Careers at Duo Security


Duo Security’s mission is to protect the mission of its customers by making security simple for everyone.


Dug Song was the Chief Architect at Barracuda Networks, while Jon Oberheide was a student obtaining his Ph.D. in Computer Science at the University of Michigan (where Song had obtained a Bachelor’s degree in the same subject). The two had a desire to create the next big thing in online security. However, they felt that a security service could only be effective if it was easy to use.

They began building such a service at Tech Brewery, a startup co-op community established by Song. The cloud-based offering provided access security, protecting applications and data from breaches, theft, and account takeover. It was distinguished by the quickness with which it could be deployed and the ease of use of its technology. They founded a firm to market it called Scio Security in 2010.

In fall of that year, they were able to obtain $1 million in seed funding based on the promise of the idea. This was followed by $6 million in 2012, $12 million in 2014, $30 million in 2015, and $2.5 million in 2016. Investors included Google Ventues, Redpoint Ventures, and True Ventures. The company has since changed its name to Duo Security, and has offices in the U.S. and Europe.

Benefits at Duo Security

Business model of Duo Security

Customer Segments

Duo Security has a mass market business model, with no significant differentiation between customer segments. The company targets its offerings at firms of all industries and sizes.

Value Proposition

Duo Security offers four primary value propositions: convenience, risk reduction, performance, and brand/status.

The company reduces risk through high standards for security and stability. Its platform is built with security in mind. It uses asymmetric cryptography to verify clients’ customers’ devices against its server, making it difficult for attackers to compromise the devices. The platform also utilizes two-factor authentication, which enables users who have entered passwords to verify their identities using a second factor. This fends off man-in-the-middle (MITM) attacks in which a threatening party hijacks a login session and steals passwords. Beyond these features, Duo maintains multiple offsite backups of customer data in case of system downtime or failure. The strength of its security efforts is evidenced by its meeting of several respected compliance standards, including PCI DSS, ISO 27001, OWASP, and NIST 800. Furthermore, a group of independent auditors frequently audits and reviews its operations and infrastructure to confirm it is secure enough to support its customers.

The company offers convenience by making operations simpler for clients. Its solution makes it easy to set-up two-factor authentication. Because Duo supports various remote access tools, the feature can be deployed for almost any application within hours. Its solution also conducts automatic security and feature updates to its cloud-based platform every two weeks. Lastly, Duo ensures an uptime for the platform that exceeds 99.995% with a hard service-level guarantee.

The company demonstrates strong performance through tangible results. High-profile examples of positive outcomes for clients include the following:

  • The University of Michigan’s Departmental Computing Organization (DCO) used Duo’s solution to protect its network, resulting in zero compromised accounts since it was deployed
  • American Public Media used Duo’s solution to implement two-factor identification, resulting in deployment of the security feature across its 52 public radio stations within just two weeks
  • Facebook used Duo’s solution to deploy two-factor identification, resulting in an increase in computers covered by the feature from 300 to over 10,000 employees

The company has established a strong brand due to its success. It serves over 3,000 organizations and millions of individuals globally. Prominent corporate clients include Toyota, Random House, Twitter, Etsy, Paramount Pictures, Accenture, and NASA. Also, it has won a number of honors, including recognition as one of the Top 20 Cloud Security Vendors by CRN (2011), recognition as one of the Sibos Innotribe Challenge Top 10 by SWIFT (2011), and a SINET Innovator Award, sponsored by the United States Department of Homeland Security (2010).


Duo’s main channel is its direct sales team. The company promotes its offering through its website, social media pages, and participation in summits, symposiums, and conferences.

Customer Relationships

Duo’s customer relationship is primarily of a self-service, automated nature. Customers utilize the service through the main platform while having limited interaction with employees. The company’s website features a “Resources” section that includes eBooks, videos, and infographics. The site also provides answers to frequently asked questions.

Despite this orientation, there is a personal assistance component. The company provides general phone, e-mail, and live chat support. It also offers Duo Care, a premium support service that provides access to the following:

  • A Customer Success Manager, who advises clients in areas such as administrator training, development of user enrollment plans and security policy, and delivering of customer launch kits. This person acts as the main point of contact, handling the majority of issues.
  • A Customer Solutions Engineer, who provides consulting, best practices, and architectural strategies as clients roll out their first deployment. After implementation this person primarily acts as a technical expert who provides product updates and future planning.

Beyond these two components, there is a community element in the form of a peer forum.

Key Activities

Duo’s business model entails maintaining a robust cloud-based platform for its clients.

Key Partners

Duo does not maintain any formal partnership programs. That said, it forms strategic alliances with other organizations from time to time in order to enhance offerings for its customers. High-profile examples of these include the following:

  • The company is a member of the FIDO Alliance, whose mission is to reduce reliance on passwords in the process of user authentication. Duo’s FIDO Ready line of products supports the Fast IDentity Online FIDO Universal Second Factor (U2F) specifications.
  • Duo partners with LastPass, a top password manager solution, by integrating its mobile-based two-factor authentication solution into the LastPass password management platform.
  • Duo partners with Covisint, a cloud-based enterprise collaboration solution provider, to integrate its two-factor authentication solution into Covisint’s platform for multi-factor authentication.

Key Resources

Duo’s main resource is its proprietary software platform, which serves over 3,000 organizations.  It depends on its human resources such as engineers to maintain the platform, consultants to provide advisory services, and customer service staff members to provide support. It also relies on a team of top mobile, app, and network security experts to help develop its solutions.  Lastly, as a relatively new startup it has relied heavily on funding from outside parties, raising $51.5 million from six investors as of April 2016.

Cost Structure

Duo has a cost-driven structure, aiming to minimize expenses through significant automation and low-price value propositions. Its biggest cost driver is likely cost of services, a variable expense. Other major drivers are in the areas of customer support/operations and sales/marketing, both fixed costs.

Revenue Streams

Duo has one revenue stream: revenues generated from the subscription fees it charges for monthly access to its software-as-a-service platform. Subscription plans are as follows:

  • Business – Provides basic two-factor authentication for a client’s entire team and secure on-premises apps. Costs $1 per user per month.
  • Enterprise – Provides advanced two-factor authentication with administration features, as well as secure on-premises and cloud apps. Cots $3 per user per month.
  • Platform – Provides a full “Trusted Access” suite with everything from the Enterprise plan, as well as adaptive authentication and BYOD, Mobile, and Cloud Security. Costs $6 per user per month.

Our team

Dug Song,
Co-Founder and CEO

info: Dug Song earned a B.S. in Computer Science at the University of Michigan. He previously served as the Chief Architect of Barracuda Networks, the VP of Engineering at Zattoo, and the Chief Security Architect and Principal Security Architect of Arbor Networks.

Jon Oberheide,
Co-Founder and Chief Technology Officer

info: Jon Oberheide earned Bachelor’s, Master’s, and Ph.D. degrees in Computer Science at the University of Michigan. He previously served as Founder of ARBSEC, as Co-Founder of FocalHost, and as a part of the Networking R&D Team at Merit Network.

Zack Urlocker,
Chief Operating Officer

info: Zack Urlocker earned a Bachelor’s degree in Computer Science at Concordia University and a Master’s degree in Math and Computer Science at the University of Waterloo. He previously served as SVP of Product & Marketing at Duo Security.

Paul DiMarzo,
Chief Financial Officer

info: Paul DiMarzo earned an undergraduate degree at the College of the Holy Cross. He previously served as the CFO of Molecular Imaging and Assay Designs, as the VP of Finance at WinWin Technologies, and as the VP, Controller at