Why Most Companies Get Cybersecurity Wrong - Corey White - Shift & Thrive - Episode # 057
S&T_Corey White
===
[00:00:00]
Natalie Nathanson: Today's guest is a seasoned cybersecurity leader with nearly 30 years of experience safeguarding the digital world. He's led security responses to some of the largest breaches in modern history and has worked with firms including Sony and Google. He was a founding executive at Cylance and scaled his division to a $60 million global operation prior to its acquisition by Blackberry.
Today, he's [00:01:00] the founder and CEO of Cyvatar, a company that's transforming how small and midsize businesses approach cybersecurity. Cory White, welcome to the show.
Corey White: Natalie, thank you. I'm happy to be here.
Natalie Nathanson: I am very glad to have you, and to kick things off, I'd love to start, uh, by having you share a transformation story from inside s Avatar. I think when we spoke previously, you talked a bit about, uh, a shift towards a, a post breach focus. Uh, can you walk us through what led to that shift and you know, what you changed in your approach?
Corey White: Yeah. Yeah, it's interesting. Um, I'm always doing, uh, kinda market go to market analysis and understanding how uh, customer's needs change. Patterns change. What, what drives a, a customer to buy and, and spend money, you know, period. But then, you know, diving deeply into, you know, specifically cybersecurity. And, and ultimately what, what I, where I landed is, is companies spend cyber, spend money in four different areas as it relates to cybersecurity.[00:02:00]
So, uh, you know, the first is they need to be compliant. They've got some big customer coming to them saying, you need to be. You know, SOC two, nist, CMC, hipaa, whatever it is, that that typically becomes a, a, a major driver to spend money on cybersecurity. But we all know complaints doesn't necessarily always equal cybersecurity.
It can be kind of a checkbox. So, so that's number one. Uh, number two. Is, you know, third party risk questionnaires, meaning that they've got some kind of third party risk management, uh, questionnaire. They have to answer from some very large vendor, and it's coming to them and said, oh my God, we have to answer all these questions and we don't have these things in place.
We can't actually answer the questions. So we need to put these things in place. Uh, that is also a driver for, um, cybersecurity to spend money. And then, you know, the, the next one ends up being, um, cyber insurance. So, uh, some companies, you know, they actually, you know, go through and try to meet the requirements [00:03:00] of a cyber insurance, you know, um, questionnaire or underwriting questionnaire.
Uh, whereas says you have to have antivirus in place and, and you have to have, uh, you know, continuous monitoring, multifactor, all, all the basics. Um, but unfortunately one of the things that we've seen over the last few years is that. Um, a lot of these insurance carriers are, are going, you know, they're brokers and they're, they're, they're going to get a deal, some kind of a way.
So end up accepting someone just checking all the boxes and not validating, but that also is a driver. The last one, which we've scheduled on is what we call, you know, post breach cybersecurity. Companies spend money on cybersecurity after they've had a major incident. Okay? Because normally they think, ah, we'll be okay.
We'll roll the dice and hopefully everything works out okay. But post breach cybersecurity means, Hey, we've had a, you know, triple extortion ransomware. We've been completely had, customer data's been stolen, uh, user accounts have been compromised, and our systems have been encrypted. We've just recovered from that.
[00:04:00] We have to make sure this doesn't happen again because that's the number one question after a cyber breach is. How do you make sure this doesn't happen again? And, and so what we've done is we partnered with a lot of cybersecurity incident response companies. You know, they're called DFIR, uh, firms, digital Forensics Incident Response, uh, firms.
And so after they cleaned up these companies or done a ransomware recovery, then they hand them off to sabot avatar to maintain, you know, enterprise grade, uh, cybersecurity for our customers. So, so ultimately where that lands is, is simply this. We've never had a customer have a ransomware attack, period.
So, you know, I challenge the audience. I want you guys to think about it. If you're a cybersecurity provider, whether it's a M-S-S-P or a MSP and their customers have had a breach, think of this analogy. Imagine if you, I don't know, if you're a celebrity and you have this bodyguard, and the bodyguard previously has had.
You know, five or six of the company, you know, five or six of the people that, that [00:05:00] he is or she is securing die, would you hire that bodyguard? So think about then cybersecurity. If you have a cybersecurity provider, but their customers have had a ransomware attack, would you hire them? You know, you have to think about that and make sure that you're, hiring the right security firm for your company.
Natalie Nathanson: For sure. I'm curious, you know, how that, uh, moment came about to kind of make that change. Was it, was it a specific kinda aha or light bulb moment? You talked about kind of doing liking to do go to market analysis regularly or was it more gradual?
Corey White: Yeah,
I, I'm always looking at, you know, um, analysis. We, we do at least quarterly to figure out, okay, are we selling the right solutions? Are we going to toward the right market? But, you know, what we've seen, and this has been, you know, gradual over, let's say over the last six years. Six years ago, the managed service provider, many of them, you know, traditional IT companies, they were [00:06:00] not cybersecurity companies.
But if you look at their, their websites today, virtually all of them are cybersecurity companies. They lead with cybersecurity and, and that historically isn't their expertise, but their customers are asking for it. So when they're getting those requests, they're being forced to become cybersecurity companies.
And what that means is, you know, they're like, oh, let's use the cheapest antivirus, or, or let's not configure antiviral antivirus to block malware. Or, you know, let's not patch on a continuous basis. Let's, uh, not enforced multifactor authentication. So those all lead to their customers getting breached.
And in many cases, what we see. C is the, the hackers of cotton free smart. They do a one to many hack. Why hack into a bunch of small businesses when they can just hack into the MSP that's responsible for securing them, and then get access to all those businesses all in one [00:07:00] hack. So, so that, that's the challenge we run into is a crowded market now, but they still aren't providing the value that they, these customers need as it relates to cybersecurity.
So where we come in is after the breach in many of these companies, they do have an MSP in place.
Natalie Nathanson: I love just going back to something you said about doing that quarterly go-to-market analysis because, um, you know, I, I believe it's just so critically important, especially in a landscape that we live in right now and so much is changing, uh, so fast. I don't believe like all organizations do that. So can you talk a little bit about, you know, how do you do that?
Who on the team is involved? Like what form does that take? Um, talk a little bit about how that works for your organization.
Corey White: Yeah. Yeah, absolutely. Um, I'll, I'll go back. Um, God, when I say I think it's like 20, 20 15, 20 16, I was in Washington, DC at my previous company and, um. [00:08:00] My team was doing, uh, God, probably around around 10 million a year in, in traditional services. But then when we were, you know, planning for our next fiscal year, um, I was asked to be around 40.
I was like, uh, services didn't scale that way, that quickly. Um, how, how will you do that? And so I started really just researching how do you scale a business? What does that look like? What's the methodology around it? And I found a methodology called scaling up. And I, I went and got certified in it. I, uh, I, I met the, the founder of the organization and, and you know, we met a couple times at a few conferences, but um, I learned the scaling up methodology and it is a quarterly methodology where you have quarterly rocks and, and goals you have to go through is a lot to it.
But it makes sense because I think if you can't just. You know, randomly or willy-nilly say, I'm gonna do go to market analysis or company analysis. You have to have a plan. And, and, and [00:09:00] so scaling up is the methodology we use for quarterly analysis, quarterly goals, and, and figuring out what am I gonna anchor my organization on and what are we gonna get accomplished this quarter?
Natalie Nathanson: Yeah, I think it's a great framework. I think it's Vern Harnish. Um. Who I know through my Entrepreneurs organization affiliation. Um, I think any kind of framework like that, that gives your organization kind of the discipline, um, and the framework to do that so you're not kind of reinventing the wheel unnecessarily.
Um, but then obviously, actually aligning to that and having the discipline to continue doing it regardless of, you know, how busy things are or getting pulled in different directions is, uh, is so critical.
Corey White: Vern's a great guy. Yeah, he um, I'm glad you put the methodology together.
Natalie Nathanson: Yes, for sure. I'd love to shift gears a bit, Corey, and you know, one thing I always love digging into is how leaders show up for their teams, especially in kind of fast changing [00:10:00] environments like what we're, what we're talking about here. Can you talk a little bit about, you know, your unique leadership style and what's shaped that?
Corey White: Yeah. Yeah. Well, let's, let's go back to, to what shaped it. Um, back when I really first became a, a director back in. Say 2005 and leading a team. One of the first things I did, and, and this was before digital books wasn't really a big thing, but, um, I ordered every book I could get, you know, probably about 10 of them off of, uh, Amazon and got 'em delivered to my house.
And I just started reading management and leadership books and, and one of the, the themes I picked up from, from those books is. That being the, the best technical person, you know, uh, best consultant or whatever you, you think you may be really good at, that doesn't mean that you're gonna be the best manager or or people manager.
Those end up [00:11:00] being two separate skill sets and that you have to learn. And so I focused on learning. How to be a good people manager. And, and, and then ultimately I landed on, uh, what a phrase that you know, you probably heard before called, you know, servant leadership and, and servant leadership basically is, is you work for your employees.
And it sounds counterintuitive until you think about it. What if every single one of my employees were highly successful and I was right there, you know, behind them, supporting them to be highly successful in in their jobs. What does that make the company? Makes the company highly successful and it, it, you know, you, you, you, you know, stacking up points, you know, with, with your employees where they know that eventually they can trust their leader, their, their leader has their back, they can confide in them.
And one of the examples I've always give, especially when I'm first hiring someone is. [00:12:00] You know, I, I never wanna be, you know, the emperor with no close, right? Where, where you're, you're leading and, and we've all been there where we've seen this leader up saying something. You're like, well, that's total crap what that person's saying, that is not true.
That is not how things work. This person is disconnected or tone deaf. Um, hey, you, we all seen that. I don't wanna be that leader. But what happens when you're in a leadership position, you are not in the day to day. So you actually don't know what's going on. And one of the ways you, you get to know what's going on is by talking to your employees.
But you have to have open communication. And in many cases you are never gonna get a hundred percent right. You have to, um, have some level of open communication and hopefully they'll share a lot with you, but they're never gonna share everything that they're thinking with you. But, um, that open communication, hopefully you are able to pick.
Things up across all your employees. Even. Even now, I do, you know, correlate one-on-ones with every employee in the company. You know, just, you know, it is only 30 minutes, [00:13:00] but it just carve out 30 minutes just to understand what's going on in their world. Give feedback, just have a one-on-one conversation, you know, every single quarter.
So I'm always in touch. I try not to be so separate as a leader.
Natalie Nathanson: Yeah.
I'm curious if you have, I I like that. Uh, kinda one-on-ones with, with everyone on the team. Any examples of something kind of impactful, um, that, that came out during those discussions that kind of set you on a new course that maybe you wouldn't have thought about or known otherwise?
Corey White: I say that happens probably every single time I do a quarterly one-on-one. There's, there's some insight that, that I, I didn't think about. Um, you know, I was, you know, just, just last week I was talking to, to one of our employees and, and she mentioned, Hey, we have these renewals coming up and. And, and I was like, huh, okay, well there's an opportunity to, uh, and it helped us on, on the financial side, uh, to accelerate some of those [00:14:00] renewals, but I hadn't even thought about it.
But if I didn't talk to, you know, my, my employees on a regular basis. I wouldn't have had that insight. You know, sometimes you just get reminded of something as simple as that. Other times, you know, we had a situation a couple months ago where, you know, employee has something and, and, and I gave an answer and it was, it was the right answer at the time.
But like a week later, another one of my employees I'm also close with, um, she had a conversation with a person and, and they're like, Corey's answer was tone death. And I was like, ah. Yeah, it was actually, I wasn't thinking in the right frame of mind where, you know, sometimes at the executive level you're, there are things on your, on your mind that are not always in the same perspective as the employee.
And so your answer may sound disconnected. It may be the right answer, but it may be disconnected from their perspective. And you, you always have to be able to adjust from that. But you may not always hear that [00:15:00] unless another employee tells you, Hey, you said this, but maybe I should have said, framed it this way.
But that's why it's so important to have all the conversations that you possibly can as opposed to just talking to one person or staying in some echo chamber.
Natalie Nathanson: Yeah,
for sure. Um, I love that you have those kind of relationships to get that kind of honest feedback and like, Hey, that sounded a bit tone deaf, or things of that nature. Because I think as the, the leaders, sometimes you are told kind of. What people think you wanna hear and Right. That's kind of so, so detrimental, right?
It just becomes this cycle of, uh, like a downward spiral. Um, curious if there are any ways that you, uh, try to draw out kind of the, the truth, uh, in those conversations, even if it is harsh and maybe the employee might not wanna share.
Corey White: Yeah.
What, what what I've done is I, I specifically hire, um, people that, um, you know, they don't bite their tongue. [00:16:00] They, they, they, they, they're pretty open. I, I, I foster a culture of, of that, um, because I, I want people to be able to, you know, just share what their thoughts are, you know, right, wrong, or indifferent.
And, and so, you know, some of my executives, we, we have some fiery conversations, but as fiery would love to be clear, but it, it's. I, I don't, I, I, I've learned over the years is if, if you hold things in, just, just personally in life, if you hold things in, it literally makes you sick. You have to get them out, even if you're frustrated.
And so you have to give, uh, your, your team the leeway to just vent to get it out, you know? I have, I have one team member that, um, like, Hey, if you get frustrated, you call me. You just yell at me. You know, just get it out. And, and, and, [00:17:00] and she does. And we just have the best relationship. But you have to know where people's heart really is, what their true intentions are, and what is the, the driver behind some of the passion.
Um, and, and that, that helps me understand, okay, this, this is not malicious. This person is not trying to do bad. They're actually trying to do good here. But sometimes it's not received the right way, or sometimes it, it ends up being misconstrued. But we all need an, an a, a free, safe form to be able to, to vent, get our emotions out, get our, get our thoughts out, and, and that, that's what I've done with the team.
You know, we're, we're pretty open and transparent.
Natalie Nathanson: I think it really does come, come down to culture. I know I'm always just so appreciative when I feel like someone on the team maybe that I haven't worked with as long as kinda some of the others, when they do come to me with a different idea or some, you know, honest feedback. I try to. Make sure I'm always closing the loop.
So, you know, I take the feedback, I do what I do with it, and then I always follow up both to show my appreciation and then, Hey, here's what you got me thinking about, [00:18:00] or here's what I did as a result of what you shared. Because I think that shows that you genuinely, genuinely kinda want that feedback and want more of it.
So it's kind of a, a cycle that, uh, kind of furthers that kind of relationship.
Natalie Nathanson: I wanna, uh, shift gears a bit and, uh, talk a bit about generative ai. I know it's, uh, there's lots to talk about with that these days and a [00:19:00] lot in and out of your industry. Um, you know, when we spoke previously, you painted a stark picture of how fast the threat landscape is shifting, especially kinda in the SMB space, uh, where not all companies are as prepared.
Uh, curious to hear from you, like what are you seeing, uh, in how gen AI is changing the cyber security game? And, you know, what should leaders both in and out of cybersecurity be thinking about?
Corey White: Yeah. Yeah, it, it's, it's really interesting what, what's happening right now. Um, and also, uh, you know, you know, kind of frightening a bit, especially in a small to medium. Slash business space. You, you take, you know, yesterday I had an, an inbound call with a, a company, uh, and, and I, we went through, you know, their security stack or in this case, you know, lack thereof.
And, and basically they had nothing in place. They all the way to the point where. They weren't enforcing multifactor authentication on their email. You know, [00:20:00] just, just nothing. So let's just say if that's, that's the average small to medium S size business, they have kind of nothing. And even the ones going back to the ones that have an IT provider.
It is, it's spotty what they have. You know, sometimes they're patching, sometimes they're not multifactor and fully enforced. Antivirus may not be blocking. It may just be, you know, something on the endpoint, but not necessarily enterprise grade or AI based. So if that's one side of it. Now let's look at the other side of it.
Prior to generative AI even coming out the breaches, the hackers were highly successful. Okay? It's not like. They were failing and being stopped. They were highly successful. And so now we've got, you know, the phishing emails. So let's just say if I, I don't speak English. But I want to attack an English speaking, you know, you know, company.
Then I can use Gen AI and automatically use perfect English. Like it fixes all [00:21:00] that, right? Or Google Translate, whatever. And Grammarly, all these things are out now that, that make the, the emails well formatted. Now let's dive a little bit deeper. So if I wanted to, you know, say, you know, attack you, Natalie, that can just Google you, that can Google me.
And, uh, or, or, or gen ai, you know us and it tells you everything about us. And, and there are, um, you know, LLMs, you know, called fraud, GPT and a few others that will generate your phishing scenario, create your phishing websites. It will do all the work. For you. So, so now what used to take, you know, you know, back in the day it was, depending on how sophisticated your attack was or social engineering attack, you know, a week or so, maybe two to, to plan out, you can do this in a matter of like less than an hour and have everything you need in all the reconnaissance and, and then automate the attack.
[00:22:00] So, so we have a, you know, let's just say a very sophisticated threat actors out there. And because the, the, the script kitties back in the day, those were ones that were just kinda the young kids that didn't really know what they were doing. Uh, for the most part, those are very sophisticated now. And you're attacking a victim that that has no protections.
And I use a non-technical example. So let's think about it like this. So if you, you drive your car and you park it, you know, um, in la so park it downtown la you don't close the door. You, you obviously didn't lock your door. You, your windows are down, okay? And there's no alarm turned on. And then you leave it and go to an event and come back and your car has gone.
Should you be mad that your car was stolen? No. So same thing with your company. So if you don't have MFA, you're not applying patches, you don't have antivirus, you aren't doing any phishing or email, you know, or DNS security controls in place, [00:23:00] no security awareness training. Um, and then your company gets hacked with the triple source and ransomware type.
Should you be mad, like you had no protections in place. So, you know, I just think we need to think about basic cybersecurity, the way we think about securing our car or our home. We always close and lock our doors or turn our our alarm on. So why wouldn't you do that in your company? You know? And so that's why there's such a big gap.
And before Gen AI even came out, we were. Being compromised and alarming rate. But you look at any stat, everything is highly successful from a hacking perspective. So we're, we're in a precarious situation as it relates to securing our, our country because of our small, medium sized businesses, which are 32 million, you know, plus in, in the United States alone, they have no security.
So they're sitting ducks to be attacked. And here's the last clincher to it, which [00:24:00] I think it is a bit of a dagger. Is most of these companies, they don't have to budget. Even if it's affordable to spend on cybersecurity, they're to the point where it's either you make payroll or you spend on cybersecurity or other things, and they're opting to make payroll and keep their business up and and running.
So the economic challenge ties into this as well. So we have a perfect storm for hackers and nation state threat actors, um, to launch attacks against, you know, US based businesses.
Natalie Nathanson: Yeah. I'm curious, um, you know, sheer curiosity, but you mentioned kind of government and, uh, the impact that, uh, this could have given the, the number of small businesses out there. Is your view that the government should play a bigger role in better kind of enabling or supporting small businesses in this arena?
Corey White: Yes, absolutely. Um, when, when, and I've thought about this ultimately, when you think about what makes [00:25:00] someone do something and it, it is, it is to the point, and I'm, I'm a bit of a, a, you know, health fanatic and, and, and, and biohacker. But what made me become that person, it wasn't because I was. Healthy, really, really healthy.
In my twenties, no, I had autoimmune diseases. I was, I was eating badly and I felt like crap for most of my, you know, twenties. And so I had to figure out, okay, how do I fix this? And so I changed my diet and, and really got deeper into, you know, a healthier lifestyle. And now I feel amazing. But you, and you think, you equate that to businesses.
If there's no driver, there's no enforcement, whether it be, you know, compliance or you get hacked or, or the government, you know, subsidizing cybersecurity or making it a law or requirement, people simply don't do it. They, I, if I never got sick, I would keep on eating fast food and drinking soft drinks [00:26:00] all the time, you know, 'cause then why would I change?
And so the same mentality applies to companies. There's no reason to change until something bad happens, but that affects, you know, the, the US economy that affects businesses to where they aren't able about, you know, there's a few stats, you know, I'll just give a range. I've heard, you know, between, you know, you know, 20 to, to 60% of companies are either severely crippled or go outta business after a cyber attack.
Okay. So that's what the, uh, the effect into the economy. People lose jobs. People can't make money because they can't pay a ransom and hackers have admin access into their whole company. They can't get it back. So we, we have to have some type of enforcement or government intervention, something to balance it.
And I'm not gonna say I know all the answers, but something needs to change. 'cause what we're doing today does not work.
Natalie Nathanson: Yeah. Yeah. I mean, it ties to a topic I've been thinking a lot about [00:27:00] the last few months that really, like the onus on the small business is right. You have to be knowledgeable in all these areas that maybe weren't as important, you know, 10, 20 years ago. Right. Cybersecurity and having good governance practices and, you know, as the world becomes more digitized and automated, like having a, a really good tech stack and a top-notch integrated digital experience.
You're essentially like a mini enterprise, but without the, the resources of an enterprise and the staff of an enterprise. Um, so it's, it's a challenging place to be, um, but really kind of needing to fire on all cylinders and look at kind of where do you develop those skills in-house, where do you kind bring in kinda outside expertise for that.
Um, so it's, it's definitely a challenge and I think we'll only continue in that direction.
Corey White: Yeah, that's exactly it.
Natalie Nathanson: Yeah. Um, I'm curious, before we move off the AI topic, if you, um, have any an interesting or fun use cases like either for yourself as a CEO or anything in your personal life, anything, uh, you're kind of, any way you use it that you think would be [00:28:00] interesting for others to hear.
Corey White: Ha. Oh, wow. Um, I, I use it in so many ways. Um, one, one book I that helped me get, you know, a focus around it, uh, called, um, it's called AI Leadership. So, yeah, I read through that book and it, it, it talked to a few things, a few data points I picked up from It was one, there is a post-it on my computer monitor is, it says, how can AI help with this?
Okay. Because the challenge is if you've been doing something the old school manual way for, I don't know, 25, 30 years, you don't think to leverage ai. Uh, and, and doing whatever you're doing. And so, um, one, I I had a, God, I wanna say a 200 item, RFPI had to answer in an Excel spreadsheet. And I was able to using, um, I have a voice tool that I use that has really good, [00:29:00] um, uh, voice recognition.
And so using that with ai, I was able to complete 200 questions in about an hour. And if I, if I did, um, that with the normal old school way, it, it was probably easily, you know, almost a week's worth of work. The research I had to do the formatting and reviewing the language and making sure everything was done.
So answering RFPs with AI is, is heaven compared to what it used to be. But there's so many, many use cases that that is out there. Um, that AI helps with. Um, I, this, this is the golden age because, you know, now that I think about it, when I first started. For me to learn something new, I literally would go and sit in Barnes and Noble and, and read the books, you know, sorry, Barnes and Noble, I wouldn't buy every single book.
Never read them tech books and, you know, the certification books. And then when they closed at 11 o'clock, then, then I, I leave and, and go home. But, um, that's how I, I had to study that. [00:30:00] Said how I had to get educated. It was all not on the internet. I mean, I started back in 1995, so this is like 9, 6, 9, 7.
There wasn't a book for everything. Um, and, and, and you know, if it was you, you, you could go to the bookstore and get it. So the, the hard part for me was information access. Now you have access to all the information. You have access to all the answers. And, and one of my, my pet peeves, and it always has been just coming from that background, is when people said, say that they don't know.
There's no, I don't know, in, in 2025, you know, there is, let me figure this out. Let me find the answer. Lemme get the answer and interpret it and come back. Uh, one point I will say with AI that yeah, I think we, we have to figure out an answer to, you know, as, as a, you know, business.
There,
there, there, there, um, people coming out of college or, or don't have the base foundational knowledge, um, in a certain area, whereas.
[00:31:00] I have 30 years experience in cybersecurity, so I can leverage ai, but when it's wrong or not clear, I know how to fix it. I know how to prompt and get to the right answer. But if you don't have the experience, you don't know when it's wrong. So you're taking what it says as face value and you don't know that that's wrong.
And so that ends up being a gap. And I've seen some, some junior folks, um, in my field and, and some interns, they'll use AI for something. But they don't know what's wrong. When I look at it, I immediately see, uh, that's not, that's not correct. And, and, but they don't know the difference. And that's just experience.
And I don't know how you bridge that gap. Uh, because again, if I were, you know, younger 25, I'd be doing the same thing. I'd be leveraging ai, but I wouldn't have the background experience to validate it. And that, that's the hard part. So we gotta figure out how to bridge that gap. Otherwise, we have a bunch of young, young people using ai.
But dependent on it, thinking that everything is facts coming from it, and it's not all the case, always the case.[00:32:00]
Natalie Nathanson: Yeah. Yeah, I totally agree. I think it's, you know, the, the onus on, uh, kinda the education system and not just kind of the formal structures, but I saw, I think Chad GT recently, uh, rolled out study mode. So rather than like giving students the answer, how do they kind of. Push the students to kind of think for themselves and driving that critical thinking.
I think those kind of skills and having a more critical eye on everything that comes out is so important because to your point, like something coming out of let's say Cha, GBT, it usually sounds wonderful, but is it really kind of, you know, when you have to actually think about what are they actually, what is it actually saying and what do you do with that information?
Uh, so I'd love to, uh, shift and talk a little bit more about the go to market side because I know we talked a little bit about this earlier and, um, you've led through some, some major shifts. You've talked about, you know, service models, new buyer behavior. So I wanna talk about, you know, how you, uh, focus on, you know, getting this [00:33:00] right and, um, you know, it.
How do you think about, uh, the go to market side of a change and kind of what you need to work through as an organization to make the right bets?
Corey White: Yeah, I think, um, the number one bet from a go to market perspective that every company has to figure out is scale. Okay. Because you can, you can do it, you know, onesie, twosies here and there. Um, you can, you can, founder led sales is typically how, how, uh, startups start. And, and they, you know, it's through the founder relationship or the founder, um, you know, pitching and doing every single sales call, but how do you scale beyond that?
What, what does that look like? And, and I, I don't think that most people spend, our companies even spend enough time figuring out that shift. You know, you, you get, and, and you, there's a certain point where you say, oh, you have product market fit. And unfortunately that that's a sliding scale. [00:34:00] You, you may have product market fit in a certain market, uh, meaning what you had in say, 2021 or 2022.
You may have had product market fit, but then the market has shifted. Yeah. And then, and then you lost it again. And, and, and that's, that's just something that they don't, you, that entrepreneurs aren't always taught that. Um, that's why it goes back to that quarterly analysis. Okay, what are the trends? What, what's happening this quarter versus, you know, you know, the last quarter and, and I saw that live in, in 2022.
Where,
you know, we were doing a significant amount of deals every single quarter. Um, say the first, um, half of 2022, the second half, totally different, you know, a complete market slowdown in, in 2022. So the product market fit we had was not the same. So at that point, I had to figure out, okay, how do we [00:35:00] pivot?
How do we scale? And what that meant is building, you know, strategic partnerships. You know, for instance, today we're a strategic partner with, with MasterCard and, and MasterCard has, uh, God, you know, over 4 million SMB, you know, credit card holders. And so we, we, we launched back in, in February and, and it's still, you know, continually being launched through the, the country and all their Isra banks.
Uh, we are, we replaced McAfee as their, um, go to market, um, solution for, um, uh, cybersecurity. So. That gives a scale, but that takes time. So you gotta plan for, okay, how long does it take to build out that level of a partnership and and scale to that and, and what do you do in, in between time? So, you know, we build, you know, referral programs, we build additional channel programs.
We, we brought on a channel leader to execute and get all these things done. Um, those were major pivots [00:36:00] that we had to make. After 2022. And, and it's, it literally, in my opinion, I, I wanna do the analysis every single month because it moves that fast now. Um, technology moves fast, um, buying patterns move fast.
Uh, the economy is, you know, changed, you know, under, under this administration right now, it's. It's been very different in the last six months, you know, buying patterns. So it's not something that, that, that we could have all predicted. But again, another pivot had to come from that. Like how do we, how do we maintain in this market?
So I just think every single entrepreneur needs to be conscious of what is happening from. Economic market conditions, what's happening from a customer needs, what's happening from a com competition perspective. And, and also you look at, you know, your pricing. Where, where does your pricing land? Because again, our pricing was at one point, we made some changes.
We made, you know, price changes three times over the last, you know, six years based upon market [00:37:00] conditions. But all that needs to be looked at.
Natalie Nathanson: Yeah,
I wanna hear a little bit more about, you know, how you scaled up your partnership efforts, uh, because I, I do find that's an area that a lot of companies struggle, and my view is that. Partnerships will only grow in importance in, in go to market as we see more and more digital noise and lack of kind of knowing who and what to trust.
Um, so how did you, how did you scale that up for your organization?
Corey White: Yeah, I. Founders, even if they have a ton of relationships, um, they, they gotta get to the point where they can't execute on everything. And, and one of my, my mantras, especially as being an executive of my large company, and, and even here, I always try to get to the point where I don't have a job. Okay?
Because if I, if it's my job to do something. Then inevitably I'm gonna get distracted. There's something's gonna come up, there's something I gotta do. I can't really focus, as, [00:38:00] you know, founder and CEO of the company. There's always something that you have to go and do. So you gotta get to the point where you're able to scale up to a certain point where you can delegate.
Um, I have a fantastic, uh, you know, channel leader. Her name is Maria Diaz and, and based off New York. And, and she, she's just killing it. Whereas I can go to a conference. And, and meet with some folks or folks I may already know. Like, Hey, let's partner, let's make this happen. And that's typically what happens.
You, you run into someone you know, you like, we build a partnership, let's do it, and then nothing happens. So you gotta have that person you can hand it off to and, and say, Hey, we're building a partnership with, you know, you know, this company here. And, and once they, you do the initial first call, let them run with it.
Like, for instance, like literally right now, you know, my team is doing a partner kickoff call with a company that I know very well, uh, locally here in California. I built a relationship, they're there, but I don't [00:39:00] need to be on that call. The team's got it. You know, and so that's what, that's an important, you know, uh, lesson learned is that you can't do it all, but you gotta find the right time in your business to be able to transition that all.
Because if you do it too early and you maybe have the wrong person, then it, you, you gonna fail. You gotta do it at the right time when you have, you know, a, a good foundation of, of your, uh, company and your, your market and, and go to market strategy. And then you're like, all right, let's augment this with a partner strategy.
Um, and then you gotta build a partner platform. And that took us about six months really to build out our referral program and partner platform and make all of it automated and affiliate links. All those things had to be in place before we could go out and start building some of these partnerships and get 'em to work at scale the way we needed them to.
Natalie Nathanson: Yeah.
I do think going in with kinda eyes wide open to all those investments and the time to impact and all of that is just so critically important. And especially if [00:40:00] you're smaller organization and maybe partnering with some much larger firms. Also, thinking about, you know, where do you, where do you draw the line on kinda how much customization you're willing to do.
For a partnership and things like that. I was just talking to someone a couple days ago, um, that was asked by, I think Accenture, uh, to create some, some new materials, a new program, and this would've, you know, diverted the majority of their, you know, partner, uh, resources to create that. Um, I think going in with some of those rules of the road in mind, and not to say that you won't adjust opportunistically, uh, but being very clear on what it's gonna take to be successful in that environment.
Corey White: Yeah.
I also comment that you can ask for money. If someone's asking you to create something and there's a significant lift, then ask them to help fund it.
Natalie Nathanson: Yeah, I think oftentimes people are afraid to ask. Um,
and
and I don't know why. So I think that's a great piece of advice.
Um, Corey, I'd love [00:41:00] to, uh, maybe take a, take a side step here. We've learned a lot from you. I'd love to learn a little bit more about you. So can you tell me a bit about, you know, your, your childhood? Um, did you know you had to be in, in cybersecurity or be an entrepreneur? Like, how did you get from who you were as a child to where you were now?
Corey White: Yeah. Yeah. It, I, I, I guess I did know I was eventually gonna be an entrepreneur. One of the things that, um, it fascinates me. I tell all my, my employees, and we, we work together on this. Um, I wanna understand what, what is your innate skill? What are you naturally good at? What were you born with, right?
That's, that's what innate means, right? What were you born with? And, and you know, sometimes people come back and like, well, I'm good at this. Like, no, you learned that. What were you naturally good at? And, and one of the things I did notice as a, as a child. I would tend to step up and lead, and if no one else was leading, then I would just jump in [00:42:00] and do it.
Um, I, I never was much of a follower. Um, but also at the same time, one of my, my favorite, um, kind of personality profile test is, it's called the spark type. And, and, uh, the, the founder of it, uh, John and Fields has done an amazing job, you know, of making it simple 10 minute test, but we do you, I've done it in the last two companies.
So there are 10 different spark types, like I am a maker maven, someone that is driven to create and build new things maker and a maven, someone that loves to learn new things. So if there's something to learn out there, I will deep dive and learn everything about it. And then I'm like, oh, now I know this thing.
I can go and build something with it. But as a child, I was that kid that always broke his toys.
and,
my parents were like, all right, how long before Corey breaks this toy? You know, one toy in particular, you know, you pull a string, it points to a cow and it makes a cow noise. And I was like, three or something, and I [00:43:00] smashed it and like, can't be a cow and here, how's this thing work?
And then saw his little cassette tape in there. But that was just kind of normal and, and so. I've always been that person. You know, I, I, I break things. I, I like to build things. I like to create things, and, and that's, that's to me, a, a entrepreneur founder mindset. You, you look at a situation like that, that is broken.
There's a better way to do this. Let's go fix it. Let's go build something to solve that problem. So, so that's what I, I was like, uh, as a child always, you know, tinkering and, and, and learning new things and, and it, it is interesting being a father. You know, one of my daughters, you know, she, you definitely can see she is cut from me 'cause she, she breaks things.
Absolutely. And I had to conversation. Your father broke things. It's okay. Um, and, but, but she also likes to build things and, and so. It, it, it helps having, you know, [00:44:00] the ability to understand oneself and I give this advice to, to anyone, I think is extremely difficult, if not impossible to be, have any level of success in life if you don't know who you are.
So you gotta first figure out who you are and then live life being that authentic person of who you are, you can't win being someone else. You know, you look out there and see, oh well that person's doing is cool. I'm gonna go and emulate that. No, that's not you. You can't win at life being someone else.
So be you. And first you gotta figure out who you are and then be that person and then live life.
Natalie Nathanson: Yeah.
I love that. Uh, you just reminded me of a podcast I was listening to last week. I don't remember the woman's name. She was a professor, uh, at Stanford and really got very popular, uh. Uh, much more broadly around helping young people figure out who they are. And she made an interesting distinction between values and virtues.
Um, and that virtues are more of the things that, [00:45:00] um, right, everyone will agree, uh, on, right? Like kindness and honesty and things like that. And often people equate that with their values, which means they're not really exploring what are their personal values, uh, that might be different from, you know, the person sitting next to them.
And that really getting into that helps you figure out, um, right, both like what you said, your innate skills, and then you know, how you, how you show up and how you kind of wanna orient yourself in the world.
Corey White: Yeah. Yeah, 100%. And you, you might be referring to it, I don't know what podcast it was, but, but, uh, Carol Dweck wrote, wrote a book called Mindset. And she's a Stanford professor, and I highly recommend that because what that does is it talks about the growth mindset, uh, person or, or a fixed mindset person.
I, I personally, you know, my opinion is I think everybody's kind of born growth. But in, you know, life conditions, you know, uh, an environment make you maybe into more of a fixed person. But we all are [00:46:00] very creative. You look at any child, there's a lot of creativity they all want to create and their minds are just completely wide open.
But, you know, sometimes as, as an adult, you, you know, by the time you're an adult, you've lost all that. And, and a growth mindset is like we were talking about with ai. You give me a problem. I may not know the answer right now, this second, but I'll figure it out. There is a.
Solution to it and, and fix it is more of people saying, well, I'm really good at this thing here, and you gimme something outside of that.
I can't, I can't compute, I can't do that. Which, which is crazy. We all can you, you, you're only putting yourself in the box because of your mindset. And I'll answer this and I, oh, I gotta look up through the actual test. But I think people, everybody remembers that, but. My first job, uh, or actually second job when I was interviewing to becoming, um, an engineer, and this was in 1996, and I was gonna be a network engineer.
And at that point, no one knew anything about [00:47:00] network engineering 'cause it was all new. So you're not gonna go and hire people that, hey, I'm an expert, been doing this for years 'cause it's brand new.
And
so the guy interviewing me, he, he says, all right, here's a, um, a whiteboard. Here's a marker. Um, you got like a, a chicken, a fox, and some sticks or something, and you gotta get 'em across the stream and you can't carry 'em all at the same time or whatever.
You know how you do it, something like that. And so I was like, okay. And I get up on the whiteboard, I start working through it and trying to figure it out. And I was just about to figure it out and he said, stop. And I was like, oh, almost had it. And, and then shortly after that, the interview ended. But then, I don't know, three days later, he calls me up and says, I, I got the job.
And I was like, I didn't finish the kind of, you know, scenario you gave me. And so we had lunch that the first day of the job, I'm like, well, how did I get hired? I didn't finish the scenario. And he said, well, Corey,[00:48:00]
um,
I interviewed I probably 20 people and of the 20 people, um, some people they didn't even get up.
They didn't even try. Other people, they, they wrote one thing down and they're like, actually can't figure it out. And they all gave up of those people. You got the furthest of anyone else. And I was like, but I didn't even solve it. And, and he was. Like, it wasn't about solving it, it was, I wanted to see how you thought and your decision process and, and figuring out, you know, um, logic of, of working through the problem.
'cause that's what this job's about. And I was like, oh, okay. All right, cool. I never would've thought I got that job, and I never would've thought that most people would've not even tried or, or given up, but. I think that's, you know, a, a growth mindset versus a fixed mindset. And ultimately you, you get, you gimme a problem, I'll figure it out.
And there are a lot of people like that. And those are the types of people that I end up looking for and trying to hire because I don't care what [00:49:00] you know today, what can you learn and how can you apply that and, and working. Can we go from there?
Natalie Nathanson: Yeah, I think that's beautifully said. And I, I think coming full circle on the discussion that we're having that, you know, in today's environment, like you need people that have that growth mindset and bring their critical thinking skills that are looking at, you know, different ways of, you know, solving the problem.
So I think, uh, it's a, a really great place to end the conversation. So thank you for. Uh, all of those insights, Corey, um, I'd love to, uh, ask, you know, if people want to get in touch with you, what's the best way to reach you?
Corey White: Yeah.
Um, you know, definitely check out our, our company, um, cyvatar.ai C-Y-V-A-T-A r.ai. Um, you can go to the website, you can sign up for freemium. We have free scans, free, uh. Uh, policies and, and free risk recon, uh, scoring free gap analysis. All that is in our platform. Takes about 30 seconds to sign up because we don't believe you should spend [00:50:00] money on someone doing a gap analysis assessment.
To my point, most small meme sized businesses have nothing in place. So why would you spend money for someone until you, oh, you've got nothing in place. Um, we do that for free. You know, you'll be able to continually see what your, your gaps look like, um, but when it's time for you to secure your organization.
Then, uh, we're e-commerce enabled or we're happy to jump on a call with you and figure out the right solutions for your organization. Uh, so definitely hit me up on, on our website and, and, and please, you know, connect with me on LinkedIn. Um, um, you know, Corey d White on LinkedIn. Easy to find and, and, um, you know, if you have questions, hit me up there.
I would reply back to my LinkedIn questions all the time. Um, um, I enjoy meeting new people, so, um, happy to have a deeper conversation with anyone out in your audience.
Natalie Nathanson: Wonderful.
Thank you. Uh, thank you so much for this conversation.
Corey White: Thank
you, Natalie. It's been a pleasure.
Natalie Nathanson: And thank you too to everyone listening. I know I loved hearing so much of what Corey [00:51:00] shared, you know, how he goes through that, uh, quarterly analysis to stay on top of the market, uh, with his team, learning more about the realities facing SMBs, um, and a lot of the topics that we covered around the changing, uh, you know, skillsets and, and the needs of the, the future workforce.
So thank you again, Corey, and if today's episode gave you our listeners valuable insights. And I'm sure that it did. Please share this with someone we know that sharing this kind of knowledge and information helps all of us grow as leaders and helps us drive successful transformation in our organizations.
Well thanks Corey. And this has been another fantastic conversation on Shift and Thrive. I'll see you all next time.
[00:52:00]
Creators and Guests
