How Evan Reiser is better understanding and securing human behavior with Abnormal Security
Evan Reiser is now the CEO of a human behavior security company worth billions, but he hasn’t always been as dedicated to his work as he is today. In high school, he was an avid gamer — staying up all night exploring the nascent internet, building games, and unraveling online puzzles.
While a straight B student, he went on to earn a place at Rensselaer Polytechnic Institute, but his late-night gaming habits quickly became unsustainable.
“I failed second semester and got a job at a local ice cream store,” he recalls. He decided to write to the dean of the university, asking for another chance. When he returned after the summer break, he was a changed student. He graduated in computer engineering, ultimately making the dean’s list.
This stumble changed him, he says. “That was when I developed my work ethic.” In 2006, when he landed his first software engineering job in Manhattan after college, he maintained the same diligence, arriving at the office by 7 a.m., and always the last to leave.
“You have to build things that lots of people value”
Reiser has learned the secret to building scalable businesses through trial and error — starting multiple business ventures after spending multiple years as a software engineer.
- In 2007, he founded GamerNook, a social platform where gamers could connect and chat. “I was getting fan mail from users saying it changed their lives, but I was dead broke, using my savings to pay server bills, eating off the Burger King dollar menu, and sleeping on a friend’s couch.”
- In 2008, Reiser teamed up with some ex-Yahoo executives and created Bloomspot, designed like Groupon but for luxury experiences. It was this venture that taught him the finer points of unit economics. “We made money and hired more than 100 people,” he says. “But the cost of acquiring customers just kept going up and up.” In 2012, the company was acquired by JPMorgan Chase & Co.
- In 2010, he built AdStack, a software company offering digital personalization for ads and email marketing. Reiser became one of AI’s pioneers, testing technologies to harness and analyze reams of data. Reiser spent the next eight years in behavioral ad targeting, during which his company AdStack was acquired by TellApart and then by X (formerly known as Twitter), where he doubled ad revenues to $2B annually.
Applying data science to email security
At X, he began to think about applications for data science outside of advertising. “Imagine that you could see every single keystroke of every employee in the world,” posits Reiser. “You would develop a superhuman ability to answer business questions.”
Reiser, along with his cofounder and former coworker Sanjay Jeyakumar, left X in 2018 to pursue the founding principle behind Abnormal Security: using AI to understand human behavior. By understanding humans perhaps even better than they understand themselves, the duo realized that there was the opportunity to use that insight for hundreds of different business-relevant applications.
“We have similar values and both really enjoy the process of doing the work and truth-seeking.”
“We have similar values and both really enjoy the process of doing the work and truth-seeking,” Reiser says of their partnership. “And we’re both incredibly optimistic.”
“Sanjay is very perceptive and thoughtful. His cognitive skills are off the charts. If he is in the conversation, he makes everyone else smarter, like a force multiplier in people’s brains.”
They needed revenue in order to develop their tech, so they talked to 100 CSOs and CIOs: “We told them our vision and asked what applications they would be willing to pay for.” The response was conclusive: 90% of the immediate use cases were in cybersecurity.
The focus on email security was a natural evolution, as most of the successful social engineering and phishing attacks at the time were exploiting email as a channel. In 2018, business email compromise was just starting to become widespread, with CEO impersonations rising. “These attacks are successful because they rely on exploiting human behavior, and since they didn’t have malicious attachments or links, they were able to easily bypass existing defenses,” says Reiser. “We realized that protecting people from these attacks was key, and that use case really inspired us.”
Scale up your career: See all open roles at Abnormal Security on the Insight Partners job board.
The investor POV
“As soon as someone tries it, they want it.”
They immediately started ideating about using AI to prevent these socially engineered attacks, starting Abnormal Security in early 2018. By 2019, after a successful Series A investment, Reiser and Jeyakumar had an extremely strong six-year business plan complete with marketing and hiring strategies.
“It was audacious and maybe ridiculous, in hindsight,” Reiser says. “We had a path to IPO all worked out.”
The company’s approach to email security paid off, and Abnormal grew quickly. In the first year, it secured dozens of customers and iterated to launch additional add-on products focused on detecting and remediating compromised accounts.
For both the company’s Series B investment in 2020 and Series C investment in 2022, Reiser listed out who thought would be the best investors, which included Insight. “There [were] a lot of institutional reasons why Insight was a good firm,” he explained. “Insight had a lot of value outside of the financial investment.”
Reiser then gave himself a strict two-week deadline to evaluate and pick the investors he wanted on board for his Series C. “I don’t like to waste time,” he explains. “Any time I’m not building or selling our product is doing a disservice to the company.”
An investor from a previous funding round for Abnormal reached out to Stephen Ward, managing director at Insight Partners. “It was a great vote of confidence,” says Ward, former CISO at Home Depot. Ward’s previous experiences also impressed Reiser and later helped shape Abnormal’s future.
“It wasn’t just about the firm, although we liked the fact that Insight could go on a longer-term journey with us. It was about the individual. We wanted to align with someone who was going to contribute more than money,” explains Reiser. “As a former CISO himself, Steve understood the problem and knew a lot of our customers. He took the opportunity very seriously.”
“What I loved about Abnormal was that it just runs quietly in the background,” says Ward. “The time to value is extraordinary for such a complex piece of AI tech. As soon as someone tries it, they want it.”
“When he speaks, I listen”
“We were scheduled to have a Zoom, but I wanted to show the scale of my commitment,” continues Ward. “So instead, I jumped on a 6 a.m. flight from New Jersey to San Francisco and came in person. We were supposed to speak for an hour, but we spent three hours on the whiteboard working on the product roadmap.”
Reiser admired his chutzpah, he says. “It was sincere. It means a lot when someone is willing to make a six-hour trip to come and shake your hand. I realized that Insight was committed to our success, and that was important as we continued to grow the company at this scale.”
In May 2022, Abnormal announced it had closed a $210M round led by Insight, valuing the four-year-old company at $4B. The capital has helped the team grow its footprint across Europe and Asia and continue investing in its AI capabilities as it expands beyond email security.
Meanwhile, Ward and Insight’s team have brought considerable value across customer acquisition, hiring, and strategy.
“I had a meeting with a Fortune 100 company yesterday — I was introduced by Steve,” says Reiser. “That alone is probably worth $20M in enterprise value.”
“Ward is the three-in-one,” he adds. “He’s a financial investor, an example customer, and a product specialist. When he speaks, I listen.”
The future is Abnormal
Since the Series C investment, Abnormal Security has hired some of the most well-known minds in the industry, including Silicon Valley mogul Michael DeCesare, a cyber veteran who has floated two companies during his distinguished career. Right now, Abnormal boasts 800 staff and protects nearly a fifth of the Fortune 500.
Abnormal Security is on a journey to “understand humans better than humans,” says Reiser.
“We started with a basic business email compromise solution,” he explains. “Then we started preventing broader social engineering, blocking attacks like phishing and malware. And once you train AI to understand more about people, it can intercept all inbound attacks, so we have expanded to include more cloud platforms.”
“Today, we do a lot more than just email security,” he continues. “When your core focus is understanding human behavior, the opportunity snowballs. The more data you can access, the more you learn about people, and the more platforms you can protect.”
The company has already started expanding its offerings, with account takeover protection now available for more than a dozen applications including Salesforce, ServiceNow, AWS, and Workday. “I’m really excited about the possibilities,” Reiser continued. “The ability to understand human behavior provides so many opportunities within cybersecurity, but also outside of it.”
Examples include tools that can showcase:
- Which sales reps are the best at communicating your brand story effectively
- Who in the organization does everyone go to for help but isn’t recognized as a key contributor
- Where a business is accidentally infringing on sales agreements.
“The number of applications…it’s mind-blowing,” says Reiser.
“We’re just getting started. The best from Abnormal is yet to come.”