Summary5 min read

BUILDERS Podcast (Front Lines Media)

Episode: How Zip Security built a vCISO channel by treating consultants as the primary customer, not the middleman | Joshua Zweig
Guest: Joshua Zweig, Co-Founder of Zip Security
Date: June 2, 2026

Episode Overview

In this episode, host Brett interviews Joshua Zweig, co-founder of Zip Security, about how their startup has developed a unique go-to-market strategy by focusing on security consultants and virtual CISOs (vCISOs) as primary customers rather than treating them as intermediaries. Zweig shares the foundational principles from his time at Palantir, Zip's approach to product and hiring, the challenges and opportunities in serving SMBs, and how Zip leverages partnerships to drive adoption of cybersecurity solutions.

Key Discussion Points & Insights

Lessons from Palantir and Building Zip's Team

(00:49 – 03:54)

Palantir’s Influence:
Joshua reflects on the culture at Palantir, emphasizing the empowerment of individuals at the “edges” of the organization—those closest to the problem—and how this distributed responsibility carries over to Zip Security.

“People at the edges and the people closest to the problem…both feel responsibility to solve the problems, but also the organization expects you to and empowers you to do the same thing.” — Joshua Zweig (01:44)
Hiring Thesis Practice:
Zip adapts Palantir’s “hiring thesis” but makes it transparent, sharing strengths, weaknesses, and expectations openly with candidates to set clear mutual expectations.

“Here’s where we think you’re exceptional. Here’s where we think there’s room for improvement…here’s a detailed success story…here's the real risks and mitigations we see.” — Joshua Zweig (02:37)

Zip Security’s Mission and Market Approach

(04:06 – 06:51)

Making Cybersecurity Accessible:
Joshua frames Zip’s purpose as closing the gap between the critical importance of cybersecurity and its inaccessibility for most organizations, especially in addressing “availability” attacks such as ransomware.

“The mission of our company is to make cybersecurity accessible. So that’s the reason we get up and come to work every day.” — Joshua Zweig (04:13)
Multiplicative Service Costs:
He notes that for every dollar spent on security software like CrowdStrike, $7 is often spent on associated services—demonstrating cybersecurity’s complexity and need for simplification and automation (with AI).

“For every dollar people are spending on CrowdStrike licenses, they're spending $7 on services for people to go and deploy and set the thing up.” — Joshua Zweig (00:00, 06:35)

Customer Segmentation and Consultant-Focused GTM

(07:19 – 11:28)

Target Segments:
Zip focuses on non-enterprise organizations with zero or minimal internal security staff—often regulated healthcare or financial entities in the 50–100 (sometimes up to 1,000) headcount range.
Role of Security Consultants:
Rather than leaning into managed service providers (MSPs), who are often cost-sensitive, Zip intentionally builds relationships with independent security consultants and vCISOs, positioning them as critical value providers, not just channels.

“We’ve been able to make a lot of progress building relationships with those people and…help them provide even more value to their customers.” — Joshua Zweig (08:52)
Organic Growth with Consultants:
Joshua highlights the reciprocal nature of supporting consultants, enabling them to deliver more for their end clients by providing “security in a box.”

“It’s important to like actually really think about this community as the customer.” — Joshua Zweig (10:51)

The Evolving Landscape: AI, ChatGPT, and Consultant Value

(11:28 – 13:35)

Consultants vs. AI Advice:
With more SMBs using tools like ChatGPT to “DIY” cybersecurity plans, Joshua sees this as a challenge and opportunity for consultants to differentiate through expertise, rather than being replaced.

“The best [consultants] should welcome it…What you really want is the opinion that either the person you’re hiring or the software you’re buying will encode about how to do the work well.” — Joshua Zweig (13:04)

SMB Focus and Channel Dynamics

(13:54 – 16:46)

Why Stick with SMBs:
Despite the prevailing wisdom to “move up-market”, Zip remains committed to SMBs because of growing supply chain security demands from major enterprises, which force SMBs to upgrade their cybersecurity posture.

“80% of [large companies’] incidents are coming from their supply chain and they're coming from outside of their four walls…As a result, they're…enforcing and auditing the bar for [third-parties].” — Joshua Zweig (14:55)
SMB Psychology and Risk:
Joshua counters SMB complacency, stressing that even small businesses are now targeted, especially as attack surfaces and contractual breach disclosure requirements grow.

“Just being on the Internet, you are a target. You don't even have to be deliberately targeted.” — Joshua Zweig (17:59)

Notable Quotes & Memorable Moments

On Transparency in Hiring:

“There’s no perfect candidates. It’s more important to make sure we have the muscle to…be intentional about setting people up for success.” — Joshua Zweig (02:52)
On Cybersecurity Spending:

“Of the, I think $250 billion a year that we spend on cybersecurity, about half goes to software companies and half goes to consultants.” — Joshua Zweig (11:54)
On SMB Mindset Change:

“‘Who's going to target us?’…I feel like that's completely changed now…Everyone's starting to realize that they’re a target.” — Brett (16:49)
Funny Real-World Security Lapses:

“People say some, like, very strange things to us…including after they get hacked, like, ‘Oh, we think we’re good.’ And I'm like, ‘Oh, like, why?’” — Joshua Zweig (17:13)

Timestamps for Important Segments

00:49 – 03:54: Lessons from Palantir and culture at Zip Security
04:06 – 06:51: Zip Security’s mission, focus on making cybersecurity accessible
07:19 – 08:52: Ideal customer profile and market segmentation
09:54 – 11:28: Distribution strategy: MSPs vs. vCISOs and consultants
11:28 – 13:35: The impact of ChatGPT/AI on consultants and differentiation
13:54 – 16:46: Decision to stick with SMBs, and evolving supply chain pressure
16:46 – 19:53: Changing SMB attitudes toward cybersecurity risk and compliance

Flow & Takeaways

Joshua Zweig and Zip Security are flipping the standard B2B cybersecurity sales model: prioritizing security consultants as the primary customers and partners, not just channels or middlemen.
The “security in a box” approach, combined with strong consultant relationships and automation, allows Zip to reach the “underserved middle” in the market—companies too small for large security teams but too complex to go unprotected.
Real industry change is coming as SMBs are increasingly pressured by supply chain security requirements—from both incidents and contractual obligations.
Consultants who double down on expertise (rather than just offering checklists or implementation) will thrive in an era where AI democratizes basic security advice.
Zip’s transparent, thorough approach to hiring and customer relationships also creates differentiation in a crowded market.

For more or to connect with Joshua Zweig, visit LinkedIn or reach out through the Zip Security website.
Full podcast network and episode archives available at FrontLines.io.

Loading summary

Transcript37 lines

[00:00]
A
For every dollar people are spending on CrowdStrike licenses, they're spending $7 on, like, services for people to go and deploy and set the thing up. But, you know, CrowdStrike's not enough.
[00:11]
B
Welcome back to another episode of Builders. As always, this show is brought to you by Frontlines IO, Silicon Valley's leading B2B podcast production studio. If you're bringing technology to market and want to learn from your peers, we have a library of more than 1200 interviews with Venture backed founders and marketers. Where they talk, all things go to market. Of course, if you want to launch your own podcast, we offer podcasts as a service to more tech startups. The idea there is very simple. You show up and host and we do everything else. Now, with all that said, let's jump into today's episode. Today we're speaking with Joshua Weig, co founder of Zip Security. Joshua, welcome to the show.
[00:50]
A
Thanks so much, Brett.
[00:51]
B
Of course. So you spent a little bit of time at Palantir. What was that like? What did you learn from Palantir?
[00:55]
A
Oh, yeah, that's a great question. You know, it's funny, Palantir, I mean, amazing place to start your career. You know, it's funny though. When I started ZIP and a lot of us, the co founder, Yabby and I, we sat next to each other onboarding, and a lot of us come from Palantir. But when I started ZIP and I was first raising money for the company, you know, working at Palantir, it was like, oh, it was like a liability, you know, I was like, oh, are you just going to service this company? You know, like, oh, that's kind of like a lame company, you know, whatever. And then it's so funny then, you know, fast forward a year, two years, three years now, you know, kind of the brand value's at an all time high. So yeah, it goes to show you just kind of got to stay in the game and do the things you think are right and thinks of a funny way of turning themselves out.
[01:30]
B
Is there anything that you took from your time at Palantir to say, okay, when I go out and build a company, like, I want to take this with me or I want to have, you know, these principles or this approach?
[01:38]
A
That's a great question. I ask everyone I interview from Palantir the same question and also the opposite question of what's one thing you would take from the culture and one thing you wouldn't take from the culture? So there's a few things that I think are really excellent and a Few things we've kind of given our own spin on. So something that I think is really great about Palantir and that we try to replicate is like the power is really distributed at the edges and people at the edges and the people closest to the problem, I'd say both feel responsibility to solve the problems, but also the organization expects you to and empowers you to do the same thing. I think that's really excellent, right? Trying to position everyone at the edges of your corporation that's closest to the customer, the problem, whatever it is. I think setting the expectation and giving people the responsibility to actually work on those things is really incredible. I mean, I remember when I started, it's like, oh, you go to Palantir, you're like, oh, really want a lot of responsibility, have a lot of impact really quickly. And I remember I was like two months out of college basically, and it's like, oh, now all of a sudden you're the lead on an important project and you're like, oh, I was kidding. Like, you know, I'm not ready for this. But I think it's, you know, probably a pretty good sign of a well designed organization. There's something really unique actually that we do. Palantir is this practice they call doing a hiring thesis, which is basically before they hire someone, you write down why you want to hire them, but then they just kind of put in your pocket and like never tell you what they think of you or, you know, what the expectations are of you. So we have a bit of a twist on that. And the last stage of all of our interviews, we do this hiring thesis exercise where whoever the hiring manager is, myself, my co founder, we'll take the pen and we'll write down like, hey, here's where we think you're exceptional. Here's where we think there's some room for improvement. Here's a detailed success story of what we think it could look like over the next two years here working together. And here's the real risks and mitigations we see, right? Because there's no perfect candidates. And it's more important to make sure that we have the muscle to kind of talk to each other about what the risks are and be intentional about setting people up for success. So that's a practice that we did really early on and we've continued to do for every hire. Which it's funny, when we first hired a recruiter, he's like, are you gonna do this for like every hire? I was like, yes, we are absolutely gonna do it for Every hire, it's like, that's a lot of. It's like, a lot of work. And it's like, yeah, you know, hiring's important, and it's hard, and it's hard to get right. So it's been a really cool experience to get to do those with everyone. And I think candidates really appreciate it, too, because it's just like, there's no, oh, I wonder what'll happen when I get there. It's, like, pretty intentional and I think gives people a pretty clear sense of, like, you know, mutual expectations and sets the bar in the right place. So that's been a really cool thing that we've, you know, put a bit of a spin on.
[03:54]
B
And how big is the team overall?
[03:56]
A
Oh, gosh, I think we're in the low 20s now.
[03:58]
B
Nice. Everyone in New York, is it distributed? What does that look like?
[04:02]
A
Yeah, we have a good chunk in New York, and we have an office in D.C. as well. And then we have a handful of remote folks.
[04:07]
B
Let's imagine you're taking that train from D.C. to New York. You have someone chatty next to you, and they ask you, what do you do? How do you answer that question? What do you do?
[04:13]
A
Oh, yeah, great question. I've been in that situation many times, and I'm pretty chatty on planes and trains. But, you know, I say, and the same thing I say, the mission of our company is to make cybersecurity accessible. So that's the reason we get up and come to work every day. I would say working in the cybersecurity industry, you have to have a lot of cognitive dissonance when you sort of understand, you know, socially and geopolitically, the importance we put on cybersecurity. And then you kind of see how much of a calamity it is at the average organization and how difficult it is for most organizations to be able to protect themselves. And, you know, solving that problem and ridding ourselves of that cognitive dissonance is really why we started the company. And, you know, unfortunately, cybersecurity ends up being a lever of geopolitical power against the United States. Whether that's, you know, for a long time, IP theft from major American companies, and now more recently, you know, it's been sort of interesting. It's like we see more. Sure. You know, you see data theft and that kind of thing that I find less motivating, to be honest, than what I call attacks on availability. So this is like, oh, the hospital got ransomware, and so you go to the emergency room. And like, you can't get care because they can't access your medical records. These kinds of attacks on availability or that prevent businesses from running, you name it. These are the ones that are, like, really sinister to me, you know, and if you walk into a Security 101 class at, you know, name your university, the professor will like, write on the board, CIA confidentiality, integrity, and availability. And when we think about security, we normally think about like, oh, I don't want to lose the data, but I think that, like, doesn't actually have that much emotional resonance with a lot of people. But, you know, it's the really sinister thing about ransomware is, like, it's an attack on availability. And this is like, oh, I can't run my business. Our organization can't function, and like, we can't service customers or patients or whatever it may be. And this is, like, quite not good. So, yeah, that's a little bit about how we think about this sort of problem set that we're aiming to solve. And maybe the only other relevant thing there is, like, how are we going about doing that? And the answer is we're trying to make it five orders of magnitude easier to do security. CrowdStrike actually published this great study the other day, which is, you know, basically says for every dollar people are spending on CrowdStrike licenses, they're spending $7 on, like, services for people to go and deploy and set the thing up. But, you know, CrowdStrike's not enough, right? It's like you need that, and then you need some maybe device security tools, some identity security tools. You know, you need eight or 10 things, an email security tool. And, you know, you can imagine the same economics work across all of those things. And what you get is this sort of difficult situation that a lot of folks are in where they want to do the right thing when it comes to security, but doing the basics is, like, pretty inaccessible to them. And, yeah, that's the goal of our company and how we're, you know, we're basically just trying to solve that problem and get rid of that gap with AI and automation. So, yeah, that's what we do and a little bit about how we're going about it.
[06:52]
B
This show is brought to you by Frontlines Media, a podcast production studio that helps B2B founders launch, manage and grow their own podcast. Now, if you're a founder, you may be thinking, I don't have time to host a podcast. I've got a company to build. Well, that's exactly what we built our service to do. You show up and host, and we handle literally everything else. To set up a call to discuss launching your own podcast, visit Frontlines I.O. podcast. Now back to today's episode and what's the profile of the ideal customer? And how do you think about the market that you're serving?
[07:20]
A
Yeah, great question. I think there's two ways to think about it. The way I think about the market is we were talking to the head of information security at an important stock exchange the other day and he's like, oh, Josh, you'll never believe how small our security team is. And I was like, oh, how small? And he's like, oh, 500 people. You know, I think about the market a little differently, which is really in three buckets. What I call your zero person, IT and security teams. Right. Maybe it's like the ops or the HR person or the head of engineering who's in charge and the head of engineering, like a lot of our customers. That could be like an environmental engineer or you know, it doesn't have to be at a SaaS company. Right. So that's one bucket. You have this other bucket, which I call two guys and a dog. You know, it's like you have a couple people, it's pretty lightly staffed. Maybe you have one help desk tech and one director of it, but not really resource enough to really do the work. And this is what's a shame. It's the tools are out there to do the job. It's a question of can we weave them together well and manage them well to actually protect our companies, which is the problem we're focused on solving. And then the third buck is your team. Teams. Right. Like your palantirs of the world, big teams. And we really focus on serving the first two and you know, at regulated healthcare or financial entities. Right. You know, that maybe means headcounts are like between 50 and 100. And then it could mean that, you know, we have companies that are const companies where it's. They're in that bucket, but Maybe they have 800 or a thousand people as well. So that's a little bit about how we think about approaching it. But yeah, really our goal is I'd say the common profile people, you know, if they're in market, maybe they're sort of like, oh, I'm looking at a firm called like Managed service providers. Right. It's like, oh, an IT services company to help me do the work. And we generally come in doing, providing a lot of the same value at much more effective cost. And we think a much higher level as well. So that's, I'd say generally how customers think about us, the other, you know, group we spend a lot of time with. And I know I'm supposed to be talking a little bit about GTM here, so I think this is one of the interesting lessons for us is there's like quite a big community of security consultants that when you hire, you don't necessarily go Google, but you find the person in your network that knows something about security and you bring them on board. And we've had a really, I'd say we've been able to make a lot of progress building relationships with those people and providing. Being able to help them provide even more value to their customers. And I'd say we've unlocked that as a pretty meaningful channel for ourselves as well and has become a pretty big focus for us here.
[09:28]
B
I think back to previous conversations I have. I won't say the name just in case it's a competitor, but it's cybersecurity startup. They're doing a few hundred million in revenue now and their journey was they were trying to sell to SMBs. They found that distribution was just very, very expensive. And their big unlock where everything changed was locking in on the MSP side and building distribution with msps. Are you seeing something similar where it's very expensive to get distribution with that SMB part of the market, or are you seeing something different?
[09:55]
A
It's a good question. I think we're seeing something a little different and we like almost exclusively aren't going to market through the msps. The primary reason for us is they end up being like very cost sensitive in general, I guess. What is this, like 80 cents a seat kind of thing or like. Oh, you know, it's like we're in some ways trying to, you know, we're in some places providing like pretty analogous value. And I'd say starting with a segment of the market that's these MSPs generally do like three things. They do like help desk device provisioning and then they try to do some of the things that we do. We're really not focused on the first two and are going after a segment of the market that isn't so interested in acquiring those parts of the services and really just providing this sort of
[10:30]
B
security in a box thing makes sense. And then what about on the virtual CISO side or the security consultant side? What does that look like? How are you finding them? How are you building up those partners?
[10:39]
A
Yeah, great question. I think it's been pretty organic and I think part of the reason why is like a lot of those service providers are, I think, are looking for, you know, you get to this place in the conversation where you're like, oh, hey, here's all these recommendations on what we think you should do. And then it's kind of like the Spider man meme where you're like looking across at each other and it's like, okay, like go for it. And they're like, oh, I don't implement the work. Like you should do it. And you know, being able to equip these people and, you know, it's important to like actually really think about this community as the customer. But being able to provide this, I think is very valuable to them. Right, because it's giving them, I'd say, an opportunity to provide even more value to their end customers. And I'd say, like, the right way for us to approach this market is really being laser focused on these folks and thinking about them as much as our customer, if not more than, you know, even the sort of end user to make sure that we're doing the right things to provide value to them and help them provide more value to their customers. So it's been able to be pretty organic, I'd say, so far.
[11:29]
B
And when you think about maybe three years from now, what do you think that revenue split would look like? Would it be mostly direct or is it going to be mostly distributed via these consultants, virtual CISOs?
[11:40]
A
Yeah, I think it'll be a mix. This is certainly like where we want to start. It's like an interesting and growing niche and industry. This sort of like security consulting. I mean, security consulting obviously at large is like quite a big industry of the, I think $250 billion a year that we spend on cybersecurity. About half goes to software companies and half goes to consultants. So like, you can go quite far there. But you know, there's like a pretty interesting thing that we have seen, which is as people get more comfortable deferring more to, you know, chatgpt and Claude, a lot of the things that people would have, they wouldn't have been comfortable enough Googling and being like, oh, I'm going to assemble a security plan, so you hire a consultant. But we've seen quite a few examples of people who are comfortable enough now just like dumping their questions into ChatGPT and seeing what planets fits out. I mean, like, okay, now this is my plan. So making sure that we can be there to respond in those instances is definitely like another area of focus for
[12:27]
B
us is that creating an annoying experience, do you think, for, like, the virtual CISOs of having their end customers, you know, going on ChatGPT, like, I was thinking back, it's gotta be right. It has to be. Like, the other day I was talking with the agency that does our performance marketing and, you know, of course I fed it all into Cowork and they came and they're like, they knew exactly what it was and they're like, dude, it's so effing annoying. Like, all we're doing now is dealing with this. Like, all of our clients now come to us thinking that they're smart, they're experts.
[12:53]
A
Yeah.
[12:53]
B
Think that they have insights. It's a cloud report and like, most of it's completely wrong, but there's like, the amount of pain that it's causing for them is high. And I have to imagine that's anyone who's a consultant or doing consulting. Yeah.
[13:04]
A
But I'd say the best should welcome it. Right? Because if you. I would say in general, like, a big part of what I think is true about both services and software is like, the reason, what you really want is like, the opinion that either the person you're hiring or the software you're buying will encode about, like, how to do the work well. And for people who can't own the conversation and can sort of be stumped by whatever, like, you're going to, you know, find in ChatGPT, you know, that's tough, but I think it provides, like, even more of an opportunity for people who do really have a lot of conviction in how they approach the problem and ability to articulate it to win and, you know, charge even more of a premium.
[13:35]
B
Right.
[13:37]
A
This show is brought to you by the Global Talent company, a marketing leader's best friend. In these times of budget cuts and efficient growth, we help marketing leaders find, hire, vet and manage amazing marketing talent for 50 to 70% less than their US and European counterparts. To book a free consultation, visit Global
[13:55]
B
Talent co. Yeah, Matt, I think about 1500 interviews so far. And I would say that, like, the general consensus, apart from like one guest, is that everyone wants to move up market. And if they're, you know, serving SMBs, they're only doing that for a little bit of time until they can shift up market. The only company that didn't say that was gusto or Gusto, however you say it. But Tomer London, he said, like, they started with SMB and like, that's still the focus. There was not this, like, master plan to kind of leapfrog over the SMB and go to enterprise for you. Like talk to us about that decision to focus on the S and P market.
[14:27]
A
Yeah, I think very highly of the Gusto gang. And you know, it's interesting, like, you know, some of the ways I talk about the vc so to me is like pretty reminiscent of how they talk about like the accountants, right? And like getting into some of these circles, obviously much larger industry there. But I think a lot of the early days, right, and I think it's still probably a pretty meaningful chunk of their revenues to be able to find these like meaningful partners. So even if it's not going to acquire all these businesses directly, it's like, hey, well we have these accountants that are worth like a million dollars a year to us and like building those relationships can still be pretty meaningful. So similarly, we try to make sure that we are thinking about our kind of go to market audience and channels the right way. And similarly, I think you end up in pretty similar situations. Probably one of the other like really important parts too that's worth mentioning is just like, why did we start the business when we did? And the answer is if you talk to the heads of security at, you know, the Fortune 50 companies, they'll all tell you the same thing, which is that 80% of their incidents are coming from their supply chain and they're coming from outside of their four walls. And as a result, they're really increasing both the bar and the enforcement and auditing of the bar for the people their second, third, fourth, in some cases, fifth party partners. And you know, it's interesting because for a long time the security industry is like, oh, what's actually going to like force people to change their behavior here? And you know, something I don't like that people would say is like, oh, you know, the incentives aren't in the right place. Right. And it's like, that's pretty silly. Like nobody wants to get hacked. It's just like as an industry we haven't really provided them an option yet that's reasonable, right? It's like, okay, yeah, Is it in their incentive at 10% of their opex? Like, surely not. Is it at 1%? You know, for most of the conversations we have, I think the answer is probably yes. So I think as the watermark gets a little higher here and some of these big companies, you know, continue to force behavior and capital off of the sidelines, you know, we've been able to partner with them in some cases to then like, that's really where the demand's Getting created. Right. So it's like, how do you get into the. That network is one question we ask ourselves and have started to successfully answer and execute on, which has been exciting. So that's one last piece that I think is important. Just reminded I was a vent recently and, like, security leader, basically. What did he say? He said that SOC 2 reports are basically coming out of cracker jack boxes these days, which I thought was pretty funny. But, you know, I think you're just sort of underscoring the point that, like, this is having a big impact on big organizations and they're definitely controlling with the power of the purse to. Yeah. Try to get the rest of the market to the right level when it comes to security.
[16:46]
B
I mean, it had to have been a big change, too, in the last, what, I don't know, five, maybe 10 years, where I would guess that the smaller businesses. You know, I run a small business. Like, we have 40 people. Like, in my mind, I would have thought, like, who's going to target us? You know, especially when we were, like, really small. And I think a lot of, like, small businesses probably have that mindset. But I feel like that's completely changed now in the last five, 10 years. Like, everyone's starting to realize that they're a target.
[17:09]
A
Yeah, definitely. I've been thinking a lot about this sort of, like, psychology of not wanting to get hacked, basically, or even once you become a victim and you do get hacked. Because people say some, like, very strange things to us when we are talking to them about their security, including after they get hacked, like, oh, we think, like, we're good. And I'm like, oh, like, why? Like, oh, what did you do to, like, recover from this? And they're like, you know, we looked at a couple of things and I think we're okay. And it's like, okay, it sounds like you have an ongoing incident, right? And then beforehand, you know, here's a thing I hear. Really commonly people are like, yeah, you know, we're worried about our salespeople, but, like, our engineers can protect themselves. And I'm like, I really don't know what that means. You know, And I'll give you an example. We saw an incident where you can imagine someone started at their company, and the first thing they did was, like, they Googled for, like, to download the application for, like, a very large tech company's, you know, productivity software so they could download it as, like, part of their workflow. But actually that company's Google Ads had been hacked into. They downloaded it and actually had Russian malware embedded inside that they were then running on their computer. And we were up to like, stop it before it did any damage or even ran, which was cool. But it's like, what are your engineers doing differently, you know, to protect themselves? I actually think in some ways they're like much more difficult surface area and important surface area to cover depending on how you've designed your organization. So people say some like, pretty funny stuff to us pretty frequently, but I think one message and, you know, the Merkor and Vercel incidents recently are really good examples of this, right? It's like, okay, you have a third party that I think they got named jointly as a defendant on a lawsuit and became, you know, part of the reason that it seems that Meta ended their contract with Mercor and then same thing with, you know, Vercel, it's like sort of all about third parties and creates these like major incidents. So I think people are becoming, even if you know, aware that, hey, yeah, we're just being on the Internet, you are a target. You don't even have to be like deliberately targeted. But furthermore, like, a really interesting thing now is that all of the contracts for like enterprises are sort of requiring breach notification disclosures, which is really nice. Which is to say, like, okay, if you get hacked, you have to call your customers and say, hey, we had an incident and here's how it may or may not have impacted you. You really don't want to make that call. And I think that is something that pretty viscerally a lot of, especially startup founders sort of get. And I think as people would realize the ways in which they can be targeted to get to the people around them. People are sorting, sort of, you know, upping their game a little bit and very happy to up their game. But the thing here too is like, it's not like people didn't want to before. People do want to be secure, right? There's just a level, you know, like, yeah, there's like reasonable things you do. You like, lock the doors when you leave your office and you have a passcode on your iPhone and, you know, whatever. There's like reasonable things you do here. And the problem in security is that like the set of just like easy, reasonable things is like very disproportionately associated with a set of things that can like, reasonably protect you. And big part of how I view the role of our company is like, let's change that. Let's get that to be better equated.
[19:53]
B
Amazing. I love it. All right, Josh, we're up on time. So we're going to wrap here. Before we do, for those who are listening in that just want to follow along with you, where should we send them? Where should they go?
[20:01]
A
Oh, I guess I'm on LinkedIn. Josh Zweig. I'm not really anywhere else. And of course, if you drop us a note on the zip security website, I'll probably see you pretty quickly.
[20:08]
B
Josh, thanks so much.
[20:09]
A
Thanks, operator. I appreciate you.
[20:14]
B
Well, that's all for today's episode of Builders, brought to you, by the way, Frontlines. If you want more amazing content like this, visit Frontlines IO, where you'll find a library of more than 1500 interviews with founders, marketers and other GTM leaders, where we unpack the tactical lessons from their journey. And of course, as always, if you do want to launch your own podcast, we'd love to have a conversation with you. Visit Frontlines IO podcast as a service. Mention that you listen, mention you love the show, and we'll give you a 10% discount. Thanks for listening. We'll catch you on the next episode.
[20:45]
A
It.