this is the place that made nerd cool the most popular password in the United States is password one two three those are some of my previous passwords who on Earth would actually fall for that I'm sensitive information has been sort of given to the wrong hands hello everyone and welcome back to the security repo podcast we have a great episode here planned today and it's an episode that's a little bit different today we're going to be looking at security from a vendor's point of view and looking at product LED growth what is product lead growth or plg well this is one of the many questions I get to ask Ross hillock who's an expert in this field and we're going to be looking at specifically from security vendors point of view with the idea that it will help us understand and evaluate the products that we're looking at as Security Professionals and also help us to understand a little bit behind what is going on so without further Ado I will invite Russ to introduce himself and start the episode yeah let's do it uh yeah so I'm Ross as you've said uh I'm at currently ahead of product at lima charlie so at lima charlie we build tools for technical cyber Security Professionals security Architects security engineers and other security people who know what to do and who want to get a full control of their security posture we are like an integrated security platform and uh the the platform itself gives security teams full control and and visibility over their posture before joining lima charlie I've LED product in a number of different Industries I was in e-commerce I was in retail wholesale fintech operations in both B2B and b2c I find myself focused primarily on the B2B but my experiences is broader and a bit outside of the of cyber security itself you've got a lot of Articles out there you're you're I would definitely call you an expert in this field but you know to to go into product LED growth I mean I have an idea about what that is um I've I've heard that I've probably even used the term but in your opinion you know what is product left growth yeah it's such an it's such a great question especially because I don't really think there is the right answer uh I I'm sure uh if you were to ask this question of 10 people you would get 11 different answers so definitely product life growth uh the way I think about the product like growth is uh I think it's a mindset and it's a go to market strategy which treats product as the main vehicle for growth so like for for for company growth and for business growth so historically companies achieve their growth by uh expanding their sales teams by going the traditional the so-called cell sled path where they would try to Ranger demo get the formal proof of concept going negotiate a large multi-year contract signed the contract and then close the deal so in the past decade we started to see that the ways people people buy product uh has changed not all purchases are are top down we see more and more individual contributors across the Enterprise starting to gain voice and starting to gain the power to find to evaluate to recommend different Technical Solutions that their company can Implement like here is the way I think about it uh haven't been used to creating Pro to creating an account for say a food delivery app in about two to three minutes uh placing an order and having the food delivered in like in at the front door within about 10 or 15 minutes people have started to to to look for like like their expectations when it comes to buying tooling for work as well if it takes you about half an hour from the moment you've learned about the the and like the the food delivery app to the moment you have a lunch at your at your table it doesn't like it doesn't feel okay if you need to take like three and a half months going through the mandatory sales demos before you even gain access to the product you're evaluating so like more and more people want to get started without having to talk to the to a sales person uh without having to meet mandatory spend requirements without having to negotiate contracts and so on so users wants to see that users want to want to see the technical documentation the pricing and all the other stuff up front and so it's it's all it's all the changes in the buy-in behavior that are accelerating the the product like growth approach it's not like it is at this point plg is becoming a bit of a buzzword but at the same time uh we have a number of small and medium sized businesses who have uh like who who are now starting to use products that they did not have access to before and think think about it this way uh well for me this is this this is history this is theoretical but I know there are many people who have who still remember the times when computers were only accessible to large Enterprises with the IBM and so on and then over time as the advances of their in personal computing uh have happened not all of us have like at least at least two laptops probably in front of our eyes and so the same change is happening is happening uh today when companies who used to not be able to afford the Enterprise tooling are now starting to buy it and a small bit to a small uh a small and medium uh Enterprise didn't have enough money to to sign a multi-year contract they don't want to negotiate pricing they probably have like 10 users they need to get licenses on and so that's another factor that is filling the plg But to answer your original question product-led growth is a mindset and it's this mindset that we we are seeing now uh starting to to catch on including in Industries like cyber security and it also the mindset that we will be seeing more and more in across other Industries as we go along that was uh that was a really interesting breakdown I like I like the way that yeah you think of it as as a mindset because so many of these acronyms we we throw around and we kind of understand what they mean but we you know what is it really be what is it like tangibly and that you know it's a it's a mindset for companies to adopt that makes sense to me but if as part of this going through through this you're talking about the decision-making process and kind of the different stakeholders in in the people using the products and the Enterprise Products you know is it that you're we're finding that we have more people with their hands on the products now is that something you know that we're we're growing into it's not something I've really thought about but I guess we have more people using kind of different areas and products is that something that you've kind of found through this process that where the the reach is extended therefore that the products stakeholders have changed and ultimately I guess the decision makers have changed in the purchasing process uh there are there are definitely a number of a number of factors I think one which is uh definitely quite strong is that people see there was a time when uh decisions in in companies would have been made uh from the top down and so the leadership team decides that hey this is like this is the tool we're going to use or this is the business strategy we're going to pursue and that gets cascaded to the bottom where people just have to execute and and move the company forward uh when you think like when you think about the tech industry in general you realize that the the mindset and the way the way companies Embrace their strategies the way companies execute and their strategies and the way companies come up with the strategies have changed in general now more and more individual contributors like you and I and people at different levels in the company get the ability to recommend Solutions get the ability to to bring their own ideas and their own opinions to the table and have those ideas aggregated discussed and and ultimately used to shape the way like to shape the direction in which the company is going to go and in the same way as as we started to use more and more of those bottom-up approaches to our uh to our work in general in the same way we are starting to use more and more bottom out approaches when it comes to the selection of of the software the company is going to use so there was a time when you know a CTO or the head of Technology let's let's use it more abstractly would say hey this is the tool we are going to use I went to like three different demos I sat in the company's headquarters we've signed the contract this is what's happening but now like a marketer uh a marketer in charge of in charge of like email campaigns would would be doing their own research talking to their peers and saying hey what are you using to solve this problem what works well what doesn't and so aren't with that knowledge they would also do their own research they would do their own quote-unquote POC they would check what have the product works if it solves their problem and if it does they would come to their to their management and say hey we need this tool and here is why in the same way people in cyber security as an example the industry we we are talking about like there was a time when all the all the decisions would have been made without even without any consideration of the of the ideas and perspectives that that individual contributors bring to the table now it has started to change the cyber security in general it does have its own nuances because again the decision is still made at the top it's a very high impact business decision you can't simply you know you can't simply uh find the find the cool tool and plug it into your company's Network that is not reasonable and obviously it's very it's a very high risk decision having said that more and more individual contributors in the industry are becoming empowered to go out to look at what at what's possible to do like to to set up their own home labs to test it out in their own home labs and then to come back to their to their management and say hey here is this product I've tried it here is how it works here are the pros and cons I have about to be consider it one as we are looking to do something something like this in our Enterprise and that I could you can really see that and and security is a little bit nuanced in that we still have an old way of of kind of going through the buying process not because the industry is dragging behind but because this kind of as you've mentioned certain higher risks um in there but you know when you think about it the the security we're kind of breaking down the silos a little bit in security like you we talk about devsecops and shifting left you know so now well actually you know uh more people are starting to touch the security tools at least a little bit you know it in the case of git guardian we build Enterprise uh Secrets detection for you know for large organizations but individual developers may may be the ones that first find out about our product you know because they've leaked something online or or whatnot but but let's let's dive a little bit into just the the security uh side of this because you know we're you know product LED growth is is probably not something that security the security industry is is really thinking about and security vendors are really thinking about so why why is it something that that kind of vendors and security organizations and security should be thinking about product LED growth what what is it about security now that's kind of changing and why is it kind of a ripe industry to think starts thinking about this basically there are number of reasons for this one that comes to mind is that selling the tradition like going the traditional path and selling to selling cyber security tools to assist us has just become uh too expensive like it is in fact for for smaller startups it is prohibitively expensive and as the market is getting more and more crowded ceases and like the Security leaders are overloaded with the number of tools and vendors and startups trying to get their foot of their door trying to quote unquote book a quick demo and so it's becoming harder and harder to arrange those demos it's becoming harder and harder to differentiate it but even if the demo does happen it's it's very like it's rare that the the people in that call can see some real results can understand uh what the company does really well have it have it look have it is different from all the other 125 vendors in that space so it's becoming it's genuinely just too too expensive to get in front of the decision makers and that like that's one of the reasons so more and more companies are trying to look for new ways to to get their foot in the door and product like growth is one of those ways uh if you can get and individual contributor if you can get a security professional who is doing the the research into the new tooling on the market at their free time or maybe as a part of their of their assignment at work if you can get them discover the product get started without having to go through like a number of artificial uh artificially created uh hoops and and blockers if you can get them right into into the product see see if they can see what the product does if they can evaluate if it if it could be a good fit they themselves can then become an internal Champion bring in the product internally to their leadership team so instead of now being one of the vendors trying to reach this seesaw or the head of security or the or the head of engineering uh for a demo using the traditional like sales approach you can get the product into the into the hands of of people who are who have the trust of that of that security leader internally you can help those people become your internal champion and really like push for the adoption of that product so there is like there are a number of advantages Associated when it comes to uh when it comes to getting the tool into the hands of of the end user into the hands of the practitioner the other the other factor which we've kind of we've touched on uh briefly before is the fact that technical people are gaining more and more power and more of our ability to recommend Solutions internally so it's becoming like it's becoming very common for them to play with the product in their home lab and then uh bring it to their leadership team and uh last but not least is definitely the the focus on the small and medium Enterprises so historically it's just the large companies that had access and had the need for security tooling or at least that was the perception like many of the many of the mom and pop shops were not really looking for anything to secure their operations while now uh Rising insurance premiums uh the rising ransomware uh pythoning government regulations which we are seeing every single day and also the requirements from their vendors and partners are pushing SMB Market to start adopting cyber security tooling and when you think about SMB you think about somebody who probably has like five to ten maybe 25 maybe 100 employees you think about somebody who quite often really uses free versions of their of the tooling out there like many of them use free tier of slack many of them use free tier of other of other products just because wow like they don't have a whole lot money to spend they don't have an a lot of time to look for uh resellers who could satisfy their needs so they're often just kind of trying to find what works and being Scrappy and being creative about about solving their problems and so I MBS don't have like they're not used to the long self they don't have don't have a legal a legal or a contract uh person on the team to negotiate a good contract and in fact even from the vendor standpoint like you don't want to have like you don't want to negotiate contracts for five or ten licenses with an SMB that's that is just not not what what will make you profitable it's too expensive it's prohibited prohibitively expensive and so there is companies looking to uh to get into the SMB Market benefit a lot by having transparent pricing having a self-serve model and having an easy way for an SMP people to get to get started and to get on board and to start paying without having to talk into to to sales teams and go through large sales processes you can you can you can really see like how that comes into place with the the small building businesses when you know when you talked about the delivery app way back at the start where you could spend and half an hour after discovering something Foods at your door if you want to set up you know the internal messaging system it takes you know an hour you may look at slack maybe you look at Mata most and then you get it set up and then you your email clients your Cloud host whatever it is like all of these things you could do quickly and then and then oh security is going to take six months you know like it doesn't work um but it is interesting and what you say because you know some people might hear this and say well smbs you know as you said trying to negotiate a deal for 10 seats isn't worth it anyway so where's the value in going down this product LED growth where's the if we're targeting large Enterprises you know what what is the value in your opinion of um making your product accessible to the the um the small billion businesses like when when when they're not going to be what's going to change your balance sheet you know what's the what's the argument for providing value into that area in security what comes to mind is that they're like when I think about plg it's not just about smbs I I I'm bringing up smbs as an example simply because that is the market that has been growing like in the past like large Enterprises were buying cyber security tools like one two three four five ten years ago smbs weren't now we have we have a like a large influx of small and medium Enterprises looking for security because that's something they didn't have to worry about before and now they do so it's essentially a new a newly a newly created Market and that's that's why plg that definitely makes sense for that category but when I think about the Enterprises a product-led growth can make a huge difference uh in Enterprise sales as well uh as I've mentioned getting an internal champion [Music] help speed up the sales process is is incredibly useful on the other hand what is also very helpful in Enterprise sales is shortcutting the time it takes for the for the proof of concept for the POC to complete and when when your product can be accessed and deployed and onboarded even before the business conversation starts that that can shorten the time dramatically and obviously if you make your documentation easily accessible if you make the product easy to use if it's easy for people to understand if it's quick and easy for people to understand what the product does how it works then you also don't need to spend as much uh as much resources and time of customer support teams on all of the hand-holding and getting getting the Enterprise customer through the initial POC POC stage or even through their onboarding once they do decide to to come up to speed so it's uh in many ways product-led growth is is very much complementary to the traditional cell sled growth It Is by no means I'm not suggesting that plg is going to is going to absolutely replace the need for sales teams those two approaches they work together and when companies Embrace plg as a mindset they start thinking about a lot of the decisions they make and a lot of the decisions they have to make when they're designing their Enterprises they start thinking about it from a different perspective they start putting the product into the into the center of the equation and from there uh they start evaluating okay what is needed for this customer to adopt the product what is needed for them to start paying and things like customer success things like sales sales engineering like pre-sales post sales marketing they become a part of this of of this like picture with the product in this and and the user experience in the center of that of the picture as opposed to just a large number of departments trying to each take like trying to each government in their own Direction and take the priorities that they believe are important uh and and pursue those yeah I really think he nailed it in there because it is you're adding value to so many different stakeholders you're you're adding value to uh okay the the teams that can just come ahead and and and and use the product you're not wasting sales Resources with smaller deals you're adding value to the security teams that can now become those internal Champions and illustrate you know the benefits of your product you're adding value to the to the sales teams that you have because you're reducing this out there's this their sales length you know because you're not replacing them but you you're helping them do a lot of their job and then all the way up to the top you're you're adding value to the ceso who now can come in later in the conversation or you know whoever's the manager Whoever has the purchasing power come in later of the conversation when all of these uh what all of these questions have been answered because everyone's been able to review the documentation try out the product in their home lab connect it up to you know if it's insignificant data you know do it do a test do a proof of concept the reason it is so important and can be a such a big game changer in cyber security in particular is because the vendor Market is so incredibly crowded that if your company is claiming to do X there is at least 10 to 100 other companies in the space that are claiming to do the exact same thing and in many in many ways those vendors would be all similar sometimes they differ but the I I personally believe that the best way to to give the customer the ability to evaluate the product is to just give them the keys and say hey go and check check it out for yourself like no you don't have to like you don't have to you don't have to talk to uh to to a marketing team you don't have to talk to the sales team you don't have to talk to people who don't use the product themselves all you need all you really need is create that here is an account go like go and give it a try like get your data into the product see how it works and once you have invested so much time and so much effort trying it out it's much more likely that your team will become familiar with the product they will they will they will develop this this sense of familiarity this sense that hey you know this can actually solve our problem and now the vendor that is taking the plg approach is a few steps ahead of the other vendors with whom this this potential buyer has just had a bunch of sales calls and never actually seen what the product does you can just imagine an error if if your product is a closed box and you're trying to evaluate different things yeah and you could use one product you could feel it even if it's not in your uh immediate pipelines or data or infrastructure you know then then you have such an advantage of that one one of the things I'm um one of the things I loved about when I started working for Geek Guardian is that they had they were we were building software for large Enterprises but were really focused on individual development how git Guardian was able to kind of break through as a very early company is we started uh scanning vulnerabilities on GitHub in public code and then alerting people if they had like leaked secrets in their code and we did all this for free um and I'll you know and and that enabled us to kind of go from the developers that leaked a corporate key that had to have a conversation with their manager and then told them how they found it and all of a sudden we're talking to these large companies it's kind of counter-intuitive and what you've been adding to is kind of like the the different the different levels that you could achieve on top of that I think it's really important for for organizations to be able to stand out uh from from the crowd I have I have one kind of last kind of technical question in this and we've talked about a lot of it so I think it's probably maybe just reiterating some of this but you know we mentioned at the start that product-led growth is a is a mindset but insecurity if you're a vendor and you're wanting to embrace product LED growth what a course steps what are you know is there kind of some tick boxes that don't Encompass everything but can that that you should be aiming for for example having that free tier having uh open documentation you know what is it that organizations can actually start to look at at implementing things that's going to help them get into that mindset and on that path of product lead growth that is a fantastic question and I think my answer is going to is going to be very different from what you from what you expect I genuinely believe that the number one step is to develop a solid deep level understanding of their customers essentially Luke like look at the ideal customer profile evaluate like who is it the company trying who is it that the company is trying to Target and understand their goals understand their pain points understand their use cases understand how they how they find the product uh what they like what what search like what terms they use to search for it uh how do they like how do they get started with the product which parts are hard which parts are easy and it's this knowledge that the the product team can then leverage to design products that are intuitive easy to use and ideally that can also have the grow growth Loops built into them where uh people are encouraged to share to to share the product with with other practitioners where people are encouraged to uh to uh to recommend it uh to uh their counterparts and so on and so forth but I love this understanding of your of your customer base uh have a look at uh making it easy to get started with the product to reduce any ambiguity associated with the onboarding uh maybe there is a case for making the documentation public maybe there is a case for for for making pricing pricing public again many of those answers are going to very much depend on your customer and what you know about them like for example if you are going to like if your target is mainly Enterprise then there are many reasons to not have a fully transparent pricing simply because you know that the Enterprise is always going to look for ways to negotiate and so uh by having like by having a a free tier for the like for the personal use and uh let's just say a transparent year for the SMB market and a contact ask page for that for the larger Enterprise like you can potentially solve that problem but again it all starts with the understanding of the customer with the understanding after people buy in your market like are you selling to to an engineering leadership or security leadership or maybe uh maybe the product you are selling is targeting the problem that doesn't even have a well-defined owner owner today like for example when it comes to code security sometimes the buyer is is ahead of engineering ahead of development at other cases it's the security team that is tasked with protecting the the the code security again like you have to understand your Market uh the the other the other things that the companies can do are making it easy to realize the value of the product or have we often call it make it easy to achieve the so-called aha moment essentially make it easy for the customer to complete the steps they need to complete for the product to become useful for the product to become functional like for example deploying it on the endpoints uh deploying it on their Network like getting getting their data into the product like make it easy make it painless uh make it easy to uh to progressively learn about the new functionality the product offers without just throwing it all at the new user from the moment when they sign up so make support easily accessible in a manner that people can people can uh uh can uh have their questions answered in it maybe in a self-serve manner so it can sound like plg is just the laundry list of of requirements and ideas but in reality I see product-led growth ah as a path I see it as a like I surpass that the company pursues not as a final destination and so uh the the journey the product LED growth as a journey starts with the understanding of the customers and the exact steps of what to do from there like whether whether we want to do a freemium or a free trial whether we want to do a fully open pricing or somewhat open pricing like the answers to all of those questions will come as a result of discussions informed and armed with with that with the understanding of the customer well Roth uh I'm conscious of time so we're we're coming to the end of it but um if people want to kind of learn more about this or follow you what's the best ways that uh people can kind of um can can can connect with you on different platforms where can they where can they kind of uh keep track yeah uh I'm fairly active on LinkedIn uh I'm going to ask you to share the link to my LinkedIn maybe in in the in the description of the podcast yeah yeah there's gonna be links to your LinkedIn there's gonna be links to your articles the the any other links you want links Galore so just LinkedIn and there and the the blog I have a Blog it's called Venture insecurity and that's where I try to look at cyber security from there uh from the business standpoint and from the from the market business go to market standpoint product standpoint Venture Capital standpoint so like looking like looking at some of those broader questions in the industry yeah and I can really recommend checking out that blog there's some great articles there's three or four articles on product LED growth but there's also a lot a lot else in there too so really recommend everyone checking out their Blog the links will be in in the description wherever you're listening to them uh so Ross uh I wanna take one last opportunity just to thank you for for sharing your knowledge it's a topic that you're clearly passionate about and I really enjoyed learning a lot more about it so thanks so much for for sharing this time with us [Music]