Malwarebytes

Marsen Klazinski started playing with malware remediation tools around 2003 when his own computer got infected and he didn't know what to do. Rather than just fixing his immediate problem, he decided to learn how to properly remediate malware. He spent five years at the University of Illinois, essentially going to college while learning to program and understanding the rapidly evolving threat landscape. This wasn't a quick pivot—malware defense requires deep technical knowledge because you're fighting criminals with constantly evolving attack vectors.

In 2008, Marsen and a co-founder officially launched Malwarebytes with a simple but powerful business model: clean your computer for free (because getting infected sucks), then charge $40 to protect yourself going forward. The first year was eye-opening—they made $1 million in revenue. Year two, they grew seven times over.

What made the early hiring strategy brilliant was their approach to community. Instead of traditional recruitment, they went into forums where people were already discussing and helping with malware issues. They essentially paid these engaged community members to do the work they were already doing. This meant their first 30 employees, including Marsen, were remote and deeply passionate about the problem space. They didn't open a physical office until they hit 50 employees.

The consumer acquisition was almost organic—Malwarebytes became so trusted that Apple Store staff began recommending it to customers worried about viruses (despite the common myth that Macs don't get viruses). The reputation spread through forums, communities, and word-of-mouth. What's remarkable is that Marsen noticed a pattern: people using the free consumer product at home loved it, then requested it at work. The IT department would install it, and suddenly you had a business customer.

By 2010-2011, Malwarebytes started building business products. The consumerization of IT became a huge growth engine—employees already trusted the product, making enterprise adoption much easier. By 2017, consumer and business were roughly 50/50 revenue split, with the business side having much higher renewal rates (90% vs 70%) and negative revenue churn (expansion revenue exceeded churn).

Marsen kept the company bootstrapped and profitable from day one—a deliberate choice rooted in his Midwest values. For five years, they hired without an option pool, which was unusual for the Bay Area but kept the company scrappy. Only in 2013 did they take their first outside investment from Highland Capital, at which point revenue had reached $25 million.

The business model evolved over time. They started selling perpetual licenses at $25, then transitioned to $25/year, then to $40/year. Critically, they grandfathered in existing customers—a core company value called DFTC ("Don't fuck the customer"). This built trust and loyalty.

On the B2B side, they discovered they could sell 2-3 year contracts (something most SaaS companies struggle with), averaging $3,500 ACV over 18 months (roughly $2,300 ARR). They had a 70-80 person sales team focused on expanding those initial small deals into enterprise-wide rollouts—going from a single department at Coca-Cola to the entire company.

Marketing was aggressive: they spent $300,000+ per month on Google AdWords alone, but it paid for itself almost dollar-for-dollar. They worked with agencies and rotated them regularly to bring fresh ideas. With 33,000 inbound B2B leads per quarter, the challenge became conversion and expansion, not lead generation.

By 2017, Malwarebytes had crossed the $130 million ARR threshold. They'd raised $80 million total (Highland in 2013, then Fidelity as a growth investor), employed 650+ people globally (a third in San Jose, a third in Europe, a third distributed), and served 3+ million consumer subscribers and 50,000+ business customers from one-person dentist offices to Fortune 100 companies.

Marsen, just 28 years old, was thinking about an IPO but taking his time. The challenge with IPO: cybersecurity is reactive—major breaches like Equifax drive buying cycles, making revenue predictable. Wall Street demands that predictability, and missing forecast would be punished. He had the luxury of time and wasn't rushing.

The broader lesson: build with believers, not naysayers. Get toxic people off the boat quickly. And never fuck your customer—it builds the kind of brand reputation that lets Apple employees recommend you unprompted.