

In this edition of SaaS Talk, Golub Capital Managing Director Peter Fair speaks with Marcin Kleczynski, Founder and CEO of Malwarebytes, who shares his insights on growing a one-person business into a global leader in cybersecurity and discusses the cruciality of staying ahead of cybercriminals.
It helped a lot that most meetings in the early days of Malwarebytes were virtual. We were a remote company through almost 100 Malwarenauts and so my age was less of a factor. When it came time to meet investors and customers, we were already a well-established brand with outstanding growth and profitability as well as products. I also had a lot of mentors as I grew the business. Some people describe me as a sponge, and I used every opportunity to learn.
When I started Malwarebytes, I didn’t create this business to require funding. I had a vision for a company that was self-funding, and we’ve been very fortunate to be able to build on that vision from the beginning.
Creating a sustainable business model from day one isn’t easy, but it gives you greater control over your entrepreneurial vision. Not being beholden to VCs also provides tremendous optionality and flexibility on best avenues of growth to pursue at every juncture.
Young entrepreneurs should make sure they have a clear path to sustainability and profitability as they think about raising capital. Particularly with an uncertain economy ahead, we can expect that companies will need a clear path to profitability in order to keep investors satisfied.
We differentiate ourselves through continual technology improvements and exceptional service. Our remediation and ransomware rollback features were the first to be developed and are above and beyond anything that the competition offers. We have some of the best researchers around, and they are constantly uncovering—and protecting us from—new threats on a daily basis. Our ability to detect zero-day, and even zero-hour, threats is key in protecting our customers from the very latest threats. We also give a damn.
Malwarebytes has taken a more unique approach to solving this problem than the rest of the industry. A few important tenets: First, we believe in layers of defense, so we have many layers of detection and protection and believe those provide the most robust security; second, we have invested tremendously in behavioral detection and utilized machine learning, well before it was a conversation topic.
We try to think like the cybercriminals and “skate to where the puck is going to be.” Many other security companies just react to the threats and get caught with their pants down.
It is hard to play in both spaces successfully, particularly with limited resources. I would advise any company looking to be in both spaces to make sure you deeply understand why you want to pursue both consumers and businesses. In our case, we saw tremendous traction in the B2C space, and those consumers started taking our software to their work. This helped us naturally enter the B2B space with consumer advocates bringing us into their work environments. As this trend started to take hold, we realized there is a real gap in the B2B space. And we also saw the synergies and benefits for Malwarebytes to be in both spaces. Our telemetry, or cybersecurity intelligence, benefits from the vast deployments across B2C and B2B, and we are able to leverage much of our endpoint technology stack, making it more feasible to rapidly create solutions for both spaces.
One of the biggest challenges can be learning to delegate and trust your team. It took some time for me to be able to establish trust and to hand off decision-making. Once you pass this hurdle, growth is a lot easier.
You need different types of leaders and processes at each stage of a growing company. It’s really hard, as you almost have to keep reinventing yourself as a leader and as a company at different phases of growth. Hiring the appropriate leaders is one of the most important aspects. Clear communication and processes are essential, particularly as you grow rapidly. I’ve always had monthly all-hands communications, but I’ve added new processes for better financials, products and performance management to improve those that were in place just a few years ago. The people who take you to $50 million in revenue are different from the ones who can take you to $500 million.
Keeping talent is always a big one, we compete with a lot of the big giants in San Francisco that offer perks we simply can’t offer, however, we have a culture that can’t be replicated in those large bureaucratic environments and that’s a real selling point for us.
Of course, keeping up with new threats is always crucial for a cybersecurity company, but with our technology, we’re able to detect anomalous behavior before most of our competitors, enabling us to stop new threats on day zero. Seeing how innovative a lot of these cybercriminals are is what keeps me up at night.
I think we’ll continue to see consolidation in the industry with increased integration and collaboration across SaaS companies. With the current skills and staffing shortage, any company that is making it easier to use their product and minimize the amount of hands-on training time required will be in high demand.
There is a continued pattern of consumerization of IT with SaaS. SaaS solutions make day-to-day tasks easier, and IT professionals appreciate elegant, simple and easy user experiences.
There will continue to be more reliance on remote work. Particularly in the context of today’s environment, SaaS and cybersecurity are critical in ensuring that remote work is as effective as work in the office. For young companies especially, this can be a great way to reduce costs and increase access to a wider array of talent in the workforce.