The following interview is a conversation we had with Paul Lewis, CEO of Calamu, on our podcast Category Visionaries. You can view the full episode here: $20 Million Raised to Build the Cyber Storage Category
Brett
Welcome to Category Visionaries, the show dedicated to exploring exciting visions for the future from the founders or on the frontlines building it. In each episode, we’ll speak with a visionary Founder who’s building a new category or reimagining an existing one. We’ll learn about the problem they solve, how their technology works, and unpack their vision for the future. I’m your host, Brett Stapper, CEO of Front Lines Media. Now let’s dive right into today’s episode. Hey, everyone, and thanks for listening. Today I’m speaking with Paul Lewis, CEO and Co-Founder of Calumu, a data security platform that’s raised nearly 20 million in funding. Paul, thanks for chatting with me today.
Paul Lewis
Hey, Brett, great to be here. Thanks.
Brett
Yeah, no problem. So before we get talking about what you’re building, let’s start with a quick summary of who you are and a bit more about your background.
Paul Lewis
Okay, great. So I’m the Founder and CEO of a company called Kalamu. We’re a data first security company, and we have a truly unique solution to the rapidly evolving problem of ransomware and data theft and all these cyber incidents. I guess just to give you early in my career, I started my first company when I was in college. It was called MC squared. It was a network monitoring company. And quite honestly, at the time, I didn’t know the difference between AR and AP, but learned the business real quick and got to learn that the world needed a way to understand how to monitor the health of a network and learned imposec as it was emerging. And that company was eventually acquired by a Fortune 500 company. So it was a pretty good ride. So after that, I started a company called PG.
Paul Lewis
Lewis and Associates, and were a data forensics incident response company, really one of the first companies in the space. And here I really got a first hand look at the cyber problem, how bad it was and how bad it was getting. That company was also eventually acquired by a Fortune 500, and I’ve always been interested in applying kind of disruptive technologies to fix an emerging problem. And now I’m leaving Kalamu to make the cyber world a safer place for all.
Brett
How have you seen the world of cybersecurity evolve from those early days today?
Paul Lewis
Gosh, there was so much we didn’t know back then, so many problems that we couldn’t figure out or how they were going to evolve, or we didn’t even identify them as problems back then. So it’s much more complex, really. I think one of the core problems that we’ve got, all of us, is that this whole cyber world started without security in mind, right? So it started all about ease of communication, and then we had to kind of interweave security after we realized we had security problems. So now the whole world is on cyber, and we have problems that are all throughout but creates opportunity all throughout.
Brett
Nice. That makes sense. Two questions we like to ask just to better understand what makes you tick as a CEO and as a Founder. So is there a CEO and Founder that you’re studying the most? And if so, why them and what are you studying them or what are you learning from them?
Paul Lewis
I’ve always been a great fan of kind of the great grandfathers of innovation, guys like Thomas Edison and Henry Ford. There’s so many great leaders out there, so many great current day leaders. One of them in particular that I’m watching, he’s actually in my network, is a gentleman by the name of Brian SCOTTMore. Brian is the Founder and CEO of a company called 1800 Got Junk. You probably have seen their blue trucks kind of driving around, but it is very much a technology company and he’s done a great job at identifying this very fragmented industry and applying data and statistics and technology to it and kind of taking control over it. So a real big fan of Brian SCOTTMore. And while not a Founder, I’m very much a big fan of Microsoft’s Satya Nadella.
Paul Lewis
He’s done just a tremendous job at transforming a giant organization, really turning it around in just a few number of years. Great guy.
Brett
Yeah, he’s been really fun to watch and he’s a really great leader. Have you on the note of old school visionaries, have you ever watched the show The Men Who Built America?
Paul Lewis
Yeah, I have. Great show.
Brett
Yeah, I just got introduced to that and I’m hooked now.
Paul Lewis
Yeah, it’s just so much great history there for sure.
Brett
And what about books? Is there a specific book that’s had the greatest impact on you as a Founder?
Paul Lewis
Well, I’m an avid reader. I read all these books. I could tell you a couple of them. I think a real short read. The 1 Minute Manager early on in my career had a big impact on me. A 30 minutes read. If anyone hasn’t read it, I highly recommend it. Crossing the Chasm was probably the most terrifying book I’ve ever read in my life as a technology start up. It’s such a scary book to read, but so much good information there. But I think really the one that has had the biggest impact on me is Good to Create by Jim Collins. Just so much good information about how to surround yourself with great people, how to create great teams, how to bring in great people. Really amazing stuff there.
Brett
Nice. Love it. And now let’s talk about what you’re building today. So could you walk us through the origin story and the high level pitch on what you guys do?
Paul Lewis
Sure. Prior to Kalamu, I was an incident response. I was a practitioner. I was working with multi global corporations that were just getting hammered in cyber attacks, like over and over again. And I thought there had to be a better way to do this and there had to be a better solution. At the time, I was going to all the security conferences, and really, quite literally, I got tired of seeing like, 3000 companies selling the same ten things, and none of those things really were working. So I thought there had to be a better way. We have to think about how can we protect the data in a way that we’re not doing so today? And kind of the catalyst for all this. I really was spending a long time giving this a lot of thought, every waking moment for a couple of years.
Paul Lewis
And I was sitting on my porch literally one night, and my dog, my golden retriever, was sitting next to me. And he got up and he picked up his bone and he trotted across the street and he buried a hole in my neighbor’s yard and put his bone there and covered it up and came back, and I could swear he was smiling. And that was the moment of inspiration that I had that said, wow, he just put his most prized possession in the public domain, and he’s cool with it. He’s not worried about anybody accessing it. And that really was the change in mindset that I needed to start thinking about how can we put our data in the cloud, which really is the public domain in a way that makes it truly safe? And that was the beginning of Kalamu.
Paul Lewis
Now, my dog’s name was Kalamuchi, so Kalamu was his nickname, and I named the company after him.
Brett
And did he get some advisor shares or anything for being the inspiration behind the company, or how do you structure that?
Paul Lewis
He got a lifetime of love. Lifetime of love.
Brett
Nice. I love it. Now, what are your thoughts when it comes to market categories? I know in the world of cybersecurity, more so than any other industry I’ve seen, there seems to be an obsession with acronyms. What are your thoughts there on cybersecurity market categories and then what category are you playing in?
Paul Lewis
Yeah, okay, so it’s a super crowded space, and there are a lot of acronyms. There are a lot of different terms. There’s the term dejure things, terms that come up that everybody jumps on. So specifically, we’re in a category called cyber storage. So it’s cybersecurity, but cyber storage is the way that we think about storing data in a way where we’re protecting the data itself. And it’s actually a new category. So Gartner recognizes this as a new category. Just recently, they recognize it as an emerging category. But instead of putting layered security on the infrastructure, and instead of trying to protect the network that holds the data, Calamu protects the data itself, regardless of what infrastructure happens to be on. And we think about things like ransomware, and everybody has a solution for ransomware.
Paul Lewis
Most of those solutions are simply just restore from some form of a backup, which is not ideal. Right. And in my opinion, it’s not good enough. But ransomware doesn’t address the problem really, that ransomware is all about when we talk about these backup store solutions, which is double extortion. So we have double extortion where data is actually stolen from the network and that data is then weaponized back against the company and used against the company and threatened to be released. And that’s really where we see the biggest growing kind of pain that we’ve got around ransomware. But you’re right, crowded space, a lot of acronyms, a lot of stuff going on there.
Brett
And are you actively working with firms like Gartner as they shape and define that category? Or what’s your view on analyst relations in general?
Paul Lewis
I think analyst relationships are very important and we are working with different analysts. We’re trying to educate. Right? So we’re not trying to obviously we’d love to get market, we’d love to see if we can get exposure in market, but it’s really more trying to educate because what we’re going through is a change in mindset. We’re changing from this layered security model where we’re layering on more and more security onto the infrastructure, into we don’t have to worry about that so much because we’re really now just trying to protect the data, especially if the data gets into the hands of third party or someone that shouldn’t have it. But I think analyst relationships are very important.
Brett
Makes sense. And I just had the pleasure this year of attending my first black hat. So it was fun to walk around. And as I was walking around, what I noticed is all of the booths kind of seem to say the same thing. A lot of the messaging was the same, a lot of them were just saying the same thing, essentially. But obviously their solutions were different. So what are you doing right now to really break through the noise and capture that attention of security decision makers and security practitioners?
Paul Lewis
Oh yeah, so it’s hard to break through the noise. Right? There is a lot of noise out there. And first off, there’s a lot of great companies that have products that are desperately needed, right? So detect and deter and endpoint detection and response and monitoring, these are all really important things. I’m not saying that you don’t need these things. We just start with the premise that the bad actor has reached the data. So there’s been a failure somewhere in the system and they’ve actually reached the data. So we’re trying to cut through the noise by putting out messaging that the attack has happened. And we need to be comfortable with the fact that attacks continue to happen even with great technologies and great emerging technologies to protect the data.
Paul Lewis
Eventually the data is reached and when the data is reached, that’s where Kalamu kicks in. We’re trying to message around.
Brett
That nice, I love that. And your website is beautiful. It looks very different from a lot of the other cybersecurity websites that I see, you’re not using scary red colors and scary animals. So I like the approach that you guys have taken with your marketing and branding. It’s really amazing.
Paul Lewis
Yeah, thanks. We’ve got a great marketing team and it’s not about doom and gloom and it’s not about trying to scare people into buying our product. It’s about understanding that there is a better way, right? And there’s a better way to protect your data. And that’s what calmly is all about. So we’re not trying to say, hey, you’re going to be the next victim or watch over your shoulder, or you’ve got all these problems with your infrastructure. We’re saying, hey, we live in a real world and there are real world problems and we’re just a solution to help you and help your organization continue to stay in business and absorb an attack without having downtime from an attack.
Brett
And from what I’ve read about the industry, with CEOs and decision makers in general, they’re not only numb to that, but it really turns them off. Right? If you’re leading with messaging about Fud and fear tactics, they’ve just totally tuned out to those types of messages, right?
Paul Lewis
Yeah, maybe it worked 15 years ago, but I think today everybody knows all the stats, everybody knows all the problems. Everybody’s tired of hearing about the problems. We know what they are. So it’s innovative solutions that I think they’re getting the attention and the CEOs are responding, right. They don’t want to hear about how can I be same old and just put another layer of security on or build a bigger wall around the wall. It’s more about what’s something that’s innovative, what’s a new way of looking at things? How do we change our perspective? And again, that’s what we’re all about.
Brett
Makes sense. And what are your thoughts on the recent big cybersecurity story that came out? Was Uber Cecil getting charged criminally for what he was doing at the company? What are your thoughts on that whole situation? And do you think we’re going to see more criminal and civil liabilities come for security leaders?
Paul Lewis
Okay, so these are only my personal opinions, right? I have to state that this is not Kalamu’s opinion, this is my personal opinion. So I don’t think pressing criminal charges against a C suite executive because of a cyber intrusion or cyber problem or how that problem was dealt with is really fair. Right. These are boardroom discussions. So it wasn’t one individual that’s deciding he’s going to pay this ransomware. He’s going to cave to the cyber terrorists. And they are terrorists. We should think of them as being terrorists. Look, I think we’ve got a problem and we need to get our hands around the problem and fix it. And by putting people in jail or pressing charges against people that are really trying to help, that’s not going to answer the problem. That’s not going to find the solution.
Paul Lewis
We need to come together as a group. We need to come together as a community and think about different ways to get ahead of the problem. So, personally, first off, I don’t think you should ever pay a ransom. I think that’s the same as paying a terrorist. So you should never pay a ransom. I know. I’ve been in these board discussions as a subject matter expert and a consultant where the boards are struggling with, well, it might be cheaper for us to pay the ransom. Yeah, but it’s never cheaper in the long run, it’s never cheaper, so never pay the ransom. Let’s work together as a community and find better solutions and let’s innovate.
Brett
Nice. I love that. And with the Uber Cesar story, it must be very bad for the industry as a whole, right? Because there’s a huge talent shortage. So seeing those types of big headlines, I’m guessing, could deter people from even wanting to be in this industry if they know that’s the type of liability that they face. Because in other departments, you probably don’t have those risks. It’s a lot less likely that you have those types of risks hanging over you.
Paul Lewis
Yeah, I mean, look, 99 times out of 100 or 999 times out of 1000, it’s not something that the Cecil did wrong that created the attack. Right. It’s a vulnerability. It’s something that wasn’t known. It’s a risk that wasn’t identified. Look, everybody’s working really hard to plug the gaps and to press charges against the Cecil of Uber to kind of take that action. It’s just going to dissuade smart people from wanting to be a Cecil. They’re just not going to want to sign up for that position because they’re not going to want the exposure for something that they don’t really have total control over. And I think that’s fair.
Brett
Yeah, that makes a lot of sense. Now let’s talk about market adoption and traction. Are there any numbers that you’re comfortable with sharing just in terms of the adoption that you’re seeing?
Paul Lewis
So I’m not comfortable I want to go into any numbers, but what we’re seeing is we’re seeing a lot of attention around sensitive data that needs to be retained either regulatory requirement or some other requirement to retain the data. How do we do that in a safe way. At the same time, we’re seeing this massive cloud adoption and of course, the enterprise is not there, is not quite there yet, but I think the enterprise, large enterprise, is fully committed that they have to get to the cloud. I think everybody realizes that now. So when you go to the cloud, you’re actually putting your hands, your data into the hands of a third party. Right?
Paul Lewis
So for the first time, you’re taking it out of your complete control and you have to control one of the hyperscalers, whether it be Amazon or Microsoft or Google oracle or whoever else. But you have to trust another company. And that’s scary. That’s a scary thing. So what we’re seeing is the way that we process data with Calamu is we’re kind of reducing the burden of the fear of putting your data into the hands of a third party. Because when we process it, we keep it really, truly safe, even in a cloud environment or a multi cloud environment. And the first applications that we’re seeing are typically around sensitive data, where there’s a long term data requirement and data has to be moved from on prem to the cloud. And this is a great solution to make that happen.
Brett
Nice. That makes a lot of sense. And where are you seeing the most adoption? Is this the Fortune 500 or is this more tech? First companies that are maybe Forbes Cloud 100.
Paul Lewis
So we’re really seeing a real bell curve here. So we’re seeing small, medium businesses are kind of signing up pretty quickly. They get it. They see the value prop. They get it. And then we’re getting a lot of attention from large enterprise, which is interesting to me. Right. And it’s really the two ends of the bell curve that we’re seeing the most activity right now. So large enterprise, they are innovators. While they typically move slowly, they don’t move slowly, necessarily with cyber. And they see emerging technologies as being very important to their future. So that’s kind of where we’re seeing the sweet spot on the end. Now, we do see we’re seeing mid tier as well. Lots of very interesting conversations are ongoing.
Brett
And tying back to one of the books you mentioned, where are you in terms of crossing the chasm?
Paul Lewis
Well, we’re right in the middle of crossing it. So we’re in that kind of scary land where we’re not quite at scale. We’re just getting to that point. And we’re looking at all things product market, fit, messaging. What exactly is the value prop that we’re going after? We’re kind of multifaceted with benefits that we bring. So we feel like we bring so much benefit, but we can’t boil the ocean. So what we’re trying to do is we’re really trying to zone in on the one thing that is really going to allow us to get to scale. That’s about right where we are.
Brett
And as I’m sure you’ve experienced, bringing innovative product to market isn’t easy. What would you say is the single greatest challenge that you faced and how did you overcome it?
Paul Lewis
Yeah, the single greatest challenge for us is it’s a change in mindset, right? So nobody really before was thinking about protecting the data at the data layer. They were thinking about protecting the infrastructure. And there’s billions, trillions of dollars spent protecting the infrastructure. So we’re not saying you don’t need to do that, but we’re saying, look, that’s not working as well as we all hoped it would work. So let’s look at protecting the data. Even if the data is removed from your control. So changing that mindset is really the greatest thing, the greatest challenge that we’ve had partly education, not a lot of education, because as soon as we kind of talk through it and explain the process and how it works, people kind of get it right away, and then they get excited about it.
Paul Lewis
But it’s getting that message out, doing the education and changing the mindset.
Brett
I love it. And if we zoom out into the future, what would you say is the five year vision for the company?
Paul Lewis
Five year vision is today we do a great job of protecting data at rest in the cloud, and we have a vision of protecting all data. Right. So all data, whether it be transactional data in motion, any kind of data, we’ve got a big vision to do that. I’d love to see some of these cyber problems like ransomware completely eliminated, just a thing of the past, part of our history and not something that we’re still talking about. And, look, Kalama’s big vision is we want to make the cyber world a safer place for all. That’s really what we’re all about.
Brett
And do you truly believe there’s a world where ransomware just doesn’t exist anymore or it’s greatly reduced?
Paul Lewis
I do. People think I’m crazy because the bad guys are always smarter, the mouse is always faster than the cat. But I think in this case, I could see a difference because we’re changing the battle surface. Right. We’re kind of changing the attack vector. And if we can eliminate that attack vector altogether, luck. I think there could be some ransomware extortion, or it’s always going to be bad guys for trying to get money out of companies, but they’re not going to do it by what we traditionally call ransomware. Today, that’s going to be gone.
Brett
Nice. That’s nice and hopeful for the future. All right, Paul. Unfortunately, that’s all we’re going to have time to cover for today before we wrap up. If people want to follow along with your journey, where’s the best place for them to go?
Paul Lewis
Sure. They can go to www.calamu.com. C-A-L-A-M-U. You can sign up for a test drive. You can reach out to anybody on our team, and we’d love to hear from you.
Brett
Amazing. Well, thanks so much for coming on and sharing your story and sharing what you guys are building. This is super exciting, and look forward to seeing you guys execute on this vision.
Paul Lewis
Great. Thanks, Brett. Appreciate that.
Brett
Keeping that’s.
Twitter
facebook
linkedin