Summary8 min read

The Peel with Turner Novak

Episode: How Duo Security went Zero to $1B ARR in Ann Arbor | Doug Song, Jon Oberheide

Date: February 5, 2026
Guests: Doug Song & Jon Oberheide (Co-founders, Duo Security)

Episode Overview

This episode is a deep dive into Duo Security's journey—from its hacker roots in Michigan to becoming one of the world’s most admired and capital-efficient SaaS stories. Doug Song and Jon Oberheide share the founding narrative, how a customer-obsessed culture and product design philosophy propelled their growth in a seemingly saturated cybersecurity market, and the advantages of building a billion-dollar tech company in Ann Arbor, Michigan rather than Silicon Valley. The conversation provides playbooks for founders, inside stories from cybersecurity’s wild west days, and reflections on navigating high-stakes growth, acquisition by Cisco, and the Ann Arbor/Michigan ecosystem.

Key Discussion Points & Insights

1. Origins in Hacking and Early Security Culture

[03:39–10:47]

Doug and Jon discuss their formative years in the 90s hacking subculture, swapping stories ranging from DIY email “marketing” as teenagers to open honeypots for catching would-be attackers.
- “Hackers, when they first meet, they already know each other … It's very rare that you have hackers who have spent any time building stuff they don’t already have sort of a perspective on who each other are.” — Doug Song [07:13]
Early hacker ethic was rooted in curiosity, puzzle-solving, and counterculture (“hippie cypherpunk libertarian movement”), rather than commercial or geopolitical motives.
- “It was more of the sort of intellectual pursuit of information, solving these really complicated puzzles, understanding how these systems work.” — Jon Oberheide [10:10]
Legacies from these communities include Linux, BSD, and foundational work by now legendary figures (Sean Parker, Jan Koum, Sean Fanning).

2. The Michigan Advantage and Staying Outside Silicon Valley

[14:49–28:36]

The University of Michigan’s research prowess and technical culture created a fertile ground for startups (major alumni include Twilio, Arbor Networks, and more).
- “Michigan is a powerhouse… The birthplace of the Internet actually was here.” — Doug Song [16:31]
Doug and Jon defied pressure to move to the Valley, instead leveraging Ann Arbor’s world-class but underappreciated talent base, cost-of-living, and support networks.
- “There’s something strategic about any place… The alchemy of turning that into some unfair advantage for us, that was Michigan, right, in Ann Arbor.” — Doug Song [22:32]
Staying in Michigan led to stability and low churn—employees stayed and grew as the company scaled, compared to high turnover cycles seen in SF.
Their deliberate choice to hire talent outside the typical security background injected first-principles thinking, product and design savvy, and novelty.
- “If we went out and hired all the folks from Symantec and McAfee… we would have built the same shitty company those companies were.” — John Oberheide [26:44]

3. Building the Company—Culture, Leadership & Customer Focus

[28:39–43:55]

Reluctant, humble leadership was central: Doug considered quitting the CEO role, and both maintained a “never delegate product, culture, or brand” principle.
- “For me, it's always been more about... the soul of the business. That's what cannot be replaced.” — Doug Song [34:16]
They prioritized teaching and “obsoleting themselves” as leaders, pushing ownership and decision-making down to every level.
- “...our job is simply to understand: what do they want to do and how do our needs present as opportunities for them?” — Doug Song [41:56]
Open source and academic team traditions shaped a “blameless”, learning-focused, and highly autonomous environment.
- Memorable Cultural Moment:
  “Anyone good in security does both, you have to build and break.” — Doug Song [08:28]
Commitment to employee growth was realized through Individual Development Plans (IDPs), personal progression roadmaps, and open conversations about career arcs.
- “My hope is that Duo is like the springboard. When you're looking back… that was the role where I learned the most, we grew the fastest...” — John Oberheide [41:13]

4. Duo’s Product Philosophy—Design for Users, Serve Non-Consumption

[44:00–61:17]

Product: Duo provides secure, seamless access (MFA, SSO, etc.) to corporate apps, but their distinctiveness was designing for end users, not just security teams.
- “We make it easier to do things, not harder. Where most security is about putting up hurdles...” — Doug Song [44:41]
They flipped the norm by targeting non-consumption—making security accessible for SMBs and mid-market, who had been neglected.
- “Our slogan early on was like, security sucks. Who has time for this?” — John Oberheide [45:21]
Instead of starting with large enterprises, they built for small orgs first, gradually scaling “up market”. Their first clients were a regional healthcare group, Facebook, and the Sioux tribe of Michigan.
- “How do you build sophisticated technology, power tools that your 3-year-old can use?” — Jon Oberheide [54:13]
Freemium experiences, self-serve signups, and consumer-inspired design were radical in security at the time.
- “We were solving the problem of non-consumption of security.” — Doug Song [59:14]

5. Go-to-Market, Branding, and Empathy

[61:19–77:46]

They challenged standard TAM (Total Addressable Market) frameworks, as the real opportunity was in creating new markets by serving overlooked customers.
- "If you’re building something of real value, you’re either reshaping or creating the market." — Doug Song [60:50]
Branding: Duo’s green logo (vs. typical red/black security tones) symbolized an “open door”, frictionless experience for the user.
- “Everything’s like red and black and scary... we’re like, this is nonsense. It’s super defeatist and negative.” — John Oberheide [68:55]
Memorable Marketing Play: During customer security breaches, when competitors cold-called with sales pitches, Duo would send pizzas and Red Bull with a supportive note.
- “That doesn’t happen unless you truly understand what’s happening…” — John Oberheide [70:05]
Duo’s customer persona work included every touchpoint—even legal processes were shaped for the optimal end user experience.

6. Scaling, Global Expansion, and Say-No Discipline

[77:47–87:47]

International expansion was rocky; European sales models, cultural transfer, and highly fragmented markets made localization tough.
- “The culture and institutional knowledge transfer is so huge. That’s a place where we missed.” — John Oberheide [81:32]
Deliberate resistance to lucrative distractions (like on-prem “Duo-in-a-Box” sales) preserved the company’s cloud-first vision.
- “Say no to DOPE (Duo On Prem Enterprise).” — Jon Oberheide [87:28]
Instead, their US and Austin expansion was orchestrated by transplanting small, full-function “pods” to replicate Ann Arbor’s ethos.
When scaling, autonomy at the team level (pods, “two-pizza teams”) enabled rapid, independent execution.

7. Capital Efficiency & Playbooks for Growth

[91:28–103:59]

Duo reached $100M ARR on just $14M of burn, and was often cash flow positive—unheard of for a high-growth SaaS business.
- “We burnt 8 million of capital to get to a hundred and maybe burned like 20 million at the time of exit. Overall.” — Jon Oberheide [92:45]
Growth was not blindly maximal—deliberate, sustainable growth was prioritized over chasing vanity metrics.
- “We were trying to grow responsibly without doing a bunch of dumb stuff.” — John Oberheide [94:44]
Open financials and frequent, transparent internal reporting helped align and engage the entire company in operational metrics.

Notable Metric Callout:

“Tamash Senguz wrote about this early... we claimed we were the best SaaS metrics he’d ever seen.” — Doug Song [92:28]

8. Acquisition by Cisco and Lessons from Integration

[99:42–111:30]

Cisco’s acquisition process was lengthy, competitive (Workday made an offer first), and eventually resulted in a $2.35B deal that was among the highest multiples ever for a private SaaS.
- “They made a bid and we're like, no, that number is not even in the zip code.” — Doug Song [100:52]
- “Matt [Kohler] said: You’re not worth 800M, you’re worth at least 2B… 12, 18 months later, we came back with an offer from Cisco at 2.2B, 2.4B.” — John Oberheide [102:29]
Integration with Cisco “wasn’t our way or their way, but a third way”—Duo’s leaders consciously influenced broader Cisco culture and design practices.
Post-acquisition lessons centered on the risks of losing customer proximity, and the inertia large hardware-driven orgs face transitioning to SaaS/software motion.
- “So much of time is dedicated to: are you managing within 5% of your monthly OPEX envelope?... you just kind of lose that sense of what are we doing every single day that’s building value for the customers.” — John Oberheide [104:55]

9. The Michigan Tech Ecosystem & Giving Back

[111:53–126:31]

Both co-founders are deeply invested in the regional ecosystem: Doug focuses on community-building, cross-sector investment (tech, media, real estate), and growing Michigan’s social capital and founder density.
- “We have to create the kind of place and product Detroit needs to create the product for scaling companies…” — Doug Song [120:49]
Reflecting on Ann Arbor’s “sleeper” status—46 known unicorn founders from U of M, a string of multi-billion-dollar local exits, and a vast, under-celebrated alumni pipeline ripe for nurturing.
- “Only three of those [U of M unicorn companies] actually stayed. We were the first.” — Doug Song [114:46]
Both challenge the notion that a world-class tech company needs to be born in SF. Their message: leverage the “strange unfair advantages” your location provides and cultivate optionality.

Memorable Quotes & Moments

On humility as a CEO:
“Doug would just be like, I don’t think I’m doing a good job. You guys need to replace me, let me know.” — John Oberheide [32:16]
On customer empathy:
“Has there ever been a security product that’s like, Turner, you’re doing a good job? No, it’s like, Turner, you’re terrible at computing…” — John Oberheide [45:44]
On resisting bad growth opportunities:
“Say no to DOPE (Duo On Prem Enterprise).” — Jon Oberheide [87:28]
On market creation:
“If you’re building something really of value, you’re reshaping or creating the market for it in some way.” — Doug Song [60:50]

Timestamps for Key Segments

Early hacking culture & backgrounds: [03:39–13:15]
Michigan as a tech hub: [14:49–19:33]
Staying outside SF, talent/culture advantages: [21:01–28:36]
Product philosophy, customer-focused design: [44:00–61:17]
Branding, marketing, empathy, 'pizza play': [68:35–71:17]
Scaling, international expansion, avoiding on-prem: [77:46–87:41]
SolarWinds incident and product feedback loops: [87:54–91:28]
Growth metrics, openness, responsible scaling: [91:28–97:06]
Acquisition by Cisco, integration lessons: [99:42–111:30]
Post-exit, Michigan ecosystem, current focus: [111:53–126:31]

Takeaways for Founders and Operators

You can build world-class technology companies outside Bay Area power centers if you tap into unique local strengths and foster a purposeful, growth-minded culture.
Customer empathy—in product, process, and even crisis—can be a lasting moat.
Reluctant, humble leadership and deliberate growth can outperform blitzscaled, playbook-first approaches.
Redefining your market (and who your true customer is) can yield outlier outcomes.
Transparent internal communication and active talent development fuel sustainable scale.

For more inspiring founder journeys, check out the full back catalog of The Peel.
Subscribe to the Split newsletter for transcripts and recaps delivered weekly!

Loading summary

Transcript442 lines

[00:03]
Turner Novak
Welcome to the Peel. I'm your host Turner Novak, founder of Banana Capital. Today's guests are Doug Song and John Oberheide, co founders of Duo Security. If you've never heard of Duo, it might be one of the most underrated software stories of all time. Starting in 2010, they burned only $14 million to hit 100 million in ARR, were acquired by Cisco for 2.35 billion in 2014 and now we're going to be doing over 1 billion ARR inside of Cisco. 16 years later talk about how they built one of the Most capital efficient SaaS companies ever from Ann Arbor, Michigan and how their focus on the customer and company culture helped them win in a crowded cybersecurity market. We talked about growing up in the early hacking culture of the 90s, why most security tools are painful to use, sizing their initial market, solving for non consumption of a product, and how Duo flipped the model by designing for end users instead of of security teams. We talk about staying in Michigan instead of moving Silicon Valley, and why staying out of the tech bubble actually helped them execute better. We break down the mechanics of scaling from 0 to 100 million ARR, everything they learned integrating with Cisco and why more founders should build outside of San Francisco. A quick thank you to ex Duo employees Zach Erlocker, Ash Devada and Katie Kilroy for their help brainstorming topics for the conversation. As a reminder, I publish new episodes of the Peel every week, exploring the world's greatest startup stories just like this one. Check out the back catalog of over 100 episodes and tune in over the next few weeks for guests like Gary Tan at YC Chatham, Putagunta at Benchmark, Jake Stauch at Serville, Mike and Akilah Footwork and Scott Stevenson at Spellbook, the fastest growing startup in Canada. Let's talk to Doug and John after a quick word from Numerl and Flex. This episode is brought to you by Numerl. Numeral is the fastest, easiest way to stay compliant with US Sales tax and global vat. It's easy to set up and they automatically handle all registrations, ongoing filings, and their API provides sales tax rates wherever you need them with all the integrations you need. Numero sports over 2,000 customers in both
[02:00]
Interviewer/Host
the US and globally and they pride
[02:02]
Turner Novak
themselves on White Glove High Touch customer service. Plus they guarantee their work and they'll cover the difference if they mess anything up. They're fresh off a Fundraise closing a $35 million Series B from Mayfield, which they're going to reinvest into building an even better product. If you want to put your sales
[02:17]
Interviewer/Host
tax on AutoPilot, check out numerl at
[02:19]
Turner Novak
their new domain numerl.com that's n u m e R-A-L.com for the end to end platform for sales tax and VAT compliance. This episode is brought to you by Flex. It's the AI native private bank for business owners. I use Flex personally and I love it because they use AI to underwrite the cash flow of your business, giving you a real credit line. The best part is 60 days afloat, double the industry standard. Flex has all the features you'd expect from a modern financial platform like unlimited cards, expense management, bill pay that syncs with your credit line and their new consumer card, Flex Elite. FlexElite is a brand new ramp like experience for your personal life. A credit card with points, premium perks, concierge services, personal banking, cars and expense management for your family members, network tracking across public and private assets and a whole lot more fully integrated with your business spend. One card for your businesses. One card for your personal life. One card for everything. To skip the waitlist, head to Flex 1 and use My Code Turner to get an additional 100,000 points worth $1,000. After spending your first $10,000 with FlexElite. That's Flex 1 and Code Turner for $1,000 on your first $10,000 of spending. Thank you Flex. And now let's jump in.
[03:40]
Doug Song
I call him Dr. John of what it's worth. He's earned it.
[03:43]
John Oberheide
The only reason I finished my Ph.D. was because of Doug.
[03:45]
Interviewer/Host
Oh, you actually got a Ph.D. that's
[03:49]
Doug Song
why you saw that.
[03:50]
John Oberheide
This isn't Dr. Pepper here. I actually.
[03:53]
Interviewer/Host
Is this on your LinkedIn? Is it like you want to write Ph.D. here?
[03:58]
John Oberheide
I was a self loathing academic and I never really wanted to go into academia or grad school. But then I was finishing the PhD when we were starting the company and Doug's like no, you need to, you need to finish. We need to have someone with a, a doctor on their business card. I think I actually put PhD on the business card which was like completely against all of my, my beliefs.
[04:18]
Doug Song
Well like I said, you earn the paper. He's, you know, you deserve it. But it was also, you know, his, his old, his old advisor, you know, Farnum Jahanian, now president Carnegie Mellon, was the co founder and know first president of Arbor Networks, right where I cut my teeth and where we had first met each other. And so I committed to Farum. I'll I'll make sure he gets done. Farnham, like, it just, you know, it
[04:42]
John Oberheide
was more for Farnum. Like, he had invested a lot.
[04:44]
Doug Song
Yeah, you.
[04:45]
John Oberheide
Yeah, yeah. I, like, I had to check the box for him.
[04:48]
Doug Song
Yeah, no, no.
[04:49]
Interviewer/Host
This is kind of. This is kind of a famous story with how you guys first met originally.
[04:53]
John Oberheide
Yeah.
[04:53]
Interviewer/Host
Officially met or unofficially?
[04:55]
John Oberheide
Yes, we're actually introduced. But a business in high school. So I was very. Had the entrepreneurship bug very early. And as part of that business, we did, I would say, like, very innovative email marketing, if I can put it that way.
[05:10]
Turner Novak
Good.
[05:10]
Interviewer/Host
Way to doctor it up.
[05:11]
John Oberheide
Yeah, it was, you know, very aggressive outbound email marketing. And my partner in the business and I would drive to Ann Arbor and send massive amounts of email. Um, and we do that from coffee shop, WI Fi, Starbucks and Arbor. And one of the times we saw an open access point for Arbor Networks, and Doug is a, like, absolute, you know, legend in the cybersecurity space. We're like, oh, my gosh. Arbor Networks, it's a company started by Doug Song. He wrote D Sniff, you know, all these accolades of your. Your past life on the offensive side of things. And we're. Why would they have open access point? And so, so we hopped on there. We're poking around. We crept up the back stairwell of the building in order to get a better signal, really. And, yeah, we're just like teenagers, our laptops hacker hoodies on. And Doug walked out down the stairwell and kind of gave us the side eye. And we found out later, supposedly, that that was open honey pot that Doug set up to catch people that were poking around, catch young, enterprising attackers.
[06:15]
Doug Song
And my best man, Niels Provost, who, if you look at your Ssh man page, and when it's technical, he's an author there. Along with me, he had written something called Honeyd, which was honeypot kind of demon, but software to basically simulate networks or environments in which attackers would rattle doorknobs. You could catch them. And so it's part of our playground, Right, to kind of experiment with that and see, universities are great places to play with stuff like that.
[06:40]
John Oberheide
So.
[06:40]
Interviewer/Host
So did you actually notice it? You got, like, a notification almost. You just walked outside, and we're like, oh, interesting. Okay.
[06:47]
John Oberheide
You know, ended up working with Doug at Arbor Networks at that same company, and we got to know each other there, worked on some open source projects together. And then it was, you know, kind of late 2009 when the stars were aligning. I was, you know, late in the PhD program. Doug was finishing up I think Barracuda, yeah, at that time he had done Arbor, Barracuda, Zatu, another startup. And you know, Star's kind of blind to go try to build something together.
[07:13]
Doug Song
But the reality is like hackers, when they first meet, they already know each other, they know of each other. You know, it's very rare that you have hackers who have spent any time kind of building stuff they don't already have sort of a perspective on who each other are and all this kind of thing. So John was already well known, you know, as a, as a student. Right. Doing all the work he was doing for being a great hacker.
[07:33]
John Oberheide
So that was the fun times. I mean, Doug was like deep in the sort of hacking scene in the late 90s.
[07:38]
Doug Song
I was a little bit later, John was breaching the Chinese content firewall.
[07:45]
Interviewer/Host
So what kind of stuff did you do? You alluded to like you were on the other side per se. So what was the extent of kind of the hacking that you guys did when you were younger?
[07:54]
Doug Song
Yeah, well, my dad had a liquor store, West Baltimore. He had a very early IBM, a PC 80 and an XT and so basic, all that stuff. But yeah, my dad had an early computer to run the store. And that's how I did data entry since I was 8. And so that was my first instruction pre Internet, BBSS and all that stuff around the time I grew up. You know, where I grew up was sort of the shadow of the NSA. So a lot of those BBSs were about sort of mass security or, you know, or they had like all these kind of crazy nuclear themes as the 80s, you know, sort of presented.
[08:26]
Interviewer/Host
Yeah,
[08:29]
Doug Song
and then that's, you know, a lot of folks we have BBS has found their way to like X25Z all telephony. But the first package machine networks pre Internet were, were things like X25 which connected all the, all the banks, right. For bank interchange and all that kind of stuff. So that's, that's where a lot of the boards were. That's where a lot of the hackers were. And that's how I learned. But coming to college, you know, I, I was, it was amazing. I have like a 24 7, always on ethernet connection. Like that just, you know, was like crazy. And so it was a drug, I think. I barely left my dorm room my freshman year. I was like glued to this thing and because otherwise it was all dial up, you know, prior and, and I fell into some interesting hacking crews. Like one was called Woo Woo. One that was actually global in nature, founded in The US but heavy sort of European and some Russian and mostly French sort of influence otherwise. But a lot of those hackers became really interesting people. So you know, Sean Parker was in it for a bit. You know, the president of Facebook, Sean Fanning, who started Napster, which was really was a project of Woo, kind of to share kind of MP3s and files and you know, Jan Koom, you know, we knew Jan when he was technically on food stamps with his mom, but you know, just gotten a job in security at Yahoo and ultimately built, built WhatsApp. So anyway, it's a long history of some interesting people. A part of that crew that built and broke stuff. And I think anyone good in security does both, you know, you have to. So. And that's, that's how, you know, that's what we tracked. Jono is, Jono was like, you know, building cool stuff and doing good work as a PhD student, but had also done all this other stuff. You know, it's really cool.
[10:11]
John Oberheide
I think that's the magic of the late 90s and early 2000s in the cybersecurity world. At the time it wasn't, wasn't really commercialized. It certainly wasn't at the extent of like geopolitical conflict like in the modern day. It was more of the sort of intellectual pursuit of information, solving these really complicated puzzles, understanding how these systems work. Yeah, and it was almost kind of like a, kind of a hippie cypherpunk libertarian movement of like freedom of information and I want control over these systems and a lot of freedom. Exchange of information on mailing lists and IRC channels.
[10:47]
Doug Song
The early open source movement, Linux and Linus Torvalds as a benevolent dictator for life for that all came out of kind of response right to things like the BSC source code. It was technically open source, technically Berkeley and Sheridan, all that kind of thing. And there were projects like FreeBSD, NetBSD that were kind of organizing kind of developer communities around it. They didn't have open CVS servers. Yeah, you couldn't really. It was still very gate kept right in a way that, you know, open source after Linux was, was, was quite different. And so and Richard Stallman from the, the you know, new project nmit, kind of rewriting kind of all the tools kind of in the modern uni system that would be the other side of what Linux was, right as a free operating system. You know, these are all open source hippies and software communists basically. And I count myself as part of that. You know, there was lots of that stuff that I was really deeply into. But, but yeah, those early days were kind of wild west and insecurity, you know, I remember, you know, it was our friends who built a company called iss. Internet Security Systems in Atlanta was really the first Internet security company. But it's all from. And again, I'll go on record on this, this is stolen source code from a bunch of hackers. Like the hackers who wrote all this stuff saw their work rounded up in a corporate entity that really never asked for permission or licensed it or anything else. And so, so it's funny, I, again, I don't want to mean to beat up on the ISS guys because you know, they're friends and I love them. But you go and you saw like the history of the company on, you know, the ground floor, the headquarters and it's a completely revisionist history, right, of like how that happened because it was a bunch of hackers who wrote all the tools that got rounded up right. As part of that initial suite of security testing kind of tools and never saw anything from it. And so there's some insecurity. It's always been this really difficult love, hate relationship with kind of the industry and security, which is why you have so many people that come into it with a chip on their shoulder, look and prove them wrong. And also because when you're finding these vulnerabilities like Jono did in all these different systems, many of the vendors would
[13:02]
John Oberheide
just deny it, really threaten you or sue you, you know. Yeah, work with law enforcement. Like it was not, it was not a bug bounty friendly version of today where, you know, vendors will pay you for reporting bugs to them.
[13:15]
Interviewer/Host
They would sue you.
[13:16]
John Oberheide
Yeah, yeah, yeah.
[13:17]
Interviewer/Host
So like how did you approach that then? Like you just not publicly like disclose the bugs or like share with them.
[13:25]
John Oberheide
That was some of the reason why I ended up in academia. A lot of the research I was doing was, you know, it was independent offensive security research. I was pointing out vulnerabilities in various systems. And in some ways the university provided a umbrella or veil of protection. Protection that, you know, both from the outside world as well as from the university itself.
[13:47]
Interviewer/Host
Myself.
[13:49]
John Oberheide
And you know, I was never in it to become professor to stay in academia, but it was more of a holding pattern of being able to continue the research that I love to do, have that in some vein of research of publishing. But more so it was like our, our, our lab at the University of Michigan was more of a startup incubator than anything else. There's a bunch of people sitting around who are really smart. They're on the bleeding edge of their little sliver of the world and you're sitting around all hours of the day saying like, what are we doing with our lives? Like why are we wasting our time publishing these papers? We should be going out, building products, solving interesting problems. And that research group, I mean it spawned ArborNetworks, which is a great cybersecurity company. It spawned Twilio, Evan Cook, who's the CTO and founder there, Jeff Lawson, who was from UM as well. It ended up creating a lot of interesting startups that kind of sprung out of just the same room.
[14:50]
Doug Song
Yeah, it's one of the things wonderful about a place like Ann Arbor really because of the University of Michigan, which has the largest research expenditure of any university. Next to Hopkins. Hopkins are like 3 billion universe admission is about 2.2.5 annually.
[15:03]
Interviewer/Host
Second in the country.
[15:04]
Doug Song
Yeah. Wow. Yeah, it's the largest research expenditure in the nation. And actually we first public or private? If you were to back out APL from Johns Hopkins, because I don't think that's really fair.
[15:14]
Interviewer/Host
What is, what is apl?
[15:15]
Doug Song
Applied Physics Lab.
[15:16]
Interviewer/Host
So is it like a government federal funded type? Okay.
[15:19]
Doug Song
And so I think, you know, the, the reality is that, you know, Michigan is a powerhouse of this kind of stuff and. And though I was not a good student, you know, barely got out of undergraduate life. Yeah. I think, I think I got a degree. Yeah. I tell people all the time, stay in school because whether the paper really matters or not, and I think it does, if your parents are probably paying for it, it's the access to resources. Where else? And that's what led me here because I was going to go to school somewhere in the East Coast. But when I explored the University of Michigan network from afar, realized that actually there was this had. It was stunning. You have even at that time, the early 90s, had a network that looked like NASA Ames. Like the broadest kind of concentration of broadest diversity of commercial Unix systems and I've ever seen. They had supercomputers, right. They had crazed. They had a supercomputer cluster. I was like, what even is this? This is available to students. And so. So that's actually what led me here.
[16:21]
John Oberheide
Yeah. Some people pick their school by the academics or the party scene. Doug was like, what has the coolest computers going there? And I already have access to, to all of them.
[16:32]
Doug Song
And so, you know, I think, you know, it gets. We get overlooked for that sometimes because, you know, it's like, oh, Stanford, mit, Harvard. But actually, you know, the ARPANET which everyone says, oh, I was going to first place Internet and schools were involved. It was actually the NSF net which Michigan was responsible for actually building. You know, we won the State of Michigan, University of Michigan won the award to build a National Science foundation network that didn't just connect, you know, like 10 schools like the ARPANET did, but you know, 400 research universities right across the country and that, that, that backbone of research networks and you know, and computing merged with ARPANET to become the Internet. So the birthplace of the Internet actually was here. And that's why the North American Network Operators Group is here governing all inter domain routing and how networks actually joined Internet. Right. That was all governed here, you know, here out of Ann arbor. That's why Internet2 was here. There's a long and deep history of that, plus all the systems research. If you look up any UNIX programming book Richard Stevens wrote, it's all dedicated to Michigan terminal system because it's one of the first timeshare computing platforms in the country. And that's because back in the 40s and 50s, as over in Bletchley park and their side of the pond, the Brits were sort of breaking UVO codes and Germans and ciphers and all kinds of stuff. Here we were computing bomb trajectories. All that was black budget stuff that you know, just never people didn't know about. And being Michigan, we never talk about, we're like, oh, you know, it's too humble. We built all that stuff here.
[18:01]
Interviewer/Host
That's crazy. I mean, I live here, I didn't even know that.
[18:03]
Doug Song
Yeah, the arsenal of democracy people hear about, oh, we built the first tank plan, we built all the bomber, all that kind of stuff. But the other side is all the research we invented small aperture, Doppler radar, holography, all these things that back in the day were all black budget research programs. But even all the AI stuff, I mean, classic AI, modern AI being what actually we call it, but classic AI, all those folks from John Laird and his time with Marvin Minsky and all these folks in mit, they built the first computational model of cognition here, the SOAR model. And some of the early companies like Soar Tech that since the 80s have been doing stuff with the intelligence community and DoD, like we've been doing this stuff here forever and we just never get the credit for it. And so, yeah, I mean, you know, folks like Jono, you know, as sort of like the lineage, right. Of that kind of stuff and we just never really get to do, you know.
[18:58]
Interviewer/Host
Yeah, so is that why you guys always kind of wanted to stay here? Like did you realize how powerful it was maybe before anyone else did or like maybe it was like a subconscious thing. Like it's just, there's no other choice. Like this is just the place.
[19:10]
John Oberheide
I think it was a little bit of chip on the shoulder to prove that we could, we could do it.
[19:14]
Doug Song
I mean John was a Michigander, you know, so he has, he has a little more feel for the place. I mean to be Honest, my first 15 years in Michigan, I never had gone beyond Ann Arbor and Detroit. Right. Just go to shows there. I never been to west Michigan which has, I mean some of the most gorgeous beaches in the world. And we have, we have more coastline than Florida and almost as much as Alaska.
[19:34]
John Oberheide
Right.
[19:34]
Doug Song
So like people don't realize like Michigan has a lot to offer. I didn't know that. I just kind of learned about this stuff and what happened was I just met through, you know, I mean I got caught, caught hacking when I was a freshman. I ended up plea bargaining into sort of a long term role with university as a security administrator on probation basically to work for the university. But through it I met all these graybeards, like all these hackers who, like Marcus Watts who built all the Kerberos stuff when he was at MIT and then adapted to AFS here. Like there's so many of these deep folks. Nathaniel Borenstein, who invented mime. Right. Mime is the, you know, the basic protocol encapsulating documents for the web and for email. Right. Or I don't know, some of the most famous, I don't know. Famous, is it not right, the word. But the X509.
[20:24]
John Oberheide
Yeah. All these core protocols, right?
[20:26]
Doug Song
Yeah, like X509, you know, LDAP. LDAP was invented by Tim House when he worked at the same research lab as me, Citi, and he was Ben Horwartz's co founder for loudcloud. Right. Ben Horace's notable experience with Loud Cloud and HP and before that I guess with Netscape technically and aol. That came from having worked with Tim Houses, the co founder from Michigan. And so anyway, all this stuff, you know, there's all these connections too, but
[21:01]
John Oberheide
just wasn't really negotiable for us though. We're starting the company here, we're, we're building here, we're hiring here. You know, we certainly had challenges in the seed round of, you know, investor interest or I guess investor questions about why are you staying there? Is this going to be a disadvantage?
[21:17]
Interviewer/Host
Because that kind of the Non negotiable is if you're starting a tech company and you're raising venture capital, you should just move to San Francisco. Like, it's almost like part of the term sheet, right? They just kind of make you do it.
[21:28]
Doug Song
Yeah, but here's what I'll say about that, right? I mean, because we definitely struggle with, you know, kind of the initial raise as we're kind of going out and figuring out what we do. And we did one Sandhill roadshow where my computer ate it halfway through. And so we.
[21:41]
Turner Novak
We ate it.
[21:42]
Doug Song
Yeah, this drive basically died halfway as we're sitting in the parking lot at the New and drinks and Horace, which had just been set up.
[21:50]
John Oberheide
So Doug is a perfectionist. So we're making like last minute live edits on the way in the car and like pulling up to meet Frank Chen and Dre in our first like VC pitch ever, at least in sf. And the hard drive dies and there's no, you know, we didn't have Google Cloud back then or Google Drive. And so we just rolled into the meeting and actually I think it worked really well. We could still do a demo. I had some terrible Linux laptops, so I couldn't even like open the slides.
[22:19]
Doug Song
Bill O'Reilly did whatever, like, yeah, we'll do it live.
[22:21]
John Oberheide
Yeah, screw it, you know, it's going to be fine.
[22:23]
Doug Song
Whiteboard and Johno, we did get a
[22:26]
John Oberheide
term sheet, some interest from Andreessen, but it was very much like we would expect you to be out here, that
[22:32]
Doug Song
we would have been their early investments. And this I'll go on the record for as well, because I just want to give some confidence to other founders to follow their own journey and path and heart. There's something strategic about any place that you'll be and set up right. Whether you know how to tap into it or not and make the most of that. And that's your job as an entrepreneur, right? Take the best of what's around you. And really the alchemy of turning that into some unfair advantage for us. That was Michigan, right, in Ann Arbor, because between John and I built a bunch of companies here. He had built all this amazing globally impactful work, but with, again, a research group, it had all been cranking on this stuff in some university lab somewhere. And by the time that we got to driesync, they were like, you know, going to final partner meeting. We're like, but, you know, but, you know, then you get great companies. Any great technology company has. You can start a Michigan company, any great technology company has to be in. In the Valley. And this is after. This is after. You know, I mean, quite frankly, you know, Ben had tried to recruit me twice. Once to Netscape days Pre Ol and second, came back with Tim House to try to recruit me for Loud Cloud and picked up my friend instead. And I. I just never believed that. I just saw that all this technical excellence around me, folks, that changed the world and, you know, create all this amazing value from here, and it's like, I just don't think that's true. And I also don't. I'll be honest with you, I really didn't like the vibe out there. You know, in fact, when we. When we did Arbor Networks, I had gone to try to open an office in Berkeley. We looked at the East Bay, maybe stupidly, but thinking that, you know, it felt most like Ann Arbor. But that's a problem. It was like too much like Ann Arbor. It's like, okay, this is great, but it feels like it's dirtier. It's like a dirtier Ann Arbor. Much less convenient, much more socially stratified. And, you know, why would we go through all that trouble when we could just live in Ann Arbor and continue doing it? But. But that was the consideration for Arbor Networks, because we got the company funded just at the height of the bubble. It was like February 2000, just before the bubble burst, like weeks before. Yeah, yeah, yeah. So it was 10 million, 11 million in a Series A. And then there's echo boom of the global telecom market imploding, right? And so that all had to happen. But in between, I tried to figure out, could we go and build more of a business in the West Coast? When the telecom market imploded, I just moved to New York with my then girlfriend, now wife, and we got a line of business spun up with the banks because the banks always have money. And so we pivoted from kind of doing telecom security to then internal sort of behavioral anomaly detection for banks. And that was very successful. And then we played both into kind of what Arbor ultimately did. But, yeah, I mean, at the time, even then, everyone was still looking. Even if that bubble had burst, everyone was waiting for the shoe to drop. When. When rents would fall in the Valley, it never really happened. And again, just the thing I didn't like about it, that place was. And again, I love the Valley. I love, you know, it's great to visit, it's great, blah, blah, blah. But it's just only about tech. It's tech, tech, tech, blah, blah, blah. And, like, I'm Just, I'm just not about that.
[25:51]
John Oberheide
You know, I think there's a healthy allergy to the Silicon Valley scene. Like, yes, there's great businesses being built and you know, a great ecosystem for sure. But it's. There's a lot of, A lot of folks that see that are like plain startup. Like they're so busy in San Francisco, you mean? Yeah, so busy. Happy hours doing panels, you know, doing all tech week parties, like accessories to the startup world as opposed to being focused on building their business.
[26:21]
Doug Song
Ent1 on the startup beauty pageant.
[26:23]
John Oberheide
Yeah, right.
[26:24]
Doug Song
Like doing all these things and I'm like, I don't know, man. I'm much better finding the folks that are building it because that's what I saw in Giotto. He's like, just building shit. And it's like, amazing. I'm like, dude, there's so many people like that here, right? Just heads down creating and aren't subject to that shiny object syndrome that happens in the Valley where everyone's like, oh, what are they doing? What are they doing? Jumping every eight months to something else. Right.
[26:45]
John Oberheide
I like. So it might have started with the chip on our shoulder, but it led to, I think maybe we backed into the right talent strategy for the business. One is that we had employees that would really. We would invest in them and their growth and development and they would invest back in the company and their, their loyalty and their tenure at the company where they're not getting their. One year or one. Yeah, one year vesting cliff and then jumping to the next company. They're staying there 4, 5, 6, 7, 8 years and growing with the company's needs. And it was also the case that, you know, we were trying to build a very different company in the cybersecurity space. So if we went out and we hired all the folks from, you know, Symantec and McAfee and all the sort of legacy security companies, we would have built the same shitty company those companies were. Instead we're like, let's hire people with a blank slate that aren't, you know, disillusioned by decades of the cybersecurity space like we had been. And guess what? They're going to come at it from first principles. They're going to talk to customers, they're going to design things and build things in a way that haven't been done before because they don't have that sort of, you know, preconceived notion of, of how things should. Should be done in the cybersecurity space.
[27:54]
Doug Song
Yeah, they'll bring A different toolbox. You know, expand our toolbox with other things and perspectives, solve problems from. Right.
[28:00]
John Oberheide
I mean, you look at a lot of, like, the great cybersecurity founders. A lot of them aren't from cybersecurity space. I'm thinking of like, you know, like a Christina from Vanta. Like, she was a PM at Dropbox and she understood the value of, you know, design and good user experience and you can learn security. That's not hard to do. You don't need the decades of cybersecurity experience to solve cybersecurity problems. So when I look at founders now from the investing side, I'm like, are you a good product person? I don't care if you're an expert in quantum cryptography or, you know, you did threat hunting at Mandian. That doesn't mean anything to me. It's like, can you build?
[28:36]
Doug Song
That doesn't mean something to each other.
[28:39]
Interviewer/Host
It's. It's.
[28:41]
Doug Song
Yeah, I mean, you still need. But it's almost table stakes, right? You need. You need some technical kind of grounding and, you know, something. But. But again, it's. Those same skill sets are not the same ones that will build a company.
[28:52]
John Oberheide
We already had enough of that nerdery between the two of us that we needed, you know, great folks that could do design well, that could build amazing products that, you know, would work 9 to 5 and go home to their families and friends and hobbies and weren't, you know, sure, we were working long hours, but it was not the same as sort of the traditional lean Startup Valley.
[29:15]
Interviewer/Host
Scene996. I think that's what they call it.
[29:18]
Doug Song
Yeah.
[29:18]
John Oberheide
Yeah. I mean, there are a lot of people that worked a lot, and we worked a lot because we loved it. But, you know, that, that expectation wasn't shared across the team.
[29:26]
Doug Song
Yeah, someone else came from me. We had, you know, I had thankfully had some prior experience having built these other companies with Arbor and. And so forth to refute sort of that. That position from. From folks like Andreessen were like, you know, you can only build. I was like, actually, Arbor Network's here just fine. In fact, the one mistake we made was that we. We decided that we'd follow our investors to Boston for a company called Arbor Networks. After Ann Arbor, obviously, we end up headquartering in fucking Waltham, Massachusetts. Route 128 out there. Just. It was. It was miserable. It was miserable. And I'll just say this, I mean, for any of my Arbor colleagues, I'm sorry, but at the end of the day we built a business that we built business that was successful, but a culture that was so painful that even I didn't want to be part of it. And I was the first one to leave my day job. Right. I think as first time founders, we didn't know what we were doing, had not raised venture capital, we had not built executive teams. So we followed the lead of battery ventures. And Cisco is also an investor, but again ended up hiring sort of a rotating door of hired gun CEOs and go to market folks and all the rest go to market. It's a little harder not to sort of have that happen at some level. But see, it was very painful. But that whole experience just led me to realize that you don't have to do it this way. In fact, the kind of compact that John and I had and then others like our cfo, when we really started to build a company out was that we're only going to work with people we want to work with because life is short. And so much we saw of how these companies went wrong is when founders didn't really want to trust their instincts to build the kind of teams and also really focus on building sustainable cultures like team cultures and teamwork that would actually survive the stress of hyperscale. But the other is that you need to grow as founders.
[31:20]
Interviewer/Host
How did you know when to trust your instinct when you were building duo, was there a check you guys had or was it an instinct on when to trust your instinct versus the Playbooks?
[31:31]
Doug Song
I think, and I want to speak for Jono, but I was very reluctant CEO at one point, Jon and I were sort of figuring out who should be. But I mean, there were some pretty sad moments where I can remember the call I had with one CEO who just, you know, before Cloudera, I think Tom had basically exited his prior one. What was it called? The arc. Trying to forget all the name of these companies now ARC site. But anyway, but he had, he was, he was jumping, you know, that episode. I basically was begging him, please come, you know, will you be my mommy?
[32:11]
Turner Novak
You were trying to convince him to
[32:12]
Interviewer/Host
come and be the CEO.
[32:13]
Doug Song
Yeah, because I was like, I was tired. I was like, I don't think I'm right and whatever.
[32:16]
John Oberheide
And Doug, Doug is a very humble CEO. Like we would go into every board meeting, like private session, and Doug would just be like, I don't think we're doing a good job. Like, I don't think I'm doing a good job. You know, if you guys need to replace me, let me know. And the tour would be like, you guys are crushing it. You just tripled again. And you're like, cash flow positive. And like, what? Like, no, no, no.
[32:39]
Doug Song
Like, you're doing great.
[32:40]
John Oberheide
But I think that, that almost that attitude is a really healthy one for the company.
[32:47]
Doug Song
And in general. I mean, now as an investor on their side, I mean, I don't know if Johnny feels the same way, but I prefer sort of reluctant leadership. Right. Like, it's. It's a hard job, it's a thankless. It's a terrible job, frankly. You know, it's, you know, it's not particularly fun. You know, like when people ask me, you know, like, what do you, you know, follow your passions, what are you for fun? I'm like, I don't know, I'm Asian. Like, I just like, I. I understand how to fulfill my duty, responsibility to my family, my children, my society, whatever. But for me, it's more. I get gratification of delivering the work. But again, there's always that. I think for both of us, we're trying to figure out, are we. And we would coach our own team through that too. We need to work to our best and highest purpose by doing the jobs that at each turn we're best and uniquely suited to do. And that changes as the company grows. And every six months you look around and half the team is new. Right.
[33:46]
John Oberheide
I think it was consistent that we were always trying to figure out how do we obsolete ourselves, how do we delegate more, how do we hang on to the things that we think are really important to hang on to. Doug would always say, never going to delegate product culture or brand. The product strategy of what we're building, the culture of what we're trying to build internally as a team. And the brand is that external promise to customers. And, you know, people talk about founder mode and like, should I keep everything myself? Should I delegate everything and be a professional manager? And it's. That's just like a misnomer.
[34:16]
Doug Song
Yeah, I don't. When people talk about founder mode, whatever. I don't know, I'm very skeptical. They like to say they like to Talk about like996 or like the operational kind of behavioral profile. But I don't think that's it. You know, I think it's. For me, it's always been more about like, you know, versus the math of the business, the soul of the business. That's. That's what cannot be replaced. Right. When founders move on, very hard to sort of recenter and kind of root the company because you Know, founders have more of an intuitive sense of why, why are you doing this at all, you know, why this exists and what problems you need to solve. And sometimes we often more empathy right with the customer because they have some other kind of connection to that where somebody some of their experience that led them to solving this suite of problems that then allows, that gives them the right for those customers to go solve the adjacencies. Right.
[35:05]
Interviewer/Host
That's one way I've heard people, when you get into the nuances of founder mode, it's that the founder has so much just earned knowledge over time that they just kind of know what the right decision is.
[35:15]
John Oberheide
But you also got to teach that if you want to grow, you do have to scale and delegate snow getting around that. So if you want to be the bottleneck for your entire organization, good luck with that. But if you want a, you know, 3x5x tax the company, it's just not, you're not going to survive.
[35:29]
Doug Song
Yeah. For me, founder were also part of how we thought about, you know, working with the broader team that weren't, you know, obviously not everyone's going to be founder, but everyone's going to be at least some kind of owner right through their equity. But how then do you push decision making down so that people actually behave and are able to act and solve problems as owners? And again, we hired a COO who came from Zendesk and MySQL before and you know, he had a nice way to put it, Zachary Locker, who has now gone on to do, you know, multiple more unicorns right before and after us. But you talk about pushing decision making down, you know, like I'm the CEO, I'm the janitor, so is everyone in the company. And so, you know, you have your scope or responsibility, but you have your broader sphere of influence. And so any good executive I've ever worked with is strategic about much more than just their function, how they work with others. But if you push that kind of thinking down to like every employee in the company, then you're not having to say, oh, like if a director or manager or an IC has to like run something up the chain, the manager, director, vp, C level to be run back down the other side of it, right in some other department. But instead they can just work peer to peer, right? Sales, marketing, figure out kind of the demand gen strategy, get it done. Then all of a sudden you're, you know, you have everyone in the, in the business innovating, right in every part of it.
[36:46]
John Oberheide
Remember one of the lowest moments in tenure at Duo was when I heard through not a grapevine, but I heard through a secondhand source that someone had said that Doug and John wanted to be this way. And I was like, that is so toxic. That is. First of all, it was completely false. Second of all, like, to. To rely on a higher power of authority for making a decision is like the complete inverse of what we wanted to do. We wanted people closest to the work making those decisions. And that was one thing that Zach was really good at. We'd be having a conversation and meeting, and someone would be like, well, you know, we could do this. We could do this. And Zach would sit there and say, what should we do?
[37:30]
Doug Song
Yeah, what do you.
[37:31]
John Oberheide
The person's like, see, like, I'm gonna make the decision. What do you. What do you think we should do? They'd say, we should do a. So we're going to do a. Let's do it.
[37:40]
Doug Song
Yeah. But that's. That's how we end up building. Well, to do that, we also had to build a. What we call a culture of learning together. Right. Where it's sort of blameless, these decisions and not about who was right, but what was right. And so just all this kind of work we did on kind of building a team with that, a lot of it came from the kind of culture that John and I came from of, like, open source or academia, where it's like, it's not about kind of pulling a rank on somebody.
[38:06]
Interviewer/Host
Yeah. It's like a high school kid could make a contribution that makes the project better and it works.
[38:12]
Doug Song
Yeah. And actually. And nobody has time to. So, like, you were wrong. It's like, well, yeah, I know. I tried.
[38:17]
John Oberheide
It didn't work, but there's nothing to do about it.
[38:19]
Doug Song
Yeah. And in academia, no one's doing that. Oh, you're wrong about that research result. Like, you know, you're just figuring it out. And so. And in academia and open source, the same thing. And so it was really important. So that's, you know, I think probably for. For both of us as we think about kind of the. The kind of companies we back or founders, you know, if there's any wisdom that we try to impart, it's just that, you know, you have to focus on that and a technology business, still a people business ultimately. And that's, you know, and so I. I see those. The kind of weird escalation of, like, the founder as God mode or whatever in these kind of, you know, discussions recently. It's just like, really bad, you know, it's not really how you can achieve scale.
[38:57]
Interviewer/Host
I think one thing that came up when I was talking to people, just kind of doing some research for this one thing I thought was interesting, this might not be interesting, but you gave. Everyone had kind of a personal development plan, kind of like a path to get promoted. Was that an intentional thing of just
[39:13]
John Oberheide
like everyone should know, you know, where they're at and what's next for them. And sometimes, you know, the desires and the growth of an employee matches the needs of the company, and that's spectacular. Sometimes it doesn't. So, you know, we had more of kind of your tour of duty, I think, talent philosophy, where it's like, you can work here for a few years and we hope you grow with the company. And it was so spectacular to see. Even some of our executives that started, you know, Chester started as our engineering architect, first engineering manager, first engineering director, and then VP of engineering for kind of the full history of the company.
[39:43]
Doug Song
And one of the best VPs, but one of the best engineering executives I've ever met. Right. Like, he just, you know, kills it.
[39:49]
Interviewer/Host
So what makes a good engineering executive?
[39:52]
Doug Song
I mean, there's the basic. Well, I'll let you answer, Jono, because you managed him.
[39:56]
John Oberheide
Our VP of engineering, Chester, he built a leadership factory. So he was producing managers, directors that can be VPs of Eng at any company out there. And team culture, you know, performance, the happiness was always like, top of any, you know, function in our organization. And a lot of the practices that he put in place in terms of his managerial culture ended up being adopted by other parts of our organization as well. So it wasn't like he's not leading the product vision. Got enough of that between the two of us. He wasn't, you know, on stage rallying customers, you know, on front lines of the sales team, but he built incredible sort of delivery platform for our product
[40:43]
Doug Song
ambitions, unlocking the full human potential of every person in the team in a fractal way where it just carries through. And that's a remarkable thing where you sort of have built kind of a winning franchise, as U of M like to say. Like, individual performance is a team. Performance is a broken performance. Right. But. But if you're able to. To really build that kind of culture, that's what. That's what carries. And you know, he. He did a great job at that.
[41:14]
John Oberheide
I think those IDPs were just one. One manifestation or one artifact of, you know, a healthy organization of, you know, if you want to go be a VP of Eng, like, we've got Chester. It's probably not going to be here, but we're going to help you find your next job. Like if, if it's not a fit here at Duo, we're going to make sure you're successful in your next thing. And my, you know, when I would try to recruit people, I would say, you know, Duo's an amazing place to work. But my hope is that Duo is like the springboard. When you're looking back on your career, you know, 20, 30, 40 years from now, you look back and you say that was the role where, you know, I learned the most, we grew the fastest. You know, I worked with the best people. I had some amazing experience that allowed me to jump to the next thing. Like a new sort of inflection point in my career arc.
[41:57]
Doug Song
We want to do it a big be this company to be from, right? The way that, you know, like Jono and U of M and all this stuff, right? There's a heritage, a legacy, something means to be from Michigan, right, In this way. But also, you know, from, from the open source community, right, like where everyone is a volunteer. You can't tell them what to do. You know, it's sort of like, well, how do you manage sort of teams, distributed teams and something where like again, you can't tell people what to do. You sort of inspire their work in alignment towards to accomplish something larger than themselves, but without the command and control sort of orchestration, right. That doesn't scale anyway. That's also not how you get the best work out of people, right? You need them to come up with their own agency. And so. So yeah, I mean, I think a lot of that just at a very corporate level, at a very executive level. It's like, you know, most CEOs with their executives will have something of a career contract. You know, come join me for the next two to four years. You know, what are the kind of things you're trying to accomplish in your life or career? You know, I want to do this, I want to have a family, I want to learn how to be a CMO. I want to make $40 million. And like all these things were things that fulfill for folks, but it goes down the line, right? Personally, as a open source kind of hippie guy growing up in those kind of teams, I said I don't know how to motivate anybody to do anything. I think people have their own intrinsic motivations for life or career. And as leaders, our job is simply understand that what do they want to do and then how do our Needs present as opportunities for them. Because if they can fulfill those organizations, then we're both getting what we want until such time as we diverge. And if and when they, when that happens, that's fine. We've had people who we hired I think three times.
[43:33]
John Oberheide
A lot of boomerangs.
[43:34]
Doug Song
Yeah. As, as they started other companies, as they made fortunes in Bitcoin and still came back to work for us. You know, it's like, you know, it's funny, we had all kinds of folks that were so loyal to the program and so invested in kind of how we're operating. I'm proudest of the fact that we have so many Duo folks that have gone on and recombined to start their own companies and their own journeys that
[43:56]
John Oberheide
way or still within Cisco.
[43:58]
Doug Song
Yeah, that's. Yep.
[44:01]
Turner Novak
Actually, it might be interesting.
[44:02]
Interviewer/Host
I don't know if you've ever actually, like, what is DUO for? Just someone who's been listening to this for like an hour.
[44:07]
John Oberheide
Like, what are talking about in the cybersecurity space? We love our acronyms. Right. We love tla. So there's like, you know, MFA Multifactor Authentication, sso Single Sign on. You come up with new words like Zero Trust or Beyond Corp. But Duo fundamentally we allow end users, mostly employees, to get access to their, you know, corporate applications that they need in a safe, secure, usable way. That's kind of the end user value. And then we do that via all this industry jargon, making sure that you are who you say you are, making sure you can have a secure device to access those applications and so on.
[44:42]
Doug Song
But we, we, but we critically, we make, we do it by making secure, making it easier to do things, not harder. Where most security is really about putting hurdles and put people to jump through. Of course, you know, most people understand DUO is like two factor, which is like, oh, there's a second thing to do. But also there's, you know, there's a password list, there's the, you know, things that we have really pioneered. Right. With a lot of folks to do, you know, so you don't have to really worry about logging, but maybe once a month. And we were able to, you know, enable organizations to do that with even untrusted devices, but maybe trustworthy if we can kind of verify them, but kind of again, make access easier and simplify that for organizations.
[45:22]
John Oberheide
I mean, our slogan early on was like, security sucks. Like, who has time for this?
[45:26]
Doug Song
Yeah, we never really use that as
[45:27]
John Oberheide
marketing, but internally, like when you've used security products sometime in your life like, when has that ever been a good experience?
[45:38]
Interviewer/Host
I think of it as being a nuisance that I have to figure out this secure thing to like be more secure. And I'll figure it out next week.
[45:45]
John Oberheide
Has there ever been a security product that is like, Turner, you're doing a good job? No, it's like, Turner, you're terrible at computing. Like, don't click those links, don't open that attachment. Why did you do that? And you're like, I don't know, I'm just trying to use the computer, right. I'm trying to like browse the Internet. And it's telling me I'm a bad person. And that was most people's end users experience with security. It's always telling them when they're doing something wrong or unsafe or putting something at risk. And so we had that challenge and opportunity of like, how do we make security not so painful that maybe it could be a semi positive experience? Like there's a reason why do those logos green? It's like, we want to let you in, we want to get out of your way.
[46:21]
Interviewer/Host
Green means go as quick as we
[46:23]
John Oberheide
can so you can do your job. Like, no one wants to jump through the hoops. They just want to share a file or they just want to log into Slack or whatever.
[46:29]
Interviewer/Host
It might be like 99.9999% of the people that are logging in are just like trying to do the thing that needs to be done. And then they're trying to be like small.
[46:37]
John Oberheide
Good employees. Yeah, good employees. But then you gotta plan for the worst case when it's a bad guy that's trying to get in.
[46:43]
Doug Song
Yeah, this was kind of a key insight for us, you know, was. And this is, you know, kind of trite or cliche in the wake of Steve Jobs and Apple, but you know, better security by design. Right. And the way we thought about this was really the security, Security engineering and design engineering are just two sides of the same coin. How do you make the right things happen by default? Where typically people think of security and design as being opposite. Designing about saying yes, security by saying no. They're like, no. Actually there's an intersection of this, right, where between people and technology. Proper design and security engineering can actually streamline things to make things safe, easier, more effective. And so that was always our goal, our mission as a company was to make security easy and effective for everybody.
[47:30]
John Oberheide
I think typically, you know, the cybersecurity startup in the world would, you know, they'd raise some money. Their first go to market, hires would be like 3 enterprise AES in New York and they'd sell to a bunch of banks and Fortune 500 and that would be it. And we started the exact opposite. We're like, we are starting down market with VSB and SMB and we're going to work our way up over time with product maturity. And that's unusual to have a product, an offering that meets a market need and can be consumed, purchased, deployed, managed, used by companies that are like a mom and pop coffee shop that have a PCI compliance burden because they accept credit cards all the way to your Fortune 50 federal government, your most sophisticated and, and sizable customers. So why did you find the same, you know, same thing, they're using the same product.
[48:25]
Interviewer/Host
Yeah, well, so why did you start there? Because like the 101 would be like, oh, hire the AES, go to New York, sell the banks also.
[48:33]
Doug Song
So important fact, we didn't actually start there, you know, I guess we end up there.
[48:37]
John Oberheide
Yeah.
[48:37]
Interviewer/Host
So like, what was like the seeds of duo getting started? I know there was like a document you showed me of like all these ideas you had of like when you first started it.
[48:44]
Doug Song
Right, right, right. Because I think, you know, we had seen the shift in mo of attackers. Security had become everyone's problem as kind of the Internet, particularly via SaaS, had kind of widened kind of the attack service for any more organizations. And we were seeing, you know, not just the banks, hospitals, governments being attacked, but smaller businesses, you know, auto body shops getting fleeced for 3 million, all that kind of stuff. And their banks actually disavowing kind of any responsibility, like, well, really sorry you got hacked and that's not our fault. And in point of fact, you know, there's a case here in Michigan called experimental versus Comerica where that's what happened. And the customer had an RSA token, a two factor authentication hardware token, used it. But of course the attacker, they captured the first password, but they were in line, could capture the second one and to replay that in the same timeframe. And so the bank was doing all the things that they could do in the market to solve that problem and yet the customer still got hacked. So whose fault was it? And so we looked at this thing and quite frankly, by that time I had left security, I had gone to go to Internet tv and that was.
[49:45]
Interviewer/Host
Oh yeah, was that Zatu?
[49:46]
Doug Song
Zatu, yeah, maybe the only thing more ill advised at the time than the security, but you know, with the rise of YouTube and all, I mean, Zatu is fine, the great company doing well and Hired all kinds of things but it was a little bit, it was a peer to peer video company. Trying to tone for my sins right when with what we had done with Woo and Napster. But that all said, you know, we kind of came hesitating because when, when we started the company and I was telling John hey we'll let's go build the next great security company. So well what are we going to do? I was like I don't know, like we're going to, we're going to. But what I do know is that there's something happening that we need to go talk to kind of customers and other folks about. So actually one of our very first meetings we, you know we drove I think to New York City and we met with my old customers at Goldman Sachs and Citibank had them tell us, you know, Byron Collie who leads FS isac, the you know, Financial Services Industry Sharing Incident Sharing and Analysis center. You know, what, what, what they were seeing and the, the messaging was consistent across like all these banks and also big tech account takeover. They, they just couldn't deal with the flood of compromised accounts that was happening because attackers had figured out rather than trying to you know, penetrate the firewall, rather than trying to hack this machine or compromise the application, they just fish the user and then you could do
[51:10]
Interviewer/Host
anything once you got inside.
[51:11]
Doug Song
Yeah, it's like the ocean is 11 whatever. You know, you wear the Jenner's uniform now you just roam me the casino. Right. You're supposed to be there because you
[51:19]
Interviewer/Host
just look like a normal user. Like oh, this guy Jimmy from accounting
[51:21]
John Oberheide
is just full access to whatever they should have. Yeah.
[51:24]
Doug Song
Can you bypass all the security investment that was made right to slow them down because you know, you're the user,
[51:29]
John Oberheide
you're the employee and it probably got even worse.
[51:31]
Interviewer/Host
I think you were telling me a couple months ago at the event at Michigan. It was like the cloud was kind of accelerating this mobile, everyone had a phone so just this was all just like exponentially getting worse.
[51:41]
John Oberheide
This was yeah late 2009. So you know, iPhone had been released in 2007, first Android phone in 2008. AWS was a thing but it was just you know, EC2 and S3 and still pretty immature. I think Office 365 was in beta still at that time. And so there was this explosion of cloud and mobility that happened over that next decade and Duo was benefactor of that. Both from leveraging those technologies to deploy a cloud delivered mobile first authentication experience but more so solving those security problems that were introduced by, you know, this proliferation of SaaS applications and BYOD devices through an organization.
[52:23]
Doug Song
It wasn't obvious at the time. I mean, I, you know, 2009, you know, when we were there and you know, we're sleeping on my friend Jenny's floor in Brooklyn and going to, you know, to, you know, Jersey City to go meet all these folks and all this stuff. I didn't have an iPhone. I was like, I think it's a fad, you know, and you know, I don't, I don't know if someone's going to buy that thing. I'm not using it. I've got my security.
[52:44]
John Oberheide
I'm a paranoid.
[52:44]
Doug Song
Like, I don't trust that thing.
[52:45]
John Oberheide
You had your Razer flip phone.
[52:47]
Doug Song
Yeah. Forever.
[52:47]
John Oberheide
Forever. I held out. Yeah.
[52:50]
Doug Song
But Jono, part of his PhD had been security for cloud delivered security, right. He'd done all this, he'd hacked all these other things, right? Like you find the papers, now it's not private, but he hacked all these cloud antivirus systems at Barracuda, my old employer had done all this stuff. And so seeing all that and knowing that he was actually doing a bunch of mobile security research and all this kind of stuff, I was like, huh, interesting. And of course there were a lot of points along the way where we really got challenged on the delivery of that because we're like, well, should we start with up, up market? Right? And then, you know, because it gets, I mean, based on security, it's hard if you have even halfway decent technology or product, it's hard not to get to like 10 million in revenue. Maybe it's, maybe it's overstating it, but, but you know, banks, the banks will pay for all kinds of paid pilots, right?
[53:41]
John Oberheide
And security, maybe 100k to run a paid pilot.
[53:43]
Doug Song
Yeah. And so, so it, it was maybe the easiest sledding for us to go, but we sort of had a different discipline to say, well, no, no, no, we, we really want to solve for a different end of the market. And my experience from Arbor had been if we only work with those kind of large enterprise customers, we're going to end up building a Citibank product, a Goldman Sachs product. And all this because I did that at Arbor. We ended up with an AT&T product, a Deutsche Telekom product, British Telecom product. And I was like, we just can't do that. We need to build something different to achieve sort of mass markets or adoption.
[54:14]
John Oberheide
And how do you build sophisticated technology? How do you build power tools that your 3 year old can Use, you know, like it has to. Has to work. It has to be flaming that sophisticated. But like, you know, the kids gotta be able to use it. And that was, you know, we, our first few customers were spanning that spectrum. It was cop, cp, Central Ohio, primary care physicians.
[54:34]
Doug Song
Very.
[54:34]
Interviewer/Host
Yeah, that was the first customer, right?
[54:36]
John Oberheide
Yeah, a bunch of doctors that. I think the cease over there said the doctors, their desired technology experience is for them to walk up to a computer and have it recognize how important they are like that you could not. Yeah, you could not piss them off or get in their way of patient care. Like that's what they live for.
[54:52]
Interviewer/Host
Yeah.
[54:53]
John Oberheide
Second customer, I think was Facebook, which was the whole other end of the sophisticated spectrum. And the third customer was the Sioux tribe of Michigan. Yeah, so it was like three opposite directions, but it was, it was an interesting set.
[55:05]
Doug Song
Yeah, I'm not sure if Facebook was the second, but they were early. But yeah, I mean it was, it was a sort of funny experience. Right. Trying to build more of a bottom up motion like, like I'd seen some other companies do because, you know, I come from Barracuda where, you know, they, they had worked to democratize security a different way. Selling a $2,500 kind of email appliance versus like, you know, $25,000 kind of like whatever, blue coat or whatever. And so, you know, so they had kind of built a very different model downstream. And by the way, I'll give Barracuda the credit for all this because before then there were no tech billboards or airport advertisements. Right. Barracuda were like these small ISP guys who just figured out. And so they were doing funny things. They were taking out radio spots, they were driving around cars. When I worked for them, I would drive a car that they had, a wrapped car like I'm working for Molly Maid. You know, it was so funny. But it worked because they knew their customer. They knew the small kind of ISP kind of customer. And so anyway, so these were all things we're sort of taking into kind of our strategy implicitly for duo, as you thought about how we go about it and who we wanted to serve. But long story short, probably the most important thing that rooted us in our work, even those early days, our North Star was who we wanted to serve, that we knew that. Yes, they're like, we will have to serve like, you know, enterprise customer, all the rest. But at the end of the day, if we couldn't innovate security in the end of the market, where no one really had, you know, around the mid market and particularly SMB, we weren't solving the problem because that's what attackers were doing.
[56:46]
Interviewer/Host
Yeah, it almost seems like your, your customer wasn't actually the security team like or your, your end user. Like maybe the security team paid for it, but the end user was like
[56:56]
John Oberheide
yeah, just wanted to. And that's who we had to design for. It was not for the sysadmin or the security director. It was for the people that just want to log in and be productive. And that was, you know, all the things that as we started down market that like forced us to build the power tool for the three year old, make it really seamless, easy for the end user. Like every employee, whether you're in a small organization or a big organization is going to appreciate that. So it was much easier to kind of go upstream with a product that might have started downmarket. It adds some bells and whistles. But this was also the era of like consumerization of SaaS where the way people, you know, found and tried and procured software dramatically changed from like traditional enterprise procurement to I want to go kick the tires on you know, box trial or something like that. So having that freemium trial experience for people that just sign up off the website, they don't talk to a sales rep. If they want to buy it, they can plug in a credit card. That was not new in the SaaS world, but that was brand new in security. Security had not been sort of delivered and sold in that way.
[58:06]
Doug Song
Even by the time we sold eight years later to Cisco, Cisco Security still wasn't really able to accept a credit card to accept for product purchase online. And that the. Actually I don't know if I should
[58:19]
John Oberheide
be sharing this, but anyway, no one's listening anymore.
[58:22]
Interviewer/Host
We're an hour in people. No one's going to hear this.
[58:24]
Doug Song
Yeah, but turning up a new customer for a signup for, For Cisco's other SaaS security products online meant that someone from accounting was sending a spreadsheet over to the engineering team with a list of accounts that were going to turn up. I'm like this is insane. Like what even is this? How is your assets and entitlements and all the kind of spin up of this? It's like this manual process and passing around Microsoft documents. This is the antithesis of SaaS, right? Yeah, which is why we end up spending so much time re platforming Cisco, RSS kind of stuff. But I'll say this, that commitment to sort of being thoughtful about how to solve not just the actual technology problem, we're solving but the broader problem, business problem. The actual problem we were solving was the non consumption of security.
[59:14]
Interviewer/Host
Oh like just getting the average employee just care about it like use it.
[59:19]
Doug Song
Yeah. Or giving. Giving smaller businesses or organizations or bit more at scale. You know like it was kind of funny but our, you know healthcare was our first customer. But our other largest verticals early for many years were often the spectrum. It was high tech and like Facebook, Twitter, Uber, these kind of companies and higher ed, you know, universities in the Yuri's case, in both cases they have like large kind of pools of users and stuff. If The Deploy Security 2 simply effectively fast. But in one case, you know, particularly the higher ed case they don't have the budget to do it right. They don't have, they're not going to staff out like security teams, all that. So how do you, how do you empower those kind of organization to do this stuff at scale? But it was really trying to think about how do we reshape kind of the opportunity in the market for security to be actually bought and sold for organizations that don't buy security.
[60:15]
John Oberheide
Which is why all the traditional early stage startup TAM calculations are nonsensical. The TAM that existed was mostly RSA and it was mostly large enterprise customers and didn't take into account that this need exists existed throughout the entire sort of spectrum of SMB mid market enterprise. There was just never a product that could be built and designed that is amenable to deployment in those small organizations. They were certainly getting attacked and phished.
[60:39]
Interviewer/Host
And would you remember what like the TAM number was? And then that pitch deck, that first deck you had, it was smaller than
[60:45]
Doug Song
what we sold duo for.
[60:47]
John Oberheide
I think it was around 2 billion. Yeah.
[60:48]
Doug Song
Yeah.
[60:49]
John Oberheide
Wow.
[60:50]
Doug Song
But you know, I mean I guess what I'd say is this, you know that's where now as investors on their side where we probably was look at this. Right. But like I don't know, I just feel like those business school exercises of like in estimating kind of the TAM and Sam for these, these brand new businesses is like if you're building something really of value, you're either reshaping or you're creating the market for it in some way. Right There, there's, there's, you know it's, it's inevitable if you're, if you're doing something that's really different than no one's done before. Right. Otherwise it's just incremental and someone else is just a product feature set.
[61:18]
John Oberheide
Yeah.
[61:18]
Doug Song
For something else somebody else are doing
[61:19]
John Oberheide
so and if you see a pitch deck, you, you know, you don't need to see a TAM side, you know, whether it's a big crazy opportunity or if it's like this is feature, not a company. Like it's, it's clear from the pitch that this is a small market, you don't need to size it for me.
[61:32]
Interviewer/Host
Well, so maybe that's an interesting question because didn't Microsoft kind of have like a identity login thing? Like couldn't someone say, oh duo, this is just like a feature of Microsoft.
[61:41]
John Oberheide
Microsoft bought one of our competitors phone factor and baked it into their sort of Azure MFA platform. We had a lot of that over the years. You know, Google Authenticator was released by Google for login to, you know, your Google account. But also any. I actually used that app. Yeah, yeah.
[61:59]
Interviewer/Host
And can I use the Duo app for that also?
[62:01]
John Oberheide
Yeah.
[62:02]
Doug Song
Okay. Yeah. And that app was written by our friend Steve Weiss, who, you know, or Google, who we later pulled out to go to his company with other friends of ours from Woowoo that they sold to Facebook. So you know, there's all these kind of things that they're happening where you know, like all of our friends who have been building these, it's like these aren't new ideas. The big difference is that it's not about the idea. It's about can you actually build and execute again, a go to market motion build, kind of an onboarding build, the kind of product experience that leads those customers to be successful doing this almost in spite of themselves and in spite of, you know, certainly in spite of the market because none of the security technology are out there. This is an old idea two factor. And all these things that existed for
[62:46]
John Oberheide
like 30 years, even our like amazing innovations, our you know, world changing patent innovations. We built a mobile app that has a green button and a red button. You log in, it sends a notification to your phone, you tap the green button to log in. Like not exactly app.
[63:03]
Interviewer/Host
Right.
[63:03]
John Oberheide
If it's not you. Yeah, not exactly rocket surgery, I was
[63:06]
Doug Song
wanting to say by the author of like our a hundred plus patents. But you know, but it's true, right? You know, under lessing it there's like a lot of, you know, I can
[63:13]
John Oberheide
clog code that up in like 10 minutes today. It's not the, it's not the software components that, that made us successful or not, but it was the delivery design
[63:21]
Doug Song
and the empathy for the customer and the culture we built for a team that's solving every problem for them from that perspective. Right.
[63:27]
John Oberheide
Remember at the Time we launched that. That app and we were really careful about it. We were worried, like, someone's going to see it and copy it. And we're like, okay, it probably gives us six months of a head start on our competitors. And, you know, in true sort of incumbent startup fashion, it took rsa, which was our primary competitor at the time. It took them like six years to build an equivalent app. And it was still a way worse experience. They're locked into legacy architectures and just business processes that couldn't adapt. So it was a good reminder. And going into Cisco, you see how the megacorps work and why the startup ecosystem delivers as it does.
[64:04]
Doug Song
Yeah, but being radical advocates for your customer really interpret. I mean, every. Every employee, every engineer at Duo had been in some customer call, right? Because we had a whole system by which you could sign up and join on a customer call, a sales call. That's happening. But everyone had their favorite customer stories. We had customers at every event we were doing. Right. Every all hands or kickoff we're doing. We had customers there. That's the only thing that matters. I just think people lose sight of what it means to build a business sometimes when there's so much money floating around. And it was, you know, figuring out, like, what do I do with this kind of crazy technology or capability? When really you have customers who have real pain and real budgets. Right. And they need a solution that you could. As engineers, we can solve anything. Just a matter of, like, figuring out can we organize ourselves and teams to go after it.
[64:57]
John Oberheide
I think that was the Michigan advantage of like, we, you know, we were heads down in Michigan outside of the noise of the valley, where we could focus on building great product, great company, great, great customer experience, and just not as many distractions as we could. You know, we could really, as Doug would say, get big before we got loud, like, prove out the business, show our metrics before making a big deal about it. Externally, we were a little under the
[65:23]
Doug Song
radar and for good reason also. Like, you know, Michigan was our secret weapon and we kept it secret actually for a while. Like, we never really talked about the fact that, you know, we. We never had problems hiring engineers. I mean, you know, obviously Jono and Chester and the team and did a lot of work to get, you know, really great people on board. But by and large, you know, we hired whoever we wanted to in engineering and didn't necessarily have to go to the engineers to find them. We have, like, amazing talent here and there have been not just. Not just universities and so forth. Like you know, the history of all these other startups before us that had some experience and so forth. And of course our networks, right, from, from open source, from, from hacking and so forth. And so again, you know, this was a wonderful place to build because when the average home price and it climbed here, right now it's like, oh, we're all, oh my God, it's so expensive. $400,000, right? Median home price right in Ann Arbor, which is the most expensive real estate market in Michigan. I mean, it's exploring. My friends who were moving from Detroit, setting up their companies with us here and so forth were like, wait a second, like I'm paying more for like this giant mansion, you know, and in my factory, you know, than I. Then I sold my tiny little like ranch house right in Mountain View for. And so it's just, it's just, you know, there's this real comparative advantage, right? And all this kind of thing if you're willing to get over sort of the buzzy, you got to be here and blah blah, blah. Because I said, we said we need to have a little bit of Silicon Valley in us, but we don't need to be in Silicon Valley. And our choice of investors reflected that a little bit. From true. Our seed investors, Google Ventures, Benchmark. These were all our, our routes into talent, into perspective and the valley that would merge with our own but not supersede it.
[67:19]
John Oberheide
I remember Matt Kohler, who is our board member from Benchmark, he came to a company kickoff and talked in front of the company and described me benchmark, like we invest only in series A companies in San Francisco. And then he'd be like, eh.
[67:35]
Doug Song
And the B round in duo.
[67:36]
Interviewer/Host
Yeah, maybe your B round was like valued like an A.
[67:40]
John Oberheide
No, I mean, so I mean I always felt founders nowadays people are like super dilution sensitive. They're worried about post money and stuff. And I'm like, we sold 25% of the company for a million dollars and then we sold another 25% of the company for $5 million. Then we sold another 25% of the company For $13 million.
[67:59]
Doug Song
Not that much. But not me.
[68:01]
John Oberheide
It may be more like 20 option, pool, whatever. But our first round, our seed round from Tru and I give a lot of credit to Puneet for really taking the risk and making the bet. All the subsequent rounds were like, you just show the graphs and things are going pretty, pretty great. They took the most risk. But it was a one on four post, right? That was like RB round is what normal seed rounds are. An incubation or no.
[68:25]
Interviewer/Host
Yeah, you're leaving the big corporation.
[68:28]
John Oberheide
And we had customers, we had some revenue, we had a product. But that was the market back in 2010, if you can believe that.
[68:36]
Interviewer/Host
I think one thing that you guys definitely did a really good job was like, the brand and the marketing. Like, what's the importance of that? Like, what all went into that? Because you said it was green logo.
[68:45]
John Oberheide
Like there's.
[68:45]
Doug Song
Yeah, yeah, yeah.
[68:46]
Interviewer/Host
Makes me think of like, I don't know, maybe money go.
[68:50]
John Oberheide
Yeah, more to go than money or something.
[68:53]
Interviewer/Host
I don't know. I'm just thinking of like, green is not security color.
[68:56]
John Oberheide
No, Everything's like red and black and scary. And you go to the convention halls and there's banners everywhere of, you know, it's not a matter of when, you know the attackers are in. What are you going to do?
[69:06]
Interviewer/Host
Yeah.
[69:07]
John Oberheide
And we're like, this is nonsense. It's like super defeatist and negative. And I think, you know, it was, it was deep customer empathy. We would, we would tell the stories of our customers, challenges and plights. And there's, there's one that we would tell in every onboarding that we called the duo Pizza Play, where when there's a breach that happens, a CISO is running around, their hair's on fire, they're trying to respond to this breach. Maybe it got leaked in the news and they're dealing with. Their executives are like, what happened? What's going on? What's affected? You know what happens in that situation. BDRs from every security startup find that ceaseless cell phone number and they call them and they say, if only you had bought our product, this wouldn't have happened. And it's like, is that what the CISO needs, especially at that moment in time? I don't think so. Like, that's very obvious. You take half a second to think about it.
[70:04]
Interviewer/Host
Yeah.
[70:05]
John Oberheide
So one of our sales plays was we would send pizza to the company hq. We just ordered pizzas, maybe some like Red Bull or five Hour Energy and say like with a car that's like, so sorry this is happening. Like, hope this is helpful. You know, give us a call when you come up for air. And the, the, the love, the credibility that engendered where people are like, this is the first time any vendor has actually done something like remotely net positive for me in a crisis situation. And that doesn't happen unless you truly understand, like, what's happening.
[70:40]
Interviewer/Host
What is your customer actually going.
[70:42]
Doug Song
It's not.
[70:42]
John Oberheide
Again, it's not rocket science, but it's just like good fun.
[70:45]
Doug Song
People do tabletop exercises. But you know that you're gonna have pizza when you're working late night, right? Getting stuff done and all this kind of stuff and just one less thing to think about. But it's also. Michigan's a pizza state, so I'm sure that has something to do with it. Actually, one of our first sort of funny experiments with this stuff was a pizza. Your pizza script, John Pizza bot calling up Domino's Pizza to order us, using Twilio to order us pizza. But we were before Domino's had their online ordering and stuff, we basically hacked our own.
[71:18]
Interviewer/Host
Like you made a online order because it would, the bot would call and place it, right?
[71:22]
John Oberheide
Yeah, not even online orders. On phone.
[71:24]
Interviewer/Host
On phone. Okay.
[71:25]
Doug Song
Yeah.
[71:25]
John Oberheide
It was not very good. We didn't have LLMs back then, but yeah, you know, it was like they. I remember, you know, we had an employee who worked at another company that had gotten breached, and when he heard news of the breach, the first thing he did, he's like, I went and I bought a sleeping bag from like Home Depot. I have this first actions. I need to get a sleeping bag because I'm going to be responding to this at the office for like the next three weeks straight and I'm going to be sleeping here, so I need a sleeping bag. It's like, if you, if you understand like the, the situation that, that, you know, customers or responders are in, you'll do things different as a, as a company and as the company grows more 2, 3, 4, 5, 6, 700 people. It's hard to scale that industry knowledge, that empathy. But if we told a story like that in onboarding, every time there's a new set of hires that came in, they heard that story. They didn't know exactly how to operate when they cold call a customer or when they're on a CS renewal call. But they knew that story and they could kind of emulate, like, how should I be interacting with customers? How should I be treating them? You know, they're coming up for renewal and they missed a renewal date. Should I turn their service off?
[72:39]
Doug Song
No, no.
[72:40]
John Oberheide
Why would you do that? Like, you know, give customers some grace. Like they're, they're working in complicated environments.
[72:45]
Doug Song
So, you know, so we had Personas, as many people will do for users or the product, but in our case can be them for the, for the customer. And you know, just like, you know, in sales, people will do the kind of enterprise mapping of like, who can veto the deal versus who can improve it. And all that kind of things. But in our case, and we had to think about, you know, who will operate this thing, you know, what's going to be so the impact of, again, how security is actually managed. Right. And how can we ultimately support, you know, all that. Right. Including, you know, some of the features that we had in the product that were overlapping what would be other entire product suites. But because we could see every product that, you know, every device people were logging in with, we could show kind of full inventory.
[73:23]
John Oberheide
Right.
[73:24]
Doug Song
Of all that. Here's all the devices, right? They're being used, right. In your environment to log in, and here's what they're running and here's what their security profile looks like. That was just kind of a whole set of IT asset management kind of capabilities that we could also round up as part of our product and have as the integrated context for what people would normally have to figure out when they're dealing with these kind of things, responding and so forth. And so anyway, at the end of the day, and Jonas says, we work really hard to build this kind of customer kind of culture within the business. But to your point earlier about marketing and positioning, you know, the green, the name Duo, like, none of that was from the start, Right. We started with red and black. We started with a name called SIO Security, which is a terrible name. But I brought on board a friend who was first an advisor, later came in as our creative director, Pete Baker, who now did Anthropic. Right. So he did all of anthropic stuff. That is pretty good. You know, of all the AI platforms, it's by the most.
[74:22]
John Oberheide
If you've had a good run.
[74:23]
Doug Song
Yes, you know, it's not bad. He also did Tesla. He also did Clif Bar. He did some other things before Duo. And we specifically gave him the directive. John, right. Do not do anything with two. Do not do anything with keys and shields. Do nothing. And of course, he proceeded to do those things early, but he also took us through the process of branding, thinking about this stuff in ways that would have a broader sort of appeal, broader impact, more accessible. You were like, please, no to anything. Silo Security means in Latin. I know security, but who cares? It doesn't matter. And it was also based off of Sioux Township, right outside Ann Arbor. Doesn't matter. And he was like, no, no, Duo, because, you know, dual factor authentication, all these kind of things. And also the Duo, or duality of security and design, these kind of things. So there's all kinds of, you know, brand potential, all this stuff. But you know, part of it was also for John and I, having been at these other companies, just not wanting to repeat all their mistakes. So I guess they were just not inspiring in a way that we need to be inspired. You know, one thing I appreciate about John, okay, to know him better beyond his hacking, was that he was also a rap fan, you know, and east coast hip hop. Yeah, good, good. And you know, not 90s hip hop, which is the best. The golden era of hip hop. And you know, and as a skateboarder, I was like, you know, I told Pete I want to build something that's, you know, that sort of legacy brand. And, you know,
[75:54]
John Oberheide
I think your goal for Duo's brand was like, be the best, like skateboard brand. Like, that was, you know, aspiration.
[76:01]
Doug Song
And now we actually have a skateboard company.
[76:04]
Interviewer/Host
Yeah, I think they're like, you know,
[76:06]
John Oberheide
if you could ask pretty much any employee at Duo, like, describe the customer journey, like, describe all the touch points, not just the end user perspective, but describe how they work through our sales team, through marketing, through procurement, through legal. And we had just interesting sort of experiences where there was. There's one point where our legal team instructed our engineering team to remove the eula. We had a click. Through eula, you install a mobile app, there's an end user license agreement and you click accept, right. And our legal team was like, we should remove that from the mobile app. And the engineering team is like, why? Like, this is like a legal thing. It's supposed to like cover our ass if, you know, the app causes your phone to explode or whatever it might be. Legal team's like, well, first of all, these like click wrap agreements aren't actually enforceable and it makes the user experience painful. Like, we know there's like support requests that come in where people are like, I don't want to accept this. I'm, you know, not going to use the app. And to have a legal function that's thinking about that customer user journey is, you know, it's remarkable.
[77:07]
Interviewer/Host
Legal would be the only department that knows you don't actually need that.
[77:10]
Doug Song
Yeah.
[77:11]
Interviewer/Host
Like everyone else, like, of course we need this.
[77:12]
John Oberheide
Or how, how that legal team can design a customer contracting process that works for, you know, negotiating one off customer paper agreements where they've got, you know, negotiate and close 10, you know, enterprise deals per quarter, but then also design a process that allows us to grow close 1000, you know, SMB customers per quarter. So every function in the organization had to figure out how to, you know, design and service both this low end of the market, high volume, you know, transactional business, as well as the more sort of typical upmarket enterprise.
[77:47]
Interviewer/Host
Speaking about legal, someone told me, oh, boy. The first expansion into Europe in the Middle east, semi related, maybe not.
[77:56]
John Oberheide
Who told you? Sorry, who told you it went bad?
[77:59]
Interviewer/Host
There's actually two people that brought it up. So what was it like trying to expand into Europe and the Middle East?
[78:04]
John Oberheide
I think there were a lot of things in our duo experience where they went really well. And I always think of the late Daniel Kahneman who said, success is talent plus luck, and great success is a little bit more talent and a lot more luck. And we had, as a business, we had so many tailwinds. I like to think that we built an amazing product, amazing SaaS, transactional model, but we had the tailwinds of cloud adoption, of mobility, just these massive industry drivers that if we were bad at everything, we might have still done okay. But I think, you know, hopefully doing things better than bad made us more successful.
[78:55]
Doug Song
Yeah, but we actually have this. I mean, you know, there was an incumbent market that was not very forward thinking and never would have gotten, in my opinion, to some of the scale that we had. At the same time, we had to engineer our luck. Right? Like, there are points at which there was a customer who came at us and offers just like a very. When we were very small, they were offering basically double our entire annual revenue with a single deal if we would put our product in a box and have it on premises.
[79:24]
John Oberheide
Gavin Belson, like, can you just put it in the box?
[79:27]
Doug Song
And we ran a whole exercise. Quite frankly, we ran through a kind of design treatment, trying, like, well, what would it look like?
[79:32]
John Oberheide
It's a beta, you know.
[79:33]
Doug Song
Yeah, we ran through this thing until we had sort of board meeting and our independent board member at the time, Stratton Sclavos, who was the former CEO of VeriSign but also was on Intuit's board and Juniper's board, Salesforce's board actually left him to his board join ours. But he, he was like, wait, wait, wait, Doug. Like, don't, don't do that. And we're like, wait, Scratton. But like, don't we want to double the revenue of the, the company with, you know, big enterprise, referenceable? Like, he's like, you, you built this company with a vision and a commitment to, you know, and, you know, vision of kind of leveraging John O's and like, you know, security from the cloud and all that. Why would you, why do you just stick to your knitting? Because he said it was very remarkable. It was remarkable to me. I said, you know, the last guy to tell me that, tell me, give me this story, was Mark Benioff sitting in that same chair in his office. They're like, Mark Beno, send the same shit to me. I need to put Salesforce on a box. And he said the same thing at the time. Do not do that. So follow your gut, follow your intuition, stick to your, you know, have the conviction, right, to follow through and the courage to do something different. Because everyone's seen that you guys are doing something different. And you have customers that have demonstrated that it's possible to build, deliver in that way.
[80:43]
John Oberheide
That same customer also said, we're on BlackBerry and we would never adopt the iPhone. So Morgan Stanley.
[80:51]
Doug Song
Yeah, yeah. And so Stratton's advice was, again, skate to where the puck's going, all that stuff. But he said, you are building the future. Right. Don't let the past hold you hostage. And so it was, I mean, one of the most impactful things that, you know, Stratton had done for us. Right. And sort of giving us the courage to go after that, which was not trivial.
[81:12]
John Oberheide
You know, our organization is going to outsource their most sensitive, from a security and availability perspective, authentication process to a third party cloud service. This was, you know, the cloud was not proven and this was a high risk bet. But I preface that with like, Duo did a lot of things well, we had a lot of success.
[81:32]
Doug Song
Yeah.
[81:32]
John Oberheide
Even the things that did not go as great as we hoped there, you know, you kind of roast into glasses. In hindsight, you're like, well, it didn't sink the company, but we certainly could have done a better job. And I think, you know, our media expansion. Now when I work with companies that are considering international expansion, I always encourage them. The, the culture and institutional knowledge transfer is so huge. And I think that's a place where we, we missed, we spun up teams in EMEA that had no experience with Duo, no connection. You're literally across the ocean. That made it more challenging.
[82:06]
Interviewer/Host
So it was just like a mercenary, like, go sell this.
[82:08]
Doug Song
Well, not quite that bad, but we did have a guy who went there for a year, Patrick Garrett, who was about as cultural, as much of cultural care as you can imagine.
[82:18]
John Oberheide
That was. We needed to transplant that knowledge.
[82:22]
Doug Song
But there were things that didn't translate right. Because the US Market for security is not sold the same way as in Europe. Right. Europe is basically all through distributors, right. Resellers. US has a lot of resellers as well, but there it's more of a two tier distribution system. And so again there's, there's more things and it's a highly fragmented market and all this sort of stuff and it requires localization and certain markets and you know, different, you know, the cloud, there's even more so regulatory stuff. So there's just a lot to work through and it just took us longer to kind of get through it all. But, but ultimately, you know, we had,
[82:53]
John Oberheide
you know, slower start, new line of business, new region and the rest of the business just kicking butt like the rest of the business is, you know, 200%, 300% year over year growth. You start this new thing and you're like, all right, we expect it to like at least keep up with the same growth rate. It's smaller, it should grow. And it's like, you know you're, sometimes your expectations are misplaced and it takes longer for that ramp to start.
[83:15]
Doug Song
But, but I think one way to, to rationalize and think about that is the overlapping kind of S curves of growth. Because you know, where we were, where we're at kind of scale, right. From startup to growth to scale mode, was it different sort of behavioral profiles, operating profiles, things to do. You know, we were at scale with our US direct, you know, inside SaaS, business. Right. Inbound marketing, all that. Where we hadn't kind of figured this out was you know, Europe Enterprise, certainly federal. Right.
[83:42]
John Oberheide
More public sector folks, outbound channels were all new investments.
[83:47]
Doug Song
Yeah. And so there was a layering of that stuff we need to do. But there was also this reflection of, you know, one of the ways that we would do that would be to there's a lot of routes to success for, for, for startup talents, for people in the company. Sometimes they'll go through the linear sort of like oh, you know, ic, manager, director, vp, whatever. Yep, executive. But sometimes, you know, it's sort of like working across because often, you know, startup folks are, who are really happy dealing with the chaos. So we're going to start, you know, the journeys, they're great at that stage, but not great as US Operators. Right. Just doing incremental stuff or optimizing later or managing sort of, you know, large teams or through you know, a first and second, third line management. And so again it was one of the big bets of we did make was to send this fellow Patrick over there because he's a startup guy through and through. He will always be the 0 to 1. And you know, he was, he was a good culture booster. As we carried over to Europe, it's just that he himself was sort of unprepared because it was his, I think it was first time in Europe and he, you know, living there, it was
[84:56]
Interviewer/Host
like a double culture shock. Like importing culture, fashion culture, like different culture.
[85:01]
John Oberheide
But like founders are always like, hey, I've got this early team and they're like not making it to the next level. I feel like they're getting left behind. Do I fire them? What do I do? And it's like you, you just have to find new projects for them to work on. You got to find the new initiatives that are that zero to one where they're awesome at that and you can't always expect them to grow to the kind of scalar growth basis.
[85:20]
Doug Song
So different, different place where the geographic expansion really, I mean much better than we ever would have imagined was, was actually Austin. As we kind of outscaled, you know, Ann Arbor's, you know, available commercial real estate or even it's, it's you know, residential. We needed to figure out where else to expand and so we opened that office in Austin. But sending a bunch of people, it was like a whole crew, like a welcome crew from duo here down there who liked kind of the early kind of build and could be the sort of microcosm, right. Of all the functions represented. Because we didn't really think of these offices as like a sales office, whatever. They were sort of like the everything
[85:58]
Interviewer/Host
office, all the functions.
[86:00]
Doug Song
And so that's what it was. And you know, I remember when our, we opened up a 30, what was a 30 person office there during Austin Startup Week, right For an open house, right. For, for people. 3,000 people came through. It was crazy. You know, and in large part, you know, we had, you know, these cultural ambassadors, such a good job kind of finding, you know, rooting themselves in the community, really being great, great, you know, not just brand ambassadors, but helping to build, you know, like Jono had been doing all these like tech talks here, right in all the community and that translated very well down in Austin. And you know, so anyway, so you know, I think the important thing here is it's like when you, when you build something to scale, it doesn't have to just be that you're now this giant corporate entity but. But you can be sort of fractal, right? In this kind of startup way where you have like pods and teams and engineering team must manage the same way where you had like pods that were also cross function of a designer, a security engineer, developers, a product manager. And so in genre's role where in product and engineering, they were kind of creating kind of whole teams kind of unto themselves. They could operate independently. They didn't have to raise something up through the leadership team to get something done. They could just actually execute kind of two pizza rule or whatever, I guess.
[87:17]
Interviewer/Host
But yeah, I was going to say that's what it reminds me of. It's just like the small team. Actually. I think I might know what this means, but I don't know for sure. There's a saying say no to dope.
[87:28]
John Oberheide
Say no to dope was what we described with the on premise Duo. On Premise Enterprise was our acronym for duo in a box.
[87:38]
Interviewer/Host
So you just like say no to on prem. It's basically. That's where that comes.
[87:41]
John Oberheide
That's where it ended up. Yeah, we said maybe at first and then we, you know, Stratton helped clarify. You should say no.
[87:47]
Interviewer/Host
Yeah, okay, maybe. I guess I missed the timing on that question, but I just thought that was hilarious. That that's, I mean it was a
[87:53]
John Oberheide
great don't do dope.
[87:54]
Interviewer/Host
Yeah. And then you also, you played a role sort of in the Solar Winds, a very high profile Solar Winds thing. Like what was the, what was Duo's kind of like relation?
[88:04]
John Oberheide
Yeah, I don't think that was ever fully disclosed.
[88:07]
Interviewer/Host
Yeah, I couldn't find it. I was on the Internet.
[88:09]
John Oberheide
So SolarWinds was the company. SolarWinds, they sell like network management products. And there was this very probably one of the most significant breaches in history of a supposedly Russian state actor broke into SolarWinds, backdoored their product and then all of these SolarWinds deployments across the Internet, federal government enterprises was a backdoor into those networks.
[88:39]
Interviewer/Host
And SolarWinds was a security company. Right.
[88:41]
John Oberheide
So yeah, security network management, it sort of wins.
[88:45]
Doug Song
You know, we, we had some earlier kind of connection too because Kenny Van Zant, who was the president and CEO at the time, who later went on to become the president CEO of. Of Asana. Asana. Thanksana. But Kenny had a really, I mean he was growth hacker kind of fellow but he, you know, he had a, I mean he was one of the guys we also sort of took some cues from is when SolarWinds built their product, they're focused on what do you call the wow moment or something? The golden motion. You called it sort of the tipping point between marketing and sales where again, it's the product kind of value that leads you through it. And so when they showed up at trade shows, they would just have demo booths and pull people in, say, hey, you want to see Something I was like, well, what? No, no, come. Just put your hand on the mouse, check this out. And then within 30 seconds of them sort of playing with the product. Whoa. This is actually really interesting. Tell me more. That insight was a large part of it. And also some of the things that we actually did with Duo, right, where our trade shows kind of had similar demo booths with not a lot of marketing around them, right. And all that kind of thing. But so we felt bad when that happened at SolarWinds because we knew, Kenny, we knew the journey they'd been on.
[89:52]
John Oberheide
This is like worst case incident was like Russia was in US treasury, email systems was in.
[89:57]
Doug Song
Careful what you say.
[89:58]
John Oberheide
Everything. Everything.
[90:00]
Doug Song
Yeah.
[90:01]
John Oberheide
Across, you know, highly sensitive organizations. And they also were going after security companies. So they had compromised Mandian, which is a kind of security incident response company that eventually got bought by Google. While they were the attackers were sort of exploring, trying to move laterally within a manian's network was a Duo customer. They logged into an account that was protected with Duo, which set off some red flags within Mandiant. Mandiant ended up catching that intruder, tracing it Back to the SolarWinds, you know, software discovering that SolarWinds was backdoored and then exposed this, you know, sort of worldwide compromise.
[90:42]
Doug Song
This was the point of some of the interaction that, you know, Jono and team had designed into the Duo app, which is that you could report fraud, right. If it wasn't you logging in, it's like, no, that's not me. That becomes positive signal, right? To a security team saying, like, actually wait a second, like our entire user base, which has basically been deputized, right, as security monitors personnel for our organization. See something, say something. And that's what happened. And so again, there were a number of incidents like that where Duo was sort of the canary in the coal mine, the bellwether for kind of what would happen, uncovering some larger breaches. But yeah, that was. Happened a lot, but maybe not the scale that SolarWinds was at.
[91:28]
Interviewer/Host
And I think I saw that you burned only $14 million to get to 100 million.
[91:36]
John Oberheide
I think that was.
[91:37]
Doug Song
There's a lot we overraised, but yeah,
[91:40]
John Oberheide
we raised more money than we needed. Should have done a stock buyback. I mean, we thought we were growing quickly. We did T3 D2 or triple, three times and double twice. And like that was, you know, that was really good. The other side of the story was we were doing that while being close to, you know, we were cash flow positive for a couple years of that.
[92:02]
Doug Song
Yeah.
[92:02]
John Oberheide
And so I think, you know, even now that's like a T3D2 is like, oh, that's, that's cute. In the world of, you know, AI
[92:09]
Interviewer/Host
VCs will like get on and be like, I triple every month.
[92:12]
John Oberheide
Yeah. You haven't gone from 0 to 100 in less than 12 months. And you're not a real company anymore.
[92:16]
Turner Novak
Yeah.
[92:17]
John Oberheide
But if you look at the other side, so the bottom line, efficiency, I think that's a place where we were really special in terms of the sort of net burn to get to 100 million.
[92:28]
Doug Song
We saw like, I think Tamash Senguz wrote about this early at redpoint, but we claimed we were the best asset metrics he'd ever seen.
[92:37]
Interviewer/Host
Oh, really?
[92:37]
Doug Song
Yeah, yeah.
[92:38]
Interviewer/Host
What were the metrics? I think you sent in an email, I guess summary, but was like the general, like, I mean we had in the growth.
[92:45]
John Oberheide
We had that T3D2, I think we burnt. We burned 8 million of capital to get to a hundred and maybe burned like 20 million at the time of exit. Overall.
[92:55]
Doug Song
Yeah, it was like 1, 3, 10 30, 75, 140 something, you know, 200 something in our ARR. But the burn ultimately was very low. I think it was about 14 to get to by the time we were about a hundred, which we weren't trying
[93:13]
John Oberheide
to be cashflow positive in those years.
[93:15]
Doug Song
It was our own fault.
[93:16]
John Oberheide
Grew faster than we expected. We couldn't hire enough. We couldn't hire fast enough to hit our hiring plans.
[93:22]
Doug Song
Yeah, our plans are always to actually burn more, spend more. Yeah. But the other part of it is, part of that was we raised later rounds with Lead Edge Capital, maritech, the growth investors kind of as a mezzanine to what had been our ipo. And some of that was because, you know, strategically we had been doing things internally and the team looking at, well, what could we do to do inorganic growth or do we. Because we have friends who had great companies and we were telling you we even had like a target company we were looking to buy. And I remember having this conversation with Jeff Lawson, who was very helpful from Twilio about what he had done en route to their IPO, which is tank up 100 million cash on the balance sheet to go, you know, experiment and gain some experience doing this before you try to acquire the public eye. Right. As a public company. And so those were lessons we, we had taken because we, we had well over 100 million cash on the balance sheet when we exited. Which is to say that we, we didn't need to raise Additional money. We never touched it, but you know, it's fine because it was also cheaper.
[94:27]
John Oberheide
It's always that, that balance of, you know, we would walk into the board meetings and we'd have done our 3x or we'd overachieved our first half plan or something like that. And of course, as board members would say, why can't you grow faster?
[94:43]
Doug Song
We'd sit there and we're like, I
[94:45]
John Oberheide
don't think we can. And I remember Zach, our coo, had a slide with a roller coaster loop to loop and people falling out of the roller coaster. And that's how it felt. Like we were trying to grow responsibly without doing a bunch of dumb stuff. Like we certainly could have pulled more marketing levers but we didn't have ones that were not, we didn't think were wildly inefficient.
[95:12]
Doug Song
It was also, I mean we were pretty explicit with a team because the team would ask these questions too. And we were also open book right. About all this stuff. We had. Some of our management systems were sort of funny, but we had a board report we did before every board meeting, before every mid quarter board call where every One of our VPs would write three to five paragraphs of plans, progress and problems of their function. I'd write sort of a preamble about the kind of story of the business in that timeframe and we share that with the board for comment and also calibration have every board meeting. So we don't spend the time just doing the weather report off the slides, but really focus on two or three topics of strategic concern that we had and they had. But also we'd share it with the entire company. And so they all knew kind of how we were investing for the money, where kind of growth is coming from, what our big bets were and why and, and you know, some of our most insight, I mean our CFO thought it was so funny that some of our most insightful SaaS metric questions would come from guys like, like Martin Thoburn, one of our video. Yeah, you know, sort of engineers. Right.
[96:10]
John Oberheide
And all this stuff if like a software engineer, it's like, Paul, can you tell us why the CAC ratio changed for their in market segment, you know, last quarter? And Paul be like, I'm so glad you asked.
[96:18]
Doug Song
It was, it was kind of ridiculous but I mean we loved it that people were so deep that way. Yeah, but, but at the end of the day as we're kind of building this all out and together with a team and kind of looking at all these kind of things. The one thing we said we would never break would be our culture. The governing factor kind of limiting our growth was cultural coherence. And not that we were hiring for people for cultural fit, because we always talk about hiring people for cultural contribution, all the kind of things. But what we weren't willing to risk was the worst outcome that I'd ever seen of startups. When you have people running around not knowing what they're supposed to be doing.
[96:55]
Interviewer/Host
Oh, so just. Yeah, okay. So just causing chaos, probably the loss.
[96:59]
John Oberheide
There's no one to, like, point them in the right direction. There's no way to like, get. Hopefully all of your employees are like, roughly pointed in the right direction. Obviously there's some natural variation, but.
[97:06]
Doug Song
But we saw that some of our customers, frankly, right. As they were hyperscaling, growing much faster than us. I remember we had a funny question during one of our board meetings from. From our. Our team about. On. On the firing of Travis Kalanick. Right. From Uber by our board, our board members. Right? Yeah.
[97:24]
Interviewer/Host
Oh, so there was concern is like, will you guys get fired?
[97:27]
John Oberheide
Yeah.
[97:28]
Doug Song
There's this question like, so how do we. Point to me like, so, Doug, how do you feel about having an investor who just fired a portfolio CEO? Right. And I was like, well, I know them well. I know he's asked what happened to the extent that they can share because the Holder report at Uber never was published, thankfully for them. But as our board member Matt Koller got tagged in by Bill Gurley to go, you deal with now and Matt, and we would buy drinks for him after his board meetings, I was like, I'm proud of the fact that we have an investor. There are more ways a company can fail than just financial, but also moral and ethical. And so the fact that they've taken sort of care to kind of do this, because there were lots of reports of things that were, like, really deeply disturbing that were happening at Uber that, again, move fast and break things. Sure. But when you have some of the disclosures that were happening of like, you know, you know, sexual assault or abuse, all these things, you're like, that's not. That's never going to be on us. We're never going to suffer that kind of thing. That's not what we built an organization. Right. That's never going to be on our conscience or our responsibility. We have, we care for, again, the broader journeys that our people and teams have with us than just what happens at work. And so anyway, so I was proud of that fact that we had ethical Investors and all that kind of thing. At the same time, I questioned, so why are you guys invested in snap? When Evan's like, we're never going to ipo. We're never going to make a profit. Right. Anyway, they did.
[99:05]
Interviewer/Host
I mean, that's on that note, I think probably the craziest line was. It was a couple years ago with OpenAI. Sam Altman, in an interview, journalist was like, so how is this OpenAI nonprofit thing going to make money? And then he said, the AI will figure out how to make money or something. And this was like five years ago, six years ago.
[99:23]
John Oberheide
It's always great product pitch when you're like, if our product succeeds, there won't be a need for money.
[99:28]
Doug Song
Yeah.
[99:29]
Interviewer/Host
And I think, so what is the scale of Duo today? Like, I know if you look at Cisco's earnings page, I think the security line is like 2.1 billion in revenue. And like, no, that might be, that might be quarterly.
[99:42]
Doug Song
Oh, it might be. Oh, it might be quarterly. More than that.
[99:44]
John Oberheide
Maybe that was a quarter. They don't break out Duo. They don't break out SaaS. But it's, you know, it's a billion plus ARR now.
[99:51]
Doug Song
And John left, I think two years earlier than I did for Cisco. But even that time frame that I was there, you know, the, you know, the. We have doubled the global security business there. Right. Um, but it was not no surprise. And I think, you know, it was in all the earnings calls. I mean, Duo is the fastest growing business since not just in Cisco Security, but in Cisco.
[100:11]
Interviewer/Host
I saw that. Yeah.
[100:12]
Doug Song
Fastest growing one for all four years straight. And, and so, you know, we, we, we, we did a lot there. I just say.
[100:19]
John Oberheide
Yeah, so it's, you know, it's, it's kind of fun. Even though we're both not. Not involved anymore, there's not that many, you know, SaaS, companies that have reached the billion dollar ARR. Milestone. I maybe like, I don't know, 30, 40, I'm not sure, but a hundred thousand customers across all industries, organizations, shapes and sizes. It's, it's fun to see the company and the team succeed well beyond our individual tenures there.
[100:43]
Interviewer/Host
And they and Cisco almost didn't acquire you, like, wasn't there. There's like some false starts.
[100:47]
John Oberheide
Cisco almost acquired us and then almost didn't acquire us. And then almost acquired us and almost.
[100:53]
Doug Song
No, no, no, they didn't really acquire us. They made a bid and we're like, no, that number is like not even, not even the zip code. But you know, they Made overtures and so forth and they had interest for
[101:03]
John Oberheide
a couple years at least and then
[101:05]
Interviewer/Host
they ended up paying like three times more than they originally, more than, more than double.
[101:09]
John Oberheide
We had, we had corp dev exercise in like 2016, 2017 and bunch of folks around the table. But this was, you know, the, the price tag at that point was like 7,800 million range. And we actually signed a LOI. Surprisingly with Workday, which is a little bit out there in terms of product strategy, HR, your HRIs, which is really your ground truth of identity and that flowing down into duo to kind of apply security controls. It was an interesting strategy. I don't think the go to market would have worked given workdays like heavy enterprise customer base and our broad market applicability. But that deal fell apart a couple days before we were supposed to sign the merger agreement and announce. And in hindsight that was a really good thing because instead of selling for 7,5800. I don't remember what the price tag was.
[102:11]
Doug Song
It's always a one, but the start with the one. But even then, even then it was something that our, our board was sort of like, why you have to train now, you guys, you know, you're. Because we were continuing to double the business. Right? And that's kind of what happened between the year in which Cisco kind of made the offer and then actually consummated one.
[102:29]
John Oberheide
I give a lot of credit to Matt Kohler that when we first brought him, you know, one of one of the offers in that that go round, Matt said you're not worth, you know, 800, you're worth at least 2 billion. And we're like, oh, that's cute. Matt, thanks for the feedback. We understand you've got this amazing portfolio with Uber and Snap and all these things. We only got one portfolio, one. And then sure enough, 12, 18 months later we came back with an offer from Cisco that was around 22 plus. And Matt said, you're not worth 2 billion, you're worth 10. We're like, oh Matt, you were right last time, but this time I don't think you're right. But in reality, if we had kept going, especially in the height of 2021,
[103:13]
Doug Song
the public market, I don't talk about it. I don't talk about it. It was only a couple years ago that I finally put that one away, put it under my no regrets category. Yeah, I just got it on my site, but it's fine. But it was at the time the largest multiple ever paid for a private stock acquisition. The Catalyst Folks would know it also was followed by, you know, others that kind of superseded it. Right? Yeah.
[103:44]
John Oberheide
Mulesoft, there were some big ones after that, right?
[103:46]
Interviewer/Host
It was like 2.1 billion. Is that the number?
[103:50]
John Oberheide
Am I remembering 2.4, depending how you count it.
[103:53]
Doug Song
2.35 was the way they like to count it, but you know that the total, the total was more because we kept our cash.
[104:00]
Interviewer/Host
Oh, got it. Okay, so makes sense. What, what did you learn after the acquisition? So you guys mentioned some things about like enterprise go to market, people staying at Cisco. Like what, what was kind of the lessons you guys learned?
[104:12]
John Oberheide
I think you, you, you learned a lot of lessons of just things that we took for granted in terms of like that, that staying close to the customer, that customer exposure. You know, you go into Cisco megacorp and I don't want to pick on Cisco because it's true of many large organizations where you just don't have the exposure to the customer. Your engineers are not on calls with customers, they're not interfacing with the end users of your product. And you know, just understanding why startups win so frequently because they have that, that pace of innovation, that sort of rapid decision making cycle.
[104:48]
Doug Song
It's also just a matter of scale too. I think just Cisco as being a hardware company, you know, really dominated, you know, the, the obviously that market. Right. The.
[104:55]
John Oberheide
I think it was like there was so much effort put on when you're inside an organization like that. There's so much where you're kind of working in the business as opposed to like on the business or with customers where so much of time is dedicated to are you managing within 5% of your monthly OPEX envelope? Are you preparing for the qbr? Are you making the business case for your new asks for the next fiscal year? And you just kind of lose that sense of like what are we doing every single day? That's building value for the customers. You can kind of get insulated within the big organization. On the plus side, Cisco is the best description I heard is a, it's a carrier strike fleet. Like it is slow, it is massive coordination across not a aircraft carrier, but an entire, you know, platoon of boats. If you can move that and send it to the destination, you know, craft it to your desires, you have unstoppable power. Like if you can take that massive go to market machine of 300,000 sellers both direct and through their channel, then you will just grind away at that market over time. But you have to invest for that long term. It's not like, hey, we Make a decision and then we're going to go do this tomorrow. It's like, how do we influence the system and organization to get the recurring offer component of the, you know, General AM's, you know, comp plan for the next year to favor a SaaS product or favor a security product. It's those kind of long term influence operations.
[106:35]
Interviewer/Host
So they were probably all set up around like just selling routers to people every whatever period. And then you have to figure out like, okay, well, there's like some software
[106:42]
John Oberheide
that you're, you're a Cisco am and you wake up, you say, what am I going to Talk, I got 200 products, what am I going to talk about with my customer today? They have a $10 million catalyst switch refresh that they need to buy. I'm going to focus on that. This 200k duo deal, maybe they need some MFA, but I'm going to close this $10 million deal. Maybe I'll tack on some security along the way. And so those were sort of the structural challenges when you're going into a bigger company and that's not just a security company and that's not just a SaaS or software company.
[107:16]
Doug Song
If you build other emotions and sometimes real understanding, respect for the opportunity. Like I remember we had a later independent board member, we recruited Hillary Copland McAdams who was the president of Salesforce, but before that, you know, she led the build of Oracle Direct at Oracle, something that Larry Ellison was like, I don't think this is going to work and I don't know if I even want to do this, but it'd be on like a third of his business. Right?
[107:39]
Turner Novak
What is it?
[107:40]
Doug Song
Oracle Direct, basically all their direct SaaS business and so forth and other.
[107:44]
Interviewer/Host
Oh, so all the software.
[107:45]
Doug Song
All the software, yeah.
[107:46]
Interviewer/Host
Oh, I mean, okay.
[107:49]
Doug Song
So, you know, sometimes we kind of learned is that, you know, our experience. And again, for any founders looking at kind of large company kind of acquirers to merge with, there's kind of three ways that goes. It's either sometimes their way, right. As you're assimilated into the Borg, sometimes it's your way where you're so peculiar that they don't know what to do with you and you sort of stay independent business unit. And they never really sort of get the benefit right of why they acquired you, except everything's just harder for everybody. And then some of the third way, which is what we pursued, which is truly an integration, right? It's not our way, it's not your way, it's a third Way we need to come up together, right. And someone coming with fresh eyes, coming with some of the old eyes experience success scale. But finding the intersection of that is a lot of work but it's very intensive in terms of people. We spent so much of our time with our early journey and integration of having our leaders spend all this time with all of Cisco's corresponding leaders to the point that our head of security became the head of security for all of Cisco and later GitHub and now GM. But we spent a lot of time elevating our leaders not sort of forcefully into positions of kind of control or anything like that, but giving them sort of the platform within the business, within broader Cisco to really kind of have influence. Right. And help pull together and kind of share a platform of learning where a design community came out of kind of duo coming into Cisco partnered with all the other kind of design leadership but then actually having again an established kind of culture of how we did this stuff that again other design leaders there could finally feel like they could plug into and we could build something larger right for Cisco from. And so there are a lot of these kind of things that we were really proud to be able to contribute. But at the end of the day, once that all was done, like Jello says, our job is to obsolete ourselves. Yeah, we did.
[109:55]
John Oberheide
And it's, you know, there's, there's a lot of puts and takes with going into a big company like Cisco. But there was, you know, the people were excellent and we would come in and say, remember walking in being like, hey, so what's Cisco's zero trust strategy? Like this is kind of what we're doing, you know, how do we, how do we fit in? And you know, the leaders were very open. They're like, we don't have one. That's why we bought you. We paid 2.4 billion for a zero trust. You guys tell us what to do. And that was, that was certainly refreshing of coming in and not saying this is the way we do things but being open to how do we dualize Cisco in the right places and how do we syscoise duo?
[110:34]
Interviewer/Host
How did, were you able to like suss that out ahead of time or is it just complete luck that it turned out that way?
[110:40]
John Oberheide
Yeah, I wouldn't say. Yeah, I don't think we.
[110:42]
Doug Song
There's no easy, there's no easy path to it. Yeah, once, once it was like, you know, day, day, day one or day zero or it was a lot of scrambling quickly like let's meet each other and let's do all this stuff.
[110:53]
John Oberheide
But, you know, everyone wants to touch and feel the shiny new object. And you get outreach from 70,000 employees and thank you.
[111:00]
Doug Song
Oh, but they were very welcoming in that way. And also different than what we've seen other companies do. Like when Palo Alto acquires companies, they sort of just rip the face off of the products. They just slapped them right behind kind of panorama. They kind of have this force. I mean, they have a dedicated integration engineering team where it's like, yes, you have engineers, but we have ours and we're going to take your code and figure out how that should slide into what we do. And so it's just, you know, there's, there's different ways, different companies do it. Jessica was. It felt like more like welcome to the tribe kind of thing. Yeah.
[111:31]
John Oberheide
Spend the time to understand our business and what makes us tick and I'll spend the time to figure out theirs. So I, in hindsight, you know, I think it was the right. Right home for the business for the long term.
[111:42]
Interviewer/Host
Yeah. And I think long term, like Doug, you. We were before you started recording, you're talking a lot about. You're really focused on Michigan now, really excited about doing so. Like, what are you up to day to day now?
[111:54]
Doug Song
Well, post, Post Cisco, I was there for quite some time, but the last three years I've been traveling to 22 countries, sort of, you know, getting kind of lost out of my system. Not doing a lot in security. Jono's been doing a lot more in security, I think.
[112:09]
Interviewer/Host
Yeah, you're on like some boards. You're like telling me about all these
[112:12]
Doug Song
different products, but by and large, you know, trying to. We have a family foundation, but we established a family office to try to help strengthen and serve the communities we're part of, mostly here in southeast Michigan. So between Ann Arbor, Detroit, but up to Flint and. Yeah, but it's tech in a nutshell. It's tech, media and real estate, but in a way that we think we can combine because Michigan is so rich in all these forms of capital, like obviously intellectual capitals, our own research universities, human capital. Just amazing kind of talent and just work ethic and all this kind of stuff. Physical capital. Brickland, Detroit, where we have all these amazing buildings and all this kind of stuff has been built for a city for 2 million people, but it has 600,000 left in it. An amazing, I mean, a lot of financial capital. Actually, Michigan's still one of the richest places in terms of individual wealth. A lot of old money that's here from what had been the second wealthiest kind of city in America and all this. But where in a lot of cultural capital. Certainly this place represents. From birthplace of punk rock with Iggy Pop and Arbor to Detroit Rock City and Motown and techno and jazz and all the things. But I think the thing that we're really focused on is the social capital. How do we intersect these things and build more opportunities for folks to come together to co invest, to build upon these forms of capital. So we create shared prosperity in a broader way because that's a lot of what we saw coming past. Duo Ann Arbor is very successful. Ann Arbor, we were the first unicorn. We were the first multi billion dollar tech exit in Michigan. There have been 12 more since. In fact my.
[113:54]
Interviewer/Host
Wow. I did not. That's way bigger than I would have thought.
[113:57]
Doug Song
Yeah. Yeah. In fact my neighbor sold her company last fall. Just a couple of months ago I walked my dog with her and we're in a neighborhood. I didn't know she had a company. She sold for 2.2 billion. Right. Histasonics. Right. And I was Jen, you didn't tell me you had a company. And she's like, well, I didn't think you'd be interested. You know, it's like life science. I'm like, are you. Come on, are you kidding me? But it's a lot like that. And even beyond that, there's so many more. You have just amongst its graduates has had 46 unicorn founders. But only three of them. The only three of those companies represented actually stayed. Yeah, we were the first Pitchbook.
[114:31]
John Oberheide
Data is pretty crazy. U of M is the seventh or eighth biggest educational institution worldwide. We're tied with like Tel Aviv University for producing founders that go on to create venture backed tech startups.
[114:47]
Doug Song
And so I just think this is like a. It's not a missed opportunity, but it's just tremendous opportunities. I guess. I. I still don't like to talk. That's why I've been so quiet. You don't see me doing a lot of stuff publicly because I'm just like, this is great. There's a lot of great companies. Opportunities for us to get into only here.
[115:01]
John Oberheide
Exclusive for the peel.
[115:02]
Doug Song
Yeah.
[115:05]
Interviewer/Host
A lot of secrets exposed to here. Yeah, I think I saw that Michigan has a top five business and engineering school and it's like the only college. I mean some of these rankings, who knows how they do them. And it's incredible.
[115:17]
John Oberheide
It's like top 10 programs in like
[115:20]
Interviewer/Host
100 plus different like schools like nursing or information systems or insert the breadth
[115:25]
John Oberheide
and Diversity of excellence is wild, but
[115:28]
Doug Song
we just have to do more because we also realize that keeping it secret this way means that we stay more siloed, which means that there's not the flywheel. Right. Of reinvestment. Like we just had another fellow just you know, last month. So Jim Scappa sold alternate engineering for 10 billion in Troy, right. John O's hometown, just a couple months ago.
[115:48]
Turner Novak
What was the company called?
[115:49]
Doug Song
Alter Engineering to that point.
[115:51]
Interviewer/Host
I mean I've never heard of it.
[115:51]
Doug Song
I don't even any mechanical engineer in the world knows it. It's simulation software for aerospace, for automotive or anything advanced manufacturing sold to Siemens and I think he's in athlete California now, but he's a University of Michigan tierborne grad.
[116:09]
John Oberheide
And was it one stream that just I think went private for 6 billion?
[116:14]
Interviewer/Host
Yeah, once you're in, it's also like kind of like HR software. I don't own with accounting.
[116:18]
Doug Song
Yeah, I have a friend there.
[116:20]
Interviewer/Host
It was like owned by KKR I think Bonnamone. And did they go public or.
[116:24]
John Oberheide
They went public and I got taken private.
[116:26]
Doug Song
Yeah, they are, yeah. So that was, you know Tom Shea is a great heads down entrepreneur but again sort of like, you know, I was on one podcast with him and I haven't seen him since and it's a lot of stuff, it's like, like that right where we have all this great sort of things happening and now we need to talk more about it, you know, and sort of like connect more the dots and stuff.
[116:45]
John Oberheide
Especially the founders that are, you know, coming out of the university and just allow them to understand that there is a path if they want to stay here. I think of Ethan Gibbs from Embedder who was I think a sophomore junior, started a, I guess you'd call it cursor for embedded hardware development. Won a pitch competition in school, decided to move out to the Valley, got into yc, you know, raised a great, great seed round. But the reason he left was he's like all of my customers are in San Francisco, like a software city. That's why I would go there. And you know, we need to show that there's a paved path that if you, if you do want to stay here, if you want to build a different kind of company, that it's, you're not taking on a huge other chunk of risk in addition to the risk inherent in building a startup.
[117:32]
Doug Song
Yeah. But also this parts and part is also just selling the place. You know, like we, we invest another company in, in John's hometown in Troy Viscom to AI, which is like a automotive engineer who worked at Honda and his co founder and he moved out to San Francisco for that Freedman's thing, AI Grant, you know, did that whole thing and he's like, yeah, I kind of like it out here, you know, I'm going to stick it out. And you know, like no. And then this co founder is like, yeah, Kayleen. He's like, yeah, I'm going to move out there too. I'm like, no, like dude, like why? Because their customers are here, their customers on automotive and you know, all this, it's like. And granted they raise like a 20 million, you know, seed round or whatever, so they're great. But you know, like I say, you need a little bit of Silicon Valley in you, but you have to leverage with strategic kind of about where you are. And I just think it's kind of nuts to try to build, you know, it's hard to build optionality for companies even in AI out in the Valley when talent's expensive and the valuations are so crazy. I don't know. And our advice, I think both the founders always has been maintain optionality because like you say, like John said, you have one portfolio company, right.
[118:55]
John Oberheide
You know, in all those rounds of financing, the 1 on 4, the 5 on 20, we could have, we could
[119:00]
Interviewer/Host
have pushed more, we could have pushed
[119:02]
John Oberheide
for higher valuations and less dilution, but we didn't want to paint ourselves into a corner.
[119:06]
Doug Song
Yeah, don't ride over the top, right. Don't block yourself out from the things that could happen next.
[119:10]
John Oberheide
And if things go well, it's not going to matter at the end.
[119:13]
Doug Song
As you know, startups are binary outcomes. Right.
[119:17]
John Oberheide
I'm very jealous of Doug's place making, particularly here in Southeast Michigan because my scope is, is all over the place working with startups in San Francisco, Austin, dc, London, mostly through board service, like trying to work with, I think back on the different phases of duo and that kind of years of hypergrowth from 10 million ARR to a hundred was the most fun and chaotic. And that's where I like to work with companies now. I'm not useful in 0 to 1. I'm not going to tell you what to build or how to build it. Go talk to your customers. Yeah, 1 to 10 is kind of interesting as you start some commercialization distribution. But I think the fun, meaty, kind of Softer challenges of 10 to 100 are where founders need to go. From that you can sell 10 million of anything and once you get to there, you kind of got to throw out most of your practices, all the things you do that don't scale to get you to 10 million, you got to figure out set of different tactics for that next order of magnitude and
[120:18]
Doug Song
also level up as a leader, which is always. That's hard. Yeah. Founders need friends. And again, that's one of the biggest challenges you have here is they don't have enough density sometimes for folks to feel like they belong. Like they see, like founders want to be where founders are. And again, there's not as many here, but that's why we have like, Michigan Founders Fund, which has kind of created a somewhat artificial but geographically unbounded community of those kind of founders here, but increasing. That's why that's. I mean, to be honest with you, that's why we're doing real estate. I don't really want to buy hotels or, you know, do neighborhood scale, whatever,
[120:50]
John Oberheide
but creates this undergravity.
[120:51]
Doug Song
Yeah, but we have to. We have to create the kind of place and product Detroit needs to create the product for scaling. Companies want to be. The nice thing is that there's a whole category of them that are all fighting to sort of come here, which are all the industrial companies, right? All the. Anyone building anything that reads a factory, they come here like, oh, my God, you have factories coming out of your ears, and you have the talent for it, more importantly. And so that's the thing that we sort of need to kind of pair up and see. But, you know, and you know, we have companies like Remora, right. Like, Paul Gross came here from YC and built like, this amazing business that has, like, you know, nine figures of off day doing, like, carbon capture out of, like, trucks and trains. But he's not from here. He's like, no, this is the best place to build my business. And, you know, he's doing it here, and there's more of that coming. So the other thing I'll say is that, you know, also, whether it's. Whether it's for direct investments and working with founders or the words with like, you know, LPs, you know, Michigan is also kind of a sleeper kind of thing. You know, obviously, you know, you need different kind of work to get either sort of over the line right here, where sometimes people aren't as oriented here, but there's. There's great family offices, great institutional peace here. They're great founders that, you know, just. But sometimes what they're doing, I got to wrap my head around. Like, you're doing mushroom. What are you doing?
[122:09]
Interviewer/Host
What is the mushroom? What's the mushroom one.
[122:11]
John Oberheide
Psychedelics.
[122:12]
Doug Song
No, no, no, it's a cool one. There's one that's doing as actually a tech transfer. It's out of. Not even from here, but out of University of Minnesota. They're applying and they have a SBIR with DOD for army based kind of PFAS remediation. But they use fungi to do PFAS remediation?
[122:27]
John Oberheide
Yeah.
[122:28]
Interviewer/Host
Oh, interesting. Like in the ground, sucking it up
[122:30]
John Oberheide
out of the ground.
[122:31]
Doug Song
Yeah, yeah, it's cool stuff.
[122:32]
Interviewer/Host
PFAS is like that forever chemical that just gets in your body, never goes away.
[122:37]
Doug Song
That's now part of our food pyramid. Apparently the way that we're going minimize your consumption. Of course. Right. That's.
[122:45]
John Oberheide
I mean, you know, the university environment has so much deep tech, you know, climate tech, hard tech, pharma, medical devices. It's incredible to see what comes out of there. It's not a lot of SaaS because you don't really need, you know, if you want to build some software, just go build some software. But to see the pipeline reports coming out of University of Michigan, other universities is. It's awesome.
[123:06]
Doug Song
Yeah. So I'm meeting people here. I'm like, wait a second because someone once told me I'll just go invest in some Chinese biotech ETFs. They'll be good. And then I looked at who's doing them and I'm like, wait, there's the dude here who is my friend, has taken four of these companies public in Hong Kong. The most recent which is like 4 billion and they're living Ann Arbor. I'm like, wait a second, what are we doing here? So I'm begging this guy, please kind of get into your company. He's like, no, we're funding it on our own, like 20 million until we get to a point of 100 million valuation, then we're going to go out. I was like, please, please, please let me get in this damn thing. And I'm trying to find every, you know, hired a guy who can do like life sciences, coming from a different family office and this stuff. So for me it's been like all this like I, I like feeling like a beginner again, like not, you know, and learning all that stuff from the ground up and navigating it. But it's been really fun because we have, you know, other things we have to from our experiences and networks and access to bring to bear to them. But it's really fun to do in the context of a community. Right. Where we're going to build together here and stuff.
[124:04]
Interviewer/Host
So do you wish there was more of that in Ann Arbor or in southeast Michigan or.
[124:08]
Doug Song
We always did when we were doing it.
[124:09]
John Oberheide
Yeah.
[124:10]
Doug Song
Yeah. I mean, you know, and that's why this exists, you know, like, you know, we. We help Bamboo expand from Detroit here and then Grand Rapids and Royal Oak and. And so forth. The coworking space that we're sitting in, you know, we've been doing real estate. We're the real estate partner for. But, you know, I don't know, just. Yes, I've gotten comfort with. And also a lot of interest in real estate, particularly now is if it's not gold, if it's not crypto. You need some assets.
[124:39]
John Oberheide
Hard assets, too.
[124:40]
Doug Song
You need some hard assets right now.
[124:42]
John Oberheide
We need more gps. We need more emerging VCS and solo gps, like turning ovac.
[124:47]
Interviewer/Host
I got to convince more people. We all got to convince more people to move here.
[124:50]
John Oberheide
We got Blaker Ausch today, southeast Michigan
[124:53]
Doug Song
with hidden Roger Ehrenberg back here.
[124:55]
John Oberheide
Game changers.
[124:56]
Doug Song
Yeah.
[124:57]
Interviewer/Host
Starting a movement.
[124:58]
Doug Song
Yeah, there's a lot. Cool.
[125:00]
Interviewer/Host
Well, this is a lot of fun. Thanks for taking the time to do this.
[125:03]
Doug Song
Thanks, Turner. Thanks, Turner. Love what you're doing and love that you are doing it here.
[125:07]
Interviewer/Host
You almost need to find people who have a weird bias to Michigan of my family's here or my customers are here. That's specifically why I would stay here
[125:15]
John Oberheide
for me, have some sort of ties. But then you still have to. You still have to show them that it can be done. There's supportive infrastructure around you. There's a path, but there's stories that you've. You've heard.
[125:25]
Doug Song
But it just depends. Like, you know, I remember when I met Alex Wong from Topiary Capital and realized that, you know him, he's been my neighbor for, like, three years down the street, but not realizing he was managing director of Intel Capital. Not realizing that, you know, he's.
[125:38]
John Oberheide
He's.
[125:38]
Doug Song
He has all this money he's raised from his time at, you know, 15 years. He led D.E. shaw. Right. And all the, like, he did here. And he's, like, doing this stuff on his own, or he's only here because he wants to raise his kids here and, like, thinks it's a great place to do so and all this kind of stuff. He has no connection in Michigan. I'm like. It's just weird, right? Like, there's like, these sleeper kind of folks throughout here. You know, as a founder we just talked about earlier, I'll mention this because I don't want anyone else going for him. To invest in. But like, you know, like there's some like amazing, you know, world class talent all just like doing their thing and no one knows, you know, it's like. And so it's fun to uncover this.
[126:14]
John Oberheide
Some of that is Ann Arbor is such high sort of talent density, like super educated. Everyone's like way overqualified for everything. And so, you know, you throw a rock and you hit like 10 super qualified people and you might not know in depth what each of their areas of expertise are, what they might have done in the past.
[126:32]
Doug Song
So the open invitation will be that if there are any funds out there that want to do this, because we host this stuff all the time tours, right, of folks coming through Ann Arbor and Detroit, whether it's for tech investing, whether it's for art collecting, whether it's for, I don't know, other stuff. We're happy to sort of get people sort of plugged into kind of the ecosystem that does exist here. And again now, increasingly there are going to be some places again, I think we're going to be at a point pretty soon where if any VC wants to have a temporary office, they want to work from Detroit. I've got multiple buildings they can do that from. We can kind of help set that up and just help create more of that opportunity.
[127:11]
John Oberheide
There's more like scout programs and sort of incubators that are being set up, particularly around the university where there's so much like untapped pipeline that is not maybe fully exploring research commercialization. So there's some folks that are setting up programs here where they're getting first looks at the pipeline coming out of the university. But it's, it is more specialized expertise than just, you know, technology and software.
[127:35]
Doug Song
Nice.
[127:35]
Interviewer/Host
Well, this is a lot of fun. Thanks.
[127:36]
Doug Song
Yeah, thank you.
[127:38]
Turner Novak
And thank you for listening. Thanks again to Numeral on Flex for supporting this episode. Put your sales tax on autopilotumerl.com and upgrade to Flex Elite to get a thousand dollars on your first card using code turner at the waitlist link in the description. If you like this conversation, please like comment. Subscribe and I'll promise to stop suggesting who named things after me? Somebody changed that. If you missed it, make sure to check out the back catalog of over 100 episodes. Tune in over the next few weeks for guests that include Gary Tanyc Chay the Pudding at Benchmark, Jake Stoke at Serval Mike and Nikhil at Footwork and Scott Stevenson at Spellbook, one of the fastest growing startups in Canada. If you don't want to miss any of these subscribe to my newsletter The Split linked in the description to get each episode plus the transcript emailed directly to your inbox every the week. Thanks again for listening. See you next time.