Spotlight On: Laura Bell Main, SafeStack

Laura Bell Main may not have predicted her career path, but looking back it’s clear to her how every step led her to build SafeStack, a startup that supports global teams to build secure technology that will change the world. 

With the world of technology developing faster than ever, the attention to cybersecurity has grown into a global realisation that this function can no longer be overlooked or under-resourced. Enter SafeStack, which believes that to protect the fantastic technology of the future, we have to support software teams worldwide to own security for their products. 

We sat down with Laura to understand how her team is making security a ‘team sport’, why security shouldn’t be a “bottleneck nor a heroic saviour”, and some unusual things about the company’s go-to-market approach.

Blackbird: You've had a fascinating career history - from working in radiation monitoring for the Large Hadron Collider to working with the UK Government. How did these prior experiences, and your pre-founder career more broadly, inform your vision for SafeStack?

Laura Bell Main:
Many of us do not have neat, linear career paths. While I would never have predicted mine, each stop on my journey has given me relationships and experiences that have shaped who I am as a person and a leader. Working at CERN and as part of the LHC team gave me a view of the possibilities of massive-scale technology and that aiming to solve world-size problems is essential and takes a great team to achieve. Working in counter-terrorism taught me the importance of having a mission and a goal outside of self.... the list goes on.

My career path has been bumpy and unexpected but has made me resilient, focused, and constantly excited about the potential of what we can achieve. My traits undoubtedly make me unusual for a cyber security nerd but have created the founder mindset I need to lead SafeStack on its mission.

Blackbird: Cybersecurity has gotten a lot of attention over the past few months with some pretty high-profile hacks and data leaks experienced by companies across the world. What's the actual state of play right now? Are we seeing the cumulative outcome of cybersecurity being overlooked or under resourced for a long time, is this a quickly-evolving threat, or something else?

Laura Bell Main:

The world is complex, so there is no simple "why" when it comes to the growth of cyber security attacks and breaches we see today. Some things are combining and contributing, though:

• Cyber security (and any other sort of crime) grow when there is uncertainty and unrest. This happens for many reasons, from folks attacking as their needs have changed or worsened (rare) to opportunistic folks who attack when things are uncertain, as it's easier to blend in with the chaos. Think of it like a down market; there will always be a group who invest hard at the low points to take advantage.
• Additionally, our teams are starved of 3 things - people with the right skills (due to a global skills shortage) combined with reduced headcount, budget, and time. This last one is the most detrimental right now. You have the best team in the world and cutting-edge tools, but if you don't give your engineers any time in their work week to focus on security, nothing will happen, and our defenses will not improve.
• Finally, the tooling used to attack is growing at speed. Like our software teams, attackers invest in automation and refining their tools and techniques. As they invest at a greater rate than we do in defense, we see more attacks, with a higher impact, over a broader range of organizations.

Blackbird: SafeStack helps teams embed secure development and application security outside a dedicated security team. Can you share a bit about what it takes to make security a "team sport"?

Laura Bell Main:

Any system that relies on one component to hold up the rest will suffer. Whether it's a physical bottleneck on a production line or a process with only one owner - the result is the same. Eventually, there will be a backlog, turmoil in the dependent people or processes, and failure.

We, as humans, however, like the idea of superheroes. That one of us can do the work of many. We especially like heroes who do complex jobs for us.

As a result, we ignore what we know about scaling and bottlenecks, and we place one very small group of people (sometimes even an individual) in a critical part of our system and hope they can hold back the tide.

Security shouldn't be a bottleneck nor a heroic savior that only assures we will have issues and failures (as well as creating roles consumed by fear and stress). Security should be part of the whole process, and the team should share the load. Most of the actions we need to take to secure software can be achieved by any engineer on the team, given that they have agency, accountability, autonomy, and the skills to get it done.

Blackbird: You've grown a broad customer base from small early-stage startups to multinational technology companies. Any lessons for other B2B founders on growing a customer base that spans size, growth stage and industry so early on?

Laura Bell Main:
Your standard playbooks probably don't work... and that's ok.
At SafeStack, we understand a few unusual things about our go-to-market, and we have adapted to that. Here are a few concrete examples:

• There is power in being mid-market. We serve individuals up to large teams - this means we have to have sales motions that can service each of these without the cost and complexity spiraling. We call our approach "Product Led and Sales Supported". We have self-service sales, easy onboarding, and automation to help us serve over 70% of our customers and get them into our community plans. We then have a small, targeted sales team with a very fast-paced, developer-centric sales support process to help the larger end of town. 
• You should know your audience as people. If, like us, your audience is mildly allergic to sales folks and doesn't like being pushed - use that information to connect authentically and with value.
• Finally, don't be afraid to be slightly scrappy - especially in this market. There is no point where we get to sit back and say, "all done, no work needed now". We are continually experimenting to ensure every part of our funnel for our various Ideal Customer Profiles (ICPs) works as intended and efficiently.

Blackbird: Finally, what excites you most about the future SafeStack is building?

Laura Bell Main:

We are already in 1500 organizations in 76 countries. This is the start of something fascinating to us. To protect the fantastic technology of the future, we have to support software teams worldwide to own security for their products. This means being truly global and inclusive. Our smallest teams in the remotest places can still build technology that will change the world; training them in secure development increases the chance of that technology surviving and thriving.

We are going to make security an essential ingredient of all software, built by all engineering teams (big and small) and that's a pretty epic mission.

As a company, we are leaning as far into this as we can, building a product and company that scales in a way that is really unusual in cyber security - and one that is focused on the amazing future we all need.

Laura's Spotlight On

A film you loved? Grosse Pointe Blank an old movie, a black comedy but a classic (with an amazing soundtrack).

Your favourite music album? Rumours by Fleetwood Mac and Songs for the Deaf by Queens of the Stone Age.

Someone to follow on social media: @rosshaleliuk