5 Things You Need To Know To Create a Successful App or SaaS, With Todd Feinman of Spirion

Mitch Russo
Authority Magazine
Published in
12 min readFeb 24, 2020


Sustainability: Remember that running a business is a massive commitment, and building one from scratch requires a great deal of dedication, time, energy, and money. Walk-in with your eyes wide open and make sure you have the stamina and budget to build a successful and sustainable business that will last for many years. Don’t solely focus on the immediate future, instead look long-term and leverage people, market needs, innovation, and technology to get you there.

As part of my series about the “5 Things, You Need To Know To Create a Successful App or SAAS”, I had the pleasure of interviewing Todd Feinman.

Todd Feinman is an entrepreneur and globally recognized innovative thought leader. He has over 20 years of experience in driving revenue growth and scaling businesses making him uniquely positioned to run high tech businesses. He is an internationally recognized security expert, entrepreneur, author, and speaker. Feinman is the co-founder of Spirion, a leading provider of data discovery and classification platforms to help businesses avoid data breaches. He spent 11 years as the company’s Chief Executive Officer, growing the customer base to over 1,000 enterprises and winning multiple industry awards. Feinman led the company’s recent acquisition by The Riverside Company and currently sits on its board, where he provides product vision and strategic direction. He has been quoted or featured in many major publications, media outlets, and television programs, including CNN, CBS, FOX, NBC, ABC, Wall Street Journal, Bloomberg, Associated Press, and many others. He also authored Microsoft’s own globally published book on Windows security and several textbooks. Before Spirion, he led the growth of PricewaterhouseCooper’s information security consulting practice, worked as a Product Manager for Microsoft in their enterprise server group, and was the Chief Information Officer of an energy retailer in New York City. Feinman holds a Master in Business Administration from Harvard Business School.

Thank you so much for joining us! Our readers would love to “get to know you” a bit better. Can you tell us a bit about your ‘backstory’ and how you got started?

Before founding Spirion, David Goldman, Spirion’s co-founder, and I were actively working in the consulting industry helping Fortune 500 companies integrate the most critically acclaimed security software solutions. We were working with the biggest software providers in the world but quickly became frustrated. These vendors were not solving real problems or adding enough value to justify customer expenses. The problem was that these solutions did not address the data breach problem at the source. We learned that it wasn’t a matter of if, but a question of when a breach would occur. When that breach happens, a solution that identifies and protects data, where it is stored, is the best defense against data theft. So we left our consulting work and set out to build a better mousetrap. While every other software vendor was discovering and blocking at the perimeter, we became hyper-focused on the root cause of data breach. Our mission was and still is to more accurately discover data in every storage location possible, whether that be desktops, USB drives, databases, or the cloud.

What was the “Aha Moment” that led you to think of the idea for your current company? Can you share that story with us?

The first-hand experiences from our consulting days demonstrated a genuine need for a more robust solution that identified the root cause of data security problems. Once we ventured into developing a superior solution, many things drove us to increase our goals. One specific situation from our early days stands out. A large military defense contractor tested our solution against some of the biggest competitors in the market. They were astounded to see that our solution identified numerous copies of highly sensitive data that the competitors missed. Not only that, but our solution reduced the incorrect false-positive results. Fewer false positives made combing through the data exponentially more productive, allowing the customer to focus on real problems.

The success continued with a proud moment a couple of years later. We had significant momentum in the higher education vertical, and, at the time, Cornell University had a competing open-source discovery tool called Spider. It felt like quite the feather in our caps when we won the Cornell account.

Can you tell us a story about the hard times that you faced when you first started your journey? Did you ever consider giving up? Where did you get the drive to continue even though things were so hard?

Starting a business is challenging; otherwise, everyone would be doing it. Throughout our journey, we have encountered product delays, employee issues, and financial obstacles.

The technology industry moves quickly, and our customers have high expectations for innovative solutions that protect them. Years ago, we were developing a unique feature that would streamline the privacy protection experience. Our backend required an upgrade to support the extensive data sets of large customers. The upgrade proved to be a significant undertaking because we had an established product and technology stack. We had to both migrate existing customers to the updated version and get the product out the door to support new, enterprise customers.

We never considered giving up, but the journey did require a lot more teamwork and collaboration. Every team member dedicated several months of night and weekend hours to the project, but the key for us was ensuring everyone’s contributions were recognized. We led by example, burning the midnight oil with them.

Our drive to continue came from seeing organizations that were not our customers get breached. If we made them aware that our product was available, we knew that we could help.

The most notable data breaches, such as Target, Home Depot, Sony, and Equifax, were avoidable. While we recognize that they might have experienced a data hack, we know that we could have better protected the private information of countless victims. What keeps us awake at night is knowing that because these household-name organizations, where we all shop, did not have the right tools in place, innocent people are now subject to a lifetime of identity theft risk.

So, how are things going today? How did your grit and resilience lead to your eventual success?

Not only is Spirion breaking every one of our records, but the team is also developing several new solutions that complement our initial offering and solve today’s more significant data privacy management problems. I think the “no fail” attitude helped keep us on track, but seeing customers implement our solution successfully and solve real business problems was immensely motivating.

Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lessons or ‘take aways’ you learned from that?

In the beginning, we were far more expense management focused (i.e., cheap) than we needed to be. It is funny to look back on our first trade show where my co-founder and I were hauling 50-pound boxes of t-shirts up San Francisco hills because we couldn’t spend $1,000 on shipping and labor. Why were we hauling boxes when we could be coding? Tradeshows require you to use their labor, and it’s expensive, but today we know it’s just part of doing business. Saving money is not always a means to an end, and we had to be less parsimonious to increase productivity and happiness.

What do you think makes your company stand out? Can you share a story?

We have an undying passion for helping the world protect what matters most — personal data privacy. Many companies provide tools that guard the perimeter or add more shields and security, yet claim they are a complete and comprehensive solution to every cybersecurity related threat. We are upfront and honest about what we do and what we don’t do. A software solution is not going to offer everything to everyone. We find that honesty helps us focus on our core competencies and sell our solution to customers we can genuinely help. If you want a shield, that’s not us, but if you want to make sure that your employees aren’t unnecessarily accessing confidential data, then Spirion will help you mitigate incorrect or inappropriate employee behavior.

Which tips would you recommend to your colleagues in your industry to help them to thrive and not “burn out”?

The fundamental key to avoid burnout is discovering your passion, and then the trick is to balance priorities. Sometimes that means recharging your batteries outside the office, and other times it means delegating so that you have time for yourself, your family, and friends. We always had a passion for privacy, so the long hours were tolerable. If you love what you do and are proud of it, then you won’t burn out as quickly. If you are doing it to make money, you might eventually lose what initially motivated you.

None of us can achieve success without some help along the way. Is there a particular person who you are grateful towards who helped get you to where you are? Can you share a story?

In the early days, we were fortunate to have a person who not only was a trusted advisor but also highly qualified and very smart. My father, Steven Feinman, was that person.

You need reliable people to listen, provide sound advice, and mentor you to a solution. My father was all of those things. His advice was sincere and sensible, and we could call him at any hour, which is essential when starting a company. Whether it was about corporate strategy, business ethics, financials, people, processes, or technology, my father was always there. Most importantly, my father “taught us to fish.” There is a familiar anecdote, if you give a man a fish, you feed him for a day, but if you teach a man to fish, you feed him for a lifetime. I am very thankful that my father never let us take the easy way out by giving us the answers directly; instead, he guided us to find the right answers ourselves. This mentorship paid dividends later as we needed to solve more difficult problems far more rapidly. And, sometimes, he rolled up his sleeves to help, which cost us nothing — also critical in a startup where expensive subject matter experts and consultants are not in the budget. Free lunches all the time helped, too. The list goes on. My father set us up for success as we grew and faced more challenging issues. I am very grateful for everything my father helped Spirion accomplish. Today, we employ over 100 people because my father was there to assist us in building our great company.

Ok, thank you for all that. Now let’s shift to the main focus of this interview. Approximately how many users or subscribers does your app or software currently have? Can you share with our readers three of the main steps you’ve taken to build such a large community?

Spirion protects the identity of over 50 million people that work for or are customers of banks, retailers, universities, government agencies, and healthcare companies. While that might sound like a large number for a software company that is not in the Fortune 500, our aspirations have always been to protect billions. I know we will get there, and until we are actively protecting what matters most for everyone, we have another day of work ahead of us.

Building our customer base required:

  1. Hiring amazing talent
  2. Creating a robust vertical focus and go to market strategy
  3. The relentless ongoing pursuit of being the most accurate data privacy management solution on the planet

What is your monetization model? How do you monetize your community of users? Have you considered other monetization options? Why did you not use those?

We are a subscription software company and charge our customers annually. Spirion continuously assesses market needs and preferences, and we will adjust the business model to meet the demands of the market as appropriate.

While we considered a perpetual plus maintenance licensing model, Spirion customers enjoy and prefer not to have a large capital expenditure when purchasing our solution. They like that they can operationalize the expense. Spirion is quite sticky, and Spirion’s Data Privacy Management Framework works, making renewals easier. Customers discover, classify, understand, and control their sensitive data, ultimately enabling them to comply with the overwhelming number of data privacy and protection laws and regulations. Data is continuously created, modified, and moved, so it’s essential to continue using Spirion every day, persistently. As most companies add more data instead of reducing it, the ongoing protection makes our product very compelling.

Based on your experience and success, what are the five most important things one should know to create a very successful app or a SAAS? Please share a story or an example for each.

With over a decade of firsthand experience, I have espoused numerous tips and best practices. Refining these down was not easy, but my top five tips for launching and building a flourishing software business include building a team of creative and inspiring people, identifying a real market need that you can address with a must-have solution, exceeding customer needs with bleeding-edge technology, responsibly leveraging business technology and a commitment to long-term sustainability.

  1. People: Whether it is software, SAAS, or pottery, people are your most valuable asset. You cannot start a business without creative thinkers who can work as a team, challenge each other, and inspire the company to be the best.
  2. Market: Find a market need that you can address better than anyone else, or at least in a unique way. For us, it is eliminating privacy breaches without laborious and error prone methods. For you, the differentiator might be a faster app, more secure solution, more extensive storage, lower price, better customer service, ease of use, or simply far better technology.
  3. Customer Service: Customers expect frequent updates and want responsive, genuine customer support when things don’t work. An app or SAAS offering will help create a long-term, trusting relationship between the vendor and customer that removes the transactional style of sales. Frequent updates provide the opportunity for ongoing, regular communication. You can learn about your customer’s intricacies and long-term goals, become their trusted advisor and demonstrate that you are nimble and always on the bleeding edge of technology.
  4. Technology: Whether for communication or development and testing, the right technology will automate manually intensive processes and provide analytical data insights for intelligent decision-making. Leverage technology that makes sense for your business model and keeps you working efficiently. Most importantly, ensure that you integrate technologies thoughtfully and responsibly. We are in the data security business and have seen too many companies take shortcuts to speed things up. The long-term ramifications of shortcuts can be disastrous legal and financial issues.
  5. Sustainability: Remember that running a business is a massive commitment, and building one from scratch requires a great deal of dedication, time, energy, and money. Walk-in with your eyes wide open and make sure you have the stamina and budget to build a successful and sustainable business that will last for many years. Don’t solely focus on the immediate future, instead look long-term and leverage people, market needs, innovation, and technology to get you there.

You are a person of great influence. If you could start a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

I will speak to this in the context of Spirion. We need a movement that holds enterprises accountable for data breaches that expose customers’ sensitive data. People read the headlines and see Company ABC had a data breach, and sensitive data was leaked or exposed. That is horrible for Company ABC, but they are not the ultimate victim! The real victims are their employees or customers whose personally identifiable information was stolen or posted online and are now subject to the risk of identity theft for the rest of their lives. A social security number never expires. We must hold companies accountable to know with certainty where sensitive data is stored and to classify, understand, and control (i.e., protect) it appropriately. Compliance regulations like GDPR and CCPA are an excellent start, but there is a significant amount of work to be done across states and at the federal level within the U.S. As businesses become more accountable they will start carefully handling personal data, taking the proper steps from a people, process, and technology perspective to safeguard it. It begins with the critical first step of knowing where the data exists. Most companies cannot even answer that question.

How can our readers follow you on social media?

@spirion on twitter

@toddfeinman on twitter

This was very inspiring. Thank you so much for joining us!

About the author:

Mitch Russo started a software company in his garage, sold it for 8 figures and then went on to work directly with Tony Robbins and Chet Holmes to build a $25M business together. Mitch wrote a book called “The Invisible Organization — How Ingenious CEOs are Creating Thriving, Virtual Companies” and now his 2nd book called Power Tribes — “How Certification Can Explode Your Business.” Mitch helps SaaS company founders scale their own companies using their proprietary system. You can reach Mitch Directly via mitch@mitchrusso.com



Mitch Russo
Authority Magazine

Author of The Invisible Organization — How Ingenious CEOs are Creating Thriving, Virtual Companies & Power Tribes — How Certification Can Explode Your Business