Agari’s founder and CEO are on a mission to keep cybersecurity out of the headlines
When he started Agari, “there were more cybersecurity companies out there than you could shake a stick at,” says Executive Chairman and Founder Patrick Peterson. The only problem? None of them had a solution that actually worked. But Agari’s data-driven approach did work — and important customers came calling. A few years and multiple products later, Patrick tapped Ravi Khatod to take over as CEO and run the company at scale, while Patrick focuses on working with a world class product and engineering team to build the next big thing. For this story, they talked about what it means to lead “a startup for grown-ups,” and explained their vision for a future where no one even has to think about email safety.
Let’s start with Agari’s genesis story. Why did you start the company?
Pat: You can’t turn on the television or pick up a newspaper without seeing the importance of cybersecurity — a breach recently shut down the U.K. health system and James Comey is talking about how Russia may have used email to interfere in the election. Allowing everyone to safely do business online — whether you’re an election official, a bank, or my mom — was my goal when I founded Agari in 2009. The cybersecurity companies at the time were all doing the same things; they’d look for patterns in bad emails and find a way to stop them, and then the bad guys would immediately find a new approach. Attackers are incredibly successful with social engineering, and no one had come up with a way to address that effectively.
Agari is different because we look at legitimate emails and focus on identity. “This email claims to be from my bank, or my CEO, but is it really?” We had a smaller team than those big security vendors when we started, but we set ourselves apart because, unlike their approach, ours worked.
Ravi: Right; Agari is exciting to me because we’re solving a problem where the security market hadn’t previously done a good job. We’ve hardened servers, data centers, and user devices — but you can’t harden human beings. Attackers know that a company’s greatest security weakness is usually its people.
The work we’re doing is also increasingly important as communications become more digital. It’s critical that a company protect its channels of communication with its employees, business partners, and customers; one security breach will erode their trust in you and all the value you’ve created with that relationship. So security has to be a given.
What were Agari’s early years like?
Pat: Our first client was JPMorgan Chase, which was a little surreal, given that we were six people working out of my living room. Like a lot of companies at the time, their customers were getting emails from hackers telling them to reset their passwords. Nothing existed to solve it, so we spent the better part of a year developing a solution for them, and eventually they said, “We’re going with you. You’re our vendor.” That was the beginning, and they were the first in a long line of Fortune 500 companies who have since chosen us. I think that first project is a good example of one of the things that sets Agari apart; we’re comfortable saying, “This is a really hard problem,” and hunkering down for six months to a year or even more to come up with a solution that will work on day one.
What types of companies do you work with most?
Pat: We have clients of all sizes, in several different verticals. Financial services is huge for us. We’re also seeing major increases in cybersecurity investment across all areas of healthcare — pharmaceutical, medical devices, hospitals, insurers. The U.S. government, as well; the 2020 census is going to be all digital, and that’s something they need to be able to secure.
“Agari is exciting to me because we’re solving a problem where the security market hadn’t previously done a good job.” — Ravi
Ravi: But we’re not only serving the biggest organizations. Take Farm Bureau Bank, for example. They’re smaller, but they face the same threats and have the same need to keep their customers and employees safe. Their chief security officer told us he’s been particularly happy with two things — first, that we actually solved their problem, and second, that we did it without them needing to hire more people.
Let’s talk a bit about how Ravi entered the picture. What did the CEO search look like?
Pat: Near the end of 2015, we were on the verge of releasing a major new product and were seeing a tremendous amount of market traction. I knew bringing an additional product to market would add a lot of complexity to our business, and it was clear that we’d be growing quickly, as well. So I wanted to bring in someone who had experience running a company at scale. The search itself was easy; Ravi and I had worked together before, so I knew and trusted him.
Ravi: I’ve known Patrick for years, and that existing relationship was part of the reason Agari interested me. I also enjoy the startup environment, and I liked that Agari helps its clients solve such a difficult and important problem. It takes devoted, committed, passionate, smart people to tackle this; people who may not know for sure whether they can solve the problem, but who know they want to try. I also spoke with a lot of Agari clients who told me how important the company had been to their business, and how much they wanted to see it succeed. That impressed me. We’re not just about driving revenue; we’re helping companies transform and still maintain trust and good communication with their employees, partners, and customers. When I looked at all of those positives, my decision was easy too.
Ravi, what did you focus on first when you joined Agari?
Ravi: My number one goal was to understand the strengths and weaknesses of our executive team. I was very fortunate to find that we have a fantastic team, especially on the technology side. The challenges Agari has faced are a normal part of growth. I think a lot of startups reach a point where the founder realizes the finance, investor relations, and scaling work is taking time away from what they’re most passionate about, which is solving problems and serving clients. That’s the right time to bring in someone like me.
“We’re not just about driving revenue; we’re helping companies transform and maintain trust with their employees, partners, and customers.” — Ravi
One thing I did see was that we were starting to outgrow some of our capacity, so we brought in people who already had experience with the next milestones. When I hire new leaders, I look for how they coach, manage, and lead their teams, not just the positions they’ve held. What the people who reported to them say about them — that tells me much more than someone’s title.
Pat, what are you focused on now that Ravi is CEO?
Pat: I’ve been working on some big, disruptive ideas with our chief scientist, Dr. Markus Jakobsson. The people at Agari have a lot of ideas; a lot of fuel for innovation. We might gather feedback from clients on 10 or 12 concepts, and then start working on the two that stand out most.
Ravi: What Patrick and Markus are doing right now is really a startup within a startup. They’re developing solutions that address problems our clients already have and want us to solve, so clients are telling us, “If you build it, we will come.”
Pat: We have an important ecosystem of not just clients but also partners, other security vendors, ISPs, and some of the big mailbox providers including Google, Microsoft, and Yahoo — that all help us find ways to improve our integration with them. It’s a win-win for Agari and the industry.
Besides your approach to cybersecurity, what makes Agari different from other startups?
Pat: We like to say we’re a startup for grown-ups. We still have the increased opportunities, risks, and unknowns that you get with a startup, but we remember that the journey is just beginning, whether you’re signing your first big client or your thousandth. As excited as we are about what we do, we know staying somewhat serious and circumspect will help us build an enduring company. There’s no Pollyanna-ish notion that we can just burn ourselves out to release a product and suddenly everything will be great. No one here is interested in living at the office 100 hours a week in non-stop crisis mode.
“We like to say we’re a startup for grown-ups.” — Pat
Ravi: One of our data science engineers actually coined that phrase, “startup for grown-ups.” He’s at the point where he’s got a family but still wants to be part of the startup culture; he needed a place with that blend of urgency and patience.
I think Agari also strikes a nice balance between being clear on our responsibilities and having some flexibility around the projects people get to pursue. We often encourage team members to move onto a new project if we think they have something to contribute. And we’re at a size where that’s encouraged no matter where you’re at in your career; whether you have a lot of experience or you’re an intern, you’re going to get to work on something interesting and new.
What behaviors do you feel it’s important to model as leaders?
Ravi: Empowerment is big for me. I’m always happy to discuss a project with my executives, but I want them to make the final decision. I also want them to have that same trust in the people they hire. We should be guides, not micromanagers. Once we make sure everyone is aligned on the goals and resources of a project and trust them to build a plan, they’re empowered to take ownership.
Another value I want to model is transparent communication; I may even be guilty of over-communicating. I always try to find time at the end of the week or during our regular all-hands meetings to update everyone on what’s happening in the business and within our teams. It’s important to me that we zoom out and make sure we all have the same objective; then, if we have different opinions about the best way to get there, we can have that conversation constructively and with respect.
“We’re at a size where no matter where you’re at in your career, you’re going to get to work on something interesting and new.” — Ravi
Pat: We also give each other the benefit of the doubt. If something’s not going well, we assume our colleagues are doing their absolute best with the resources they have. We’ve found just talking face-to-face and saying, “This is my observation. What am I missing? Can you help me understand?” can be a powerful way to diffuse a situation. You might realize, “Wow, you’re working on three other things I didn’t know about,” or they might say, “You’re right, I am running behind.” Sometimes it’s more personal, like, “My mom’s been really sick, and I’ve been distracted,” and you might have an opportunity to help sort things out or take something off their plate.
What’s most exciting to you about where Agari’s headed?
Ravi: This is an exciting time because of the journey we’re on with our clients. We’re working toward a future where you don’t have to think twice when PayPal asks you to reset your password, or second guess whether an email from your CEO is actually from them.
Our technology and our journey is different from anyone in the industry, so we have that unfair advantage that every salesperson is looking for. And it’s equally exciting from the engineering perspective, because our clients are giving us new, highly interesting challenges to solve every quarter. We also have some big, long-term goals around helping them turn the tables on the bad guys and play offense.
Pat: We are working toward a future where cybersecurity isn’t making the news on a regular basis, and people aren’t really talking about it. One way we’re doing that is by going more on the offense. Right now, the bad guys can attack from anywhere in the world, and they know it’s relatively unlikely someone will come after them. The difficulties in prosecuting cybercrime are immense. Agari is already very good at making it more difficult for attackers to succeed in the first place; now we’re working toward a world in which they leave a much larger digital footprint, which helps law enforcement and the cybersecurity community alike. The more expensive and difficult we make it for attackers, the more we start to turn the tide.