How Method Security Raised $25M & Landed a $1M Contract by Building in the Dark

Most founders are told to talk to users constantly and iterate quickly. Sam Jones did the opposite—he shut out the world and built Method Security in the dark for a year, then landed a seven-figure contract.

Key Facts

• Fundraising Speed: Raised $5.5M from a16z in 3 days (Sam Jones)
• First Contract Value: Over $1 million on first contract (Sam Jones)
• Team Composition: 16 engineers out of 19 total employees (Sam Jones)
• Sales Cycle: 2-hour bootcamp to 2-week POV model (Sam Jones)
• Org Structure: CTO has 15 direct reports for speed (Sam Jones)

The Dark Building Period: Why Domain Expertise Trumped User Feedback

Jones built Method Security for over a year without external input, relying on deep Air Force and Palantir experience instead of traditional user feedback loops.

Sam Jones took a contrarian approach to building Method Security that flies in the face of conventional startup wisdom. Instead of immediately seeking user feedback and iterating rapidly, he and his co-founders isolated themselves for over a year to build their vision.

This approach worked because of their unique backgrounds. Jones spent time as a defensive security operator in the U.S. Air Force, operating products like Splunk on networks with over one million endpoints. His co-founder brought NSA experience building offensive security tools. Their third co-founder also came from Palantir, where they had worked together on previous projects.

The decision to build in isolation wasn't made lightly. Jones explains that traditional advice didn't apply to their situation: 'We probably took a different approach than most. We just built. We didn't really even talk to anyone. I think the common reaction... is everyone wants to go build their customer advisory board, talk to users, talk to users, and say, what do you need? We just built to our opinion about the world that we wanted to build and basically just shut everything else out for quite some time.'

"We probably took a different approach than most. We just built. We didn't really even talk to anyone... We just built to our opinion about the world that we wanted to build and basically just shut everything else out for quite some time." — Sam Jones

"I don't think maybe a much younger founder could have done that. There's lots of different ways to start businesses. Ours was to really get a lot of experience before, in our early 30s, starting a company where we thought we had a differentiated advantage on the knowledge that we had." — Sam Jones

• Jones was a defensive security operator managing 1M+ endpoint networks
• Co-founder built offensive security tools at NSA for 2 years
• Team maintained shared Notion spaces for business ideas over 8 years
• Built cross-functional platform connecting attack and defense capabilities

Raising $5.5M from Andreessen Horowitz in Three Days

Method Security raised their seed round in just three days by leveraging their Palantir network, a compelling AI penetration testing prototype, and pre-warmed investor relationships.

The speed of Method Security's fundraising process was remarkable even by Silicon Valley standards. The timing aligned perfectly with a major life transition for Jones's CTO co-founder, who had just completed an eight-year run at Palantir.

The fundraising success stemmed from strategic relationship building and network leverage. Jones's co-founder Dan had been warming relationships with a16z for over a year before the formal process began. The Palantir alumni network proved invaluable, with former Palantirians like Michelle Volz at a16z providing initial connections.

Their pitch centered on a compelling prototype—an AI-powered penetration testing bot that Jones had built using GPT-3.5 Turbo. This wasn't just a concept; it was a working demonstration of how AI could be used for offensive security to help defenders stay ahead of threats. The intersection of AI, security, defense, and infrastructure made a16z the ideal partner, given their network and expertise across these domains.

"My CTO quit Palantir, and he had an eight year run there, and he was going to go on a vacation to Europe. Well deserved, with his wife before he did this thing and I was like, before you go, we need to fly you out to San Francisco to meet with Andreessen Horowitz on Monday. He quit Palantir on Friday, and he was like, okay. And then he went on vacation on Tuesday, and we closed the seed round a couple of days later." — Sam Jones

"We went in basically with a prototype demo and a couple of slides, and then the process just quickly ended." — Sam Jones

Enterprise Design Partnerships: From Fortune 500 to Government Contracts

Jones structured design partnerships by targeting early-adopter enterprises, charging selectively, requiring in-person meetings, and embedding engineers on-site to build relationships and gather product insights.

Method Security's approach to design partnerships differed significantly from typical B2B SaaS playbooks. Instead of casting a wide net, they carefully selected enterprise customers based on specific criteria: organizations known for being good design partners, CISOs active in innovation, and companies with the internal talent to handle early-stage products.

The structuring of these partnerships was tactical and relationship-focused. Jones emphasized the importance of in-person meetings, often delaying initial meetings until they could meet face-to-face. This strategy helped demonstrate that they weren't 'twenty year old founders messing around' but experienced professionals who could be trusted with enterprise-scale problems.

Their first major design partners included Fortune 200 companies and Department of Defense services. The dual approach proved valuable: commercial enterprises provided daily user feedback and operational learning, while military customers offered access to unique problem sets and long-term technical requirements that informed their roadmap.

"If you're talking to a large financial institution like a bank, just don't even talk to them because they're not going to fit in that category. Similarly, if you're talking to a slower moving industrial type company, they're also not going to be good." — Sam Jones

"We turned on a lot of initial meetings almost entirely because we could meet them in person. So that was a pretty explicit strategy that we had." — Sam Jones

• Targeted Fortune 200+ companies with known innovation track records
• Required in-person meetings before formal partnerships
• Embedded engineers on-site for relationship building and product learning
• Mixed commercial and government partners for diverse insights

The Two-Hour Bootcamp Sales Strategy

Method Security evolved from six-month design partnerships to two-hour technical bootcamps followed by two-week production pilots, dramatically shortening their enterprise sales cycle while maintaining deal quality.

As Method Security's product matured, their sales process became increasingly confident and streamlined. The evolution from lengthy design partnerships to rapid proof-of-concept demonstrations reflects both product readiness and market validation.

The bootcamp approach requires significant preparation and targeting precision. Jones explains that getting to the bootcamp isn't easy—it requires aligning buyers, technical middle management, and complex enterprise schedules. However, once they demonstrate capability in those two hours, the path to a production pilot becomes much clearer.

This compressed timeline works because of their focus on high-value, sophisticated customers. Rather than pursuing a broad market, they target Fortune 500 companies and government agencies where individual contracts can exceed $500,000 to $1 million. The selectivity allows them to maintain product focus while avoiding the overhead of a traditional sales organization.

"We went from, in mid-2024, kind of a six month design partnership. Where we would hope for a six month extension. Because that gave us the time it took to really nail down stuff. Now we're at the point where if we're trying to engage with a new large commercial customer, we will do a two hour boot camp." — Sam Jones

"We're so confident in how the product works today, we're just going to say, bring these types of users, we're going to do two hours, and if we knock your socks off then we want to do a two week POV in production." — Sam Jones

Staying Lean: 16 Engineers Out of 19 Employees

Method Security maintains extreme engineering focus with 16 engineers out of 19 total employees, using a flat organizational structure where the CTO manages 15 direct reports to maximize development velocity.

Method Security's organizational structure defies conventional startup scaling wisdom. With their CTO managing 15 direct reports and only two non-engineering employees on the entire team, they've optimized for speed and technical execution over traditional management hierarchies.

This lean structure is enabled by several factors: AI tooling that amplifies engineering productivity, a clear technical vision that eliminates much coordination overhead, and a focused customer base that doesn't require extensive support infrastructure. The approach allows them to compete with much larger, more established companies by maintaining superior development velocity.

The sustainability of this model depends on their current stage and customer concentration. Jones acknowledges that tripling their customer count would likely require organizational changes, but for now, the structure provides significant competitive advantages in their ability to ship features and respond to customer needs rapidly.

"There's something about maintaining a small enough engineering team that allows us to be so artistically generative right now in terms of our output... if you were to look at our org chart. Our CTO has fifteen people reporting to them." — Sam Jones

"It gives us such an advantage because we have so few communication nodes on our engineering team and we're shipping so fast. And because we don't have to think too much about support and sales right now. It's all funneling into product investments." — Sam Jones

Product-Market Fit in Enterprise Cybersecurity

Jones recognized product-market fit when a sophisticated government customer completed rapid market research across all offensive security solutions and chose Method in an unprecedented timeframe for an unprecedented dollar amount.

Product-market fit in enterprise cybersecurity looks different from consumer or PLG businesses. Rather than viral growth metrics or usage analytics, Jones identified two key indicators: rapid decision-making by sophisticated buyers and sustained user engagement after deployment.

The defining moment came when a government customer conducted comprehensive market research across all potential offensive security solutions. Despite having access to any vendor they wanted, they selected Method in a remarkably short timeframe for a contract value that exceeded the company's previous benchmarks.

The second indicator was more traditional: recurring usage patterns from specific user groups. However, Jones emphasizes that the combination of both signals—sophisticated buyer validation and organic user adoption—created what he calls 'lightning in a bottle' for their product-market fit confirmation.

"We met with a certain customer that did a ton of market research into all potential solutions in the offensive security space... they went from market research to deciding to choose Method in such a rapid time frame on a dollar amount that was unprecedented for us." — Sam Jones

"I knew like, OK, this team could have anything. They chose us, and they chose us very quickly. That specific feeling was part of product market fit." — Sam Jones

Traditional Startup Approach vs. Method Security's Approach