Cybersecurity is difficult, even for the most well-funded and security conscious organizations. The amount of knowledge and skill required to be successful is immense. Even with deep pockets and expert personnel, the volume of work required is more than can be humanly accomplished. The bad guys are educated, well-funded and tireless in their efforts to breach vulnerable networks. There are hundreds of different security vendors vying for your attention and tremendous expense associated with securing enterprise networks. While these challenges are formidable, as vendors we must begin producing smarter, more affordable tools that can be easily deployed and maintained without excessive professional services. We need to foster better collaboration between the good guys and law enforcement to keep cyber criminals at bay. At WitFoo, we are committed to delivering the tools and data that can address these challenges and help advance our craft.
Built to Last
At WitFoo, we do things a little differently than most software companies. We are not funded by venture capitalists and our goals are not focused solely on growth. Our goals are aligned with our mission of “maturing the craft of cybersecurity operations”. We believe that remaining focused on this mission above everything else will result in growth, profitability and ultimately a sustainable business that delivers a positive impact on the world.
I would be lying if I told you we aren’t interested in making money, we are. But we have a passion and commitment to fix the things that are broken in cybersecurity first. As we resolve the things that are broken, success and the monetary gains that come from it will be realized.
As a company, we have been largely ignored by typical investors in cybersecurity, but we have been blessed with several smaller investors that believe in our team, our mission, and our sustainable approach to running a business. Sustainability by definition is not exhausting your resources (food, water, capital). With limited capital, WitFoo has had to operate in an austere fashion for the first four years of our existence. As a rule, we don’t allow expenses to exceed our capital on hand. We don’t believe your cost of sale should ever exceed the sale itself. In other words, spending $3.00 to make $2.00 just doesn’t make sense to us. Companies that operate in this fashion are not sustainable, but it is commonplace in cybersecurity.
One cause of this unsustainable behavior is the goal of early-stage investors wanting to make a quick exit by driving future rounds of investment. A company’s growth (in gross revenue) is the primary focus of this model and commonly misperceived as profitability. Later round investors are attracted based on the belief that quarter over quarter growth will eventually lead to profitability. However, growth and profitability are not the same. Many companies never achieve profitability and many investors have been burned by this prevalent mindset.
This “growth at all costs” mindset puts undue pressure on a company and forces many startups to lose focus on what they set out to accomplish in the first place. In my opinion, unsustainable business models are a major inhibitor to the maturity of our craft. Not giving in to growth pressures has allowed WitFoo to build a platform that will forever change how security operations is performed. It has allowed us to take the time to focus on R&D and to offer Precinct to the world at a price point that any organization can afford without having to sacrifice our ideology.
We did not build WitFoo with our sights set on an exit. We built our company to last with sustainability top of mind. To accomplish our mission and to make the world a safer place.
Borrowing a metaphor from our co-founder, Charles Herring, in his blog on The Rock & Roll of Startup Development, WitFoo is like a great rock band that earns it’s following and fan loyalty over time. Like the Grateful Dead before us, we make our software available to anyone that is passionate about cybersecurity. It was never about fame and fortune for the Dead, it was about doing what they were passionate about, making great music. They weren’t concerned about following a blueprint established by the music industry. They didn’t focus on album sales, getting their songs on mainstream radio, their image or making money…they just wanted to play. They encouraged fans to record their concerts and share them with anyone who cared to listen. Through this communal approach to distribution, the Dead amassed a fan base the likes of which had never been seen before and hasn’t been seen since (insert your Phish argument here). Their diverse catalogue has transcended generations and is covered to this day by everyone from elementary school choirs to Janes Addiction.
Death to Ticketmaster
Transparency is a hallmark of WitFoo. Pricing of WitFoo Precinct is public-facing and haggle-free. The price is the price regardless of supplier and there are no hidden fees. We employ a license model that is customer-centric and cost-contained. Our platform is free to trial and does not require providing contact details or subscribing to our mailing list. We have no desire to solicit you or discourage anyone from kicking the tires on Precinct. We want you to use our platform and share your experience with the cybersecurity community at large. If Precinct doesn’t meet your requirements or expectations, it’s okay. If our licensing doesn’t align with your business model or budget, that’s okay too. Not everyone likes the Grateful Dead either.
The Tapers Section
Sharing information is the WitFoo way. Through our global IOC feed, customers can anonymously submit indicators of compromise with the entire WitFoo Community. Customers that submit to the feed automatically benefit from the submissions of other WitFoo customers and can retrospectively search for IOCs in their network that may have bypassed their own defenses. The recent Solarwinds breach is a good example as our CTO explains in this recent blog post.
Allowing our customers to share information bolsters the security of the entire WitFoo Community safely and securely. It’s like the taper section at a Dead show. Dedicated fans would set up their gear to record each show and then share it with the global community of Deadheads. The band never discouraged this practice in the name of profit. Rather, they encouraged fans to record their shows and share their music as far and wide as it could reach. They didn’t succumb to the recording industry blueprint in which the band does all the work, the record label and promoters make all the money while the fans end up footing the bill. They focused on playing music and making it easily accessible to anyone and everyone which allowed their legend (and fortunes) to grow.
We transact all business through a growing community of certified WitFoo resell partners. We are 100% committed to our channel partners and do not sell direct. Our commitment to the channel allows us to achieve massive scale without incurring massive costs which ultimately get passed along to the customer. With WitFoo, there are no hidden fees (think Ticketmaster). Customers pay the prices listed on our website and our partners are compensated by generous margins achieved through the WitFoo partner program. We believe to have good partners; you must be a good partner and we have developed a no-nonsense program to achieve just that. Our software can only be purchased through authorized WitFoo resellers who are all supported by a global distribution agreement we have established with one of our earliest fans.
Victim or the Crime
One reason cybercrime is so rampant is because there is no real jeopardy for cyber criminals. With no repercussions, the problem will continue to worsen. More often than not, organizations are unwilling to report security breaches because of potential legal and public ramifications it might have on their business. When reporting a cybersecurity breach, the authorities will come into an organization and audit the entire business. I liken this to getting into a fender-bender at your local supermarket; after exchanging insurance information with the other driver and recounting your version of the accident, the police on the scene follow you home and rummage through everything in your house; your closets, dresser drawers, file cabinets, refrigerator, and everything else they can find. If this was how fender-benders were handled, you are more likely to settle with the other driver directly than to call the police or file a claim with your insurance company. Because of this, many cybercrimes are not reported, ransoms are paid, the bad guys win and move on to their next victims.
At WitFoo are committed to enabling organizations to safely collaborate with one another and law enforcement, to expose the bad guys and deliver the evidence that will put them behind bars. To do this effectively requires organizations to report crimes in a timely manner. Today, WitFoo customers can anonymously submit IOCs to law enforcement, delivering the necessary evidence to prosecute criminals without exposing their organization to undue risk. The authorities can also issue “all-points bulletins” to everyone based on IOC submissions from the WitFoo community.
There are numerous bands that have dedicated their craft to covering the Dead’s music and sharing it with young and old alike. As far as I know, the surviving members don’t collect royalties from these efforts and my genuine belief is that they simply don’t care, as long as their songs can fill the air. WitFoo is a Community of like-minded heroes fighting cyber criminals together. We share our knowledge and experience for the greater good, knowing that we’re not in this fight alone. We understand that as our community grows, our competition will pivot to offer similar solutions and adjust their license model(s) to stay relevant. They will start “playing our songs” and mimicking our chord progressions to gain fans. We expect this to occur and do not discourage it from happening (you can tape our shows). Imitation is the highest form of flattery and increased competition can only help us all mature the craft of cybersecurity.