Code 42

Joe Payne joined Code 42 (then Crashplan) in 2015 as CEO, tasked with determining the long-term future of an endpoint backup product. After thorough market research, his team discovered a massive pain point: the Data Loss Prevention (DLP) market was ripe for disruption. "Everyone that we talked to hated their DLP," Joe explained. "They had spent a lot of money on it, but they weren't actually using it, and they weren't solving the problem." The insight was powerful: while security teams obsess over external threats, about 60% of employees openly admit to taking data from their previous employers—with actual data suggesting it's closer to 100% when people leave.

Instead of abandoning the Crashplan business, Code 42 incubated an entirely new product called Insider within the existing company structure. Starting around 2015, they spent a year researching before launching the new product in 2017. The team built from scratch, assembling a new founding technical team dedicated to solving insider threats. Their solution provides visibility into who's moving files to Dropbox, putting data on thumb drives, emailing source code via Gmail, or publicly sharing sensitive documents on cloud storage. Critically, they paired detection with a positive reinforcement strategy—helping employees and contractors course-correct rather than punishing them. The product integrated with enterprise tools like Salesforce, OneDrive, and Google Drive.

The Insider product hit its first million in revenue about four years before the interview (roughly 2020). From there, growth accelerated significantly. By the time of the interview, Code 42 had grown the product to $50M in annual recurring revenue. The company serves over 800 paying customers, ranging from small organizations with 200 employees to enterprises with 120,000+ employees. Several customers pay more than $1M annually. Notably, six of the world's largest security companies use Code 42—CrowdStrike, Okta, Ping, Rapid7, Splunk, and Cisco—providing powerful validation from the smartest minds in security.

Joe identified mid-market companies (1,000-5,000 employees) as the current sweet spot for growth. These organizations make faster purchasing decisions than large enterprises, where procurement has begun pushing back on security spending due to macro headwinds. Security budgets are growing only 5% in 2023, down from the historical 30-35% annual growth rate.

Code 42's go-to-market relies on three integrated motions: inbound demand generation, intent-based outbound sales (using tools like Six Sense to identify buyers), and account expansion within the existing customer base. The company employs approximately 220 people, including 25-30 quota-carrying sales representatives. Pricing averages $80 per seat annually (with a rule of thumb of $100-120 per seat), generating average contract values in the $80-120K range for mid-market deals.

Joe emphasized the importance of focus—the company sold off the legacy Crashplan product (generating $70M ARR) to private equity for $250M to concentrate entirely on the insider threat market. "If you wanna disrupt an industry, if you wanna win in the space, you can't have lots of different products doing lots of different things," he noted.

Code 42 closed 2022 with $50M ARR and targeted 20-25% year-over-year growth for 2023, which would put them at approximately $60M+ by year-end. The $250M proceeds from the Crashplan sale provided a substantial balance sheet cushion. Despite abundant capital, Joe remains disciplined about M&A, maintaining a very high bar for acquisitions—most analysis concludes they could build competitive features internally. The company was cash-flow positive in prior years and practiced "East Coast Offense" capital efficiency (spending what's needed to grow rather than overspending early). Looking ahead, Joe aims to achieve the "Rule of 40" (growth rate + EBITDA margin ≥ 40%) while maintaining emphasis on growth, believing that long-term value in SaaS comes from dominant market position. With major deals in the pipeline and security company usage expanding, Code 42 is positioned as the market leader in insider threat detection.