Rick Caccia
Appearances
Code Story
S9 E33: Rick Caccia, WitnessAI
We started this company thinking about the security of AI use in a way that most security startups also do, and we got it wrong. So we had to revisit and trade some things off. So we looked at this and said, oh, this is going to be like any other new type of security issue. You're going to have new types of attacks. AI-oriented attacks are going to be the big deal.
Code Story
S9 E33: Rick Caccia, WitnessAI
We put a lot of effort early into go-to-market, how we structure sales, how we're going to do pricing, all the underlying marketing operations. Because what tends to happen a lot of times with these enterprise startups is you get a bunch of early traction, you bring on a bunch of sales reps, and then the thing hits a wall somewhere around $10 or $15 million of sales and about 150 employees.
Code Story
S9 E33: Rick Caccia, WitnessAI
We wanted to make sure it didn't happen here. We built the pipeline of sales reps, sales engineers, marketing demand generation. We've got the marketing systems built out early. And the notion being that the engineering side probably won't hit that scale wall for a long time, but you tend to hit that scale wall in go-to-market. Let's prepare for that early.
Code Story
S9 E33: Rick Caccia, WitnessAI
All of the sales and marketing folks are people I've worked with before. Everyone's been through. Companies exploded, took off, and then hit a wall. So we've talked a lot about how do we put things in not to hit that here, and we think we've done a good job of it.
Code Story
S9 E33: Rick Caccia, WitnessAI
If I'm being honest, it's still early enough that I'm mostly more paranoid than proud. I would say with startups, results matter. I think this is the thing that sometimes doesn't come along when you read all these stories about startups that did well. People want their work to matter. And the measure of that, like it or not, is company value.
Code Story
S9 E33: Rick Caccia, WitnessAI
So you don't really want to come along and grind away for one, two, three, four, five years and then have the company go nowhere. We have a message that works like 95% of the time we talk to a new prospect. It didn't respond positively. We have a team that works really hard, gets a lot done. The valuation was high on the round. The pipeline is much larger than I expected it to be.
Code Story
S9 E33: Rick Caccia, WitnessAI
So I feel like from a results standpoint, I could stand up in front of the company and say, the stuff you're doing, you know it matters, you care about it, but we're delivering the things that show that there's value in the company. And that's a good way to tell in the early days with a startup, does it matter or not?
Code Story
S9 E33: Rick Caccia, WitnessAI
If you're going to join a 20, 30, 40-year-old, $100 billion company, it's harder to see that in your day-to-day job. With a startup, you can see it month to month and quarter to quarter as you see the revenue grow and you see the customer side grow in a way that you notice. And I think that's something that I'm being paranoid about, but I'm proud of how it's gone so far.
Code Story
S9 E33: Rick Caccia, WitnessAI
For me, the biggest challenge as a new CEO, this is my first CEO role, is now I have engineering under me. And there have been a couple of times where I did not trust my gut. I went along with either a hiring or a technology decision that maybe seemed to have a little bit of hair on it. And the results down the road caused more friction for the team than those guys deserved.
Code Story
S9 E33: Rick Caccia, WitnessAI
And we had to dig out from them. Some of the engineers had to put in some really long hours to work around some of these decisions that didn't work out. I think for me, I feel very comfortable with sales and marketing decisions. I've got 30 years of work there. I've got a lot of time in product management, so I'm comfortable with product management decisions, much less so on the engineering side.
Code Story
S9 E33: Rick Caccia, WitnessAI
And so I've made some mistakes there in terms of going along with something that maybe didn't sound right and then didn't work out, and I wish I'd pushed back a little harder. I think it's a hard one because you come up through one side of your career and then you feel like you need to defer to leaders in the other areas.
Code Story
S9 E33: Rick Caccia, WitnessAI
I'm not sure that's any different from a technical person who's a new CEO who might make some decisions they regret around sales or marketing. You make decisions without the experience you'd like to have in that area. I've definitely made some of those. And the result, unfortunately, is some of the engineers have had to grind it out to get around those to help us dig out.
Code Story
S9 E33: Rick Caccia, WitnessAI
So the team is easy. I'm on the tech side. We need to build out those AI platform and security groups I talked about. That's really straightforward. Like we have a bunch of roles and we'll build out under the leaders there. Go to market. We have to build out and are building out a US national set of sales reps. Then we expand internationally.
Code Story
S9 E33: Rick Caccia, WitnessAI
In parallel, we're building out a partner organization to get leverage. And that's both resellers, system integrators, technology partners, domestically and internationally. All that has to be done. It's part of the future. It's not super crazy and interesting. It's just what you do as you grow.
Code Story
S9 E33: Rick Caccia, WitnessAI
From the product, today, we're working on providing fast, effective user activity guardrails for generative AI use in companies. And we have a lot of work to make that happen, but it's after that where it also starts to get really interesting because gen AI is the new sexy stuff, but it's not the only stuff around AI.
Code Story
S9 E33: Rick Caccia, WitnessAI
And so after that, we have all this company organizational use of AI that is not the conversational chatbot stuff we see today. It's embedded AI in predictive applications, predictive analytics, workflow processes, all this stuff that you never see. But we need to build a way to provide guardrails around that, too.
Code Story
S9 E33: Rick Caccia, WitnessAI
As my co-founder, our CTO, says, once these things start getting these AI engines start to get connected to each other via APIs, they're not just going to give you answers. They're going to go take actions on their own. And from a security perspective, it's going to be robots fighting robots, as he says.
Code Story
S9 E33: Rick Caccia, WitnessAI
And we actually see a way to provide guardrails around robots fighting robots to the second wave of kind of the future for us and where it gets really interesting with some of the technology we're working on today.
Code Story
S9 E33: Rick Caccia, WitnessAI
I've worked in small companies that have grown, kind of late stage privates, and then have been acquired into some really great public companies. But I would say I've been fortunate to work for probably two of the best leaders that I've ever seen. One is a guy named Prakash. He is now the chief product officer at Freshworks. It's a publicly held company in the CRM space.
Code Story
S9 E33: Rick Caccia, WitnessAI
I was lucky to work for him long ago, like 20 years ago when he wasn't at the Chief product officer level, worked for him at a company called Oblix, which is an identity management. Late stage startup was acquired by Oracle. I worked for him again when we got acquired by Oracle. Most productive product guy I've ever seen.
Code Story
S9 E33: Rick Caccia, WitnessAI
Unbelievably savvy, able to manage, getting things done with keeping the good spirit and was just unbelievable in how he could make things happen and how effective it was in getting things done. And so when I walk into a sticky situation, I think about how would Prakash do this? How did I see him do it? And I try and pick that up.
Code Story
S9 E33: Rick Caccia, WitnessAI
The other person I worked for that really had a huge impression on me was a gentleman named Tom Riley. He was the CEO at ArcSight when I was there. I joined when it was private. We took it public in 2008. Tom was the CEO there. Later, he was the CEO at Cloudera, a big data Hadoop company. Tom was probably one of the best culture-oriented, high emotional quotient leaders I've ever seen.
Code Story
S9 E33: Rick Caccia, WitnessAI
The Valley is filled with high IQ guys. Tom also had super high EQ, just an amazing people-oriented leader and culture-oriented leader. And I struggle with that myself because I tend to be very focused on let's get the results. How do we get the results? I don't think enough about how the feelings of people, how that may be sort of absorbed.
Code Story
S9 E33: Rick Caccia, WitnessAI
When you're focused on results and less attuned to feelings and you suddenly have CEO authority, I've learned you have to be much more careful on how you communicate, but I'm working on that. And I loved working for both Tom and Prakash, and I've tried to absorb those strengths they have in being effective and building a great culture as we take witness AI from small to large company.
Code Story
S9 E33: Rick Caccia, WitnessAI
Here's the interesting thing. I would say most of the time, and I've talked to a lot of young entrepreneurs, young new CEOs, and both as an advisor or potentially an exec on their team. And I would say, given that most of them seem to be engineers or have come up through a technical background, my advice would be take sales and marketing seriously.
Code Story
S9 E33: Rick Caccia, WitnessAI
It's pretty rare that the build it and customers will come works. So that means at some point, if you have any success, sales and marketing will be the fuel to take that success forward. And if you don't take it seriously, it doesn't mean it's going to solve itself. It means that the founder CEO, that young entrepreneur, isn't going to understand when they're being told BS or not.
Code Story
S9 E33: Rick Caccia, WitnessAI
They're not going to know when their sales leader is BSing them. They're not going to know when their marketing leader is BSing them. I would say learn about it, take it seriously so you can judge it, whether it's working. And Noah, before I took this CEO role here as a founder CEO at WinSAI, I got a lot of calls from headhunters for chief marketing officer roles.
Code Story
S9 E33: Rick Caccia, WitnessAI
other career, my main career, primary career. And for the past two years, those calls all seem to be some version of a mid-stage couple hundred employee private company that had stalled. And every time I'd talk to the entrepreneur, founder, CEO, they needed to restart marketing. They were usually technical guys who didn't really take marketing seriously.
Code Story
S9 E33: Rick Caccia, WitnessAI
They couldn't figure out why sales was struggling, why they didn't have pipeline, and why things had flatlined. Some signs pop up when this is happening. You get an entrepreneur CEO who thinks like the marketing people only make T-shirts or it's all about PR or the sales guys. They're just coin operated guys. They don't know anything. That's not how it works.
Code Story
S9 E33: Rick Caccia, WitnessAI
So I would say my advice if I were sitting on that plane would be if you've come up through the development side and you are fortunate to get funding and you have a hot technical company. Take sales and marketing as seriously as you take development. And all of it can have metrics and can be managed in the same way you manage building code.
Code Story
S9 E33: Rick Caccia, WitnessAI
And if your sales and marketing leaders don't give you those metrics, then something's wrong and dig in there early.
Code Story
S9 E33: Rick Caccia, WitnessAI
The company is Witness AI. We enable companies to adopt AI safely and effectively. I've probably spoken with more than 100 CISOs, Chief Information Security Officers, in the past year, and I would say almost every company we've spoken with is in the same boat. The employees want to use all these cool new AI tools so they can be more effective.
Code Story
S9 E33: Rick Caccia, WitnessAI
Let's figure out how to talk about those and prevent them. And then we went out and we talked to maybe a dozen CISOs. And the interesting thing was none of them cared. Nobody cared. They thought that was years away. And instead, they cared about much less sexy things. My name is Rick Katcha. I'm the CEO of Witness AI.
Code Story
S9 E33: Rick Caccia, WitnessAI
And the security and privacy teams are worried about the risks. And most of these companies are stuck. They're trying to figure out how or if they should let employees use this stuff in a way that doesn't put the data at risk. Our software gives the user activity guardrails to ensure that people can use these cool new Gen AI tools in a safe way while also being productive. We're pretty early.
Code Story
S9 E33: Rick Caccia, WitnessAI
We're just in beta now with a bunch of Fortune 500 companies. We were incubated inside of a venture firm called Ballistic Ventures starting about a year and a half ago. I knew the Ballistic guys, known them for well over a decade. We were both acquired into a large company. We were in other startups a long time ago.
Code Story
S9 E33: Rick Caccia, WitnessAI
They asked me to come in and work with a CTO co-founder and figure out where this company should go, and we've done that. I guess the product, the way I would say, gives customers visibility. Where are my employees going relative to AI? What are they doing there? Should you care as a company? In my career, this is probably the first time I've never had to explain the problem to a potential buyer.
Code Story
S9 E33: Rick Caccia, WitnessAI
We just talk about risks around AI. They get it and they get right into how the product works and can they buy it.
Code Story
S9 E33: Rick Caccia, WitnessAI
Once we had a clear idea of what we wanted to do, from that point to the first beta, Proof of Concepts was about six months. It's built as a set of Kubernetes microservices. We stand them up as a new instance for each customer. When we talk about these guardrails that we have around user activity, they're really separate microservice-based AI policy engines.
Code Story
S9 E33: Rick Caccia, WitnessAI
So like one of them might look at your prompts in a chat window to detect jailbreaking. Another one might look at prompts to detect use of confidential data. We use a mix of standard technologies and we use a bunch of custom built stuff as well. All the AI engines are custom trained. We've also incorporated a lot of open source stuff.
Code Story
S9 E33: Rick Caccia, WitnessAI
I think AI is interesting because there's a lot of open source stuff available. There's new stuff popping up all the time. We've also been using some early stage platform technology from some other early companies and that may or may not work out for us over time. We're trying to sort that one out.
Code Story
S9 E33: Rick Caccia, WitnessAI
We started this company thinking about the security of AI use in a way that most security startups also do, and we got it wrong. So we had to revisit and trade some things off. So we looked at this and said, oh, this is going to be like any other new type of security issue. You're going to have new types of attacks. AI-oriented attacks are going to be the big deal.
Code Story
S9 E33: Rick Caccia, WitnessAI
Let's figure out how to talk about those and prevent them. And then we went out and we talked to maybe a dozen CISOs. And the interesting thing was none of them cared. Nobody cared. They thought that was years away, and instead, they cared about much less sexy things like visibility. Like, I don't care about some crazy new attack.
Code Story
S9 E33: Rick Caccia, WitnessAI
I care about just seeing, are my employees using some new LLM-driven chatbot that happens to be hosting data in China? How do I enforce acceptable use? We ended up having to make decisions to trade off the kind of whizzy, sexy security features for things that are much less whizzy, like visibility and policy enforcement. And when we made that trade off, the results were just crazy.
Code Story
S9 E33: Rick Caccia, WitnessAI
We went from not being able to get a single design partner, early customer, to getting 25 design partners in a month after we changed that decision and saying we're going to trade off the sort of sexy security stuff for the boring visibility, compliance, governance stuff. And the uptake was just amazing. It was like we flipped a switch.
Code Story
S9 E33: Rick Caccia, WitnessAI
With enterprise products, you have this interesting combo, right? You're rolling out some sort of platform that has to run inside some large company. So first off, you have a combination of speed and scale of the platform itself. Will this thing work at a fast enough speed that they'll actually deploy it? Then you have this set of enterprise use features.
Code Story
S9 E33: Rick Caccia, WitnessAI
Then you have a set of features that are your actual differentiated features. And so for version one, for MVP, you have to get some level of all three of those working at once. And we're actually at that point now. And so we're maturing each of those different pieces at different rates now that the basics are there. So enterprise features might be things like, does it work with Active Directory?
Code Story
S9 E33: Rick Caccia, WitnessAI
Does it work with Okta or whatever single sign-on they use? And you either have that or you don't. And if you don't, no company is going to deploy this. So you have to get that there. That's part of the MVP. Then speed and scale are things like how much latency do you add? How do you get that to an acceptable level? What happens when the employee user count goes from 10 to 100 to 1,000 to 10,000?
Code Story
S9 E33: Rick Caccia, WitnessAI
And if the product is too slow, then they view it as being broken. You also don't get deployed. And so then when those two things are working, then you also have to have the features that are why people looked at the product in the first place. They don't buy a generic product that works fast. They buy a product that does something for them.
Code Story
S9 E33: Rick Caccia, WitnessAI
We've had to make sure that trio of platform speed and scale, enterprise features, and then the differentiated capabilities around AI guardrails are all there. We're at that level now, and now we're going to make sure that as we go from 100 users to 1,000 users, The latency doesn't drop.
Code Story
S9 E33: Rick Caccia, WitnessAI
Make sure that all the cool new things that the engineers have wanted to do around AI classification and risk analysis, all those things are coming. But first, we had to get those basic things there. I couldn't build a product that didn't have any single sign-on or way to protect user activity. That had to be there. And that's part of the MVP.
Code Story
S9 E33: Rick Caccia, WitnessAI
You think of people, product, market, right? Do you have the right people? Things are going to change. Can the people adjust when things change? Are you in a big enough market that it's worth doing? And then are you building a product that is different enough that it's going to win?
Code Story
S9 E33: Rick Caccia, WitnessAI
From the people side, we really jump started with a set of engineers that our CTO, co-founder, had worked with previously. And that's usually how it goes, right? You can't start on day one with total strangers. It never goes that way. You always start with people you know. Our software combines AI analytics, security, and kind of high scales web services operations.
Code Story
S9 E33: Rick Caccia, WitnessAI
So we needed people with skills across all of those areas. So we looked at the team, we said, we need someone who has depth in AI or depth in security or depth in building sort of high volume web services. You're never going to find someone who has all three, but you're looking for someone who has depth in one and aptitude in learning the others.
Code Story
S9 E33: Rick Caccia, WitnessAI
The AI person may say, I'm going to build this new analytics engine, but I know it has to work at this level from the platform side or else I'll never get deployed. Second, we went remote from day one. And right now at about 25 people, it's manageable. It'll remain to be seen if that still works at 100 people, but it's working so far.
Code Story
S9 E33: Rick Caccia, WitnessAI
We have an amazing team in Cairo, actually in Egypt, that have worked together and worked with our CTO before. Super, super smart team. And they happen to work off cycle relative to our time zone here in the U.S. So we end up getting round the clock development as a company.
Code Story
S9 E33: Rick Caccia, WitnessAI
So those are the kind of things we looked for, like people with strong depth in one of three areas, aptitude and willingness to learn about the others, the other areas. And then we got lucky that it so happens that these teams are on different time zones so we can work 24 by 7.