Managing Investors, Budgets, and Expectations w/ CJ Gustafson
A SaaS101.Live Interview
I had the pleasure to host CJ Gustafson for a 60-minute interview December 7, 2023.
CJ is most famously known for his blog, Mostly Metrics, and his extremely well received podcast, Running the Numbers.
His day job is CFO of PartsTech where he most recently led the company’s $35M Series C funding in May 2023.
Some of the topics we cover:
How CJ has been dealing with the 2024 budget season following elevated spending (and easier funding) in recent years
How investor conversations have changed overtime, especially in regards to balancing growth and profitability
How CFOs needs to ramp up on understanding new technologies
How CFOs can balance the endless requests for incremental cybersecurity spending vs. measuring the true risks and ROI
Want more of CJ?
CJ was a guest speaker at our last SaaS101.Live workshop. If you want to interact and network with more amazing speakers, check out our SaaS 101 bootcamp 👇
📣 Starting in 2 days! (+ $100 Off)
If you’re passionate about the SaaS industry and modeling key metrics we have an amazing bootcamp that will jumpstart your investing trajectory:
SaaS Metrics and Modeling. Understand key SaaS metrics (ACV, ARR NRR), Billings vs. Bookings, and FCF margins. We provide detailed financial models of top SaaS companies and the basics of how to model them.
Cybersecurity Deep Dive (hosted by Francis (Software Analyst)). In-depth overview, frameworks, and analysis into the cloud, endpoint, and network security industries. We also dive into CrowdStrike, Palo Alto Networks and many exciting startups.
9 Live Sessions (15-18 hours) filled with interactive content, Q&A, and networking
Recordings + lifetime access to all sessions to watch on your schedule and advance at your own pace
Two guest speakers with CISOs & SaaS professionals (we previously hosted CJ Gustafson and the CISOs of Datadog and Deepmind)
Slack Community of cybersecurity professionals, researchers and Investors.
Incredible Networking. Join students from Goldman Sachs, Microsoft, Bank of America, Palo Alto Networks, Cowen, SVB, Scotiabank, VCs, ETF Managers, and many more!
Please enjoy my interview with CJ Gustafson (lightly edited for clarity):
Thomas Robb: Just as a quick intro, I would imagine that most people do know CJ or have read some of his stuff or have seen him across all the social media platforms. He's a CFO of PartsTech. I don't know if that's considered your full-time job or your full-time job is Mostly metrics, but he is a CFO and obviously the writer extraordinaire at Mostly metrics. Last I checked, I think you're at over 30,000 readers on Substack. You've been in finance now for what, 11 or 12 years I think, was obviously creeping on your LinkedIn before this. I think you've touched every single CFO org over your time and has obviously now finished or as currently in the CFO position.
You started your career off at PWC in M&A, moved into private equity and then sounds like you kind of got the itch to go into FP&A, moved to Snyk, which I think a lot of people are very familiar with in 2019. I think you were there for about three years in director of FP&A and finishing as director of IR and now the CFO of PartsTech. I think the most recent you guys just raised, and I'm assuming you did 99.5% of the job of raising that Series C led by OpenView. Obviously you can hear CJ is a big runner and boxing and just had his second daughter, so he is a very, very busy man.
CJ Gustafson: This is the nicest intro anyone's ever given me. I got to tell my wife all the nice things. Can I pay you to send this to her? Thank you.
I'll be your hype man. I'll just follow you around, give all the introductions and stuff like that. But did I miss anything? That's the most important part. I said a lot of things.
No. I was ecstatic to join because first of all, Thomas and Francis are two of the smartest people I know within the finance and cybersecurity spaces and both kind of worlds have collided for me in the past and their topics near and dear to my heart. So anytime I can hang out with people who are passionate about the same stuff, fellow nerds of the internet, I'm always game. Plus I got out of doing bath time tonight, so I'm here.
Okay. Maybe just to kick us off just since it's probably top of mind for you at the moment, but what have been the biggest challenges as you're going through this budget season?
Obviously we're coming off of two or three years of a lot of exuberance and free money and that helped all of us hide a lot of probably poor decisions in the past and I think a lot of people are now trying to fix that in this coming year and probably the past year as well. So just curious how that's going for you so far, especially when you think about all the other annual budgeting processes you previously led.
Yeah, I've probably been a part of at least seven that I can remember, and a lot of people joke that budgeting isn't sexy and whatnot, but I look at it as the training camp to get the org into shape for the following year and it forces you to come to grips with wherever the bodies are buried. And I think the biggest challenge, or not really a challenge, but really theme is just getting people to agree that every hire we make has to count. And a lot of people use COVID as this demarcation in the sand of when things change. But I was a part of orgs before then where I think there was this tendency, maybe not to the same extent, but it was definitely there, this tendency to let people just build fiefdoms or miniature empires within companies. And managers over the last five to seven years, I firmly believe have only been taught how to hire, they haven't been taught what to do when times aren't as good or how to get more stuff done and elevate the people they currently have. And that's an entirely different skillset.
So I've worked directly with people who were amazing at building, like I said, fiefdoms, but that's an entirely different ball game than actually just running a company with the people you have. So I think it really all starts with just not hiring people you don't need to in the first place. And I think one of the common misconceptions that startups and even big companies is that having more people means you can do more. I actually believe that to a certain extent, you're just adding more nodes to the network and that's another person that you have to communicate in order to get stuff done. So I've been at companies, like I was at Snyk, I was employee 150 and then when I left it was 1500. So we literally 10X-
In three years?
Yeah, in three years. It was just over 1500.
Every six months I say it was a new company, it really was. And I was redefining my role for better or worse with whatever what was going on at the time. But I was responsible for two and a half operating plans you could call it. I mean, if you throw in the COVID operating plans, that was like five operating plans in one year. I was doing all those too. But at the end of the day, I think I'm a firm believer that a small group of determined smart people can get a lot done and that's the ethos that I try to bring to the companies that I'm at now.
Yeah, that's super interesting. And I've definitely experienced a lot of the same. How we have always framed it is there are peacetime CFOs and executive teams and there's wartime exec teams and CFOs and one can be much more fun than the other. But in reality, long-term over time, running a business is always going to be making hard decisions and it's either you're going to do it or you're going to have to kick the can down the road and someone else is going to have to make a much, much harder decision later in time.
And a lot of people budgeting were doing it from the perspective of what's great for next year, and they were over optimizing for one year. They weren't looking at it in a three and five year timeframe. So you had asked what the biggest challenges or themes were. I think the other one would be getting people to say, okay, if I give you that, what does this set you up for in 18 months? What does this set you up for in 24 months? Because I always look at it, like next year is great, but what's the year after the year? Because I don't want to do something next year that jeopardizes that.
Yeah, exactly. And I think that's part of my next question really, is again, going back two or three years, we're in this time of free money to fuel growth at all costs. And you said earlier that all that growth typically was, okay, I'm a manager. The only thing I've ever been taught is hire more people and they kind of get the exact same stuff done. In reality, it's usually a decrease in productivity because you have too many cooks in the kitchen kind of thing.
How have your conversations with investors changed over that time and trying to balance, like yes, we do need to obviously make smarter decisions and I think a lot of investors will obviously look from the outside, look at and consider some broader metrics, but maybe not necessarily understand the super nitty-gritty details. And sometimes you have to bridge the, we're going to burn a little bit more than you think, but there is a good reason that we're doing this. How have you found balancing like, hey, we need to keep the investments going. Obviously we're a tech company, we have a lot of TAM to go after versus like, hey, we can't just give up our market share gains and stuff like that. How have you balanced that?
I think I position a lot of it around the burn multiple. So I'm saying, I'm committing to give you this many millions in top line while going through this many millions in cash that you've given me and then the year after, this is how it's going to be more efficient than before. But I think, and this may be a contrarian opinion that not all investors actually want you to be all that efficient. And I don't mean it in a negative way. I mean that they're in a home run game, they're not in it for singles. And if every company was super efficient and cashflow positive, they wouldn't have a job. Investors are quite literally in the business of giving you cash.
So I always find it funny when they say that investors want you to be super efficient, get the cashflow positive as soon as possible. That's a soundbite that a lot of investors give, but we wouldn't need your money then and you wouldn't be on the cap table. So I think, yeah, efficient, it means don't make dumb decisions to me. That's what I read it as. It's not, don't burn money.
Right. And I'm curious, so now you've been at a couple different startups. I don't know if you were involved in capital raising at the company before Snyk, but would you say that your exposure to investors so far has been more VC or more growth equity or have they been half-and-half or?
It's funny, I've worked backwards my whole career from, like when I was at Providence Equity on the PE side, it was later stage investments within media and entertainment and tech. And then I went to Veeam and they were backed by Insight and it was their growth-ish later stage fund. And then I went to Snyk, which was VC, but then eventually we got to the crossovers. So I did go the whole spectrum and they each kind of have a different forte.
And it also depends on who the investor is because I looked at each... Each investment firm is kind of having a skew because we covered how investors in the business of giving you capital, but some are really good at recruiting, they can help you with that. That's one thing that a startup needs. Others are really good at giving you interest to customers. That's another thing a startup needs. Others are really good at optimizing your go-to-market motion. That's another thing a startup needs.
And others, honestly, the skew that they're selling is their brand name. So I'm sure Sequoia is good at a lot of things, but that's one of the reasons why people go to Sequoia. It's lended credibility that you're getting before you have it. That's their skew that they're giving you. So that's another way that I look at investing. What am I getting from this investor other than money? And also by the way, one of the skews is just shutting up and giving me cash. It's literally just like, you won't even find an inbox to reach us at, but we'll give you the cash. So they're all kind of different in that sense. How do you differentiate yourself?
Yeah, I feel like the later stage growth investors for a while were like, oh, we're just like, you guys are doing great. Keep it up. We're just going to give you, like it seems like you guys have figured out, we'll just throw an extra 300 million on top of it. We just need the board deck at the end of the quarter and otherwise we're like super hands off. And now I think it's quickly change around like, oh, actually we want to make sure that that 300 million does become more than 300 million, not a 100 million kind of thing.
I actually want to loop back to something else you started with as well on you guiding those conversations with the business on thinking about who do you actually need to achieve an outcome and kind of a business objective, not necessarily the old school mentality of like, oh, I'm a VP, I expect to increase my org by 10% every year until I die, and that's how I measure success.
I feel like at startups it kind of leans a little bit more towards people who are more flexible and fast and maybe not as levered to that, but I think both times it's like, you usually get both groups of people. How have you tried to balance that? Almost, I guess it'd probably be more like politically, obviously telling other senior people in the organization like, hey, you're not going to get the headcount you want and I expect you to achieve more this year. And it's not really a discussion anymore.
I think the conversation is actually had, Thomas, when you hire them. So I've been lucky enough to be a part of a lot of hiring decisions where I frame it up as, is this person a hands on the keyboard type person? And you all know them. Like, have you worked with maybe a CFO or a VP of finance who never even opens an Excel workbook or if they had to screen share, would they be able to maneuver around and do math with you? I look for that in a marketing person. I look for that in a sales VP person because I know that I can't afford to hire you to hire 17 people to then do the job. I need you to be really smart to help the org, but I'm doing things I don't want to do either day to day, but that's just the nature of a startup.
I've also worked at places too and I've seen it go not so good where you hire those people who, they're iPad people, they check emails in their iPads and they're not opening the computer to get in the Excel workbook with you. And that's not really the type of person that you need at a certain scale. I think that's maybe for when times are going really good, but I always test for like, if push comes to shove, is this person also going to be a player coach? And I think that's where you get a lot of the efficiency that hungry people who are willing to get into the weeds.
Yeah. And it's like, not necessarily removing that middle management while that also tends to help speed things up, certainly, but it's just that you're not only a manager. When you say that player coach is a super... It's actually, you're probably 180% of a person and you're doing 80% coaching and a hundred percent playing.
And what's nice about that is you know that person's going to hire someone just like them. So it cascades down. The worst is when you hire people who don't actually do the work, they're just doing the theory of work and then they hire other people like that and it's just this cascading effect. And you wake up one day and you have a legal team of 27 people.
Yeah, I feel like it's almost like, I don't know, it's almost like a VC cliche to always don't hire above where you're at. And it's like you don't need the senior vice president of whatever software company XYZ to come lead a group of 50 people when you don't have a go-to-market strategy. And it's like they haven't done hands-on, block and tackling, in the trenches for the last 25 years.
It's ugly and people forget sometimes how ugly it is when you come backwards in stage of like, oh, where's my stuff? I need my stuff to perform here. And I mean it's hard. It's hard running companies. I'm biased.
As we would expect. I think kind of looping back to working with your business partners and stuff, I think that's always a very interesting dynamic. And I think again, it's kind of going back to three or four years ago, it was like, we need finance to raise the money and then we're just going to let the operators kind of charge full speed ahead and not have a lot of guide rails or anything like that blocking them. And that's quickly changed now to, okay, almost every decision that you're going to make is probably going to be checked by at least some sort of finance business partner that rolls up to a CFO to kind of make sure that we are meeting those OKRs and every hiring decision is supporting what you agree that you do.
And so it seems like that relationship has kind of shifted or at least changed dramatically over the last couple years. And I know you said that one of the things that you did was you make sure you hire correctly and that's probably gets you probably a long way, is like, what are some of the other things that you found helpful when you're communicating with non-finance people to get them on board with these kind of things or vice versa where maybe a business partner reached out to you in a helpful way as well?
So on my podcast, quick plug, it's called Run the Numbers, but I interview CFOs and I had Sinohe Terrero on and he's the CFO and COO of Envoy. And what he had told me is, because I said, "In our job you have to say no a lot and saying no gracefully is a skill that I would love to get better at. And I was like, how do you manage that?" And he said, "I call it the butter and the knife. You got to butter them up before you beat them up or cut them and say no." And what he meant was, you want to be a person who has exemplified to their peers that they will knock down walls for them when they need you to, and that you will help them with little things, to grease the skids. So then later when you say no, they realize, oh well CJ's actually a reasonable person. He's helped me out on other stuff. If he's saying no, I know he doesn't want to say no, he's doing it out of a place of like we agreed to achieve these things.
And I've tried to do that more recently as well. So say like, the HR person needs to pull forward a hire like three months. It's not in the plan. Is it going to completely mess up the budget? No. Do I want it to happen? No. But I will help them do that to show that I'm in their corner and then later in the year when something comes up and they want to upgrade from workable to greenhouse and I don't have the budget for it, I'm like, "Listen, I'm trying to help you, but we agreed that we were going to come out to this burn and I have to cut back the software spending here a bit." And so I've tried to do little things that help people understand that I'm on their side and CFOs do have a unfair advantage that they can throw money at problems. And I don't mean throwing millions of dollars, but sometimes you have a person who's making 250K and they have a $10,000 problem that's blocking them from being 25% more efficient. That's a math problem in my head.
I can throw this amount of money at it and solve it, maybe hiring them someone from Upwork to get this data for them, and I'm going to get so much more out of this person over here. So that's at least how I try to look at it to not just say no to things. It's more of a balanced approach of like, I'm trying to say yes to a lot of things, but I can't say yes to everything.
That's super interesting because I think that's when it goes from CFOs considered, or kind of old school as a more of a bookkeeper, guy just ties all the numbers out, keeps quiet until something goes wrong, to being a true strategic partner and more from the science to the art side of actually building those relationships and making sure your ability to drive value does mean that you need those great relationships.
And it's easier to say no, or can we wait on this? If they've seen you in the business with them every day and that you've been trying to learn what their department does, if you just show up as some guy out of the back room who's there to say, "No." You are the CF no, like I get it. I wouldn't like me either. But if I'm meeting with the product team, because I care about what we're building, they think I'm interested and then I'm making decisions based on, is this a sunk cost? Are we going to get more revenue out of this? And it's a more holistic view.
High level to bridge back to maybe from the finance side back into cybersecurity, how are you looking at your, and you mentioned software spend specifically. I'm assuming a large part of that usually ends up being security of some sort. How has that budget been trending for you and what are some of the technologies that are absolutely necessary now that maybe weren't before or some of the vendors that might be up and coming that are almost required buys and stuff like that?
Yeah, I actually got a decent amount of pressure from my investors for us to step up our security posture over the last 12 months. And me having been the person who worked at a security company, I always heard that was the case, but didn't actually believe it. You think it's just this theoretical, but they were like, "No, you got to buy stuff." Like, this isn't good. You need to... It's not like we were doing something totally bad, but they were like, "We've seen stuff go wrong at other portfolio companies based on that and we know what you have in the building. Can you please do something about it?" Actually, when we raised our Series C, I had to say what we were going to do with the funding and one of the line items in there was this amount for security vendors. And at the time, I didn't know what they all would be, but I definitely had a line item for that. And we picked out some vendors.
I guess how did you guys go about actually deciding the entire strategy? Do you actually have a CISO in-house or?
We don't have one yet. So my org is, we will be 150 people next year. So it's still under our CTO right now. So I would say once you hit probably 400 people, you start bringing on a CISO unless it's like the product you're actually selling. But yeah, so we bought Snyk for the developers to embed it within the code as they go. And then we bought Jamf for endpoint, whoever's using a Mac, we bought Kaseya for anyone who's using a PC. And then we're assessing a lot of other vendors.
And just when I talk to my other CFO friends who are in it, I understand why a company like a Palo Alto is so successful. So people always criticize, it's just a bunch of M&A and none of it's connected and whatnot. But if I can get a better discount and I don't have to review as many contracts and get as many vendor approvals done and go through paperwork for each individual one, I get it. I'm finally understanding that firsthand, and this is for anyone who is involved with an org that has to sell to CFOs too. It's so much paperwork that I have to review that I didn't anticipate, its overwhelming
That's why you have an accounts payable team or procurement team and all that stuff.
Yeah. So I understand why people are consolidating on vendors, and if I had to guess just with how a lot of security companies raised super premium valuations, I would guess there'll be some consolidation next year.
Q&A Section
Francis Odum: One question for you real quick was, MSPs, our last class had that conversation, and I wonder if for your startup, for example, you guys talking to MSPs at all to help or you guys just buy your own products generally?
Oh, well, we work with Tropic for procurement, so I'm a big fan of them and they also have a price check tool that helps me. So it's kind of like a middle zone between them, but we don't contract specifically with any MSPs, but a lot of them hit me up. I just don't have the bandwidth to choose one right now or pay for one.
So how are the conversations with the CISOs when you need to say no as a CFO, but at the same time, how can you be more cognizant that it's for something very critical, like making an org more secure?
That's a good one. I'm somewhat biased thinking that a lot of CISOs buy, this is probably very controversial, that a lot of CISOs buy tools as kind of a cover-your-ass to say they had it in place, which is true to a certain extent. You can't protect it if you don't have anything in place. But then a non-technical person like me, like I kind of know cybersecurity, but for me to say, you say we need this to make us safe, I guess so, I'm not going to say I don't want to be safe, but then after I see 10 of these things, then I'm saying, okay, well are we safe enough and what's the difference between all these?
But I am biased in thinking that a lot of them just buy a proliferation of tools to say, well, look, we bought it, so how can you blame us? And then after a while it's like, but this many, this is a crazy amount of tools to have. So it does kind of bring me back to that Palo Alto comment of, can you get some of these through the same vendor or can you just give me one price tag so I don't have to keep approving $50 to $75k spends every couple months because that wears on you over time.
That's the follow-up question I have because I almost always see this as a leader, technology leader. Beginning of the year, we are always shut down on a decent budget for security, cybersecurity, but as we progress, if some incident happens, damage is done, you get a lot of budget approved by the CFO, special funds. Go for it. Get all the tools. Why is it that kind of reactive behavior from the CFOs? I mean, I'm not saying you are someone who's doing it, but as a technology leader.
It's because we don't want to get fired.
Like with my organization recently, we had a security instant. We were literally not spending a lot of focus on that, but suddenly, guess what? We have a lot of budget now. It is the top priority because we had gone through that instance. So why is it always like that, CFO's mindset?
I think it's true because you always have to come up with a plan to present back to the board of why it happened and what you're doing to mitigate that risk. And a lot of times what's in that is processes, but the other part of it is what you're going to buy. And then when you tell that to the board of how you're going to make it so it doesn't happen again, they look at it like a shareholder value conversation. Like, do we want to spend 250,000 on new tools? Absolutely not. But do we want to lose 25 million in valuation? No, we don't want that. And you've made this plan that we asked you to do, so we're not going to say no to it either. And I think that's where the circular reference comes in, at least in my experience. Once you make the plan that they ask for, they're not going to say no. They're like, oh, well, we asked you to come up with a plan of how to make this not happen again.
Or is it the thought process that, "Hey, we do have a cyber insurance covered. Let the things happen, don't worry, we have the insurance covered." How do you as a CFO decide what would be my cyber insurance?
Yeah. Well, usually it's in your fundraising docs of what the minimum is that you have to have for every policy. So even the director's insurance, it tells me it's going to be $2 million, whatever. So I'll have at least a benchmark. But I always find cybersecurity, sorry, cyber, not cybersecurity, cyber insurance kind of funny for cybersecurity companies, because if a cybersecurity company gets breached and it's that bad, it's kind of a binary outcome, right? You're probably going to go out of business. So it's like, oh, my $50 million policy, did that do anything? So I think you end up buying... This is where it becomes to me more art than science. If you're buying up whatever makes you sleep at night and then what your appetite is for risk, because CFOs, in my mind at a lot of companies, is the chief risk officer, there isn't someone responsible just for risk every day.
So every day you're doing business, you're making a calculated bet, are we going to get hacked today? Is somebody going to get hit by a bus? Are all our customers going to leave? And it's like, how do I take that piece of risk and kind of arbitrage or hedge my bets to a way that I feel comfortable enough to sleep at night? But I haven't found a formula yet for it. So if someone has one that I can use rather than a bit of benchmarking what I'm required to and my gut feel, I'll take it.
Thomas Robb: I was going to say, the few conversations that I've been a part of specifically on the IT side is like we always call it the FUD. So fear, uncertainty, and doubt. And then it's up to the CFO to make some sort of decision that typically they don't have native experience to do, right? It's like CFO's good at making a budget, growing a business, and to CJ's point, you're the risk officer as well. That's almost more of a new term, but that's like your side gig as well at the company, right?
So you have to make a decision like, all right, do I think this is more fear, uncertainty and doubt, or do I think this is a real risk case. And so it's like if you think it's FUD and you're like, okay, I'm going to give him 500K and that's 6 million, and then something actually happens to XYZ’s point, it's like, oh, obviously you should have pre invested in it.
While to CJ's point, it's probably like, well, it's almost kind of like IT insurance, right? It's like you don't actually need to pay that much until you actually need to pay that much kind of thing. And I think it's just like, you probably have the Palo Altos of the world so good at marketing that they're like, "Hey, you don't have to buy from us, but when you have to report to the board that a security incident happened at your company, we will take that phone call too though."
Yeah, you nailed it.
Let's say you're my CFO. We're a SaaS company, 150 employees. I'm coming in from the SecOps side and I want to have good conversations with finance when I'm asking for budget for security initiatives. We're trying to figure out what to implement first. So I'm not necessarily going for one vendor. I'm trying to figure out operationally what makes sense for our specific case so that I have conducive conversations with finance. What should I bring to this conversation?
Yeah, that's a great one. So my biggest fear when it comes to buying software is that I give you the budget to buy it, you buy it and then it sits on the shelf and people don't implement it. So if you're coming to me with that plan, I want to know which tools are being purchased in which quarter, when they'll be implemented up and running by. And for you to put a name of someone on your team next to each tool, because I'll give you an example. I just bought Snyk at my company. If I asked them next week if they've started implementing it and I bought it last month and no one's touched it, I'm going to be pretty pissed because you begged me to buy it. And we agreed that this was something that we were going to do together.
And then the other thing would be to not take on... Oh, sorry. The last thing would be to, if there's an implementation cost associated with it, lay out that too. So it's not just about the software, it's about which experts are you bringing to help you put it in, because that can actually be more costly than the first year of software itself.
Thomas Robb: Going to say, it's also probably reading your CFO and how they like to manage as well. I feel like your methodology is very strict with like, it almost comes from a project management background, probably that chief of staff in you, man. And I'm sure a lot of it is, if you don't have that, technical skillset to make sure that that usage gets driven to completion.
Do you see a need for CFOs to be more tech-savvy now?
Yeah, I think it's definitely true and I spend a lot of my time, I've spent a lot of my time actually on the BI side of things recently, learning how our org does that and I'm paying for Snowflake, walk me through actually what this is doing for us. Walk me through how it links to Sigma. Walk me through why you want Fivetran instead of Stitch. Walk me through this ecosystem and then let me know where the other data pieces are coming from because I'm consuming the data all day. I want to know how it's being produced, and I also want to be able to separate between the production data of what our product is doing and the financial data and then the sales data and then how to link all of that up. So I don't think that was something that a lot of CFOs spent time on in the past. I don't know if I answered your question, but I'm trying to be more forward leaning about what we're actually buying.
Yeah, I think that's very well said. I think it's more than the tech tech, it's more on the cybersecurity per se. When it comes to the CISO getting an approval for budget on the security initiatives is not fancy as CTO gets on the new product features or the business initiatives. So I think having CFO with that kind of knowledge on the cybersecurity I think would help CISOs as well as the organization I believe. I think I've been in the last two, three organizations, I have moved, I closely worked with CISOs and also the vice presidents of the security. They always struggled. They always struggle to get us the right focus until there is an instant or there is some noise is there.
Well, I think a lot of CFOs are afraid to ask, to be the stupid person in the room and ask, what does this actually do? So my strategy other than calling Francis when I have a question is to say like, you want this tool, okay, what does that tool do? Does network security. Okay, explain to me what network security is like I'm a five-year-old, and then tell me why that's a risk to our business. And if you come to it from the perspective of like, yeah, I'm sure the CFO is smart in finance and stuff, but just assume that they have no idea what this security thing does and they're not going to be offended by that. I'm telling you now, they'll be totally cool if you make it really simple for them.
But when I think about security spend, I want you to tell me a story more qualitatively of what the areas of risk are, what the vendors are linked to that, so then I can get in my head. Because if you don't understand and you're just coming at it from like, I need Orca, I need Wiz, I need Snyk, and you're just putting a number next to it, they're just going to look at it like a number. So don't just present it like a number, present it like a story that someone can understand who doesn't know how to code.
Francis Odum: Increasingly, actually, this is something that I've heard multiple times is justifying ROI. Because in security it's also difficult, like if you're buying a sales product or a revenue product or a cost-cutting product, it's very easy for you to calculate the ROI on those products. But with security, it's extremely difficult. The endpoint devices that you're buying, how do you know specifically the ROI on, are you going to get some return investment back? So that's very difficult. The CTO might point to you, okay, these are the risk areas, but obviously as a CFO you're constantly thinking about how do we get our money back or in some way, how does this help the organization move forward?
I'm also thinking though about where does this risk stack up with the others? If I only have enough runway for eight months, that's a bigger risk to me than getting breached tomorrow. So it all depends relative to your audience.
Thomas Robb: I was going to say part of that too is like, I mean CJ and all CFOs are also responding or reporting back always to the CEO and the board. And so if you ask them, or like the percentage of questions that you get on growing revenue, building products and hiring sales teams versus are you using Palo or Fivetran? It is probably going to be, again, 95% is going be focused on that. And so if the chief product officer or chief technology officer comes in and says, I need 15 more product people and 20 more engineers, and they need some software, it's like, yeah, because that's what the board wants. That's what the CEO wants. And so in the background, there's always that thing of like, it's layers of people who are probably just not as focused on it precisely because it's probably the less, like not as sexy as the other parts.
You've had so many different jobs within the CFO org and I guess some of that's even outside the CFO org as well, and you rewind yourself five, 10 years, has your goal or career aspirations always been to be a CFO or did you take a winding path to this or how have you thought about that?
I'm making it up as I go along. I don't know what I'm doing. I interviewed Jenny Decker, CFO of Front on the Run the Numbers podcast, and she had a great comment. She said, "You write your story in reverse." So what she meant is you're making all these moves along the way that at the time you're sitting there in your house on your couch, you're like, "Holy, I don't know if this is the right move for me." But then you find a way to craft that story in which it all seems to make sense when you look backwards. And I think each step, I was just looking at what can I do that's most interesting to me at the time? And I've had shiny ball syndrome at certain points. When I went to the private equity side, I thought it was so cool to be able to say I worked in that.
And then I woke up one morning and I realized I wasn't even that good at it. And that was one thing to grapple with. And then it was like, well, where do I have more fun? And I found it was actually hanging out with salespeople, discussing how to grow the business, talking about building stuff and not being a financial tourist. So I think on paper I saw a lot of things along the way that looked like they'd be really cool. And then it was up to me to figure out if I actually had like CJ product market fit there, some things I did, some things I didn't. But each one along the way, I think I got a story out of it.
Francis Odum: Yeah. I wonder, by the way, because I remember when you were at Snyk, we would always chat about some of your ambitions with CFO roles and stuff like that, if you remember those days. I wonder what's it been like, obviously being a CFO of a startup now, obviously you've been in this seat for over a year now. You've been here over a year. What do you feel like, what's maybe been the biggest takeaway or something maybe you didn't appreciate as much or you've appreciated as much about that role?
One's a hard skill. One's a soft skill. The hard skill is procurement. I'm in procurement. So if I don't read the contract, it's on me. There's no backstop.
Thomas Robb: Is this sponsored by Tropical right now or is this a-
The podcast is, but it's not just procurement with software though too, it's procurement with hiring people, agreeing on people's salaries. It's procurement in the sense of anything that's a dollar going out the door. You want to know what you're signing up for because before you're a CFO, you've always had a CFO to check stuff. Now there's no one besides the CEO to check for you, and they're doing their own job. They're doing a thousand other things that you're not doing, so they can't always check. So that's been one thing. And then most importantly, just reading contracts around things, even with suppliers. So that's not even buying stuff, just like relationships or partnerships and the economic impact of that. That's been something I've been working on. But the soft skill side is that I feel the higher up you go, it's less about IQ and it's more about EQ.
I know some of the people on my team are probably smarter than me, book smart wise. What I have to be good at is putting them in a position to succeed and breaking down barriers with other people they work with so they can do really good stuff. And it's also me making sure that I build relationships, not just the CEO, which I think like I came in on day one, I'm like, this is my only customer, this is my only customer, this is my only customer. And then I realized, no, you got to be cool with everybody else who's your peer. Like, CPO has to like you or your job's going to kind of suck. CMO has to like you. And that's been a big thing for me as well, to build those relationships because it's really about, it sounds cliche that it's about the people, but it is about the people you work with. You can't actually get things done if people don't want to work with you.
Yeah, that makes sense. I guess, any preliminary thoughts on what's, obviously you're, what? You have another 35 years of your career ahead of you, you're already a CFO. Do you think the CFO spot is what you'll be doing longer term? So you have aspirations to move more to running the business or starting your own business or you're just going to buy CNN or what are you going to do?
I don't know. I think I'll write that story in reverse as well. But I've always had an entrepreneurial streak to me as well. Like, the newsletter, Mostly Metrics is my way to scratch that itch in a lot of ways. And I mean, I've also tried to start a business and failed at that, so that's something fun. But yeah, I think being a CEO at some point would be cool. But I wake up every day and there's something new to work on, whether it's podcast, newsletter or being a CFO. What I do know is that there's a lot that I don't know, and I'm trying to scratch that itch with a lot of the stuff I write about. And what's cool about writing in particular is that I would never met you guys if I didn't write online and put myself out there. I made friends through that, that are smart, that helped me.
And I feel like it's the last true democracy in a lot of ways that you can write your way into any room and smart people on the internet will find each other and you'll have stuff to talk about. So for me, it's just keep making content because it makes you smarter, but it also introduces you to people who could give you a cool opportunity.
I could not agree more, I think, yeah, at least from my own personal perspective too, is just like, at first was like, I need to ramp back up on this industry. And then it was like, oh, you start meeting cool people and you can be humble and be like, okay, this person's 15 times smarter than me. I'm going to read their stuff and hang out with them and slowly get better. And that opens more doors because now you're getting smarter and stuff.
It's a virtuous cycle.
And I think it's one of those things where it's beneficial on its own. I found it super helpful at work as well, where not only do... Like if you're writing about what you do at work, it forces you to actually think about it, which in reality, once you try to actually write about what you do at work, you start to realize like, oh, maybe I actually don't understand everything.
I agree with you, Thomas. I don't feel like I own anything until I can write about it and explain it to somebody. Other than that, I'm just borrowing it.
Yeah, and I think I'm imagining that you probably have gone through some of the same things where I just sit down, I'm like, topic that I do all day, I got this. And then your two paragraphs in you're like, actually, I don't understand.
I don't actually know what this is. Yeah.
And again, I'm assuming you've kind of had the same thing where I think it does lend credibility to the organization that you work at too. I think it's like, people obviously want, smart people want to work with other smart people, and I think that helps put that beacon out that there's intellectual curiosity and we do things intelligently here and stuff like that.
I also look at it like, if anybody ever wanted to hire me down the road, my resume is online. That's what it is. I could give you a PDF or you could just read some of the stuff I wrote and I'm for some people, not for other people. And you think it's interesting, but it's kind of like just having something to show for it online.
When you do think about your time as an investor at Providence, how has that kind of shaped your career as more on the operational leadership side?
So I was more on the valuation and the fundraising side at Providence, which was a unique spot to be in because I had to learn the portfolio companies after we brought them in. And that made me look at how they all made money, and that's where I first learned about SaaS. So I was like, oh, this is a pretty beautiful thing that the revenue just keeps showing up every year. And I got to look at a lot of different business models. I also looked at telecom. I was responsible for a telecom business in India, another one in Brazil. And for me it was like, you have this box, now how does it make money within that box? And then what are the costs? And so I got a lot of reps at that modeling it out.
What I didn't have was, and I learned it when I did FP&A, it was like actually talking to people to come up with the plan. So I was digesting the plan and coming up with a valuation off of it and then telling a story of why we should be able to raise another fund. But I used the term before, I was a bit of a financial Taurus that I was going company to company and didn't have to actually stick around for the results of just one of them and be the one who was responsible for it. So I learned about how it works, but I didn't actually learn how to do it until I got to a real company.
CJ, any specific podcasts or recent writings you want to highlight or plug before we let you go here?
Audience may like this, but mostlymetrics.com. Today I came out with a post on what companies report versus guide to. So I took 20 companies and I looked at their earnings and I said, well, what do they disclose? Some companies stopped disclosing that dollar retention. It's like, oh wow, okay. And then other companies will guide to ARR and it's like, whoa, that's aggressive. And so some of those were kind of eyeopening to me. And I think there's a game theory behind why companies either do or don't disclose stuff. So that was one that I had a lot of fun with.
Thank you! Any final advice for the crowd?
The only advice I would say is that someone once told me to try to stack my talents and I didn't understand what it meant at first, but it's just finding things like you guys did with the course to create a one-on-one, to make it so you become the defacto for what people need to get done. So I've tried to do that in my career. So I wrote a whole post about this, but my whole skew was that I knew how to tell a story with numbers. Like, you could go to the product marketing team for part of that, you go to the finance team for part of that and six other people in New York, but I could do an 85 good percent job at doing all of it at once, and you could just come to me and I can do it.
And I've tried to just do that throughout my career where try to find places within the org that you become the only person who can kind of do something. And that's where I think people look at you as really valuable.
I'm so happy you guys are doing a successful course and it was something that was needed, like when you told me that you were blending finance and cybersecurity, I was like, this is kick-ass. This is a one-on-one type thing. And that's what I think is awesome when people aren't just doing like, here's AI and finance. It's like, no, this is real core shit that people need. And it's like blending two very important things. So congrats.
Absolutely. Well CJ, again, I really appreciate you taking the time today. Always super great to catch up and hear about all your thoughts across everything from the annual budgeting process to career advice.
Do you have an audio version of this?