 2 sales guys and I can only, you know, make so many phone calls a day, Maybe maybe less so, right, until you get to a certain revenue cliff.

Mahendra Ramsinghani:

But let's spend a little time on the Cisco acquisition. I know that was, at the time, 1 of the largest acquisitions that had happened in cybersecurity, almost $3, 000, 000, 000 You were growing at a phenomenal clip. You had created a new category. All of that is public. But what is not quite available to the benefit of our audience is what happened?

Mahendra Ramsinghani:

How do these exit negotiations occur? What happens? How long does it take? What are the ups and downs? Can you walk us through some of the behind the scenes there?

Marty Roesch:

Sure. Yeah. So that was a very interesting time in the industry. A lot of things were going on. So this is at the beginning of 2013 is when all this got rolling and there have been a kind of there were a few external things going on and there were some internal things going on at Sourcefire.

Marty Roesch:

The external things going on and there were some internal things going on at Sourcefire. The external things that were going on was the emergence of Palo Alto as, next gen firewall company and leader, as well as, FireEye doing this kind of, you know, quote unquote signature free malware and attack detection. And, they were both doing things that we were doing in different directions. They were both extremely well funded companies. There were no expectations of profitability anytime soon for either 1 of them.

Marty Roesch:

I think at the time, Palo Alto was spending 97¢ for every dollar that it brought in on go to market. I mean, it was insane how much money these guys had at their disposal and how freely they could operate as a result of that. And, same thing with, FireEye. They had their appliances doing malware detonation and things like that that, you know, sounded good, and everybody was really, having these kind of, very rosy predictions that we were entering the age of, signatureless detection and stuff like that. And I was, you know, a contrarian on that as I saw off of them.

Marty Roesch:

But, you know, in fact, the matter was that these guys were operating in the market, and they were competing. We were trying to go to market with EDR and building our own next generation firewall. So we had kind of this 2 front war going on at the same time that we're trying to save the preeminent vendor in the IPS space to to forge into these new fields against companies despite the fact that we were a public company. I think we were doing in 2013, we were doing about 220, 000, 000 a year in revenue and grown at about 40%. And that was good, but our profitability was we were locked into our business model.

Marty Roesch:

So Wall Street had expectations of our operating margins and profitability and and stuff like that. So I wanted to compete with these guys because I knew we were either gonna have to compete with them or, you know, we were gonna have a problem. So we're gonna have to free up cash to be able to go fight this new 2 front war in addition to working our existing markets. So on our earnings call beginning of 2013, I I told, Wall Street basically that we were gonna hold our net operating margins flat for this year instead of trying to expand them and to free up. I think it was, it was either 12 or $16, 000, 000 to go duke it out with these 2 incredibly well funded new companies.

Marty Roesch:

So so that's what we were gonna do, and we were trying to figure out how to juggle all of this at the time. At the same time, I had just recently gotten back into the CEO seat at Sourcefire because our, CEO that I, had hired in 2008, gentleman named John Burris, had, passed away due to cancer, unfortunately. And he was a great mentor, really super solid guy. I still remember a lot of his, a lot of his teachings and things. But, unfortunately, he had passed away, so I'm back in the in the CEO seat of my company after, you know, 10 years of being out of it, basically.

Marty Roesch:

So that was going on. We had a lot of uncertainty in the in the business. And then, at RSA, actually, in 2013, we had some, sit down meetings. This is in February of 2013. We had some sit down meetings with, Chris Young and the gang.

Marty Roesch:

So Chris was the new GM of the security business, and he was really interested in the next gen firewall work that we were doing. And we had just entered the market with our own next gen firewall built our own firewall from scratch, to run alongside with the the IPS technology. So they were very interested in that, and, you know, we came to find out was that Cisco had tried to build their own next generation firewall, but it had been kind of a flop. So they were feeling like they were being pressured by, by Palo Alto at the time to come up with a better answer, and we were 1 of the only games in town, essentially, to do that. So they started talking to us about that, and we started talking to them about what we were building as well as our cool new EDR technology called AMP, and they decided to engage.

Marty Roesch:

So we went from the initial meeting in February of 2013 to announcing the acquisition in July of 2013. So pretty quick, like, 6 months. And that's really quick for Cisco also, and and it was a large deal. So, yeah, it was, it was really interesting. And the dynamics of doing the deal, there are a lot of pieces to the puzzle.

Marty Roesch:

Once we determined they were really interested in engaging, we hired a banker, Catalyst, and they were, you know, great to work with. They did a a lot of analysis with us to figure out if the deal that had been offered was was fair and what kind of price expansion we were gonna have to have and things like that if we wanted to grow the stock price. We were trading at the time around $53 a share, and Cisco had offered us $76 a share. So it was pretty substantial premium on the stock price. So we did all the math and got all the bankers involved and, you know, all that stuff and made the decision.

Marty Roesch:

But it was a tough decision for me because Sourcefire, you know, the business was a great business and we were doing great things, but the company was such an amazingly great place to work with all the people that we had there and how gelled the team was and just what a what a nice place to work it was. You know, the management team, we got along very, very well. We are still friends to this day. And, yeah, it was just a it was a very unique environment. We didn't really have politics there.

Marty Roesch:

We had a very outward focused culture that was just focused on building great products for our customers and for competing as hard as we could in the market, and that really kept people, aligned with, with just being successful. So I was 1 of my major kind of hold ups on doing the deal or not. It's just it's gonna change things. And when it does, you know, we're never it's gonna be hard to recapture the magic. And that is, that has proved to be true.

Marty Roesch:

So, yeah, Sourcefire was, was a very unique animal, and getting the deal done with, with Cisco, there's ups and downs. There was all sorts of things in play, but it was kind of fascinating too. I got to work with John Chambers directly. And, you know, he's an industry legend himself, and he was, you know, he'd be calling me up at Saturday mornings and ask me how the deal is coming along and stuff like that. So, it was, it was really exciting time.

Marty Roesch:

But, yeah, there was, there were definitely the pros and cons to it. And as an entrepreneur, what I would recommend is, you know, 1 of the things that I say to almost all of the entrepreneurs that I work with when I'm, advising is you have to figure out what your victory conditions are. Like, what is success to you? Is it IPO ing a company? IPOs are vanishingly rare for a software company.

Marty Roesch:

The NEA guys used to have, a slide that showed the odds that you had of going from founder of tech company to funded to IPOing or any exit to an IPO. I think the the odds was of all companies started that were tech companies that produced a business plan that put it in front of a VC, it's about 1 in 80, 000. And, you know, those are pretty terrible odds until you look at the Powerball lottery odds, and then all of a sudden, they're actually quite good odds. So but you should always figure out what your victory conditions are because that will inform you when is enough enough. When can I say, yes?

Marty Roesch:

We did a great job. We did what we came here to do, and we're ready to, you know, take it someplace else to the next level, to another level, either IPO or take this acquisition offer that's on the table and things like that. So, you know, when you look at a deal like the deal that Barracuda guys put on the table in front of us, that was nowhere close to victory in my estimation. When the Cisco guys came along and gave us a, you know, 40 something percent, you know, boost on our, our trading price, it was like, yeah. That's you can call that success.

Marty Roesch:

Also, 1 of the things that kinda ground away at me in the background as I was deciding whether or not I wanted to take this, you know, special magical thing that I had built, sell it to Cisco, was, don't be Yahoo. If you remember very famously, Yahoo had a $40, 000, 000, 000 offer on the table from Microsoft and told them to go pound sand. And 2 years later, they're worth, like, $4, 000, 000, 000 or $2, 000, 000, 000 or something like that. Don't be those guys. That's always that's always something you gotta keep in the back of your mind is there is a failure option.

Marty Roesch:

We can always screw this thing up later. Right? So that's the the thing an entrepreneur always has to also keep in the back of your mind. Be humble. Right?

Marty Roesch:

You have to have some level of humility. Is this going to continue forever this way, or are there there potholes that we could fall into? Are there, you know, problems that we could have that are insurmountable? That sort of thing. And when the Cisco deal came along, it was pretty obvious that that was victory.

Marty Roesch:

We can be happy and a job well done.

Sid Trivedi:

Marty, you spoke about investors and these critical junctures of of decision making at Sourcefire pretty extensively. You had 3 quite big name investors on your board at Sourcefire. You had Asheem Chandna. And for context for the listeners, Ashim joined your board before he had joined Greylock. So he wasn't even a VC at the time that he joined your board.

Sid Trivedi:

Then you had Tim Guleri, who who's at Sierra Ventures, and you had Harry Weller, who's since passed away, unfortunately, but was at NEA at the time. And all 3 of these kind of big name VCs were relatively early in their venture careers when they joined the Sourcefire board. What was it like working with the 3 of them? What did you learn from them? What annoyed you about them?

Marty Roesch:

Oh, boy. Let's see. I gotta be a little careful here. So, I never got particularly annoyed with, any of them. I think the most annoying thing that I ran into on a relatively frequent basis was kinda Silicon Valley groupthink.

Marty Roesch:

I remember very distinctly in 2008 when the markets were melting down and, you know, the whole the Sequoia noted come out about, you know, hard times ahead and things like that. We went into a board meeting, and I think this is in November of 2008 or maybe October of 2008, something like that. We went into a board meeting and, like, the VC board members, like, you have to fire 20% of your team, like, immediately. We're like, woah. What?

Marty Roesch:

And, you know, we were like I think we were 400 people at that time. It's like, we're gonna fire 80 people. I mean, we're growing like this. Why why are we firing all these people? It's like, you just have to.

Marty Roesch:

And, you know, we explained to them very calmly, look, guys, we are not at all and we're a 400 person company, and we're, like, a 100, 000, 000 in revenue or 80, 000, 000 in revenue growing at, like, 40 or 60%. Like, guys, we are not at all opportunity constrained right now. We are absolutely capacity constrained with our ability to sell this product. Like, nobody's taken their foot off the gas from a buying standpoint. This is a cybersecurity thing.

Marty Roesch:

Like, let's all remember kids. Cybersecurity is plumbing. The pipes are always leaking. Everybody needs security all the time. So that's the, you know, the mindset, and we we did ultimately fire, I think, 4 people.

Marty Roesch:

It was like, we just use it as an opportunity because it's like, well, we gotta fire somebody, and there were 4 people. It's like, well, we've been kicking these names around for a while anyway, so I guess we should just do that and call it good enough. So we did. And, yeah, that you know? So the the group thing thing is, is sometimes a problem, but, you know, a lot of times they're willing to be reasonable, especially if you back it up with numbers.

Marty Roesch:

You can show them No. No. This is actually not of a problem for us. Although independent of, you know, what we were saying and how the business was doing, our stock did bottom out below $4 a share in, in November of 2008. You know?

Marty Roesch:

So $3.89, I think it was. And, you know, a year later, we were trading at $26 because we kept beating and raising every quarter. So anyway, yeah, it was really the boardroom was pretty interesting. Harry was awesome. He was a believer.

Marty Roesch:

He was the kind of VC you want that really believes in your vision and really believes in your believes in you and what you're saying, what you're doing, and how you're doing it. He may not understand it a 100%, but his level of enthusiasm and just support was phenomenal. Tim was, pretty early. He was, he was a true believer right from the beginning. They actually found me at the, RSA show, I think, in 2002.

Marty Roesch:

We did our first booth there. We had a 10 by 10 booth with a big pig on the backdrop, and, you know, we had this big crowd of people standing around us, and we clearly had no idea what we were doing. You know, we had raw appliances just sitting there on the, you know, on the table in front of people and just, you know, show them what it could do and our crappy gooey and stuff like that. But he saw the crowd and he started asking around and realized there was an opportunity here. And he was very enthusiastic investor.

Marty Roesch:

Ashim came in a little bit later, but he was, you know, with his background in, marketing at, at Checkpoint, he was seen as somebody who'd really help us flesh out the, the marketing story, and he was great too. A lot of great insights, a lot of great access also. He knew everybody, so that was always really, nice to have as well. Yeah. So it was very interesting and we were all a lot younger.

Marty Roesch:

I mean, this was 20 plus years ago now. So, it was a very interesting group of people, but they were generally very supportive and, you know, a lot of enthusiasm for what we were doing and, you know, when I turned out to I think I think everybody around the table including me felt a lot smarter when it turned out I was right about my business model. So, yeah, I think, you know, nothing succeeds like success. And, as a great group of people, they let us operate, for the most part. So there's always gonna be annoyances in boardrooms, you know, people who, you know, depending on where they come from, their their background, whether or not they've been responsible for operational profit loss and things like that, they can be more or less help in different areas.

Marty Roesch:

You know, you've always gotta pay close attention not just to who's gonna be in your boardroom, but what their backgrounds are and where they come from and kind of the the types of help that they're gonna be able to give and things like that. But, yeah, great group of people. We had really great luck in the the the early to middle ages of the Sourcefire board. Just very talented investors on around us.

Mahendra Ramsinghani:

So the lesson there, Marty, is that avoid groupthink, especially if it comes from Silicon Valley. And I think you have a unique advantage when you're based in the DC area. I think you and Ron both avoided the Silicon Valley Group thing very elegantly. 1 interesting data point about capital is that at Sourcefire, you raised 4 rounds. And before going public, you consumed only $35, 000, 000, 000 In fact, $20, 000, 000 was still in the bank at the time of going public.

Mahendra Ramsinghani:

And here at Nerdgraphy, 20 years later, your Series A is like $45, 000, 000 Very different numbers, very different times. You know, 2 decades have passed by. What are some observations about the flow of capital? What advice do you have for founders in these times?

Marty Roesch:

Yeah. Well, Sourcefire was incredibly capital efficient, amazingly enough, but things were pretty different back then. So the company got going right after the tech bubble bursts, which was kind of fascinating because, you know, the down times is when people get hungry again. And the good times is when people get, complacent and, to some degree, when the money is out there, they'll, you know, they'll want it. So the team that we had, especially in the early days of Sourcefire, very famously, the company's management team was largely solidified by year 2 of the company and stayed with the company for the full ride.

Marty Roesch:

So it was, it was really interesting team and that we got the team right almost immediately out of the gate, which is very, very difficult to do. Yeah. On the on the money side of things, the capital efficiency that we had then is very difficult to replicate now because this company started right at the tail end of the last boom period. So and I shouldn't say it started. I should be a little careful about that because it started a few years before that.

Marty Roesch:

But when I came on board, it was right at the tail end of 2021, and people were very expensive in 21 and 22. There's inflation. We're operating in AWS now, so our ongoing operational costs for, you know, providing our service are always there. You can do much more, you know, when you're selling appliances. You buy what you need, and you put them together, and you ship them out to customers.

Marty Roesch:

You get margin right away. We have to have all this reserve capacity at Amazon in case 1 of our customers blows up or something like that. So we end up with you're paying a $100, 000 a month for your Amazon bill. You know, that's just an expense that's baked into the to the business. Also, you know, in the early days of Sourcefire, when I I hired my first CEO, I, at the time, was only paying myself, like, $75, 000 a year.

Marty Roesch:

So he basically set a flat salary cap for all the c level people at the company of a 150 k, and that was it. So everybody was, like, at this level, and we'll start giving raises and getting people to more market prices as we're successful or not. And now, like, people have expectations that are well beyond that. Nobody nobody wants to be well, you know, they're working from home, and if they live in San Francisco, they're gonna want a different salary than, you know, if they work in, Columbia, Maryland or, you know, Annapolis, Maryland where I am. So that also kinda weighs on it as well.

Marty Roesch:

So, yeah, the expenses, they're very different expense model now. People are much more expensive as well. The marketing is much more advanced, but also commensurately, expensive whether or not the market emerges for you. So, yeah, the the expense load seems to be much higher than it ever was in the original days, but I think that's you know, the market economics are different now, and the tooling that's out there is different and things like that. We didn't have Salesforce when I was getting going, and now we do.

Marty Roesch:

And, you know, we pay 1, 000 of dollars a month for that, so on and so forth. But you gotta spend money to make money, and that's, you know, how you gain efficiency in these businesses these days where we can have fewer people doing more things, and that's the the theory of it. But sometimes it works better than others.

Ross Haleliuk:

Thanks, Marty. So having covered the past and the present of building companies, let's place our hand on the crystal ball. And and in our last question, let's briefly talk about the future. You've been in the industry for quite some time. You've been around for over 2 decades, enough to witness several generations of companies, a variety of geopolitical developments, and different cohorts of practitioners and entrepreneurs trying to move the industry forward.

Ross Haleliuk:

What do you think security is going to look like 10 years from now? And finally, what future should the early stage entrepreneurs be preparing to in this AI first world?

Marty Roesch:

Well, 1 of the things that having, 20 plus years in the security industry and, longer than that involved in the tech industry has taught me is that, we always have to be careful about, you know, straight lining approximations. You know, 22 points 2 data points is not a trend make. So AI is ascendant right now, but we all have to remind ourselves that AI has been ascended many times over the past 40 years. And, you know, there's a term called AI winter, which was coined after, several rises and falls of AI. I remember when I was in college, 1 of my computer engineering professors working on expert systems, which is what AI you know, you couldn't call your stuff AI anymore.

Marty Roesch:

It had to be called expert systems because you couldn't get funding for AI because I'm because we were in a AI winter. Alright. So that said, I think that, you know, in the future, I would like to think that there are going to be fewer security companies, but it's hard to see it incentivized at all except for by the smoking craters left by security companies that have failed and kind of the barriers to entry, to this industry, which are quite frankly few. So there's that. I think that, you know, the cloud's with us to stay, so you're gonna have to build for the cloud.

Marty Roesch:

But there's a whole world out there of things that aren't the cloud that you need to consider. So, you know, 1 of the things that we do at Netography is we bring together a composite view of your multi cloud world plus your on prem IT and OT world. Right? Really cool. Nobody's ever really pulled that picture together before.

Marty Roesch:

So while, you know, we are kind of cloud first with what we do or cloud hosted, in fact, we remember that there is an on prem world. We remember that there is an OT world. And, you know, you also have to remember a lot of the security technologies and approaches are, are cyclic as well. So I kinda joke around and say, you know, it's 1995 in the cloud. What I mean when I say that is that, most cloud security is access policies and some light firewalling and a lot of, you know, host based security essentially.

Marty Roesch:

Agents log analytics is the vast majority of, cloud security these days. And to some degree, everybody forgot about the network, but, you know, I think they forgot about the network because the tooling that was out there was the architectures were incorrect and that's kind of our whole our whole thing. But yeah. You have to you know, as you're thinking about what the security industry is gonna look like and and things like that, if you look backwards, you'll see the the trends. You know?

Marty Roesch:

When I was getting going, with Sourcefire, there was a big, resurgence in endpoint security, like Okina and things like that. And then IPS came out, and IPS eventually morphed into next gen firewalls, but then we saw advanced persistent threats become a thing. And APTs were really best addressed by endpoint defenses once again. So we saw the emergence of EDR or swing the needle back towards defense on the endpoint. Then we saw everybody go to the the cloud and then all of a sudden log analytics get important again.

Marty Roesch:

And we see vendors like Splunk explode as everybody's trying to instrument their networks to be able to look or, you know, their enterprises to be able to pull all the logs together and things like that. So these things kinda wax and wane as time goes on, and that's just gonna keep happening. This kind of 3 legged stool of the network, the the work load slash device slash whatever the, you know, this this endpoint processing, that's going on and then, you know, looking at all the logs that are produced by things. And, I think that's just gonna keep going. We have interesting, I would say, revolutions or unlocks that happen as a result of larger trends here like AI is 1 of them.

Marty Roesch:

The cloud has actually been really interesting because EDR was possible because of the cloud. You couldn't do EDR until cloud existed. Once the cloud existed, you unlock the ability to do EDR. 4 or 5 years after that, you saw the first, cloud based log management platforms and SIMs and things like that, like, Sumo Logic, they emerged. And then the network didn't show up really until, and this is, you know, me talking my book, until photography showed up.

Marty Roesch:

Like, nobody ever tried to do it, but, you know, the clouds unlock the ability for photography to exist by letting us take this, you know, this metadata driven model and make it happen. So is AI gonna be another 1 of those unlocks that produce a new wave of security vendors that are built on capabilities that are unlocked by, AI. I think the jury's out. Everybody wants you. Like, if you wanna be taken seriously by investors right now, you gotta put AI somewhere in your pitch.

Marty Roesch:

So everybody's definitely, everybody's definitely trying to figure out ways to to make it relevant whether or not it is. You know? It would be nice to speak English to my product and have it spit out my proprietary language, for example. It'd be nice to have it summarize my events in a human readable format so you don't have to actually, understand IP addresses, important numbers, and things like that on 1 hand. But on the other hand, the amount of cost that's involved to be able to provide that capability is is different.

Marty Roesch:

So, you know, where is that cost gonna exist in these model, in these business models, and all that stuff's gonna have to be worked out. But I would say there there's probably some unlocks coming from LLM, you know, the the emergence of LLMs, and it's not just chatbots, but, you know, being able to use products more intelligently and more intuitively that are gonna be unlocked by AI. Then you get to the other things that we can do with it. So, you know, AI is becoming more and more advanced, but I look at my product for example. So today, we are aggregating across all of our customers trillions of data points a year, trillions.

Marty Roesch:

And so you'd have to be insane not to look at that and say, oh, there's an AI application there, I bet you. And there probably is, but think about all the money that's gotta be spent to train a model. I can look across all this data and, like, detect detect weird, detect bad, detect, you know, the things you wanna detect, and then curating that model on an ongoing basis and things like that. And is it worth it? Is it worth spending all that time and money?

Marty Roesch:

Is it gonna give us unique insights that can't be gotten in other ways? That sort of thing. And everybody's gotta be asking this question because people are real sloppy about how they use AI, and I know you're all aware of this. People are very sloppy about how they apply the words AI and ML and things like that to what their products can actually do. You know, if your AI is a data center in India, you know, and for some companies, it absolutely is.

Marty Roesch:

It's putting the lie to the entire industry. It's basically making the entire industry look bad because then you've got, you know, kind of this, noise problem that everybody has to try to break through where where you gotta get through the noise floor of all these companies or the majority of these companies are in spinning, you know, just pure fantasy. And then there's a small number of companies that are actually executing, providing things of real value. Yeah. So I don't think, you know, I don't think the network's going away.

Marty Roesch:

I don't think malware's going away. I don't think ransomware's going away. I don't think bad actors are going away. Maybe we have some nation state level stuff that goes on where, you know, it becomes much more financially or physically costly to mount these cyber attacks. You know, maybe the government gets into it a lot more than they are right now.

Marty Roesch:

That'd be interesting to see. But, you know, the thing that you can depend on is that, it will definitely look very different in 10 years than it looks today just like 10 years ago when we were just, cloud adoption was on the rise. But, you know, the trends that were really, I think, unlocked by the, by the pandemic of remote work and work from home and more motion to the cloud and and things like that and these much more dispersed network environments. I think all of those things were driven by the emergence of the pandemic. So, you know, you never know what the the actual triggers are gonna be for these things as well.

Marty Roesch:

So something could come along like aliens coming out of a UFO or something that say, oh, we have much better ways of doing networking than you guys thought of. Maybe that's what Ron was trying to tell me when he married that woman who went to Canada.

Mahendra Ramsinghani:

You know, Marty, I know the industry is glad for sure that you and Ron did not end up chasing UFOs. Both of you have built iconic companies, decades of your life have gone into building products that have helped millions of users worldwide. And, you know, we wanna thank you for your service and inspiration that you provide to founders. Building companies, raising capital, building teams is not easy. You've done that once and now you're back at it again.

Mahendra Ramsinghani:

So that shows that you're, like, persistent, and they will continue to play this game for a long time to come. We certainly look forward to have you and Ron again maybe to just discuss the UFO part. Wonderful.

Marty Roesch:

Absolutely.

Mahendra Ramsinghani:

Wonderful. Thank you so much, Marty. Thank you for your time. We really enjoyed the conversation today.

Marty Roesch:

Oh, I enjoyed it too. Thanks very much. I should give a shout out to Ron's wife, Cindy. That woman's actually her name is Cindy. She's a lovely person.

Marty Roesch:

So I don't want her to be offended that I didn't mention her. But, yes, thanks very much for the opportunity today. I appreciate it. It's a lot of fun talking to you guys.

Sid Trivedi:

Thanks, Marty.

Ross Haleliuk:

Thank you, Marty.

Sid Trivedi:

Thank you for joining us Inside the Network.

Ross Haleliuk:

If you like this episode, please leave us a review and share it with others.

Mahendra Ramsinghani:

If you really, really liked it and you have some feedback for us, wrap it on a bottle of Yamazaki and send it to me first.

Sid Trivedi:

No. Don't do that. Mahendra gets too many gifts already. Please reach out by email or LinkedIn.