Value Drivers, hosted by Peter Ho, is a business podcast series that discusses corporate finance strategies, growth tactics, leadership journeys and other management topics to drive value creation. Featured guests include corporate executives, entrepreneurs and authors. Below is a transcript of Peter’s interview with Mollie Breen.
Today we have Mollie Breen, founder and CEO of Perygee on the program. Before Perygee, Mollie has worked in NSA's offensive team, she saw firsthand the IoT witness that sparked the idea to build a company. Mollie, welcome to the program.
Thank you so much for having me, Peter.
So tell us a little bit about Perygee. What does it do?
Absolutely. So Perygee, as you mentioned, started out of my time at the NSA and seeing how just vulnerable all of these connected devices coming online were for organizations and how they opened them up to weaknesses for hackers. And so Perygee today is on a mission to help organizations embrace these connected technologies. But being able to do it in a secure way, our whole thing is really helping them move into digital transformation and move into these innovative technologies. And the way that we do it is we have a SaaS platform as a software platform that makes IoT / OT (Internet of Things, operational technology) sort of that key word to describe these connected devices in a B2B setting makes securing them really easy for security teams, while also reducing all of this equipment related work like maintenance, and patching. And we'll get into it that falls on to Facilities and Operations for the rest of the organization. And it's through this that we're able to essentially harness the ability to secure these devices, while also enabling the rest of the organization to do it in a really efficient way. And we've got two key innovations that allow us to do that we've got this breakthrough knowledge graph where we've gone out and mapped all of the existing IoT / OT products that exist from these really, really big vendors, but some also really niche vendors. And then we've also built our platform using this technology called no code, which essentially just makes it really easy for anybody to come in and make changes, customize it. It's really flexible, so that they can implement the security and implement the workflows in a way that matches their environment.
Perfect. I think it make a lot of sense. Mollie, can you just help me and your other listeners understand a bit about the IoT landscape? Obviously, there are many devices out there. I mean, what kind of devices are we talking about an organization use? Are they computers? Are they security cameras? Are they you know, what are they? I think there are a lot of devices out there right now connected to the network today.
I remember speaking to somebody I believe they were from NIST, the National Institute of Standards and Technology, and asked them this question really early on the journey. What is IoT? And his response was, you know, there's something like 32 different definitions of IoT out there. So I'd first just set the landscape and say, generally, when I use the word IoT, Internet of Things, I'm generally talking about anything that helps control the physical environment. Traditionally, we've had this notion called IT, information technology, think servers, PCs, none of that is actually controlling the physical environment. But as soon as you get into security, cameras, thermostats, fire controls, air quality sensors. Now we're talking about this intersection between the digital world, things that can be automated things that are living on a chip that are now starting to control the physical world, meaning we're changing the temperature in our room, we're monitoring, you know, whether there's a fire that started and that is what, what, how we think about IoT, and there's a couple of different definitions that we could get into that start to be really specific by industry, but just in general, I, I typically interchange the words IoT, operational technology, OT kind of mean to collectively summarize this explosion of internet enabled devices?
And how big is the market? I would imagine there are so many devices out there. And I'm not familiar with how they're being secured today. And hopefully, some of them are being secured, at least in the, in the mission critical environment, or the power plants, like the defense related type of organization. But there must be organizations that are not paying enough attention to these devices just yet. And how are they doing that today? And what kind of protocol or software do they use today to secure all these different devices?
So to answer the question, first about the market size. Before we even get into the market size, I think it's helpful to differentiate between consumer IoT and B2B IoT. And for the purposes of this conversation, or at least from the perspective of Perygee, we're really focused on the B2B side of IoT, consumers have their own needs, their own features that they want. It's a slightly different animal, we could fill an entire other podcast about consumer IoT, so we're just talking about B2B. And there's the just really speak to the magnitude of the problem, there's 10 million new just B2B devices connecting every single day, and over half of them are vulnerable to medium to high severity cyber attacks, just to give you a scale of what we're talking about. And the IoT security market, in general, is estimated around 61 billion just in the US. But you know, we could look even further beyond when we start to talk about from an international perspective, a global perspective, when you start to combine not just security use cases, but also some efficiency use cases like predictive maintenance meaning, can we because these devices are digitized, can we can we predict ahead of time if they're going to fail, or if there's some type of downtime, which has real business efficiencies, that market is in the ballpark of 2 trillion, at least, it's probably an underestimate, just to give a sense of how how the entire world is moving in this direction, and the entire world is going to be connected. Today, some of the biggest challenges that organizations face is just not knowing what they have on their network. Getting a basic inventory is difficult, in part because the people who are implementing or turning on these devices generally fall outside of the security team. So it's, it's living in this very siloed nature within an organization. And let's, let's say that they even had some semblance of an inventory, some semblance of here's what's on our network, it gets really hard to secure them, when you start to take into account that every single device is different based on the vendor that it is, the firmware version that we're talking about, the use. The quintessential example that I always give is, think about the difference between a thermostat in the physician's lounge and a thermostat in the ICU. Those are having those are going to have two very different risk profiles, given the fact that if one goes down, or one's getting hit with a cyber attack, you're you're risking real patient outcomes versus if the other one you're risking, maybe somebody's lunch is getting warm. And that's the, that's the problem that is impacting security teams is you take that problem, you multiply it by the 1000s of devices on the network. And, and it's really hard for security teams to keep up.
Makes sense. And it's really hard for me to wrap my head around all these different devices, as I mentioned earlier, because I would imagine, there are 1000s, maybe maybe even more type of thermostat out there. And they all use different kinds of OSs and firmware, and trying to get an understanding of what you have within the organization would be very difficult. You mentioned that Perygee has developed or is developing a knowledge graph on some of these devices. So can you help us understand a little bit about that, and how that is, you know, different than what is available today in some other companies.
When, when I'm describing the Knowledge Graph, think of it as its goal is to provide this multi dimensional visibility of the assets that are in the network. So typically, as I mentioned, there's a couple of different layers of visibility that organizations have. Maybe they have no visibility, that's typically the first year. Then or you start to layer on maybe they've got some spreadsheets laying around. They've got some organizational insights, information living in people's different mental model. That's, that's good. Then the next layer of maturity is they're getting some type of visibility from the network, meaning they're there. passively monitoring all the devices that are talking to one another. And there's ways that you can do this at an infrastructure layer, that's good. The problem is that that's still incomplete. They're not everything about a device lives at any one of these tiers. So something like, you know, the the recall status of that device, which is an important piece of information, because if a device is getting recalled, you as an organization are going to want to know, that very likely does not live in someone's mental model. Like they haven't found out about it yet. That doesn't live at the network. And but it does live on the vendors page, or, you know, the vendor sent out a tweet, or they've sent out some type of alert. And at Perygee, we're thinking about how do we stitch together all of these different sources of information, the things that are living within the organization, the information that's living at the network, and all of this open source intelligence to provide the most comprehensive view into how devices are behaving and how they should be managed on the network. And so when we, when we talk about our knowledge graph, we think of it as the the combination of all these three different sources, and the ability to bring them together with the the the fact that we're mapping a lot of this and gathering it ourselves and bringing it into somebody's network as being a really important part of of the value that they're going to get within the first minutes of of turning Perygee on.
Makes sense. I hope there aren't too many organizations out there that are tracking devices using spreadsheets. Sounds pretty scary to me.
You would be surprised there, I would say the majority in this space, I heard a statistic recently that only about 5% of organizations are using some type of IoT / OT security management platform. So the inverse of that is not 95%. And I bet of those 95%. They're all using spreadsheets, the majority are using spreadsheets, if, if at all.
Suffice to say, I mean, there is a big market opportunity, as the current needs of the customers are not being filled, as many of these devices are not secure, at least not as secure as they need to be. And how do you think about go to market? So you recently raised a round of capital? Congrats again. I mean, it's in a fairly tough market environment. What is your current strategy to deploy your product to the market?
In our industry, most folks, their go to market is focused on an industry focus, maybe they'll go after healthcare first, or they're go after manufacturing first. Others go to market may be focused on a device type, like they'll go after just the most industrial systems first, or go after the most consumer grade IoT devices first. And you know, that's limited, especially as organizations today. First of all the lines between what is a healthcare organization and what is a retail organizations are starting to really blur. They're all they're all starting to converge and look really similar. Just as one very small example, think about an education system that is going to have a clinic, it's also going to have a cafeteria, it probably also has a gift store. It's it's a combination of all these different industries. So that's one one downside to something like this. The other downside is if you take a device first approach, similarly, you walk into an oil and gas setting and you you secure their most critical industrial assets. But they also have office buildings that need to be secured or HVAC systems and there becomes a real blind spot in terms of what coverage they're able to provide for that organization. So at Perygee, we take we're solving for the people and you know, what are their workflows? What are the devices that they're thinking about? And that translates to our go to market and that instead of targeting or going after a top level, or a top down type of approach, we really focus on how do we solve for the pain points, and the day to day that a practitioner who's tasked with securing these devices and maintaining them. How do we solve for that and grow through go through that lens and that unlocks not just our ability to be horizontal across industries because we're so good at the people aspect, it also unlocks our ability to be horizontal across devices because of our focus on on solving for the person versus the device. And, and, and so those those insights really flow naturally from that approach. So we take a bottoms up approach, which no one else does within our industry.
No, that's great. That makes like a a lot of sense to me. Now maybe we can segue a bit into slightly different topic. You are an Applied Math major Mollie, are you always interested in business and startup?
I have always had business ideas i from i can remember from early days, people would come to me and say, Oh, I've got a, I've got a business idea for you, there was just something about the way that I spoke or, you know, conversations that I tried to have with people that always centered around the, you know, starting something and building something. I never thought about starting a business myself, in part because I had this notion that people who started businesses were business majors or people who started business, you know, studying, you know, study business in graduate school, and, and so one of the things I'm really passionate about is really reaching and educating people, when they're younger about how interdisciplinary starting leaders of businesses can be and how they can come from so many types of backgrounds, you don't need a business major to do it. But it wasn't until I applied beyond a reality television show for women starting businesses that I got to see and meet so many people from different backgrounds that I put the pieces together that this was something that anybody could do if they had the persistence and the determination to do it.
Interesting. What about your experience at NSA? Can you apply any of the experience you have there to deal current entrepreneur journey that you're taking.
The biggest lesson I learned from working in the government and working at NSA was the importance of persistence. And if I just give a few examples, so you know, getting something done in the NSA, I remember just trying to book a meeting room, you know, and you'd be surprised that some booking something like booking a meeting room would would be this incredibly bureaucratic process, you had to do it two weeks ahead of time. That wasn't that wasn't going to work when we had a really important person coming in the next day, and I need to book his meeting room. And I remember calling the person that worked in the central office every seven minutes until I could get a hold of them and finished booking this meeting room. And I know this is such a small thing. But a principle like that now applies to what I think about moving things forward in a startup, like you're trying to get people to care about something that until that day, they didn't even know existed. And sometimes it's going to require calling that person every seven, I've never like, that would be a little extreme. But sometimes it's going to require calling that person a couple times a day or following up really repeatedly. And not giving up on on getting something across. A couple other examples just from this idea of persistence, you know, in in the government you need to get, if you're going to put anything on the outside about what you're working on, you have to get it approved through publication, like through something called pre pub, it has to be approved by a publication office. And, you know, again, these things will take 30 to 60 days. And sometimes I just didn't have that time. So you couldn't be afraid to just submit something and then immediately pick up the phone and say, Hey, did you get this thing? Would you would you look at it right now and and approve it for me? And I think the same, you know, this all flows back to in a startup, there's a real sense of urgency. And you don't have a lot of time, you can't wait sometimes for their whole process. And you need to, you know, ask for what you want. And you need to sometimes nudge people and that ability to that that determination, persistence, but also lack of that fearlessness to take those actions is something that I learned a lot it from the government.
Yep. Persistence. I think that is a definitely an important lesson. I think they can be used by many of us. Now, you actually started a company, Perygee, right after you got your MBA from HBS. Is that common among your classmates and friends?
I would say it is not common to the extent that it's probably about one in 10 people that started a company so 10%. So just from, you know, statistical perspective, you're not talking about a majority of people who are starting companies. Now has that number gone up in recent years? Absolutely. So it's getting it's getting more common. It's getting more popular. That number about one in 10 has probably increased and even the couple of years since I've graduated. But if it was something that was probably more unique, which is one of the reasons why I really enjoyed my experience, because now that I've graduated, I have friends in all these different industries, not just entrepreneurship, which becomes very helpful when you're thinking about finance or marketing or sales. These other places that as you grow your business you want to draw expertise from?
Yeah, you definitely have a lot of courage. I mean, because getting an MBA is not, it's not cheap. And I think many MBA graduates, at least, you know, my, my friends and my group of network, many of them at least started work in a kind of typical role of like consulting, banking, because they can pay back the loan quicker. You know, you took the more difficult route. And congrats, I mean, it's a lot of courage.
It's certainly one of the areas that I'm, I'm most proud of is, you know, taking out the loans for for HBS. And then, or Harvard Business School, and now paying them back with money that I raised, and customers that I, you know, went out and chased and there's a real there's, there was, there's a real sense of fear when I, you know, took the money from the bank and knew that I was starting this company and didn't know where it was going. But a real sense of, of payoff, and being on the other side, and, and seeing just how far you've come and built, you know, to gather to get there.
And for Perygee, what do you look at, from a day to day basis? KPIs, financial metrics, or, you know, some kind of project milestones to make sure you're tracking to your plan? I mean, do you have like a top five KPIs that you're most focused on? I mean, what do you look at?
Yeah, it is. And that's it doesn't necessarily boil down to top five, I'd say, it falls into two categories. At this stage, we're really focused on growth. Because we are an early stage venture backed company. So growth is extremely important. And some of the key metrics that we use within that are metrics such as number of users and the platform, that's a you know, a leading indicator of growth, the number of devices that we're monitoring and securing that's another big one that we look at, because, you know, you can have 10 different users with 10 devices, you can have one user with 20,000 devices. So looking at the spread across across that. And then the other area that we of course, want to keep a pulse on is burn. And, you know, cash flow, given that the fact that your job as a CEO is to not run out of money. So from that we have a budget and we look at actuals, or plan versus actuals every month and and seeing how we're doing against against what we expected burn to be to continue to monitor our plan.
Now, that's helpful. Are there any things that keep you up at night? When you think about it is a lot of responsibility? I mean, this man is you take I mean, obviously, it's not free. And now people expect you to provide a return to them. Are there things that wake you up in the middle of the night, I mean, your customer complaints, or anything that I think about a lot, basically, every day?
I say, you know, in the beginning, what kept me up at night was something like, you know, getting the company off the ground, the, you know, the fears around that the identity crisis around that. At this stage, the thing that really keeps me up at night is the sheer volume of things that I think about on a day to day basis, and the diversity of every single day, where you're jumping between a sales conversation, a hiring conversation, an employee check in an investor meeting, and, and so it is very, it's very literal, but you know, before I go to bed, I can I'll notice that I'm starting to think about the next day and I'm trying to make sure that I don't forget certain key points or I don't forget to do something before meeting or by a certain time. And that that does keep you up at night like your your brain developing quite a bit. So I use the Notes app on my phone and try to write down these thoughts as much as possible. I send emails to myself so that when I so I don't forget it in the morning. Those are some of the tricks that I've done. And as a way of just helping yourself shut off at night and, you know, start the new day with with that same sense of clarity and an ability to go from one thing to the next and do everything that you need to be doing.
It's a big task, trying to keep the company going and trying to secure all these devices that are out there with different firmwares different configurations. Some of them the organization don't even know they exist is under like, and so is a big task and big opportunity. This is just about as much time as we have today. I'm going to wrap up with one final question, Mollie. So I was reading this statistics I'm not sure it's accurate or not. But I found out they say in venture capital only 2% of the money raised go to female founders. I'm not sure if this number is accurate or not. But it's it just sounds striking to me. Today is March 9 2023. Is that number, right? I mean, what would you what advice would you have for other female founders?
Whatever the number is, you know, 2% and 2021. You know, what is the latest in 2023? I'm, I'm willing to bet. It's, you know, it's still gonna hover in the single digits. Which leads to a larger theme of what your question is asking around what can women do to increase their their chances of success when fundraising and there are so many things to say fill another podcast with it, but the thing that comes to mind that I think worked as a, as a strategy or as a as another tool in the toolbox, when when you're fundraising because there's, there's a lot of things you want to do, that you can get right is being connected is useful, you know, getting getting more metros to VCs, but don't forget the, the, I always call it the swarming effect, or the swelling effect, where when I was meeting, a VC that I really liked, or venture capitalists that I really liked, I kept in mind who else they may know what you can look up based on their LinkedIn connections. But you can also do, you can see what companies they've worked at, and they may not have connected with that person on LinkedIn, but maybe you know, someone from that company that you know, they do loosely know each other. And over time, as I got better at fundraising, more and more if I when I met someone that I really liked, I'd reach out to at least one, ideally, two or three people that were in their orbit, who could just pick up the phone, send them a text, write them a note and say, Oh, I heard you just met with Mollie. I think what they're building is great. I think she's great. You know, let me know if I can answer any other questions about what she's doing. And I think that that really helps from I think that's a useful tactic for anybody fundraising. But I think especially for for women, you want to come across as connected and you want to come across as you know, being able to have a big network that's going to get you into all the right places. And it's a way of of using that to your advantage. And I would highly recommend that for women to think of that as something else that they can do to help them and for anybody else, fundraising, but it definitely helped when I was doing it.
Thank you, Mollie. This is great advice. And you have a very interesting journey and tackling a very looks like a big opportunity. I mean, securing many, many devices out there of you know, various configurations. Congrats on the fundraise, and good luck with the business in the future.
Thank you so much, Peter.
Start exploring the platform and sign up for your free trial or contact us to chat about your IoT/OT challenges and upcoming projects.
No email or credit card required to try out the platform.