How SecurityScorecard CEO Aleksandr Yampolskiy Scaled from Zero to $140 Million Revenue: The 3-Strategy Playbook That Built a Cybersecurity Empire

This article was written and sourced from Aleksandr Yampolskiy’s keynote presentation at Founderpath’s last event. The images embedded below are from the 22 page slide deck. The full keynote recording is here.

Aleksandr Yampolskiy transformed a napkin sketch in 2014 into a SecurityScorecard empire generating $130-140 million in annual recurring revenue, serving 2,800 customers worldwide including 70% of the Fortune 100 and nine of the top 10 banks. Speaking at SaaSOpen in September 2024, Yampolskiy revealed the exact strategies that fueled this explosive growth from zero customers to a cybersecurity powerhouse with $200 million in the bank.

The Playbook: 3 Core Strategies from Yampolskiy’s Journey to $140 Million Revenue

1. Focus on Customer Expansion Over New Acquisition: With an average deal size of $30-40K, SecurityScorecard discovered that helping just 10% of customers better operationalize their product could double revenue without acquiring a single new customer. This laser focus on expansion drove growth from $70 million to $130 million.

2. Embrace Rapid Experimentation with 5x5x5 Framework: Take 5 people, give them 5 days and $5,000 to test any hypothesis. This framework led to their most successful lead generation tool – a simple widget that generated over 880,000 company downloads and became a primary growth driver for years.

3. Maintain Board Control and Strategic Capitalization: Despite raising $293 million in funding and reaching a $1 billion valuation, Yampolskiy maintained board control through careful negotiation of terms beyond valuation – focusing on liquidation preferences, board composition, and avoiding participating preferences.

2014: From Chief Security Officer to Founder – How a Napkin Sketch Became a Billion-Dollar Vision

Before founding SecurityScorecard, Yampolskiy was CISO at Gilt Groupe, where he managed all aspects of IT infrastructure security, fraud, secure application development, and PCI compliance. His experience at Goldman Sachs and Oracle, where he built authentication and entitlement infrastructure for trading, revealed a massive market gap.

“You have absolutely no idea how secure your information is if you upload it to Dropbox or if you store code on GitHub or you send your paperwork to a firm,” Yampolskiy explained during his keynote. This insight sparked the creation of SecurityScorecard – a platform that would deliver a universal language for cybersecurity.

The concept was simple yet revolutionary: create security scores for companies similar to how credit scores work for individuals. Yampolskiy personally coded the original MVP in 2014, though he jokes that his development team “is still complaining about the code that I wrote and trying to eliminate it for the past 10 years.”

2016: The $880,000 Weekend Widget – How an Unsanctioned Project Generated SecurityScorecard’s Biggest Growth Driver

The single most successful lead generation tool in SecurityScorecard’s history came from an unsanctioned weekend project. A developer decided to build a widget where visitors could enter any URL and receive a free security scorecard report. No one asked for it.

This represents a perfect example of what happens when companies embrace free tools as a growth strategy. The developer, who later became a founder and CTO of his own company, created this widget without permission or budget. Over 880,000 companies have downloaded reports through this simple tool, making it their primary lead generation mechanism for multiple years.

In stark contrast, Yampolskiy shared how they spent millions of dollars and four months with a 10-person team building a concentrated risk analysis feature for insurance companies. Despite his confidence it would be a differentiator, it “did not add a single dollar of revenue.” The lesson? “Most companies overvalue great ideas. Cheap, quick experimentation always beats great ideas.”

2019-2021: From $71 Million to $1 Billion Valuation – SecurityScorecard’s Hypergrowth Phase

As of November 2021, the company had 1,700 paying customers, had rated 12 million companies, and had 25,000 freemium users. The company’s average annual contract value (ACV) reached $40,000, with an average revenue per user (ARPU) of $3,333.

During this period, SecurityScorecard maintained impressive unit economics. The company grew from 350 employees with $71 million ARR and achieved 115-percent net revenue retention. Their go-to-market strategy relied heavily on organic SEO and their free scorecard reports, which continued driving qualified leads at minimal cost.

• Revenue grew from $71 million to projected $130-140 million
• Customer base expanded from 1,700 to 2,800 companies
• Achieved 70% penetration of Fortune 100 companies
• Maintained positive cash flow while sitting on $200 million in reserves

For more details on Yampolskiy’s growth strategies, check out his full keynote presentation and slides from SaaSOpen 2024.

2022-2023: International Expansion and Product Diversification Drive 49% Growth

Globally, SecurityScorecard experienced tremendous global expansion of its business outside of North America with 68% year-over-year growth in ending annual recurring revenue. The company also made strategic acquisitions, including LIFARS™, a global leader in digital forensics, incident response, and cyber resiliency services.

During this period, SecurityScorecard doubled down on insurance industry penetration. SecurityScorecard became a trusted standard in cyber insurance and cyber underwriting with insurance organizations, achieving 120% growth of new ARR in its insurance business in 2022.

The platform also expanded its capabilities significantly:

• Expanded its global partner Marketplace by 80%, to include more than 90 technology and integration partners such as AWS, Coupa, Crowdstrike, CSC, Fortinet, IBM, OneTrust, Palo Alto Networks, Snowflake, and Splunk
• Launched MAX managed services offering for end-to-end supply chain risk management
• Introduced vulnerability intelligence modules and cyber risk intelligence capabilities
• Added proactive security services and 24/7 digital forensics support

The 5x5x5 Experimentation Framework: SecurityScorecard’s Secret Weapon for Innovation

Yampolskiy credits much of SecurityScorecard’s success to their experimentation culture, built on advisor Mike Scher’s 5x5x5 framework. When someone proposes a feature that will take two months to build, the challenge becomes: “How do you do it in five days?”

“They’re going to give you a blank stare and say it’s impossible,” Yampolskiy noted. “Maybe you can mock it up, maybe you can send it to 10 people, see how many people download the report and either prove or disprove the hypothesis.”

This framework has been adopted across every team – technology, product, marketing, and sales – driving agility throughout the organization. It’s particularly effective when combined with Product Hunt launches and other rapid validation techniques.

CEO Lessons: Building Culture and Managing Capital at Scale

Yampolskiy shared candid insights about hiring and firing executives. His worst hires were “polished executives with Amazon, Google” backgrounds who would initially tell him he was “a terrible CEO,” then fail when given autonomy. His solution? Hiring “up-and-comers with a chip on their shoulder.”

SecurityScorecard now employs a psychologist who previously coached Steve Jobs and Larry Ellison to interview every VP-level hire and above, providing 40-page reports on candidates’ cultural fit, curiosity, and leadership potential.

On capitalization, Yampolskiy emphasized critical lessons for founders:

• “Valuation matters a lot less than all the other things you negotiate”
• Never agree to participating preferences or coupon mechanisms
• Maintain board control – SecurityScorecard has an even split between common and preferred with independents
• Avoid 50/50 founder splits – “somebody needs to be in charge”

Despite raising significant capital, Yampolskiy maintained approximately 10% ownership through strategic negotiation and regular ESOP refreshes for top performers.

2024 and Beyond: AI Integration and the Path to IPO

SecurityScorecard’s generative AI integration represents the first security ratings platform implementation of natural language processing capabilities with which users can directly interact. This positions the company at the forefront of AI-driven cybersecurity innovation.

Looking ahead, Yampolskiy revealed ambitious growth plans:

• Targeting 25-30% organic growth annually
• Actively pursuing tuck-in acquisitions in the $20-40 million ARR range
• Building toward IPO readiness (noting the bar has moved to “$300-400 million ARR”)
• Expanding the MAX managed services offering which is driving record revenue

The company’s fastest-growing offering, MAX, has already demonstrated its ability to transform the industry by identifying, prioritizing, and resolving the most critical vulnerabilities across the third-party and extended Nth party supply chain ecosystem.

The Bottom Line: From Napkin to $140 Million Through Customer-First Innovation

SecurityScorecard’s journey from a 2014 napkin sketch to $140 million in ARR demonstrates the power of focusing on customer expansion, rapid experimentation, and strategic capitalization. By pioneering the security ratings category and maintaining a culture of innovation, Yampolskiy built a platform that now monitors more than 12 million organizations continuously.

Three key takeaways for SaaS founders:

1. Expansion beats acquisition: Doubling revenue through customer success is more efficient than doubling your customer base
2. Experiments beat plans: A weekend widget can outperform million-dollar features developed by committee
3. Terms beat valuation: Board control and clean terms matter more than headline valuations

As SecurityScorecard approaches potential IPO territory with strong cash flow positivity and continued 25-30% growth, Yampolskiy’s playbook offers a masterclass in scaling B2B SaaS through customer obsession and experimentation culture rather than pure capital deployment.

The company’s success proves that even in competitive markets like cybersecurity, focusing on solving real customer problems with rapid iteration can build category-defining companies. With tens of thousands of customers—including half of the Fortune 100 and nine of the top 10 U.S. banks—and over 600 employees, SecurityScorecard stands as testament to the power of customer-driven growth.

For more insights from successful SaaS founders and access to growth capital, visit Founderpath to explore funding options designed specifically for ambitious B2B SaaS companies.

If you’re an ambitious founder looking for capital to grow, we’d love to consider funding you at Founderpath. Click here to request capital.