Everyday we learn from the news reports that some site has been hacked. Gaining access to someone else’s site, hackers cause trouble not only to its owner, but also to its many users. The reasons for breakups are code vulnerabilities and the insufficient level of site protection. How to prevent the negative effects of cyber attacks? The solution is to conduct a timely analysis of your application for vulnerabilities and security issues. But this should be done closely and professionally. The service for analyzing code vulnerabilities is provided by the Portuguese startup Probe.ly.
We were lucky to communicate with Tiago Mendo, a representative of Probe.ly.
Tiago Mendo is one of the 5 founders of Probe.ly and also the CTO. He’s in charge of the technological development of the product, it means he needs to ensure that Probe.ly has a competitive roadmap of features and that they get implemented. He’s also responsible by the security research, directly related to the vulnerabilities they need to detect.
“Because we have a small team this also means I spend a lot of time coding :)”, said Tiago.
What’s new in the life of Probely?
Updates to March 2019:
It’s been a pretty busy year for Probely so far.
- Probely grew in numbers. Now we are a total of 10 people (previously being 6). When hiring, we also focused on both the business and the product itself. So we hired a Head of Sales, a growth marketer, and two developers.
- Now, it’s possible to directly integrate Probely with Jira, Jenkins, and Heroku. Probely is now available on each of their respective plugin/addon marketplace;
- From March onwards Probely has compliance reports. Now, you can test the security of your website and you will be able to download reports for specific compliances such as PCI-DSS and others using the OWASP Top 10 framework.
- Organized a security CTF (capture the flag competition) at the biggest developer event in Portugal (pixels.camp);
- Probely also launched a new website;
- Currently, the Probely team is working on the enterprise version of Probely.
What is Probe.ly?
Probe.ly is an online service that automatically looks for security problems, or vulnerabilities, in web applications, while allowing efficient management of the vulnerabilities found through an intuitive and easy to use interface. It also gives developers guidance on how to fix the vulnerabilities, so its a tool for them.
When and how did you get the idea to create such a project? Why did you choose this trend for a startup?
Nuno, our CEO, and I ran a web security team for a big telco, and we struggled to deal with so many developers constantly releasing web applications, that we had to test to ensure they had the adequate security. At that time there were no decent tools that we could give to them so they can be autonomous, which would also save some time to focus on higher risk applications. We wished we had Probe.ly at that time.
Creating a startup in cybersecurity was natural, since it was what we were experienced at. We knew the market, the tools, and the needs.
Do you have any worthy competitors, and how do you deal with them?
This is a competitive market and we have some competitors, but we also have unique features that set us apart, like our developer-centric approach.
What are your competitive advantages?
The most important one is that Probe.ly was developed from the ground up with developers in mind, as a tool they can use autonomously and without any special background on security. Other tools expect the user to be proficient in the security subject, and produce a lot of noise (false-positives) that needs an expert to go through them. We also provide an API for everything, meaning it is easy for clients to integrate us with their tools.
Is this the first your startup or did you have another ones previously? What are these projects and on what stages they are?
It is my first startup. From the 5 co-founders, only Nuno created a company before, a long time ago. It still exists, but he is no longer connected to it.
If you do not mind my asking, what was the investment amount for project creation and initial promotion? Was it an investor’s money or your personal savings? If it was an investor’s help, could you tell us how you found him.
The first investment was 340k€ followed by 385k€ around one year later, all from investors. The founder of Bright Pixel, our first investor, had worked with us in the past and we challenged him to support some ideas we had for a security product, almost at the same time that he challenged us to come up with an MVP (Minimum Viable Product) security-related. The second investor was one of the sponsors of an acceleration program we participated (and won).
What experts were indispensable at the stage of creating and launching a project?
The whole team! We had to build an MVP to validate the idea and attract the first clients and more investors. But we also had a lot of help from experienced people in business and product development.
What were the challenges during the launch and how did you cope with them?
We had a lot of technical challenges, for instance, to build a modular product but without over-engineering it too soon. And we had to refactor a lot of code as our assumptions were not valid as we progressed.
Since all of us were technical people, we had little to none knowledge about business. So we had to learn a lot, and quickly: how to pitch, how to build a pitch deck, a business plan, etc. The acceleration program we were in, at Beta-i, helped us a lot.
All of us were engineers, developers, sellers and marketers, all at the same time.
What markets are you entering and what ones are in your plans?
Since we are a SaaS, we think globally. Of course, we took advantage of the proximity and started with the Portuguese market and the UK, since we had a good network of contacts there. We want to be stronger in the UK, since the market there is huge but we are also looking at Europe and North America.
How do you promote Probe.ly?
We create content like technical blog posts and we also showcase ourselves at security and SaaS conferences. Recently we started using social networks and adwords to promote Probe.ly.
What is the most effective approach for your product promotion?
It is still soon to say since we are still trying different approaches. Conferences are great because they give us a direct contact with our clients and we can really get to know their needs and demonstrate our Probe.ly can bring value to them. But they are also costly since booths are expensive and you also need to pay for sleeping arrangements and the flights.
How to start promoting a young technology project in your opinion?
Conferences are important since you get first-hand feedback. In the long run, content is the most important thing since it will bring qualified leads to you naturally. Getting listed in next to your competitors also helps a lot.
What of your knowledge and skills were useful while launching the project?
Being pragmatic and focused is critical in a startup. Know what is important for the client, and be able to focus on that, even if that means crafting non-perfect solutions. Also, listen. Listen to your clients, to experienced people in the startup scene. They will teach you a lot, so try to have a lunch with someone you know in the startup business, go to meetups, get to know them and talk with them. They will gladly answer your questions, as someone also did that for them a few years before.
Would you recommend to startuppers to subscribe for the pages of any Internet communities able to provide them with some helpful information?
Yes! Nuno, our CEO, learn a lot about business development and marketing (just to name a few) in dedicated communities where the references of the area regularly publish content. And then he passed a lot of that knowledge to the team.
If there were no Probe.ly, what another project would you develop?
I can’t tell you that now because maybe one day we can implement that idea 🙂
How do you see further development of your project?
We have a lot of ideas and a large roadmap ahead of us. Our next big move is going to be closer to the developers through continuous integration/development plugins and then try to get into the enterprise market, where the big companies are.
What is the most valuable business advice you’ve ever received?
Nurture your first clients. Understand how they use the product, what is wrong, what they need and make them happy. They are your best testers and will promote you if you treat them well. Then, if possible, get them to give you a testimonial on how the product helped them.