Description
Dug Song and Jon Oberheide are the co-founders of Duo Security. If you’ve never heard of Duo, it might be one of the most underrated software stories of all-time. Starting in 2010, they burned only $14 million to hit $100m in ARR, were acquired by Cisco for $2.35 billion in 2014, and now rumored to be doing over $1 billion in ARR inside Cisco 16 years later. We talk about how they built one of the most capital efficient SaaS companies ever from Ann Arbor, Michigan, and how their focus on the customer and company culture helped them win in a crowded cybersecurity market. We talk growing up in the early hacking culture of the 90s, why most security tools are painful to use, sizing their market, solving for non-consumption of a product, and how Duo flipped the model by designing for end users instead of security teams. We talk about staying in Michigan instead of moving to Silicon Valley, and why staying out of the tech bubble helped them execute. We break down the mechanics of scaling from zero to $100 million in ARR, everything they learned integrating with Cisco, and why more founders should build outside of San Francisco. A quick thank you ex-Duo employees Zack Urlocker, Ash Devata, and Katie Kilroy for their help brainstorming topics for the conversation. Try Numeral, the end-to-end platform for sales tax and compliance: [https://www.numeral.com](https://www.numeral.com/) Sign-up for Flex Elite with code TURNER, get $1,000: https://form.typeform.com/to/Rx9rTjFz Timestamps: (4:49) Meeting from Dug’s Wi-Fi honeypot (7:33) 90’s hacking culture and cybersecurity’s wild west (14:49) How the internet was born in Ann Arbor (18:58) Staying in Michigan instead of moving to Silicon Valley (31:20) Philosophy on leadership and team building (39:48) What makes a good engineering leader (44:01) Starting Duo to make security easier (45:22) Why most security products suck (48:36) How fixing account takeover became a $1B ARR company (59:10) TAM, competition, fixing the non-consumption of security (1:04:04) Being a radical advocate for the customer (1:08:35) Duo’s pizza sales play (1:12:45) Branding lessons from Anthropic, Tesla, Cliff Bar (1:17:47) When to say no to customers (1:21:27) Importance of culture when scaling (1:27:56) Duo’s role in uncovering the SolarWinds breach (1:31:29) Scaling to $100M ARR on $14M burned (1:39:30) Inside the $2.35B Cisco acquisition (1:44:02) What big companies get wrong about customers (1:51:53) Building Michigan’s startup ecosystem Referenced Duo Security: [https://duo.com](https://duo.com/) Cisco: [https://www.cisco.com](https://www.cisco.com/) University of Michigan: [https://umich.edu](https://umich.edu/) Follow Dug Twitter: https://x.com/dugsong LinkedIn: https://www.linkedin.com/in/dugsong Follow Jon LinkedIn: https://www.linkedin.com/in/jono Follow Turner Twitter: https://twitter.com/TurnerNovak LinkedIn: https://www.linkedin.com/in/turnernovak Subscribe to my newsletter to get every episode + the transcript in your inbox every week: https://www.thespl.it/