Defy Security CEO On Listening To Customers Vs. Pushing ‘Magic’ Solutions

‘If you listen, the customer will tell you what they want to do,’ Defy Founder and CEO Justin Domachowski tells CRN.

While steering clear of pushing overhyped new technologies on customers that “don’t scale,” Defy Security has grown into a solution and service provider that serves nearly a third of Fortune 50 companies and is targeting $1 billion in revenue in the coming years, according to Defy Founder and CEO Justin Domachowski.

CRN recently spoke with Domachowski (pictured) about his strategy for growing the Canonsburg, Pa.-based company, which launched in 2017, into a major player in the cybersecurity solutions channel that currently employs more than 150.

That strategy, he said, is centered around understanding what a customer is truly looking for and then delivering that solution, rather than coming in with a predetermined agenda.

“If you listen, the customer will tell you what they want to do,” Domachowski said. That approach stands in contrast to solution providers who tell their customers, “’Here's this new technology and the OEM says it's going to be magic,’” he said.

Defy Security is backed by private equity firm Sverica, which invested an undisclosed amount into the company in November 2020. Notably, Defy has “doubled in revenue since the partnership with [Sverica] in 2020,” Domachowski said.

Previously, Sverica owned a majority stake in cybersecurity solution provider Accuvant, where Domachowski worked as an enterprise account manager prior to launching Defy. Accuvant was merged with FishNet Security in 2015 to form cybersecurity powerhouse Optiv.

What follows is an edited and condensed portion of CRN’s interview with Domachowski.

What prompted you to start Defy Security?

In my previous role as an account executive [serving] Fortune 10 and Fortune 50 companies, I found that there was still a need to really understand, what does the customer want versus trying to sell something that was more profitable. And so in launching Defy, [the plan was] to have a few customers in the Pittsburgh or Ohio region and just do a really good job with that.

Fast-forward seven years and we’ve been through a major investment and we're an international company. I think that growth is due to the vision of the company, but more importantly, to the people that we hired. We've got a lot of veterans that came from other security VARs in this space. I think they understood that if you listen, the customer will tell you what they want to do. Versus saying, ‘Here's this new technology and the OEM says it's going to be magic.’ A lot of times you see when things like those get implemented, they don't scale, especially in the larger enterprises.

A true partner really understands where [the CISO is] trying to get to. We want to come alongside and support you doing that. And sometimes that means you don't get deals for a while. With a lot of our competitors, because of their quotas, they're so focused on getting the deal. And if they don't get a deal, there's no support for that customer. I just don't think that's the true partnership model.

Are you mainly focused on enterprise customers?

We're very successful with most of the top 10 largest banks. We have some large retail customers, [and] large manufacturing customers. I would say, of the Fortune 50, we’ve got maybe 30 percent of them as customers. I think it's just a testament to our model. These CISOs have been around forever, and the fact that they’re giving Defy the opportunity to partner with them over the last seven years, I think it just shows the methodology works.

Do you work with mid-market customers as well?

Yes — the beauty of Defy is that we provide the same service to both [enterprises and mid-market customers]. It's not like, if a customer doesn't spend [a certain amount] with us, they get the B team. We only hire A-team players.

How does your strategy for serving the mid-market differ from your enterprise strategy?

With the mid-market, we try to always lead with services. Anybody can sell a tool. But when we can get in there from a services perspective, we can really understand, what do you need that technology to do? What's the KPI? What is it that you're trying to see? It’s more of a consulting approach. A lot of times, it's not adding another tool — it’s tuning something that they have or adding on a module to something they already own. I think that approach appeals to customers, because we're not trying to sell them something. We're trying to figure out, ‘Hey, you've made all these large investments. Is there something that you already own that we can maybe change or adapt — or maybe just needs an update?’ When we lead with services, I think it adds more value.

Are there certain areas of GenAI that you think are going to be important for security going forward?

One is Charlotte, which CrowdStrike came out with. What that's allowing customers to do is, based off the intel from the global cloud that CrowdStrike has created — now the information that AI tool provides puts the customers further ahead. We're not seeing that anywhere else yet.

What are some of your other big security vendors right now?

We do a lot with Devo from a logging perspective. We all know the leader in that space had been Splunk for so long, and I think it's refreshing to see another technology come along and understand what the customer's needs are. [As logs grow] a lot of customers are saying, this is getting so expensive. But with a technology like Devo, I think it allows customers to have that full visibility without breaking the bank.

Can you talk about your revenue growth?

Our goal is to get to $1 billion [in revenue]. We're just over halfway there. Last year, we had almost 27 percent year-over-year growth. I think we're going to continue to do that [pace of growth] with market expansion.