The Security Podcast of Silicon Valley

Episodes

About

Blog

Subscribe

The Security Podcast of Silicon Valley

The Security Podcast of Silicon Valley

Episodes

About

Blog

Subscribe

The Security Podcast of Silicon Valley

Episodes

About

Blog

Subscribe

83. How small companies can make their security doable (with Phil Howie)

Welcome, everyone, to another episode of the Security Podcast of Silicon Valley. I'm one of the hosts, John McLaughlin. I'm joined today with the other host, Sasha Sinkovich. And today we have a spectacular guest, Phil Howey.

He is the founder and CEO of a security startup called Sidekick, the simplest route to cyber resilience. Welcome to the show, Phil. Thank you. Thank you for having me on the show.

I'm excited. Welcome, Phil. So Sidekick is an interesting name. It's an awesome name.

How did you come up with that name? Well, it's not actually our first name. So we've been through one or two name changes, like a band or something like that. So we came up with the name.

We wanted something a little bit shorter, a little bit punchier that had some meaning. So the idea is that we turn our customers into superheroes. They're the heroes in their journey towards security and privacy and resilience. And we're like the trusty Sidekick that comes alongside and helps them.

So it's a classic sort of brand story. We want to help them be the real superheroes. And we put a little twist on it. So we spell it with a Y as a little nod to the cybersecurity element of that.

And it just, you know, helps with creating something a little bit more unique and getting domain names and things like that, which is always useful in this stage of the internet. So Sidekick was founded around four or five years ago at the beginning of COVID. So we're a consequence of the global pandemic. And it's a good way.

It's something that I'd been working on really for about a year in the background. And due to my own circumstances, COVID really forced me or gave me the chance to dive in and really go all in on this startup journey. So what we are is we're a cyber resilience platform for small business. So we help really small to medium-sized organizations build out an entire security program, you know, where they really don't have anything and they really don't have a place to start.

So we're a great place for people to really go from the ground up to build a resilience practice and then, you know, work towards eventually things like certification and compliance. Although we really start at the more simple end of things. So we make it super easy, super, super easy for people to get started on their journey. How do those SMBs know that they are mature enough and they need security program?

Well, you know, understanding you have a problem is the first part of any journey, obviously. So the need is great, although a lot of people don't necessarily know that they, how big the problem is. So part of it is timing with the market. We've got to find people that want this and need this and a lot of people do.

And the way it works really now is to begin with your own assessment. So we kind of create the problem for them in a way. We help them understand by going through the whole assessment process that you have some real gaps and that creates an understanding and it creates a problem for them that we can then fix and say, okay, well, here's your generated program. We can help you work through this.

And then, you know, it provides really tasks and a way to address those issues specifically in a way that's really straightforward for them. So really a lot of people don't understand cybersecurity and that's the huge challenges that we face. You know, any cybersecurity startup or anyone working in this business knows this problem. Yeah, security can often be seen as this dark box that you don't really want to dip into because there are so many unknowns that you don't want to uncover.

What is the biggest pain point that your customers find facing in the context of compliance and security? I think there's a couple, right? Like I think obviously compliance is a huge one. That's a big driver towards business and towards becoming more secure, you know, to provide that assurance to your potential customers.

I think we're seeing a few other pain points as well. So things like cyber insurance, we're seeing more stringent requirements coming from the insurer's side and people kind of having a bit of a wake-up call and saying, hey, look, we've got to up our game here and implement a bunch more practices that we didn't used to have to do. So they come searching for solutions. And really, I think, you know, any company gets to a certain consequence and size or organization.

And at some point they have a management meeting and someone goes, hey, what are we doing about security? And usually one person, you know, has that responsibility, hopefully. And they go looking for answers as well. So people's need to just protect and address risks becomes a real issue at some point.

You know, hopefully they wake up and realize this is a real problem for them. So we can really help them on that journey as well. But we want to help from day one if we can. So I'm super curious.

Did you notice something or there must have been a spark at that moment where you realized like this needed to exist in the world and that you are going to help build this? Yeah. So a little bit about me. I've spent really 20, 25 years in engineering and design.

So my background is in building websites, building web applications, building phone applications, and then being part of teams which design that. So I was lucky enough to be employee number one at one of New Zealand's unicorns, a startup called Pushpay, which really began last decade. And I was first on the ground there. That grew to about $100 million in something like four years.

And its height was worth about $2 billion on the New Zealand Sock Exchange. So pretty cool experience there, really being in the front row seat to that startup experience. And through that, I designed really the entire user interface for this app, which processed about $100 billion in finance payments really over the year. So I took a lot of the learning from that and my engineering background and sort of combined the two to engineer an experience for people that's really easy to use.

I think security has to be easy to use. And one of the frustrations I felt from the outside is that it's not easy to use. I'm not a traditional cybersecurity insider. So looking at it from a sort of different lens, from a design lens, from an engineering lens, I could see a real opportunity to make a huge improvement there.

My aim and my vision is to deliver resilience to the Fortune 5 million, as they're called, and make this really straightforward, make this actually achievable for people in a way that the average civilian can use and understand. Whereas a lot of stuff in this space is needlessly complicated, horribly designed, and just needs to be better, basically. So that's kind of my passion, is really making this on a whole other level. So you don't like complex dashboards?

No. No. Like, it's easy to make things complicated, right? It's actually hard to make things simple.

And we know this story over and over again from great design firms, things like Apple and things like that. It's hard to make things simple. You know, it requires a lot of wrestling with choices. What do you display for people?

What do you take away? And I think in the age of AI, and you can just code anything, and they'll code for you, and we can just vibe our way to success. I think what we need, thoughtful design, because I don't think we're there yet with AI. I can write code, but I can't necessarily create a thoughtfully designed product.

That requires a little bit of intention and some experience. So I think that's really what I can bring to the table with this. And what I'm really passionate about is delivering experience, which is understandable for people. So your discussion around design and how it's actually very difficult to come up with something that's smaller and to the point and focused and deliberate and intentional.

I think it was Pascal, actually, who said, well, I didn't have time to write you a short letter, so I wrote you a long one. Yeah. I was like, it's perfect. It's exactly the same thing that happens in design and security.

And I have the website open, sidekick. co, side with a Y, sidekick. co. And it just makes me want to click on that, take the five minute product tour of Sidekick.

Yeah. Hearing you talk about that, because it's one of the pain points that I've always struggled with in security, you know, always having those just bombarded with dashboards and details and nitty gritties. And most of it isn't pertinent. It's a lot of distractions, a lot of noise.

I know, like, the compliance community in general has a lot of fluff, but they get a lot of cruff from just being maybe a little bit outdated or a little bit unfocused on things that actually matter. So all the gratitude in the world for taking this complex space and just make it a little bit softer around the edges. Yeah. Thank you.

Yeah. Look, I think a lot about things like jargon, right? Using the language, the sort of language that we use. There are so many acronyms.

I've never seen an industry with more acronyms than the security industry. It's outrageous. And so I'm really careful to things like just not use them where I can, you know, explain things, write things out in full, because most people don't understand acronyms. So I think about that a lot.

And so far, that seems to be working. So people really like what we're doing. And interestingly, we're seeing people in the AppSec space as well. So this is a little bit of an unintended consequence of what we're doing is that we developed a platform.

Turns out lots of people like things easy to use. And so the AppSec community took notice of what we were doing. And we've actually made a version of our product for them as well. So if you're, you know, if you're working towards something like OWASP SAM level 1, 2, 3, or NIST SSDF, some of those complex frameworks, there's some acronyms for you.

You'll know what those mean, and those will be painful for you. And so we've done a collaboration and joint venture with another company called SafeStack. They're amazing. And we actually have a version of Sidekick specifically for AppSec developers and AppSec teams who are working towards those big frameworks.

So that's really exciting. That's come out something we didn't expect. And as the startup journey goes, sometimes new opportunities present themselves and you follow your nose in that direction as well. So we're really excited about that.

What is your customer acquisition top of the funnel? Do people find you because they have a certain pain point and your website promotes the solution to that pain point? What is the type of the customer that is reaching out and using the platform? We started really selling direct, a lot of outreach, a lot of outbound, as you do in the early days of startup world where no one knows who you are and it takes a while to build that kind of inbound engine.

And so we signed up individual organizations and that worked pretty well. But it's very labor intensive. And what we found is also that people, even if you build a simple product and a platform for people to use, they still need a lot of help in any case. And so what we've done more recently, which has been working really well, is we've teamed up with supplier channels.

So, you know, managed service providers, IT professionals really love what we do and they're actually adding it into their plans and support plans for helping their customers as well. So we're seeing that work. Work is a pretty effective channel and that means that we get to make great software and do what we do best and they can build it into their support plans and really help their customers directly alongside using the platform with them as well. So we get a lot of business through that.

Does a typical customer ask for help with compliance? What is the starting point of that discussion? It can be a range of things. Compliance is definitely a big one.

But we've tried to sort of steer away from just compliance. It's a really saturated space and there are some really great products, to be honest, in that if you really just want compliance and you want to go from zero to compliance, then it's a big journey, right? And you need a lot of help with that. And so we help people a lot before they get to the compliance stage.

So there needs to be a lot of just general resilience practices around security, around privacy, even around governance and things like AI and things like that, that don't necessarily fall directly under a compliance framework in the beginning. So we help a lot of customers with just generally addressing their risks, working towards better practices, better resilience, and to address things like we mentioned before around cybersecurity. It could be just even due diligence. People hate due diligence questions.

You guys know all about this. People are looking for answers in that business. So that's a big driver, obviously. Yeah, yeah, for sure.

I mean, if you're a founder of a startup and you're doing the zero to one thing and you're in the B2B space, you're going to see those questionnaires. Yeah. And I'm sure it'd be very nice to understand like, hey, what are actually like the security principles and the practices and the policies and the programs behind all of those questions that I have to implement as a founder in my organization if I want to close those types of markets or close those types of deals? Right.

It sounds much more comprehensive than like those bigger companies that just do compliance and they give you like the list of stuff that you do and they integrate across your ecosystem because this sounds much more holistic, much more comprehensive, more user-friendly, more focused on what actually matters maybe is a good way to put it. I think so, right? Like there's a saying that compliance is not the same as security, genuine security practices. Now, there's a lot, obviously a lot of overlap, but you can be compliant, but you may not necessarily be a super secure company.

Compliance is about adhering to what someone else wants you to adhere to and good principles based practices around resilience are really about what's good for you and your organization. We start from principles first. We do privacy as well. So it's not just cybersecurity, it's privacy.

A lot of people think those are the same thing. And that's another reason we address that with our customers because again, it's helping people address both of those at the same time. So we have a principles-based privacy program, which is awesome actually. And it takes you really to an international level of privacy practice, quite a straightforward way that really adheres to the spirit of the big frameworks around the world, GDPR, things like that.

And of course, cybersecurity as well. I like to think that we help people really protect and defend their businesses from good principles-based practices, really at the beginning there. You mentioned AI before and how to think about security. The intersection of AI and security or privacy and AI perhaps is another intersection.

Like how might Sidekick help me navigate that as a founder? That new space. Yeah. I'm really interested.

There's something we're all grappling with, right? And so we're actually just releasing a governance policy or a template for companies, organizations to implement. It's quite straightforward. It's not huge.

Something that they can really think about, customize and roll out to their teams. It's like an acceptable use document. It kind of goes over like, here's how to navigate this. Here's how to think about it.

What to use, what not to use. You know, good practical stuff. Don't put all your personal information in there. Things like that.

So helping organizations kind of navigate that world with just a good straightforward policy template. But also I think, you know, good security and privacy practices already cover some of this, right? Like, you know, privacy is about personal information and about being sensible and thoughtful with that. And so don't just necessarily stuff the LLMs with people's personal information.

That's probably not cool. So hopefully good practices will cover some of this stuff. But it is a brand new field. It's something that we're leaning into more and more because it's a huge step change, right?

It's massive. And so it's something we have to address head on. Yeah, it's a new space. And I feel like the security community is really navigating all of that together.

So thank you for sharing. Yeah. And, you know, speaking of like collaboration and doing things together, do you have a co-founder? Do I have a co-founder?

I do now. So I started the journey solo. I spoke to a few people at the beginning and they weren't quite ready in the right space to do the co-founder thing straight away. So I founded solo.

Went for a couple of years. We raised a million dollars in pre-seed funding. We won a couple of awards, which is super exciting as well. So I'm really proud of that.

Somewhere along the line, I realized that I think I work better with a co-founder. And so it's a pretty intense journey, the startup journey, as you know. And so it's nice being solo in some ways because you can kind of make decisions and you can get things done. But it's also a tough journey to do alone, really, in that seat.

So last year, one of my investors, actually, who I've been working with for a couple of years, we had a conversation and it made sense. It was the right time for her to come in as an official co-founder and actually CEO alongside me at Sidekick as well. And she's super experienced in the cybersecurity space. She's been a long time investor and really has a complementary skill set to me.

Her name's Kendra Ross and it's been really great. It's been great having her in the business as well. So I think we're much better for it. And, you know, we're busy just building the next version of that product and really, you know, we're working towards achieving our vision.

So I do have a co-founder now, which is great. I highly recommend it. What's great about Kendra is we kind of had a three-year job interview together, really. She came on as an investor, an advisor, increasingly just got closer and closer into the business.

Eventually it made sense to really come in full time. So I think that worked really, really well. But it is like any human relationships, co-founder relationships, I'm sure can be hard, can be a bit of work sometimes. But that's, you know, that's the journey.

I imagine that folks that start companies are not the type of folk to shy away from some hard work. That goes with the territory, right? Kind of comes with the territory. Yeah.

Yeah. And I think that's a great point, John, is that, you know, like it is, if you don't start a startup to take the easy path, like it is, it is hard. And you have to find your own version of success. Sometimes success is just keeping on trying.

It's not necessarily, you know, we all want sales. We all want that up and to the right. But sometimes success is failing, trying again, failing, trying again. And sometimes success is the actual just act of trying.

And ultimately, if you keep doing that, you'll see some success at some point. You'll get it. I mean, another way that I think about it is it's not a failure until you've given up. And knowing when to call it, you know, knowing when to be like, look, we've tried this one a number of times.

We're going to go and try something different. You know, and that's okay. It's a skill. It's an art, right?

It's something that's very subtle. But, you know, it's something that entrepreneurs do really, really well. So cybersecurity has a lot of different pain points that have not been solved yet. And you are on this path to enable SMBs to have some guidance on this security journey.

But cybersecurity pain points are very global. They are coming across the entire globe. Are you primarily focusing on the New Zealand market or are you focusing on the global market? So initially we were testing our product and focused on New Zealand market.

But really we have global ambitions, I would say. I think cybersecurity problems are very similar everywhere just about. Although there are obviously some local contexts. Laws and regulations.

Laws and regulations and even some cultural contexts depending on where you are, I suppose. And so, but we have global ambitions. We think this is a global problem and it's not going away anytime soon. So we absolutely, absolutely want to expand.

We've got international customers now. We just haven't yet really launched into some of the places yet that we want to launch into. But that's coming. It's kind of one step at a time.

Are there any region-specific opportunities? Let's call them that way. Like EU AI Act in Europe, GDPR, but specific to the New Zealand market? There's a couple.

So the Cybersecurity, I think it's Resilience Act, CRA, in Europe is a big one. Huge opportunity there. And AppSec really fits into that hugely. So AppSec is a global problem as well.

That's the developers everywhere in every country. That's something we're looking at pretty closely. GDPR is definitely a challenge as well. Like if you're really meaningfully in that market, you need to think about that.

And certainly people from just around, mostly around the world are doing that. So that's something we can solve there. But really, I think, you know, I think general principles-based resilience is just about universal, particularly for lots of the smaller side of things. And so, you know, we can make a really good impact, I think, in different parts of the world without needing to really change the product too much.

And that's, you know, that's pretty exciting to think about too. And AI is, you know, practically a universal problem at this point as well. Okay, so you understand all of the stereotypes of like, you know, Silicon Valley and startup culture and the VCs and up and to the right. I'm super curious, like in New Zealand, is it like if you're a founder in New Zealand, is it significantly different?

Is there a different energy, a different vibe to starting a company maybe in New Zealand? Yeah. Well, look, I haven't started a company in the US, so I can't speak directly to that. But I think, you know, we're heavily influenced by US culture.

And so that's our main source of popular culture and just influence really comes from the US. And so I think we're kind of like a weird mix of half US culture, half British in some ways. But, you know, I think it's very similar, right? I think New Zealand's a very friendly place to start a company.

It's an amazing quality of life down here. A lot of US folks love to visit New Zealand. You know, your dollars go really far, which is nice as well. But it's a really founder-friendly place.

I think the scale of things is a little bit smaller than US. So I think US is really, you know, is really the kind of mecca for startup culture and particularly in Silicon Valley. But that being said, there's some amazing startups happening in New Zealand, happening in Australia, happening in Asia, happening all around the world now. I think the barriers to entry of this have just come down and down and down.

We've come a long way really in the last even five or 10 years. US VCs are actively investing in New Zealand, you know, on big scale and things like that. So it's great. So I think a lot of the barriers and, you know, COVID really reduced that.

People were raising money without even seeing people face-to-face. It was all happening over Zoom calls and different time zones and things like that, which is kind of amazing. Probably was unheard of before that. I think, you know, that's really changed the access for people into, you know, cross borders, cross regions and things like that.

So, you know, I think it's pretty similar. And I think the scale and size of things in the US is something to aspire to. And I think, you know, we look to you guys as really models of how to do it well. We mentioned there are a lot of pinpoints and we cannot solve them all at the same time.

We have to focus on one specific pinpoint and deliver value to the customer. If you were to start a security or compliance company in 2025, what space would you tackle? I think AI is just huge, right? And I think it's the current wave.

So without AI washing everything, you know, it's easy to get caught up in buzzwords. And I would solve meaningful problems for people that help address that space in some way. And sometimes you just have to pick the timing and the wave, the current wave of technology and cover the current wave of problems that are happening. You can catch that wave.

And that's how that works. And so at the moment, there's a huge tidal wave of challenges and change around dealing with AI from a security point, from a resilience point of view. It's an opportunity. It's a threat.

It's everything. And so I would probably focus on that, to be honest. And you really just utilize that. I think utilize that to solve real problems, not just slap a sticker on something and say, we're doing AI, but actually solve real problems.

But I mean, if you throw in a couple of extra keywords like LLMS, SLMs, and Crypto on top of AI, then you're in a really good position. Yeah, if you've been around in the technology industry long enough, there just comes waves of these things. And when it was Web 2. 0, I don't know if you guys remember that.

It was kind of the same thing. Everything was Web 2. 0. There was content mashups.

There was user-generated content, all this sort of stuff. Really cool stuff. But a lot of companies were just blurting out keyword names all over the place. And some of it was great value and some of it wasn't really.

So you see these kind of waves of things come through and people jump on them and try to market them and use them as much as possible, which is great. But people have to keep their eyes open and separate what's genuine and what is just marketing, essentially. Yeah, and it's super easy to lose the trust with your audience, with your partners, with your prospects, with your customers. If you do too much of that washing, you lose the credibility.

And if it's clear that you're not really delivering value except for using the keywords, then that relationship becomes a little bit more challenging. I think ultimately it just comes out. You either deliver value or you don't. And no amount of keywords are going to save you.

It might raise you a lot of money, but that creates a different sort of problem. I think you have to solve real problems for people. And it's hard, right? That's really hard to do.

You know, to think through that well and to really focus on the customer and not just what you want to do. That's hard. It's something that takes practice. So at this point in the podcast and us talking about problems and solving real problems and looking into the future, I usually ask what security problem do you think we will have to face as a security community like five years into the future, 10 years into the future.

But I would also, for you, Phil, I would love to open it up because I feel like you have a strong passion for simplicity and like cutting to the meat of things and almost like a design element there. What do you see as the most challenging piece in looking five years into the future related to security or maybe related to design or even just human computer interactions? It's a big question. I think what we've been talking about, to be honest, I think managing risk, managing fraud, managing the challenges that AI brings.

You could probably recreate this podcast perfectly with digital avatars and voice generations that we're talking about right now. I was about to say, how are our listeners know that we're human? It may be imperceptible, right? But it's getting very, very challenging.

So I think authenticity is a huge deal. And it's something I've been thinking about a bit there. I think trust is only becoming more and more important in terms of even just verifiable sources. So how do you know what to trust?

How do you know who to trust online? And maybe we should add a human signature onto this podcast. Human signature. We could scan one.

The real interesting question is like, are some people going to start opting to trust the AI more than the humans? Yeah. I don't know the questions there. Hopefully not.

I don't know. I don't know either. I don't know. I think the future will be less sci-fi than we think.

But there'll be some different challenges that we didn't see coming as well. I don't think we'll have floating cars just yet in five years time. We're in the technology industry. So we're thinking about this all the time.

A lot of the typical non-tech insider type person, they're just trying to get by. They're just trying to figure out how to book a flight or order their groceries. Or sometimes really straightforward problems. And so there's going to be really interesting impacts to all of that process through that.

But, you know, I think going back to just, I want to solve, I want to help people be resilient. Digitally, through cybersecurity, through privacy and whatever comes next. Build a digitally resilient organization. And if we can help them do that in a really simplistic kind of way that makes sense, that actually works, then I'll be happy with that.

Yeah. And I think the world will be a better place if more companies had access to templates and frameworks that made sense, that aligned with their business values. And maybe even their personal leadership values of how they see their businesses and their companies run. And just incorporating security and resiliency and privacy into values that I know are already there.

Even if a company maybe doesn't have those programs in place, I know those founders want to do the right thing. People care. They just don't have the tools and the resources to do it well. And sometimes even their knowledge and experience.

And so having a platform which is both really about capability building as much as anything. It's about capability building and tooling. So it's educational and it's effective and functional. And I think what AI does is, at the risk of abusing this word too much in this podcast, what it does is allow us to really build an experience which is truly, truly dynamic.

You know, it's all built at kind of runtime. And so we can do things like we can assess you based on the answers to your questions and understand your risks and help you discover them and really go through a really sophisticated level of assessment that's all built at runtime. It's not built at code time, which is kind of cool. And then develop out something that's really specific for you, hyper-specific for your organization.

And I think that's really exciting due to the power of that technology. Something we probably couldn't do five years ago as easily. We can now do, which is pretty cool, right? So we can really tailor make an experience much, much more effectively for people.

And that gets me pretty excited. I love the customization aspect to it. I think that's always an important piece. It's not one size fits all when it comes to security, when it comes to privacy, when it comes to what are the mechanisms that you want to put into place to actually do that type of data that you receive in your systems like justice.

Exactly right. It's not one size fits all. There are general principles and we try to sort of apply them to as many people as we can. But ultimately, you need to do what's right for your context and your budget and the sort of risks that you're addressing and things like that.

So I think we're going to see more and more specific solutions come out that really work for people at where they're at instead of just a kind of one size fits all. And this is part of the problem with frameworks and part of the problem with, you know, even compliance is that it is sort of a little bit like that. You know, it's take all these boxes, exclude a few, adhere to this. Sometimes it doesn't make any sense, but you got to do it.

So that's currently the best we've got. I think that space is going to have to evolve as well. So it'd be really interesting to see how that space evolves and even how regulation evolves. So one of the other things that kind of presents an opportunity for us is that regulation is changing around the world.

It's changing in New Zealand, it's changing in the US and Australia and the EU, of course, as well. So as those things change, that presents new opportunities to help and work in those spaces. Do you think there is a healthy balance between the volume and amount of regulations with actually what businesses need in order to be successful? Often certain acts can add additional overhead that slows down innovation.

Where is that healthy balance? Yeah, well, that's the million dollar question, isn't it? I think some is better than none. I think there's some parts of the world which really, really are lacking it completely.

And we need something because it does spur activity. It gets people moving and making changes, important changes in this space where they may not have the necessary push in the past. So I think it's good, but obviously you can slow things down as well. It's like anything.

It's a balance. Some of it's good. Some of it's probably a bit over the top. But we do need some.

And more in some places, definitely. Particularly in my part of the world, there is just not enough. And so people don't take it as seriously. That's the reality we're facing for thousands and thousands of businesses.

If you could go back in time and meet your younger self, would you take that opportunity? And if you would, would you have any advice for yourself? I think I would say, look, just be more ambitious and don't take things quite as seriously. You know, it's a long game.

It's a marathon. I had some amazing friends and advisors along the journey who have really helped me understand. It's a really long journey. And you have to find a way to make it enjoyable.

Because sometimes it's really not. It's really hard. So I would say, basically, be more ambitious. Try more things.

And don't take it all too seriously. Take the important stuff seriously. But try to enjoy the journey, right? It's easier to get a little bit just stressed out and caught up in all of this and forget why you're really there and why you're doing it.

Well, it's a journey, right? It's not a destination. Exactly. Yeah.

Yeah, I love that. No, it's definitely more of a marathon and important to put ourselves in a position where we can get something out of that middle piece, the journey piece. Yeah. Yeah, definitely.

We have a ton of entrepreneurs and founders and people thinking about starting companies who listen to the show. So this is a little bit of a leading question. But is there anything out there that you just wish existed or there's a tool that you were like, you know what? If this were here, I would pay money to use it because I have this problem and I have this pain point and I don't have the time to solve it directly.

But if someone could just solve it, please, I would find it very helpful. Anything like that come to mind for you, Phil? Any products that don't exist yet? Mm-hmm.

Yeah. Oh, gosh. I'm going to give you a silly answer. Yeah, what's this famous saying?

There are two problems in computer science, regular expressions and naming things. And if I had a product that would just help me name things really well and like at every level, great magic, pay money for that. Came out with the perfect name every time. The amount of time we've lost to just naming things, naming product features, naming companies, it is unbelievable.

And it's still a really, really hard problem to solve. And so if we could just magically make that go away, then that would be great. No questions. There's no follow-up.

Yeah. Hours lost to this problem. I would love that. I would use that.

End of story. Give me the perfect name. No discussion. It's just there.

You know. Be like, wow, that was the perfect name for that? I had no idea. I was waiting.

I had no idea. It was just waiting there in the universe just to be delivered to your product, to your organization. Yeah. I mean, I feel like we're 50% joking here, but I'm sure there's someone out there that's like, oh, yeah, I could build that.

Okay, Phil. Well, this has been absolutely spectacular. Thank you so much for sharing and sharing like vulnerable moments in your story. It's a real treat to hear.

And I'm super grateful and very happy that there are smart people in the world thinking about all of these difficult problems such as yourself and doing the zero to one thing to make the world a better place and to make security a little bit easier, a little bit less painful. Nicer to navigate. Yeah. Appreciate it.

Thank you. Thank you both for having me. It's been great. It's been a blast.

And I love what you guys do, too. So keep it up. Thanks very much. Thank you for joining the show, Phil.

Yep. Phil Howey, the founder and CEO of Sidekick. I'm John McLaughlin. Join also with Sasha Sinkovich, your host.

Thank you to all of our listeners for tuning into another episode of the security podcast of Silicon Valley. If you like this episode, I invite you to rate it. Please leave a comment if you think it's deserving of a comment and stay tuned for the next episode. Thank you, everyone.

This has been a Y Security production.

‹ 84. What gets missed when nobody reviews the code (with Jack Cable, Corridor)

82. Automating app security for modern dev teams (with Rejah Rehim) ›