At the 2023 RSA Conference in San Francisco, Varun Badhwar presented his latest company, Endor Labs, to the judges at the Innovation Sandbox, the conference's startup competition. While AI security company HiddenLayer ultimately carried the day, the event still marked a singular honor for Badhwar. He has founded three companies, and all three have been named an Innovation Sandbox finalist: CipherCloud in 2011, RedLock in 2017, and Endor Labs in 2023.

None took the top honors, but imagine a director who films three movies and earns three Oscar nominations. This raises the question of how Badhwar approaches innovation and what he is doing differently than other founders.

Listen to Practitioners

While Badhwar demurred about having any special knowledge of innovation, he shared some insight into how he comes up with ideas. "The method is ... very simple: You listen to people around you," he says.

Badhwar started his first company, CipherCloud, in 2010, when enterprises first started really banking on cloud applications like Salesforce and Dropbox. He started thinking about what concerns and pain points people had about moving to the cloud, and the answer he came up with was the same we see today.

"The No. 1 concern would be loss of control on their data," Badhwar says. "They've typically had it behind their four walls ... now they're giving it to somebody else?"

The solution CipherCloud came up with was anonymizing, encrypting, and tokenizing data before sending it to the cloud. That ameliorated some of the fear around companies' sending their crown jewels out into the world, and that's where the startup found its market.

A few years later, Badhwar left CipherCloud to lean into machine learning-based cloud security measures and founded RedLock to address the same concerns about loss of control.

After RedLock was acquired in 2018, Badhwar found a new kind of challenge. "The problem of open source software sprawl, the problem of alert fatigue, was something that my teams were facing at Palo Alto Networks when I was building Prisma Cloud," he says.

To counteract the security issues this practice raises, Endor Labs came up with a dependency life cycle management platform to enhance software supply chain security by identifying and blocking insecure code use, cutting out reachable dependencies, and streamlining code to reduce vulnerabilities.

"People five years ago were writing more code of their own," Badhwar says. "Today they write less code of their own, and the majority of the code is borrowed from the Internet from complete strangers."

Attend to Your Business

Building a successful business takes more than an idea and a smile. "I always say there are three things you need: You need hard work, you need good timing, and you need a bit of luck," Badhwar says.

For a cybersecurity startup to succeed in the marketplace, it has to have a creative solution to a serious problem, clients to validate the effectiveness of the solution, and a proven management team to lead the company.

"People want to know it's a big problem in a big market," Badhwar says. "The last piece is that you're a credible team [with] the confidence [to] execute on a really big vision. That's ultimately what it comes down to. I wish I had a 'perfect recipe' type of answer, but that's what it is."

Finding and satisfying customers is a tall order in any industry, but it is especially difficult in a crowded cybersecurity marketplace.

"The hardest part of the job for me is, how do I stand out of the pack with 5,000 other cybersecurity companies, brand building but also budget and mindshare building my buyers?" Badhwar says. "And I would say that's usually the nut that you have to crack pretty early, which will determine your success or failure."

Customers aren't interested in a long lists of functionality either, he adds. "People don't want to hear the 10 things you do," Badhwar says. "[They] want to know, what is that one thing you do really, really well? And can you resonate with a problem that they have today — not tomorrow, not next year, [but] the problem they have today?"

Solving problems for businesses is the foundation for growing a startup, which, if you're lucky, follows the path from idea to viable business to exit. For Badhwar, the timeline goes something like this: About every six years, he starts a new company. The company goes to the Innovation Sandbox, proves its market worth, and then gets acquired — RedLock by Palo Alto Networks in 2018 and CipherCloud by Lookout in 2021, after he'd left. This isn't imminent or inevitable for Endor Labs, however; Badhwar has his eye on bringing Endor public eventually.

"This journey may not be as short as the last two, but I'm excited for it," he says.