 Hi everybody, welcome back to Falcon 22. I'm Dave Vellante and you're watching The Cube's continuous coverage this is day two. We live in an API economy, but APIs, you know, they're sometimes vulnerable. Michael Nikosia is here. He's the chief operating officer and co-founder of SALT Security, API security specialist. Michael, welcome to The Cube. Thanks for coming on. Thank you so much, Dave. Glad to be here. You're very welcome. Why did you and your co-founder, is it Roy? Yeah. Why did you guys start SALT Security? So really easy. I mean, as you mentioned, I mean, the proliferation of APIs constantly is growing on an year-to-year basis. So in 2015, when he and I met, we had this idea that it was going to continue to grow and APIs were going to be critical to every organization from an innovation perspective, from a safety perspective. And we thought that current tools out there couldn't protect against the new threat vector that we thought was going to happen. You fast forward to 2022 and here we are. It's the largest growing threat vector from an API perspective because APIs are just growing like crazy. Right. Well, let's talk about the news. CrowdStrike made an investment in your company. Congratulations. Thank you. Tell us about that, why it's important and to have a strategic partner like that. Yeah. So first of all, we're super thrilled about the partnership. I mean, it's amazing. And not only the partnership, the strategic investment for us just signifies the importance of our two companies in terms of what we want to do in the field together or in the market together. So the strategic investment is amazing. The partnership is even more amazing just because it's kind of like the first in its class from an API security perspective, we've got partners from the cloud providers and then the only other partnerships really have is with API management vendors. So this is unique in that it goes outside the security ecosystem to provide this partnership. And the nice thing about it is it's exclusive, excuse me, and it just continues to validate the leadership where we have an API security as well as obviously leadership that CrowdStrike has. Exclusive in the sense that CrowdStrike's not going to invest in another API competitor and you're not going to take investment from an endpoint. Exactly. An endpoint or really cloud work with security. Anything within that vastly expanding portfolio. Exactly. No, pretty much anybody, except network security. That's, from what I saw in the keynote yesterday, that's sort of on the table for now. So okay, so why should customers care about this? What's the benefit to them? Yeah, so if you think about the security profile of organizations and where they seem to have potential risk, threat vectors, endpoint, cloud, obviously API becomes a bigger threat vector as well. So I think the partnership just solidifies the fact that we want to create a better security profile for organizations and we want to make it safe for them to innovate and continue to do what they do. So I think that's the importance and when you put this together, it just creates a larger value proposition, more stickiness from endpoint to cloud to APIs. So we have a partner at theCUBE in New York City and it's called ETR and they do quarterly surveys of CISOs, CIOs, IT buyers, about 12 to 1,500 a quarter. And so I was chatting with those guys last week. They said they knew we were going to be a CrowdStrike and so they ran some data for all the API security vendors and you guys were, they had like the Gartner Magic Quadrant but it's not vision and execution. It's spending momentum and presence in their survey. It's like market share, mind share. You guys were up and to the right, like way, way, way ahead. I presume that's why you got the attention of CrowdStrike. I found their data set to be incredibly good. That's how we found CrowdStrike years ago. Like wow, who's this company? You know, companies like CrowdStrike, Octa, Zscaler, Snowflake, off the charts. When you guys were really noticeable, talk about the spending momentum you're seeing with customers, where's that coming from? Yeah, I mean, look, for us, it's a continuing growing market. It's accelerating and we're still in the early stages of the market, which is amazing. But if you think about what organizations do, they innovate, right? They innovate through software, through applications, through APIs. So if you think about, you know, how do they continue to innovate safely, they need a solution like, you know, salt security to protect, you know, from any bad actors that could potentially, you know, create any breaches, vulnerabilities. So I think that that's why CISOs in particular are super excited about talking to us, making sure that they have all of their bases covered, especially when it comes to applications that they have within their organization, which continues to grow. And not to be a methodology geek, but the methodology they use is to essentially say, is a customer spending more or less? They subtract the lesses from the mores and that's what you're left with. And one of the lesses is churn. And if you have high churn, your spending momentum, you know, in their methodology goes into the tank. So you have, it's obviously in the data, you have very low churn. Is that what you're seeing in the field? Why is that? Yeah, I mean, again, I think it's, it goes back to the value that we bring to customers. I think, you know, our solution works. We're the only, you know, AIML based solution with deep context so we can really take a closer granular look at the APIs, model those APIs, create a baseline and really protect against them. So, I mean, our solution works and it works really well. And I think we provide value in that, you know, CISOs don't have to worry about, you know, any bad actors trying to infiltrate their applications because they know that salt security is there protecting them. I know you're not the tech guy, but you're the founder, co-founder of a technology company. So you got to be conversant in the tech. This is the way it is in our business. So tell us about the tech. What's so cool about it? What's the differentiation? Yeah, I guess, and I mentioned it. It's really AIML based, you know, we leverage big data and it's really the context associated with that, which means that, you know, we can get into granular details of really baselining the API itself. And what we do really well is because these are unique attacks and these attacks could be days, weeks, months and we're the only vendor that can really correlate across that timeline because of the context based big data that we'd leverage to be able to, you know, spot these potential, you know, bad actors that we look for. And all this happens in the cloud or? Absolutely. It's all, You have a server in your office. No, it's all, it's a 100% SaaS based cloud based solution. I think that's one of the reasons why the partnership with CrowdStrike is so amazing as well. Talk a little bit more about the synergies between CrowdStrike and Solve Security. Tons of synergies. I mean, if you think about it from, you know, from the part of, you know, being a little fluffy culture, the two companies have similar cultures. We go after similar, you know, cloud, first cloud innovative companies. If you think about, you know, kind of the technology that CrowdStrike has put forth, revolutionized the endpoint security and now moving into the cloud, you know, leveraging AI and ML. We're doing the exact same thing. So I think there's a lot of synergies associated with that. And again, the final point that I'll make is that, you know, we think, you know, together, the better together story is resonates just because if you think about all of the, you know, areas that you, you know, have potential breaches, you know, these threats, you know, we kind of cover them all with the partnership. I am, when I talk to a founding, you know, co-founder who's a go-to-market pro, I like to ask them, how did you know when to scale? I mean, you got to have product-market fit. I see so many companies failing because they try to go to market before they have, you try to scale go-to-market before they have product-market, but how did you do it? How did you know when to scale? You know, it's tricky and you got to look at a couple of, you know, factors. You got to look at the market. You got to look at, you know, how much potential opportunity exists and you really need to look at, you know, the momentum that is being established. You know, when you look at, when you talk to CISOs, kind of, you know, talking to them about projects and how, you know, how they prioritize projects and where API security fits, you know, once it begins to be, you know, the top three, you know, and you start that momentum and obviously you're bringing in the revenue, I think that those are signs that we see, that we say, okay, we need to double down. I'll make it sure we've got coverage across, you know, the world in order for us to support demand. And you were the first sales rep, right? Yeah, yeah, Roy and I, I was the first AE, here's the first SE. Okay, so, but your early go-to-market pros are probably different than what you're bringing in today. You didn't have, you know, a lot of BDRs at the time, but you guys were hands-on consultants. Absolutely. Process consultants, sales folks, right? And then you codify that when you're ready to scale and now you're, is that kind of what you're doing? Absolutely, I mean, you nailed it. I mean, it's, in the early stages, it's validating that there's a problem that exists in the market and how important is that problem, you know, to CISOs. You know, so when we first started, we met probably about 50 CISOs where we just had that conversation. Not about sales, it was more about, hey, we just want to talk to you about a problem we think exists in the market. Love to get your reaction on that problem. And then, obviously, how you're solving that problem and how much of a priority is that problem? How important is it to you? And then once you have those discussions, then you can really find those individuals, early adopters, if you will, that are ready to buy and then it kind of proliferates from there. And then you have a CRO, I presume, right? So what was that like, finding him or her? It was a really important first sale hire. How did you go about that? How long did it take? Yeah, so it took about six to eight months and, you know, it's really tough because we look at cultural fit above everything else. So it's not that can they do the job, it's culturally do they fit in and how much can that individual scale the organization? So there's a lot of factors associated, there's a lot of individuals associated with the interview process. So that's how we looked at it. And obviously we wanted somebody that had experience, you know, in a company our size was able to scale it and so on. The one tricky thing is, and I'll tell you this, is, you know, for Roy and I, you kind of have to let go a little bit. That was really tough. So knowing that you need to do that is something that... A little bit of founderitis? Yeah. It's hard, right? It's hard. It's your baby. I get it. Michael, thanks so much for coming on theCUBE. Congratulations on the news, the investment and good luck. Awesome. Thank you so much. Appreciate it. You're really welcome. All right, keep it right there. We'll be back right after this short break. Dave Vellante for theCUBE at Falcon 22, CrowdStrike's big user event. We'll be right back.