He ignored users for a year. Then landed a $1M contract. | Sam Jones, Co-Founder of Method Security

Pablo Srugo (00:00:00) :
Once you launch, how long did it take to hit a million ARR?

Sam Jones (00:00:03) :
We've made more than a million on our first contract. There's something about maintaining a small enough engineering team that allows us to be so artistically generative right now. If you were to look at our org chart, our CTO has fifteen people reporting to them. It gives us such an advantage because we have so few communication nodes of our engineering team, and we're shipping so fast. And because we don't have to think too much about support and sales right now, it's all funneling into product investments. The product market fit for an enterprise motion we're doing, it's really different than a PLG. For us, we met with a certain customer that did a ton of market research into all potential solutions that were in the offensive security space and they went from market research to deciding to choose Method in such a rapid timeframe on a dollar amount that was unprecedented for us. But I knew this team could have anything, and they chose us, and they chose us very quickly.

Previous Guests (00:01:04) :
That's product market fit. Product market fit. Product market fit. I called it the product market fit question. Product market fit. Product market fit. Product market fit. Product market fit. I mean, the name of the show is Product Market Fit.

Pablo Srugo (00:01:16) :
Do you think the Product Market Fit show, has product market fit? Because if you do, then there's something you just have to do. You have to take out your phone. You have to leave the show five stars. It lets us reach more founders, and it lets us get better guests, thank you. Sam, welcome to the show, man.

Sam Jones (00:01:32) :
Thanks, Pablo, for having me.

Pablo Srugo (00:01:33) :
So you started Method Security a couple of years ago, and your co-founder is from the NSA. You're from the Air Force. We've had a few people. We had Huntress, Kyle's from the NSA, and we had ID.me, the founder was from the Army. And I always, in those cases, tend to kind of gloss over background pretty quickly just to set context. But everybody's interested in what's going on in those places and so maybe you can tell me a little bit about, what you were doing for the Air Force and what that world was like.

Sam Jones (00:02:00) :
Yeah, so in a way I was the user that I am now serving and you can think of Method Security building the tools, that my co-founder and I wish we always had. My role, I can tell you my role in the US Air Force and, my co-founder and CTO's role at the NSA. But I was a defensive security operator, and so I was operating other security products to try to find bad guys, find risks and so that means I was a product expert at things like Splunk and other things that are your typical security IT stack. And I kind of saw firsthand what worked, what didn't work, what wasn't up to the mission scale of trying to defend a one million plus endpoint network.

Pablo Srugo (00:02:40) :
So you weren't doing offense, you were just doing defense.

Sam Jones (00:02:42) :
Yeah, I was doing defense. I basically fell in love with the mission and the people and, you know, the importance of what we're doing. But I was extremely frustrated by maybe having an idea about how to do something better, and I could go do a prototype of something new. And then the apparatus of the Department of Defense wasn't equipped to handle a twenty two year old with young ideas like that. And so that left me pretty eternally frustrated.

Pablo Srugo (00:03:06) :
How long were you there for?

Sam Jones (00:03:07) :
Only a year.

Pablo Srugo (00:03:07) :
Oh, a short stint. Okay.

Sam Jones (00:03:09) :
I was on a scholarship commitment, and I wanted to serve the same mission. So basically right after my commitment was done, I drove right to New York City to start at Palantir. But my CTO kind of had a similar, I think he was at the NSA for two years, but he was building tooling. So he was more of a security developer and he built tools, for both the defensive and offensive mission. So he had a different perspective of a similar problem, where I was more of our user and he was more the engineer, if you will. But we're obviously fusing some of those perspectives to build the company that we're building today.

Pablo Srugo (00:03:42) :
And then tell me a bit about Palantir. That's another kind of shrouded in secrecy and nowadays super hyped up because this talk has just been ridiculous. So a lot of interest in that too.

Sam Jones (00:03:52) :
Yeah. So I joined Palantir twelve years ago, and the Palantir then. You know, there's a lot of things that are identical, I would say, to the Palantir today. But the thing that a lot don't realize about Palantir back then, when my co-founder. My third co-founder is also from Palantir, so three of us had worked on projects there previously, but when I got there in 2014, there was no real product. I mean, there was Gotham, and it was deployed in some intelligence and special operations type workflows. But especially for the commercial business, what I focused on right out of the gates, we would get access to really hard problems at Fortune 500 type organizations and just build something from scratch.

Pablo Srugo (00:04:28) :
So it was straight services, like service devs almost kind of business.

Sam Jones (00:04:32) :
Well, we were trying to productize our services in a way and then get users onto that, and then the global brain of Palantir would try to, you know, use this FTE model to collect the global learnings and productize that into a platform, which ultimately became Foundry. But in those early commercial days, like 2013 to 2016, there was nothing. We were on our own. It was really hard. Pressure was on and it was almost like you got these reps at running a little startup. But the advantage of why Palantir has produced so many founders is because I got basically six reps at starting and mostly failing my own little companies. I now have a lot more operational learnings that I'm productizing, and I've seen a lot of the problems that I'm seeing today.

Pablo Srugo (00:05:15) :
It's wild that Palantir worked out the way it did. It's really hard to make that transition from services to product, and I think a lot of tech type services companies want to productize but fail to. We had in Canada one called Element AI, raised hundreds of millions. Same idea, let's get very smart AI people, build AI things for companies, and we'll figure out the product. And it completely imploded, so pretty wild, pretty wild story.

Sam Jones (00:05:37) :
It was wild, but just probably nowhere better to start a software career than Palantir, and I'm very fortunate to have been a part of that process.

Pablo Srugo (00:05:44) :
What were you doing right before you started this startup method?

Sam Jones (00:05:48) :
I worked for a more traditional security software company, and my intent, I was VP of Product. It was a detection and response company, and I helped them go from Series A to Series C. That was just a fantastic process to see more traditional security distribution products, like, Palantir was not the right model to try to copy in that regard. I'm, you know, being a government operator doesn't teach you how to distribute and build a sales business. That's what I really learned there, global sales force, global team, figuring out two-tier distribution, things like that and those reps are super important. And I'm thinking about building, and running Method today.

Pablo Srugo (00:06:24) :
When did you decide to leave and start Method and what led to that decision?

Sam Jones (00:06:28) :
My co-founders and I have basically been trying to poach each other respectively for like the last seven or eight years or so.

Pablo Srugo (00:06:36) :
I love that.

Sam Jones (00:06:37) :
We have some shared notion spaces where we've shared business ideas every three to six months, almost over the last decade and the ideas kept getting better. We've actually circled back to an idea that I had for Method about eight years ago, which is what we're building now. Which is crazy but there became a moment where AI was specifically, I started prototyping. I'd been prototyping with GPT-2 to see if I could get it to do some interesting security things. This was back in 2020. When those models were open sourced, you can fine tune them on your local Ubuntu laptop or server and it was kind of dumb, and I didn't quite see it yet. But then when GPT-3.5 and then GPT-3.5 Turbo came out in March 2023, I made a little penetration tests bot that started to work and started to be able to hack some things on my local network. And it was in that moment I called my co-founder Sean. I was like, we have to do this. We have to do it now. We're the only team that could possibly build the thing to help America and help defenders win. So it was a long buildup, and then it was a single phone call, and the next day we were all in.

Pablo Srugo (00:07:42) :
Just to go on a tangent, this idea that you already had the team in place, the co-founding team in place. Well before the idea, is something that's lost on many young first time founders. Speaking for myself, when I started that first startup, right out of school, right out of college. You just kind of, I mean, in that case, he was a friend of mine. We just wanted to do stuff together, so we did and as you go through and build a career, whatever. You end up meeting different excellent people in different places, and you start to see how the pieces, at least in theory, could fit together. You're like, man, if I could put, you're making a team like you would a sports team, right? If I could put this person in this place, this person in this place and obviously, there are a lot of twenty some year olds that start great businesses. But it is one advantage that you only get somewhere in your late twenties to thirties when it starts to happen and a lot of times you hear the stories, that's really how the best teams are built. These are people that have worked together, have known each other for a long time, and just know where everyone is going to fit, and ultimately, it's really all about people.

Sam Jones (00:08:39) :
Totally. Yeah, I think, was it the D top risk or one of the top risks to early stage companies, is founder breakups. Fortunately, my co-founders and I have already done a lot of business and projects, and things together. And we know how to work with each other, so there's no risk there. And it's only helped us accelerate. But yeah, there's a huge event like ten to twelve years ago. A representative company where you could build your skill set and your network would be Palantir. Maybe a better equivalent today would be Ramp, just incredibly talent dense, build your network, and that creates very unfair advantages for doing something like several years after.

Pablo Srugo (00:09:14) :
So after that phone call, do you all just quit and go full time or what's the next step?

Sam Jones (00:09:18) :
It took us about six months or so to incorporate. I have family and I have kids, so there were some things there. My CTO and co-founder was running one of the most important customers and business units at Palantir. You can't just unplug some of those commitments and I was also an executive at a decently sized company. But we started putting ideas in motion that didn't overlap with our current jobs and basically committed. September, we're all quitting, and we're going full time.

Pablo Srugo (00:09:50) :
And this is September 2023, right?

Sam Jones (00:09:52) :
Correct, yeah.

Pablo Srugo (00:09:53) :
And what stage were things at when you did go full time?

Sam Jones (00:09:56) :
Stage in terms, like investment or?

Pablo Srugo (00:09:58) :
Yeah, was there money in? Was the product built? Did you have an MVP? Where were things at in general?

Sam Jones (00:10:04) :
I had an MVP, that little penetration test bot that I made, that was basically our seed pitch. It was pretty funny. My CTO quit Palantir, and he had an eight year run there, and he was going to go on a vacation to Europe. Well deserved, with his wife before he did this thing and I was like, before you go, we need to fly you out to San Francisco to meet with Andreessen Horowitz on Monday. He quit Palantir on Friday, and he was like, okay. And then he went on vacation on Tuesday, and we closed the seed round a couple of days later. It all just happened so quickly, but we went in basically with a prototype demo and a couple of slides, and then the process just quickly ended.

Pablo Srugo (00:10:44) :
How did you raise from a16z? What was that process like for that first round?

Sam Jones (00:10:47) :
So my other co-founder, Dan, who runs most of our work with investors and also our commercial business. He left Palantir in 2022, and had been warming up certain relationships a year plus in advance. And so he did a lot of the groundwork that allowed us to go very quickly. The Palantir alumni network and mafia network also was very advantageous because, you know, folks want to support ex-Palantir founders. There's a lot of former Palantirians that are at some of these investment firms, like Michelle Volz was an example. She was at a16z, a former Palantirian, and was kind of our first connection there. He was building a relationship with a16z prior to that three day process and that allowed Dan, to get to know and trust some of the GPs there that would later on go to support us. So we weren't going into it cold and we knew, obviously, for what we're doing. Which is at the intersection of AI, security, defense, infrastructure, there's really no better first partner there because we just have such a network and system across those different fronts. So they were at the top of our list. When it came together, it just happened quickly. But we put in, Dan especially put in a lot of work beforehand to build relationships to make that happen.

Pablo Srugo (00:12:03) :
How big was that round?

Sam Jones (00:12:04) :
That was a $5.5 million seed round.

Pablo Srugo (00:12:06) :
And what was the initial idea for that? Was it this AI pen testing or what was the first idea of the product?

Sam Jones (00:12:13) :
Basically the same thing that we're doing today, which the idea was broader than that first prototype. It was how can we use AI basically for offensive security behaviors to help the good guys stay ahead of threats, that are going to be using the same types of systems. So we've actually been building the exact same idea from the beginning and have not pivoted at all. Which I think is mostly it, you know,  we've learned a lot along the way, especially around sequencing. But I think we had such unique market insight because of our background that we're basically just piling that into this killer business idea that we have a lot of conviction and opinions around. 

Pablo Srugo (00:12:50) :
So maybe if you can take a few minutes and kind of give me the layman's understanding of cybersecurity and where you fit. Because, I have a few other cybersecurity founders that I had on the show. From the outside looking in, it's like threat detection, it's like malware. Every time, the pitch is kind of like, you know, there's still exposure, and we're going to solve it, and we're going to prevent the bad guys and all this stuff, threat prevention, whatever. But then there are still new companies that come up, and they get crazy traction, people buy their products. So there are still so many gaps. What is the situation, and where exactly does Method fit in?

Sam Jones (00:13:21) :
So I would say broadly, I'll start with some of my annoyances of the security market and how we are thinking going against the grain there. We have this joke internally that the security market is called the cyber industrial complex. Which is that it's this over calcification of all these different magic quadrants and acronyms and things that people pledge allegiance to, whereas there's a significant lack of first principle thinking often. But generally, when starting a new security company, you can either approach it by the domain in which you're trying to build a product or a platform. This could be endpoint, cloud, identity, SOC, or the more type of workflow that you're doing. Whether it's more detection or response focused, whether it's more posture focused, whether it's more offensive focused. And where we fit in specifically, we've had a strong conviction that more point products is not the answer. And this just makes things very difficult for security teams and for buyers to actually get results. But it's really hard to go beyond just a point product, especially in the beginning. So we are swinging big in the sense that we're trying to build a platform, a generalized platform for both posture and offense. Which all has to do with understanding the state, configuration, and relationships of one's environment. And then with that information, you can know how to reconfigure to make it more secure, or how to attack it to break it. And then there's obviously a virtuous loop by controlling both those things. Because you can threaten, break something safely, fix it, and then try it again, almost like an integration test to make sure that you never regress. That statement of what I just said happens to cut across maybe a dozen named Gartner magic quadrants and so we look and feel very different. And so to your question, where do we fit in? Practically speaking, we have numerous competitive fronts. Anything with X posture management, we probably compete with anything with asset management or exposure management adjacent. We probably compete with auto penetration test, breach attack simulation, adversary emulation, those are all things that we either do or are very competitive with. But the thing that we are selling really is more of an outcome about resilience and that is where I think, we get a lot of go to market differentiation and feel different. Especially for the early adopter security teams where they understand we can't just assemble eight different point products across these different things. So we're going to either have to build a better story, or maybe someone can deal with us at our scale, and we just have the technical and go to market background to pull it off.

Pablo Srugo (00:16:01) :
So maybe to kind of clarify, we just had Shahar from Terra Security on here. They're kind of like AI pen testing sort of thing, right? At least that's how I understood it. Would that be similar to what you do or not so much?

Sam Jones (00:16:14) :
Yeah, we do a lot of that. We view automated penetration testing as a use case of our platform and generally, what happens when you have companies that focus on that single use case. They're probably going to make something that's more broadly and widely applicable. Maybe it does a better job at certain compliance things you can offer to SMB and lower size customers, it's very PLG friendly. We are building something bigger and more interconnected. So although there might be capability overlap, there's probably practically no customer overlap. We're targeting Fortune 500, USG, which includes Department of War and the federal government, and state government. And they require something that's a little bit bigger, more intense, a little bit more trustworthy, and something that is more cross-functional in nature. So on the surface, probably competitive, but practically, no and we think that there's a big enough market to support both approaches.

Pablo Srugo (00:17:10) :
Once you go full time and you raise $5 million, do you build for a while? Do you go right away and get a design partner? Obviously the bar for deployable MVP in cybersecurity is pretty high. How do you structure that?

Sam Jones (00:17:23) :
We probably took a different approach than most. We just built. We didn't really even talk to anyone. I mean, we talked to some folks, but I think the common reaction. Nikesh from Palo Alto was on a recent podcast where he talked about this for cybersecurity founders, is everyone wants to go build their customer advisory board, talk to users, talk to users, and say, what do you need? What do you need? We just built to our opinion about the world that we wanted to build and basically just shut everything else out for quite some time. And that's paying off, but it does produce a pretty dark period where no one can quite feel and see your vision for a while. And in our case, because we're building more of a platform product that's cross-functional, that probably took us longer than if we were building a single opinionated point product.

Pablo Srugo (00:18:12) :
Do you think it worked because you're from the industry and you were at these big companies, so you had a clear sense of what the requirements and needs were without extra formal validation?

Sam Jones (00:18:22) :
Exactly, if you think about my experience at the Air Force. I was an operator of some of these equivalent tools. I know exactly how they work, you know, where the pain points are. My CTO is in a similar seat where he was building offensive tooling and knows exactly what works, how that doesn't work. I took a non-security stand at an AI company called Shield AI, which on the surface is nothing to do with security. Obviously, but we're putting AI on drones and fighter jets, and that informed a lot of opinions about how we thought about treating LLMs as a raw technical material. And so we just packaged all of this stuff into a very opinionated company. But I don't think maybe a much younger founder could have done that. There's lots of different ways to start businesses. Ours was to really get a lot of experience before, in our early 30s, starting a company where we thought we had a differentiated advantage on the knowledge that we had.

Pablo Srugo (00:19:18) :
How long did you have that dark build period for?

Sam Jones (00:19:23) :
Longer than I think any of us would have liked. I think six months in we had our first design partnerships. Some of those were Fortune 500 customers. They were naturally more early adopter innovator types. So they knew what they were dealing with, but it was hard for them to totally see and feel the vision, if that makes sense. I would say most of 2024 probably felt like that darker period, where we maintained our conviction that we were going to build a cross-functional platform so that you could basically attack and defend in a single experience. And that just took more than a year to fully build. I would say that whole time was more of that darker conviction type of building, even though we had design partners.

Pablo Srugo (00:20:04) :
Who was your first design partner? You can name them or not, but just at the very least, characterization of who they are.

Sam Jones (00:20:11) :
Yeah, a couple of multi billion dollar friendly organizations were the first. Those were useful because lower stakes, but big enough to be somewhat representative. The next two customers, one was a Fortune 200 customer that has a lot of elite talent on the inside and has a design partnership pipeline. The other one was a Department of War service, which, you would never think of a traditional design partnership with those types, but those were our big two to start. Since then, we added some other Fortune 500s and military customers after that. But it was unique because for our first Fortune 500 design partner, we were able to put it into production since we had some interesting use cases that were lower stakes in terms of data access and we got access to users. It was a little bit like walking through the forest to find the sequencing of things we should do, and that was really useful. But at the same time, we had this other customer in the military that allowed us unique access to certain types of problems. Less hands-on users, that design partnership looked and felt very different, but I think we got access to different information that helped us make certain technical bets for a year out, that was very advantageous. So having this mix of one, users who were in it every day and busting us all the time because things broke or weren’t working, and the other, more early stage R&D. Where they were sharing requirements, we were doing more trainings and labs. Both of which helped us really create an information advantage for what we've been doing now.

Pablo Srugo (00:21:50) :
Yeah, maybe, you know, cybersecurity is a kind of deep topic. You're in it or you're not, but selling to enterprise is something that translates to, you know, just about every vertical. I mean, there are founders that we were trying to sell to enterprise. So maybe let's just go deeper on that initial phase of design partnerships. You talked a little bit about it here, but how did you structure it? How often did you meet? What did you get out of it? What was the end goal? Tell us as much as you can about the tactics of selling to enterprise and getting that first real commercial contract, which then leads to more and more.

Sam Jones (00:22:23) :
Yeah. First, just in the targeting of some of these, there are some organizations in terms of enterprises that are just more naturally going to be better design partners for early stage companies. If you're talking to a large financial institution like a bank, just don't even talk to them because they're not going to fit in that category. Similarly, if you're talking to a slower moving industrial type company, they're also not going to be good and so there's a lot of thinking about the shapes of companies. Their talent internally, and their ability to handle. A lot of these companies, whether it's security or something else. Maybe you're taking on two to three design partnerships per year, but you want to do a lot of scoping to figure out, okay, who are the buyers that are on LinkedIn, that are clearly talking about these things and seem like they're active in the design partnership market? This is something that we did, and in security, it's kind of known what types of organizations and specifically what CISOs are really good design partnership counterparts. So we had a pretty shrunk funnel right from the beginning. Then it's about getting the introduction, whether some of them came from our network directly, or my network. Some of them came from the investor network, probably most frequently. Tactically, we would have a list, a hit list of organizations and the certain people, we would do LinkedIn Venn diagrams of who in our investor network was connected. We would ghostwrite very specific emails for people to send and try to get them to the first meeting. All of those are interesting ways to leverage your network to get to the first meeting. But then it's basically all on you to get them to believe in you, and that's all that you are trying to accomplish here. In some cases, products might be fully baked, really set and ready to go. Ours was so big and so new and unfamiliar that it was more a bet on the team, and we knew that. In 2024, we were not kidding ourselves that we had this agentic offensive security monster yet that was ready for production.

Pablo Srugo (00:24:15) :
How much are those enterprise pitches like and unlike a VC fundraise pitch?

Sam Jones (00:24:21) :
Probably pretty similar, to be honest. I mean, Seed round is betting on the team. Those early design partnerships are betting on the team. So in many ways, very similar. In this case, CISOs, but an enterprise type buyer would probably call that an investor and ask very similar questions.

Pablo Srugo (00:24:37) :
We have tens of thousands of people who have followed the show. Are you one of those people? You want to be part of the group. You want to be a part of those tens of thousands of followers. So hit the follow button. I asked because I was talking to another startup that was kind of selling, I would say, SMB, maybe small mid market, and they're moving up to small enterprise. Let's say, and one of the things is when you show up to a mid market, it's like, here's the product, here's what it does, and they're going to make a decision. Maybe they talk to other people, and they're going to make a decision, and they're buying the product as is today. If in six months somebody else has a better product, maybe they'll churn out and switch. It's just whatever the future is, you can tell them the roadmap is whatever, but it's not the important thing. When you talk about an enterprise in general, my understanding is they're thinking about multi-year partnerships. Whether they commit to that or not, their goal is not to jump in with you for a year and then churn out and have to move to somebody else. The stuff that matters, obviously, when you think about an investor, is that we're thinking about ten year partnerships and so, team matters. Sure, the current product matters, but roadmap matters a lot, right? Vision matters, all these elements that SMB in the market don't care about, enterprise very much might prioritize.

Sam Jones (00:25:43) :
Yeah, I mean, it was very much initially selling on the vision. We had a strong point of view on what AI was going to do to the security landscape, and some of our early design partners happened to share that. So we struck an intersection quickly with that. Then it was about convincing them that we were the most credible team to pull off this thing that they were also interested in, and that we happened to have the most convincing point of view on. Convincing them would be like, is our technical talent above and beyond the best? There are all little different techniques for doing that, like where we would deploy our CTO or maybe myself with their engineering manager and just make them feel like they're joining a technical rocket ship. Or ensuring that we had certain meetings in person and actually delaying meeting them until that happened. Which just shows that they're going to bet on the team they have the opportunity to shake hands with and look in the eye and that also allows them to see that we're not twenty year old founders messing around. And we know what we're doing, and we have done some massive types of business before. And you can trust us. We turned on a lot of initial meetings almost entirely because we could meet them in person. So that was a pretty explicit strategy that we had. Yeah, and then they want to know tactically, what's the roadmap, how much can we influence the roadmap, how are you going to run this, show me your stuff today, can I do a quick trial of it.

Pablo Srugo (00:27:05) :
And how do you structure? Are you asking for $50k, $100k, is it more time commitment you're asking for? What are you trying to get out of the design partnership? Do you bake in the commercial, like how do you think about that first kind of thing you're signing?

Sam Jones (00:27:18) :
Well, the earlier it is, the more desperate one is for access and logo. So that is probably an evolving question and there are many founders, former founders, investors that have strong opinions that you have to ensure that you charge for it so that you know, you're doing something that is worth their time. And we have charged for it in some cases, but in other cases we have not. When you're doing security, especially, like, they're putting you through procurement and also allowing you to have access to certain data is basically a higher bar than writing a $100K check. And so to me it meets the same, you've got to be interested to doing this and we're certainly not going to waste our own time. We had other tactics that we put in, like, duration of commitment, weekly time meeting, badge access, and basically those are all blockers for seriousness. And if they say yes, then we know that they're in.

Pablo Srugo (00:28:11) :
Did you spend time with them afterwards? And you mentioned in person for the first meeting, did you do that after too?

Sam Jones (00:28:15) :
Yeah, we have a pretty aggressive for-deployed model, not quite like Palantir in that it was a part of the business development arm. But more our engineers were sitting desk side, and we ensured that they had access. A lot of that is obviously to get a product advantage, but also to build relationships bottoms up that helped us then convert the sale later on.

Pablo Srugo (00:28:38) :
And then is this kind of how you bootstrap from these more friendly types, and then now you do the same thing with a bit bigger. But you have some proof points, you're like, I'm working with these two logos, and one thing just leads to another?

Sam Jones (00:28:48) :
Exactly, yeah. We went from, in mid-2024, kind of a six month design partnership. Where we would hope for a six month extension. Because that gave us the time it took to really nail down stuff. Now we're at the point where if we're trying to engage with a new large commercial customer, we will do a two hour boot camp. We're so confident in how the product works today, we're just going to say, bring these types of users, we're going to do two hours, and if we knock your socks off then we want to do a two week POV in production. And we think that'll be enough information to make a decision.

Pablo Srugo (00:29:24) :
And is it generally that quick? Because that's a crazy short sales cycle for enterprise.

Sam Jones (00:29:28) :
Well, to get to that bootcamp, yes, is not easy. Even to go from a successful technical bootcamp to either a contract or a more committed large pilot is also not easy. To get to the bootcamp, you need to meet the buyers, and you need technical middle management, and then you need to align schedules, and it's an enterprise nightmare often. And then even when you get the bootcamp, then you're looking at procurement. Oftentimes, just to do a pilot you need to get waivers for interacting with some of their data in a certain way, and there are a lot of things programmatically to knock down. Where we do not look and feel like a PLG company. We're selling pretty big contracts with big customers.

Pablo Srugo (00:30:09) :
How big? What's the ACB these days.

Sam Jones (00:30:11) :
There's a huge skew between government and commercial. Just the nature of what the, government, they're all millions for sure. The commercial side could be maybe a floor of $500K, then maybe closer to a million. But we specifically are taking on a small, dense customer list to let us build product in a differentiated way and not have to hire. We currently have no sales team. We have two people that are not engineers on our team.

Pablo Srugo (00:30:41) :
How many people on the team total?

Sam Jones (00:30:43) :
We're nineteen, so I think sixteen of whom are engineers.

Pablo Srugo (00:30:46) :
And how much were you raised?

Sam Jones (00:30:48) :
We raised $20 million series A.

Pablo Srugo (00:30:50) :
Okay, plus the five, right, okay.

Sam Jones (00:30:52) :
Yeah, so like $25.5 total. But we're pretty lean comparatively.

Pablo Srugo (00:30:56) :
Yeah, I was going to say, what drives that, by the way? Just given the demand, why not double your team size, for example? What's the philosophy?

Sam Jones (00:31:03) :
There's something about maintaining a small enough engineering team that allows us to be so artistically generative right now in terms of our output. I think there is something also about AI tooling getting legitimately really good, and we think about that a lot. So, just on the engineering side, if you were to look at our org chart. Our CTO has fifteen people reporting to them. Maintaining that as long as we can, which, thank you, Sean, by the way, for having the whole company report to you. But it gives us such an advantage because we have so few communication nodes on our engineering team and we're shipping so fast. The second we triple our customer count, this will probably start to fall apart. But for now, we are commercially competing our stuff with buyers that have access to anything and so, we know we have the goods and, because we don't have to think too much about support and sales right now. It's all funneling into product investments.

Pablo Srugo (00:32:02) :
You know, it's funny, curious to step a little more into this. I'm all for small teams, but oftentimes it's because of the nature of what you're building. You're in this kind of, and maybe you are there but in this kind of flywheel where you're putting things out, you get some feedback on it, and you got to have that nimbleness. Which is what this flat org chart allows because the communication alignment is so much easier. But in your case, it feels like the specs. I would think from the outside looking in, the specs are known. It's like, hey, let's go and build this thing because it's enterprise, and they kind of have a clear roadmap. Is that not the case? Even in your world, it's still very much being able to be nimble and just react quickly is still top in terms of what's important.

Sam Jones (00:32:40) :
For sure, yeah and what's funny about how our technology has developed, and also our engineering team. The architecture and the workflows that we drew on the whiteboard on our first day of starting Method are basically still intact. It's still what we're doing, but there's so much learning around the edges and learning about sequencing, and that is where a lot of our nimbleness. Plus, how AI has been changing underneath us, that nimbleness and ability for an engineer to be on site with a user to learn something and then, seventy two hours later, ship a pretty large feature is pretty game changing. That we could not have possibly anticipated. That's where we're generating a lot of alpha right now and we're not formally road mapping in a super structured way. We don't have a lot of friction in the organization. So everyone is pretty much just coding or talking with users and so, there are a lot of reasons to stay nimble, and I think we can stay very lean compared to maybe Palantir when I was there twelve years ago. It just couldn't have possibly been this lean because of, frankly, AI and how we know what we're doing.

Pablo Srugo (00:33:50) :
Tell me about maybe the first true commercial contract you signed. How do you go from a design partnership that's either free or peanut sort of thing to like a half a million, million dollar contract?

Sam Jones (00:34:02) :
Well, with enterprise sales, you have to understand the budgeting process. It's just the reality. It's probably the same in security as it would be in infra, data, or financial tooling. Big enterprises are likely budgeting for the following two years, like a year prior. The government's even worse, and I can tell you how that works but it's like all these scales, 5x. But if an organization is going to make an in-budget year bet on something new, you really have to understand where that money is coming from. They either will have to have something like an AI transformation slush fund or the ability to cancel another vendor contract that you might be practically competing with. Which usually is not possible because of how vendors lock in. At least on an annual cycle and so, you lose a lot of credibility if you ignore those facts. Because then the buyers are like, work with me, these are my realities.

Pablo Srugo (00:35:01) :
Yeah, you're pushing on a string and it just shows your naivete like it's just you can't change that big of an organization as good as your product might be.

Sam Jones (00:35:08) :
Exactly and so, if you meet the buyer where they are, and hopefully you're not hungry for six months of revenue or something like that. There are ways of structuring contracts and scaling them up over time to meet where they are in their budgeting cycle. So that they can program you for a year or two years out and make sure that money is available for them. Maybe they can cancel a certain other contract to free up a small sum of money and so, a lot of our initial contracts practically looked like the first X months are actually free. We like you guys, you like us, we're here for you. Then we free up some small pot of money that is made available for reasons that you've informed us about. After that, there's more money available. We're going to put that into the contract, that it actually has that step up. So you kind of have guarantees of that. Of course, there are usually opt-out clauses for any of these things, which gives the buyer. You kind of need to do that because they're still trusting you to execute the roadmap. But this gains a lot of trust and credibility and also allows you to meet the realities of that organization.

Pablo Srugo (00:36:14) :
What's the trigger point? At what point do you get to it and say, okay, cool, we've done enough on this design partnership. Let's, move to contracting and figure out whatever that step up looks like.

Sam Jones (00:36:23) :
Yeah. I wish there was a scientific answer. There's not, this is something the Palantir training helped a lot with. A lot of my job at Palantir was to run these pilots, which are kind of like design partnerships, scope them, and then sell to the C-suite at the end of it. We know a lot of tricks on how to do that. The users have to be singing your praises. You need to have users who are able to come in and demo to the C-suite and talk to them first person, not have the vendor talk to you about that. Which means you have to have the goods. Obviously, you need to have users trained. You need to make sure that you know the incentives of the buyers. What do they care about? Do they care about the board? Do they care about being promoted? How can you play into that in some way? But if you don't have that full story, you can't push for the sale because you're not going to win and so, then that becomes a decision of do we want to extend the design partnership? Do we want to pause and come back when we have the goods that we're clearly hearing the feedback on the ground, like XYZ is super important for you, and it's going to be five more months or something like that? Can we re-engage then, or maybe you feel confident and want to go for the sale and just go for it? There are so many factors, but the founding team has to have that barometer of whether it's time or not. You have to be setting up these design partnerships at the right time for your company's trajectory to not keep shooting yourself in the foot either. It's okay to take some losses to learn, but you can't keep signing these things up and setting up four week design partnerships when you know you're not going to have the goods in four weeks. It takes a lot of knowing where you're at, where you're going, where the customer is, and what they want. Maybe you say we want to start the design partnership with you in three months because then I know I'm going to have the goods them, and we can actually do a six week design partnership. At the end of that and be confident we can get the materials that we need to say yes. It's constantly shifting all these schedules and relationships around, and that is why I think founder led sales, in particular, where you're controlling sales, BD, and product all at once, is the only way that it really works in the beginning.

Pablo Srugo (00:38:29) :
Once you launch, how long did it take to hit a million ARR?

Sam Jones (00:38:32) :
Well, this is where the government is maybe like, we know how to sell to the government. We have sold to the government. We've made more than a million on our first contract. So maybe that's the wrong question for us.

Pablo Srugo (00:38:43) :
Right, that makes sense.

Sam Jones (00:38:44) :
But that speaks to the advantage of being able to credibly go after dual use. The government is a really difficult customer that has a pretty big budget for things that we're talking about and if you know how to deliver to them. Which is not something you can just wake up and decide, oh, I'm going to support the Department of War now, you have to be born for this and have the experience to do it. They can work with you on helping fund parts of your roadmap, like procuring things in really advantageous ways. All of this administration's different policy, legislation, and executive mandates are making it a very good time to be able to do that type of work, either as a single-use focused defense company or dual use, but you have to know how to navigate that maze. It's not easy.

Pablo Srugo (00:39:32) :
And now that you're on this kind of one-to-ten or whatever path, how do you do enterprise sales more repeatedly, especially at the top of the funnel? How are you going about it? Is it events? Is it pure network? What is the go to market method?

Sam Jones (00:39:46) :
It's network. I mean, because we're focused so much on Fortune 500 and the US government, our CRM is like a single page spreadsheet. We're not doing a full scale top of funnel sales motion and so, we can just look at all the organizations that we want to deploy with. There are certain ways to filter that down to know where we have connections and where we think we have really strong product market fit, and that could be a combination of knowing their industry. There are certain industries that we're more equipped to handle, knowing maybe the background of their CISO. It's tactically useful. If they have a military background, they're much more likely to take the first call and bet on Method. That creates a shared dual use mission that is really exciting. Do they have a red team, which is one of our big user groups, and if so, what is the size of that team? Five plus or minus two is a really nice sweet spot for us. We can do a lot of pre-filtering, and then that list of five hundred becomes like one hundred, and we just hit that list. Now we have a really nice boot camp motion where, when we get them interested, we have a clear process to prove to them that we have the goods.

Pablo Srugo (00:41:00) :
Perfect. Well let me stop it there and ask the three questions we always end on. When was a time that you felt like you'd found true product market fit?

Sam Jones (00:41:07) :
Product market fit for an enterprise motion like we're doing is really different than a PLG style, where you can just look at, crap, people just using this thing. For us, I think there are a couple of things. We met with a certain customer that did a ton of market research into all potential solutions in the offensive security space. Which is a space we play a lot in and they went from market research to deciding to choose Method in such a rapid time frame on a dollar amount that was unprecedented for us. This happened to be a government customer and that time frame was so remarkably tight that I knew like, OK, this team could have anything. They chose us, and they chose us very quickly. That specific feeling was part of product market fit. The other, more classic product focused marker is that we started to have recurring usage of certain types of user groups after we were just grinding with them over and over again. Which is a more classic marker but, honestly, I feel both sides of when those connect on the same customer, it's like we've got lightning in a bottle.

Pablo Srugo (00:42:20) :
You've been on a pretty fast journey. I mean, the company's only two or so years old, but was there ever a time when you thought things wouldn't work out. Maybe even things could fail?

Sam Jones (00:42:28) :
That 2024 dark period that I mentioned was probably the time. Again, to reiterate, we're building differently. We're building to our personal strong opinions, and in the beginning did not take a lot of feedback about that. We had a very specific point of view about where AI was going, the infrastructure needed to make it productive and trustworthy, and security. That was not a weekend project, that was a year long project and before a lot of those foundations were completed. It was hard for others to completely see and feel that vision. In that 2024, even early 2025 time, we would get constant feedback from CISOs, users, and investors alike, of, you're trying to do too much, narrow in, just sell this little widget, and don't do that. It's hard to, frankly, it's hard to keep believing in yourself when you keep opening yourself up to negative reactions like that. At some point, my co-founders and I decided we're just not going to talk to anyone for a little bit. We're just going to continue to put our heads down, and this is either going to work big or it's not going to work. I think it's working but that was a very dark time, and it was hard to not be influenced by all these negative signals from the outside market that I just couldn't see or believe.

Pablo Srugo (00:43:42) :
And what would be your number one piece of advice for an early stage founder that's looking for prior market fit?

Sam Jones (00:43:48) :
Bet on yourself. I think first time founders often think that they can just talk to users, users, users, and find the answer to their problems, and we're just not. It's not to say that you shouldn't talk to users, but you need to have a very clear idea that no one is going to tell you how to build your business. Because if they could, then they would do it and so, you need to be very calculated around your convictions. You know, where to take input, how not to take too much input, and just going for it. But then, once you have that conviction, all the clear measures of rapid sales cycles, sticky usage, recurring usage, displacing other products, all apply. That upfront part, which YC and others have highly popularized, that there is no replacement for talking to users, but you started this company. It's only going to work if it's your idea, and no one else is going to tell you your idea. So just bet on yourself.

Pablo Srugo (00:44:45) :
Sam, it was great having you on the show, man. Thanks for taking the time.

Sam Jones (00:44:48) :
Likewise. Thanks, Pablo.

Pablo Srugo (00:44:49) :
Wow, what an episode. You're probably in awe. You're in absolute shock. You're like, that helped me so much. So guess what? Now it's your turn to help someone else. Share the episode in the WhatsApp group you have with founders. Share it on that Slack channel. Send it to your founder friends and help them out. Trust me, they will love you for it.