EPISODE · Jul 7, 2026 · 47 MIN
Embedding Security as a Growth Engine with Jon McLachlan
from The Disciplined Troublemakers · host Scott Shagory
What if your security program was your best sales tool?Most B2B SaaS founders treat security as a cost center, something to minimize, budget around, and deal with only when it bites them. Jon McLachlan has spent years making the case that this framing is exactly backwards, and the founders who get that earliest tend to scale the fastest.This episode gets into the real mechanics of scaling SaaS companies with security embedded from the start, not bolted on. For technology CEOs and operators weighing build versus buy decisions, the conversation around fractional security teams versus in-house hiring is one of the most honest you will hear on the topic of B2B software scaling.Jon McLachlan is the CEO and co-founder of Ysecurity.io, where he helps SaaS companies build practical embedded security and compliance programs without slowing down product development. He also leads Cyberbase AI, focused on the intersection of AI and cybersecurity, and co-hosts the Security Podcast of Silicon Valley, now over 90 episodes deep. Jon started Ysecurity almost by accident, helping founder friends who needed security guidance, and grew the team to more than 45 people through referrals alone.Key TakeawaysBootstrapping a security firm through referrals is possible when trust is the product: every client at Ysecurity has come through word of mouth, a signal that founders are handing over the keys to people they already believe in.The fractional security team model solves a real gap in B2B software scaling: founders can rent an entire embedded security function, from vCISO to red teaming to GRC, without the complexity of building an in-house team from zero.Checkbox security is a floor, not a ceiling: SOC 2 Type 2 and ISO certifications matter for sales cycles, but the real return on investment comes from integrating security into marketing, sales training, and product positioning so it opens new business.Chasing enterprise clients when your DNA is startup-focused is a costly detour: Ysecurity tried repositioning for large publicly traded organizations, landed a few deals, and found the red tape incompatible with their speed and culture, a pivot that clarified everything.Founder mental health deserves more airtime than it gets: with depression rates among tech founders estimated around 43 percent compared to roughly 9 percent in the general population, protecting personal recovery time, whether running, cycling, or scheduling unstructured space, is an operational decision, not a luxury.Jon McLachlan said, "Security is not just this little box on the side that we should think of as a cost center. The right way to do this stuff is really to integrate it into the entire organization. It is an investment in every sense of the word, and you should expect it to pay off."Host Scott Shagory said, "Sell security without selling security, to overgeneralize. If you can do that, it is just such a potent message, and to be able to really enable gains that are more challenging and yet at the same time provide genuine security, it is not just a checkoff list."Timestamps00:00 Welcome and guest introduction01:05 Why Jon and his co-founder Sasha started Ysecurity02:50 ICP focus: organic growth toward B2B SaaS and AI-enabled companies03:33 Why ideal customers sometimes still say no, build versus buy08:47 Scaling from 2 to 45 people: culture, remote work, and staying connected12:38 Decisions that created disproportionate leverage, and the enterprise pivot mistake15:17 Selling security as a growth engine, not a cost center18:19 Where the market undervalues or oversimplifies embedded security23:43 What work founders must protect: running, biking, and personal recovery27:22 Silicon Valley pressure, 996 culture, and how Jon navigated a difficult personal period34:49 What the next 12 to 18 months look like for Ysecurity and Cyberbase AI37:42 Networking effects, trust, and why referrals are the whole game42:11 Conviction, authenticity, and what the best founder relationships actually feel like44:25 Where to connect with Jon and closing thoughtsConnect with Jon McLachlanLinkedIn: https://www.linkedin.com/in/jonmclachlanYsecurity: https://www.ysecurity.ioCyberbase AI: https://www.cyberbase.aiSecurity Podcast of Silicon Valley: available on major podcast platforms
What this episode covers
What if your security program was your best sales tool?Most B2B SaaS founders treat security as a cost center, something to minimize, budget around, and deal with only when it bites them. Jon McLachlan has spent years making the case that this framing is exactly backwards, and the founders who get that earliest tend to scale the fastest.This episode gets into the real mechanics of scaling SaaS companies with security embedded from the start, not bolted on. For technology CEOs and operators weighing build versus buy decisions, the conversation around fractional security teams versus in-house hiring is one of the most honest you will hear on the topic of B2B software scaling.Jon McLachlan is the CEO and co-founder of Ysecurity.io, where he helps SaaS companies build practical embedded security and compliance programs without slowing down product development. He also leads Cyberbase AI, focused on the intersection of AI and cybersecurity, and co-hosts the Security Podcast of Silicon Valley, now over 90 episodes deep. Jon started Ysecurity almost by accident, helping founder friends who needed security guidance, and grew the team to more than 45 people through referrals alone.Key TakeawaysBootstrapping a security firm through referrals is possible when trust is the product: every client at Ysecurity has come through word of mouth, a signal that founders are handing over the keys to people they already believe in.The fractional security team model solves a real gap in B2B software scaling: founders can rent an entire embedded security function, from vCISO to red teaming to GRC, without the complexity of building an in-house team from zero.Checkbox security is a floor, not a ceiling: SOC 2 Type 2 and ISO certifications matter for sales cycles, but the real return on investment comes from integrating security into marketing, sales training, and product positioning so it opens new business.Chasing enterprise clients when your DNA is startup-focused is a costly detour: Ysecurity tried repositioning for large publicly traded organizations, landed a few deals, and found the red tape incompatible with their speed and culture, a pivot that clarified everything.Founder mental health deserves more airtime than it gets: with depression rates among tech founders estimated around 43 percent compared to roughly 9 percent in the general population, protecting personal recovery time, whether running, cycling, or scheduling unstructured space, is an operational decision, not a luxury.Jon McLachlan said, "Security is not just this little box on the side that we should think of as a cost center. The right way to do this stuff is really to integrate it into the entire organization. It is an investment in every sense of the word, and you should expect it to pay off."Host Scott Shagory said, "Sell security without selling security, to overgeneralize. If you can do that, it is just such a potent message, and to be able to really enable gains that are more challenging and yet at the same time provide genuine security, it is not just a checkoff list."Timestamps00:00 Welcome and guest introduction01:05 Why Jon and his co-founder Sasha started Ysecurity02:50 ICP focus: organic growth toward B2B SaaS and AI-enabled companies03:33 Why ideal customers sometimes still say no, build versus buy08:47 Scaling from 2 to 45 people: culture, remote work, and staying connected12:38 Decisions that created disproportionate leverage, and the enterprise pivot mistake15:17 Selling security as a growth engine, not a cost center18:19 Where the market undervalues or oversimplifies embedded security23:43 What work founders must protect: running, biking, and personal recovery27:22 Silicon Valley pressure, 996 culture, and how Jon navigated a difficult...
NOW PLAYING
Embedding Security as a Growth Engine with Jon McLachlan
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m