Navigating API Vulnerabilities: Escape's Path to Startup Success

Summary of Episode

#62: Ethan chats with Tristan Kalos and Antoine Carossio, the co-founders of the cybersecurity startup Escape. The main objective of Escape is to assist companies in developing secure GraphQL applications by identifying and resolving any security concerns in their API. Tristan and Antoine share how they first met and how their unique skills contributed to the development of Escape. The group discusses their research and development process for Escape and how a research paper inspired their algorithm. Tristan and Antoine discuss their successful recruitment strategies and hiring process for engineers. They explain how their early strategic marketing led to a mass of inbound calls and how Escape's continuing technical blogging marketing strategy has succeeded. Tristan and Antoine explain the role Escape’s Discord server played in their networking. 

About the guests: 

Tristan Kalos and Antoine Carossio are the co-founders of Escape, a cybersecurity startup founded in 2020 that assists developers in creating secure GraphQL applications with continuous API security checks. Before co-founding Escape, Tristan worked as a Machine Learning Engineer at source{d}, a software development company. He later decided to pursue his MBA, where he met Antoine, who was previously a cybersecurity researcher at Apple. Together, they combined their knowledge and expertise to establish Escape. 

Podcast Episode Notes

Introductions [0:00]

How Antoine and Tristan became co-founders. [1:27]

Antoine and Tristan explain Escape and the purpose of it. [3:30]

Tristan emphasizes the importance of securing APIs and how overlooked it is. [5:38]

How did you both think about the market size when developing Escape? [8:22]

Antoine gives an overview of the research and development process of Escape. [9:57]

Tristan elaborates on a Microsoft research paper that inspired the Escape algorithm. [13:04]

Tristan and Antoine discuss being proud to work on and solve this problem. [15:08]

Tristan and Antoine identify the various challenges they have faced. [17:00]

Aside from Escape, are there any simple methods or alternatives to secure APIs better than leaving them unprotected? [19:07]

Tristan and Antoine walk through their rigorous and successful hiring process for engineers. [20:02]

Tristan discusses Escape team dynamics. [24:22]

Does Escape have anybody on the team who is non-technical? What is that hiring process? [25:07]

Tristan and Antoine explain that strategic marketing and content were pivotal in their mass of inbound calls. [27:18]

Is technical blogging strategy Escape’s main marketing piece? [29:38]

How do you choose what to write about and know that it will interest others? [30:47]

Antoine discusses the article writing process. [32:29]

Tristan and Antoine explain the article publishing and marketing process and how it is unique to Escape. [33:56]

Tristan discusses networking and the role Discord plays. [39:01]

Antoine, what is your number one piece of advice for early-stage entrepreneurs? [42:36]

Tristan, what is your number one piece of advice for early-stage entrepreneurs? [43:37]

What are we going to see out of escape? What is next? [44:30]

Full Interview Transcript

Ethan Peyton:  Hey everybody, and welcome to the startup savant podcast. I'm your host, Ethan in this is a show about the stories, challenges and triumphs of fast scaling startups, and the founders who run them. Our guests on the show today are Antoine Carossio and Tristan Kalos , co-founders of Escape. Escape is a cybersecurity company built to secure API's. And I'm gonna let them explain that a lot further, because I'm already getting pretty close to my technical depth. But don't worry, because we're not going to break anyone's brain with fancy developer talk. There's a lot to learn from the business side of this business. And we're gonna see if we can pull everything out on that side. But before we begin, if you're a longtime listener, then you know that we are working towards a goal of 100 reviews by episode number 100. And if you're a new listener, well, now you know, either way, if you're enjoying the show, head on over to Apple podcasts and leave us a rating and review. As always, we appreciate you listening. But enough about that. Let's jump into this discussion with Antoine and Tristan of Escape. Hey, guys, how are you doing today?

Tristan Kalos: Hey, Ethan. We are glad to be here. Very excited about speaking today. And we are in San Francisco right now. And the weather is super sunny. So it's a good day.

Ethan Peyton: Awesome. Awesome. Well, we've got some sun here in Ann Arbor as well. And I'm going to just take that as a win and move forward. So normally, I started out by asking you what the company is. But I want to know how you two came together to become co founders before we jump into the company stuff?

Antoine Carossio: Yeah, that's a really interesting questions. And usually Tristan likes answering this one.

Tristan Kalos: So yeah. So basically, originally, I'm an engineer, I was developer and when I was, like 20 years old, I started working for companies here in the Bay Area. And I was building applications for them. And one day, and one of my customers, he called me, and he told me, Tristan, I don't get it, the application that you created for me, it's not working anymore. So I investigated the problem. And I found that the database of the application was empty, completely empty, and there was only one single message inside of it, it was do not worry, your data is safe, in order to get it back, pay 10 bitcoins to this address. So it got hacked. So as a developer, I didn't know actually how to secure what I was building, I realized that and it was a tough realization for me. So fast forward three years, we were in MBA at Berkeley, here in California, and I met with Antoine was an expert in cybersecurity and was working at Apple previously. And I saw that he had the knowledge necessary to help me with securing the applications that I was building. So we decided to solve this problem at scale together. And we both wanted to create a company and here is Escape.

Antoine Carossio: Yeah, it's it's and I have to pre-say that I'm not the one who hacked Tristan's application three years ago. But I could have been in my earlier days. 

Tristan Kalos: I knew it.

Ethan Peyton: Do you have a way to prove that? 

Antoine Carossio: No. 

Ethan Peyton: Yeah, just he'll show us his bitcoin wallet. And there will not be 10 Bitcoin in there. All right. So I think you've began answering this question a little bit, but tell us what is Escape and what does Escape meant to do?

Antoine Carossio: Of course, maybe I can answer that. But as Tristan said, when you're a developer, you're not a security expert. And especially you don't understand how to secure your API. So the API basically, is the communication layer between your application and the database. So all your customers that answer and they have to go through the API. And they finally reach the database. So that API is a really sensitive layer in your application stack. And as a developer, you know, you have to create an app, you have to deliver it fast to your customers. And what usually happens is that every six months or every year, you are audited by professional or ethical hackers by pen testers, and they try to hack your application through bug bounty programs, for example, or through audits. And they, they find vulnerabilities in your app, they report them to you and you have to fix them. The problem is that during six months, during one year, maybe you could leave some vulnerabilities Into the Wild into your production. And so all the customers that are unsafe at that point, and the problem we were trying to solve it that's we want that day developer is not enabled to fix these vulnerabilities by its own to understand why they are important and, and why they matter, how to fix them, and to fix them as early as possible in the development process. So it means every time as a developer, you update your application, you, you're able to look for vulnerabilities to find and fix vulnerabilities, using escape into your API.

Ethan Peyton: Gotcha. So this is basically a product that continually tests the API's of your clients to make sure that there are not vulnerabilities. Is that a fairly accurate statement? 

Antoine Carossio: Absolutely. 

Ethan Peyton: Awesome. So I know you guys have done some really interesting things on scanning public API's, and of course, working with working with your clients API's. How big of a problem is this API's not being secure issue?

Tristan Kalos: It's absolutely critical. We were actually very surprised by how vulnerable the API's are for every company. So API's, as Antoine said, are like the cornerstone of data pipeline in the internet, they represent 83% of the global web traffic, and you imagine what is there. And, and yet, we discovered that 91%, more than 90% of them are critically vulnerable to hackers. And it happens like all the time, like a few a few weeks ago, a loom you probably know about loom video startup. So they had a problem with API's. And that led some customers to accept the private videos of other customers, which is indeed a big problem. And so those kinds of security incidents happen every week, every day. And they can lead to a huge cost and a huge damage for companies, especially from a reputational standpoint. So API's before were are often overlooked, as you know, a part of the IT system. So subset of the security, but no, API's are seen more and more as the real interface between the company and the exterior, where all the data flows. So yeah, the problem is becoming very important for everyone. And the reality that all API's are vulnerable is getting seen.

Ethan Peyton: Okay, so it's a big problem. And whenever the problem happens, it sounds like it's pretty darn serious stuff, and especially with these, with these larger companies, that are that are sending tons and tons and tons of data through through their systems to other large companies. And I assume that the vulnerabilities can can really go both ways, you know, from the sending and the receiving side. So yeah, it sounds to me like this is a massive problem that needs a good solution. I'm glad that you guys are fixing this for all of us, people who are just trying to build stuff. 

Tristan Kalos: Absolutely. 

Ethan Peyton: So speaking about building stuff, the product you guys have is is very specific. It's a very specific product. And it's built around a very specific use case. But of course, it seems like almost all companies use some sort of API nowadays. So how did you think about the size of the addressable market as you developed this idea into a business?

Tristan Kalos: Yeah, absolutely. So there are there are different things here. The size of the market that we're tackling today is evaluated at $6 billion. By the market studies. It's the application security market. And it's growing at more than 20% per year. So it's quite a huge growth right now. Because everyone is developing apps or web applications or API's. But what we think is, it's actually even larger than that. And we think about this because we evaluated the amount of developers that are building applications. And what we've seen is most of them actually have not implemented security mechanism yet. Why? Well, because there's existing solutions are not satisfactory. They're painful to use. And our goal is to empower all developers to democratize to make security available to all developers. And if all developers today were equipped by security solutions for protecting what they're building, the market would more be $10 billion as of today than six. So the market penetration of security distinct tool is not very high yet.

Ethan Peyton: So I assume that to build a product like this, you know, you have the idea, but you don't just build it and then go live the next day. That would be probably really a lot of wishful thinking. But since the world is the real world, can you walk us through your research and development process?

Antoine Carossio: Yes. So, of course, you might wonder why such a product does not exist already. And in fact, the reason for that is that it was a really hard challenge technically to solve. It happens, that's the current solution. They were not smart enough to be able to discover vulnerabilities in API's for the following reasons. They were doing some very what is called brute force strategy. And therefore, they could not understand how the API works and understand the business logic behind an API. Okay. So in fact, the previous solution, they were not able to test in depth, an API, as a human as a human hacker would have been able to do. So from a technical point of view, it was a huge challenge. And when we started to think about this topic with Tristan, it was in 2020. And we just saw that there was one research paper about the ability to generate legit, legitimate traffic and an API in order to discover vulnerabilities. It's a research paper that was published by Microsoft. The problem at that time, is that's the, the execution duration of an a security tests by this algorithm built by Microsoft took roughly one day to execute. So this is quite long, actually. And this is not compatible with the developers needs. Because a developer, he updates his app multiple times a day. So he has to be able to run a new security scan, I will say, very fast. That's why we hired some really good mathematicians and engineers in France, in order to improve this concept developed by Microsoft originally. And we reduce the scan duration, from roughly one day to a few minutes, even one minutes in one minute in the best case scenario, which enables us to make this solution actionable and profitable for developers. This is, so it took us one year and a half of r&d with four people. And it was quite intense to work on this and really fascinating from a tech point of view.

Ethan Peyton: Okay, so you mentioned something really interesting here. So you said that this, this kind of idea for this, what turned into the business of Escape, you kind of got from reading a research paper that was published by Microsoft, is that correct? Yes. So what I mean, were you out looking for this type of research? Or do you just read research papers every day for fun? Or What? What? What led you to this paper that that gave you this idea?

Antoine Carossio: Maybe Tristan, you can answer this one?

Tristan Kalos: I read the papers for fun. Joke apart. So we were researching actually, like when you start a technical topic, and you want to build a company in a very tech, like industry. You have to research about the state of the art, like What have people done before what has worked, what has not worked. And generally, when you're building a startup, you arrive with a fresh point of view on the matter. So you're more ambitious than the actual state of the art, like you want to try new things. And so we have seen that we were doing research, we saw this paper, and we're like 24 hours for finding secrets flows. It's not suitable for production, like nobody's going to use that. Nobody wants to click on a button and wait 24 hours to have a result. Like this is not the 80s anymore, right? And so we said, okay, let's accelerate that. And we wanted to accelerate it to the point that it will be very easy for any developer to integrate into his development process, which is less than one minute. And I mean, we didn't do we didn't know back then how hard it would be to get that result. But this is also one of the reasons why we did it. 

Antoine Carossio: Yeah, definitely. 

Ethan Peyton: Yeah, that was my next question is if you knew how hard it was going to be, would you would you have Would you have taken this bet? And it sounds like maybe not...

Tristan Kalos: I would have built a CRM, haha.

Ethan Peyton: Okay. Yeah, that was my question was if that so it sounds like you built this business off of this kind of problem that you saw, you found a paper that kind of gave you the solution. But do you feel like either one or both of you, if you hadn't been solving this problem, do you feel like you would have gone and built a different business? Or do you think that this idea was just so strong, just stuck with you so much that you had to build a business around it,

Tristan Kalos: I would say that, on my end, this is exactly the kind of business that I wanted to start with. Mostly because it's a very technical topic, it's cause something that I lived myself, problems that I had. And there is also a strong business need for security, the consequences of security incidents of a data leak are huge. So solving a real world business problem, and that's your experience yourself. And by making new technology, like improving the technology, is exactly what I want is exactly what I dreamed of. When building my first company,

Antoine Carossio:  I can say better than Tristan, that's exactly that we wanted something that was very deep, from a technical point of view. And that solved a real world problem, not only for developers exact but for everyone who is using a website or an application on his phone. So a agree with Tristan, we were proud of working on this topic.

Ethan Peyton: It seems like something you could be proud of. And it and I know that when you're when you're building a business like this, things aren't things aren't always up into the right. You know, even if, even if you're kind of one of the only games in town, if you're the only you know, business trying to solve this problem, it doesn't still mean that success is is a definite thing. So what was the what was the biggest challenge that you faced, while you've been building and scaling escape?

Tristan Kalos: I think like the challenge is, in when you are building a startup, the challenges are always evolving, like your role is basically solving the biggest challenge that your company has to know at every moment in time. So the challenge, so the challenge that evolves, like first, you have to recruit the right people, which is a challenge, per se. So we, we needed time to select the right team. And we were pretty successful at that the team is working extremely well, and they're insanely good people. And then you have to fix the tech. So there is a huge part of, you know, trying things that do not work, r&d, shipping something to customers that do not that does not work, and fixing it after. And after you fix that, then you have to, you know, nail the delivery, right delivery the distribution to customers. And that's, that's where we are now.

Antoine Carossio: The thing currently that we face one big challenge that we are working on what is called shift left security, which means we are bringing security more to the developer side. And earlier in the development process on the orphan application. And as I said, developers are usually not educated about security. So that's quite a big challenge to educate the developers to use such a solution, and to make them responsible for security, which is completely fine. And with the new agile development methods, where developer is more and more involved in the security process. But for API, it's kind of something new to and there is a huge challenge of educating developers and companies and even security teams about this topic.

Ethan Peyton: So aside from using Escape, obviously, we want everyone who wants a secure API to call you guys up and use your product. But aside from using E19:32]scape, is there any? Are there any really simple methods that companies and developers can use to secure their API's at least better than a completely unsecured API?

Tristan Kalos: Unfortunately, not really.

Ethan Peyton: Perfect. All right, so then you heard him everybody let's call up Escape and, and and figure it out, because we're all gonna run out of Bitcoin if we all have to pay that.

Antoine Carossio: No, of course, there are some technical best practices, but the hardest thing is to make people aware they exist and to make sure the developers implement them because and this is overall, this game basically. Yeah, yeah.

Ethan Peyton: Gotcha. All right. So you guys mentioned team. And we chatted actually a couple of days ago, before this call and something that you mentioned that you guys are exceptional about, is hiring great engineers. Can you walk us through your strategy and your actual like, process when you're out hiring engineers?

Tristan Kalos: Yeah, of course. So to be like, first we do try to find the right channels for selecting people. So you have to find the places where the people that code since there are 12, and they're passionate, and code day and night are actually you know, taking a lot and leaving. And, and once you find them, you post the offers, and you have to select the right people. So we do a first step of screening, which is a series of coding tests, and every coding test has a benchmark. And we select only the top 1% of the benchmarking. No. And so it's like very short test, we don't want to take them too much time. It's like a 30 minute test. And then we select only the top 1%. And then you have two interviews with Antoine, mostly to discuss about what are their ambitions? Why do they want to join Escape, and work in such awesome topics? And then there is a second coding challenge, which is five hours long. And it's more it's more in depth technical. And it allows us to see, really, not only if they know how to code, but if they have creative minds, and if they are problem solvers. Yes. And repeat this process we never missed.

Ethan Peyton: So is this is this are these tests, something that you are developing, or are these tests that exist out there that are kind of standardized, that you can, you can just use in your process,

Antoine Carossio: The first tests Tristan talked about standardized the second one of five, or we built it, or we got inspired by some tests we had in our careers before, I would say. And just there is something that is interesting, too, in the way we hire people that they come from top ranked engineering schools in France, so we have a strong network into schools and Escape in France is it starts to be known in the schools. And so we leverage our network in order to find the best candidates in our engineering school in France. And the cool thing there is that's usually, usually people were really good at computer science, they were also really good at mathematics, which matters a lot in what we're doing, because there are a lot of algorithms and optimizations to do. So this is a bit the story before screening and challenges. 

Tristan Kalos: And so I there is something interesting to note here about the people we recruit. So from what we have seen the best people, they come from two different channels. You know, in France, as Antoine said, with the equivalent of the Ivy League, so a group of best universities, very hard to enter the people who are very good at math and physics and computer science. So we recruit people from there, and we have seen that the people that actually get into the team, that make it to the team are either from those best universities, and so very, you know, academic, very strong as math, or completely random people that just, you know, arrived, they've come out of nowhere. And we're just like, you know, not going to school, but coding all day, all night, and get good, super good at it. So you really have to kind of profile like the academic ones. And you know, the self taught nerd that is super, super efficient at coding and very creative. I think the combination of both is very good for the team.

Ethan Peyton: Do you find that those two groups of people work well together? Or do they clash because of their differences in how they go about accomplishing things?

Tristan Kalos: I think they work very well together. And I was actually very surprised by the way they collaborate, even from different point of views on different ideas and they each have their, you know, strong points, they this strengths and their weaknesses, and they know about them so they collaborate together in order to make the best outcome. And it's been very, very fruitful for Escape. 

Ethan Peyton: All right. So you guys are obviously very technical yourselves. And you're hiring a lot of technical folks, Do you have anybody on the team who is non technical, whether that be like a sales or marketing or anything of that nature?

Tristan Kalos: Yeah, we we are currently hiring mostly in the business part. There is somebody at Escape, Patrick was responsible for everything that is more related to the operational stuff. So not business directly. And recruiting in marketing and sales is one of four priorities right now. But for now, we handle the business part to ourselves.

Ethan Peyton: So what did you use the same process to hire this non technical person, obviously, they didn't have to take the the technical tests, they probably wouldn't have been in the top 1% just guessing. So what was the process that you that you went through to hire this non technical person? 

Tristan Kalos: It is very different. When you are hiring engineers, you have an actual quantitative way of, you know, taking a first look at if they're good or not, if they know how to code. When you're hiring business people, it's more the interpersonal set, it's like side of the things like, you need to talk to them, you need to spend time with them, you need to have a coffee with them, to understand why they're joining the company, and if they will really push through. And so the process takes a lot more effort from a personal point of view. And also, you never know if it will work before the person actually comes into the company and start working with you for long. So you cannot know beforehand, you will, you will have to make mistakes when hiring business people. And and you will have to try to work with them and see if that goes well.

Ethan Peyton: Well, I hope that I hope that the mistakes that you all end up making, because it's inevitable, are are simple, too simple to fix, and don't break anything in any major way.

Tristan Kalos: Nothing isn't fixable in this data.

Ethan Peyton: I love that. All right, that's, that's going up on my wall. I'm, I'm gonna write that up on the wall. Thanks for that. All right, let's move. Let's move to marketing. Again, in the profile, folks, if you want to find the their profile, you can find that over at . That's where we're going to put all of the stuff. But in their profile, they mentioned getting your first 100 customers through inbound channels. And that's pretty wild, because normally we hear founders that are giving the story about how they, you know, they hit the phones, or they knocked on doors, or they had a you know, they had an in with some company. And that's how they got their first customers. But you guys are having people call you. How, how did you do this.

Tristan Kalos: So first, it doesn't mean that we have not been on the phone. I remember sleepless nights calling people in the US from France, or people in New Zealand. And the time difference is absolutely horrible for having calls. So we when you're building a startup, you do whatever it takes, right? And you call, you send emails, you outreach, you do everything. But what has worked absolutely very well for us. And I encourage every other startup to take a look at it because really it's exceptional, is creating content, good quality content, and sharing gets in the right groups. So for developers, it's Reddit, its, its Hacker News, all those platforms, were all developers are spendings their days, we publish our content there. We had a huge content strategy from day one. And, and this got us an insane amount of inbound leads, they just came by themselves to Escape.

Antoine Carossio: In order to develop well to create good quality content, especially for technical people and developers, we really encourage you to leverage your technical team you can block in their schedule when they every two or three weeks in order to write a good article about something they are passionate about. And those kinds of article were absolute bangers. So yeah, it worked quite well. So you can use your your technical team in order to do marketing and that's that's really what worked well at Escape.

Ethan Peyton: Alright, I think we're going to hit on something here because I'm I'm pretty passionate about content and creating excellent content and content marketing in general. So is this your main strategy, this content, essentially like content marketing, technical blogging strategy, is this kind of your main marketing piece?

Tristan Kalos: Yeah, definitely. And And as Antoine said, we had a process for it, like we leveraged the technical team in order to do marketing. This is also why we don't have more marketing people at this stage, because we leverage the tech team in order to build the content strategy. So every three weeks, we block one day, and we tell the engineers, hey, can you write a blog post about the exciting stuff that you've built in the last three weeks, and they do it and they're happy to do it, obviously, because they love what we're doing. And so we get about 10 articles, and then we can publish them over the next weeks. And we we have a list of where we need to publish them. And the communities that could be interested in to each topic. And it has worked really well for us.

Ethan Peyton: Okay, so this was a question that I was going to ask is, how do you know what content to create? But you've kind of answered that in every three weeks. Hey, you engineer guy, go write an article about the cool thing that you did, which is interesting, except that there's a lot of stuff. And I'm sure in three weeks' time, they've probably worked on 100 to 900 different things. How do they or how do you help them choose which things to write about that are going to get people interested in what you have to say?

Tristan Kalos: We have a document where we put all the ideas for articles. And the ideas can come from us, the founders. Like we analyzed the keywords that were researched by our audience or the questions that needs to be answered. Or so we propose articles on those topics. Or it can come from the technical team themselves, then we validate it. So we say, hey, this makes sense according to our strategy, so you can go for it. There is kind of a collaboration here for generating the right content.

Ethan Peyton: So you're starting with ideas that either come from you or from the developers yourselves and then you're checking those against the keyword, like keyword, using keyword tools like Ahrefs or all the other keyword tools.

Antoine Carossio: Exactly.

Ethan Peyton: Okay, and then how do you know that what they write is going to, I mean, obviously it's going to get traffic if you're using the right keywords into the right places, but how do you know that the actual documents that they write are good enough to be put out to the world? I mean, is there a big editing process? Or how do you go from an engineer wrote this to finished blog post?

Antoine Carossio: Basically, we go through their blog post when they write it. We are developers and engineers too. And so if we find the article is really interesting and well written, we will see that right away. So there is a lot of feeling here too, I would say. Obviously, you quoted Ahrefs. So you can also check if from an SEO point of view, the article is written properly, you can use Grammarly in order to correct some sentences and formulations in order to make them more attractive. But basically, when reading the result, the output from the developer, if we find it is interesting, it should work among the community. Because we are part of this community too.

Ethan Peyton: That makes total sense. Okay, so then, so you've got this list of ideas. First off, I love that. If anybody is interested in doing content, yes, make yourself that list of just like titles or whatever.

That is such a great place to start because blank page syndrome is a real thing. So now you've got this list of titles and you are, every three weeks, you're blocking out a developer's time one of these articles, you're checking that against Ahrefs, you're using tools, again, like Ahrefs and Grammarly to ensure that the writing is good. Now you have a completed article in a Google Doc or something like that. So are you then putting this on your website's blog or are you posting it in a sub stack or on LinkedIn or where does the article go and then what's the kind of marketing strategy around the article itself.

Tristan Kalos: What is quite specific and interesting here is that we have a process for publishing articles. And the person that wrote the article has a huge responsibility in making it to the social networks and so on. So first, once you wrote an article, you have to create a banner for it. So we have guidelines for creating banners. And it's the responsibility of the person that wrote the articles to actually create the banner. So, we are transforming engineers into designers, specific to Escape, and nobody does that. Okay, sometimes they get help. But generally, we do it like that. And then, as I said, there is kind of a checklist of where we need to publish it. And generally, we do publish the link with a text description and not the full blog post, except on several platforms that are very specific to developers, like we publish the full blog post with a link back to our blog saying, hey, it's nicer to read it on the main blog, but on the other social networks we publish a text, the image, and the link to the blog.

Antoine Carossio: Which means that we publish those articles to our blog first.

Tristan Kalos: Yes. They are always on our blog first.

Antoine Carossio: Yes, and there are people that are in the mailing list of the blog who receive the article. We also publish the link on other media. And also, I think it could be interesting, but we also do some guest blog posts on other platforms. For example, yesterday we got one article published on the Postman blog. So this is really cool to work with talented teams such as Postman team. And obviously this gives us a backlink too, which is really interesting..

Ethan Peyton: Yes.

Antoine Carossio: …for us. But this gives us a lot of visibility. And for us, it's really cool to work with such teams and we are honored to work with Postman for example, to publish a blog post.

Ethan Peyton: So when you publish a post on someone else's website, like this Postman, is this a blog post that you have already posted on your site? Or…

Antoine Carossio: No.

Ethan Peyton: …is this, okay, so this is a brand new post and you have communicated with the team over at that, you know, at that website, at that business to put your stuff up on their site, correct?

Antoine Carossio: Yes, to be honest, it happens that the last blog post we published on Postman blog, they asked us to write it, because they are on our Discord, we have a Discord community that everyone can join, and there are quite a few people from the Postman team, and they just contacted us through Discord, asking if we could write an article about a very specific toolkit related to APIs and security. So I said yeah sure, that would be nice, and I started writing and we were in contact with their publishers there, the people responsible for marketing. We've done a few exchanges and the total process from when they started asking for a specific blog post and when it was published was quite short. I think it was two weeks and a half, three weeks maybe… 

Ethan Peyton: Okay.

Antoine Carossio: …which is not that long, knowing that Postman is a huge company. So the process was really smooth and this is how we got the last one. The previous one was a bit different process but you know, this is how we build trust with them and that's really cool to have this possibility to work with them.

Ethan Peyton: All right, so I know that this is a really, really specific question, but you guys have this Discord community. I know Discord is really popular in the, you know, the kind of engineering space. What do you think, what do you think the draw was to have this person or this team, several people from the Postman join your Discord server?

Tristan Kalos: I think it was from events mostly at the beginning.

Antoine Carossio: You’re right.

Tristan Kalos: So we went, I mean, okay, when you start a startup, you're starting from scratch and nobody knows you, right?

Ethan Peyton: Yes.

Tristan Kalos: Nobody even knows about you. And so you have to start somewhere and the way we started is we did research, so we wanted to show the research to the world. So we started attending events and presented what we found to the community. Hey, you know we found those vulnerabilities. And that's how we met people. And when we met people in person, we said, hey, let's keep in touch, so join the community and let's discuss there. And that's how we got teams from companies like Postman to join the Discord originally. And now people are reaching to us inbound. They are joining the community inbound because they see talking about it on the blog post or the social networks.

Ethan Peyton: Gotcha, so you did some events, you met people, they were interesting, they thought you were interesting and you said, hey, join the Discord. And then out of that, you got a guest post, you got a backlink, you got more visibility. That's a pretty darn good strategy to me. It feels like you're able to leverage meeting one person into an ongoing relationship, but not necessarily just with you, but with the rest of the community around it using that Discord server that sounds to me like something that lots of different businesses could do. Is this something you recommend other businesses do?

Antoine Carossio: Definitely.

Tristan Kalos: Yeah, absolutely.

Antoine Carossio: To be honest, at the beginning we did not really do that on purpose. It was just because it happens like it's happened. We really get on well with the Postman team at one of the events. They joined the Discord, they had some other mates, colleagues, and this is how it started.

Ethan Peyton: Has anything else cool happened from this Discord server?

Antoine Carossio: Yeah, we do have people from cool teams, from Redwood GIS, I believe, from Neo4j, from cool companies or also good open source, really impressive open source contributors are in the Discord server too, such as Nikitas Dampin from Claire Vaillant and so on. Yeah, it happens, cool things.

Ethan Peyton: Awesome, sweet, all right. So I think we've, I think we've, I've asked about as many questions as I can about communities and content. But I will echo your advice. Companies should invest in content starting from day one. It's especially if it's evergreen content, content that isn't, it isn't about what happened in the news this week, but it's about things that are useful and will be useful into the future. And it's a do it once and receive benefits forever type of strategy. So I love that you guys brought that up. And I love to see that you're actually doing it correctly. It's really cool.

Antoine Carossio: Thank you.

Ethan Peyton: All right, so I'm going to ask this question to both of you. And I'm going to start with Antoine. What is your number one piece of advice for early stage entrepreneurs?

Antoine Carossio: Oh, I should have thought about this before. I would say, okay, I would say you have to be passionate about what you're doing because you have to, okay, sometimes it's gonna be super hard and you have to know in advance that you are not going to drop your project. So in order to not drop your project, you have to believe in it and to be passionate about it. If you're not passionate about what you're doing, you can maybe do a great business, provided it’s a really really really easy business. I don't know any easy business, but maybe there are some. But yeah, being passionate about what you're doing to you know you don't stop at the first problem you encounter.

Ethan Peyton: All right, Tristan, same question. What is your number one piece of advice for early stage entrepreneurs?

Tristan Kalos: Well, I absolutely agree on the passion thing. I think being excited about the problem that you're solving, about how to solve it, about who you're solving it for, is really important. And I think another thing, what's really important is also who you are doing it with. So picking the right people, we talked a lot about the team, but talking about your co-founders as well very important and I think we did a pretty good job on that part…

Antoine Carossio: Yeah.

Tristan Kalos: …and I'm happy about it. So that is really important and it would not have been the same if we were not together with Antoine on that project.

Ethan Peyton: Well, you guys seem like a good team, so I'm glad to have both of you here. 

Antoine Carossio: Yeah.

Ethan Peyton: All right. What are we going to see out of Escape? What's, uh, what's coming up? What's next?

Tristan Kalos:  Well, we're entering the scale phase right now with Escape, so there are a lot of stuff ongoing and especially when you are a startup and you start going out of the, you know, trying to find out what your product is and what your audience is, then you have to reach larger companies, move towards mid-market and enterprise, and that's a whole different story. Which we're going to hear about in the coming months, like Escape becoming, going from a small startup to a company that has the power to address the needs from larger enterprises.

Ethan Peyton: Awesome, cool. Well, this has been a lot of fun. I've got one last question for you. This one's easy, I tell ya. Where can people connect with you online and how can our listeners support Escape?

Tristan Kalos: You can find us on the website . We are also very present on LinkedIn and Twitter. And sorry, what was the second part?

Ethan Peyton: How can our listeners support escape?

Tristan Kalos: Join the Discord community.

Antoine Carossio: And also LinkedIn and follow Escape’s LinkedIn page too.

Ethan Peyton: All right, cool. Well, folks, you know what? I'm also gonna shout out your blog. If anybody's looking for an example of a well-run blog, go check it out. And we're gonna put links to that, to the LinkedIn, to the Discord. We're gonna put links to everything you guys heard today in the show notes over at And do you guys have any last words before we say goodbye for the day?

Tristan Kalos: I would say that staying motivated is the key. And so continue pushing forward, everyone.

Antoine Carossio: Stay hungry, stay foolish.

Ethan Peyton: Alright that’s going to be it for this week’s episode of the Startup Savant Podcast! Thanks for joining us! Hey if you haven’t already heard, we’ve got full-length videos of all our episodes over YouTube channel. So if you’re a fan of watching AND listening, well then I recommend you go check that out! We will be back next Wednesday morning with another episode of the Startup Savant Podcast - we’ll see you bright and early! Until then - go build something beautiful.

Expand to view full transcript

Tell Us Your Startup Story

Are you a startup founder and want to share your entrepreneurial journey with our readers? Click below to contact us today!

Request an Interview

More on Escape

Escape logo.

Escape Profile

Born out of a hacking incident the founder faced, Escape is a cybersecurity startup that helps developers secure their APIs using GraphQL. 

Read More

Escape team.

Helping Developers Secure APIs

Escape enables developers to secure their APIs by helping to spot security vulnerabilities before they can be exploited. This is Escape’s story.

Read More