(upbeat music) (logo crystals tingle) >> Hi, everybody, welcome back to FalCon22, I'm Dave Vellante and you're watching theCube's continuous coverage, this is day two. We live in an API economy, but APIs, you know, they're sometimes vulnerable, Michael Nicosia is here, he's the Chief Operating Officer and co-founder of Salt Security, API Security Specialist, Michael, welcome to theCUBE, thanks for coming on. >> Thank you so much, Dave, glad to be here. >> You're very welcome. Why did you and your co-founder, is it Roy? >> Yeah. >> Why did you guys start Salt Security? >> So really easy, I mean, as you mentioned, the proliferation of APIs constantly is growing on a year to year basis. So in 2015, when he and I met, we had this idea that it was going to continue to grow and APIs were going to be critical to every organization from an innovation perspective, from a safety perspective and we thought that current tools out there couldn't protect against the new threat vector that we thought was going to happen. And, you know, you fast forward to 2022 and here we are, it's the largest growing threat vector from an API perspective because APIs are just growing like crazy. >> Right. Well, let's talk about the news, CrowdStrike made an investment in your company. >> Michael: Yes. >> Congratulations. >> Michael: Thank you. >> Tell us about that, why it's important, and to have a strategic partner like that. >> Yeah, so first of all, we're super thrilled about the partnership, I mean, it's amazing. And not only the partnership, the strategic investment for us just signifies the importance of our two companies in terms of what we want to do in the field together or in the market together. So the strategic investment is amazing, the partnership is even more amazing just because it's kind of like, you know, the first in its class from an API security perspective, we've got partners from the cloud providers and then the only other partnerships really have is with API Management vendors. So this is unique in that it goes outside the security ecosystem to provide this partnership and the nice thing about it is it's exclusive, excuse me, and it just continues to validate the leadership where we have an API security, as well as obviously a leadership that CrowdStrike has. >> Exclusive in the sense that CrowdStrike's not going to invest in another API competitor and you're not going to take investment from an endpoint- >> Michael: Exactly. >> Or something like that. >> Endpoint or, you know, really cloud workload situation. >> Anything within that vastly expanding portfolio. >> Michael: Exactly. >> So pretty much anybody. >> Michael: Exactly. >> Except network security, from what I saw in the keynote yesterday, that's sort of on the table, for now. So, okay, so why should customers care about this? What's the benefit to them? >> Yeah, so if you think about, the security profile of organizations and where they seem to have potential risk, threat vectors, you know, endpoint, you know, Cloud obviously API becomes a bigger, threat vector as well. So I think the partnership just solidifies the fact that we want to create a better security profile for organizations and we want to make it safe for them to innovate and continue to do what they do. So I think that's the importance and when you put the two together it just creates a larger value proposition, more stickiness from end point to cloud, to APIs. >> So we have a partner, theCUBE, and in New York city and it's called ETR and they do quarterly surveys of CISOs, CIOs, IT buyers, about 12 to 1500 a quarter. And so I was chatting with those guys last week, they knew we were going to be at CrowdStrike and so they ran some data for all the API security vendors and you guys were, you know they had like the Gartner Magic Quadrant but it's not, you know, vision and execution, it's spending momentum and like presence in their survey, it's like market share, mind share. >> Sure. >> You guys were up and to the right, like, way, way, way ahead, I presume that's why you got the attention of CrowdStrike. I found their data set to be incredibly good, that's how we found CrowdStrike years ago, like, "Wow, who's this company?" >> Yeah. >> You know, companies like CrowdStrike, Okta, Zscaler, Snowflake Off The Charts, but you guys were really noticeable. Talk about the spending momentum you're seeing with customers, where's that coming from? >> Yeah, I mean look, for us it's a continuing growing market, it's accelerating and we're still in the, you know, early stages of the market, which is amazing. But if you think about what organizations do, they innovate, right, they innovate through, you know, software, through applications or APIs. So if you think about, you know, how do they continue to innovate safely? They need a solution, like Salt Security to protect from any bad actors that could potentially create any breaches, vulnerabilities. So I think that that's why CISOs in particular are super excited about talking to us, making sure that they have all of their bases covered especially when it comes to applications that they have within their organization, which continues to grow. >> And not to not to be a methodology geek, but the methodology they use is to essentially say, is a customer spending more or less, they subtract the lesses from the mores and that's what you're left with. And one of the lesses is churn, and if you have high churn, you're spending momentum, >> you know- >> Micheal: Yeah. >> In their methodology goes into the tank. So you have obviously admitted you have very low churn is that what you're saying in the field? >> Micheal: Absolutely. >> Why is that? >> Yeah, I mean, again, I think it's, it goes back to the value that we bring to customers. I think, you know, our solution works, we're the only AI/ML-based solution with deep context so we can really take a closer granular look at the APIs, model those APIs, create a baseline and really protect against them. So I mean, our solution works and it works really well and I think we provide value in that, you know, CISOs don't have to worry about any bad actors trying to infiltrate their applications 'cause they know that Salt Security is there protecting them. >> I know you're not the tech guy but you're the founder, co-founder of a technology company so you got to be conversant in the tech, 'cause this is the way it is in our business, so tell us about the tech, what's so cool about it? What's the differentiation? >> Yeah, I guess, and I mentioned that it's really AI/ML based, you know, we leverage big data and it's really the context associated to that, which means that, you know, we can get into granular details of really baselining the API itself. And what we do really well is, because these are unique attacks and these attacks could be days, weeks, months and we're the only vendor that, that can really correlate across that timeline because of the context-based big data that we leverage to be able to, you know, spot these potential bad actors that we look for. >> And all this happens in the cloud or? >> Absolutely, it's all... >> You have a server in your office? >> No, no, it's all it's a hundred percent SaaS-based, Cloud-based solution, I think that's one of the reasons why the partnership with CrowdStrike is so amazing as well. >> Talk a little bit more about the synergies between CrowdStrike and Salt Security. >> Tons of synergies, I mean, if you think about from, you know, from the part of being a little fluffy culture, the two companies have similar cultures, we go after similar you know, first Cloud, innovative companies. If you think about kind of the technology that CrowdStrike has put forth, revolutionized the endpoint security, and now moving into the Cloud, you know, leveraging AI and ML, we're doing the exact same thing so I think there's a lot of synergies associated with that. And again, the final point that I'll make is that you know, we think together the, you know, better together story is, resonates just because if you think about all of the areas that you know have potential breaches, these threats, we kind of cover 'em all with the partnership. >> When I talk to a founding, you know, co-founder, who's a go to market pro, I like to ask them how did you know when to scale? I mean, you got to have product market fit, I see so many companies failing because they try to go to market before they have, they try to scale go to market before they have product market, but how did you do it? How did you know when to scale? >> You know, it's tricky, and you got to look at a couple of, you know, factors, you got to look at the market, you got to look at, you know, how much potential opportunity exists and you really need to look at, the momentum that is being established. You know, when you talk to CISOs, kind of, you know, talking to them about projects and how, how they prioritize projects and where API security fits, you know, once it begins to be the top three and you start that momentum and obviously you bringing in the revenue. I think that those are signs that we see, that we say, "Okay, we need to double down on making sure we've got coverage across the world in order for us to support demand." >> And you were the first sales rep, right? >> Michael: Yeah. >> Okay. >> Roy and I, I was the first AE, here was the first SE. >> Okay, but your early go-to market pros are probably different than what you're bringing in today, you didn't have, you know, a lot of BDRs at the time, but you guys were hands on consultants- >> Absolutely. >> Like sort of process consultants, sales folks, right? And then you codify that when you're ready to scale and now you're, is that kind of a, what you're doing? >> Absolutely, I mean, you nailed it, I mean, it's in the early stages, it's validating that there's a problem that exists in the market and how important is that problem, you know, to CISOs. So when we first started we met probably about 50 CISOs where we just had that conversation, not about sales, it was more about, "Hey we just want to talk to you about a problem we think exists in the market, love to get your reaction on that problem and then obviously how you're solving that problem and how much of a priority is that problem," How important is it to you? And then once you have those discussions then you can really find those individuals, early adopters if you will, that are ready to buy and then it kind of proliferates from there. >> And then you have a CRO , I presume, right? So what was that like finding him or her, is a really important first sales hire. >> Super important, yeah. >> How did you go about that? How long did it take? >> Yeah so it took about six to eight months and you know it's really tough because, you know, we look at cultural fit, above everything else. So it's not, that, "Can they do the job?" it's culturally, do they fit in? And you know, how much can that individual scale the organization? So there's a lot of factors associated, there's a lot of individuals associated to, you know with the interview process. So that's how we looked at it and obviously we wanted somebody that had experience in a company our size, was able to scale it and so on. The one tricky thing is, and I'll tell you this, is, you know, for Roy and I, you kind of have to let go a little bit, that was really tough, so knowing that you need to do that is something that- >> A little bit of founderitis? >> Micheal: Yeah. >> Dave: It's hard, right? >> Micheal: It's hard. >> Dave: Yeah, it's your baby. >> It's like, whaat? >> I get it, Michael, thanks so much for coming to theCUBE, congratulations on the news- >> Thank you Dave. >> The investment and good luck. >> Awesome, thank you so much, appreciate it. >> You're really welcome. All right, keep it right there, we'll be back right after this short break. Dave Vellante for theCUBE at FalCon22, CrowdStrike's big user event, we'll be right back. (cheerful bouncy music)