Ep. 186 Jose Seara, Founder & CEO at DeNexus | Data Center Go-to-Market Podcast

The risk that we have been monitoring for customers in the last five years has always been dynamic and has always been moving, which is a bless for me because that means that my customers need to use my tool constantly, not just one time. But the rate at which that risk is evolving now is unforeseen in the history of the OT cyber technology. As we mentioned before, these AI tools are equipping the bad guys in a way that they have never been equipped. And the risk is evolving at a pace that we collectively, the market, still do not understand. That could be good for the business. Arguably, if the risk is bigger and the risk is more dynamic, it could be good for me, but it could be bad because at some point it could be unmanageable. There is an argument that the surface at which these industrial customers are exposed with this risk and these new AI tools is growing at a exponential rate, exponential rate to the point that is not easy or not, we cannot understand it. So there is a real risk that things get out of control with this operational technology. Again, I insist on the big difference between OT and will evolve to keep up with this evolution. OT has a hard time. We cannot reinvent the electrical network, for instance, we cannot rebuild the electrical network that was built in the last 150 years from scratch to make it, I don't know if compliant is a work to make it compliant with this new risk. So how we are going to deal with those two realities, I think it represents a both a terrific opportunity and a significant challenge. I'm Jose Vera, founder and CEO of the Nexus and you are watching the Data Center Go to Market podcast. Hi, it's Joshua Feinberg, host of the Data Center Go to Market podcast. Today I am thrilled to be welcoming Jose Sierra who is founder and CEO of Donexus. Jose is originally from Spain. Jose is currently based out of the Boston, Massachusetts area. Jose, welcome to the podcast. Thank you, Joseph. Thank you for having me. You're very welcome. So a good great place to start is, could you explain to our audience a little bit about what genexus does and how it fits into the broader data center ecosystem? Yeah. Let me begin with my background, which will help the audience to understand what we are doing at the Nexus and why we are doing it. So as you mentioned, I'm from Spain. Before the Nexus, I built two companies, always in the power generation space. And one of those projects brought me to the US in 2006. Spent kind of 1112 years building a renewable energy company from the ground up for a group of European investors. We sold it to a fund that split it in two and sent the operating assets to Versailles Hathaway Energy, which makes me really, really proud in that company. We had a really complex operating model for a number of reasons that gave us an exposure to a few things way above my peers. And one of them was OT cyber risk. We were exposed to cyber risk in our operational technology OT infrastructure. And that forced me, my team, to be clever about the risk. And in the process we learned that the industry wasn't ready. There were no OT cybersecurity solutions, there were no OT risk management solutions, there were no OT cyber insurance products. And we did the best with what was available to us at the time. And when we sold the company, I thought that my OT cybersecurity problem for an industrial environment was everybody's problem in the industrial space and decided to launch the Nexus to build technology to help clients to understand, manage, mitigate, transfer cyber risk coming from industrial facilities exposed to operational technology. We launched the Nexus seven years ago. The product is a risk quantification platform that is in the market, has been in the market for five years, and we serve a number of industrial industry verticals being power generation by bread and butter manufacturing data centers, which I guess is one of the reasons why we are here today, and transportation. And the team is working in oil and gas that we hope to release soon, main market, the US although we have also customers in Europe and we are initiating our international journey. So that is the Nexus. So Jose, what's really interesting about that is you mentioned data center as an industry and you mentioned oil and gas is a separate industry and power generation is a separate industry. But we find ourselves in this place right now in the data centers, especially with all the high density AI data centers that are building out, being built out is power generation. And oil and gas seem to be a very, very important part of the puzzle of bringing these industries together. Are you finding that the different stakeholders in these companies are starting to see that synergy and the same way we're seeing it where nearly every major data center development project has an energy component. Absolutely. At this point, data centers are massive industrial facilities and they are also power generation plants and they are also massive hubs of communication critical infrastructures exposed to all of those technologies, evidently heavy exposed to AI developments. So yep, they are a perfect storm of all the sectors or many of the sectors that we usually deal with. And for us they represent a unique opportunity and a unique challenge precisely because of that concentration of different activities that for us are concentration of different Risks, Yeah, it's super interesting is that they each, if you were approaching them as separate verticals, they'd have different risk profiles. But if they're all on the same platform, they share some of the same risks, right? That is correct. And again, coming from the power industry, in my case, I'm astonished how massive power users these centers are. I have auto, I don't know how to catch this, but opinions about how they are going to be served those massive loads. The challenges for the system, electrical system that was not designed to deal with this massive concentration of loads. Many of them, as you know better than me, are building their own power generation facilities, which introduces another set of challenges. And yeah, they represent a really unique beast for the OT cyber security space that we represent. That's an interesting challenge as well because most of the audience that watches this podcast in the broader data center industry, I think at this stage of the game understands pretty well the difference between physical security and cybersecurity. Operational technology and the physicality of it, I think for a lot of people that aren't close to IT is something relatively new. It came up about a year, year and a half ago. I was speaking with a regional product leader, regional director for, I think it was Eaton, and he was talking about how his job responsibilities are organized specifically at the intersection of those two or three areas. But I imagine we'll talk more about buyer education, but I imagine that comes up as well as just all the adjacencies and making sure people understand just how different the risk profile is. The risk profile is really different. The technology that is used to automate industrial processes, this operational technology, is really different than the information technology that is used for other activities. They represent unique challenges. Plus something that sometimes is not so easy to identify is that the owner of the facility, the owner of the problem, is usually not the owner of the risk. So the stakeholders that are responsible for operating facilities are usually not the stakeholders that are responsible to manage cybersecurity. The cybersecurity team is usually more savvy on IT related security than in OT related security. When they try to use their IT recipe in the OT world, they are setting up themselves for failure and there are challenges across the board. Additional risk management policies in IT patching devices uptime is not a problem are no GO's in the OT world. Patching a device could be a significant task. Patching a device could be impossible because the patch doesn't exist, because the vendor doesn't support that OT device or even if it is visible. There is no window of opportunity to do it because the facility is operating 247 and nobody thought of the need to shut it down to again that's a given device. So again, different challenges, different opportunities and different stakeholders that have a hard time communicating with each other. Jose, when you think about the data center related companies that you interact with on a regular basis, especially those that are intersecting the worlds of power generation and oil and gas as a byproduct of needing to self generate, what do you see these data center operators struggling with most when it comes to their own approach to going to market? I'm not an expert on the go to market side of data center, so I can only speculate. My opinion is that probably the data center space in general is underestimating the challenges to procure the massive amount of power that they need. Building power generation, transmission critical infrastructure is a long lead item that has downstream or upstream ramifications. So it's not only about bringing power to my facility, it's where that power is coming from, how I move it from A to B. Building on site power facilities seems to be one of the ways that the industry has found to overcome that shortage of power and that challenge. But that brings all the problems. Procuring gas turbines is another lonely project. So when I look at the data available to me, I don't see how those two reconcile and I don't see how the US for instance, is going to be able to generate the amount of power, the amount of energy that the data center space and growth expectations we require. I see a mismatch there that honestly I don't know how the market will solve. Yeah, it's interesting when even you mention oil and gas. I've had experts on the show talking about the turbines for natural gas and then all of a sudden, but wait, turbines are backlogged, their supply chain shortages and delivery is out. Several years I've had people on pretty recently talk about how natural gas is interesting, but with what's going on in the Middle east right now that the prices of natural gas are going to make it to the point where that's not a economically viable option for a lot of that. So there's a lot of interesting conversations. I have an invitation to be on a virtual panel this afternoon where they're talking about small modular reactors. And again that's not an area where there's a lot of people that have a lot of experience building those for data Centers in the U.S. so yeah, I think we're going to see a lot of learning and refining and figuring things out over the next couple of years. That is correct. Again, the energy component of the or the energy needs associated to the growth, the massive growth of these data centers is something that I think that the market may be underestimated. Jose, when you look at the amount of change in demand that's happened in the last few years, starting around late 2022, early 2023, as ChatGPT, as OpenAI came out of beta, how have had your core business changed in response to high density AI workloads? Have you seen much of an impact with the typical OT use cases that you work with at genexus? Yeah, everywhere. Let me try to structure the conversation because when I mean everywhere, it literally means everywhere. So I want to make sure that I don't forget any SO a the we model cyber risk. So that is, that is a simulation of what attackers and defenders do. So AI tools are giving attackers a power to do things at a speed that was unforeseen in the past and has lowered the barrier to enter that knowledge to design and deploy highly sophisticated attacks that are necessary to try to compromise these complex infrastructures. So that is one component. Second component, the defenders also have access to those tools and they can leverage them to react faster to a fast evolving threat environment. The challenge is that the attacker doesn't play with the same rules as the defender. And especially in these critical infrastructures, in many sectors heavily regulated, sometimes the solution is there, but there are other limitations to use it. Compliance, regulatory limitations, et cetera. But despite of that, the defenders have access to these tools that they can leverage to do a better, faster job. That is in the risk that we deal with and in the one that we simulate for our customers now in the Nexus. Also, massive changes in the last, I would say 12 months. On one hand, at the corporate level, we leverage these tools much more every day in every activity, including go to market. We barely used or very basically used these technologies a year ago. And now me, the go to market team at the Nexus, we live inside these tools 24, 7. So that is one and second for us, the technology that we use to build our product, the one that we sell to our customers, that helps them understand risk and manage mitigate, transfer risk. The tools that we built historically are being replaced with the next generation of AI agentic AI driven tools that we've been building for the last nine, 10 months. And actually we released the first product of that new generation barely two or three weeks ago after having been testing that product with early adopters in the market for the last three or four months. So it's a multi layer impact in the risk that my clients are exposed to and in the way we build solutions for our clients and in the way we handle ourselves in daily basis. It's a brand new company. I thought a year ago that I was done building the foundation for the Nexus and for better or worse, I began from scratch again because of agentic AI. Because of agentic AI that is more than a revolution. I think that I personally think that I do not comprehend yet the massive change associated to all of this technology, despite the fact that probably we are at the front end of being an advanced user of those technologies for daily basis and for building that next generation of products. Despite of all of that, I wake up every day to new news say oh my God, I thought that this was true yesterday and actually today is not truth anymore. So with the rapid pace of change and you still wrapping your mind around what all of this means and considering by your own admission, like the power user of this, how do you get the marketplace to catch up? We know if you were going to market with something like donexis 10 years ago, you could count on the fact that your buyers would do about half of the research before a sales conversation. They would ask their peers for advice on LinkedIn, they would do Google searches, they would look things up on their phone, they'd watch YouTube videos, go to webinars, you have all of that. But then now, for the past two, three, four years, especially IT professionals and engineers, they love generative AI. They're having these deep conversations with Claude and Copilot and ChatGPT and Gemini that rival the kind of conversations that they would have had from a human on your sales team a couple of years ago. So what how do you think about buyer education? What do you hope that a potential client, that a prospect knows about your category before they meet with someone from your sales team for the first time? Before I try to answer the question, let me take a step back. I think that a lot of people in the market belongs to the group that you have described, but we are still finding other group that is less savvy around these tools and probably less inclined to use them in daily basis. And not in my case, not because they don't want to, but because they have regulatory limitations, compliance limitations to use it. And I'm referring to the insurance industry. At the Nexus we work both with, I call it the risk owners, the owners of the underlying industrial facilities, data centers, power plants, manufacturing, etc. And we work also with the insurance industry. The insurance industry is heavily regulated and they are having a complex time to, to evolve or to adopt these AI driven solutions to meet different use cases. That has changed dramatically also in the last 12 months. I found year, year and a half, two years ago really low to no reception to that conversation in the insurance industry. And now certainly there are tailwinds. But going from tailwinds and welcoming the conversation to use these type of tools to perform different tasks at the pilot level is one challenge. Scaling from pilot to full enterprise use and implementation and adoption is a totally different challenge. And I think that we are somewhere in between with those, with that industry in that process of adopting the use of this technology. Plus don't forget that they, they ride the risk and they need to understand the risk that they are writing. And AI sometimes is facilitating that task, sometimes is making it more difficult because it's changing the landscape as we speak. So a lot of this comes down to client centricity, understanding where they are. And even if they're three to five years earlier than you want them to be, is it entering those conversations that are two, three, four steps ahead of where you know they inevitably will be with how they look at operational technology? Absolutely. And that is part of the discovery process. And it's a combination of making sure that you understand your audience, making sure that you adapt your pitch to that audience and at the same time being prepared to provide education to understand also the limitations that they have to adopt the technology that may eventually solve the problem or they need, but. But they are not as an industry prepared to adopt yet again, not because they don't want to, because they don't have the skills or the knowledge to do it, but because they need to deal with other layers of complexity, in this case regulation that in sometimes is letting or not them do certain things and sometimes is evolving. As the AI landscape is evolving, the bodies are trying, the regulatory bodies are trying to cap up with that evolution as well. Jose, in growing genexus, what's a go to market lesson that you learned along the way that you wish you knew about earlier? Qualify opportunities better and identify the ecosystem of Personas in my accounts that I need to work with over months in a long procurement process? Identify all of them as soon as possible and focus the efforts more on those that do not work on the solution than in those that work on the solution. It's always more comfortable having endless number of meetings with the champion. The champion by definition is the champion. He or she loves the solution and it's Easy to have that conversation. And you feel comfortable having easy conversations. And if not avoiding, certainly not promoting the difficult conversations. So two things, answering your question, being more clever on identifying the ecosystem of Personas that are involved in a complex procurement enterprise level, complex procurement process and identify immediately who can kill the deal. A lot of people need to sign off on something for the deal to happen. A single rejection may kill the deal. So who is that person that can kill my deal and try to either convince or, or identify and disqualify quick. And the second is POCs, which are a step in the process. And we've made the mistake of jumping into a expensive and time consuming POC experience too prematurely in the attempt as a smaller startup trying to get things done, trying to build business, trying to build revenue. Sometimes you convince yourself that things are ready for that investment when they are not. So those are two big lessons that are expensive lessons that hopefully we have already learned. Yeah, it's super interesting. We hear that a lot, the challenges of navigating all the different kinds of stakeholders that are on the decision committee and it becomes even more challenging today because some of them don't want to meet with you at all. So it's like, what can you do to empower the internal champion to have the resources? Sometimes it's content, sometimes it's tools. But yeah, there are for sure a lot of people across the data center ecosystem run into members of the decision committee, different kinds of Personas, some of them that want to participate in the process a lot more than others. And yeah, for sure there are definitely detractors along the way. The feedback too on the proof of concepts is a big cautionary note as well, because they're investments and in some cases the investments are justified and in some cases you're doing free research and development for a prospect that either ends up never buying or goes with an alternative solution that is correct. Plus, at the nexus, we have an additional challenge which is probably unique to our business, which is we model cybersecurity risk and we are wrongly bucket in the bucket of cybersecurity solutions, which means that we fight for cybersecurity budget dollars and that is a bucket that is already under stress and we are not a cybersecurity solution and we shouldn't be paid from the cybersecurity budget, which again is under pressure. We are a risk management solution and we should get paid from the risk management budget, which good news is usually much bigger than the cyber security budget. But news for us, the market has not evolved yet enough in most of the cases to recognize that. So our usual entry point in any industrial organization is through the cyber security team, which again positions us wrongly as a cybersecurity tool that needs to be procured from the cyber security budget. And it's a journey for us to move from that entry point to the right universe of stakeholders and to try to convince our prospects, our customers, that we shouldn't get paid from the cybersecurity budget, from the risk management budget. That is something unique to us. Which results on a third challenge on top of the other two is just misclassifying the nature of not understanding that operational technology is so different than cybersecurity and physical security and decoupling that and making sure that you're talking to the right people who are are educated, knowledgeable and the right accountable stakeholders. Correct. Which is simultaneously the beauty and the challenge of the opportunity. We are on the early days of OT cyber security, on the early days of OT cyber risk management, which opens the opportunity for companies like the Nexus. If the market was mature, the opportunity could have been already served by someone. But it's a challenge because it requires additional education and trying to again navigate these complex, always complex industrial organizations with multiple stakeholders involved in a complex decision making process. Most data center GTM teams are flying completely blind. 83% of your buyer's journey is happening before they even speak with someone from your sales team. The data Center Go to Market podcast is powered by DCSMI. We've studied over 1900 industry leaders to build a diagnostic framework that identifies exactly why deals fall apart and revenue stalls. Stop guessing and start benchmarking. Subscribe now to our Weekly Data Center GTM Briefing at www.dcsmi.com briefing. Again, that's dcsmi.com briefing B R I E F I N G When a lot of people hear education and complex stakeholders and the need to drive alignment, many people default to thinking of content and specifically creating technical content. But a lot of people in leadership roles and commercial roles find that sometimes technical content doesn't give them the sales opportunity returns that they were looking for. Have you seen that? And if so, what do you think is really going on? Yeah, and actually that is another mistake that we've made. Building too much, too deep technical content. Thinking that explaining how beautiful and complex of a technology and a product you have built is going to help you in the sales process. And it's a mistake. So another process that we have changed dramatically less is better. Stay to the basics and talk about the topics that matter to your Customer talk about their problems, understand their problems, sometimes open their eyes about the problems they have and they don't realize yet they have. And then providing basic information about solutions and how to solve the pain points the way you do it. And if your solution is highly complex, which is the case with the platform that we have built is not relevant and not relevant for them. And using that as a sales argument is a mistake. A lot of times the default instinct among the C suite is to delegate. How do you get the attention of the true decision maker when it comes to your category, especially inside really large national multinational organizations? I wish that I had a good answer to that question. The honest answer is probably that we are still trying to figure it out. One tool to offset that for us is that on the early days, evidently the first sales are founder led. And because of my previous position and my previous experience, I was the CEO of the energy company. So I have access to C Street level people that facilitated the early sales and the early adoption. But evidently that doesn't scale. So that has been one of the challenges that we have faced and probably we haven't solved entirely yet. How you move from the initial champion to the group of stakeholders that are going to participate in the decision and eventually to someone in the C suite that needs to understand the solution and sign off on, on it is challenging, is really challenging. One aspect of our value proposition and our technology that helps is that that is precisely the audience that we are targeting. Again, we are not a cybersecurity solution. We do not solve cybersecurity problems for cybersecurity practitioners. I tell companies you have a 5% chance to get a 1 billion dollar hit in the next 20 years and you need to make sure that you have the resources, financial, not technical, financial, to face that event. So you want to make sure that you are investing the right money in mitigation. You need to make sure that you are procuring the right protection. You need to make sure that you are capitalizing your balance sheet to the point that if that black swan event day comes, you can afford it. By definition I'm talking to the C suite. So that helps because it's a message that really resonates with the C Suite. The challenge is how to get there. And we try everything and beyond and sometimes it works, sometimes it doesn't. And we are still trying to figure out how to do that at scale and efficiently. To be honest, I think the people that specialize in go to market and jumping from startup to scale up often call it getting to go to market fit where you're graduating beyond founder led, where you have unique superpowers to get from operational conversations to boardroom conversations. And how do you build a team and a playbook so you can hire other people and be able to essentially clone Jose's superpowers? That is exactly the case. There's a lot of discussion about what product market fit means. For me, it means that things happen without me in the room and the product is attractive to the customer and the team is equipped to do their job without me being in the room. And that is when magic happens. If the product delivers value, there is a chance that the customer, the prospect, buys it. And if I need to be in the room to explain the value, that doesn't fly. At the end of the day, there is always a meeting where I need to participate and especially these large accounts before signing a large check, sometimes they just want to see my face and that is perfectly fine. But I can't be a critical part of the process because if that is the case, we fail. Yeah. And operationalizing that and building the playbooks is a lot of what gets people from that initial product market fit phase to the go to market fit phage where you can confidently keep adding more capital and growing the so sales organizations. I still tell founders that easy way to tell if a company has product market fit is if you go to their case studies page. Can you basically figure out what their ideal client profile is by synthesizing the consensus on their case studies? Go to market is exactly what go to market fit is exactly what you're explaining of being able to build a sales organization that can confidently move the largest of largest deals forward without you having to show up and add founder led perspective to everything. That is the case. And for additional context, we are a series A company. We did our a round almost two years ago. It was summer 2024 and likely at some point we will raise our B round and that is where product market fit really, really plays a role. And by definition we are not there. I think by the nature of the size of the clients you're selling to and the size of the investments that they're making, I think it changes a little bit. Also for someone that's selling SaaS to data centers where it's almost like a typical mid market B2B sale where they're at three figure, low figure, four figure deals that can be sold inside sales in some cases through product LED growth. It's very, very different than enterprise deals and there's definitely a different playbook for getting there? Yeah, totally in the deal amount and in the type of company for us. On the lower end we go to 500 million dollar revenue companies, but on the upper end we are selling to 30, 40, 50 billion dollar companies. So it's a totally different game as you go to each one of the two ends. With all of that in mind as you're scaling, have you found that there are some parts of your go to market strategy that you feel are so core that you would never outsource them again, that you would always feel that they need to be done internally? Yes. And interestingly enough, those that I thought were easier to outsource. So at the top of the funnel marketing pre sales, I thought that that was the commodity that I could outsource and it was a big mistake. So I thought that core was being in front of customers, later stages of sales and now I think that core is everything, including those two marketing processes that I didn't think were core, I thought that they were commodities that I could outsource and that was a big expensive mistake. I think a lot of the challenge too is because operational technology is such a niche and it's so frequently confused with cybersecurity and it's so frequently confused with probably even physical security to a certain degree, finding the talent that has experience in running product marketing, running sales enablement, running sales processes to huge enterprises is a lot of the challenge, right? That is totally correct. That is totally correct. And again, something that you learn and is part of the growth and learning process from being a PowerPoint, barely a PowerPoint company five years ago, to being a small but sizable enterprise that is servicing customers in the us, in the uk, in other countries, countries in Europe. And it's part of the process. It's never a straight line, there is always some windy roads in between. And as someone that I've spent a lot of time with Series A's companies over the course of my career, I know one of the challenges too a lot of times is you go and you get investors and you get new board members and there's a tendency to want to hire a sales leader who was very accomplished at a large, well known company in the space. And we know of course selling for an new company that doesn't have strong brand recognition in the space is very, very different than selling for a Fortune 500 company. So there's a lot of complex dynamics at work there. That is correct. And again, sorry to say, another mistake that I've made in the long list of mistakes or Lessons learned. So I went through that process myself and at some point I took steps back and unfolded bad decisions to do it again in the right way. And it doesn't work that way and it's not against terrific professionals, you call it BP level or above, that are terrific professionals. But selling something from a well established monster with a terrific marketing machine behind, with someone generating warm, high quality leads all day long and you just taking them to the finish line is totally different than working company that nobody knows about. So yeah, this is the big name, as you mentioned, coming from a reputable company. Hiring beam super successful doesn't solve my problems. Yeah, you're basically trying to figure out the playbook that doesn't exist yet. That is correct. And again, I went ahead of myself and then I was forced to backtrack. Is one of the lessons, again, expensive lessons that you learned. And Dao is helping is paying off in the long run because I, I try to do, to make a different mistake and not that one again. And a few hundred people that watch this interview over the next several weeks, several months, several years are going to be thanking you handsomely because they can learn from this and hopefully figure out some things that will help them get there a little bit faster. And that buys a lot of goodwill and like wanting to work with you. Yeah, especially if you. I think you mentioned that in your audience there is a lot of series A companies. The most dangerous time it was for me is right after closing on the series A because all of a sudden you have some money in the bank and all of a sudden you think that you can do things that you are not prepared to do yet your company is not prepared and you get immediately ahead of yourself. And that is, that is again an expensive mistake that I did two years ago. Having operated on some of those teams. A lot of times it feels like there's pressure to do things in weeks that more rationally are probably one to three years. And you're trying to prove that, okay, if capital was the real bottleneck, then yeah, sure, we can do this this quarter. That is totally correct. Building something meaningful in a complex environment, which is my case, with a complex value proposition is a marathon. It's not a sprint. And you cannot run the marathon if you haven't run a half marathon first. It is the way it works and it takes time and, and sometimes the founder, and I am the founder, is at the top of the list of problems because you want to get things done. Everything is doable. Otherwise you can't be a founder if you cannot dream and you cannot think that everything is absolutely doable and there is no problem that you cannot solve. You can't probably be a founder, but sometimes you need to be realistic and say, okay, let's park my dreams. And now execution requires process, requires time. These large enterprise deals need time to mature. Not only in pre sales and sales, but even in procurement. You pair a deal and probably you don't have a PO for another six months and there's not that much you can do because there is a procurement process and there is a procurement team that is doing their job. And that was another hard lesson to learn. And if along the way, one of the champions that you're counting on that's on your side leaves, the company retires, there's mergers and acquisition, it resets all over again. You know the name of the game, I wish I had met you two or three years ago. That's part of the reason that we share all these. Everyone can learn from the collective experience. I think a lot of the investors in Series A, I understand that as well. That's why you see that not only the investors are looking for founders with a 10 year time horizon. If someone's looking for a co founder, they're looking for is this person really going to stick with this for a 10 year time? And even among team members, I think that's why you see the four year cliff being so important. It's like, okay, you're not a co founder, but we want you coming into this with the mindset that you're going to stay for four years. Absolutely. Again, it's a marathon. Blessed on so many ways. And one of them is, I know super successful serial entrepreneurs that I'm learning a lot from. And even them, again, I'm talking about really, really successful entrepreneurs. A couple of people is coming to mind. Second IPO, less than 50 years old. So really special people. It took them a little bit of time, more than 10 years to get there. So even for really, really good people, this is a long term effort. You don't build anything meaningful in less than 10 years. And you're in a category where I think a huge part of your addressable marketplace severely underestimates the risk. With all the global instability right now, the world keeps getting scarier and scarier and so many of the parts of infrastructure that you work in just are struggling to keep up and AI is accelerating how much that struggle is. So imagine a lot of what you're doing is creating awareness and educating the marketplace. Yeah, absolutely. And the conversation has been mostly focused around data centers, which are new assets that are being built as we speak and are being built with today's technology. But that is the rare eyes. We deal with utilities that built the staff 40, 50 years ago with operational technology that is extremely resilient and it's been operating for the last 40 or 50 years, but was not prepared to deal with these cyber threats. And that is still the infrastructure that sits behind everything, and we help those customers as well. And that legacy technology is under real pressure, more than what we see, more than what we can imagine. And it keeps evolving. If you think about two, three, four years ago, a big physical security threat to a data center was like a fire or a failure in multiple layers of power protection. And only came into focus earlier this year that in the case of geopolitical conflicts, they were physically drones and missiles being fired at hyperscale data centers. So we're in completely uncharted territory for people estimating what kind of risks beyond just traditional cybersecurity exist to data centers. Yeah, and actually we were lucky to work with one of the hyperscalers during more than two years. And they wanted us to model some of the physical risk on top of the cyber physical risk that we model. And in the process, with the nexus, we learned a lot about the physical risks that these data centers are exposed to. And it was a journey and it was a little bit scary to learn the different risks, physical risks that these data centers are exposed to. I was planning on asking you during the interview if cybersecurity companies represent good channel partners and referral sources, but it sounds like when you do your job well, that you have a much stronger track to the boardroom than even they do at this point. So, yeah, it's probably a mixed. They are actually, they are critical partners for us. We didn't talk about the way we model this, but just one minute. We try to simulate that operational technology network. We get data from the network that we use to create create a digital version of that network that we use to run simulations and understand how an attack can penetrate the network and make progress or not and exploit this vulnerability or stop because it finds a control, etc. And the way we collect data from the networks is through cybersecurity ot cybersecurity developers. So they are key partners for us because that is one of the key data sources that we use to feed the model and to run the simulation. So they are not exactly sales partners, but they are critical technology partners. Their customers are my customers and they serve Use cases. For the cybersecurity team and cybersecurity practitioners, we bring the data analytics layer that supplement that and moves the information from the facility level to the boardroom. So for anyone that's watching that's part of a commercial organization that specializes in cybersecurity tools or cybersecurity integration that doesn't have a great answer for what to do with operational technology, they should definitely reach out to you. That would be awesome. Thank you for the opportunity and I will welcome any conversation either to compare notes or to find joint opportunities. Jose, when you look Final question I wanted to ask you about today is when you look into your crystal ball and you think ahead with a 12, 18, 24 month time horizon, what do you think is going to change about growing a company like genexus? Not that many companies make it to series A and many die in between A and B. So I think that that is the biggest challenge ahead. We are keeping the organization really lean because I want to be profitable, I want to be cash flow positive and then somehow control the destiny. So sometimes so that there is arguments if that is good or bad because I need to also grow the company. But I think that that is the biggest challenge ahead. The second is that the risk and this is really needs for us. The risk that we have been modeling for customers in the last five years has always been dynamic and has always been moving. Which is a bless for me because that means that my customers need to use my tool constantly, not just one time. But the rate at which that risk is evolving now is unforeseen in the history of the OT cyber technology. As we mentioned before, these AI tools are equipping the bad guys in a way that they have never been equipped. And the risk is evolving at a pace that we collectively the market still do not understand. That could be good for the business. Arguably, if the risk is bigger and the risk is more dynamic, it could be good for me. But it could be bad because at some point it could be unmanageable. There is an argument that the surface at which these industrial customers are exposed with this risk and these new AI tools is growing at an exponential rate. Exponential rate to the point that is not easy or not, we cannot understand it. So there is a real risk that things get out of control with this operational technology. Again, I insist on the big difference between OT and will evolve to keep up with this evolution. OT has a hard time. We cannot reinvent the electrical network. For instance, we cannot rebuild the electrical network that was built in the last 150 years from scratch to make it, I don't know if compliant is a word to make it compliant with this new risk. So how we are going to deal with those two realities, I think it represents a, both a terrific opportunity and a significant challenge. And it sounds like it's definitely an opportunity in the sense that if an organization like yours can't figure it out, who's going to figure it out for them? I had a really insightful conversation with the chief underwriting officer for a large insurance company yesterday where they were asking me precisely this question. And evidently I can't say more, but they are thinking if this AI foster cyber risk for industrial companies makes the risk uninsuitable and if the risk is not insurable, then we enter into another territory because then we don't have the, we don't have the management mechanism that is necessary for this low probability high impact risk. If I have a 1% chance to get a $2 billion hit in the next hundred years and I don't have the mechanism to deal with that event because I don't have a $2 billion reserve in my balance sheet and I cannot procure the protection, then so what? And if it's not underwritable, then it's probably also not investable, then what? Then what? I interviewed someone a week or two ago who's specializing in alternate energy, building self generation for hyperscale facilities, strongly leaning towards solar farms. And a huge part of what he's doing as a relatively small company is taking all of their background in big four consulting and management consulting and figuring out how to get insurance companies, reinsurance companies to partner with them to make these huge deals actually happen. I don't think a lot of people realize that with the amount of capital coming into the data center industry, how much of it is sitting on the underwriting models. And in some ways there's probably at least some weak parallels between that and housing underwriting in 2008 and just how much. It's almost like the grade of bonds for that you would look at for a country and how credit worthy they are and being able to say do they buy into the risk factors that make this either insurable or not insurable when it comes to the industrial aspects and the threat surface. Absolutely, absolutely. We were talking earlier about education. We are spending a lot of time working with lenders that are lending capital to these massive investments and they are not my customer. I will never sell my technology to a lender. But I need to educate the capital that sits behind these investments that they may be buying a risk that they are not aware of. The question is, if you're not the one that's helping them understand that risk, where are they going to understand the risk? The OT cybersecurity space has developed a few years ahead of our OT risk management space by definition and they are doing an excellent job educating the market on this risk. I think that ot cybersecurity vendors that again to go five to 10 years ahead of us are doing an excellent job identifying the risks. They don't translate the risk in dollars. That is my job, but they are doing an excellent job educating the market. And they and again, I see these A business that goes five to 10 years ahead of us. There have been billions of dollars already invested in that business and that enables that education. A big part of our thesis is that education is the gateway to trust. And in a world that's so sales allergic. Sales marketing allergic. So much more in favor of doing a ton of research before they talk to anyone with a traditional account executive title. We see so many companies investing in that and that need to continue to invest in it. So it's really super interesting to see see as a relatively early stage company that's such a core part of what you're doing is investing and understanding all of the different stakeholders and what they need to know to be successful in managing these risks. Actually, if I may Joshua, let me sneak the message that in two or three weeks we are releasing a learning portal in our website about OT cyber risk management, including visibility, security, including mitigation, including transfer. And it's an attempt to escape that education process. So we don't need to deliver that message in one on one meetings, but we can do it at scale and learning portal hopefully is going to be released on time at the end of June. Cool. That's as great a place as ever. I always ask our guests if someone wants to follow what you're working on. If someone wants to reach out to you to learn more about the Nexus, LinkedIn and your website, the best places to go? Yeah, absolutely. The Nexus IO and my LinkedIn profile. Jose Sierra Easy to find and we are investing as much as we can on improving that website. And the next more visible step will be that learning portal that will go live in just you one or two weeks. We'll make sure to include links to your profile and the Nexus company page on the website as well to make it easy for people to jump from the blog post that goes along with this podcast episode to be able to get to your learning academy so they can get up to speed on everything they need to know to understand operational technology. Perfect. Thank you so much Jose. It's been great. Really, really enjoyed having you on the show. You shared a tremendous amount of wealth and knowledge and insights as someone coming from the energy industry with a really important startup. Protecting often underappreciated part of Making Data Centers More secure I've been speaking today with Jose Sierra, who is the CEO and founder of Donexus. Jose is based in Boston, Massachusetts. Thanks Jose. Thank you so much, Jose. Most Data Center GTM teams are fully flying, completely blind. 83% of your buyer's journey is happening before they even speak with someone from your sales team. The Data Center Go to Market podcast is powered by DCSMI. We've studied over 1900 industry leaders to build a diagnostic framework that identifies exactly why deals fall apart and revenue stalls. Stop guessing and start benchmarking. Subscribe now to our weekly Data center gtm briefing@www.dcsmi.com briefing. Again, that's dcsmi.com briefing B R I E F I N G.