He tested his pitch on Uber drivers—then built a cybersecurity platform to $180M raised. | Casey Ellis, Founder of Bugcrowd

Casey Ellis (00:00:00):
When I talk to customers of traditional services or traditional products. They're all like, oh, this makes sense. So I started asking them the question, if it's so easy, why aren't you doing it? One of the things that clicked for me early on in my career is the idea that, problem-solution fit in the absence of product-market fit doesn't solve the problem, right? That's a great problem-solution fit you've got there. That's awesome, Mr. or Mrs. Technical Founder. If you don't plug it into where the problem actually exists, then it's like a tree falling in the forest with no one there. I'm sitting there with a driver, I don't know how technical or non-technical they are.

Pablo Srugo (00:00:31):
Oh, you're actually doing this in Ubers. I thought you were just calling it that. Okay, gotcha.

Casey Ellis (00:00:34):
No, no, no. Literally, every time I got in the car. I'd do this and this is how I refined my pitch.

Previous Guests (00:00:40):
That's product market fit. Product market fit. Product market fit. I called it the product market fit question. Product market fit. Product market fit. Product market fit. Product market fit. I mean, the name of the show is product market fit.

Pablo Srugo (00:00:52):
Do you think the product market fit show, has product market fit? Cause if you do, then there's something you just have to do. You have to take out your phone. You have to leave the show five stars. It lets us reach more founders and it lets us get better guests, thank you. Casey, welcome to the show, man.

Casey Ellis (00:01:09):
Thanks for having me.

Pablo Srugo (00:01:10):
Dude, I'm excited for this one. You have, it's actually a pretty different play in the world of AI and before it was SaaS, B2B SaaS, SaaS for this, SaaS for that and now it's AI this, AI that. And you've got your tagline, join forces with hackers and reduce risk. You're turning hackers into good people and you've raised over $180 million. If I'm not wrong, doing so, which is pretty incredible. Let's jump into the beginning of it all. What was happening before Bugcrowd?

Casey Ellis (00:01:36):
Yeah, sure. To begin with, hackers always were good people. I think a big part of what I wanted to solve with Bugcrowd initially is coming from the hacker community from the late 90s myself, right? This idea that, I think the public opinion of what hacking is and who hackers are was like default evil. Default bad and in the meantime, you got people like me that really enjoy thinking like a criminal but don't want to be one. Kind of waiting to, you know, get the invite to help out, right? So that to me just felt like a stupid problem that existed on the internet at that point in time. The other thing that happened, you know, as I mentioned. I grew up hacking stuff, I got into pen testing for a chunk of time, you know, moved across into solutions architecture and sales, and kind of did the front of house side of things, and then got it into my head that I wanted to be an entrepreneur. The company I was doing prior to Bugcrowd was basically like a white labeled pen testing company. So we're, you know, hiring folk that could do this type of work. Front ending them locally in Sydney, Australia. Which is where I'm from, and then selling it through companies that had the opportunity to sell that type of service but didn't have the people to get it done.

Pablo Srugo (00:02:37):
When was this? What year?

Casey Ellis (00:02:38):
I started that probably, 2009.

Pablo Srugo (00:02:39):
Okay.

Casey Ellis (00:02:41):
But like, 2011 was when the idea for Bugcrowd started to kind of bubble up, right?

Pablo Srugo (00:02:45):
And pen testing for all the non-cyber people, is ultimately like getting hired to break into something to show them where the vulnerabilities are?

Casey Ellis (00:02:51):
Yeah, grabbing someone, paying them by the hour and saying, hey, can you go through and test all my stuff? Pretend that you're malicious. Try to figure out where my vulnerabilities are, try to replicate or simulate ways to break in. So I can understand what my risk looks like. So I can start to do things about trying to fix that, right? And that's kind of what I was doing. The problem that I had with it was this idea that, the whole reason that we're here as a cybersecurity defender industry is because of this crowd of adversaries. It doesn't look like one person being paid by the hour. It looks like this huge kind of cloud of people that have lots of different skills, lots of different motivations, and they're not kind of constrained in the same way that we're putting constraints on people being paid by the hour to do this kind of simulation work, right?

Pablo Srugo (00:03:31):
Just because they have more time, you're saying? They're just willing to go at it harder?

Casey Ellis (00:03:34):
Yeah, there's more of them. They're willing to go at it harder. They're not constrained in the same ways. So, I was just looking at all of that thinking, the math of this is wrong. We're going to lose and meanwhile, there's this huge community of white hats like me. That's like, want to help but don't have the invitation to help. So, really, the kind of the light bulb moment for Bugcrowd was looking at that saying, well, that's latent potential on this side and unmet demand on this side. What if I plug those things in together and try to change the future of work when it comes to security? And that's kind of what we went off and did.

Pablo Srugo (00:04:04):
By the way, maybe a stupid question but you're a white hacker. What are you hacking? Are you just getting hired on the defense side mainly, or what's your thing?

Casey Ellis (00:04:11):
Yeah, I actually hate that term. Because who's a white hat and who's a black hat kind of depends on which end of the gun you happen to be at the time.

Pablo Srugo (00:04:20):
Yeah, right.

Casey Ellis (00:04:20):
Yeah, in terms of people understanding the fact that hacking is a skill set. It's a way of thinking, it's a skill set, it's a bunch of things that people can do. It's not inherently good or bad. It's just powerful and useful. That was a big part of what we wanted to bring to it.

Pablo Srugo (00:04:33):
Just to play mini-devils out of it. The reason people would think it's bad is because the whole point is to break through security.

Casey Ellis (00:04:38):
That's right, there's definitely an intrigue and kind of almost an intimidation to it. A lot of early Bugcrowd marketing was actually around kind of playing with that idea and getting people kind of fascinated, and thinking about it as this cool thing that's potentially useful. Not just this frightening thing, if that makes sense. But I think the other side of it is historically, bad news travels faster than good news. So anytime there's stories about bad versions of hacking, those are the things that get told and spread more quickly. And I think a lot of the early laws around legislating hacking were kind of based on that. So there was this sort of default environment that just assumed if you're doing this type of thing to a computer, you're automatically a bad person. Which wasn't true.

Pablo Srugo (00:05:16):
You were at this company? Or you were the owner of this white label pen test company?

Casey Ellis (00:05:20):
Yeah, owner.

Pablo Srugo (00:05:20):
Was that more services based or product company?

Casey Ellis (00:05:23):
It was more services based. It was a platform to deliver those services. So we had jump boxes and kind of remote proxies, and all these different things. We automated reporting and did a couple of different things like that, but it was more of a services business than a platform one.

Pablo Srugo (00:05:37):
How do you go into Bugcrowd? Do you give that up or do you just start doing it on the side? I mean, these services businesses are hard to scale but once you've got them. It's nice cash flow.

Casey Ellis (00:05:43):
Yeah, the joke in the early days was, I kind of missed it sometimes because it was definitely a lifestyle business that was trying off decent cash. It was a decent kind of way to make a living and I was working a lot less hard than I did when I kicked Bugcrowd off. I think part of that for me was just, I wanted to see an industry shift. Looking at it, you know, revenue and profit, and all those different things are important. But ultimately what they should be is trailing indicators of actually solving the problem that you're setting out to solve in the first place, and I didn't really feel like I was doing that. So it's like, all right. How do we disrupt things and go for a bigger win here?

Pablo Srugo (00:06:15):
You think that's true of a lot of lifestyle businesses, by the way. This idea that you kind of get to a point, I mean, you must know a lot of founders. Where you're making good money, but maybe you feel empty is like a big word. But just like you're not really moving the needle sort of thing.

Casey Ellis (00:06:26):
Yeah, I do. I do think so, I think it depends on the founder. I don't think it's an inherently bad thing, necessarily. I definitely feel very privileged to be in a position where I could make decisions like that. I know that's not necessarily true for everyone, right? But in terms of for each individual founder, there's your mission drive, there's your idea of just being irrationally pissed off about a problem that you think that you can solve and how big or small that is a feature of why you do what you do. And then there's obviously the task of keeping the lights on and making money, and paying your employees, and all that kind of thing. So, I think everyone's got a different kind of balance in terms of how they approach that. But you know for me it was ultimately at that point in time I did shut down that business, to your question before and part of the risk math for me at that point in time was like, okay, I'm going to try this Bugcrowd thing. If it doesn't work I've already kind of left salaried employment. I'm already doing the entrepreneur things. I've taken that jump and I've sort of crossed that Rubicon. I'm not afraid of that anymore, if this doesn't work I'll just go back and get a management consulting job at big four or whatever. And probably hate life because that's not really what I want to do but it'll keep the lights on and yeah. I can figure it out from there if that makes sense.

Pablo Srugo (00:07:31):
You kind of went cold turkey or did you get Bugcrowd to a certain level before you decided to kind of shut your business down?

Casey Ellis (00:07:36):
No, I went all in. So I shut it down after we raised. So we actually got accepted. I mean, to be fair to the story, we kicked it off. I started kind of experimenting with different things, like went out and tried to grow the initial crowd, and all that kind of stuff. We can come back to that, but the goal was really to get into an accelerator program in Australia called Startmate. Which is the most Australian name for anything ever. Because it's got like the weird R and mate. But you know, the goal there was, when I was thinking it through, it's this is a crazy idea. This is a fundamental disruption to how people think about hackers, security, like internet security, all of it. It's either going to catch on fire and fail, or it's going to move like really, really quickly and if it does the latter. Then I'm going to need as much available to me from a mentorship, from a resourcing, from a help standpoint, to be able to actually learn quickly and keep up with that as I can. Which is why I was kind of all in on getting into that accelerator program. So once that worked, then I shut White Label down and went all in on Bugcrowd.

Pablo Srugo (00:08:33):
How did you get things off the ground? What were your first moves?

Casey Ellis (00:08:35):
The other part of the story in terms of sensing market readiness for it. Because I've been selling pen testing, I've been doing pen testing, I could see where the market was up to in terms of its need for that type of offering and where it was unhappy with it. The other thing that was going on at the time was that, I think it was Google, PayPal and eBay we're talking about their vulnerability reward programs. Which was what we called a bug banning program back in like, 2012, right? And you want to talk to customers of traditional services or traditional products they're all like, oh, this makes sense. Lots of people were gonna be smarter than one person because math. So I started asking them the question, if it's so easy, why aren't you doing it? And they all said the same thing. So it was literally a flight home from a business trip to Melbourne in Australia. Back to Sydney, where I lived. Where kind of the light bulb went off, and I realized they'd all said the same things. It's like, if I can solve those in context of a platform, and a managed service, and a community and all these different things. Then we've actually got a shot of normalizing this right across the industry. So that was when I came up with the name Bugcrowd. I kind of raced home, registered the domain and the Twitter handle, and all that kind of stuff. So you can actually see the day that was if you go look that up.

Pablo Srugo (00:09:43):
Tell me a bit more about those conversations. I mean, you're already in this space. Which is a key factor, just like you're right there. You're seeing you got the customers, you got the relationships. That's a critical piece but then you have these conversations. How do you structure them? Are you going in and telling them, hey, here's my idea, What do you think? Or was it a different type of conversation?

Casey Ellis (00:09:58):
My pedigree when it comes to sales and marketing is very solution oriented. To me, in order to be able to provide a solution, you first need to understand the problem. If you don't have problem empathy, you're going to have trouble with solution sales and I'd come from a technical background. So I already had a bit of a head start. So literally, it was just an extension of conversations I was already having. It's like, what's working for you? What isn't working for you? Where would you like to see things work better? I'd established a relationship with my customers where, throwing out ideas like that was kind of just a native and natural part of the conversations we're already having. So it really wasn't that complicated.

Pablo Srugo (00:10:34):
But when you threw it out, was it visceral what you got back?

Casey Ellis (00:10:36):
So what I did very practically was an ascending close. So what I do was to say, hey, do you feel like, fifty people coming in and trying to break into your stuff for the same amount of money that you've outlaid for one person to do it. Do you think that fifty people would outperform one? And the answer to that is yes, because math, right? Do you feel like that would give you a better understanding of your true risk as an organization in a way that would enable you to be more secure? That's also going to be a yes, because it's just math again and at that point. I'd start asking questions about, you know, have you heard about what Google's doing with trying to crowdsource this stuff? Yes, in general because Google is making a ton of noise and just kind of worked it up from there. And at the end of it all it's like, hey, can we give this a try? Because, honestly I actually think that this is part of the future of where security goes. I've got some ideas of how to do it, like as a full caveat. This is like pre-funding, pre-anything just ideating cabbie-like, you know, your cat might catch on fire. I don't know how this is going to work, but I've got a reasonable idea of it and with those people that I was talking to at that point in time. I'd built enough trust as a practitioner that, that was an okay thing for me to kind of bring up with them and most of them at that point said yes as well. So I had initial customers and initial buy-in. At least notionally, on the idea at that point. That's kind of how that worked.

Pablo Srugo (00:11:53):
You mentioned, that you heard the same things over and over in terms of obstacles for why they weren't doing this already. What were you hearing?

Casey Ellis (00:11:59):
Yeah, the big one was kind of where we started. It's like, aren't hackers scary? I thought, people that can break into computers that don't work for either my organization or the pen testing firm that I trust are just automatically bad people. That I should, keep as far away from my company as I can and, you know, I challenged that notion, and say, well, look, I'm in security research. And all of the patches that you receive on your Windows box come from people that are outside of your organization, and they're already part of making you secure. This community already plays a massive role in securing your organization. You're just not kind of realizing that and just trying to, you know, find ways to reframe how they thought about hackers, and all that kind of stuff. That was a big one. Another big one was, how do I pay someone in Uzbekistan or some random part of the world that I've never done business with before? So just that logistical marketplace challenge of point-to-point payment. That was a big one. Yeah, my team's overwhelmed. How am I going to listen to the entire internet on top of that? So the idea of triage, and being in a position where we can actually filter, and direct the kind of feedback customers getting as opposed to just exposing them to the fire hose of the opinions of the internet. That was huge as well. There's a couple of others as well, but those are probably the big three.

Pablo Srugo (00:13:11):
What size of company were you talking to mainly?

Casey Ellis (00:13:14):
It varied. There was one of the two major retailers in Australia was a part of those conversations. The postal service in Australia was a part of that. There was some startups and some kind of smaller tech companies. So, you know, ranging from maybe 50 to 100,000 heads down to maybe 100 to 500. It was pretty broad, but they all said the same things because I wasn't framing it as a, do you want to be like Google? It was more, is this thing that you're doing right now working? And if you don't think it is, how do we make it better? And they all agreed on that part, right?

Pablo Srugo (00:13:43):
So I get how that would be better. There's some things in security and many other compliance-like things that are kind of checkbox exercises. Like, okay, I have to pen test what's yours so that I say that I do, so that I'm secure. So I don't really care that, you know what I mean? Was it there or was it very much like, oh, if this is more secure than that, I want max security?

Casey Ellis (00:13:59):
Yeah, so this is actually a fun throwback to kind of when I was cutting my teeth in sales and solution architecture. I managed to work, you have the good fortune of working for an entrepreneur. Who was just an awesome mentor along the way and one of the things that he taught me was never sell security to people that don't care. If you're trying to position a product that's genuinely going to reduce risk, don't try to sell that thing to people that only care about compliance or only care about checking the box, right? And I'd listened to that and I'd kind of at that point curated the people, and the connections, and the companies I was working with. Plus established my own reputation as someone who was pretty focused on that as an outcome. So I'd sort of selected and biased the ICP at that point without kind of realizing it, if that makes sense.

Pablo Srugo (00:14:40):
So he's head of security of these companies and that you knew. Actually, cared about security for security sake.

Casey Ellis (00:14:45):
Yep, exactly right and this is not a compliance product. What I did have as a part of the positioning at that point in time, is that this will get you better return on an investment in terms of the number of critical vulnerabilities per dollar spent. That was kind of the core early ROI metric. Compared to the money that you're paying right now on pen testing, and yeah, if they cared about that, they'd buy it and if they didn't, they wouldn't. And that's kind of where it kicked off.

Pablo Srugo (00:15:08):
Were you a solo founder?

Casey Ellis (00:15:09):
Yeah, initially. Yeah, I did it on my own for about six months. I ended up bringing in my co-founder from the previous business to partner in the early days, and then we brought on a third co-founder kind of midway through the accelerator.

Pablo Srugo (00:15:20):
There's mixed reviews on accelerators, and I think it depends on a lot of factors. What was your experience like?

Casey Ellis (00:15:25):
Yeah, so keeping in mind that this is 2013 in Sydney. Actually, it's not too different to today. Because there's been definitely a renaissance in accelerators with the AI boom and all those different things. But 2013 was kind of like peak crazy around accelerators are going to solve everything. I had a really good experience with it, but I've spent a lot of time with that accelerator since and talking to others since, and other founders since around what I think made that work. Because it's not just get a bunch of people in a room and do a thing. I think to me it was a network we had a really good mentor network including people like Scott and Mike from Atlantean for example. Big hitters that were Australian pedigree but had gone off and done things internationally as well. I deliberately wanted that, because I knew if I was gonna execute in the us I needed to learn how to speak American or to at least think about how to do business is nationally not just in Australia and that wasn't a thing that I done at that point in time so. That was really valuable. I think just in general, like accelerators are all about what you get from them. You as a founder actually have to go out and pursue that thing. I think the mistake that a lot of founders make and a lot of accelerators make as well, is just assuming that the environment is going to create success. It can do that, but that's not a guaranteed outcome. I think if you go into it knowing what you want and knowing where you can get, that and trying to iteratively learn and get better at that as you go along, that's how you win at that.

Pablo Srugo (00:16:45):
That's funny, I was talking to this young founder. Actually came in today, probably 2025, and he's starting this AI community. Like, AI hackathon, and he wants to start an accelerator. Might think that he's asking me, you know, what should I look for? What should I do? Whatever, obviously, if you're the one going into an accelerator. Yeah, it's like you get out what you put into it. The other thing though, what I told him was, and it's ninety percent of the people. Like, if you get a sick, sick, awesome group of founders together and then you throw in some other next level founders. Like these Atlassian guys or whatever it is, and you have that exceptional grind culture. Frankly, where everybody's truly in it, that is gonna create something great. The Accelerators, where you have a lot of entrepreneurs and they're in it for the pitch competition, and this and that, and whatever. You know, and the drinks after, it's like, it's not gonna be much value.

Casey Ellis (00:17:29):
Totally, one thing I will say is that the pitch. Like, the pitch contests and kind of that side of things. So taking this universe of possibility and ideas, and kind of pitches of the future that I had at that point in time. And forcing me to distill it into three minutes, that was super valuable.

Pablo Srugo (00:17:46):
Yes.

Casey Ellis (00:17:46):
That was like boot camp. You know what I mean? It was hard and not a lot of fun, but tremendously valuable as a pure accelerator experience thing. But yeah, other than that I completely agree. I think having a bunch of people all kind of crazy in a similar way, you know, charging at similar hills and then getting to learn from each other. And even sharing the things that are sucky, and the failures as well as the wins. I think that kind of camaraderie in that community, it's almost like the optimum environment to do this type of thing. I think but yeah, it's one of those things where creating a good environment is one thing. But then as a founder coming in there and actually taking ownership for how you're going to exploit it. And how you're going to use it to pursue, your mission and your vision. I think that's a completely different thing and I think that is the second part is the thing that a lot of founders, and a lot of accelerators miss.

Pablo Srugo (00:18:32):
And did you get funding as part of this accelerator?

Casey Ellis (00:18:34):
Yeah, so I call that one the ramen noodle round. That was like fifty grand. Pretty much that just tidied us over for, four and a half, five months. Got us over to SF, raise our series seed, which we'd already kind of kicked off by the end of it in Australia. But yeah, it was a small round but yeah, we did get some money from that.

Pablo Srugo (00:18:51):
You had these customers, did you sign them up or did you go to build mode? Once you got into this accelerator and you bought in. What's the first move?

Casey Ellis (00:18:58):
So the fun part about that is that we actually didn't cut code on a platform until like literally my technical co-founder built the first version of the platform on the flight from Sydney to SF as we were fundraising. Because what we'd done prior to that was basically, you asked before, where did we start? The first thing I had to solve, back when it was just me was, is there a crowd available to do this and will they show up? So the first thing is going out and doing some social media marketing, collecting signups, trying to go viral in the 2012 sense of the word and we did. We had probably five thousand odd signups in the first month or two. So it's like, cool, supply side's there. We've got that part sorted out.

Pablo Srugo (00:19:37):
Do you vet them? Or you just assume they know what they're doing? How does that work?

Casey Ellis (00:19:40):
At that point, we didn't vet them a whole lot. It was just, are they there? That was the first question to answer. We do very much vet them now. That was always kind of the picture, but the problem I was solving at that point was, is anyone there and will they show up? Which is kind of a different phase of the whole thing, right? Then it was like, does it work or not? So, you know, ran a program on an application that I'd built, put like $500 down on it, and it got completely destroyed from a security testing standpoint. So it's like, okay, this model seems to work.

Pablo Srugo (00:20:06):
And how'd you? Tactically, you had these five thousand emails, you just emailed them all. How do you actually get them to. 

Casey Ellis (00:20:12):
It was literally MailChimp, for community management for the first six months. 

Pablo Srugo (00:20:15):
And you're just like, here's an app, here's the bounty, go at it?

Casey Ellis (00:20:19):
Yeah and then we did vulnerability intake through, I think it was Wufoo. One of the form generators that was around at the time. So, not super secure, not cutting edge.

Pablo Srugo (00:20:27):
They would tell you, hey, I found this thing, here's my email, 

Casey Ellis (00:20:30):
Yeah.

Pablo Srugo (00:20:31):
And then you'd pay out, if it. 

Casey Ellis (00:20:32):
So, a big part of why we were doing it like that was, we need to understand. How do we structure forms so that we're getting the right kind of data from researchers that are participating in these programs? We're going to need to move around with that pretty quickly because we're going to learn a lot of stuff very rapidly. So the idea of using no-code solutions to do that initially with the view of actually cutting our own platform later. That was a very deliberate design choice early on.

Pablo Srugo (00:20:55):
It's smart the way you did it. You really didn't need much product to deliver on the promise, on the value. It was really more of a marketplace type of value prop.

Casey Ellis (00:21:02):
Yeah, is it going to sell? Is the marketplace there? Is there supply and demand? You know, can we connect supply with demand in a way that transacts value in both directions? The first six months was mostly about solving those questions. The other thing that did happen through that period was, you know, we managed to close a bunch of pretty interesting customers. We got one of the big retailers in Australia. We did a deal with Google in the first four or five months, which was insane.

Pablo Srugo (00:21:25):
Wow, how'd you do that?

Casey Ellis (00:21:27):
It was funny, because they were already open to this idea. Because they were running their own VRP. I had a friend who we brought on as an advisor, who literally just grabbed me at one point and said basically like, hey, no one asks the pretty girl to dance. You should go just try it and see what happens. And I did and it worked.

Pablo Srugo (00:21:46):
I mean, they already had this program. Where did you fit?

Casey Ellis (00:21:49):
Yeah, so where we fit. They had a program at the time, so they've since expanded and they're actually a customer of ours now. Which is full circle but at the time, they had kind of a program that was out to the open internet and the way it works. I just realized I haven't explained this yet. It's basically, hey, if you're able to find a vulnerability in our system, submit it here. This is what that process should look like. If you're the first to find a unique vulnerability, you'll get paid for that and then the more severe the vulnerability is, the higher the reward's going to be.

Pablo Srugo (00:22:18):
Do you remember, how much are they paying? More or less, what's the range?

Casey Ellis (00:22:21):
Now, I'm not sure. At the time, it was probably $500 to $5,000 or $500 to $10,000, something like that. So the program that we ran was a really focused crowdsource testing engagement on a particular product that they were in the process of releasing. So it wasn't like a big part of the open program. It was this smaller thing that they wanted to direct specific attention to. So that's why they brought us in.

Pablo Srugo (00:22:44):
That was the value. It was just speed and hyper focus on one specific thing.

Casey Ellis (00:22:47):
Yeah, it's like, how do we take everything that's out here on the community side and then. Basically put it to work, according to what the customer needs? That was sort of always the picture. The idea of Bug Bounty at that point in time was just, it's the open internet doing whatever it wants and you pay them if they're useful. But the picture that I had was that this could actually evolve into, a crowdsourced marketplace for security intelligence and applying that for defensive problems.

Pablo Srugo (00:23:10):
We have tens of thousands of people who have followed the show. Are you one of those people? You want to be a part of the group. You want to be a part of those tens of thousands of followers. So hit the follow button. By the way, the landing Google. I have to assume would have been massive from a branding market perspective.

Casey Ellis (00:23:26):
It was huge. We weren't able to talk about it a whole lot, but we were able to talk about it in context of fundraising. All those different things, it definitely helped.

Pablo Srugo (00:23:34):
Well, because you can say, look, the guys that invented this thing is actually using us. I mean, that's just so powerful.

Casey Ellis (00:23:38):
Yeah, and they're validating the overall concept. They're using us as a company but this overall idea of like, no, Bug Bounty is just the start of this. It's literally about trying to corral all of the intelligence that you can to be able to outsmart the adversary and then to do that in as many ways as you possibly can. That was the thesis and Google buying into that kind of validated the overall market category at that point in time. So that was huge, yeah.

Pablo Srugo (00:24:01):
It's interesting, sometimes the products are just so complicated. You're like, what the hell? And the other times it's so simple, it's too easy. You know what I mean? Like, what's the vision, right? So I'm curious back then you're at Seed and you're like, hey, we're going to effectively have this marketplace between, you know, hackers on one side and companies on the other. And we'll match them, and do these bounty programs. What was the big vision that you would tell specifically to VCs to raise, you know, and promise this kind of venture type outcome?

Casey Ellis (00:24:24):
Yeah, so an interesting part about that is that we had commitments for I think it was $1.6 million out of Australia before we flew to the US. I knew at that point in time that I wanted to raise US institutional capital. So we got out here and started pitching here.

Pablo Srugo (00:24:38):
You're in the Bay Area now?

Casey Ellis (00:24:40):
Bay Area, yep. Yeah, the first probably five or six pitches I did were with like big tier firms. Because all of the mentors and Startmate was super excited and all that kind of stuff. So they made intros, and I blew every single one of them. Because I'd learned to pitch it like I was in Australia. It's like, oh yeah, we figured out, you know, this way to make a sausage machine and you're going to pay me money. I'm going to crank the handle and more sausages are going to fly out. Which at the time was the kind of pitch that would work really well in Australia. But over here, it kind of.

Pablo Srugo (00:25:06):
Fell flat, I would assume?

Casey Ellis (00:25:08):
It includes division.

Pablo Srugo (00:25:09):
Okay.

Casey Ellis (00:25:09):
Do you know what I mean? It's sort of like, okay, if you're six months in and feel like you've got it figured out. Then you don't have a big enough vision, and the reality was that I always had a bigger picture of where this was all going to go. I just needed to reframe how to actually articulate that. So that took a little bit of time, but we got it done.

Pablo Srugo (00:25:24):
What was that articulation?

Casey Ellis (00:25:26):
Basically, the idea of crowdsourcing being a fundamental component of how we outsmart the adversary, period. It's not just one person being paid by the hour trying to do that. It's not just automation being relied on to do that. It's, we're all here as defenders because we've got a crowd of creative human adversaries. That are trying to mess with us and that whole idea of humans being the thing behind crime. That predates the internet by a couple thousand years, right? It's pretty reasonable to assume that's what's gonna continue into the future. The picture I had was well we're doing it wrong, right now. Because there's this entire community that can come in and stand in that gap, and the disconnected from it so let's bring them in.

Pablo Srugo (00:26:06):
Was it as far as ending pen testing sort of thing? This would be the replacement of that? That's the market you're going after? Was that kind of the framing?

Casey Ellis (00:26:13):
There was an element of pen test is BS. I actually pitched it more as a future of work play, early on. So the TAM and the SAM disruption that I was speaking to when I was trying to bring metrics into those early pitch decks. That was mostly pen test market.

Pablo Srugo (00:26:27):
Future of work, was one of those big themes back in probably 2014 era, right?

Casey Ellis (00:26:31):
Yeah, it was like crowd was huge at that point in time and, you know, when you think about it at that point in time. I think it was a million unfilled cybersecurity jobs globally at a median annual wage of $120,000 a head. So if you do the math on your total potentially addressable market there, it's big, right? That's a really coarse way of figuring out a TAM and I didn't lean too heavily on that. But that's sort of how I was framing it. It's like, this is going to be a lot of how we end up doing work in the future.

Pablo Srugo (00:26:56):
And the moat would be what? That you would have all of the testers on your platform and so that just would be the classic network effects type moat?

Casey Ellis (00:27:04):
Yeah, there's definitely that. There's the moat, you know, marketplaces are interesting. So the other thing I did a lot of at that point in time was spend time with the founders of like 99designs and Upwork.

Pablo Srugo (00:27:15):
Dude, I forgot 99designs. That's where, yeah. That's where my logo was made, yeah.

Casey Ellis (00:27:19):
This goes back a ways, man and I mean, even eBay at that point in time. It's like, all right, how do marketplaces work? What are the things that I might be missing in terms of the dynamics of how to build a business like this? And yeah, network effects, your supply demand ratios, all of these different things. There is an element of land grab that's just inherent to building a marketplace company. But I always saw that as being fairly fragile as the only thing to rely on. Because ultimately, customers don't want to be vulnerable. It's different to eBay because sellers want to sell things and buyers want to buy things. And it kind of, you know, accelerates as it grows, right? With this, you kind of don't want the thing that you're paying for. So there's a negative feedback loop there. So it's like, there has to be something else. So what we ended up doing was really focusing on the data side. How much do we know about the crowd? You know, how do we, for them, be in a position where we can connect them with opportunities where they're most likely to be successful and then do that in a way that maximizes the success for the customer. So that's kind of the platform expert piece that comes into it and you know we're actually pretty early in the whole idea of SaaS enabled marketplaces. That's a well established thing now but we had to figure out the financials for how to make that actually work as a business kind of from scratch.

Pablo Srugo (00:28:28):
I was going to ask, what is the model? On the customer side, they're paying a SaaS fee plus. Is it you get a take of the bounty?

Casey Ellis (00:28:36):
No, so that's the fun part. So the liquidity from supply to demand basically operates as a float, across the top of everything. We're charging customers for is using the platform to make the program itself happen in the first place. So it's basically a SaaS like revenue model.

Pablo Srugo (00:28:51):
But you take none of the bounty? So there's no take rate.

Casey Ellis (00:28:54):
That's correct. There's a couple of exceptions where we run payment only programs for larger organizations, that kind of want to do it that way. But for the better part, it's just the platform fee and then everything that goes between the customer, and the crowd happens as flow.

Pablo Srugo (00:29:07):
And so going back to the storyline, you went to the Bay Area. I mean, I'm curious on, I know this was a long time ago. But on those meetings, you said, you blew through a bunch. Obviously, you know, I assume some went well. You ultimately raised, I don't know if you remember any one of these either really bad or really good meetings, but those are always interesting stories.

Casey Ellis (00:29:22):
Yeah, I think the interesting feedback that I got. It was actually, I'm not going to say which firm it was because I don't want to out them. Because honestly this wasn't their fault, in a lot of ways. But I remember it was one of the Sand Hill kind of name brands and kind of walking out of that meeting, and driving back across to Oakland. Where we were staying at the time across the cemetery bridge thinking, what the hell's wrong with these people? Don't they understand? And just sort of raging at the fact that they didn't click with the future of this thing, and all of the value that I saw in it. In the way that I'd experienced kind of up until that point and yeah, I kind of put the brakes on myself for a second. Not literally, because I was driving a car but mentally and I'm like, well, yeah, my job is to understand this industry, the market, the future of the market, where it's going, see around corners, do all those different things. That's my job, and my job is to be the best in the world at that. Their job is to be the best in the world at taking ideas like this one and creating value from them. So, maybe there's something that they know or that they're thinking about. What I'm trying to do that I'm missing here, and it's not about them being stupid. It's about me not listening. There was this intercepting myself moment that happened along the way there. Yeah, I kind of went into a hole for about a month after that. Kind of refactored the pitch and started testing it with folk. And you know, when I came back, it kind of worked. We ended up over subscribed and raising 2 million bucks at that point. So yeah, it was interesting. I think the biggest thing was that if I pitched it just as a better pen test. That is cheaper or it's more effective for the same amount of money and we're just going to go out, and cannibalize that market. People got it and they kind of lent in to some degree. The Australians love that, but the Americans kind of didn't and it's because, yeah, that's a race to zero solution to an existing market. If that's all you've got, then that's not really a big enough kind of vision or return for the kind of investments that we want to try to make as a firm.

Pablo Srugo (00:31:15):
But it clicked when you did what? When you said it was kind of the future of work? That was the pitch that clicked?

Casey Ellis (00:31:19):
Yeah, this is a bigger play. This is never going to go away. If we get this out of the bag and actually execute on getting the market used to this concept. It will never go back in the bag and if we're in a position to actually lead that, and maintain that leadership, and maintain a premier position on driving that market forward. Then we're going to have, you know, a right in perpetuity to profit. So as a VC, that's the kind of thing you want to hear, right?

Pablo Srugo (00:31:40):
What was the hard, typically the marketplace is their hard side. Either the customers, usually it's the customers because they pay, but sometimes it's not. Sometimes it's the, I guess in this case, the talent. Which of the two sides was harder at the beginning? At that Seed stage?

Casey Ellis (00:31:52):
Customers, a hundred percent. I was cheating a little bit on the supply side, because I was already a part of that community. So I already had, you know, some degree of trust and different things like that. And then once you kind of drive a message across that bridge of trust, and people have a good experience than they tell their peers. And it kind of grows out from there, and that's how you get your network effect, right? So that was always kind of easy. The harder part was going to customers and saying, hey, here's this crazy idea. It was really this idea of unseating folks and their opinion of hackers is just inherently bad. Do you know what I mean? That was a frightening concept to a lot of folks. So there was a lot of work in the first probably two or three years that went into just getting people over that initial hump.

Pablo Srugo (00:32:35):
Break down, as detailed as you can. The tactics on go-to-market. I mean, this is probably the number one thing that early stage founders want to know. Because everybody wants to grow faster and it's like, okay, value, problem, solution. They look at themselves like, well, I got a problem, I got a solution. Okay, how does this guy now have $180 million? What did he get right? You know, how did you make that happen?

Casey Ellis (00:32:56):
No, for sure. One of the things that clicked for me early on in my career, is the idea that problem solution fit in the absence of product market fit doesn't solve the problem, right? That's a great problem solution fit you've got there. That's awesome, Mr. or Mrs. Technical Founder. If you don't plug it into where the problem actually exists, then it's like a tree falling in the forest with no one there, right? It's like, cool.

Pablo Srugo (00:33:17):
That's what you're talking more ROI, ICP, KPI? These kind of things matching all together?

Casey Ellis (00:33:21):
It's like, how do you package it? I view marketing as much of a technical issue to solve in the early days as a startup founder, is the actual intellectual property problems that you're trying to solve. So that was sort of my bent going into this whole thing. I recognize that's not always necessarily how people think about it, right? So I didn't want to call that out. But yeah, early on it was really about probably the first thing I did there was, a technique I call my Uber pitch. The whole idea of like the elevator pitch, like you get into an Uber in San Francisco. What do you do for work? Okay, cool, go and the idea was to get through explaining what Bugcrowd is, what it does, why it matters in 30 seconds or less, no jargon.

Pablo Srugo (00:33:59):
Is this part of like a demo?

Casey Ellis (00:34:00):
No, it's just literally. This is me practicing before the demo and before the intro call, right? So I'm sitting there with a driver. I don't know how technical or non-technical they are.

Pablo Srugo (00:34:09):
Oh, you're actually doing this in Ubers. I thought you were just calling that. Okay, got you.

Casey Ellis (00:34:12):
No, no, no. Literally every time I got in the car, I'd do this and this is how I refined my pitch. Because it's like, if I can get this out. Have them show some sort of buying intent, not confuse them or trip them up in the process. The more consistently I can do that, the more I'm going to be able to create a message that my team is going to pick up and sell, and be able to sell rather. And probably the better it's going to connect with the market. Because it's sort of catering to the lowest common denominator in terms of your door opener.

Pablo Srugo (00:34:37):
Yeah, walk me through that. Because a lot of people would say or some objection would be like, well, I'm selling a technical product to a technical audience, right? You're selling this cybersecurity thing to chief cybersecurity, whatever. They know you don't need to dumb it down. Do you know what I mean? And yet, you do see the best products find a way to simplify and somehow that helps.

Casey Ellis (00:34:52):
I actually disagree with that, in terms of the need to dumb it down. You don't want to dumb it down to the point, where you're just spouting buzzwords that no one understands. We've had this principle within Bugcrowd since the get-go, simple is strong, right? How do you boil something down without burning it? Because if you can get it to that point, then you can add complexity or add different things on top of it, and you've got a really strong foundation. If you don't do that first, then you've got all this complexity that you're trying to navigate and build on top of. So you want to do that part first, which is kind of what I was doing with the Uber pitch. But yeah, I do think that the best managers, especially if you're selling to a CISO or someone in an executive role. The reason that they're there, I think nine times out of ten, is because they've figured out how to do this too. 

Pablo Srugo (00:35:33):
Right.

Casey Ellis (00:35:34):
So it almost becomes like a game recognizer's game thing at that point and you can kind of interface with them on the level of, you're not really here to solve the particular part of the problem that I solve. This is one of the hundred things that you care about right now. But I'm going to try to meet you at your level and articulate how I think I can create value. And if we can cross that bridge, then we can do the rest of it.

Pablo Srugo (00:35:53):
When you say that way clicks, especially in the sense that none of these things happen in a vacuum. So even if your buyer is technical, unless it's like a $5 a month product for themselves. You know, they swipe their credit card, they're part of a bigger organization. They've got to sell a VP here, you know, their CEO there, their CFO there and they know if they're ahead of doing that. Where are they going to invest their time? Because like you said, they've got a hundred things to do. This thing is hard to explain, then all of a sudden the ROI needs to be up here for them to be like, yeah, okay, that's the gap I'm gonna need to cover. Whereas if your thing's easier to explain. They're like, well, this will just fly right through, so fine, let's do that.

Casey Ellis (00:36:25):
You want to take as much of the work out of it for them as you possibly can. At the same time as not dumbing down the thing that you're doing to the point, that your pitches are relevant.

Pablo Srugo (00:36:33):
Yes.

Casey Ellis (00:36:34):
So that balancing act is really fine. This just goes back to the Uber pitch. Because the whole thing with that was, I wanted the driver to lean in and say, Oh, cool, what is? You know, some sort of buying intent signal at that point and it's like, I understand how that actually impacts me as someone who uses the internet, and is concerned about internet security. Because that's my stuff that you're talking about securing right now or whatever, right?

Pablo Srugo (00:36:57):
So that's good. So you get the message, simple, straightforward, clean, that's a key part. Talking through the funnel, is it outbound? How are you getting deals in funnel? How are you getting demos?

Casey Ellis (00:37:05):
Yeah, so early on. Australia was all basically relational outbounds. That was literally me going to, you know, my buddies and then kind of one degree of separation from those guys, and saying, Hey, do you want to try this thing? So that was an advantage of coming in from the industry and I think for founders that are thinking through this part. That is your first prospecting ground. Don't think about marketing funnels or PLG or hiring salespeople, or any of that stuff until you as a founder have figured out how to tap out your existing network. Because I think the bulk of the power that you're going to have pre-series A is probably going to come from there. So that was that. When we came out here, it was, as I said, I don't know how to speak American. I've never actually done business out here before, all that kind of stuff. So I actually hired early on for Network Effect and to people that I felt could pick up how I was thinking about the business, and carry it. That worked out really well.

Pablo Srugo (00:37:53):
You mean people who had relationships? Or you're just saying. 

Casey Ellis (00:37:55):
Yeah.

Pablo Srugo (00:37:56):
Okay.

Casey Ellis (00:37:56):
People who had relationships, people who had trust, people who had. 

Pablo Srugo (00:38:00):
What you had in Australia but here sort of thing.

Casey Ellis (00:38:02):
Exactly, like an authoritative voice, enough network to be able to actually use it and then enough trust to be able to actually position a new thing, and have people maybe pick it up, right? So that was early, and again, it was mostly relational outbound very early on. Then I hired two salespeople. Because if you're going to do that, you never hire one, you always hire two. Because that way they compete with each other and G each other up, and it's a lot more fun. 

Pablo Srugo (00:38:24):
And those salespeople were closing demos? Or they were sourcing and creating leads?

Casey Ellis (00:38:28):
All of it. Yeah, this was, you know, we were like fifteen people at this point. So we hadn't really stratified.

Pablo Srugo (00:38:34):
This was post or pre-series A?

Casey Ellis (00:38:35):
Pre, so it's post-seed, pre-series A. 

Pablo Srugo (00:38:37):
Yeah.

Casey Ellis (00:38:38):
Yeah, so we hadn't stratified any of that. They were just doing all of it and what I tried to do was to get people that had come in from a solutions, sales, or even a consulting background.

Pablo Srugo (00:38:48):
In cybersecurity or it didn't matter?

Casey Ellis (00:38:50):
No, in cybersecurity. Because then they've got a trusted voice, right? But if they know how to sell, then really the only thing you got to worry about at that point is figuring out whether or not they know how to close. Because it's not always the same thing, right? But that's where the two folk together.

Pablo Srugo (00:39:02):
And did you narrow at that point your ICP? Like mid-market, $10k, $50k, CV? Do you know what I mean? Did you get all that or just kind of whatever?

Casey Ellis (00:39:08):
No, honestly, we're still in the category creation phase at that point in time. It was a lot of evangelism, a lot of going back to what I said before. The idea that hackers aren't scary, they can be helpful, all that kind of stuff.

Pablo Srugo (00:39:19):
And you're doing that one-on-one or are you doing conferences and a bunch of more paid marketing stuff?

Casey Ellis (00:39:24):
All of it.

Pablo Srugo (00:39:24):
All of it, all the time, even in that early phase?

Casey Ellis (00:39:27):
Yeah, a hundred percent. One thing that we did really effectively, like Bugcrowd's kind of known in the community as a swag company that dabbles in cybersecurity. Because we've always had this really strong kind of branding and swag game. And the origin of that was just after we came out, going to one of the biggest security conferences in the US and it's like, you know, we're seven people at that point. How's anyone gonna know that we're here? So I came up with this idea for a t-shirt that said, my other computer is your computer. Which is kind of a play on an Amazon t-shirt at the time, right? 

Pablo Srugo (00:39:56):
Right.

Casey Ellis (00:39:56):
We went off and printed 500 of those. And by the end of the week it looked like a hundred people worked for Bugcrowd, and everyone was talking about it.

Pablo Srugo (00:40:03):
Did you get a booth or you just kind of went to the show? How did you guys do it?

Casey Ellis (00:40:06):
Nope, we just dropped shirts everywhere and people put them on. That was the strategy, right? And it worked. And the thing that it was really successful at was getting people to kind of look over the fence, and get intrigued. People actually wanted to wear that design because it was cool and it was interesting, and it started conversation, and all that kind of stuff. And we just sort of learned from that and kind of doubled down on it year after year. That idea of memes that fit into this intersection between your community and your buying community. We've always marketed really heavily at that crossover point and I think that's actually served us really well. Especially in the early days when it was really mostly a matter of just explaining to everyone, what the heck is it that we're doing and why is it safe, and not dangerous.

Pablo Srugo (00:40:44):
Well, it's funny. Because there's always, I think, this question about when should you start doing this kind of hard to attribute brand type marketing? You know, you give a hundred shirts, what was the ROI? How many leaves did you land? I mean, maybe you have that, but it's kind of hard to know, if you don't even give them the shirts you sell. But in your case, sounds like that was useful even back then, it kind of lifted all the other efforts.

Casey Ellis (00:41:05):
Yeah, that's a really good call out. I definitely wouldn't advocate an approach like that for everyone. For us, we knew that we were building a marketplace, we knew that we had a category creation problem and that we had some kind of education that we needed to do around the different aspects of our marketplace. And we knew the community was going to be a major driver of the business going forward. So all of those different things kind of prompted that investment and yeah, tying those back to leads at the time was difficult. But the thing I will say now is that a lot of Bugcrowd customers reach out every now and then and say, Oh yeah, my Grace Hopper t-shirt that I got in 2016. Which is like my favorite t-shirt is wearing out. Can I get another one? And they're like, you know, seven figure, eight figure deals now.

Pablo Srugo (00:41:45):
And this is, you call it category creation. Which it is, but was there already a budget line? Were you just taking pen test budget or did they have to kind of rethink that?

Casey Ellis (00:41:54):
It was really a matter of them rethinking that. I think for the better part, there was some elements of net new. What we found early on was targeting net new. The ICP for targeting net new budget creation was way narrower, than going after existing budget. So this kind of pitch that I mentioned before of do you feel like you get better return on investment for fifty grand worth of pen testing with twenty people not one. That was an easier sell early on than this idea of you need a full disclosure program or a bug bandy program. That's a little bit different now, but yeah. It's definitely, I think just for the audience, like share of wallet. This goes back to the messaging thing as well. Your internal evangelist, your internal sponsor, at some point they're going to have to have a conversation with the CFO and the first thing the CFO is going to do is open up a spreadsheet, and see if there's an existing budget line item. So if you can attach to that, that's your shortest path, full stop.

Pablo Srugo (00:42:46):
And how fast did growth happen? How fast did you hit a million ARR?

Casey Ellis (00:42:50):
We hit a million in bookings in the first year. We did, I think it was $3 million the following year. It grew pretty quickly early on.

Pablo Srugo (00:43:01):
Did you triple to ten like the year after sort of thing?

Casey Ellis (00:43:03):
I think we hit seven and a bit the year after that from memory. Yeah, there was an initial hockey stick off that whole. Yeah, this is way better return than what I'm doing right now. Then competition started to arrive. Then it was like, okay, what do our unit economics actually look like? And how do we start to figure out repeatability, and all that kind of thing. And it sort of slowed down a little bit while we're working that out. But that's how it worked in the early days.

Pablo Srugo (00:43:25):
We actually were going to record this months ago and then you had like on top of everything that a founder has to deal with. Frankly, a crazy kind of health situation. Tell us a bit about that and just like how you dealt with that personally, and then on the business front.

Casey Ellis (00:43:37):
Yeah, sure. I appreciate you bringing it up. Basically, I had to have open heart surgery in July of last year. So it turns out I had a genetic issue with a valve in my heart that we thought I'd gotten away with. But it turned out that I hadn't and we discovered that, late July or late June, rather, and I was on the operating table in July. So, yeah, that was definitely not on the Bingo card, but I'm here now and it all worked out well. So, yeah, look after your health, I guess, is the main. That's been the main story I've been talking to founders about. Because the founder lifestyle, doing security, all those different things. It didn't contribute to the issue itself, but it definitely would have, you know, in hindsight contributed to me kind of ignoring things probably longer than I should of. That could have ended up making the treatment, aspect of it less severe. So don't ignore that stuff.

Pablo Srugo (00:44:22):
And are you back fully now? Or what's kind of the longer term impact?

Casey Ellis (00:44:25):
Yeah for the better part it's definitely building energy back and doing all those different things that you got to do after surgery like that. But yeah, it's effectively back online. I think I think on the business side, the part that was really cool with that was we brought in a CEO three years ago now. I think it is three or four. Geez, okay, there's a blip in there for obvious reasons, but I think it's three years ago. Dave Jerry, and he's been fantastic. As a leader, as someone to partner with, as someone that I just really trust with the business and who's actually doing a phenomenal job of growing it, and continuing on its mission.

Pablo Srugo (00:44:57):
What's your role then, day to day?

Casey Ellis (00:44:59):
So my role at the moment is basically founder and advisor. I kind of stepped back from an operating role, on account of the health stuff. I'm still pretty involved in various things around the place, but the whole thing there was being in a position where I could actually focus on health and recovery and all the different things to go along with that. And not be kind of freaking out about the business in the meantime. That was a huge blessing to be in that position as all the stuff went down.

Pablo Srugo (00:45:23):
I know we're coming to the end of it, but just the CEO piece. How did you think about bringing in a new CEO? And then what role did you go into after that? How was that whole process is full of emotional, high emotional load, I would say for founders.

Casey Ellis (00:45:34):
Yeah, I mean, I think the big thing with it is, when you start a company. It's kind of like having a kid. There's an early stage where literally everything you do kind of contributes to the survival and the well-being of that kid. But then as they grow up, they start to become more autonomous and all those different things. I've sort of always thought about it a little bit like that. So, there is definitely a way of thinking that I think is useful for founders to get in their head when they're thinking about the long-term role. It is key to call out that I've been at this now for thirteen years. So this is not a three-year story that we're talking about here. So yeah , I made a move to bring in a CEO about six years in. At that point, moved across to chairman and CTO. And then about five years later, we made a decision to change that person and bring Dave in. And at that point, I moved into the chief strategy officer role. So yeah, it's been an interesting journey. The memoirs are going to be kind of fun, at some point in the future. But the one piece of advice when I get asked this question by founders is that in that seat. Especially the founder CEO seat, you should be completely unafraid to ask yourself the question, am I the right person to be doing this? Because the moment you start to get nervous about asking that question, you've got an actual problem. If the answer is, oh, well, you know, maybe, but what if I just got better at that thing? Maybe someone else, those kind of answers give you opportunities to grow, to hire, to do all those different things, seek mentorship, whatever. But the minute you feel afraid to ask yourself that question, you're going to end up with a problem.

Pablo Srugo (00:47:01):
The simple is, if there's one role where you can't have the wrong person in it. It's the CEO role. It'll live back every single thing.

Casey Ellis (00:47:08):
One hundred percent. At the end of the day, when you started this thing. You had a picture of the future that you wanted to see fulfilled and ultimately it becomes more about that than any particular title that you might have at any given point in time. So I think just ruminating on those things and keeping them in mind as a leader is a good thing to do.

Pablo Srugo (00:47:23):
Perfect. Well, let's stop it there and I'll ask the three questions we always end on. For you, when did you feel like you hit true product market fit?

Casey Ellis (00:47:29):
2016, I would say.

Pablo Srugo (00:47:31):
What was the context?

Casey Ellis (00:47:32):
There was a motion and a huge uptick. We got suddenly a lot better at articulating what we did. One of the things that happened in 2015 was the Department of Defense launched the Hack the Pentagon program. So to see the DOD go out to the open internet and say, hey, we need the help of 15-year-old kids to secure our stuff. That had a profound impact on everyone else who was asking that question. So there was a whole bunch of things that came together at that point in time. But yeah, that's when I feel like we really hit our stride.

Pablo Srugo (00:47:58):
And then on the flip side, was there ever a point where you thought things might just not work out and things could completely fail?

Casey Ellis (00:48:04):
Yeah, 2017. No, want to be mindful of time, but the different kind of leadership decisions. There's definitely moments in that, that feel like that. I think the thing, you know, when you're doing category creation and when like it works. There's high points and low points, and they're often very close together. So this whole idea of like, oh my God, is everything going to catch on fire and fail? That's, I wouldn't say it's a daily occurrence, but you know, versions of that do happen pretty frequently.

Pablo Srugo (00:48:31):
Last question, what will be your number one piece of advice for an early stage founder?

Casey Ellis (00:48:35):
Be kind to yourself, get yourself in community and get people around you that understand what you're doing, and who will call you on your BS, and be a cheerleader all at the same time. And then listen to them, and then figure out, the ninety percent of the advice they give you that you're going to ignore because it's your vision, not theirs.

Pablo Srugo (00:48:51):
Awesome, dude. Well, thanks so much for jumping on the show, man. It's been great having you.

Casey Ellis (00:48:54):
You're welcome. It's been great, cheers.

Pablo Srugo (00:48:55):
Wow, what an episode. You're probably in awe. You're in absolute shock. You're like, that helped me so much. So guess what? Now it's your turn to help someone else. Share the episode in the WhatsApp group you have with founders. Share it on that Slack channel. Send it to your founder friends and help them out. Trust me, they will love you for it.