In the digital age, perhaps one of the highest priority concerns for any company is cyber-security. With the amount of sensitive client information and crucial financial data being handled, a corporation being digitally breached is a true worst-case scenario. While many major companies are equipped with entire IT departments staffed with veritable armies of professionals trained to address potential threats on a round-the-clock basis, many smaller businesses can’t afford the same levels of protection. Alternatively, they rely on monitoring software installed on company devices to observe everything their employees are doing to ensure productivity and nip security threats in the bud.
Jason Meller’s user-focused SaaS company, Kolide, aims to change how these issues are addressed.
If there’s anything Meller understands intimately, it’s cyber-security. He’s so passionate about the subject that he penned a self-described manifesto on the subject.
Meller got his start in professionally addressing cyber threats as the chief security strategist at the prestigious FireEye Security. It was an exciting time to work in cyber defense, fending off threats from outside nation-states and highly sophisticated threat actors looking to breach national interests and steal important secrets. While Meller was doing important work at the time, not all was well within his industry. “I quickly realized that we had been dealing with almost the equivalent of the security 1%,” he said, “We’re working with these enormous budgets that can hire entire teams to staff their security operation centers. And there’s this other side of the coin where you have individual businesses, bootstrap business, [and] startups that also are suffering.”
An Honest Dichotomy in Security
Like many others who work in technology, Meller began in IT support, dealing with the public directly. He found that while working in IT, even in college while helping other students, others in the field didn’t share his views on how security should be handled. He said, “They had a very cynical outlook on what people can do with their devices. When organizations take this standard approach of locking down devices to meet either compliance or security requirements, they’re stifling the innovation, the creativity, and the productivity of their employees, that they supposedly trust.”
Meller has always felt that the people that he tends to work with, up to and including the time since founding Kolide, were bright, inquisitive, and genuinely wanted to know more about the devices they utilized every day. “I always felt like that was out of alignment,” he said, “why do we have to treat them with this sort of kid-glove philosophy?”
Around this time, he put his thoughts to paper and wrote the Honest Security piece and the so-called tenets of honest security, the treatise that would become the cultural framework that Kolide was built upon. He found that the article resonated well with those who read it, partly due to its promise of transparency in cyber-security matters and partly due to the high number of people now forced to work from home during the COVID pandemic. As he put it, “suddenly having this very oppressive surveillance apparatus as the primary way of doing security felt now intrusive.”
Kolide was his solution to this problem. The program is an extension that companies can add to Slack. It is accessible to all users on their network and useable on Windows, Mac, and even Linux-based machines. Kolide automatically scans an employee’s device to identify security threats and provides the employee with a simple explanation of why it’s an issue and step-by-step methods to rectify the problem.
This system of transparency and education has so far been met with incredibly positive feedback. Meller has found that companies that put culture first have quickly taken to the concept of user-driven security, which places a high emphasis on personal responsibility and the mutual trust they build with their employees. “I think that they always felt this cognitive dissonance implementing security programs that call into question a lot of those value systems,” he says.
With users encouraged to learn more about security and address simple problems on their own, it empowers them while simultaneously taking pressure off a company’s IT department. As Meller succinctly puts it, “They can just set the mission, and the employees do the majority of the work for them. And they’re learning at the same time. I think it’s a win-win.”
He also says that, from what he has observed, the cyber-security landscape is rapidly changing to one more focused on ethics. “I see just a big push towards trying to figure out the rules of engagement when it comes to now these types of devices that technically the company may not own like mobile phones. What are our rights there? I think there’s a lot of stuff to figure out,” he says, “I think it needs to be figured out at an industry level. I think eventually at a congressional level or policy level, you know, at least in the United States.”
In Meller’s view, the future of the cyber-security industry will be about balancing the needs of the security team against the freedoms and privacy of the end-user. “We don’t want to wait for that balance to be figured out for us as an industry…so we want to cut it off at the pass and make sure that we are bringing the end-users into the fold.”
Jason Meller’s Views on Funding and Scaling
Kolide officially launched in 2019. In September, they announced that they had raised 17 million in their series B financing round, for a total of 27 million raised to date. “I’m a very much a stickler as a CEO about really making sure that we clear the traditional gates before we raise the next round of funding… there’s definitely inflation happening with funding in general, but I didn’t want to raise too much money,” says Meller.
According to him, he and his team learned the hard way after their series A round of funding that “if you raise too much too quickly, and you don’t have product-market fit and a great valuation, you can set yourself up for trouble down the road if you don’t have the fundamentals that you thought you did.”
Meller says the most important milestone to him was a good product-market fit, saying that “we wanted to feel by the time we decided to raise that it was clear that we had really found something.”
In terms of scaling, Meller advises a steady, prudent pace. While he and his team initially believed they had a runaway idea, he says that “It turns out that actually, it was going to produce a more middling outcome. And so, in some ways, what saved us was our ability to scale the business down initially. So I think a lot of founders are worried that they’re going to roll the dice and they’re going to hit it so on the nose that they are going to leave growth on the floor because they weren’t prepared to scale up.”
Check out Kolide to learn more.