Marcin Kleczynski is a shining example of the American dream.
A Polish-born immigrant turned naturalized citizen, Kleczynski grew up in the Chicago suburbs spending much of his time on computers and the early days of the world wide web. He couldn’t afford to buy computer games; instead, he downloaded them from the internet — and usually malware along with it. Frustrated that his computer’s anti-malware didn’t prevent the infection, he took to seeking help from security message boards to troubleshoot and remove the malware by hand.
That’s where Kleczynski thought he could do better, and so he founded Malwarebytes.
In early 2008, his company’s first anti-malware product was released. To no surprise, the very people on the message boards who helped Kleczynski recover his computer were the same championing his debut software. So much so that Kleczynski hired one of the people from the message board who helped him rid the malware from his computer as one of his first employees. Within months, Malwarebytes was turning over a couple of hundred thousand dollars, Kleczynski told TechCrunch.
By August came the question of whether he would run his company or go to university.
“After about a 15-second conversation with my mother, she quickly informed me that I would be attending university,” he said.
And so he did both.
Fast-forward to today, the company is a multi-million dollar anti-malware giant serving 150 million consumer customers and 50,000 paying small to medium-sized business and enterprise customers from its five offices — two in the U.S., as well as Estonia, Ireland and Singapore.
Yet a decade on from its founding, the key to the company’s business model still relies largely on providing its consumer product for free.
“If you’ve got an infection, we’re going to give you the antibiotics for free,” said Kleczynski, now in his early-thirties. In return, the company gets anonymized telemetry to better understand the wider threats facing its customers. That vital intelligence — which users can still switch off — helps the company invest in making its products better to quickly detect and remediate emerging threats, he said.
Even though a small fraction of consumer users pay for the product, it still makes up about half of the company’s revenue. The remaining half comes from paying business customers. Malwarebytes remains cash-flow positive and profitable.
Kleczynski said the company could make more money but only at the expense of its customers — which he said he would never do. “Don’t fuck the customer” has been a driving force for the company since its inception, said the founder. “We wouldn’t be anywhere without our users,” he said. “And why exploit and monetize them?”
Not penny-pinching or unscrupulously accounting for every single purchased license helps to make the company successful with its customers.
“We will go as far as we need to,” said Kleczynski. “This is not a numbers game,” he said. “We’re not just trying to get customers off the phone as quickly as possible, we’re trying to really listen to their concerns and address them.”
“If that means spending the entire day with a customer, so be it — right?” he said.
The company has 750 employees — and about 150 of those were added in the past year alone. “A lot of our early people are still with us today,” said Kleczynski. About half of the company works in engineering and R&D. That’s more than threefold its staff in marketing, he said.
Kleczynski said he banks on the word of mouth from its customers. “You can feel this big uptick in companies in the last couple years that have been riding a wave of marketing and not necessarily technology,” he said.
“I put my money where my mouth is,” he said.
That’s a key reason why the company is spending so much on its products and services, he said. “The higher the investment in research and development, the better the company does over the long term,” said Kleczynski. He said the company could spend less on engineering but that it would be “detrimental in the long term.”
As the threats evolve, the founder acknowledged that nothing is perfect. “A threat actor only has to be right once but the defense has to be right 100 percent of the time,” he said.
For him, he described his continued investments on engineering as like being “a cat and mouse game” with malware creators. “I love when they create a new technique that we have to go find a way using our present technology to defend against it,” he said.
“That really gets me excited,” he said.
“You’ll never be able to save everybody from everything and so that’s why we’ve really focused our energy on endpoint and the products that actually affect people,” he said. “Those threat actors continue to innovate at an unprecedented rate, and we have to make sure that we as a company can survive and innovate through those kinds of changes.”
And he has no plans to slow down.
As Malwarebytes continues to grow at a rapid pace, the company is in no rush to exit the startup world.
Kleczynski didn’t rule out an eventual public floatation but said the company would go at a slow and steady pace rather than race to the finish line.
“We’re a little less than twice as big as some of the companies that have recently gone public, he said, pointing to a figure of around $200 million in annual revenue. Although he could see an initial public offering in the next two years, he said the company has yet to fully explore going public. He said he was more focused on the company than delivering for its customers — and for him to deliver back to his employees — than hitting the sought-after “unicorn” valuation of $1 billion.
From message boards to a multi-million dollar company, Malwarebytes has come a long way.
When asked for his advice to other founders, Kleczynski put a lot of his company’s successes down to sheer luck — coming up with an idea at the right place and the right time — but going forwards it’s more about “picking the right players.”
“You need the right people that could solve your problems today,” he said.