Joe Levy: Scaling Sophos to $1B+ revenue and defending the 350M overlooked businesses
Download MP3Welcome to Inside the Network. I'm Sid Trivedi.
Ross Haleliuk:I am Ross Haleliuk.
Mahendra Ramsinghani:And I am Mahindra Ramsinghani. We have spent decades building, investing, and researching cybersecurity companies.
Sid Trivedi:On this podcast, we invite you to join us inside the network where we bring the best founders, operators, and investors building the future of cyber.
Ross Haleliuk:We will talk about the hard parts of the founder journey, launching companies, getting to product market fit, raising capital, and scaling to an exit. And, yes, we will also be talking about epic failures.
Sid Trivedi:But Mahendra, we're here to make the founder journey easier.
Ross Haleliuk:That is correct, Sid. But we cannot make it too much easier because startups are hard, and, of course, you already knew that. Alright, YouTube. Enough. Let's get started with this week's episode.
Mahendra Ramsinghani:Today, we are excited to sit down with Joe Levy, CEO of Sophos. Sophos is a 40 old company that has now quietly become one of the most important players in cybersecurity globally. Under Joe's leadership, Sophos has scaled to serving over 500,000 customers worldwide and generating upwards of a billion dollars in revenue. Throughout his career, Joe has operated with the founder's mindset, thinking in bets, building great teams, spotting technical and market inflection points, and executing with long term discipline. A great example is Sophos' recent $800,000,000 acquisition of Dell SecureWorks, which added over a thousand new team members and significantly expanded Sophos' managed detection response and extended detection response capabilities.
Mahendra Ramsinghani:Today's session is an exciting master class on how a technically astute CEO like Joe navigates demanding customers, engages positively with private equity giants like Thoma Bravo, partners with MSPs globally, all the while building a culture of vulnerability based trust. One of the most insightful statistics Joe and his team at Sophos have highlighted is that there are over 350,000,000 businesses worldwide. Let me repeat. 350,000,000 businesses worldwide. And a very, very small percentage of these companies have a CISO.
Mahendra Ramsinghani:As Joe shares, his team at Sophos are working very hard to protect the rest of the companies that do not have a CISO. Find out how Joe is leading this charge at Sophos.
Sid Trivedi:Hey, Joe. Welcome to Inside the Network.
Joe Levy:Hey, Sid. It's great to join you guys.
Sid Trivedi:We're so so excited to have you on. You know, we're gonna talk about a couple of things. We'll start with talking about your foundations and your early inspirations well before Sophos and Blue Coat and, you know, a whole bunch of other companies that that you've been part of. But you've been in cyber for over twenty five years. Could you share a little bit about your early childhood?
Sid Trivedi:What were the moments that sparked your interest in tech and and cyber when you were younger?
Joe Levy:So as my mom would tell the story from about the time that I was able to walk, I started taking things apart in the house. And that's pretty much been a defining personality trait for me. I've always been interested in how do things work, how do you break them, how do you put them back together. And and that carried forward to my teens, and I was fortunate. I had a generous uncle who bought us a home computer, and I wanted video games.
Joe Levy:And they were expensive at the time, I wanted to learn how to write my own video games. And and I wrote to Atari, and they sent me some developer manuals, I I learned how to program. I also learned how to break copy protection, how to run a pirate BBS, how to do a variety of other things that I probably shouldn't have been go doing, accessing dial up systems at the time, that that sort of thing. And it was all very, very curious and new and interesting, and and there there wasn't, like, a good understanding of, like, were you breaking laws when you're doing this stuff? So that that kinda set the tone for my my interest.
Joe Levy:And I knew I wanted to do that for the rest of my life, but I just didn't know the path to get there until later on.
Sid Trivedi:And and just tell us a little bit about where you grew up.
Joe Levy:So I grew up in Queens, New York. I lived there until I was about 17 years old. And then I followed a girl out to Utah, and, she left. I stayed. I've been here ever since.
Sid Trivedi:So awesome. Makes it relatively simple.
Ross Haleliuk:Joe, usually when we talk to CTOs, we expect them to be, you know, to have computer science or engineering backgrounds. Now many might not know this, but you studied English at Queen's College. How did an English major end up in CTO roles in some of the biggest cybersecurity companies out there?
Joe Levy:So no surprise. I get that question a lot. I actually I started as as a CS major, and and I had this frustrating plagiarism accusation incident on an assignment that we were working on in a class where I was helping out a friend of mine. And and I decided that the simplest resolution to the problem would be to just change majors. And and that that was, it was a bit of a dodge on my part.
Joe Levy:I knew that English would be a lot easier. Plus, I I've always been a big reader. I've always loved literature. I've always loved writing. So it just seemed like something that would provide general utility and a much, much easier path through college.
Joe Levy:Maybe not the best decision at the time, but I I think it turned out okay. I've never stopped being hands on with tech though. Up until recently, I was, of course, in a technical role. Earlier in my career, I had my dream job of working at RadioShack or in my in my early twenties, And this is back when they were still a hobbyist shop, and it was a technology store and not a mobile phone store. So that that was, like, a wonderful chapter in in my professional life.
Joe Levy:And then in the mid nineties, I got really lucky, and, I met some folks who were running an early network focused value added reseller here in Utah. They were a Novell platinum reseller, just to date things here, you know, no Novell binary. Like, they they were just going to NDS with four one one, that sort of thing. Started building out networks, did a lot of the physical cabling around the valley here in Utah. And, that that also was my opening into a security practice.
Joe Levy:Like, were installing Trumpet Winsock TCP IP stacks on Windows three one one machines, and I'm like, we're just connecting these things to the Internet. That's probably a bad idea. So I I I developed a firewall on Linux and it was like the two zero three four kernel at the time, wrote a management interface for reporting interface, that sort of thing. Sold like hotcakes And and I was hooked at that point that that it was at that moment that I knew this is what I wanna do with the rest of my career.
Mahendra Ramsinghani:Joe, as someone who has studied English literature and enjoys reading, give us a sneak preview of, what's on your bookshelf, What do you enjoy reading? Which are some of the authors that have impacted you most? And I know that Ross and I may not feature on that list, both
Ross Haleliuk:of us published authors. But still, what do you have on your bookshelf?
Joe Levy:So it's out of the frame in the camera here, but I've actually got a few bookshelves behind me. And, one of the bookshelves is my daughter's bookshelf. It's a it's a series of books that I maintain for her, and and they've all got inscriptions in them from me. And they were all books that have just profoundly influenced me in my thinking. And and they're wide ranging, so I I'm I'm happy to share the list with you after we get through the recording here.
Joe Levy:But but in general, as it pertains to business, the books that have really influenced my thinking, when I was first getting into a leadership position earlier in the the early two thousands while I was at SonicWall, I was introduced to, Pat Lancione, and he's probably best known for five dysfunctions of a team, five temptations of a CEO. A lot of the principles that I learned then have stuck with me. And in fact, recently, we we've just done a workshop here at Sophos, with the table group, learning and practicing some of the Elencioni methods, which I think are some of the best in business, and I encourage everyone to have a look if if you're not already familiar. I'd also say I'm a bit of a physics geek, and I I have this kind of a an adoration for physicists. And a lot of the internal projects that we do here at Sophos are actually named after physicists like Project Maxwell, for example, which is a recent one that we're working on.
Joe Levy:But Richard Feynman, the Feynman technique, where you basically, you learn through explanation of concepts as if you were trying to teach a child. And I guess you could think of this as like the original ELI five, explain like I'm five. But but the method works very, very well both for me as well as for ensuring that we've got good clarity across the direction that the business is gonna be following.
Ross Haleliuk:You know, that's my favorite prompt, Joe, when I use Grock or Chad GPT. Like, talk to me like I'm five. And my wife, of course, says, I've always been talking to you like I'm like you're five.
Joe Levy:So That's great.
Sid Trivedi:Well, Joe, let's talk a little bit about kind of that early career journey. And you've held several CTO positions. You've held a CTO position at SonicWall. You mentioned at Bluecoat. And you've even helped lead startup roles on the technical side at Solar Networks right through the acquisition.
Sid Trivedi:What were some of the pivotal decision points in your career path as you kind of move towards that CTO function? And were there reasons behind why you jumped between an established company and a start up and then back to establish, or were there certain career gambles that you took?
Joe Levy:That's a great question. And, what I'd say here is that in my youth, I was much less patient than I am now. And I think I'm an example of what I would call the paradox of patience. We we have less of it when we're young and more of it as we get older. And that really just comes down to, like, what are you optimizing for?
Joe Levy:Are you optimizing for upside risk or downside risk? And and I think my life sort of reflects that recalibration, including a lot of the career decisions that I've made. When I left SonicWall, it was like 2007 or 02/2008. I left as an employee, but I actually remained as a contractor through to 2013. I wanted to have my cake and eat it too.
Joe Levy:Loved the technology. Loved the team. Wanted to continue to work with them. But I fundamentally decided to leave the CTO position because of the innovator's dilemma. And, you know, just to recap the concept of the innovator's dilemma, it's it's basically this notion of a treadmill of innovation that gets driven by ROI, where the larger and more successful a company is, the greater their incentive is to continue to invest every dollar they have into their incumbent business to the point of exclusion of anything new and any kind of new innovation.
Joe Levy:And at the time, we we were just in the early stages of the journey into virtualization and into the cloud, like AWS was just getting started. And and I I really wanted to be part of that. So I I made what I thought was this very impassioned plea to the rest of the leadership team and the board to make an investment in security technology in this new domain, and, the timing just didn't work out. And I I fundamentally attribute that decision to the innovator's dilemma. That that was one of my first learnings about, like, the practical implications of what the book actually meant.
Joe Levy:So I decided I was gonna go do something that was interesting to me. I wanted to combine deep packet inspection and indexing flows using DPI and TLS decryption and combine that with, data carving technologies that existed for host based forensics. Like, there there were these open source tools like Foremost and Scalpel, and the concept was can you apply this to a network flow? And the answer is yes. And we we built Solara Networks and that became one of the first security analytics companies that was subsequently acquired by Blue Coat.
Joe Levy:Fundamentally believe that there are no bad choices. I I believe that everything happens for a reason. I I subscribe to, I guess, what would be the Buddhist philosophy encoded in the story of the Chinese farmer. You know, once upon a time, there was a Chinese farmer whose horse ran away by Alan Watts. If you're not familiar with it, just look it up.
Joe Levy:It's a great kind of metaphor for life. And I just think that life is short, so bet big on things that you believe are gonna make a real difference.
Sid Trivedi:Were there any specific gambles that you look at today and you say, wow. That was, I would not have made that decision today?
Joe Levy:There there are a number of them where you you look back and you begin to second guess yourself. And and sometimes they're attached to financial outcomes. Sometimes they're attached to the teams that you end up aligning yourself with. But but again, I I I don't believe in in regret, and I don't believe in hand wringing about that sort of thing. I believe you take everything in stride.
Joe Levy:And if things didn't work out the way that you wanted them to at the start, you take that as a learning lesson.
Ross Haleliuk:And now talking about lessons, are there any of the early lessons from your earlier, years in the career as a CTO that you would, sort of, share with founders or or people who are maybe now, making those decisions or considering to make those hard decisions?
Joe Levy:Decisions within the the CTO level itself or decisions through migration in the career?
Ross Haleliuk:Decisions through migrating careers, decisions through taking risks and deciding to do something that they haven't done before.
Joe Levy:Yeah. My my appetite for risk is, I wouldn't call it, ravenous, but it's significant. And, I I think that when it when it does come to a retrospective in general, it's easier to regret things that you didn't do rather than things that you did do. So, I I I generally encourage people to do what I do, that is lean in on these sorts of things.
Ross Haleliuk:It does make sense. After nearly a decade as a Sophos CTO, you took the CEO role back in in May 2024. How did you prepare yourself to make this move from a purely technologically focused leadership position into the CEO position? And also now that you're one year in, what are some of the biggest changes in how you make decisions? And, also, what do you get to worry about day to day?
Joe Levy:Yeah. Well, it's been a very interesting year for sure. And and what I would say is that the move happened in increments for me. It it wasn't just a big bang transformation. And and that, of course, makes sense at this scale that there there would need to be an incremental progression toward this.
Joe Levy:So I think I would take this back to about the 2017 time frame when I began pitching the idea of MDR, managed detection response to the business. And at the time, Sophos was a very well established endpoint security company, network security company, but we we didn't have anything operating in the way of security services. So we spent a lot of time through 2017 going through the rationalization, the business planning, ensuring that we can manage any kind of channel conflict that we have with our 25,000 global channel partners, thinking through what the go to market transformation requirement would need to look like, talking about the the new kind of finance model that would accompany how do you build and scale a security business, security business, went through a build buy analysis, went through the process of m and a, and there were a series of acquisitions that we did to to build the MBR business, including most recently SecureWorks, of course, and spent most of 2017, a lot of 2018 doing that. And then we actually did the acquisitions and the integration work at the start of 2019. And I would say it was that experience that that was, first of all, really transformative for Sophos.
Joe Levy:It changed the the personality and the identity of the company, but it was also transformative for me. And then when the opportunity presented itself about a year ago for me to step into the CEO role, honestly, it wasn't something that I had ever intended to do within my career. I I was very, very happy and satisfied doing what I was doing. But I knew that it would be something that I would regret if I didn't take the opportunity to do it, so I had a leap at it, even with the understanding that it was fundamentally going to change my life. And it has, and and I'm thrilled.
Joe Levy:It's it's been one of the best decisions I've ever made. I am having the best time that that I've had throughout my entire career. Having the opportunity to learn at this kind of pace and this kind of scale has been absolutely amazing. And and the one thing that really surprised me the most was the amount of energy that I I have to spend every day on emotional regulation. And and I I've I've thought long and hard about this, like, what's different in my life now?
Joe Levy:It really does come down to this, the amount of energy spent on emotional regulation. And that means my own, my teams, my boards, and, that that's the most stark difference for me.
Ross Haleliuk:Joe, you make it sound very easy. You make it sound like going from from the CTO to CEO, nothing really changes. It's all super easy. Talk to us about the hard parts. Come on.
Ross Haleliuk:We need a story. Share share something that is hard or something that surprised you in a way that you didn't anticipated.
Joe Levy:Yeah. It it would be attached to that last point that I made. We are people. We work with people. Some of the biggest challenges that we have are not architectural decisions on technologies or how do you invest a dollar in your your marketing activities or how do you structure a commission and a compensation plan for your sales and your renewals organizations.
Joe Levy:Those are hard problems, but but they can generally be solved through a data driven approach. While I don't believe in management by consensus, it's often easier to reach a consensus in those sorts of decisions than it is in decisions that involve people and decisions that you need to make that affect the the careers and the the development opportunities of individuals. And sometimes you are confronted with very, very difficult decisions, whether it's making a small scale organizational change and a change in the leadership of a team, or whether it's something at a much, much larger scale, like if a company has to go through a restructuring, for example. And we know that under the current financial climate, it's not uncommon for organizations to have to go through restructurings. It could be a 5% reduction, a 10% reduction.
Joe Levy:And and these are really the most difficult parts of the business. And it's never easy to make these kinds of hard choices even if you fundamentally believe it's in the best interest of the business.
Ross Haleliuk:So, Joe, you know, hearing you talk about pitching MDR in 2017 to now when we look at where Sophos MDR is, you know, Grid, Gartner, You know, everybody's ranking your MDR solutions in one of the best quarter. And so, you know, congratulations on that journey. It clearly didn't happen overnight, but I'm sure a lot has happened behind the scenes. One question that I wanted to just double click on was your transition from CTO to CEO. Clearly, it is it is not as easy.
Ross Haleliuk:You once made a LinkedIn comment, which had over 1,300 positive responses where you say, people often ask me, what's the hardest part of moving from CTO to CEO? And you have to say, I can't blame it on DNS anymore. So but what is your advice to the founders, especially in the cybersecurity domain? There are so many of them who come from technical backgrounds, and so many of them aspire to get into the CEO role. You know, what is your advice to them, and how would you mentor somebody who is trying to follow that arc?
Joe Levy:So I still run a full lab infrastructure in my home, and I actually was having an issue with my own DNS server that day, that's what prompted that post. But it's funny. I'm I'm just getting back from about a six week tour where we, we traveled the globe doing partner conferences and sales kickoffs in our three primary theaters, Americas, APJ, and EMEA. And I was having a meeting with one of our partners, and it was a partner that I was meeting for the first time. And it was a new leadership team that had just come in.
Joe Levy:We've done business with them for a long time, but it was a new team. So I'm I'm meeting the the the leadership team for the first time. And I remember we were having a conversation about some technical detail about the integration of the Tejas platform from SecureWorks into Sophos Central. And I I answered the question, and he said, well, you're just the business guy. I would wanna talk to the technical guys about this.
Joe Levy:And I'm like, yes. I have arrived. Like, it was like this important, like, transformational moment for me when I heard that, and then I explained to him. He's like, oh, okay. Fine.
Joe Levy:Maybe you do know what you're talking about. But what I would say is different is just the the amount of delegation that you have to do when you you move into a new position within an organization, especially at this level. I'm fortunate that I have a really amazing leadership team that I am able to delegate to with full confidence. Now now, like I said, I I still stay close to the technology. Like, I I still maintain an environment that that I operate with, got AWS and Azure accounts that I play with.
Joe Levy:I I still participate in a lot of our technical and architectural work that we do. That's more of a a selfish interest than anything else. Like, I I'm just I'm genuinely interested in that sort of thing. But I have to relinquish ownership because I'm not the tech leader anymore. I have tech leaders now.
Joe Levy:And it's critical that I demonstrate the trust and the confidence that I have in my team. And and that would probably be my advice right there, that that you have to get comfortable giving up control within your business, but you can and you should keep swinging a hammer on your own time. Just understand what that division looks like.
Ross Haleliuk:Also, Joe, you know, Sophos is backed by Tomah Bravo, you know, one of the largest private equity firms that is out there. You know, clearly, when they look at your leadership and your, you know, operating KPIs, if you will, I'm guessing it is not an easy task because you have a very demanding partner there. You know? For for some of the technical founders, you know, you talked about emotional regulation. You talked about Patrick Lencioni's work around the dysfunction of a team.
Ross Haleliuk:What are one or two things that you would tell a technical founder that they should not do when they step into a CEO's role?
Joe Levy:Oh my gosh. Particular to private equity or in general?
Ross Haleliuk:In general.
Joe Levy:Okay. Well, probably, well, first of all, let me let me address the the the category of private equity because I think it's an important one. It comes up frequently in cybersecurity. People who know me know that I spend way too much time on Reddit. And if if you read Reddit, the zeitgeist tends to trend negative toward private equity.
Joe Levy:Like, anytime there's private equity acquisition, the response is, oh my god. This this is where good technology goes to die and that sort of thing. I just I wanna get on a soapbox for a second. I wanna disabuse people of of that perception around private equity. Now this is my third time working with Tomo Bravo.
Joe Levy:I I work with them through SonicWall, through Blue Coat, and now here at Sophos. And and I I have a tremendous respect for them, and and they they don't pay me to say that, like, it's legit. And, and frankly, I'm I'm grateful for the faith that they placed in me as a first time CEO with this size of responsibility. So the first thing that I would say, in our experience, we have invested a lot in our secure software development life cycle practices, the funding that we have for our bug bounty program that we've been running for many, many years, the investment that we made in hardening our technologies and our architectures since the time of the take private by Tomo Bravo. And and I know that some of your listeners maybe read the Pacific Rim disclosures that we made a few months back.
Joe Levy:That was, in summary, it was about a five year engagement with nation state actors from China who are attacking our firewalls in in our customers' environments. And Tomo Bravo, they they were very, interested in the details of what was going on. But but the question that they kept asking us again is, like, what can we do to make this get better faster? How can we spend more money to just accelerate the improvement so that we can get to the other side of this? Which I which I think is a wonderful kind of an attitude for an investor to have and probably very different from what the perception most people, would would hold of private equity to be.
Joe Levy:The next thing that I'd say about private equity is that private equity is not a monolith. And, you know, just in general, like, beware of over generalizations. Some private equity operators deserve the reputation they have, but some actually care about value creation, and they put their money where their mouth is. They're also not a nonprofit, and and they need exits. So as they say about a healthy transaction, companies aren't bought, they're sold.
Joe Levy:And and that fundamentally, I think, what drives the design decisions. Like Tomo Bravo, they have a reputation and and their success depends on ensuring that they're helping companies to grow and thrive after they exit. So it needs to be successful on the other side, which means that you can't have this over optimization for the short term at the expense of the longevity of the business and and the overall operation. So that that's my soapbox on on private equity. And then what what I would say in general for any kind of a leadership ownership structure, whether it's private equity, venture, public, just make sure that you maintain a single team unit with you and your board, you and your investors.
Joe Levy:The moment you get into this kind of emotional us and them situation where there's a side taking that's occurring or a finger pointing that's happening within the business, that's toxic. And you you you gotta see that coming from a mile away, and you gotta make sure that you're preventing it from happening.
Sid Trivedi:Well, let's talk a little bit about Sophos and scaling and innovating at Sophos. And, you know, as I was listening to both Ross and Mahendra ask you questions of your transition from CTO to CEO, was it allowed me to take a trip down memory lane, and I went back through our text exchanges over the years, Joe. I went back to Feb twenty twenty four when you got the acting CEO role and the message I sent to you, which was basically like, this is a long time coming. That was the TLDR on that message. So the fact that you're saying, hey.
Sid Trivedi:I wasn't sure if I take it. I think most folks who know you were not surprised that you ended up, you know, in that in that position. I think your leadership skills are are truly exceptional, particularly from, you know, when you compare them to traditional CTOs who are usually much more introverted and are not the type of people who go and manage thousands of employees. I wanna talk a little bit about, you know, one topic that, you know, I I I think about pretty pretty actively right now is in this kind of post COVID world, most CEOs are asking their employees to come back to the office, physically come back into the office. And Sophos is based in in England.
Sid Trivedi:It's based in Abingdon, and you are based in Brux City, as you already mentioned. So you are very much, you know, in some ways against that trend. I'm curious to just get your point of view on what you think about, you know, this this push to return to the office and how you compare that to remote work and distributed work.
Joe Levy:I think it's an idea when companies begin to push for these return to office initiatives. It for me, it just suggests that there is a control deficiency, a trust deficiency, a metrics deficiency in the business. I think it betrays some more fundamental problem in the business when there's that sort of a mandate. Now on the other hand, I believe that there is a ton of benefit to getting people together and to giving them the opportunity to go back to the office when they want to get teams of meetings and groups of engineers together in front of whiteboards and that sort of thing. There is no substitute for that.
Joe Levy:So on the one hand, I think a business must continue to provide those kinds of face to face opportunities for collaboration. It's important for hackathons. It's important for collaborative architectural efforts. It's important for enculturation. When when you're onboarding new employees, for example, it's it's much more difficult to imbue a culture when you're trying to do it over a Zoom or a Teams meeting than when you have the opportunity to actually interact face to face.
Joe Levy:So number one, provide the opportunity for people to get together. Number two, don't mandate a return to office after most businesses have demonstrated that they could actually work as efficiently, if not more efficiently, in a work from home work environment. It's worked great for us. We were fortunate. When COVID hit, we already had the technology in place to be able to transition to work from home without missing a beat.
Joe Levy:Not all organizations were so fortunate, but I I think it's a good demonstration of being prepared for these kinds of unforeseen eventualities.
Sid Trivedi:I wanna talk a little bit about m and a. You've referenced SecureWorks a couple times. Over the years at Sophos, you've led several different types of, you know, acquisitions. Some of them, you mentioned SecureWorks, which is very much focused on building out a a net new business, and that was an acquisition that was, you know, over $800,000,000 to acquire that business versus kind of the smaller, more tech focused acquisitions you've done like Avid Secure, which was Nikhil Gupta's Gupta's last company in the cloud security market or Capsulate, you know, John Viega's company in the container security market. How do you think about those two types of acquisitions, the very large platform ones and then the, you know, smaller tech focused acquisitions as you look at the innovation strategy at Sophos?
Joe Levy:So first of all, I think that m and a falls into the broader category of corp dev. And when you're thinking about corporate development in general, it can take on the shape of acquisitions. It can take on the shape of partnerships. And we've been really fortunate over the years, I would say. We we've had tremendous success with the the smaller tech tuck ins that we've done in the ten years that I've been here.
Joe Levy:And more recently, we we've also expanded our corp dev bag of tricks to include partnerships and licensing of technologies. We've licensed technologies outbound for many, many years. We've recently started the inbound licensing of technologies. And the example that I would provide there is our partnership with Tenable with their Tenable One platform. We took the platform itself.
Joe Levy:We wrapped it into a service, which we now deliver to our customers as a managed risk offering. And and that worked great. And and that that is the sort of pattern that that we're just gonna go continue to run. But if you look at the m and a part of corp dev in particular, there are there are a number of categories. And broadly, you could look at smaller tech tuck ins and then you could look at larger consolidation plays.
Joe Levy:Tech tuck ins are generally designed to patch for some sort of a deficiency in a portfolio, whether it's, competitiveness within existing products that you have and maybe you've fallen behind or maybe you just can't invest as much as quickly to close the gap between you and the market demands as quickly as you would like, or they could allow you to expand into either new markets or adjacencies. There is a lot of risk in trying to expand into a new market with a tuck in because the size of the transaction implies that they hadn't already begun to operate at some scale, which means that there is no kind of material demonstration of product market fit. So there is a risk that is involved at the smaller end when you're doing a tuck in And you need you just need to align the solution to the problem that you're trying to solve. For larger consolidations, and and I would say that, SecureWorks certainly falls into the category of consolidation, this wasn't just a matter of us buying more MDR market share. We certainly did end up with more market share, largest pure play cybersecurity MDR provider in the world now.
Joe Levy:But we also got some of the best technology that I've ever seen when it comes to an XDR operating platform, next gen SIM capabilities, the capabilities that they had within their advisory business, it some of the best in the world, tier one producer of threat intelligence that's just a great complement to what we were already producing inside Sophos. So I I think we got extremely lucky with SecureWorks. You know, I've I've said that before. I'll continue to say it. It it was it was a perfect fit in terms of the opportunity it gave us to grow our presence as an MDR provider, to expand into the enterprise, to accelerate our technology road map probably by a couple of years by bringing Tejas into the platform, and then expand our competencies in the space of threat intelligence.
Joe Levy:So the moral of the story is that you need to understand the problem that you're trying to solve and then apply the right strategy to go solve it.
Sid Trivedi:And maybe just, you know, any advice you have for founders on how to approach, you know, an acquirer? And maybe perhaps if if I was to just sum it up, like, what is one thing you found founders do which you don't think they should do when they're looking to to sell their company?
Joe Levy:Oh, that's a that's a great question. And and I I've been on both sides of that, so I could probably better answer from the the the founder seller side. Thinking back through the history of transactions transactions that I've been a part of, whether it's been buy side or sell side, the one thing that I would caution founders on the most would be misreading whether there is mission alignment and cultural alignment with the acquirer. And and oftentimes, when you're when you're a founder, you're very, passionate about the problem that you're seeking to solve in the world. And when you become part of a larger organization, it can be simple to get homogenized into that operation.
Joe Levy:And if that happens in such a way where there is a misalignment or an impedance mismatch between their agenda and your agenda, that could very easily degrade into a toxic environment. So I would encourage founders to invest a lot of time and a lot of effort into ensuring that they've got good cultural alignment and good mission alignment before they get too far along.
Ross Haleliuk:Joe, while Sophos is known for its m and a strategy, it also does a lot of internal innovation and a lot of internal development. Sophos is is an almost 40 year old company in a very, very fast paced industry. Given that that's the case, how do you foster a culture of innovation within Sophos to keep it agile and to keep it moving and and to keep it competitive? And for example, how do you balance investing in core products like endpoint or firewall versus some of the newer developments like like cloud security?
Joe Levy:So this is, our fortieth anniversary this year. Thank you, Ross, for pointing that out. We we were officially started in 1985 in, Abingdon in The UK. And, yeah, over the years, the the company, I think, prior to my arrival even has done a good job reinventing itself. Started off as an antivirus company, expanded into email security, the network security, cloud security, and most recently, of course, security operations.
Joe Levy:We we've we've also evolved the go to market. And and I I fundamentally believe that there there can be innovation outside of just the technology departments within a business, and there needs to be. There there needs to be innovation in the go to market and the way that marketing team works and the finance team, etcetera. And we've done a good job evolving the go to market as well. We, we started down the MSP path about ten years ago, and now we're we're one of the most important cybersecurity partners for the MSP population.
Joe Levy:And and I've said this before and I'll say it again, I I think MSPs are the most important operators inside the cybersecurity ecosystem today, and it it's one of our missions to ensure that we're one of the most beloved and important vendors to them. So when it comes to innovation, our heritage, our roots go back to this prevention first mindset, which I think continues to confer a benefit to us because much of the rest of the industry over the past ten years has capitulated when it comes to prevention, and they've just gone, well, it's not possible to stop absolutely everything. Therefore, we shouldn't focus on that. Let's just focus on detection and response. And and I think the pendulum swung too far when that happened and it's beginning to swing back now.
Joe Levy:But but our MO has always been prevention first because it's always gonna be more economically favorable to stop an attack earlier in in its attack cycle. Like, it's a pretty simple concept and and we've we've never let go of that. And and we've simultaneously, of course, built out very competitive set of detection and response technologies, but we've never let go of that prevention first mindset. Now while you're doing this, you just continue to obsess over workflows and secure by default product design principles. Too many times in our industry, I think we've seen examples where vendors push the burden or offload the burden of a correct configuration to the customer.
Joe Levy:And and I think vendors should be spending more time ensuring that they're creating products that are secure by default so that they don't shift that burden over to customers who so often will just not get it right. I I think that's an example of a market failure when it comes to cybersecurity, and Ross, I know you and I have spent a lot of time talking about that topic. Once you're in a thriving business that's operating at scale, I think it's easier to invest in innovations. It's easier to continue to take a dollar and apply it to continuing to drive those strengths and those differentiators forward. And and that's perhaps the silver lining to the innovator's dilemma.
Joe Levy:That's where the innovator's dilemma actually gets it right. And and this approach has allowed us to maintain what I think, as an example, is, like, one of the best ransomware protection, technologies in the industry. The the thing that I'd say on the services side, when when you think about innovation when it comes to services, which is about one third of our business now, a lot of the interest is in what is AI going to be able to do for us. And, you know, we're we're we're already well past the point where AI in security operation can at least approximate the intuition of a human analyst. Doesn't always get it right.
Joe Levy:We know that. But it does provide a significant benefit, the significant time savings to most of the operators. And and I think a lot of the innovation that we're gonna see on the services side of the business is going to come from better applications of AI driven workflow innovation from this point forward.
Ross Haleliuk:So, Joe, as we look at the the landscape and the opportunities that lie ahead of you, and you've just completed a tour of, EMEA, Europe, and The US. Where do you see opportunities where a company like Sophos could scale and, more importantly, beat the competition? I just wanna put something out there for the record of our listeners. You know, Sophos is ranked higher than CrowdStrike in, you know, endpoint protection, which is something that a lot of our audience and vendors would not know. This is referring to a Gartner Peer Insights report where Sophos is rated higher.
Ross Haleliuk:It in fact, it's rated highest than CrowdStrike, Central One, BlackBerry, Palo Alto, etcetera. So here you are in a very prime position on a competitive edge, but you still have to scale. You still have to grow. So two questions. Where do you see the opportunities, and where do you see competitors doing some things better than you?
Joe Levy:So thank you for pointing that out, Mahendra. That's Gartner PR incised voice of customers. So there's tons of different sorts of metrics in the industry. None of them are perfect. Most of them are useful.
Joe Levy:And, that that one is, of course, useful in in its own ways. So where do we see the opportunity? Like, there are a lot of companies that are doing security operations today. There are lot of companies that are doing EDR, XDR, network security. One of the differentiators that we maintain is is the fact that we can operate across what I describe as, all of the critical cross domains within IT systems.
Joe Levy:So that's endpoint, network, email, identity, and cloud. So that that's one portfolio operating benefit that we have. Two is the scale of our business. We have about 600,000 customers globally, tens of millions of endpoints running variety of different operating systems, hundreds of thousands of firewalls that are deployed. Surface area confers a benefit to cybersecurity operators, and and we have a very, very significant surface area that gives us just a lot of sample data and a lot of intelligence.
Joe Levy:Where where we really differentiate ourselves because then naturally you have to ask the question, okay, well, what's the difference between CrowdStrike and SentinelOne? And a lot of people would have a difficult time answering that question. And then you could extend it and you could say, what's the difference between CrowdStrike's n l one and Sophos? And where where Sophos differentiates itself is the fact that we historically have targeted a segment of the market that I would say has been under addressed. And this is where we begin to intersect with this this idea, another idea that Ross and I have spent time talking about, the cybersecurity poverty line.
Joe Levy:And and that that basically states that there is another market inefficiency where it's just either difficult or impossible for the vast majority of organizations to make good decisions and do the right thing when it comes to cybersecurity. And and the the the mission and the focus of Sophos historically has been mid market SMB. Naturally, that changes with the acquisition of SecureWorks that now gives us a significant enterprise capability. But the perhaps surprising detail that I would share there is that while SecureWorks had about 2,000 enterprise customers, prior to the acquisition, Sophos had about 1,500 enterprise customers that were actually quite similar. And and when when you combine them, obviously, now now you're looking at a pretty significant scale enterprise business.
Joe Levy:So I do believe it's possible for organizations to serve all segments. I also believe it's easier for an organization to move up market than it is to move down market. Meaning that once you've achieved technical competency in the technology that you're building and the service that you're offering, it comes down to whether or not you've built the go to market apparatus to be able to serve those segments of the market. And and because of the strength of the channel and the relationships that we have with the MSP population, I think that we're just better situated to be able to do a greater amount of good in the world with the technology that we have. And you just announced a data center in The Middle East.
Joe Levy:Tell us about what's happening in that market. I was there for JISEC a few weeks ago, and I believe that there are
Ross Haleliuk:a lot of interesting things happening in a market that is very rich in certain assets, you know, oil and gas, obviously, but it's also targeted very intensely by a variety of actors because of the assets that they control. What are your perspectives on that market?
Joe Levy:It's one of the fastest growing markets for us. I think that despite the fact that there is a high concentration of capital that is available there, that it isn't always deployed in the most efficient way. It's funny because when you look at this concept of the cybersecurity poverty line, you tend to think of it as smaller organizations that just don't have the budgets. Budget is just one component of it. Knowing what to do is probably a bigger and a more important component of that.
Joe Levy:And oftentimes, you can have very well funded multi billion dollar operations that just don't have good cybersecurity strategies. And as a vendor who is now in a position to help with advisory services, I think that we're gonna see a pretty rapid and healthy expansion of the kinds of engagements that SecureWorks brought over to us. Many of the customers that we have in that region are SecureWorks customers. Some of them are quite large. And many of those engagements began with the security advisory services and then grew from there into an MDR engagement.
Joe Levy:And that kind of pattern, I think we're gonna see repeating. My goal is for the combined companies is to figure out how we can scale that model. And and by scale it, I mean to tens of millions of businesses. Now, naturally, we're not gonna be able to do that on our own. We're not gonna be able to employ enough people even with the aid of AI to provide those kinds of security advisory services to so many customers.
Joe Levy:But in partnership with our MSPs and by establishing ourselves as the vendor who the MSPs rely on to help scale them up to be able to effectively become the army that can do that engagement and work with those customers, I I think this is where we begin to make a really significant difference at scale. There's one really interesting statistic that, we, we introduced at our sales kickoff at our partner conferences recently, and I'll I'll I'll just share that with you and your listeners. There there are approximately 359,000,000 businesses or organizations in operation across the world today. And we asked the question, how many of them have a CISO or have access to somebody like a CISO? And it's it's a great question.
Joe Levy:I don't think I've ever seen it asked and answered before. So we did the research ourselves on this and and we we came to the number. There are approximately 32,000 people working on the planet today who either have the title CISO or a title like CISO, like director of security, that sort of thing. You look at the ratio and it's point 009%. So that that basically means that fewer than one in 10,000 organizations operating today have access to a CISO or somebody like a CISO.
Joe Levy:Now basically what that means is that they probably don't have a strategy. They're going out and they're buying cyber security products and services, but they don't have a goal, they don't have metrics, They don't they don't have a risk reduction or management strategy for their businesses. It applies to cyber, perhaps not even for the whole business. And and I think that the market has just done a terrible job trying to address that, and that's a problem that we're gonna fix.
Sid Trivedi:What an amazing stat. Joe, we we at Pingdaw have several different folks in advance of this conversation with you who have interacted with you, spent time with you. One of those was was Jim Flagging who was on the board at Sophos for many years and has spent time with you since your Solara Networks days. And and he really pushed us to ask you about the question that that you kind of, you know, discussed, which was how does Sophos play both in the SMB and the upmarket? And and you've mentioned a little bit about SecureWorks and the acquisition and how that allows you to play more actively in the upmarket.
Sid Trivedi:The other question he he pushed us on was, we'd love your point of view on how do you think about tech and architecture just to cover both the, you know, the SMB market as well as those large enterprises. I mean, their needs are very different. And so as a result, the underlying tech has to also be very different. So how do you make it flexible enough to service both of those customers?
Joe Levy:That is a perception that I've challenged for a long time, that that there needs to be some kind of a fundamental difference in the technology when you're trying to sell to different segments in the market. I think historically, that was true. And and I think that that is where this perception is rooted. And it and it comes from this notion that if you were selling to the enterprise, you require a high degree of customization. And and if a business is going to go down the path of pursuing enterprise customers, they need to avail themselves to a lot of bespoke customization that they're gonna be at the beck and call of their largest enterprise customers who are 20% of their ARR.
Joe Levy:And and I think that historically, it absolutely was the case. What what I think changed all that is APIs. And what happened with APIs over the course of the past ten years for sure, when a technology company provides a set of APIs that allow for control and interrogation of the way that a technology works, that enables customers, enterprise customers in particular, to choose their own path and to devise their own kinds of interactions. Now you're no longer in this captive model where the the vendor needs to produce that sort of workflow support for the enterprise customer. The enterprise customer can produce it on their own.
Joe Levy:So I I I've always referred to APIs as being the great enabler when it comes to unlocking access to the enterprise market because it solved what historically was an obstacle. And again, like, I will get back to the point that technology must be measured in some objective way based on its competence at performing the task that it was designed to do. If you're buying a firewall, if you're buying XDR, if you're buying email security, you can measure the effectiveness of it. And there are probably already objective measures whether it's coming from a third party like an analyst like a Gartner, whether it's coming from the voice of the customer through peer insights, whether it's coming from a more rigorous scientific measurement like the MITRE ATT CK enterprise evaluations. There's a lot of really good reference material out there, and I I know that buyers are using this.
Joe Levy:When when you look at it, there there tends to be a clustering, like, invariably, like, in the Gartner Magic Quadrant, for example, there is a leaders quadrant, and and there is a cluster of six vendors, you know, in in endpoint or in email security or whatever it might happen to be. That clustering implies that there is a lot of commonality and similarity in in what the leaders in a space are building. And there might be, like, two degrees of difference this way or that way, and it and it might be on the ability to support a particular use case or another use case. But in general, market leadership implies competence across the the set of expected utility that a platform is going to be able to provide. Once you've established that, then it's just a matter of how well equipped is the business to actually serve the needs of the customers in that segment, and do they have the scale that is required to deal with hundreds of thousands of customers or hundreds of thousands of transactions a year.
Joe Levy:That that's where I think the difference is made today.
Sid Trivedi:Yeah. I think it's a great way to put it. And I think the other piece that that many folks don't recognize and has been much more clearer today is the fact that there's this perception that the SMB customers want really, really simple products with, you know, a couple of knobs, and enterprise customers want the incredibly complex products with 50 different knobs. And and the truth is that the enterprise customers don't want the the 50 knobs because it becomes too complex to manage it. You you know, you wanna have these relatively easy simple products at the end of the day.
Sid Trivedi:Everyone wants simple. They just want them to do a lot of things. That's the the the piece that's more important.
Joe Levy:That's right. And you you want the thing to work well out of the box, and, you you you want the flexibility and the configurability of customization, but you don't wanna have to do it unless you need to do it. And that's where good UX principles and and good UX teams help ensure that vendors are driving good decisions in those places.
Sid Trivedi:Agreed. Well, we're gonna get into the final section of our conversation, and and this is, you know, broadly around your perspectives on the industry as well as advice for founders. And let let's start with you know, you alluded to this that you've been at very different types of companies. You've been at companies that have been venture backed. You've been at companies that have been private equity backed, and then you've also been in a senior leadership role at a public company.
Sid Trivedi:So first was public before it was taken private. What advice do you have for technical founders on how to manage companies of these different types of categories? What is different between these different types of companies, and are there things that change on the board that you also factor in and and say, hey. This is something you have to recognize.
Joe Levy:So I'll start with, the differences. And and there there are, of course, differences in different ownership structures and shareholder structures. So across the models of public companies, private equity companies, and venture backed companies, where where I think they differ primarily is in a few dimensions. One is their appetite for risk, and you could think of it as low, medium, and high. And and the rank would go public companies are low, private equity companies are are medium, and venture capital companies are high.
Joe Levy:So that's one appetite for risk. Two, their control and their engagement models, the way that they interact with the teams and how much time they're actually spending in the business. And I've experienced all of them and there's a clear difference here. So low, medium, and high. Public tends to be low.
Joe Levy:Venture tends to be medium, and private equity tends to be very, very high. Like, the PE wants to get into the operational details. They've got operating partners. You mentioned Jim Flagging. Jim Flagging is one of my favorite operating partners ever, and I've got all the time in the world for that guy.
Joe Levy:If he ever wants to talk to me or the team, pull up a chair. That's goodness. So no sort of value judgment on that, by the way. Like, just because PE wants to spend a lot time in control, that could be a good thing when you've got the right people. And and then the last one would be just on what time horizon is the business optimizing for.
Joe Levy:And you could think of public companies as being some sort of evergreen where they're always trying to optimize for predictability, and they're they're trying to optimize between this balance of short term and long term. Whereas venture capital tends to be more short term oriented. They're looking at how do they get to that next round of investment, how do they ensure that they're driving it toward an up round, and then maybe their exit horizon is, five to ten years. And then private equity is in the middle on that one. Private equity, they they tend to be three to five years, you know, six years, something like that.
Joe Levy:And there's usually a short term investment in operational optimization and then depending on the private equity operator, ongoing investment to be able to say, consolidate, expand into new markets, do tuck ins, that sort of thing. So that that from my experience, that's the difference between the the three kinds of ownership structures. And then when it comes to the advice, you know, I I'll I'll just I'll call back back to Lanschoni again and and this principle of there needing to be one team. Like within Sophos, for example, there are many different functional groups, but it's just team Sophos. And that's the way that the leadership team thinks about it.
Joe Levy:And that's the way that you need to think about it in your relationship with your board. It can't be your board. It can't be your investors and you. It has to be team company. And and as long as you maintain that kind of relationship, you're gonna have a good working arrangement with the board.
Ross Haleliuk:Joe, let's dive deeper into this the topic of the cybersecurity power of the line. I remember the last time we've discussed this, I did most of the talking, so I would love to flip the script and and now hear your perspective on this. So the good news is that over the past several years, this issue is finally being discussed much more often than it was before. Now the bad news is that despite all the discussions, we haven't been able to meaningfully change the situation and truly impact and and shift the the problem. So it does appear that the gap between those that have access to security and those that don't is still massive.
Ross Haleliuk:In in many ways, it is even growing. From your perspective, what are we missing? Like, is there like, what it would take to actually move the needle at the structural level and to get more organizations that don't have access to security and more people that don't have access to security to finally get that access?
Joe Levy:Yeah. I I love that question. And we've we've been asking it as an industry for years. Like, you know, we spend billions of dollars on cybersecurity. Why isn't it getting any better?
Joe Levy:And first of all, I I think there's ways to measure that we are getting better. So, like, I'll start by saying that this is not bleak and hopeless and we're never gonna get on top of the problem. There there are ways to improve. I think that one of the primary missing ingredients here has been figuring out how you scale a cybersecurity strategy across larger segments of the market. Like, again, like if we go back to that that statistic of we got 32,000 CISOs for 359,000,000 organizations, less than one in 10,000 have access to a CISO.
Joe Levy:If you use the title CISO as a proxy for this idea of having a strategy for cybersecurity risk management, you immediately begin to see that we're playing six year old soccer as an industry and we're we're just going out and spending money on products and services, but we don't actually have a strategy. We don't have a desired end state that we're driving toward. We don't have KPIs to enable the measurement of the progress that we're making toward that. How do we know that we're getting better? Like, that's a question that the industry is just not really able to answer.
Joe Levy:And and I think that until we unlock this this notion of access to CISO like functionality for the vast majority of businesses, that we are gonna be trapped in this poverty cycle that we just haven't managed to break ourselves out of. So so for me, that's it. Like, how do we as an industry, how do we figure out how to scale that kind of strategic access to all of these organizations that up until this point couldn't even dream of having a CISO.
Sid Trivedi:Joe, I wanna I wanna talk a little bit about, you know, the the the personal aspect of, you know, your your you leading. And many may not know this, but for those of us who do know you, you you've also had a whole bunch of personal things that have happened on the health side. How do you could you talk a little bit about that and how do you manage that while also leading a multi thousand employee company? How do you kind of, you know, go and balance that? Because many founders go through those experiences.
Joe Levy:Yeah. So I am I I'm I'm happy to share this, because, Sid, as you said, there there are a lot of people who go through this sort of thing, and I I think it's helpful for people to know that there's a lot of company out there. So, about a year ago, right about the same time that I took the interim CEO appointment, I was diagnosed with melanoma, form of skin cancer and I was fortunate in that it was fairly early discovery, stage 2B. My wife who I think usually doesn't pay that close attention to me was actually quite eagle eyed. She said that that mole on your head looks a little different.
Joe Levy:Maybe you should, go talk to a dermatologist and see what they say. And they they biopsied it and and it came back as a melanoma. And I and I remember I I was at our partner conference in Austin, Texas last year and I was about to step up on stage to start our opening keynote. And I received a phone call from my dermatologist's office and I and I looked at the caller ID and I'm thinking to myself, it's about seven minutes before I have to go on stage. Should I take this call?
Joe Levy:Thought about it for a minute, and I answered the call, and he and he said, hi, Jody. Got a second? I said, yeah. Are you about to ruin my day? And he said, yes.
Joe Levy:So that that was, that that was an unexpected discovery, but what what I could say is number one, thank God that it was discovered when it was. You know, I I continue to thank my wife every single day for just pointing that out to me. The company was just in a great shape at the time. I I was able to step away for surgery and some recovery over the course of about three or four weeks. The board was incredible in their support for me and, you know, now now it's just like regular maintenance at this point and knock wood, things have things have gone good so far.
Joe Levy:So these surprises happen and, you know, you you're never prepared for them and you you never, you never quite know how they're going to turn out. So again, like, I I feel nothing but gratitude for my situation. Hopefully, other people who are going through similar kinds of things can say the same things and have similar sorts of outcomes, but I I just I consider myself very fortunate for being at a time where I was stepping into what was probably one of the most stressful experiences of my life, both professionally and personally, to have the kind of support that I had.
Sid Trivedi:Thank you for sharing that, Joe. Even even more so because I think there are more founders and CEOs who go through this, and it's just not publicly discussed. I mean, it's very sad to say this, but, you know, Amit Yaron was one of the people who had said he really wanted to be on the show. Like, I have an email from him saying, Sid, as soon as I'm better, I'd love to be on this show. And, unfortunately, you know, we won't ever be able to have that that opportunity.
Sid Trivedi:And, you know, this isn't something that that is, you know, one off. We we see this a lot more, and it's it's it's good to see leaders like you just sharing it a little bit more publicly as well.
Ross Haleliuk:Joe, let's switch to the two words that you have used extensively in our conversation today, culture and leadership. What are some things about culture that you have inculcated in Sophos? And as you look at your own leadership style, how do you see it evolving over the next phase of your journey?
Joe Levy:So I will, again, refer back to my personal learnings from Lencioni on this one. And, this this gets back to the way that you set the example for how a company should be run. And, you know, in particular, I'll I'll refer to the five dysfunctions of a team. And I I diagnosed some inefficiencies in our business when I stepped into the CEO position, and, I realized that there were some things that we can improve across some of these dimensions. And and just to list them for listeners, number one is absence of trust.
Joe Levy:Number two is fear of conflict. Three is a lack of commitment. Four is avoidance of team accountability. And five is inattention to team objectives. So, like, you hear these things and you you say to yourself, of course, the these are dysfunctions.
Joe Levy:But the two in particular that that were most important for me were getting to the point where the leadership team engages in this idea of vulnerability based trust. And vulnerability based trust means that you can't just expect that people will trust you without first demonstrating to them your own vulnerability, that you're you're receptive to feedback and you're willing to listen and and you're willing to expose your soft underbelly in the way that you engage with other people. That that has to happen otherwise, you're just not gonna be able to build healthy trust based relationships between people in your team. The the other one that I'd say is really really common and and you see this often in organizations that tend to run by consensus. And, I think consensus is a bad word, really.
Joe Levy:And I think the the the way that this manifests itself is that they tend to move away from conflict. They they tend to try to solve problems in a series of peer wise conversations where where they drive consensus iteratively over an excruciatingly long period of time. And I think the antidote to this is that the culture must be set by leadership whereby there is a willingness to engage in productive conflict. And there's this principle that Lencioni talks about which he describes as telling the kind truth. And that basically means sometimes you have to say something that people don't want to hear, just be kind when you do it.
Joe Levy:And and I think that the more willing an organization is number one to build these relationships founded on a principle of vulnerability based trust and to steer clear of consensus driven decision making and to engage in productive conflict through telling the kind truth. That that is one of the most rapid ways to solve what I think is one of the most challenging set of cultural problems in many organizations.
Ross Haleliuk:One last question around the vulnerability based trust, Joe. You talked about leading with an example, showing yourself underbelly. And I know several people who have done that and have built a culture that's extremely positive. On the flip side, I have some people who say when they did that, people took advantage of the fact that they were being opened down the road. Something came back to haunt them.
Ross Haleliuk:So I'm willing to trust you, but how do I know that you won't stab me in the back down the road? You know, that's the question that comes up in the Valerie based first approach. And I'm curious, like, how did you resolve that internal dilemma? Well, you need to be willing to go out on
Joe Levy:a limb. Somebody has to be a first mover in these sorts of relationships. You need to be the one to extend and to lead by example. And frankly, if there are instances where people weaponize that, where somebody does attempt to build this kind of relationship through the establishment of vulnerability based trust and it's subsequently weaponized by someone, that person probably doesn't belong in the company.
Ross Haleliuk:Yeah. Yeah. Yeah. Now thank you, Joe, for, you know, sharing your journey, you know, sharing some very important insights on the industry and how the industry is evolving. And, particularly, the the golden statistic that you shared with us today that very few of us really appreciated, that you have over 350,000,000 companies worldwide and only just slightly over 30,000 CSOs.
Ross Haleliuk:You know, when when we look at that statistic, it is scary. It is both an opportunity for us to improve on what we are doing, and, we look forward to your, your leadership and insights in solving some of these problems as we progress. So thank you so much for joining us today.
Sid Trivedi:Thanks, Joe.
Joe Levy:Thank you.
Sid Trivedi:Thank you for joining us inside the network. If you like
Ross Haleliuk:this episode, please leave us a review and share it with others. If you really, really liked it and you have some feedback for us, wrap it on a bottle of Yamazaki and send it to me first. No. Don't do that. Mahindra gets too many GIFs already.
Ross Haleliuk:Please reach out by email or LinkedIn.
