Code 42
Joe Payne joined Code 42 (then Crashplan) in 2015 as CEO, tasked with determining the long-term future of an endpoint backup product. After thorough market research, his team discovered a massive pain point: the Data Loss Prevention (DLP) market was ripe for disruption. "Everyone that we talked to hated their DLP," Joe explained. "They had spent a lot of money on it, but they weren't actually using it, and they weren't solving the problem." The insight was powerful: while security teams obsess over external threats, about 60% of employees openly admit to taking data from their previous employers—with actual data suggesting it's closer to 100% when people leave.
Instead of abandoning the Crashplan business, Code 42 incubated an entirely new product called Insider within the existing company structure. Starting around 2015, they spent a year researching before launching the new product in 2017. The team built from scratch, assembling a new founding technical team dedicated to solving insider threats. Their solution provides visibility into who's moving files to Dropbox, putting data on thumb drives, emailing source code via Gmail, or publicly sharing sensitive documents on cloud storage. Critically, they paired detection with a positive reinforcement strategy—helping employees and contractors course-correct rather than punishing them. The product integrated with enterprise tools like Salesforce, OneDrive, and Google Drive.
The Insider product hit its first million in revenue about four years before the interview (roughly 2020). From there, growth accelerated significantly. By the time of the interview, Code 42 had grown the product to $50M in annual recurring revenue. The company serves over 800 paying customers, ranging from small organizations with 200 employees to enterprises with 120,000+ employees. Several customers pay more than $1M annually. Notably, six of the world's largest security companies use Code 42—CrowdStrike, Okta, Ping, Rapid7, Splunk, and Cisco—providing powerful validation from the smartest minds in security.
Joe identified mid-market companies (1,000-5,000 employees) as the current sweet spot for growth. These organizations make faster purchasing decisions than large enterprises, where procurement has begun pushing back on security spending due to macro headwinds. Security budgets are growing only 5% in 2023, down from the historical 30-35% annual growth rate.
Code 42's go-to-market relies on three integrated motions: inbound demand generation, intent-based outbound sales (using tools like Six Sense to identify buyers), and account expansion within the existing customer base. The company employs approximately 220 people, including 25-30 quota-carrying sales representatives. Pricing averages $80 per seat annually (with a rule of thumb of $100-120 per seat), generating average contract values in the $80-120K range for mid-market deals.
Joe emphasized the importance of focus—the company sold off the legacy Crashplan product (generating $70M ARR) to private equity for $250M to concentrate entirely on the insider threat market. "If you wanna disrupt an industry, if you wanna win in the space, you can't have lots of different products doing lots of different things," he noted.
Code 42 closed 2022 with $50M ARR and targeted 20-25% year-over-year growth for 2023, which would put them at approximately $60M+ by year-end. The $250M proceeds from the Crashplan sale provided a substantial balance sheet cushion. Despite abundant capital, Joe remains disciplined about M&A, maintaining a very high bar for acquisitions—most analysis concludes they could build competitive features internally. The company was cash-flow positive in prior years and practiced "East Coast Offense" capital efficiency (spending what's needed to grow rather than overspending early). Looking ahead, Joe aims to achieve the "Rule of 40" (growth rate + EBITDA margin ≥ 40%) while maintaining emphasis on growth, believing that long-term value in SaaS comes from dominant market position. With major deals in the pipeline and security company usage expanding, Code 42 is positioned as the market leader in insider threat detection.
- •Code 42 identified a massive market gap where existing solutions were expensive but unused, revealing that the real problem wasn't detection but behavioral correction—a fundamentally different product opportunity than what competitors offered.
- •By incubating a new product within an existing profitable business rather than pivoting entirely, Code 42 could fund product development and market research for 5+ years without revenue pressure, allowing them to build a genuinely better solution.
- •They validated product-market fit with the world's largest security vendors (CrowdStrike, Okta, Splunk, Cisco) as customers, which created a powerful credibility signal that accelerated enterprise adoption and reduced sales friction.
- •Their intent-based sales motion using intent signals to identify high-probability buyers allowed them to focus sales resources on companies actively evaluating solutions, dramatically improving conversion rates and sales efficiency at scale.
- 1.Conduct deep customer research with 20+ companies currently using competitor solutions to identify specific frustrations and use cases they're not solving, then build your product to solve that precise gap rather than copying existing features.
- 2.If you have revenue from another business, allocate a dedicated technical team and budget to incubate a new product for 1-2 years in stealth mode before launch, giving yourself time to build meaningfully better technology without quarterly revenue pressure.
- 3.Target your first 10-20 customers in high-credibility segments (industry leaders, recognizable brands, or companies with significant security expertise) and make customer acquisition cost irrelevant for these reference accounts, prioritizing referenceable logos over early profitability.
- 4.Implement intent-based outreach using intent signal tools to identify companies showing buying signals, then pair this with a dedicated new business sales team of 5-10 reps focused exclusively on high-intent prospects rather than broad prospecting.
- 5.Price per-seat at $80-120 annually and target mid-market companies (1,000-5,000 employees) first, where decision cycles are 3-6 months faster than enterprises, allowing you to iterate on sales motion and build proof points before competing for large deals.
Similar Companies
247.ai
$25.0M/mo247.ai, founded by PV Cannon in 2000, is an AI-powered customer service automation platform serving over 150 enterprise customers with $300M+ in ARR. The company raised only $20M from Sequoia (2003) and bootstrap, achieving 10% net profit margins while maintaining a 12-month CAC payback period and 100% net revenue retention. Despite a security breach setback around 2018, 247.ai has recovered and recently achieved 20% new revenue booking growth in their best quarter.
iCIMS
$13.3M/moiCIMS is a bootstrapped SaaS provider founded in 1999 that dominates the talent acquisition software market as the #2 player, serving 3,500 enterprise customers with an average monthly spend of $4,000. The company exited 2017 with $160M ARR and is targeting 25%+ annual growth while maintaining profitability, recently acquiring Text Recruit to expand into candidate messaging and recruitment advertising.
Zoom
$12.0M/moZoom is a freemium SaaS video conferencing platform founded by Eric Yuan in July 2011 after he left Cisco to build a next-generation collaboration solution. The company has grown to 850,000+ paying customers across individual, SMB, and enterprise segments, generating over $12M in monthly recurring revenue with approximately 100% year-over-year growth. Rather than focusing on customer stickiness or aggressive growth targets, Zoom emphasizes customer happiness and organic word-of-mouth acquisition, which has proven highly effective in driving viral adoption.
Madwire
$10.0M/moMadwire is a comprehensive SaaS platform for small businesses (1-100 employees) that combines CRM, payments, invoicing, billing, e-commerce, and multi-channel marketing tools in a single platform. Founded in 2009, the company has grown to $120M ARR serving 20,000 customers with an average revenue per user of $500/month, while maintaining strong unit economics ($3,000-$4,000 CAC with 3-month payback) and recently turning profitable with a focus on reaching 15-20% EBITDA margins. The company is exploring an IPO within 12-18 months without having raised substantial capital beyond an initial $7.5M.
SwiftPage
$7.0M/moSwiftPage is a CRM and marketing automation platform founded in 2001 that targets small businesses. Under CEO John Oshel's leadership since 2012, the company scaled from 60,000 customers with $26.2M revenue in 2015 to 84,000 customers today with an estimated ARR of $36M+, maintaining 1.5% monthly logo churn and a 6-7 month payback period with a sub-$500 CAC.