Playbook
Notion’s Foundations of Product-Led Growth & Marketing: Insights from Rachel Hepworth
Read more
[01:41] Jon (Duo Security) and HD (Rumble) explain why they built product-led companies
[07:01] How to build trust with the end user for product-led growth
[16:55] How open-source changed the way we think about security development and security tools today
[20:08] HD shares how he built a community of loyal evangelists for the Metasploit project
[29:45] The most important qualities to look for when hiring for key positions in a product-led company
The co-founder and CEO of Rumble, HD Moore, who previously started the open-source project Metasploit, and Jon Oberheide, co-founder and CTO of Duo Security, are experienced hands at product-led growth, one of the most interesting innovations in scaling a business in the last few years. It’s a strategy focused on getting super-close to end users during the earliest stages of product development, instead of allowing the top-down market to dictate product development from the get-go. We asked HD and Jon to share the whys and hows of building product-led companies, and we’re excited to share their words of wisdom here.
Jon: We knew attackers were going downstream to SMB and mid-market companies that can't afford to protect themselves. That was our thesis, and we asked: How do we democratize security for organizations that don't spend $500 million a year on cybersecurity? Bringing security downmarket and making advanced technology more available led us to strive for something that's easy to try, easy to adopt, and easy to sell. So we came to product-led growth organically.
HD: I’ve worked for various startups the last 20 years that were very top-down focused, selling to large telcos – not a lot of product-led growth happening there. When I started to build Metasploit, early on I realized that its success would depend on the user community. I found that I really love working directly with people using the product. But at some point you do need to have an approach for the actual buyers. I want to help my users, but you still have to help the business, justify the costs, and provide some top-down cover for the folks who really want to use the product.
Jon: You can do both – they’re not two independent things. What you build for bottoms-up actually can help you in the top-down sale, and vice-versa.
Jon: I should probably let one of the most successful open source project leaders ever take that one!
HD: When I created Metasploit, open source was a requirement. Either that or paying a lot of money for a thoroughly vetted closed source product. Now I think the prevailing approach is more of a hybrid, where even if your tool is not open core, you have some open source elements in your ecosystem, and you collaborate with other companies.
HD: You need to make the product approachable from the beginning. Allow the end user to set up the trial themselves in a way that doesn’t involve corporate resources early on. A lot of products are optimized to cater to the buyer. They have fancy dashboards and graphs and charts and all the fun ROI stuff, but those aren’t going to help the person actually managing tickets and responding to incidents. So you have to be focused on the end user. They need to know that you understand their pain points and that you’re there to help them.
Jon: We also focused a lot on the initial experience. I think new users are surprised that they can set up and experience our product in a few minutes – this really helps convince them to continue with Duo. People often define our product as “the codebase that we ship,” and “the thing that customers experience.” But we tried to form our business around the customer journey, not just the product. So try, buy, adopt, grow, refer – that entire journey should be around the product.
HD: I’m familiar with juggling everything. Being support, engineering, sales – wearing all those hats. And when I’ve had to build teams, I wanted people who could do the same thing. The most important quality is the ability to understand the customer's pain points. If you have development or sales teams that are isolated from customer feedback, especially the negative kind, they’re not going to help fix the product. They won't have the emotional investment to make it better.
Jon: I can’t agree more with that perspective of hiring folks who don’t bring their own playbook. You want to find people that like to dig in, learn a new domain, learn a new business, and buy into the model you’re trying to build. It can be challenging when you're hiring, because peoples’ resumes are all about what they’ve done previously, and how they think they could do the same thing at your company. We tried to hire explicitly outside of security, and ended up hiring our entire go-to-market team from Zendesk.
HD: Over Christmas break in 2005, there was an email phishing attack through the metadata of EMF image files, which are used for printing in Windows. Of course, because it’s over the holidays, everyone is freaking out about trying to stop it, and we saw lots of zero-day compromises. We added Metasploit support to test the vulnerability.
About a month later, I got an obscure email from a Russian throwaway address. There was a photo attached of a guy wearing sunglasses, with his car parked in the middle of a Moscow street blocking traffic in front of the Kremlin. Of course, I don’t understand what’s happening and reply. In the email, he asked me to look at the shell code for the original EMF exploit. It turns out he included his license plate number in the original exploit – the same plate number of the car in front of the Kremlin.
Jon: I don’t think I can top that story, but HD is one of the most prolific hackers out there. I truly believe that great hackers make great founders because they’re creative at finding different paths to success that no one else would think of. They also view the world through a little bit of a different lens, and approach every problem in a new way.
