dnsUNFILTERED: Raffaele Mautone, Judy Security

Podcast > Episode 11 | June 05, 2024

A Candid Conversation with Raffaele Mautone. Join us for an exclusive YouTube Live interview with Raffaele Mautone, CEO of Judy Security!

View Transcript ▼

[00:00:00] Mikey Pruitt: Thanks everybody for joining me on dnsUNFILTERED. I'm joined today by Raffaele Mautone. He is the CEO of Judy Security. That's Judy Security AI. We're gonna go into that AI part, but first, Raffaele, why don't you tell us a little bit about yourself?

[00:00:17] Raffaele Mautone: Hi Mikey. Thanks for having me today. I, we're headquartered in Detroit, Michigan.

I grew up in Michigan. And was fortunate enough to work for some amazing companies that allowed me to travel around the globe over the last first part of my career. Definitely been embedded in cybersecurity for over 30 years. Working at companies like McAfee which was my first taste of cybersecurity.

And then FireEye and then before Judy Security Duo where I was CIO. Picked up a lot of great things from all three companies. Also the things I probably would never want to do again. And that's how Judy security came to came to life five years ago.

[00:00:55] Mikey Pruitt: First, what are some of the things you wouldn't want to do again in a generic way?

Don't put anybody on blast or anything.

[00:01:00] Raffaele Mautone: Yeah, I would never do that. I know better. I think there's a lot. Fear used in the world, even today in cybersecurity, and I think we're all exhausted. So I think, just be honest with partners or customers, we know that, there's a potential for breach.

If you say your product is 110% bulletproof and gonna solve all these big problems, you might wanna remember that it's easy to Google things out on the web of a band, that partners and customers do talk. So I just think transparency and honesty is critical for companies in this new world.

And no, we did not do that, and many have not. In the cybersecurity industry over the last 20 years.

[00:01:44] Mikey Pruitt: Yeah. I was gonna ask what does that honesty look like? And it sounds like it's just, not promising things that you can't deliver on and not generally, or you say not fear mongering.

[00:01:54] Raffaele Mautone: Yeah. Or when you say it's a partnership, it's really a partnership, right? Like you see a, even like in the part in the channel, you see a lot of partners put all their business into a company and then all of a sudden the partner program changes because of. The street needs the numbers to be better or they take the customer's direct, which can destroy a partner.

So you just, there's just, it's an industry that's had a lot of problems. I think it has potential to get better. I think the other thing that just drives me absolutely crazy and I'm passionate about is this thought that not everyone can be in cybersecurity. I think it's absurd. Anyone can join cybersecurity and it doesn't matter if you wanna be a salesperson, a technical person, a marketing person, anyone can shift over to cybersecurity.

And even there, a lot of the thought leaders and technical teams are very territorial or don't wanna put in that effort and give people a chance and you just go, but someone gave you a chance. We just have to keep remembering that to allow. The next generation of cybersecurity experts to come in, they're gonna have to be given a chance and they're gonna have to be mentored.

Yes. I firmly believe anyone can do it if they're passionate about it.

[00:03:11] Mikey Pruitt: Yeah. I'm really glad you said that. I was actually having a conversation with someone on Reddit. I had said something, like I do, like anybody does get a little Reddit action and conversation and they direct messaged me like, oh, I'm so jealous that you're in cybersecurity.

I was like. And it's probably, a younger person maybe starting off on their career. That's kinda the sense that I got. And I basically just said, I have a tech background. You clearly work at A MSP, so you have a technical background, but I now work in marketing, like there's way more jobs in cybersecurity just like any other industry than just, the red team and the blue team and purple team or whatever.

So you know, there are, there is space everywhere and you may have strengths that you don't know about. So like me, for example, with the tech background, I can speak nerd, love speaking nerd, but I can also, talk normally like we're doing here, and that is well suited for marketing. So they're like, would you like to be on the marketing team?

I'm like, but yeah, so it's great, like there's so many options available, not just, those super cyber nerds that are, fighting, the actual hackers and everything. Yeah. It's good that you said that.

[00:04:26] Raffaele Mautone: And then the job postings are just ridiculous. A college grad is supposed to have two to five years experience.

They're a college grad. How are they supposed to have that experience? Now that's called an internship, but you're kidding me. And who has 25 years in cybersecurity? You just are looking at just the job descriptions that are out there or posting and you go, okay, I won't even qualify for some of those.

And I'm in the industry. So what is the. Know, what are you're looking for a unicorn. And when there are thousands of people that could do the job, maybe it starts at 50%, but if you're willing to work with them, they can be 90 to hundred percent really quickly. So anyway, that's one of my passions.

You asked a little bit about me and

[00:05:08] Mikey Pruitt: let's talk about your 20, 25, 30 years in cybersecurity. So you mentioned a couple of big names there in the intro, McAfee, starting with McAfee. And again, not to bad mouth anybody, but how do you see the cybersecurity industry or security methods have progressed since?

Things like McAfee were a very a lot more prevalent, I guess you could say.

[00:05:34] Raffaele Mautone: Back then, I sound like Father Time now. Back then we were at the forefront. So remember antivirus was the thing. It was new for everyone, even the enterprise. And then other products started to come out, like DLP and, endpoint protection and EDR and all these other items on how you protect the endpoint or the network.

So it was very exciting. I, here I am, 28 years old working at. Company that was originally, it was a point product and then the brand expanded and took over the entire company and we went global. So getting to open offices all over the country and meet people all over the globe. There's still every one of us that were at McAfee back then.

We still all know each other. We're all still intertwined. And it doesn't take much for all of us to pick up where we left off when we see each other, or even in some of the social media rooms that we're all in sharing information or simply keeping up with each other, or friends, family. I was there for 12 years.

I fundamentally grew up there. A lot of those people are like family to me. And, so I don't have anything to say bad about the people or the experience. I think like in any company there's, there's good and bad. We learned the hard way on systemic issues and processes and how to sell direct or not sell direct and, but overall it was amazing experience and I wouldn't change it.

It really embed and I, what was great is McAfee was that company that gave me a chance. So like you. I have a communications background. I wasn't technical, so I jump into sales. They started training me like crazy on all the things I need to know about, antivirus and protecting systems. And that I think is what's great about those companies that people join where they're given a chances as long as you can hold commun, communications is the key.

I still believe it today. The company can train you on everything else if they want to, and that's what was great. I went from sales. Went into operations. I then went into it. I went back into operations. I then went back into sales and like I said, I got to open like 15 offices around the globe that. It was an amazing experience.

And, so it was it was, I was very fortunate. I'd go back and hug that 28-year-old ago, 8-year-old that clicked on that link and applied for the job. Yeah. Because I had no idea what it was. Good job, Rafael. Yeah. It was just like. What is Network Associates? 'cause that's what they were called.

And what is this point? Product? Okay, I'll, it's a sales job. I'll do it. And see what happens. But funny how that little, that one moment changed my life because now I'm addicted to cybersecurity. It is a amazing industry. And that technology is always changing. So if you'd like change, this is the industry to be in.

[00:08:25] Mikey Pruitt: I was gonna say, we just got the title for the episode. Addicted to Cybersecurity.

[00:08:29] Raffaele Mautone: Yeah. Once you get in, if you really like change and problem solving and getting to work with people that become your family, it's an amazing industry to be in. So I left there after the Intel acquisition, went to FireEye.

FireEye was a little bit more of that true startup. And, we grew to 3000 employees went IPO. It was the first time I ever seen a company or was in a company that went IPO. And that was an amazing experience. It was a lot of hard work. It was not easy. But again, we all felt like family and we were all driving towards the same goal of growing the company and starting to build out that global model.

From there, like every good Midwestern kid, I tried to get my parents and family to move to Texas or California and they wouldn't do it. I moved back to Michigan to be closer to my family, which is where I grew up, and met a guy named Doug Song who had this startup called Duo. And we talked for almost a year and then finally he had the right role.

And I joined the CIO. It was a great four year. Sent there as well, watching us grow from I think it was like a hundred when I joined up to 850 when Cisco acquired us. Wow. And then yeah, the CFO and the CIO were the first to go acquisition,

so c, f I said, okay, that's fine.

I'm not personally offended.

Exited. A and then I thought if everyone else can start a company, why can't I? And just drew this napkin design of what I thought Judy would be. And five years later that napkin design is live. So it's exciting.

[00:10:05] Mikey Pruitt: Yeah. Very cool. So before we get into Judy, tell me about the previous name of Judy Security, basically or if it was, I know the company has transitioned a little bit kinda reinvented itself, I guess you'd say.

You definitely have new branding. And tell me about a, your security and like how the progression from ADIA to Judy started to formulate.

[00:10:28] Raffaele Mautone: When you're sitting there going, okay, I have the design technical. I think as a founder it's oh God, what am I gonna name this? Trust me, if you go back in time on a lot of companies, you see a lot of name changes for I know there, like a duo.

There was three. One,

yeah. Like Duo, there was three. I know DNS, silver had one. So I think founders,

we just go what would be a good name? But. Then you get in the marketplace and it doesn't really resonate. The name itself is actually the first two, a's are the initials of my daughter's first names.

The D is capitalized because we, I knew I wanted to be headquartered in downtown Detroit, so I'm Googling a d, names on the internet, and this name popped up. It's Latin and Middle Eastern. And it's, it can be pronounced AA or aa. And so I started showing it to some marketing friends and they're like, looks like a cool name.

And you know you're gonna have people, not understanding how to pronounce it. So we started with aa, then we said That doesn't, it's not, so we started training people to say aday and it, the story as we started to grow and started to, bring on customers like, oh wow, that's Raffaele's daughter's name and the D is capital, for Detroit and they're headquartered in Detroit.

So it became the story, right? And people would share that story and then people would be interested in our product, what we're doing, and the team up until about a year ago. Where we had named the AI of our product, Judy, right? And everyone started calling us Judy, like Judy was hitting it right on the nail, like there was no question about the product and what the name was.

So you started going, everyone's calling us Judy, and they're not able to pronounce name. We probably should just transform and become Judy's security. And our product would remain. Judy, and as much as I love my daughter's names are in the original name and the Detroit. You also see though, with Judy, people warm up.

They're like, Judy, wait, your company name is Judy Security. They have a friend that's named Judy, a grandmother, an aunt, a cousin. They think of Judy Garland. Judy Jetson. So there's just this whole other. Arm of marketing just based on the name and the simplicity of it. And so that's why once we start, last year we said, okay, we're gonna move over to Judy Security.

And it's taken off.

[00:12:55] Mikey Pruitt: It's really, if everyone listening didn't quite grasp that Raffaele here was listening to the market and changed the name of his business to resonate more with them. That is a power move in the marketing space. You were, people were telling you what you should be, and then you became that thing, not that you already weren't, you just.

Kind made it more official. So with duty security, you were telling me about the seven pillars of cybersecurity that you guys focus on. And actually before that tell everybody what Judy Security does. Gimme the pitch.

[00:13:33] Raffaele Mautone: Yeah. So we actually built a platform, not a point product that has seven pillars, specifically for small and medium sized businesses, and is designed in a way.

For our partners. So we know small to medium sized businesses actually purchase through MSTs. We've again researched the market and we're told by our customers, why aren't MSTs reselling your product? And so we pivoted again nine months ago and really designed the tool, set our program and everything that we're doing around enabling MSPs to enable small to medium sized companies.

And so that's what the platform does. There's two lenses, the end user, so someone like you who's on their computer and Judy's scanning, monitoring, nurturing and helping you as you log into different systems. And then that lens of a partner you might work with, like an MSP, who does your IT stuff, but also now can do cybersecurity for you and help protect and remediate.

In a way they've never been able to do before. And we do that through three lenses. One empowering in a way where the customer and the partner now can map back to those compliance frameworks that they're getting told they have to map to. So PCI, hipaa. The design itself is simplicity. So Judy takes 30 seconds to install seven pillars.

And she's able to block tackle, scan. Like I said, help in each of those fillers. And then lastly, it's price. If you wanna play in this space, you have to price it in a way that they can afford it. And so Judy's pricing definitely aligns to what a small business can afford, as well as a partner can make money.

[00:15:25] Mikey Pruitt: So duty security is really a tool a suite, I guess you could say, for MSPs to deploy into their end customers environments.

[00:15:36] Raffaele Mautone: Correct.

[00:15:37] Mikey Pruitt: And it's small, medium

[00:15:38] Raffaele Mautone: size. Yeah.

[00:15:39] Mikey Pruitt: Also, I did catch your I guess Ian, is that how you would say that? A good Detroit. Using blocking and tackling reference in your pitch.

Love it.

[00:15:49] Raffaele Mautone: Yes. Good one. The lions. The lions are very in the U of MI have to be a Lions fan. I have to be.

Yes. Yeah, and what's great is that, here's the thing, the 3,500 point products out there today are all amazing. They may have started in small business, but they all moved to the enterprise.

And what we hear in the marketplace. So what we saw three years ago, we hear it from everyone now, is even the larger companies are saying they can't stitch together seven point products. So how would you expect a small business to do that? And they will never have a security team on site, right? Yeah. So automating all of that and then empowering the MSTs is why we're disrupting the industry and we're seeing many partners coming forward.

Because even there, the partner programs that are out there are very exclusive or restrictive. You have to guarantee a million dollars in revenue. You have to do all these certifications. They're emerging as well, right? This is the first time they maybe are selling cybersecurity. They don't know how much revenue they're going to make.

So even the simplicity of our program and the way it aligns to what a partner needs is why CRN highlighted us. Last week with your company as one of the top five star programs this year again, so you it's many pieces of the puzzle that you have to, like you said, I listen to the marketing side of it, but we are, we listen to everything a partner says, whether it's good or bad, and go, how do we automate that, operationalize it, or simplify it for them and their customers?

[00:17:26] Mikey Pruitt: Yeah, and that simplification comes in the form of seven points or pillars that you have identified through your years of experience as, it seems like you know what every business needs, regardless of. Their situation. This is the core set of tooling, cybersecurity that you need. I'm just gonna read 'em real quick.

They are DNS filtering number one. Love that's at the top. Password manager a sim of some sort, plus XDR compliance management and reporting. Secure authentication, which I guess that could be zero trust type of stuff, really the whole thing is zero trust. But anyway,

[00:18:06] Raffaele Mautone: yeah, it's gonna be MFA single sign-on and passwordless is what's added into that pillar.

[00:18:11] Mikey Pruitt: And then you have endpoint detection and response EDR, and then. Training, security awareness training. And I I saw that for the first time like a few months ago, and I was like, yeah that's it. That's like the package MSP in a box.

[00:18:27] Raffaele Mautone: Exactly. And what's great is we built those five of those pillars from the ground up.

So it's our code. It's not white labeled. Yeah, exactly. You use AI as at the beginning, as in the heart of it. Judy's AI was homegrown. We're now working with two of the larger companies moving her AI on top of their platforms. And so even there, Judy will start to increase how she interacts with users as well as msds.

[00:18:53] Mikey Pruitt: Yeah, I love that you've personified Judy. This is great. So you have the, like this ecosystem of these tools, these seven pillars, and then you have kind of Judy, the ai, tying it all together, making it operational, like scalable. 'cause the AI is not a person, it can do an infinite. Amount of workload and it doesn't complain until it becomes self-aware and then it kills us all or whatever.

[00:19:19] Raffaele Mautone: There's that. So like that, a Terminator approach if you wanna go down that dark. I don't think it'll ever get that way. At least not in our lifetime, but hey, who knows. Yeah, exactly.

[00:19:30] Mikey Pruitt: So how did you, like, how did you come up with that idea though? I've actually heard have conversations similar to this.

There needs to be one tool that you install. That installs all the other tools, like for MSPs just to make their lives easier. 'cause there's so many things to manage. Like they have to, not to mention going on all the sales calls, figure out what tools they're gonna try to use p patch together.

But you've really just put it all together. Like when did you start seeing that as like the logical progression or the next step?

[00:19:59] Raffaele Mautone: That's on my napkin design from five years ago was to okay. How do you take. All these things customers have to buy and automate it or pull it together. And don't get me wrong, we tried white label at first.

Like we were like we'll just stitch it all together and then

[00:20:15] Mikey Pruitt: Everybody's is terrible. We can't deal with this. We open our face

[00:20:18] Raffaele Mautone: just like we knew. Now we know that happens to everyone. And Judy's AI could not drive, which was the main pillar to do all of this for small and medium sized. So once that didn't work, we went back to the drawing board and said, okay, let's start building these out.

And that's, that's what evolved over the last, four years, about a year ago, we were doing the direct business, but it wasn't, again, we started listening to their customers and we kept hearing the same thing. I'm gonna bring my MST on the call to validate that this product is good.

Okay? This is the common thread here. They're all saying they go to an MSP. So we started talking to those MSPs and they said two things. Your product looks great. We can't stitch these together. We've tried and it's failed. That's why the customer's shopping for another platform because of costs and how painful it has been with some of the point products.

And two, it, we don't make money on this. We're losing money by enabling small to medium sized businesses because we're trying to stitch it together and we're having to hire an army of security people to maintain update, and it's just not worth it. On the ROI. So we went back and said, okay, nine a year ago, time to double down on MSPs and really empower them.

That's what led to some shifts in the design from 3.0 to 4.0 that just went live in February. So there's a much more robust portal for the partner that gives them admin access, the ability to create licenses, real time. Many other companies you have to send in a PO and wait. Which drives customers and partners crazy.

The ability to see all the vulnerabilities, how they're being resolved. And then the last piece of the puzzle, going back to your original question, RMM tools, they immediately came at us and said, Judy needs to work with all the RMM tools that we use. That in itself was a journey of its own that I had a lot of adult beverages at night because you start to realize they're all design another napkin sharp, another napkin going, what have I gotten us into?

But Judy does deploy through RMM tools. And then last week which we can share now we were certified by ConnectWise. So Judy does integrate into ConnectWise also for PSA. So is there customers open tickets? That will flow into the partners PSA tool. And they can also deploy Judy through a silent install, through ConnectWise.

That is really doubling down and listening to the partner and operationalizing everything that they do. Now, are we perfect? Nope. We always talk to the partners. We listen to the partners. What else is missing? What don't you like? And we try to do quarterly sprints to get them what they want, if we know it's gonna be great for the masses.

[00:23:12] Mikey Pruitt: I have a feeling they're about to ask you to build a RMM and a PSA. There's a lot of to turmoil in that environment at the moment.

[00:23:20] Raffaele Mautone: There is, yes. It's been an interesting journey. But we're there

[00:23:23] Mikey Pruitt: you mentioned there are five of the pillars are built in house, two of them are not. One of those is DNSFilter.

So we're kind of part of your package. I'm curious, I wouldn't be doing my job very well if I didn't ask. Why did you pick DNSFilter?

[00:23:39] Raffaele Mautone: Remember five years ago, Ken and I met five years ago, your CEO and you guys were emerging. We were emerging. Now, his goal was, and I'm not generalizing.

We're gonna go towards the enterprise. Okay can I work with you and embed your code into our code? And we're only focusing on small to medium sized business. So that's how the relationship started. Both technical teams work very closely together and it was a great journey. Yeah, DNS is code is embedded into Judy's code for phishing and DNS.

We've been integrated now for four years and we love the relationship. She's able to do what she needs to, and like I said, it takes 30 seconds to install all of them, including our code that's intertwined with each other. And then our partners have the portal where they're able to see not only D nm s but EDR and even the identity access information in one console.

So it's been a great relationship and we're very appreciative of that partnership.

[00:24:40] Mikey Pruitt: Yeah, the single pane of glass is real. And I love the fact that we grew up together. That's really, that's a really good story. We should dive into that a little bit deeper, some time. One last thing I wanted to cover is, so you have a lot of cybersecurity industry experience and you've transitioned into providing tooling for MSPs.

What do you think MSPs should be on the lookout for? In the near future what's coming up? What are some of the things they may be struggling with that they're not? Things they don't know, that they don't know?

[00:25:14] Raffaele Mautone: AI is definitely gonna be at the top of the list, whether it's real or marketing fluff or, it's coming.

We know it, like we're all using AI for different reasons. In its simplest form, spellcheck. It's everywhere now, right? It's like almost in the last month. Google, Grammarly all these different platforms just deployed AI like crazy and now everyone's using it whether you want to or not.

I think that's, AI is going to be at the forefront of being one of the greatest technology shifts but also could be one of the most painful technology shifts, especially in cybersecurity. There are too many ways now to. Leverage AI and make myself look sound, and even write like Mikey just simply by going out on the internet.

And that can be a big challenge for all the things that we've designed and identity access as one example. So I think, ai and then I think the other thing is MSPs. Are very much tired of all the gimmicks. So I don't think this is for the MSVs. I think this is for all the companies out there like my mother-in-law says, knock it off.

Like it just doesn't work. More careful your vendor too. Yeah. It doesn't work anymore. I'm not gonna say the vendors' names, but how can you have your business built by partners and then. Impact them financially or just torch the earth with their business for your own personal gain. The industry is very incestuous and it doesn't, it's not gonna work anymore.

So if you really don't want to be in it with partners, then just don't create a partner program. It's that simple. Yeah. I think it, it just, it's absurd at this point. I get, I understand how we got here, but I think that is the key takeaway for companies. And then, yeah, MSTs and MSTs are a little gun shy.

They've been burned a lot. So what we do is, like I told you at the beginning, we're very transparent. We always listen and we have to earn their trust. So we treat them like they're part of the family or part of the company so that they see the good, the bad, and ugly, and that they know that they're helping us design the platform or modifying our programs so that it empowers them.

[00:27:34] Mikey Pruitt: Yeah, that's a really good perspective. That's actually the entire reason I have my current job partner evangelist. So like you mentioned how you met our CEO Ken Carnesi five years ago, and we, we're trying to get into enterprise mid-market. We have always been strong with MSPs, but about.

A year and a half, two years ago, Ken, he has to be a bit removed 'cause he has other things to worry about. As a CEO started realizing that our partners, our MSP community was not getting the love that they deserved and that he built this company upon. So he basically said, Mikey go fix it.

Go fix that. So just like you said, you have to really care. About that partner community and not, it's actually really easy to be a good partner. It's just that a lot of people don't put it as a high priority, I think is what it's.

[00:28:36] Raffaele Mautone: High priority or just treat them like they're part of the company.

They're selling your software. You in any other aspect think of it this way. We bring in consultants to help us build our software, or we bring in con, extended team members for through consulting arm for lead generation or even for sales and marketing, right?

But it seems like with partners. We put this big wall up and we say, you can only come through this little door if you do these three things and you do it our way. And they just look at you like I don't wanna go through that door then. Versus just saying, okay, here you get to be part of the living room, the kitchen, whatever, in our household.

Yeah. My house. House is your house. My house is your house. And you are gonna find things that we didn't even know were there, but. Tell us and then we will go fix it or we'll redesign it. The other analogy I always use is we used to bang our heads up against the wall.

God, why aren't they doing deal reg?

They do. The minute you put it in deal reg, someone in the company was gonna go and try to call them and pull it in direct.

So how can you expect partners to deal Something when they're basically giving you the keys to the kingdom and to their business, and then you might use it against them.

Yeah. So it's just

[00:29:50] Mikey Pruitt: this that is like the death nail for a partner program.

[00:29:52] Raffaele Mautone: Yeah. You tell someone that I have to do a deal red, you can just see it on their face. Oh yeah. That's not happening. Just why don't I just give you my social

security number while I'm at it? Why don't I just pay,

[00:30:02] Mikey Pruitt: I'll just pay you.

Fine. Take my house. So just I got a new boat. Do you want it or do take it? Yeah.

[00:30:07] Raffaele Mautone: It's just absurd what has been done in the industry to partners and I guess we're just going in the opposite direction, which. Is proving itself because our partners love us

[00:30:16] Mikey Pruitt: that's great to hear and congrats on all the the awards and the success.

And thank you for having DNSFilter. Be a part of your stack, MSP in A Box. And for all the MSPs listening the two kind of key things that Raffaele mentioned to look out for are ai. It's coming and. Partner shenanigans. You're tired of them. We're tired of them. Judy Security and DNSFilter are both on a mission to have really robust partner communities and really listen and be, joined, come to our living room and hang out.

[00:30:52] Raffaele Mautone: Exactly.

[00:30:54] Mikey Pruitt: Thank you for joining me, Raffaele.

[00:30:56] Raffaele Mautone: I'll see you next time. Thank you for having me.