Wabbi

All posts tagged Wabbi

Ep26-BrittanyGreenfield-Wabbi.png

Epi 26: Parallel Workflows & Scaleable Application Security – Brittany Greenfield, CEO of Wabbi

Learn more about Wabbi at: https://wabbisoft.com/ 

Find Brittany Greenfield on LinkedIn here: https://www.linkedin.com/in/brittanygreenfield/

JC: Well, welcome everybody. To another episode of the Future of BizTech. I am your host, JC Granger. I have with me here, Brittany Greenfield, the founder and CEO of Wabbi. Brittany, thank you so much for coming on the show. Why don’t you tell the audience a little bit about yourself and what it is that you do?

Brittany: Well, thanks so much for having me JC. So I’m Brittany Greenfield, I’m CEO and founder of Wabbi. What we do is help enterprise DevOps teams, scale application security as part of their existing development infrastructure. You know, application security has been one of these important things, but is a hard problem to tackle for a lot of enterprises for a long time.

Brittany: I think a lot of people recognize Equifax still as the Seminole breach. I think many of us are probably still waiting for our checks.

JC: Oh yeah, II forgot about that. That’s right.

Brittany: Right. And you know, that was a breach that was due to process breakdown and, you know, it cost them $700 million. What company wants to do that? They’ve really come out on the other side of it and been a great leader and how to deploy application security in modern development pipelines.

And we’re trying to help the rest of the enterprise ecosystem as well as the DOD, uh, tackle that challenge as well.

JC: That’s really cool. You know, and I’ve had a couple guests on the show that live in that security space. And I always kind of asked kind of the same thing, which is, you know, is there anything that’s unhackable? Is there anything that’s foolproof? And if not, you know, how close do you get and how do you give that kind of peace of mind to customers or the government if you’re working with them? 

Brittany: You know, so I think that’s the first piece of advice I actually give. And I think especially when it comes to application security, there’s no such thing as perfect code. And therefore there can be no such thing as perfect application security. And if as individuals, as enterprises, we can get out of that idea of perfect security that we can build taller walls to protect us. We can then just take practical steps to move forward, right? The ones that’s the simplest we can do, don’t use the default wifi name and password on your own. You see that number of DDoS attacks go down, not just because of your home wifi system, but your printers, your baby cams, you know, and if we stop thinking that we can just rely on tools, then we’ll start adopting those practices.

And I think that’s one of the things that makes application security especially special in the security realm is that it’s more about the process and then we can support with tools and that’s something you certainly know this, you know, we always start in technology, not with the tools, but with people, process, and then support with tools. And, and that’s really, when you think about security, if you take that approach, whether as an individual and enterprise, how you can deploy a successful program.

JC:  So what types of companies like what industries do you find are. You know, reaching out to you guys, you know, I mean, you said government, you work with them maybe. Is it local municipality kind of style is state, federal, and then from a company. Yeah.

Brittany: Yeah. Sorry to interrupt. Yeah. So for us, really, you have to hit two parameters. One, you have to see software as a competitive advantage. Um, right? You need to ship software faster to give yourself a headstart on whether it’s against your competitors against your adversaries. And so you’re, you’ve adopted rapid development methodologies. And the second that’s really a sweet spot. And I think why um, federal, especially the DOD has been great for us are those enterprises that have chosen to undergo DevOps transformations.

You know, we’re in the world of, in the last decade, most organizations were born in DevOps native, or at least a flavor of it. But when an organization has chosen to undergo DevOps transformation, they get that. It’s not just about shipping software faster, but about eliminating bottlenecks. So you have if more efficiency. I dig on Facebook a lot. They sort of popularized that move fast and break things mantra, and that’s one piece of it, but really what dev ops and agile is about is move efficiently and fix things at the right time. And so that’s why we tend to see the larger mid-market and commercial up to the fortune 500. And then most recently I’m starting to work with the DOD.

JC: So let’s talk more about, instead of government, I like touching on it because it’s good for people to know that there are companies out there that are trying to help protect, you know, the government stuff and whatnot. But let’s talk more about the enterprise.

So, and I don’t know if you have like NDAs with your clients. If you want to mention a client name, that’d be great. If not, can you tell us, you know, what, you know, give us an example, maybe a brand name, a company out there that would have use for your services, just so people can kind of frame who your services are really tailored to.

Brittany: Yeah. So it goes everything from, you know, the large banks in the world, like the JP Morgans to the FinTech providers, whether like Diebold Nixdorf, which may not be a household name, but is a major, if you ever go into a bank you’re using the Diebold Nixdorf down to, you know, one of my former employers Kronos. You know, who helped support the majority of our, sorry, their UK G now at post-acquisition supports the majority of the hourly workforce across the world from TSA to broker. 

And, you know, they all care about it because it fits that “I have information that’s sensitive”, who doesn’t nowadays. I care about delivering software to market as a competitive advantage and I understand it’s not enough to just ship fast act to ship. Right. But nothing’s ever going to be perfect. And that’s sort of where we get into to, um, uh, to, uh, you know, it’s hard to say just the brand names, obviously, you know, everybody like AWS and Microsoft and Google have a need for us too, but I think it’s really all of those organizations that enable our digital economy our sweet spot. So if you’re walking, whether you’re walking into a bank or a grocery store, or, you know, getting a Netflix movie, those are the folks that know that security is part of the infrastructure, not just this sort of backdoor, black hat, white hat, are you trying to triage it?

JC: So, you know, you, you used the word ship and software at the same time a lot.   And I feel like that might be an older term that just carried over. Explain what that really means because you know, people think software, so it’s a digital thing. Or do you actually literally ship a hardware piece that can integrate? Like, what does that mean to someone hearing shipping software? It sounds like a counterintuitive term.

Brittany: Yes, sorry buzzword, bingo. It’s shipping software is really just saying it’s no different than any kind of deliverable, which is “I’m now done with this. It is now ready to go out, uh, whether it’s ready to go out to some customers for early testing or it’s ready to go out to the broader market. You know, we use the term shipping software because it does come from that traditional concept of, well, I now have my item. It’s time to ship it to the customer, but yeah.

JC: Okay. I just want to make sure. Cause I mean, like I get it, but I know a lot of people listening might be like, wait a minute and she’s sending it on a CD because you guys could get better software used to literally show. Well, you literally used to ship like AOL. That was literally shipping software. When I had the AOL CD show up.

Brittany: Well, here’s what, where you’ll get a real kick out of this. I often like to explain and maybe it’s good to hit on this for your audience. Now, the change in software development over the last about 15 years from what was called waterfall to agile and DevOps, and I use, do you remember Encarta?

JC: Yeah

Brittany: Encarta. Once a year, you got an update to the encyclopedia of what’s true in the world, right?

JC: Netscape, for the browser?.

Brittany: AOL, you would get your CD. And now we’re in the world of Wikipedia, where there are updates all the time difference in software development, you used to have a year to make sure that your software, your Encarta met the quality standards, the security standards, or, you know, whatever it was that you needed before you shipped it.

Now that’s happening in two weeks cycles, you know, practically, we sort of have a merging of it. You know, people do two weeks cycle really do releases, you know, every month, every quarter and right, just like Wikipedia, you can go on there at any time and make a change. If somebody can update it, it gets a part of it.

I use that example with some of our engineers who are more freshly out of college. And I had to explain to them what, Encarta was.

JC: Yeah. So what motivated you to start your company? You know, what’s your previous,  you mentioned Kronos. Like where do you come from in the professional world and what was that defining moment where you’re like, I got to do this on my own. I’m going to go start a company, you know, where did that motivation come from?

Brittany: Yeah, so Kronos, right? Definitely not cybersecurity. It’s in workforce management. So I actually admittedly a cybersecurity outsider, and I think it’s something that has really helped me in identifying what the problem and solution is.

I started my career in the ERP space in technical roles, but really moved into go to market strategy role. So, go find any problem. What’s the solution? Go build the team and execute on. It sounds a lot like building a startup, and I moved into cybersecurity while I was at  Sloan. I worked for Cisco. They’ve just missed the cloud transition and the head of cloud and managed services said, “Hey, we need somebody to work on the next big thing, which is IOT.”.

And I use that as a great example at the beginning, IOT is very hard to secure and it’s because even if you have two nest cameras that are the same for model that produced at different times on the line as they may have slightly different software. So I really started digging into it. And as I mentioned before, realized that security is just a piece of the foundation of our digital infrastructure today, right?

We don’t even need to put digital in front of it. And so I got into the ERP space. I want to go back to startups and sorry ERP is end point, EDR and point. And, um, I realized I was looking for where we needed to move in the market and said, “okay, there’s a lot of focus on building walls” very much to your first question. How can we just make ourselves more secure? Right. Building walls and modes and detection and response systems. But that’s kind of like installing an ADT system and not checking to see if her front door locks or it’s been shot or do you have the right kind of lock on and that’s where application security comes in.

Now start with the red-headed stepchild. Security didn’t want it, development didn’t want it. And I said, why is this a problem? So I started exploring the idea. I said, we sort of have these waterfold old style security practices trying to be deployed in modern Agile’s fast development practices. How can we bring them together?

And then the Equifax breach happened. And that was my light bulb moment, because it’s not good enough to just have a good idea. You have to have a good idea at the right time. And I went, there’s something to be done here, did some early research and that’s where Wabbi was for really. 

JC: You’re right. The timing is everything. And I mean, what better time than when it’s fresh on people’s minds? I mean, that was a shock through not just the consumer system, but massively through the professional and corporate system too, because they handled it for everyone, everyone and everything, right. Everything and all the roads lead back to them so you hack them, you get a spider web out into access, which was crazy.

So now let’s talk about this year, you know, you founded Wabbi after the Equifax breach, which is a great reason to, and I, I wish probably more, hopefully more did as well, because I think. That’s something that people realized needed to be done.

So I’m glad that you did. You know, 95% though, of the, of the tech world and founders are male. What has it been like for you as a female founder specifically for the record? I don’t ask this because I think anything different than gender is in fact, I wish there were more females. My daughter’s 15 right now.

She’s big into tech stuff, you know, and I like asking, you know, what’s that been like? What’s been the hard parts, what have been the good parts, right? So just, what has that path been like when you said I’m going to go in the tech world as a female founder and try to go and play in a space where it’s so male-dominated.

Brittany: And we bridged two industries that happened to really suffer from the representation problem with women accounted for less than a quarter of the workforce, both in dev ops and security. Um, and you know, When I first went into it, I went, “Oh, they say it’s so hard to be a female founder”. Not for me. Right. I’ll be totally, totally fine. Honest with you about that. And the reality is I’m not the first person to say this is that there’s just a lot of implicit biases. There is a difference between men and women. I’m not going to say that there isn’t. We do things differently. And there are differences between all people. Right? We all have different approaches. And some of the models out there have been constructed around a more traditional approach, which has just had more men that founded companies. And so their model of VC models are what people are used to seeing at pitch days or whatnot is just a slightly different style.

And so as we started coming out, I mean, I’ll give you crazy examples. I presented my business plan model, which was a 10 page Excel spreadsheet to VC. And I was like, so any questions they’re like. We’re not used to people actually having logic behind their numbers. They typically just come up with a number with like five data points.

JC: Okay.

Brittany: We can talk about that on a whole separate show.

JC: I wish I wish I could just do that. That’d be great. Like, Oh yeah I’m a billionaire. Now look at these five data points.

Brittany: We’ve certainly seen that. I’m pretty sure there’s a brand new documentary about it too.

JC: Yeah

Brittany: And so, you know, little things like that, or even some of my presentation style, some of the feedback that came back to me and I said, I’m just going to still be me, right? Like you say that you want to do this. I have a very narrative storytelling, presentation style, and I’m going to stick with me if you don’t want to invest in me, then that’s great because you’re not the right person to be on my team because really you have to see investors as being an extension of your team, especially in an early date, it’s also one of the reasons we decided to bootstrap for a while, I went through a process, even though I’m a technical person. I said, I learned early in my career. I should not be the one writing code. So I went down to good old-fashioned wireframes, interactive wireframes, Excel spreadsheets to go test drive idea.

So we actually had six months of being in business without a product. And it was a great thing that we didn’t do that because the initial roadmap we had was wrong. Um, so I think I just, you know, I think the biggest thing is I’ve taken a different approach and there are certainly times that that’s been challenging.  2020 was certainly one of the years when it came to fundraising, it was for us. We were going to say it was going to be sort of our, um, debut top year. And like, like a lot of other female founders, we saw fundraising drop drastically while everybody else had a massive increase in it. And flip side is, you know, who’s really got your back.

Who’s going to be there in the tough time. And as a founder, you want to know that those people are there for you. It was a real lesson and say, who believes in me? Who can I call when I have a problem? And I think that’s what you want as a founder, right? I think we think founders are just magical beings, right?

You know, we’re associated with the term unicorn at some point in time, hopefully, um, I’m not gonna lie. It would be great, but they’re not, we’re just regular people and we all need help. And I think that’s sort of been the biggest difference for me and my approach to it, which I get criticism for sometimes and I’m going to still be me. And I think that’s the only thing I can give advice to all founders and not just women, but that’s probably the challenge is you’re going to feel.

JC:  So let’s talk about bootstrapping. Obviously you’re going 2021 is to go after, you know, round of funding in the meantime, how are, and I’m a marketing guy, right? I’ve been doing digital for like 20 years. And you know, my agency, we do B2B SAS marketing. So I’m always going to ask a B2B SAS person or software person, whether it be a software as a service or software in general, what are you doing to get the other than this when you’re on a podcast? So that’s good. That’s step one, right? That’s one. But what types of digital marketing are you guys doing to get yourself out there in front of these other companies so that you can get more clients so that you look more attractive to investors. Like just, what kind of tips can you give or what are you guys?

Brittany:  It’s a chicken and egg thing. And I got, I wish we’d been doing more of this early on, forget, you know, 2020 was a year. You know, I got a great tip from another founder. Cause I had been worried about talking about the problem before we really had the solution to solve it. And we’re really an infrastructure platform. So those things don’t get built overnight. And he said, no, there’s a way to talk about the problem and how you’re going to solve it in the future while being authentic, without selling snake oil. So that would be my.. Right? You could still go out and have these honest conversations. We’re talking about the business model here, but I can have the same conversation and a year ago before we released general availability about who our customers were. And, you know, even as we were figuring out our customer profile, you know, I think you have to figure out what the right channel is. For us, we’re in a market that is incredibly noisy. Um, and it was one of the reasons that I was nervous early on about doing a lot of digital marketing.

Are we just going to feed into the noise? And so what we’ve actually done is say, we’re going to take a very thought-leadership approach. Um, we’re going to go out there and of course we’re going to do webinars, outreach, you know, all the classic channels, but we’re going to do a little more of a traditional enterprise sale work with analysts, work with thought leaders like yourselves, just to raise awareness about Wabbi, you know, with your community or folks in our industry specifically, and really try to be that calm for our wires. And that’s the approach we’re taking, um, you know, digital marketing such, I think the great thing about 2020, you know, it’s hard to find some, but I always try to look for silver linings as we have changed a little bit of our information gathering and buying behaviors. So it’s a lot easier to have that conversation. You know, it’s called the consultative sale. It’s not just that, like, can we help you solve your problem? We don’t have to spend three weeks trying to get everybody in a conference room. You know, let me give you a webinar I just did or let me give you a report we just wrote. And I think that’s something that maybe we’ll see the pendulum swing back on as well in the enterprise sale.

We’ve seen a lot of enterprises go out and be very transactional, all about the inbound. And I think you have to balance the two, um, you know, we have to go be out there. That’s why digital marketing is so important so that people know there’s a solution.

Uh, we were talking to one of our clients recently. These, I got to tell you, Oh, I wish you would’ve been around a year ago. We bought a competitor because there was nothing else on the market. We didn’t think it was good. But then we also had to go through a procurement process where we had to show that we evaluated three solutions and we had to write up several pages on the fact that there weren’t any other solutions because we didn’t know about, you know, you’re totally right, right.

This is why we have to make sure you can find us. And then we can have that educated conversation. 

JC: For sure. Well, so as the title of the podcast, the future of biz tech, I’m going to go into some future questions here. So I’ve got two. The first one is where do you see the security DevOps community going? Just technology-wise in five or 10 years, like where do you see that being the most important? Do you see what kind of advances? Maybe it was an AI or something like that with that. And then the second part of the question is, you know, what’s coming down the pipeline for Wabbi, right? Like what are those things that my listeners can go? Ooh, I knew about that first, before it came out.

Brittany: So I’m going to break your first question to three pieces. One to talk about AI. Cybersecurity is, and DevOps are great testing grounds for AI because they have such data-rich feature sets, but however, that tends to be what limits the adoption of it, because it’s the concept of data versus information, right?

If I give you data, that’s like saying it’s 30 degrees walls at 30 degrees inside or outside in Boston, in March or Boston in June? Right. I need to have that context because I don’t know what to do next as the human that needs to take that information and turn it into to a next step. That’s where AI is really going to help almost like robotics, right? Um, help humans do their jobs better. And so I think dev ops and security are just going to be places where AI flourishes from a broader DevOps and security team and where the market’s going. Security has a lot of different solutions. Right. That’s not going to change because there are abundant the same way, that everybody on your street probably secures their home a different way.

Okay. Enterprises are always going to do that because the risk profiles risk, isn’t just security, risks, business risk, you know, what they care about. You know, for example, JP Morgan and Netflix might actually care about some of the same things, more so than JP Morgan and Morgan Stanley do. Right? Because they have different priorities.

So how you adopt that risk profile, it means you’re going to use a different set of tools. And even if you use the same tools, you’ll use them differently. But specifically around application security and dev ops, I often use the analogy of CRM Salesforce, right. Who owns Salesforce in an organization?

Is that IT or is it Sales? 

JC: Oh yeah. Yeah. I was gonna say, yeah, sales is gonna do it. But Salesforce, I mean, if you’re talking about the software anyway, like that’s, it’s such a heavy software that you have to include IT in there.

Brittany:  Exactly. But sales owns the day-to-day of it. You have, and we’ll give you your 20 later, you have teed me up perfectly. So Sales own the day-to-day of it, but IT supports them. But someone else has to take ownership of that because that is a critical system for them in delivering what they do. Same thing is happening with dev ops and application security development has to own it and they’ve already recognized that there needs to be that shared services model. Well, the development needs to be at the, at the lead.

So you hear a lot about developer-led security, right? We’re development-led. We think it’s everybody’s job. Not just to say that. Right. And that’s part of what we do. We make the security part of everybody’s job in the development team while giving the security team, the competence that the governance is still being deployed correctly.

And so that’s the big shift. I don’t even think this is a five to 10-year shift. That security is going to just become part of dev ops. Application security is going to be dev ops. We talk about that a lot and security is still gonna play an important role strategically. How do we manage our security profile?

They’re going to get out of the day-to-day management of all those lists of data and get to be a partner rather than a babysitter to development. So I think that’s what’s coming in the next, I mean, we’re certainly not in the next year to two, and we’ve already seen some of that market traction, the shift to remote work, accelerated that as well.

You know, on your second question where we’re going, you know, I don’t think it’s, it’s, we’ve talked a bit about it in the press. I don’t think it’s coincidental that I probably talked about it a couple of times now, and it’s continuing to work with the DOD for, you know, anybody that’s on here, the DOD, I think, has taken a great approach to software and software development and commercial technologies.

That’s now the rest of the federal is following. And, you know, they’ve really said we’re not different if we’re going to actually use software well, which maybe not all federal edge agencies are there yet, but if we’re going to use software well, because everybody else in our economy does, uh, we need to go tap into the best technologies and those are going to be on the commercial side.

So I don’t think it’s a surprise that we actually found early in our journey that it’s a great match for us. And we may have to announce something soon about who we’re working with. Hopefully knock on wood and you know, but it’s been fun, right? Because it’s about identifying for any founder, any business, right?

This isn’t unique to startup, who are the best teams that are dealing with your problem that want to be part of the solution. And so that’s why, you know, you start hearing me talk about it a bit at the top. And I think that’s probably around the time of this, that this podcast released. We’ll have some new news on that too.

JC: Hopefully, hopefully. Last question for you. What is the best piece of advice? That you can give the audience based on your personal experience with what you’ve gone through with your company.

Brittany:  You know, I think, um, gosh, you think I’d have a better answer? The problem isn’t that I don’t have, I don’t have one piece of advice. I probably have 15

JC: Gun to your head. You got to pick one, right?

Brittany: You know, this was given to me specifically in the context of being a founder, you know, people say being a CEO is the loneliest job. And then being a Founder CEO is even lonelier there aren’t a lot of people out there that understand the problems you’re going through. And early in my journey, somebody said, don’t be afraid to be vulnerable. And, and I sort of like brushed it off. I thought it was a little, like, I actually thought it was a little sexist and it wasn’t until somebody else who’s also a mentor said that to me. And I was like, “Oh, okay. What’s this about?” Well, fast forward, six months, I got it. It finally clicked and being vulnerable isn’t about, you know, Oh, let me go cry on somebody’s shoulder. And if that’s how you do that, that’s great.

It’s not, not being afraid to talk about your problems, understand that whether it’s an official work team or your own sort of, I call it my personal board of advisors. They may not actually understand the specific problem or maybe not your industry, but they can always be there. They’re part of your community for a reason.

And the more you can share and have that transparency, 2020 was a great example of why transparency and being willing to be open about things is important. Right? It was important in our communications with our employees. Hey, we don’t know what’s happening next month because we couldn’t figure out what was happening the last six. Um, so, you know, bear with us, but we’ll keep you up to date. We may change priorities in terms of our functionality and our hiring plans. And when you can do that, then you can, right. You don’t actually have to, you still carry the weight and the responsibility, right? But then of the day, you’re the leader of your organization, whatever size it is.

But you know, people can help. Sometimes it’s just offering a different perspective. Sometimes it’s being a sounding board and that goes, that little bit of help goes a long way. So I’d say for any leader, not just startup leaders, don’t be afraid to be vulnerable and talk about your problems because somebody’s been there or maybe they know somebody that’s been there or maybe they’re just there to lend a helping ear.

And all of those things are important. Don’t feel you have to be.

JC: I think that’s great advice. I mean, personally, you know, I do everything the hard way asked my parents. Right. You know what I mean? And I also, you know, I didn’t have any mentors or anything like that coming up. So I’m the person who can be a mentor because I suffered as much as physically possible becoming a founder. Cause I had no guidance whatsoever. It was just stepping on landmine after landmine, after landmine. But I agree because you know, being able to tell that story personally and leaning on people, even though you feel like you might be all by yourself. I think that’s great advice.

So I appreciate that for the audience. How can people reach Wabbi? How can they reach you personally, if they want to do so? So, you know, I have an open door policy with our employees, our customers, and please for your audience as well – don’t be shy to find me on LinkedIn. The only ask I have is just let me know why you want to connect as we all do now, LinkedIn..

JC: Yeah, just say, you know, “heard you on The Future of BizTech Podcast” when you’re doing the invites or the connection request. Right? Okay.

Brittany: Exactly. Exactly. Just give me a little context. And, but, you know, please don’t be shy about reaching out whether you’re interested in the problems we’re tackling, thinking about founding a company, or just interested in meeting with somebody new.

It’s actually been another silver lining. It’s easier to meet new people this year. You don’t have to worry about travel, schedules and you know, “are we in the same town?”

And little known secret – actually, if you go to Wabbi’s website and you say, let’s talk and choose to have a sec dev ops chat, that will be with me.

JC: What’s Wabbi’s website?

Brittany: WabbiSoft.com. W-a-b-b-i-S-o-f-t.com

JC: Perfect.

WabbiSoft.com: And on all social media, you can find us at @HiWabbi, that’s our handle across everything. So please don’t be shy to reach out, um, you know, appreciate, you know, JC it has been great talking to you and love to connect further with your broader community too. So don’t be shy about coming and finding us.

JC: Awesome. Thank you so much, Brittany, for being on the show and I’ll talk to you again soon. 

Brittany: Likewise.

infinityadminEpi 26: Parallel Workflows & Scaleable Application Security – Brittany Greenfield, CEO of Wabbi