The Art and Science of Building an Enterprise Stack Startup w/ Jon Gelsey (Xnor & Auth0)
June 22, 2023
22 Min read



Yash: Welcome everyone to our opening keynote. We are fortunate to have with us, John Gelsey. John most recently was the CEO of, which was a computer vision and ML spinoff of the Allen Institute for AI and University of Washington. Xnor was acquired by Apple for a publicly reported price of $200 million in January 2020.

Before Xnor, he was the founding CEO of Auth0, an industry leading identity-as-a-service platform, which he grew from 3 employees to nearly 300 over 4 years. Okta announced its acquisition of Auth0 for $6.5 billion dollars in March 2021. John’s previous experience includes responsibility for strategy, acquisitions, and investments in Microsoft’s corporate development and strategy teams, venture investments at Intel Capital and product management at Mentor Graphics.

John started his illustrious career as a computer designer at Convex Computer, which was acquired by Hewlett Packard in 1995. John, thank you for kicking off this year’s Arka showcase.

Jon: Thank you for having me.

Yash – Question 1 –  You were CEO of an identity-as-a-service platform at Auth0, which you grew from 3 employees to 300 over four years, and then CEO of a computer vision and machine learning spinoff in Xnor. Could you compare and contrast being CEO of these two companies?

Jon: Sure, there are a lot of similarities and a lot of differences. Mostly, a big part of the difference is around the stage that the market was at for sort of their excitement and interest in the technology.

If we start with Auth0, it was essentially an abstraction layer to make it easier to integrate authentication and authorization into your application. That for the environment that you were given, you’re at an enterprise and they’ve got an existing environment they built up over the decades, or it’s a consumer application and you’ve got an environment that you’re already working in, and so it made it easier for that. Well, the nice thing about that is everybody understood the problem, whereas everybody hated dealing with a problem. It was very painful, but everybody understood the problems. There’s little customer education that had to be done.

My favourite quote for what the problem was from the CTO of a very large utility in Asia Pacific, who said identity is a tar ball covered with razor blades. Every time you touch it, your fingers are bloody. It’s been great with Auth0 because you’re insulating us. You’re the thick, heavy gloves that makes it easier to deal with identity and our speeding our digital transformation. So that was great.

We didn’t have to do any market education about why identity was a good thing. Instead it was market education as to why we, out of the other sort of 20 different approaches, active directory or Ping or ForgeRock or whoever, why we might be a better path forward. And for that, we focused heavily on what the VCs now are calling product led growth.

For us, in terms of being able to demonstrate hands-on to people with free samples and have their friends talk about it and such about why we might be a good, a better path than whatever they might have used before or whatever they had been considering.

Now when I compare that to Xnor, Xnor was doing some of the most advanced machine learning capabilities in the world. Xnor’s founder had actually invented one of the most commonly used machine learning models for the last four or five years called YOLO (You Only Look Once), which says a multi object recognition.

Our founders had invented a number of technologies used in sort of the foundation of modern machine learning and were particularly focused with Xnor on edge machine learning, on low end processors at the edge that were power constrained and compute constrained being able to do very accurate pattern recognition.

Machine learning, of course, is just pattern recognition, be it images or text or speech or whatever the pattern might be. I’d say sort of one of the biggest differences that struck me between the two companies as we were going into sort of our go-to market efforts to accelerate our revenue, which we were lucky with, we were in, eight digits revenue by the time the Apple deal closed.
With identity, everybody had done it before, everybody hated it, everybody knew how hard it was, and so was eager to find a better path to doing identity. With machine learning, very few people had done it before, or if they’d done it, they’d used PI Torch or TensorFlow, and it’s like, oh, you know I’ve got a model here. It’s working fine. I mean, it’s only 80% accurate, but I’m sure soon I can get it to 90% accurate. So what do I need you guys for? Well, it turns out that it’s actually really hard to get your models highly accurate and also fit within sort of the compute constraints and such that you have.

So we had a lot of sort of customer education to do about why you might want to work with Xnor as opposed to just doing it yourself. There’s also the dynamic, of course, with machine learning instead of the new and sexy things, everybody’s like, oh yeah, I’m a machine learning engineer, look what I’ve done here, and just a little bit more work and it’ll be great. And so we had more education to do with Xnor. But frankly, to tell you the truth, the sort of the way this kind of education works is that people just need to be burned enough times to say, well, you know, maybe I should turn to a third party.

Again, it’s just like the people who tried to write their own authentication solutions in 2005- 2010, you know, that works great until it doesn’t, and so I’d say that was maybe the biggest difference was the maturity of the market and accepting the technologies that were the foundation for the products for each company.

Yash – Question 2 – Thank you. So, you mentioned about PLG, product-led growth. This has definitely emerged as a very popular go-to-market approach for a lot of start-ups. Auth0, in my opinion, was one of the companies that did it right. You led the company during the most critical stage of going from 0 to 300. Could you share some biggest learnings of applying a robust PLG strategy as you were growing Auth0?

Jon: Sure. We actually didn’t call it PLG. Again, we just sort of did stuff that we thought kind of made sense. One of the things I’ve learned actually in conversations with VCs, especially over the last few years, is how much it’s misunderstood. I think there’s sort of a popular belief that PLG is great, because what it means is you offer a free sample and fire your enterprise sales team and everything’s wonderful and sadly that doesn’t work. What PLG really is, it’s a way to reduce the cost of qualifying leads for your sales team so that once your enterprise sales team, which is critical, has the lead, it’s a much more qualified lead, and therefore their productivity is much higher and you can scale much more quickly.

Ultimately, PLG is all about building a sentiment and reputation online. So that, effectively, the web and Google are marketing you rather than you having to do all the heavy lifting of buying advertisements or extensive trade shows or something like that. We would say, sort of as a joke at Auth0, but it’s kind of accurate, which is, I don’t care if you’re buying a new toaster or you’re buying a luxury yacht, you always start with Google. It’s like, “What’s out there?”. The number one metric for good PLG is have a high Google SEO ranking. You want to show up in the top half of the first page with the Google search results. Google’s pretty good now at detecting, when you’re stuffing keywords in a webpage or things like that, you can’t “ defraud” Google.

The only way to get good rankings is to actually have very solid and organic content that’s viewed as authoritative across the web. You know, lots and lots of sites pointing to you and when you show up on a search result, people clicking on you and then being happy with the results. So, what that really means is a lot of very, very good content marketing is required to have good PLG. Now, content marketing, sort of back when I was a kid meant you write a white paper for download or something like that and I guess maybe that’s kind of a component. Content marketing from the PLG perspective is that you create the content that will be surfaced by Google, that’ll be discovered by Google that generates positive sentiment.

We were very successful in early days kicking things off by having a very well written blog. You curate your social media presence not in a sort of spammy way. You do it as people are talking about you on Twitter or Reddit or whatever, that you respond in a supportive and authentic way. We actually could have decided that our ICP, our ideal customer persona, maybe a better term, is sort of the ideal influencer as a developer. We were selling a security product, but we used the developer as our Trojan to get access to the security or VP of Engineering’s budget and we did that by selling an awesome developer tool that would make a developer more productive. He or she could do in a day what would take weeks or months.

That was the goal. So what are other forms of content that would appeal to that developer who would get us get all excited and then say, oh, we have to have these guys as part of our product and unleash the budget. Having your documentation on the other side of the firewall so it’s searchable, that’s actually really powerful. We talked about the sort of, here’s a free sample as one of the misunderstandings. That was sort of maybe not quite accurate. A free sample is super important, and in fact, one of the most powerful techniques is the free sample. So I can try it for myself and say, oh yeah, this is a lot, actually a lot better than the other stuff I’ve tried. And then of course, your trusted friends saying great things, you should try Auth0.

When I was a new grad engineer, you know, try to figure my way through. I’d just walk down the hall and talk to some of the grey beards, the people that were 10 years older than me and say, “Hey, you know, do you like PI or emax?. Oh, I like emax.” Okay, cool. I’ll use emax. You go with your trusted friend cause you don’t have the time, or probably not even the expertise to really evaluate.

So having the free sample, Google saying nice things about you is, well, that all plays into here’s an online environment where your reputation is high and multiple sources are saying nice things about you. It’s like, yeah, this is pretty good. You should try it. And you can even try it yourself and say, oh yeah, this seems to work.

I’m trying it with a trivial example, but that was easy. And so when I now get into my complex enterprise environment that’s riddled with corner cases. I think I see how I can make this work fairly quickly. So PLG is, if you can do it right, is a super powerful form of marketing to generate, self-qualified leads where you’re not spending the money to qualify the leads, they’re qualifying themselves by trying to sample and such, and is a key to super-fast, inexpensive growth if you can get that flywheel coin.

I will point out a critical part of it, you got to have an awesome product so that people actually love your product. But if you have that product that everybody loves then, PLG is a super-efficient way to go to market.

Yash- Question 3 – So quick follow up to that. So can pure PLG motions work or do you need an enterprise sales team to assist PLG?

Jon: No, you have to have an enterprise sales team. Because see, at the end of the day, you’re asking for, fifty, a hundred, a million, a thousand dollars, a million dollars a year. And people are like, oh my God, that’s a lot of money – If I spend this wrong, I’m going to get fired.

You need your traditional enterprise sales team to do it. What salespeople are good at, let me understand what your concerns are, let me address your objections, let me convey that you should trust my company, that we’re going to be great partners for you and by the way, let me negotiate the price with you, the legal terms and all of the sort of mundane steps that’s required to actually get somebody to put their career on the line and write you a big check. Okay. That being said, PLG does have the nice side effect is that you can change the balance of your sales team to have more inside salespeople than relationship salespeople.

Inside sales is the guy or girl on the phone, online and saying, oh yeah, you know, I’ll essentially say I’ll take your order. I mean, they’re doing more than that. They’re answering questions about their product and such, but they’re at the end of the day, I know I want this product and let’s see if I can get the best deal and ask for the special term and thing like that.

The relationship salesperson, the paradigm is maybe that expensive Oracle salesperson who’s taking you out to dinner, taking the customer out to dinner and playing golf, and what they’re really doing actually, is not bribing them with dinner or something like that, it’s establishing a reputation and a level of trust. So it’s historically, “I don’t know about company XYZ, but you know, Bob, the sales guy, he’s smart he’s paying attention when we had this problem at 2:00 AM. He answered the phone and got it fixed for us and I’m going to make my big bet on XYZ corp., because Bob, I trust Bob.”

The awesome thing about PLG is that your reputation is now online as opposed to Bob, the sales guy with your reputation. So people will buy from you because you’ve got a great online reputation rather than because they trust the salesperson. So that means that you can have more, less expensive, but still expensive because they’re salespeople, less expensive inside salespeople selling million dollar deals than you would’ve had to with a traditional enterprise sales motion.

It’s a change in the ratio as opposed to an elimination of the expensive salespeople. You still need those. There’s many customers that are super conservative and they still need that salesperson there, a big bank or a big telecom or something like that.

But it does allow you to rejig your salesforce to be more efficient and ultimately at the end of the day, lower cost of sales means higher gross margins, and gross margin is a big component of your evaluation. So PLG at the end of the day, drives a much higher exit valuation, be it you going public or getting acquired. And so it has those very fortuitous side effects of how you construct your sales team.

Yash – Question 4- Thanks, John. When you look at the ICP between the two companies, Auth0 and Xnor, were there any differences between building early GTM teams that I’m talking about between the two companies and also like as you look, what do you look for before hitting the gas button to scale things up?

Jon: The difference in the GTM teams were sort of reflective of the different states of the market. We had to spend a lot more effort on education at Xnor than we did at Auth0. I’d say that was maybe the key difference and there’s a lot of experimentation, at Xnor, what do people really want? As opposed to Auth0 where we knew what they wanted, which was just less pain. I’m sorry, what was the second part of the question?

Yash: When do you hit the gas button?

Jon: Oh, thank you. Of course. It’s when you have signs that you actually have a value proposition that people are willing to pay for in a replicable way. So with Auth0, we started with, we had the free sample and we had the PLG, a few blog posts, tweets to other developers in the open source community and it’s like, Hey, try this. We think it might be helpful to you. And so we were, fairly rapidly to, get to hundreds of users, that were saying nice things about us. Ah, this is great. Most of them for free, like 98-99%. But we had more than a handful, we had dozen or more of paying users that were paying some amount – $19/month or $99/month.

Those were our sort of proof points. It’s awesome. We have something that people are willing to pay for. Let’s double down our outreach and our messaging to the kinds of people who have already picked us up to try us for free. Many of the people trying us for free were not “trying us for free”, they were evaluating us because they wanted to use us in their enterprise. It was them doing all the work of self-qualifying. When you have those early signs, ideally through revenue or some close proxy to revenue, like lots of users, that’s when it’s time to time to double down and spend big on your marketing to try and accelerate this. The sort of the converse, and this is especially when you have product, I’ve got this enterprise infrastructure thing, and it’s a million dollars a year and 12 months of professional services getting installed.

You have lots of people who are willing to meet with you and talk with you and say I can see a lot of issues that this could solve and help me in my enterprise, but nobody’s actually paying you yet. Until you’ve seen people go through that entire cycle and get budget allocated to you really don’t know if you have a product market fit.

I’m a big fan of figuring out what you can do sort of inexpensively. So perceived as a low, in a low risk way to get those signs that somebody’s willing to pay you or no, they’re not and then reacting with your product development plans based on that.

Yash – Question 5– Got it. Now moving on to getting towards the exit, right? You know, in both companies you had amazing exits. Could you kind of share some things on when and what factors led to the decision to exit?

Jon: Well, there’s never a clear answer about what’s the right time to exit. There’s a good target to aim for every start up, every enterprise, which is going public. Whether or not you actually go public well you figure that out later, but you want to go public because it drives a couple of great behaviours within the organization. So first off, the public markets tend to pay the highest valuation of any kind of exit simply because you’ve got the markets are highly liquid and lots and lots of disclosures and therefore you can’t have less sophisticated investors that are like, I’ll buy this cause everybody else is buying it. That tends to drive the price up. So the public market is awesome. Public market is highly regulated and you have to really be buttoned up. The hygiene that it drives – the compliance hygiene, the financial reporting hygiene, the CEO making sure the financial ratios make sense. That’s really beneficial. It’s a great thing to do regardless if you’re going to go public or not, because those are actually the metrics the public market values that you should value in growing your company in a healthy way. My general advice for people (start-ups) is first off, think what you need to do to go public. Start doing that because that’s going to be a great thing.

Then inevitably, in the life of a start up, you always have folks coming to you and saying would you be interested in acquisition? My response to that has always been, we’re rational capitalists and when what you offer makes sense, we’ll consider it if we don’t think it makes sense because we think we they were better staying standalone then no. Because you never know when you might have an acquirer that will have an economic proposition that they understand internally and might not be publicly obvious that where they would pay a very fair amount.

One of the things that sort of amazed me when I moved out of the VC world or less in the VC world. I’m still doing investments but in doing M&A at Microsoft was how often an acquisition or how much of an acquisition this decision was actually an emotional decision.

In fact, very analogous to a VC – you look at the team and the market and the business but at the end of the day, I feel this is going to be good, I’m going to make the bet. Before at Microsoft acquisitions, you’ve got a detailed spreadsheet and it’s much more buttoned up. There’s certainly that as well, but a lot of it also, I think that with this technology and our distribution channels and a little bit of additional work here, it’s going to be amazing. And actually acquisitions tend to fail not too far off the rate that start-ups fail. Like 70% of acquisitions don’t achieve the value that was articulated as a justification for the acquisition.

Well, that works in your favour as a start-up where Company XYZ comes to you and the CEO has made some public statements about how great things are going to be, and they realize that they’ve got big gaps in technology and they could develop it themselves, but it’ll take three years but they could buy you and have it immediately. They might suddenly pay up a lot. And you don’t know. You don’t know until you engage with them. And so it’s always worthwhile to engage. Always as an informal, let’s have a discussion. You do have to be careful with potential acquirers coming in and here’s my 50 page due diligence list, and can you go do this?

To me the right response is this is awesome. It’s great how excited you are. But you know, we’re busy growing really quickly and we don’t have time for a 50 page due diligence. I can’t distract my team, and so why don’t you make me an offer? I’ll discuss it with the board and if it makes sense, we’ll talk more. If it doesn’t make sense, then no harm to foul. At the end, you always want to sort of have somebody tell you, I think you’re worth, 50 million, I think you’re worth a billion, whether you take that acquisition offer or you hold out for going public it really is a judgment call.

Going public is great until suddenly you’re in a terrible stock market and then going public isn’t great, and suddenly you have to delay things or this acquisition looks great until, you find out that company was sort of cooking the books. I friend that that happened to, and so it’s like, oh my God, they’re going to pay us in in stock that actually isn’t going to be worth very much in a few years. You really don’t know until you get into it and make a judgment call, but you should always, as a CEO engage being very careful about the amount of time you spend, just to kind of see what is the market telling me right now.

But at the end of the day, never get too excited about anybody who’s coming in because there’s lots of people that are out there just sort of fishing and doing market surveys and such. As they talk about acquisition

Yash – Question 6  – That’s some amazing insights for our CEOs and so some rapid questions – If you were to lead an early stage company today, what would you do differently?

Jon: Lots of things I would do differently. I think one of the things that I would call out is marketing. One of the things I’ve observed, we were super fortunate with Auth0, with the marketing talent that we had.We made mistakes there. Marketing of the day is figuring out what messages work and what communication channels to your prospects. We neglected really powerful channels like account based marketing, we should have done more of that earlier, and we didn’t really know. In our defence, we were growing really quickly without it, which is great but we could have done a lot more if we’d had the additional bandwidth to be able to run those experiments earlier than we did. So that would be one thing. Another thing, and this is sort of a general observation across the board for start-ups that I’m working with now, I’ve got a bunch of start-ups that have asked me to advise them and such is that it’s really important when you have a complex technical product selling to the enterprise, to have a marketing leader, ideally marketing team that actually are deep domain experts. I’d say more important when you have a marketing strategy because an important part of PLG of course, is content marketing and content means that you need to be able to talk to your customers as a peer. I’ll say ordinary marketing people, they don’t understand the deep domain problems that a JavaScript developer has or a security professional has, and they kind of understand superficiality that they hear about from Gartner or buzzword that they discover and such. They have a lot of difficulty in communicating in an attractively authentic way. I think where I’m going is that all start-ups are a series of hopefully low cost experiments.

I was really successful in actually not having a marketing person on marketing, but instead a super skilled developer who was willing to take on the marketing burden and that was great for authentic conversations. I now advise CEOs that I work with – you’re selling a deeply technical product, hire developers to do marketing. You’re selling to a security professional, hire an ex CSO to run marketing, have domain experts, not marketing experts, because it’s always easier to learn marketing techniques that you apply your domain expertise to than try and teach a marketing person domain expertise, that takes a decade to actually really understand.

Yash – Question – 7 –  John, I’ve seen some of the companies that you’ve been advising maybe a couple of takeaways for our entrepreneurs, especially those that are managing remote teams, with building cross-border companies, navigating also this current macroeconomic headwinds that they’re facing. Maybe a couple of quick takeaways.

Jon: Sure. Let me talk in particular about having a distributed company, which I think is an awesome benefit to scaling. It allows you to scale much more quickly because it gives you access to talent based on availability worldwide as opposed to particular location. You’re not stuck in one geo. The problem with building a distributed company that many people run into is the communication culture. My team in Bangalore and my team in Seattle, it’s a 12 hour difference. They’re not talking as much as they should. For a distributed company to work well, you have to build a culture of communication that’s modelled at the very top of the company. Ideally your executive team is distributed as well, and have the tools available so teams that are distributed can have asynchronous communication and all feel like they’re clearly up to speed and there’s not two guys in London who’ve white boarded it out and telling the team to just do this. I’ve found Slack to be a super helpful tool where you can have those asynchronous communications so that when the remote person, sorry the person not in your geo comes online six hours later, they can look through the conversation. To have those conversations and that disclosure of information happen on Slack, that’s a cultural thing that you really have to be careful about as a leader to say, we should make sure that everybody’s involved. Let’s not have conversations off on their own without the contents of the conversations being disclosed through some asynchronous channel.

Another thing we did culturally to help with communications, especially at Auth0, was we declared a policy of radical transparency. I had actually observed this, I’d experienced it as an employee at this first company I worked for, Convicts Computer, and it was acquired by HP to be the high end of their server line in the nineties. The CEO there would tell us, I have company meetings every month or so and tell me sort of everything – In fact, he’d say, here’s the gold bucket. You know, we won this deal and projects are advancing well, and here’s the shit bucket. You know, we lost this deal and we lost some people and whatever else. And I remember talking to this guy, Bob Pollack, 10, 15 years later at a conference and telling him how impressed we were, he gave the impression that he was telling us everything. He said, actually, I was telling you everything, other than like personnel issues, I’m not going to disclose PII.

You’re hiring people, they’re brilliant and engineers are really good at taking weak signal and drawing conclusions from weak signal, that’s part of being an engineer and if you don’t tell them, they’re going to figure it out anyway. So you might as well tell them, one, to make it easier, because it’s a hassle to keep secrets, you know? And two, People love being treated like adults.

I’m telling you everything’s going on. We’re moving forward as adults, people respond to love You reduce turnover, because people love a culture where they’re treated as the responsible adults they are. You also have conveyed that, Hey, I’m the CEO and I’m sharing the board memo with you the day after the board meeting and we’re having a company meeting so we can discuss it and you know everything that’s going on. In your team, make sure that everybody knows everything that’s going on. Don’t try and conceal information for political purposes. That’s old and culturally frowned upon. That worked as well. I think that’s something that’s also an essential foundation to an effectively managed distributed team.

Yash: This is some wonderful insight, especially, as everybody understands that there are macroeconomic head headwinds, so being very transparent about where things are, communicating it in the right way, I think those are some really wonderful insights. John, thank you so much. We are so fortunate to have you with us and share your insights with us today.

Jon: Thank you so much. Of course. Well, thank you for having me. I enjoyed and I look forward to seeing what the current cohort of attendees deliver over the coming years.

Yash: Thank you John, really means a lot.

Arka Venture Labs
Arka Venture Labs