How Danny Jenkins Bootstrapped ThreatLocker From $150K Debt to $200M
Danny Jenkins on Building ThreatLocker and Selling Zero Trust
概览
This episode features Danny Jenkins, founder of ThreatLocker, discussing how he built a cybersecurity company focused on zero trust controls, least privilege, and blocking unauthorized software by default rather than relying mainly on threat detection.
Jenkins describes the long and financially difficult path to the first paying customer: 18 months with no revenue, credit card debt, a failed accelerator experience, product instability, and personal setbacks. The turning point came when ThreatLocker proved it could block real ransomware threats and when the first customer paid about $5,500 upfront.
The conversation also covers how ThreatLocker grew through cold outreach, webinars, trade shows, MSP partnerships, and later enterprise sales. Jenkins argues that early startups should focus almost entirely on two things: building a product that solves a real problem and making sure buyers know it exists.
分段落总结
[00:02] Introduction and ThreatLocker’s Scale
[事实] The host introduces Danny Jenkins as the founder of ThreatLocker, a cybersecurity company approaching $200 million in ARR and protecting about 70,000 companies. [事实] The intro frames Jenkins’s story around heavy credit card debt, 18 months without paying customers, and an accelerator that advised him to abandon the idea. [事实] The episode promises discussion of category creation, the first sale, and what Jenkins believes matters most when starting out.
[02:14] What ThreatLocker Does
[事实] Jenkins says ThreatLocker addresses worsening cyberattacks by implementing zero trust-style controls, least privilege, and ransomware prevention. [事实] He explains that the solution is conceptually simple, but difficult to implement well. [事实] ThreatLocker aims to harden customer environments by controlling what can run instead of only detecting known threats.
[03:07] Customer Base and Revenue
[事实] Jenkins says ThreatLocker protects about 70,000 companies worldwide, including customers served through MSP networks and direct customers. [事实] He says the company has about 6,000 to 7,000 direct customers. [事实] He states that revenue is approaching $200 million. [事实] He says some of the world’s largest and most valuable companies are customers, though he cannot name many of them.
[03:53] Early Background in IT and Security
[事实] Jenkins grew up in the UK, left school at 15, and did not complete high school qualifications. [事实] He loved computers and began by writing letters to local computer companies looking for an apprenticeship. [事实] He started physically building computers and working with networks before the internet was widely used. [事实] His move into cybersecurity began while working for a large building materials manufacturer in Ireland, where viruses such as Love Bug and Blaster made security a corporate issue.
[07:49] The Origin of ThreatLocker
[事实] Jenkins had previously run an email security company and was doing ethical hacking and ransomware recovery work. [事实] A 2014 ransomware recovery case in Australia strongly influenced the idea for ThreatLocker after a company’s systems, databases, Exchange server, and backups were encrypted. [事实] Jenkins concluded that default-deny security was needed, but existing products were not viable for smaller companies. [事实] He also saw a similar need while helping manage IT at his children’s school, where malware and unauthorized software were recurring problems.
[10:13] From Small Market to New Category
[事实] Jenkins initially worked on ThreatLocker only part time because he did not want to sell to IT buyers again. [事实] In 2017, after WannaCry appeared, ThreatLocker’s early product blocked it in testing. [事实] Jenkins realized that instead of competing in a small whitelisting market, the company could try to create a broader category for businesses of many sizes and industries. [推测] The WannaCry moment helped Jenkins reframe ThreatLocker from a niche tool into a potential platform company.
[12:21] The First 18 Months Without Paying Customers
[事实] Jenkins says the team spent the early period trying to build an MVP, but endpoint security products are difficult to validate until deployed in real environments. [事实] His children’s school became the first user of ThreatLocker. [事实] The team’s savings were gone, they had remortgaged their house, and they were using credit cards. [事实] Jenkins joined an accelerator that he later described as a mistake because it consumed time and pushed him to pivot toward EDR.
[15:07] Getting the First Customer
[事实] Jenkins hired someone to cold call part time from his house and book demos. [事实] The first paying customer trial required the team to write and deploy code quickly while learning the customer’s environment. [事实] Jenkins says he was shaking when asking for the order because he was not comfortable selling and was under severe financial pressure. [事实] The customer agreed to pay about $5,500 upfront, which helped the company survive and enabled Jenkins to raise about $200,000 from angel investors.
[18:11] Persistence Under Financial Pressure
[事实] Jenkins says he never reached a point where he believed the company was not worth continuing. [事实] He considered bankruptcy and asked whether there was a way to keep the business if he filed. [事实] He believed the company had to succeed because ransomware could not be stopped effectively without this kind of approach. [事实] His wife co-founded the company with him, which made the strain easier because they were committed together.
[20:18] Personal Setbacks During Startup Survival
[事实] Jenkins and his family had moved to Florida in 2010. [事实] During the company’s difficult early period, Hurricane Irma damaged their house, pool pipes, car, and roof. [事实] Jenkins and his wife had to repair parts of the roof themselves after insurance covered only part of the repair cost. [事实] A car loan issue forced them to pay about $7,000 when they had only about $9,000 in the bank.
[22:42] Mindset for Dealing With Problems
[事实] Jenkins describes his mindset as handling the most urgent problem today and then dealing with tomorrow when it arrives. [事实] He says starting a business is extremely hard and is not a path for people trying to avoid work. [事实] He says he still works more than 100 hours a week and that the work does not get easier as the company grows. [推测] His operating style emphasizes urgency, emotional resilience, and focusing on immediate constraints rather than long-term anxiety.
[24:34] What Matters at the Beginning
[事实] Jenkins says the accelerator encouraged him to file a trademark, but legal help was too expensive at the time. [事实] ThreatLocker filed the trademark itself, which later caused legal costs of more than $50,000. [事实] Jenkins says he still would not have spent $12,000 on legal trademark work at the time because the money was needed for marketing. [事实] He says early startups need two things: a product that solves a real problem and buyers who know the product exists.
[26:43] Early Customer Acquisition
[事实] Jenkins does not clearly remember the second customer. [事实] He says early growth came from many demos, cold calling, customer word of mouth, Reddit, Discord, and inbound interest. [事实] A small MSP webinar with about 10 attendees generated leads and helped people talk about the product. [事实] Watching a webinar reviewer misuse the product taught the team that confusing product behavior was the company’s responsibility to fix.
[29:18] Learning What Sales Really Requires
[事实] ThreatLocker hired an early salesperson who sounded polished but did not close deals. [事实] Another salesperson, who Jenkins initially thought was blunt and not smooth, began closing deals. [事实] Jenkins concluded that sales was less about a magical conversation and more about showing customers the product and directly asking whether they want to buy. [事实] ThreatLocker reached about $300,000 in ARR by the end of 2019.
[31:37] Trade Shows and the 2020 Growth Push
[事实] After raising another $500,000, Jenkins planned to attend many trade shows in 2020 to educate the market. [事实] He believed that if the strategy failed, it was better to fail quickly than slowly over years. [事实] The company spent about $300,000 on trade shows and built pipeline before COVID shut down events. [事实] ThreatLocker grew from about $300,000 to $2.3 million in revenue in 2020.
[35:23] Why MSPs Became Important
[事实] Jenkins explains that MSPs manage IT for small businesses that cannot hire full internal IT teams. [事实] ThreatLocker used MSPs as a way to reach small businesses through technical buyers who already managed many endpoints. [事实] Jenkins says selling directly to small businesses was inefficient, while MSPs could represent thousands of endpoints despite being small companies themselves. [推测] MSPs gave ThreatLocker a way to scale distribution before the company had the credibility and size needed for many large enterprise buyers.
[39:54] The Kaseya Incident and MSP Adoption
[事实] Jenkins says that in July 2021, a Kaseya vulnerability pushed ransomware to about 40,000 businesses worldwide. [事实] He says ThreatLocker was the only thing that blocked it. [事实] He says demand rose so quickly that data centers were at full utilization and he was asking customers not to install more agents. [事实] Monthly ARR additions increased from roughly $300,000 to $400,000 in June 2021 to about $1.5 million shortly afterward.
[40:34] MSP as One Vertical, Not a Pivot
[事实] Jenkins says MSP was not a full pivot but one important vertical among many. [事实] He says more than half of ThreatLocker’s business is now non-MSP, and about 75% of new business is enterprise. [事实] He names sports teams, healthcare, banking, airlines, transportation, airports, and MSPs as verticals. [事实] He says MSPs help ThreatLocker reach the small business part of the world, which is necessary for the company’s mission of broad zero trust adoption.
[43:00] Why Zero Trust Was Controversial
[事实] Jenkins says zero trust is an idea rather than a product. [事实] He contrasts default-allow security, where software or access is allowed unless blocked, with ThreatLocker’s approach of allowing software only when explicitly approved. [事实] He says maintaining application control used to be difficult, but ThreatLocker made it easier. [事实] He argues that zero trust is controversial partly because it threatens an industry built around detection tools such as antivirus, EDR, threat hunting, SIEM, and SOC services.
[48:00] Lightning Round: Startup Advice and Learning
[事实] Jenkins says market research is overrated and that the fastest test is whether someone will pay for the product. [事实] He prefers concise, problem-solving content over long business books. [事实] He says money does not solve problems; it changes them. [事实] He says once a startup has enough money, problems shift from financing to hiring, execution, and team building.
[50:33] Operating Habits and Life Outside Work
[事实] Jenkins believes keeping people physically close helps solve problems faster. [事实] He says a customer problem that might take eight hours can sometimes be solved in 15 minutes when people stand together and work through it. [事实] Outside work, he and his wife ice skate together, including pair skating with lifts and spins. [事实] He says LinkedIn is the best way to contact him, though replies may take time.
播客点评/总结
This episode is valuable because it gives a concrete founder story rather than abstract startup advice. Jenkins repeatedly ties lessons to specific moments: the ransomware recovery that inspired the product, the failed accelerator, the first sale, the trade show push, and the Kaseya incident.
A major strength is the discussion of category creation and go-to-market under severe constraints. The episode shows how ThreatLocker combined product conviction, direct selling, customer education, MSP distribution, and later enterprise expansion.
[推测] The episode is especially useful for B2B SaaS founders selling technical products into skeptical markets, and for cybersecurity founders thinking about category positioning. Its limitation is that the story is told mostly from Jenkins’s perspective, so claims about market impact, competitors, and product uniqueness are not independently verified within the transcript.