ThreatLocker CEO Danny Jenkins On Growth, Past Mistakes And Why It’s Good To ‘Harass’ Customers
The ThreatLocker co-founder and CEO speaks about his biggest fears and mistakes, why MSPs are ‘incredibly important’ to the security vendor’s strategy and which companies he admires.
Danny Jenkins, co-founder and CEO of ThreatLocker, is a familiar face at XChange events and other conferences, usually clad in his blue ThreatLocker T-shirt. As he sits down with The Channel Company Chief Content Officer Stuart Sumner at the 2025 XChange Best of Breed conference in Atlanta, he’s come fully suited and booted in honor of the seniority of the audience, Jenkins explains.
Over the next hour he covers everything from his growth plans to his biggest mistakes to how he feels about his competitors.
What’s top of your agenda right now?
What I always think about is making sure that we’re constantly not falling behind our adversaries. And that’s why we released our Defense Against Configuration [strategy] because what we’ve seen is the only time we’ve had breaches in our customers is where they haven’t turned things on or configured things properly. So my priority is making sure our customers are as secure as possible with what they’ve got.
Quite often, especially in the MSP world, you see people buy something, something fails and then they go and buy something else and then something fails and they go buy something else. You end up with a massive mess of products as opposed to having one set of tools that’s configured properly.
It must be difficult to tell a customer it’s their fault when something goes wrong.
It bothers me more if we don’t have very clear communication. So I get really mad when someone tries to find a reason not to help a customer.
We harass our customers to make sure they do things right. So we’ll send emails saying, ‘Hey, you need to get on a call.’ I’d say 99 percent of the time when someone gets breached, we say, ‘We have emailed, we’ve left you 45 voicemails over the last year. You just ignored us.’ I think as a company every time anyone gets breached, that’s still our responsibility and we as a company focus 100 percent on the customer. That’s where we have our 60-second response time with support. I don’t turn my phone off and I give my number out to customers. And look, people don’t need to call me because their problems normally get solved, but I’d rather know.
ThreatLocker has always been channel-focused, is that changing?
We have a lot more direct sales than people realize. So, first of all, we were not an MSP-focused firm. We were 95 percent midmarket-enterprise-focused, or non-MSP-focused when we started. In 2020, we ended up doing incredibly well in MSPs, partially because all trade shows shut down globally and most of our customers aren’t searching for what we’re selling, they’re not searching for ‘zero-trust endpoint protection,’ for instance. In 2020 we went to eight trade shows and we only caught COVID at one, so that’s not too bad odds.
But that really picked up the MSP momentum and then in 2021, when Kaseya had their vulnerability we were the only people that blocked it zero day, so we kind of exploded.
We have two motions. One is to enterprise, one is MSP. Our enterprise team has always been bigger than our MSP team, but the revenue is roughly evenly split.
How important is the channel to your growth, and how do you see that evolving into 2026?
MSPs are incredibly important to our growth because as a company, our mission is focused on really stopping cybercrime. And it’s not actually focused on growth of the business. Our initial mission when we started ThreatLocker was to change the paradigm of security, and we had two goals when we started the company. One was to sign a small company, and one was to sign a large company. And we didn’t do it because we wanted to make money. We did it because we had to. If the world doesn’t change, we’re going to be brought to our knees.
So the MSP is incredibly important because 80 percent of businesses are small. So 80 percent of our customers go through the channel. We can’t sell to a 10-user dental office or even a 200-user car dealership—it’s not viable for us as a company to do that. So we need MSPs to deliver that for us.
How fast is ThreatLocker growing today?
We’re just short of doubling in size this year in terms of revenue. And staff are probably close behind in terms of growth. We’ve been on a pause because we’ve been growing the office space as we ran out, but we’re now hiring again. I think we added 50 people in the last two weeks.
Is there such a thing as growing too quickly in terms of management oversight and governance?
In 2021 we grew too quickly and had massive infrastructure issues as a result of our growth. We didn’t have sales teams at the beginning with managers, we didn’t have a structure, we didn’t have support teams. We grew five times in 2021 and I was begging people not to install in July that year because we were in serious trouble. But I think where we are right now is nice. We still manage to keep our less-than-60-second response time for support. I think at the beginning where you’re transitioning from a single level of management to multilevel, you can get into a lot of trouble there.
What are your growth targets in 2026?
You always want to aim at that double. I always shrink that down a little bit because investors always think about growth in percentages. I tell them that companies don’t grow in percentages. It’s an input to marketing and sales and engineering and an output on the other side; it’s got nothing to do with how big you were to start with.
But if you think that 80 percent of the world will use zero trust as their default in 10 years’ time, well, we’re clearly the leader in it. We own 90 percent of that market today, but perhaps by then we’ll have more competition so call that 30 percent. We’re still doubling every year to get there.
Which of your competitors do you admire?
Our competitors’ features don’t map to us exactly. Realistically, there’s less than a quarter of a percent where we’re actually competing directly. More likely, we’re competing for dollars than we are for features.
We have an EDR feature which competes with CrowdStrike, but we won’t sell you our EDR unless you buy our platform because our mission is to convert the world to a zero-trust architecture and selling you our EDR does not do that. So if we think about who we’re displacing the most, it’s probably SentinelOne or CrowdStrike, but they have the least features in common with us.
If I’m honest, I’m not overly happy with the industry and the approach it’s taken on security. The attitude seems to be, ‘We’re going to sell you enough to make you feel more secure and we’re going to send you sugar pills as opposed to solving problems.’ So I don’t really admire anyone from that point of view, but I do admire companies when you look at how they’ve managed to achieve such a large market share.
What about stepping outside the security industry? Are there any other companies that you look at and admire as a CEO?
I change my opinion on this very often. The iPhone was an incredible evolution, but do I believe in Apple as a great company? No, I believe that they had a great product and a great leader at the time. I think about Microsoft and what they managed to build, even when I saw it from NT 4 to Active Directory I thought, wow, you can just build great technology. And Tesla came out with an electric car and just turned an industry on its head. I’m not a big fan of Tesla now. Mine broke down all time so I got rid of it. But they took electric cars from a nothing market to a large portion of the cars sold today.
Investors often say to me, ‘Are you worried about someone else coming out with directly competing technology?’ And I say no because right now it’s too hard for our competitors to win against us. The moment they start doing it, now it becomes us versus them, and all we have to do is be the best. And I’m happy to be the best.
So Apple came out with the iPhone and now we’ve got Androids, which is fantastic technology too, but only because Apple came out with something first. And Tesla came out with electric cars and now we have Mercedes and Ford and the rest. That’s what I’d like to model us on. We come out with the technology and hopefully people follow us because that creates a whole market.
What keeps you up at night?
I don’t know if I get enough time to sleep to be kept up. I think what I fear more than anything is security—even as someone whose security posture is, ‘You can’t go to the bathroom without scanning your card.’ ... We saw KnowBe4 accidentally hired a North Korean spy. They caught it before it went on too long, but that scares me.
Could we hire the wrong person? We’ve put so many controls in place now inside ThreatLocker because I’m paranoid about it.
We have to have three different departments verify a build before it can be pushed out. So what happened at CrowdStrike [with last year’s outage] can’t happen to us because we have so many checks with so many different people and departments. If you’re in this space and it doesn’t scare you … you’re in trouble. Being scared makes you prepared.
What’s your biggest mistake as a CEO?
I make so many mistakes every day. At the beginning of 2021 we had a very clear pathway, and my top priority was to get as many people to know who ThreatLocker is at the same time. It was growing as we expected, and then in July Kaseya had their vulnerability and we suddenly exploded in growth. I think the biggest mistake I made was stopping looking forward. My CFO, our board of directors, our investors, all ask one question all the time which is, ‘What’s our revenue?’ I actually don’t care to know because as far as I'm concerned, what we did this month was decided six months ago and I have no control over it at this point.
And in 2021, we exploded so fast that I actually stopped marketing because I couldn’t contain the thing. So it started to slow down, and by Q2 2022, we were now in a dip because I’d stopped looking forward. And I realized it at the end of Q1 in 2022 when I looked at how many demos we were doing. And I remember looking at the data and I was like, ‘Why wasn’t I looking at this three months ago?’ Because I’ve never paid attention to that and now to this day I’ve never made that mistake again. You should never focus on revenue, never pat yourself on the back for getting a good sales month. Only pat yourself on the back for getting a good pipeline build.
So of course the board was stressed out by the dip. Now, I wasn’t stressed at that point because by the end of Q2, I could see the future looking bright. I feel like if the board of directors had the chance to remove me, they would have removed me from the leadership of the company. Maybe they wouldn’t have removed me, but they may have stopped me spending. So we have a situation where we still control the company as the founders, so the board didn’t have the opportunity, but they would have demanded that I stopped doing what I was doing, which was accelerating our market expansion.
Every time we’ve been asked to disproportionately change the board control, my answer has always been the board should be controlled by the number of hours you work in the company, not by the number of shares.
Did you grow up wanting to be CEO of a security firm?
I grew up in the West Midlands of the U.K. in a very rough area. The school was so bad one of the students actually burned it down. The funny thing was it’s now called the Phoenix. So it did rise again, then it got shut down for having so much crime.
I started my first job at 15 as an apprentice. Security wasn’t a thing then, so I never thought of being the CEO of a security company. I’ve started multiple companies, none of them were necessarily big successes, none of them were failures either.
When we started ThreatLocker we had $150,000 in credit card debt to the point where we couldn’t buy groceries, which was tough. I remember buying $80 of groceries on three credit cards for a week for five people. So it was a tough start, but I think I always had that entrepreneurial streak where I was willing to risk it or risk everything for the sake of the business. And my wife, who co-founded the company with me, was always like that as well. So despite having three children, we always somehow managed to be reckless enough to see a company through.
And given your entrepreneurial personality, how comfortable are you now scaling a company rather than going off to start a new one?
I’ve always wanted to finish what I started. And I think if you’d asked me five years ago, I wouldn’t have said I’d still be at ThreatLocker now. And now I have no intention of going anywhere. We’re planning for an IPO, probably in two years.
I think some of my successes were down to my lack of knowledge of the bad things that can go wrong. We initially went through an accelerator, and it was the biggest waste of time ever. We needed to do a trademark registration and the accelerator said you need to get a lawyer, which was going to cost $5,000. Now, we had less than $20,000 in our bank account. So instead of doing that we spent all the money on sales and marketing, every penny.
And the accelerator was right, by the way, we had to sue somebody for trademark infringement, and it cost us probably another $100,000 in fees. However, at that point we had millions of dollars in the account. So I think if I was to do it again, and there’s probably a million examples like that, I would probably be too concerned about detail; ignorance can be a strength.
Is there an AI bubble?
Suddenly we have LLMs that can generate things like a human. However, it’s essentially regurgitating what it’s learned on the internet. And what this has created is a massive boom in AI or attention to AI.
If we look at Nvidia’s stock price, last time I checked it was trading at 35 times revenue on a non-recurring revenue business, which is amazing. Intel trades at one and a half times revenue. And let’s just assume that’s adjustment for better technology, even then Nvidia would have to sell 10 to 20 times more chips to grow into that valuation, which is absolutely bonkers. If people don’t buy chips next year, it’s all gone. So I think the AI side, it’s a bubble.