Breaking into Enterprise: How Anagram Landed Disney with Cold Outbound
39:05 Share

I will die on the hill that a cold email is the highest reward to risk ratio proposition that you will ever encounter as a founder. It costs you literally as close to nothing as it can cost you, right? Some time and some thoughtfulness around who you reach out to and how you reach out.

And the worst that can happen is they ignore you. And maybe if you reach out to them a year later, they respond, but they'll have forgotten about the first one. So there's zero reputational risk, really, if you do a thoughtful one. But the potential upside is so high. So we really leaned into that. Just try it. Welcome to Founded and Funded. I'm a joint partner of Vivek Ramaswamy. And today I'm thrilled to be joined by Harley Sugarman, the founder and CEO of Anagram.

Harley's founder journey is a fascinating one, from engineer at Bloomberg to investor at Bloomberg Data, and eventually to entrepreneur, where he launched a company with a bold mission to fundamentally rethink how we protect the human side of cybersecurity. Originally founded to help security teams upskill through immersive training, the company has since evolved into a next-generation human security platform that's tackling one of the biggest unsolved challenges in enterprise security, employee behavior.

In this episode, Harley and I unpack this pivot, the lessons learned finding product market fit, and how Enneagram landed early enterprise customers like Pfizer, Kraft, and Experian. We also dive into the realities of fundraising and what it takes to build in a crowded market where AI is both the threat and the differentiator. This episode is a must-listen for any founder thinking about how to navigate a pivot, break into the enterprise, or build a defensible company in the age of AI.

With that, let's get to it. Harley, welcome to the podcast. You know, what motivated you to launch this company? How did your background help you in the early shaping of the company itself?

Yeah, so I have a bit of a funny background. I actually went into school as an English major, was a semi-professional magician prior to doing that. So I really did not think I was going to be in the tech world for a long time. But after going to school in Palo Alto, sort of being very much immersed in that world, the idea of starting a company took hold. But I didn't know what I wanted to go and do. So right out of college, I moved to New York.

and was working at Bloomberg, mostly there doing engineering for sort of infrastructure tools that Bloomberg was building. And sort of realized that I knew a lot about the product side of startups, but didn't know much about all the other stuff about the fundraising, about the hiring, all those other sort of facets that go into creating a company. So I found Bloomberg Beta, which was this early stage fund that exists within Bloomberg.

and is very focused on the future of work, which is something I was also very interested in. So I joined for two years, essentially with the ultimatum that after two years, I want to be fired and forced to go and start a company. And the team that I worked with there was very supportive. I worked with a woman, Karen, who out of New York, who sort of held me to that promise.

And for me, security was always a very natural fit. There's a lot of engineering within security that I find really fascinating. That was my specialist focus at university. And really, for me, there was always this interesting intersection of the technical side of security and the human side of security. And that human side was this sort of much fuzzier problem

than the technical side. And it was a problem that a lot of people had tried to solve, but hadn't really been able to solve. And so that was what

gave me the trigger to say, you know what, let's go into this space. Let's look and see where there's opportunity. And that led to the initial vision for the product, which was focused on security teams and eventually led us to what we're now building at Anagram. Yeah. And I think, you know, obviously you had a lot of interesting developments leading you to even starting the company in security in the first place.

But then the original vision of the company was very different or certainly different from what you're doing today, which was around upskilling cybersecurity employees and teams with this kind of capture the flag style approach. But then, you know, you pivoted the company in 2024 and saw some rapid success from there. What sort of led you to this pivot? Like walk us through what your thought process around that was. So the original product that we built

which I stand by as being an awesome product, was this way of evaluating security talent and training security talent

through this idea of puzzles, right? In security, there's this culture of capture the flag, which is we'll give you a piece of broken software or vulnerable software and your job is to figure out how to exploit that vulnerability. And in doing that, you very quickly understand, okay, this is how I would defend against that in the future. And it's a really cool, engaging way to teach people to evaluate what somebody knows. And so we started off building software very much focused on solving that problem for security teams.

which I, you know, can talk about on a length that I think one of the issues with it is that security is a very gatekept industry. There's a lot of certifications, a lot of a feeling that you need to have gone to a certain kind of school or have a certain degree to get into this field. And I don't and didn't buy that at all. So that was the first product which we launched. We got a little bit of traction with it. And

You know, candidly, we just realized quite quickly that the market wasn't there for it. We launched sort of 2022, end of 2022 timeframe into a market that was very much contracting. So companies that had big security teams, financial institutions, tech companies, etc, were on hiring freezes, they were doing layoffs, they were downsizing.

So we quite quickly learned that there was a cap to how big this business could be. And then the other challenge with it was, you know, the needs and the requirements for security training at these different orgs looked fairly different. Given the risk profiles, given the compliance frameworks you needed to worry about, given the kind of software that you're developing. So...

We decided to make a pivot, but we knew that we had built something special because the feedback from users was really, really positive. They loved the puzzles. They loved this idea of critical thinking and keeping things short but engaging. And so we basically started talking to the customers that we had and we said, okay, where are you feeling pain where this kind of solution could be interesting? Yeah.

And the thing that came up more and more frequently was this idea of training users who weren't necessarily on the security team, training the general population. And it's a, you know, a very known issue. Human risk tends to be the biggest hole for most enterprise companies.

Meaning someone clicking on a phishing email, somebody sharing data with their personal email or to someone that they shouldn't. Now increasingly, there's a lot of AI risk around what information gets put into models and what does that company do with that information. And there hasn't really been a good solution to that problem. There's a lot of companies out in that space. It's a very popular space. But the approach most of these companies has taken is,

is very cut and dry, right? Like pretty much everyone watching this or listening to this is going to have had to have gone through some kind of security awareness training in the past. That's usually 45 minutes of videos talking about what is a phishing email, followed by a kind of reading comprehension quiz that looks like it came out of the SAT. And that is not a good way to train people. And what we learned was that

there was real appetite to take this more engaging way of educating and teaching and apply it to this space, which is a lot broader space because every company above a certain size needs to do this employee training. And so that was the seed that led to Anagram. You know, to be honest, I was quite hesitant to do this initially. I thought we were going into a space that was very

I think I felt it was a little bit of a race to the bottom. So I sort of felt like, okay, if we do this, we have to do it right. And we have to do it differently. And so that was, you know, the initial sort of hump that I had to get over was my own kind of internal bias. Like, does this actually make sense? Is this a good idea? Is this not a good idea? But we got really, really good feedback. And so we then started doubling down. And

you know, kind of didn't even really feel like a pivot at all. Let's talk, because we're definitely going to get into the market and the customers and the traction and ultimately what got us so excited, you know, at the end of last year to invest. But take us through that actual pivot. You talked about externally, you know, why you decided to, you saw one direction and you said, okay, you know what, actually, if I take the company and the product in a different direction, I'm going to see this immediate, you know, I'm seeing a lot of immediate traction there.

But internally, like what actually happened? Like if you just think about like the tactics of this, you wake up and you tell the team, folks, we're going to change the direction of the company. And this is the product we're going to go into. Did you have to change the team? What sort of happened, at least on the internal side, after you made that pivot? Because that's something so many founders have to go through. So the way that we thought about it or the way that I thought about it was,

Every step kind of felt like a natural progression of the step before. So I actually don't think I remember waking up one day and saying, hey, you know what, we're now a security awareness company. That didn't happen. It actually felt very organic. You know, I make decisions well when I see data. That's kind of the framing through which I view the world. And

When we started selling this new product, we started sort of ideating on, hey, okay, security training for security teams, that's probably going to hit a wall at some point. Where can we expand? We started just running a ton of little experiments around messaging and outbound outside of our existing customers. And we said, okay,

My hypothesis, this is probably not going to work, right? There's a million companies out there. CISOs kind of think this is an unsolvable problem because human risk is, you know, you can't fix the human, which I think is a really terrible framing. And so I sort of said, all right, well, we've got these customers who are willing to give us some money. Let's focus some effort on building that product as cheaply and as quickly as we can.

And then in the meantime, let's just start running some tests. Let's start reaching out via LinkedIn, via email to CISOs and see if we can get any interest. Like, hey, we're going to try this a little differently. And we got a lot of bites that way. Of our first, I think, 20 customers, 80% of them came through cold outbound. You know, it wasn't my network. It wasn't...

people doing us favors, right? Like we had a couple of existing customers who converted, but the vast, vast majority came from us just reaching out. And

I think that was the thing above everything else that made me say, actually, this is cool. Like there is a there there, there's an opportunity here and people are sick of the status quo and they feel like there is a chance for us to build something here that is differentiated and feels unique and feels innovative. And so we just slowly started building

spending more and more of our time on it. And there was a moment, you know, I'd probably say middle of last year, early to middle last year, where we decided as a team, this is going to be our focus now. Like we are spending 80% of our time on

this product, you know, we closed more revenue in the first six months than we did in the past 18 building the original product. And so we, you know, at that point, it was fairly obvious, like, all right, we're going to do this. And, you know, for the team, it really, a few of them came and sort of said to me, like, it kind of didn't feel like a pivot, like it was like,

Someone said to me once, I thought it was kind of interesting. There's like two genres of pivot. There's a market pivot or there's a buyer pivot. And it's hard to do both, but you can do one. We kind of made a buyer pivot, right? Like we are still selling to security. The process is not a million miles away. It's a top-down enterprise sale. But the end user, the experience, the problem that we're solving is just fairly different. And we were kind of lucky. There was like a lot of DNA from pre-sales.

product one that could apply into product two. But yeah, it felt, I think, very natural and we didn't need to make any team replacements or anything like that. And I think that's like where the word pivot just sounds like you're making a hard pivot, right? Where like so many things are changing and it's like you got rid of one team and you got another. In this case, it's more almost a transition, right? Of like, there's a transition of the product, but there's a transition of like

But on the buyer side, they decided, okay, you know what? It's still like this first part, I'm not going to spend that much money on. But the second thing that you're doing, actually, there's budget for this. And now you can tap into that budget. And I think the thing you said that was really interesting and that is differentiated is...

So much of your early traction came from you reaching out cold on LinkedIn and on email. And these aren't just small, you know, SMB customers. This is Disney and Pfizer and, you know, big blue chip customers. Like maybe talk through that a little bit. Like what was sort of different in what you were doing that allowed it to work? A few things that we did, I think, that worked for us and would work for other people is,

We always started from a place of feedback. So in the early days, we didn't have a ton of functionality to the product. We had a lot of wireframes. We had some basic things that we could demo. And we were very upfront about that. We weren't saying, hey, we are going to come in and solve all of your problems. We came in and said, hey, security awareness training sucks. You probably hate what you're doing.

we've taken this approach that is a little bit different. We'd love to show it to you. We'd love to hear if the approach resonates with you. Jeff, 15 minutes. And I will die on the hill that a cold email is the highest reward to risk ratio proposition that you will ever encounter as a founder. It costs you literally as close to nothing as it can cost you, right? Some time and some thoughtfulness around who you reach out to and how you reach out.

And the worst that can happen is they ignore you. And, you know, maybe if you reach out to them a year later, they respond, but they'll have forgotten about the first one. So there's zero reputational risk, really, if you do a thoughtful one. And, but the potential upside is so high. So we really leaned into that. Just try it. Yeah, but as I say, I think coming at it from a place of, we want your feedback. We are not telling you that this is going to solve all of your problems. Coming at it from a place of,

like the open secret that in this space, there's a bunch of issues. And, you know, hey, we are thinking about how to solve this and where we're being innovative. I also think tactically, if you frame yourself as earlier than you are, that can help. Even now, we send stuff from my...

in the university alumni email address. And, you know, we try things where we say, hey, you know, we're a team of, you know, we recently founded a company, even though the company's been around a year. I just think for having that framing of like, we are early gives you two things, especially for C-levels at big companies. One is it puts them a little bit more at ease. It feels like, hey, I'm not just going to get, you know, pitch slapped by this, you know, dumb company that I get 400 of these every day.

And then the second thing is a lot of these big C-levels love the idea of paying it forward and helping startups. Some of them might become investors. Some of ours did become investors. You know, some of them might want to

help connect you with VCs that they're connected with. So there is this idea of a rising tide lifts all boats that I think, you know, we were able to capitalize on as well. And I think also you approaching this with a level of humility that I think is really important too, right? It's not this idea of, hey, buy us and we're going to solve all your human risk problems, right? It's like, we are the greatest, you know, security training tool. It's not like, hey, we have a different approach. Right?

Why don't you try us out or I'll at least get on the phone and talk to you about it. And we've had this success and you can just sort of build on top of that. And I think that's great. By the way, it's probably the first time I've heard pitch slapped. I didn't come up with that. I was going to say it's very good. I'm not sure if we're going to be able to use it or not. Hopefully we can. But I think one note, one thing you noted there is really important, which is

This is a space that's been around for a long time, right? As you say, at a certain size, you need to have some level of security awareness training products inside of your organization. Now, the vast majority of them today are very much check the box and it's not a great experience. I'm sure 90% of the people who are listening or watching this podcast have kind of gone through that. Now,

I'd love to hear how you all and how Anagram thinks about standing out in this space. Because you sort of, you know, we've talked about this. There's almost two sets of competitors. One is 100%.

all these new age sort of AI forward companies, many of which are getting venture funded. And a lot of them have been out there for the last few years. And then there's this one giant behemoth, right, in Noble Forward, which has been around probably the first one in this space and is sort of the 800 pound gorilla in this market. For a product and a company that's only been around for a couple of years,

How do you think about how Anagram competes in the spaces? Do you think about all of these? Do you think about this side more? You know, walk us through like the competitive side and how you compete and find success. So I think for what we do, it is a fairly commoditized space. There's a lot of startups. There's a lot of incumbents. There is really one massive incumbent, which is Nobifor. And they've kind of, they've built a machine. Like I've got to give

I've got to give them credit because they have managed to dominate the industry. When we go into these enterprise companies, nine times out of 10, we're competing with Nobifor. All stuff they built internally. But it's unusual, I think, to see a space within security where so few of the incumbents of the big customers are using a startup as a solution. When we go up for these customers,

we're very rarely competing against the startups. We're usually competing against Novo4, sometimes a company like ApprovePoint, like an email security platform that has some training built into it. And then the startups who are doing the AI solution, you know, we run into them a little bit more at the mid-market, sort of, you know, maybe 500 to 1,000, 1,500 employees. We learned quite quickly that our bread and butter is the big enterprise. You know, we found that we can serve

you know, 1000, 2000 person companies pretty well. But those processes tend to be, you know, very competitive, you're going against all these other AI driven companies, there's a lot more shininess. And you're also going up against a team that you're selling to a persona who's got a lot more, a lot more going on in the sense that there is typically one person, maybe it's a CISO, often it's not even a CISO, it might be a director of IT, who is

is in charge of, he's wearing 17,000 hats and security awareness is one of those hats. And so they just need to get something in, check the box, get it done as quickly and as cheaply as possible. And

that's not really the company that we're going after. You know, what we've realized is that these big enterprises who have the biggest risk surface because they're dealing with 10,000, 20,000, you know, in our bigger customers cases, 400, 500,000 employees, they have to think about this with a level, a bit more sophistication. They have to think about how do we target training to different parts of the org? How do we customize what people get?

you know, we deal with a lot of companies who have manufacturing facilities and those workers are hourly. And so for them, training that is 45 minutes long versus 15 minutes long, all of a sudden... An hour of day. Right, exactly. Yeah. If you take 10,000 manufacturing workers times that by 30 minutes, that's 300,000 minutes. I think I did the math right there. It's a lot of time. Yeah, it's a lot of time. Yeah.

But it's interesting because what we've learned quite quickly is that that is our bread and butter. Those are the programs where we can go in and show ROI really, really quickly. And so that's where we focused. In terms of how we've looked at it from a product perspective, I think if you look at the incumbents, we're all familiar with that product. It's, as I say, it checks a box, but it doesn't lead to behavior change. And I think the big problem in this space and the reason you're seeing a lot of startups in this space is that

CISOs have realized this training doesn't really do anything. It is a thing that we have to do because our compliance framework says we have to do it, but that's kind of as far as it goes. And the analogy I've started to use is if we taught kids, if we taught school-age kids

the way that we expect adults to learn security awareness. Within like two weeks, there would be protests in the streets about like, we can't, you know, we're not going to like let our kids just sit in front of a screen and then take a comprehension quiz like that doesn't actually teach. And it doesn't teach you anything, right? Like there's such a, there's been so much research on how companies teach

how behavior change works at scale and how education can work at scale, not from security companies, but from companies like Duolingo, from companies like TikTok. And, you know, you need to incorporate those kinds of technologies and techniques into awareness training. So, you know, the big incumbents don't do that. And then even the smaller, you know, startups that are very AI forward and they say, hey, we're going to take the phishing simulations that you do and we're going to let them be AI generated or, you know,

We're going to have AI-generated videos. Again, there's some value there, but it's kind of, to me, the lowest hanging answer to the question, how do we incorporate AI into this training? And I just feel like if you put someone in to give them three minutes and say, hey, how do I incorporate AI into awareness training? That's what they would come up with. So what we're trying to do is go one level deeper and look at the workflows that our users are engaging with day to day and figure out how do we insert AI

behavior change training into those workflows. And I think that's something that no one's really doing right now. At the end of the day, for most of these customers, they would like to drive behavior change, right? It's very hard to do because we're used to the way we do things at work, right? And so being able to show, especially at these big enterprises, can you drive behavior change or what leads to behavior change to make your environment more secure is so important. And so the...

I would say that one of the things that attracted us to Anagram was taking this enterprise first approach, right? Like a lot of companies will go say, hey, you know, let me start with a small customer and kind of work my way up versus just going, no, Disney has a complex environment and that complexity is what's going to make our product shine.

A lot of founders listen to this podcast. What advice do you have for other founders that are trying to break into the enterprise? Because enterprise is not easy, right? And these large companies are not easy. So what's sort of the things that you found are successful for Anagram that you think might be relatable for other founders? So I think within the enterprise, you really have to put in the time understanding how

their business works. It becomes a much more of a consultative sale than a prescriptive sale because every enterprise is its own beast. There are power dynamics at play that you will not get a sense for until you've spent real time with them.

And what we started to do that is showing a good amount of promises is look for a specific problem that we can solve. Right. If you use, let's take J&J or Kenview or Disney as an example, they have such a huge number of challenges that if you try and say, hey, we're going to solve everything day one.

Yeah, first of all, they're not going to believe you. Second of all, if you're a company at our stage, second of all, they are the number of people who would have to buy in for you to go and solve all of those problems is probably in the dozens.

Not always, but oftentimes. And there's different departments who might need to buy in, you know, and not even talking about budgeting yet or dollar amounts, just the sheer complexity of the sale goes up so quickly. So what we've tried to do is really focus on specific areas where we can improve. So...

It might be training people who click on efficient emails a lot. It might be doing a little bit more targeted training to certain parts of the world. But this like land and expand motion, I think works really, really well within those enterprises because you get the chance to build some of that trust and you get in the door a little bit quicker. You know, your contract size won't be that big initially, but yeah.

our mission is to build trust and to get them to enjoy working with us and that unlocks volumes I would say in terms of abilities to expand. Also social proof, right? I think once you're in one of them, you

You can then kind of name drop that one. And then all of a sudden, you know, you get a little bit of the FOMO among the enterprise, which is always nice. Yeah, well, don't, you know, you should be less humble about it. It's not easy to break into these companies in the first place and then expand. But as you say, if you can get your foot in the door, you know, you have a good starting point that can give you a lot of leverage to move across the organization. Let's switch gears here a little bit to fundraising.

Tell us a little bit about the fundraising journey. And I guess I'll put you on the spot a little bit. You weren't really fundraising when we talked. And so why did you even take the call and give us a little bit about that experience? Yeah, we weren't fundraising when I first met you. I think we had planned to fundraise kind of around now, like March, April, May, I guess we're in June of 2025. And

you know, sort of end of 2024, when we got introduced, I was really just in the early stages of saying, okay, I probably need to get my reps in, you know, fundraising. And I remember this from my time as a VC, you know, we used to give this coaching to our founders, like fundraising is like a muscle. And you just have to remember how to talk about your business, how to, you know, what are the common questions that come up? What are some of the big things that

You're going to have to answer who are your competitive set? How are they fundraised? And there's a lot of prep work that I think goes into a good fundraising process. And so this was going to be the very, very early stages of

that process for me. I, you know, we got connected through my little brother of all people. You owe him a nice Christmas present. Yeah, exactly. And he, you know, he was like, oh, you know, I know these guys at Madrona, they seem really smart. You know, do you want to have a chat? I said, yeah, you know, I'll get some, you know, get some practice swings in. And yeah, you know, we, I think

On our side, we were at a fairly good position because we had had a lot of momentum. We'd closed a lot of contracts. We were, you know, we were, we were and are growing pretty well. But I was just really surprised. I loved the conversation that we had. And, you know, you asked really good questions. I, you know, also fundamentally believe that

And I hate the cliche, but fundraising is kind of like a marriage. Like this is a long term partnership, right? This is not, oh, they're going to write a check and then disappear. This is, you're going to be seeing these people or speaking to these people like multiple times a month or, you know, once a quarter in a board meeting or whatever it is. And so you need to, you need to get along both on a,

you know, professional level, obviously, and have a shared vision for the company. But also you need to just like want to spend time with them and trust, you know, that you can be honest with them and have these conversations. Like life's too short to have a, you know, friction like that. And yeah, as I said, I just, you know, not to,

you know, big you up too much on your own podcast. We'll take it. But I just thought it was a really great, you know, a really great conversation. You know, I look, the feeling is mutual. And I think for us, we had looked at a number of companies in this space, but I feel like the approach you were taking and Angram was taking, but also your authenticity, right? Outside of

just having a very interesting approach in this space, it's like, are you the kind of founder or the kind of person that's going to be able to make changes when the market throws a million things at you, right? And like, it takes time to suss that out. And I know we had, I remember we spent half a day in New York and went for dinner. And those are the kind of things that I think get us really excited. Like great traction and customers is important, but ultimately so much of the company is defined by the founder itself.

in the early stages. And I think, you know, getting to those things and is really important. And I think the other underappreciated part is that when you already have a great group of investors, like in your case, we already had, you know, Bloomberg beta and GC and you had, you know, you, you want to have someone who also can probably fit into that board dynamic while also challenging you in, in certain ways. And I think like you've been very lucky to have a great set of investors. I'm not talking about ourselves, but even your other investors. And so it's been,

fun to be part of that dynamic in that group. If you were to give advice to founders about fundraising and choosing a partner for the long term, like what are one or two things that you would maybe that they don't hear as much or there are one or two pieces of advice you'd give us after having gone through this process? I would say the biggest thing is choosing someone who you get along with. To me,

that is far and away the most important piece because, you know, I don't, and this isn't the same case for every, every CEO, but I, I, you know, really value collaboration and I really enjoy hearing other people's ideas. Like, you know, I think of myself as like a sponge and I might take in all the information and then just ring it out and ignore all of it, but I love absorbing it. And so I need someone who I can listen to and who I'm going to, you know,

care about their opinion. And I think if you are, if you are someone who always thinks that you're the smartest person in the room, if you're someone who's always going to want, you know, has to get the last word in edgewise, you're just gonna like, like, I just know myself and I know that I'm going to start dismissing what that person says or take it with a grain of salt. And so for me, you know, I was really solving for that. Like, who is this person who is going to be a thought partner? Because ultimately there is

You also have to, as a founder, know where to take the advice and where not to take the advice. VCs are great, and we have been very lucky. We have a really good batch, but they are backseat builders. They are not there in the trenches. They don't see what's happening day to day. So you, as a founder, have to make the call ultimately

But you need someone who is going to have that little bit of humility on the VC side and say, look, I know that I am not necessarily the best person to answer this question. You're the best person to answer this question and kind of trust you with that vision. Like, again, being a VC, I think I saw this happen in a positive, constructive way. And I saw this happen in very negative ways where board meetings were just sort of this...

thing that, you know, people, the founder and even some of the VCs dreaded because they knew there was going to be like conflicting egos. And it's uselessly destructive because it doesn't contribute to building the business. It doesn't contribute to a good relationship between these, you know, people who are spending a ton of time and are really invested in each other's success.

So, yeah, as I say, for me, it's a soft answer, but I think that interpersonal connection is massively important. That totally makes sense. And let's end with a couple of rapid fire questions here. So outside of fundraising, if you could provide founders with one piece of advice, what would it be? Send more cold emails than you think you should. Love that.

Okay, send more cold emails. You know, and also, I think you probably learned some of this skill as a VC too, right? This is what we do all day. And you know, one, let's talk about hiring for a second. What lessons have you learned around hiring, especially when it comes to the kind of talent you want to get at the stage that Anagram's at?

This is a longer answer for a quickfire question, but it's difficult to get talent that can scale at any stage of a company. What is a good fit for someone when you are two, three, four, five people?

might not be a good fit when you are 10, 11, 12, 13 people, which might not be a good fit when you're 25, 30 or 50 or 100. And so always being cognizant of, is this the right blend of talent that I need for my team at the stage of this company? And then a lesson that I have learned and a mistake that I've made that I've, you know, I'm trying to internalize and continue to get better at is not letting people

bad hires or mistaken hires drag out. So making those decisions quickly. And I say that not in a, you know, kind of, oh, let's just be cruel and callous about it and just hire and fire everyone and kind of create because that's really bad for the culture. But there genuinely is, for most people, a stage of company where they will shine and a stage of company where they will not. And we've hired a couple of times people who

I think would be really great fits for companies where there was a little bit more infrastructure. And maybe if the company was 50 or 100 or 1000 people, they would be a really, really strong A level player

But when you're five people, when you're 10 people, there's just so much ambiguity and so much comfort that you need to be able to do without that just didn't really, you know, it just wasn't the right fit for them or for us, right? It's not really fair for them to be, you know, wasting their talent at a place like us. And it's not really fair for us to be bringing them in where we don't, you know, they're not contributing what they could be, right? So

I think making decisions quickly, also smaller point, hire more junior than you think, you know, especially at the earlier stages, like someone who is earlier in their career, maybe or not as experienced, but really hungry and learns really quickly.

I will take that 10 out of 10 times with someone with a bit more experience who's maybe coasting. Yeah, in fact, it feels like we've actually had more success in that type of hiring and watching those people grow and do all the like tactical, you know, sort of get in the mud working versus bringing in someone senior. There's a time for that. But I think, as you say, like for seed series A, early stage companies, that kind of role makes a lot of sense.

Last question for you, Harley. Looking out five years, where do you see this market and where do you see Anagram? I think that the current incarnation of security training disappears. I think it has to. One of the nice things about the way the current compliance frameworks are written is that they're actually very vague. They just say, well, you have to train your employees annually on security relevant to their jobs.

That's pretty vague. And what that has meant so far is we've done the lowest hanging fruit, like, okay, well, we're going to give employees annual training about security and it doesn't work. And I think that as AI attacks become more sophisticated, so as these emails that phishing farms can create become more personalized, become higher quality, become more relevant, the email security platforms are going to struggle to

detect that as effectively and struggle to prevent those from landing in employees' inboxes. I think we'll see it with AI language models and these tools that we're using, even companies that are banning them outright. They're still getting a ton of data leaked into them because employees are just putting it in on their phone or taking a screenshot of the code and loading it into chat GPT. And these are all stories that I've heard. And AI is just this kind of

massive tailwind towards the humans needing to become better at detecting and preventing this, these security breaches, right? Already humans are accounts accounts are 70, 80% of the number of breaches that big enterprises face.

I think that number is just going to get higher and higher and higher because the tools that attackers use get more and more sophisticated. And so the only way that we can solve that is to actually create behavior change and actually impact the way that users think about security. And for us, as I say, annual training is not a way to do that. And so that's where we are really focused on

innovating in terms of both the simulations and the tests that you can use to train your employees, the format of the training itself, and then also ultimately the workflows and getting into those workflows and pointing them in the right direction. Awesome. Well, Harley, this has been great. We're so excited to be on this journey with you. It's a pleasure to have hosted you here and I'm excited for everything to do in the future. So thank you again, Harley. Awesome. Thank you for having me. Awesome.