Sounder SIGN UP FOR FREE
The Founder Formula
The Founder Formula

Episode 38 · 1 month ago

Guy Podjarny, Founder Snyk – Pursuing through a catastrophic failure

ABOUT THIS EPISODE

Security teams sometimes need to tackle big transformations as they keep up with today’s threat landscape. This two-time Founder set out to make that transformation less intimidating. In this episode, our co-hosts Todd Gallina and Sandy Salty interview Guy Podjarny, the Founder and President of Snyk. The three of them discuss how Guy was able to overcome a catastrophic failure, the importance of winning over a user, and rethinking the way security teams defeat threats.

The conversation in this episode covers:

  • The importance of Snyk’s dev-first posture
  • Depth versus breadth in the world of cybersecurity
  • Guy’s perspective on a company’s fundraising story
  • The nuances of a product lead growth company
  • The evolution of decision making within an IT organization

Listen to this and all of The Founder Formula episodes at Apple Podcasts, Spotify, or our website.

The Founder Formula brings you in behind the curtains and inside the minds of today's brave executives at the most future leaning startups. Each interview will feature a transformative leader who's behind the wheel at a fast paced and innovative tech firm. They'll give you an insider's look at how companies are envisioned, created, and scaled. We hope you're ready. Let's get into the show. Everybody. Welcome back to another episode of The Founder Formula. This is the podcast that focuses exclusively on founders and their journey. My name is Todd Galina, and with me today is the CMO at Trace three, Sandy Salty. You know what I am doing? Great? As you know. There's a big exhale going on in Yeah, and I feel like it's um It's like a big X hill and and a lot of like luster at the same time, right, yeah, yeah, post event luster. Yeah. We just had our big Evolve conference. Yes, So for our listeners who might not be familiar, Trace Strees historically put on a massive technology and leadership conference where we've had folks like you know, Wozniak speak. We took two years off due to COVID, but we were back and packed. The house was packed. I just want to talk a little bit about your involvement. Obviously, your friend, your prints are all over this event, but you yours by the way, Thanks Um, and of course Stephanie Hannah, the executive producer of the entire show and her whole events team. But you were the host of our Outlier Awards and for the first time ever, you were part of a pretty massive, a massive magic trick. I mean, yeah, well so you. I mean, we've talked about the Alier Awards before and this desire to outdo ourselves every single year, right with everything we do, marketing, Trace Street, but specifically anything related to Evolved. We always just want to get bigger and better. Um. As you know, the last time we held Outlier was in twenty nineteen. We talked about this where I essentially drove on to the stage on in a sports car. It was a big wow moment because nobody expects to see a sports car. Funny enough, it it belongs to the the one of the the guitarist of Guns and Roses. So that's a side story anyway, you know. In in one of the Founder from Me L episodes, you and I talked about like, gosh, like you drove out in a sports car, big wow moment, like how how are you going to outdo that? And I said, you know, we're working on that as we speak. Well. This year, um, we decided that I was going to magically appear on stage um via helicopter right, which sounds super easy easy um and and and frankly, when you get to see behind the curtains of a magic trick or magic general, you realize that it's actually, don't hate me all the musician listeners that we have out there. It's actually so much simpler when you kind of see the mechanics of what what happens. And so suffice to say that the audience was super wud because they saw this like helicopter quote unquote appear on stage. It was it was an empty box, the box closed, and when the box opened up again, there was a helicopter right. I was in it. Yeah, how is that simple? I mean I saw the whole thing, there was an empty box, and then helped She won't tell me everybody she knows like I'd have to kill you. I mean I can probably tell you. I'll tell you off off off, audio, but I would I would feel horrible ruining it for our amazing musician who was also my co host, Jason Bird, And so we did this helicopter trick. I think I think people got a total kick out of it. And then to boot my co host was a musician, which is not some thing. You know, you've you've been at Trace as...

...long as I've taught, and you posted, you've co hosted Outlier with me, one of my favorite years ever, fun on stage together. But you know, we've never really played with this idea of like a professional Vegas act as part of the Outlier show, and we did it this year. I thought it was super fun. Who knows what we'll do the next time up the stakes? Rocket ship maybe rocketship, maybe a jet pack I fly, I find into the ceiling. I don't know. Wait, so do we have commitment that you're coming back? I think I thought we just had that like report of ourselves. I think that this year was my Outlier retirement. Oh no, I don't know. You might need to. We might need to bring Galina back on the circuit. Nobody wants to see me on stage, especially if anyone who's ever seen Sandy on on stage, what would agree with me? Okay, So, but we did have a couple of other awesome, amazing speakers. We had. We had Chris Boss, who was an FBI negotiator, Yes, master negotiator. In fact, some of you may have seen or or heard his master class. He's he's incredible. He is just super good at what he does. Um, and he has incredible sort of principles around the art of negotiation that he shared with the audience. I think that everyone got such a thick out of that. It was great. Everyone was trying to use them the rest of the show totally, you know. And then UM and then of course the big headliner, which you played a part obviously in bringing to the show. Yeah, Derek Jeter, you know, Hall of Fame shortstop for the Yankees. Great learned a lot from him and just a fan favorite, such such an impressive athlete. And honestly, I think that the biggest surprise of all was not it was not necessarily his like incredible repertoire of accomplishment as much as it was how humble and gracious he is in person, like just one of the nicest people I've ever met. And as we do with most evolved shows. After the headliner presents UM, he typically typically goes to another location to take pictures with our audience members and and he just I mean I was watching him and he shook every single person's hand with like enthusiasm and looked them right in the eyes. And it's literally as if we were walking into his home and he was hosting us for dinner. Incredible guy stayed until shook every single hand, met every person who waited to meet him, which was great. We had some people in the audience who were born in the same town as him, and then someone went to the same high school. So there are some really really great moments, moments, great dialogue, and he was good. And then we also had a little bit of We had a couple of founders from this podcast who were on on the main stage, Victram from lace Work and Mohit from Symmetry Systems, both brilliant individuals, also incredibly humble. We also had, you know, along that theme of just like really great technical belt leadership, we had UM a fan favorite, Peter Hinson. Oh yeah, continues to be a fan favorite. The guy gets like a standing ovation every time. He's so good. He's a futurist. He's awesome and unfortunately for our listeners to to be able to see his stuff, you gotta come to one of our shows. But the rest of the stuff we've talked about is available online. If you want to check it out. You can go to Trace three and click the link there to see some videos. Um. I'm excited about our guests that's coming up right now, me too, but I will. Can I make one request before we close out? Please? Can we eat more on this show? Can we do another another outtra over me where we just eat and subject or poor audience to our bad schewing? So I think it's le sales went through the roof after that episode. Right, everybody knows what it is now? All right, Ready to get to it, Let's roll, okay. Our guest is a two time founder, public speaker, O'Reilly, author, an active early stage angel investor. He's a former CTO at Akamai. Prior to that, co founded blaze io. They He is the...

...founder of Sneak, leading developer security platform helping developers secure as they build. He's coming to us live from London, England. Please allow me to introduce Guy put Jarni. Thanks for having me tell looking forward to it. Guy, thanks for being here. Tell us about sneak dot io and why you started it. Sure, So, Sneak is what we call a developer first security company. We UM. Really kind of the premise or the insight to creating it was that, um, you know, we're trying to secure software from the outside, and you know, to begin with, you know, that's probably not a great idea, but specifically with the adoption of develops and sort of agile developments in the cloud, the pace of software development has really grown and everything around kind of develops, models and such really build around these sort of independent teams that are able to you know, kind of run and run fast and uh and and not need to stop for for other people. Uh. And that really sort of drives the problem of of trying to secure it from the outside. The security team just you know, fundamentally can't keep up. And unfortunately, the security industry as a whole hasn't really gotten a memo, hasn't sort of adapted to this, to this reality. Um. And and we've sort of repeatedly failed to get developers to actually embrace security solutions and actually secure what they built, which is what we need to scale. And our kind of lightbulb moment, which sounds simple when you say it, is that if you want to break that mold, if we want to get developers to embrace security and actually embrace it into their practices, we need to build a developer tooling company. We need to build a company that puts the developer first, you know, it really designs the whole company, the brand of it, they go to market, the approach to two users and community, the and of course of course the product ux to first and foremost think about how to get the developer to embrace it. That kind of walks and talks and quacks like a devitl right, so of fields at home with the other tools that development might embrace, might might use. And that's that was kind of the the uh, you know, I don't know if it's secret sauce, you know, but the the aha moment. And that's what we set out to do. And and over over time there's been a lot of learnings and we can talk about those, but over time, you know, that is really the core of the company. I like to say, it's the thing we can to pivot out of. Is this developer for security. Today were talking about developer security platform uh and and and we've sort of evolved into a variety of products and threats that we tackle under that mantle. Uh and they sort of span. They will continue to expand, but they already span aspects of application security. You're scanning your code SASS solution, and your open source component SCIA. We generally started and at our course all these concerns around supply chain security, which again it's like sneak open source, sneak container, knowing which open source components you're using, are they any good, do they have non vulnerabilities, helping you fix those, etcetera, etcetera, and all the way to to cloud. And you know, we can dig into that more if we want, but you know, they we kind of built on appreciation that in the world of cloud there's a whole bunch of um uh kind of it T security concerns that are moving into the developer world. Right in a in a pre cloud surrounding, if a developer wanted to say, like provision a machine and run something on it, they might open a ticket. Someone in a T might provision that machine, make sure it's properly configured, it's probably patched, and give that back. What I described right now is a dependency you know, that is not you know, it's kind of counter to that sort of agility and develops speed that we aspire to in the world of cloud. That goes away a developer clicks a couple of buttons or makes an API call and they get a machine that's running. So and behold now that machine that is running. You know, it's depending on the developer's actions whether that is probably patched properly configured, and developers to do that they need developer security solutions, not I T security solution. Yeah, yeah,...

...thank you. That that's that's such a great um description of the problem space and and specifically what sneak addresses. And this this concept of um well, I guess for the less the less technical audience. You know, a traditional security approach is one that is very very dated, right That proverb proverbial sort of data approach obviously slows down the development process, which in turn slows down UM speak to market, which of course in turn kind of uh weekends a companies competitive advantage or competitive posture. So so the permeating effects of kind of that traditional security approach are very real and and they're very you know, they're very measurable to a degree in terms of in terms of how it how it slows down a business. I love the paradigm shift. Guy of of like building a developed a developer tooling company versus versus a security company. I once heard you say that, Um, the future of security depends on developer adoption. UM. Can you can you elaborate on that? Why? Why is that the case from your perspective? Yeah, I think fundamentally, UM, it's just it's just impossible to secure software from outside. Um, the pace of development, as as you point out, will continue to increase because that is what the business demands. You know, you need to be fast to be competitive, you need to adapt, and that would that would continue to be the case. And so you know, the most secure thing you can do is just unpluged from the Internet, and then you know you'll be secure all the way to to bankruptcy. Right Like, there's no Um, there's no really other option for the business except moving fast. And if you move fast, it's it's a lost cause to think that security can keep up. And so I think our future as a world, as a society is digital and increasingly dependent on digital and you know, to be able to secure the digital world, we have to make security run at the pace of the development, at the pace of digital creation. Uh. And that the only way that that happens is if we equip the developers, equip those building the solutions with the right tools so that they can make the secure decisions when they're making them. Because that's that's really what we need, is we need to move security to be where the decision is made. And does the concept of putting after security in the hands of developers scare organizations? At times? It does. There's there's maybe a couple of concepts we can touch on in here, which is, you know, one is decentralization and the other is the notion of depth versus breadth. So maybe I'll start with the with the ladder. So as you dig into you know, developer tooling company the tackle security and what that means, then um, you you quickly come across the problem. The developers like depth while security needs breath. If I'm a Javascopree developer, I couldn't care less if a product supports PhD or not. And it's not because I'm narrow minded or you know, I don't sort of you know, I think big enough. It's because it doesn't affect my daily lives. You know, I'm I'm developing this language and decided to e in this you know c I system. Uh and and that's that's what affects me. And it's just has no bearings on me if another language or stack is supported or not, but it better be amazing in the surrounding because that's the way tools in my world work, and DEVI tooling playbooks very much say pick a stack big an area and win them over, and the other stacks would wait. Um. Security, on the other hand, needs breadth because it's just very impractical for a security leader to have seven different directors of engineering, you know, use four different tools to secure their use of open source. It's very hard as it is to govern security. There are so many threats. Has its own fragmentation. Um. And if you start multiplying that by that type of the centralization, it's scary. It's very very scary, and it's it's just not feasible. And so security wants breadth. And that depth versus breadth is...

...a constant struggle. At sneak we you know, we're death first, so we are depth first. We make sure that for the stacks that we support, you know, we go deep enough. We understand it about previous case, we win them over. They feel like we build a product only for their environment. Um, but you know, nobody bought the products until we built enough breadth to actually kind of cover the majority of your applications for security person. So that's kind of one lens if that makes sense. You know, and we you know insteat, we always we always think about that we launch new products with a depth first approach. Well, make sure that we are very very good for you know, the applications that we support. And then we broadened so that we you know, we always ship products were proud of and the developers will adopt. That's our promise to our customer. And uh and we and we expand you know, we have the benefit now that we have a lot of great products. So those products might be rolled out all all all the way, and it could be that some new products will only be employed for some subset of the development teams. That makes sense so far. That's kind of one one lends on on the on the convention like it's an end proposition. It's it's breadth and depth versus the word right. I think you have to you have to get both done, but you have to also understand which one do you prioritize and uh and if you need to win developers over, then you have to you know, I guess part of my friend not ship crap. You know, like it has to be uh, it has to be quality, it has to be depth. Otherwise you'll have this great product. But if developers don't use it, it's no good for you. The other piece that scares security team sometimes is just the transformation they need to go through UM and and look, it's important to remember that like digital transformation. We call it transformation for a reason. When you think about the delta between waterfall you know, on prem development versus you know, develops agile continuous development on the cloud, it's night and day, and there's no reason why security wouldn't change that way. That's scary. That's a big change change. You know, that requires different you know changes and maybe skills, changes in mindset, changes in the culture. And I think fundamentally, you know, people may be focused sometimes around you know, hey, they need to learn what containers are or you know, how to use a wus UM. But I think the big difference is that security teams need to become platform teams. They need to become teams that don't succeed because they can audit and assess an application, but rather because they can build a platform that auditors and assesses an application for developers as they run. Right, they succeed not because they were the heroes you know that founder vulnerability and dealt with it, but rather because they built the platform that allowed developers to do that, which is very very keen to what happened in develops. Right. It sort of went from you know, the the ops person you know, being amazing because they tackled some big outage to the ops person that is best being the one that builds a platform that developers their news. And so, you know, it's a scary term position and it requires alsos of changes of skills. You know, you need to maybe de prioritize some audit skills in favor of development skills. You need to change the mindset from you know, more of a controller to more maybe of a service provider. Right, you're providing a platform. Your developers are your customers, um and so those are big changes. I guess what I what I like to remind people they need to keep in mind, is that in the develops world, CIS admins have become sr res. You know, they've become the sort of system reliability engineers. They're paid to double. You know, they're far more respected by the business. You know, they're uh, they're more um they're seen as contributors to the top line, not just as risk reducers. And there's now proven data that shows how teams that have great SRA teams, great develops platforms teams do better as a business. And we're starting to see that data for security as well. UM. And so it's scary, but there's you know, there's a there's a very very bright light at the end of the tunnel here. Yeah.

I think this concept of of UM I T organizations becoming enablers and empowers if that's the word is empowers, a word versus versus regulators and mitigators, is really like a broader theme for the I T community as a whole. UM. Well, thank you for that. That that's fantastic education for us and our and our audience. UM. I want to switch gears a little bit and talk to you, talk to you about you you know, the founding of companies. Um, sneak is your second startup? Um, how soon after the sale of blaze dot io your first company? Uh, did you know that you'd be starting a second company? Very good question. UM, I don't know when I exactly knew it. I ended up leaving after three and a half years living Amy and I think, UM, I think the Acamay journey was incredibly valuable. You know, I've made a lot of good friends, I learned a lot, and I got a chance to really learn a new a new role, right, how to be a leader and executive. You will be the city of a seven million dollar a year of business, which is about half a com I um. And and so I think it was very very insightful. At the same time, I think I always knew that it's not forever home for me. I don't know that I had an exact timelines, and so I came in with the intent of at least doing this sort of the three years unless I'm suffering. Um and Uh. I ended up saying for three and a half I definitely wasn't suffering. But also once I got the itch to uh to do another Uh, it's uh, it was hard to let go. I will say that I intended to take a year off after leaving ACAM. I when I when I decided to resign, it was a year when I By the time I resigned, I said, well, maybe I'll take six months. And by the time I actually left the company six days later, I incorporated it snakes. So I'm not very good at taking time off. I think that, uh, that she has a lot of light into what it's like for someone like you to sell their companies, sell their baby and and we always imagine you mentioned this that it's kind of like purgatory to be stuck at the company, but it's amazing to hear that you learned a ton why you were there and you stayed a little bit longer, so you know, an additional win not only having your company acquired, but then getting that additional education. Is it's a cool journey. Yeah, yeah, for sure. And I think it depends. Sometimes it's lucky or And I would also say that if you are being acquired, then you should you should pay close attention to where you're landing. You know, both role and company. I mean I found that my first company, Blaze, because I was at IBM at a role that you know, on paper. I could do all sorts of cool stuff and sort of think about new security innovations and such, but in practice I felt like I wasn't having impact, you know, I was, it was just the distance where I was from having an idea to actually being able to get it to market was just so vast that I was depressed. I ended up sort of founding my first company is my having had a child born three months prior, and you know, it's it wasn't necessarily the wisest point in time in terms of my kind of life. Um, but I was very bummed by it. So I kind of experienced both paths. So when I went into Alcamy, I was very, um, very verbose. You know. I spoke a lot about what is it that I can do in the company, and I came into it with a change change at mindset. And when you get acquired, you've got a bit of a halo in the acquiring company. You actually kind of have more mandates than maybe the typical person in the company to drive change. And I just leaned into that, and uh, I'm very happy with the learnings that you know, a lot of failures in the process, but I don't think I really kind of let up too much, am I compared to what I did at place? That's that's awesome. Yeah, this is a this specific topic is like fascinating to to me and Todd because you know, as a founder, your your big sort of milestone, sometimes your end goal. Um we hear, as you know, achieving some sort of...

...exit event. Um. We always wonder though, like, um, if if one that exit occurs, the founder, who is a creator in essence, feels somewhat handcuffed to this acquiring company um and in some ways feels limited in sort of venturing into a new a new path and and creating a new adventure for himself or herself. Um. Is it limiting or or or is it um? Is it equally satisfying in that the founder feels like he or she can still you know, I keep an eye on their on their baby, this baby that they've created, and make sure that it grows and evolves within this new context, within this bigger world that acquire and company itself. Um. And so we're always sort of interested in the psychology there um of Hey, does the founder feel stuck or does the founder feel or does the founder feel fulfilled? Equally fulfilled? And that you know, they get to keep eye on their their baby. Yeah. Yeah, I think just just sort of the comment is that I think it depends on the founder, but also depends on the acquiring companies. And um, you know, I think for me what drives me is impact. Uh, and so it's not so much about just keeping my baby, and maybe some founders come into that. It's more about growing the impact. If I got the same impact, they wouldn't sell. That's not the sort of intent. But for instance that Nick Nack, we acquired six companies so far. So far, all of them have been successes, you know, some of them have been great successes, and the founders that founder them have great impact within the company. And we take care when we acquire a company to to have you know, on one hand, of course a clear business case of some specific aspect of it. Acquired deep Code, they brought in, you know, they basically the engine for sorce nick code or static analysis. But at the same time have another company why responsibility they would draw you know, in that case, they became the core of machine learning in the company. Right and manifold, they became the platform that made it extensible, you know, tope code that which is acquired building reporting, but they're also the data engineering level up there, and because they have a company wide mandate um they um, they end up actually being able to grow personally and grow their impact to the scale of the acquiring company and and it drives them, it makes them more successful and it makes us more successful as a as a result. So I think there's a lot of like how to do it well and how not to do it well, and to an accept we seek founders that look for that right, that are hungry, that are still seeking to do more, not ones that are looking to rest invest. And the fact that you that you are were the acquired and now the acquiring or acquirer probouly lends lends um it really probably influences how how you do it well, right um at sneak. Yeah. I mean he mentioned where you land is important. So I imagine when you have now you have seven founders in the building, you're landing seven planes and so I'm sure you took great care and making sure they landed well and maybe even provide a little a bit of mentorship on what you're able to learn from Akam. I all there here at with you at Sneak and Peter. You know, we have in the in the in the team a lot of experience and sort of doing that well. But you know, and Peter alongside me, you know, he's beyond the fact that he's acquired many companies, he's also kind of being the CEO of multiple sort of the series being onwards companies that sold, and so I think we just have a lot of empathy to those and uh, you know, so far we've been you know, like leveraging that well to uh, to help both those companies that we buy succeed and help the whole kind of keep getting bigger. Yeah. I feel like we could do a whole podcast on you know, acquisition, and you guys have done at seven times. But let's have which is a great topic. We've I've...

...learned a ton just from this last segment, but let's talk about fundraising a little bit. You know, you obviously had to do it for blaze Io and then you know, your second time here with Sneak, I imagine it was much easier. Um. Was it easier because you also were walking away from the Akama experience? UM, tell us a little bit about the difference in fundraising. Yeah, I think I think it was easier to fundraise the second time around because you know, just you know, if nothing else, pure statistics show that repeat founders are more likely to succeed um and you know that that makes sense um. And and also through the years that acam I during that time, I've done some angel investments, I've built some relationships with the sas and notably Bold Starts that led the the seed round for Sneak uh and and so by that time, you know them, they know you, and so there's kind of more familiarity. So both the network and the track record player role. I will say that the counter to that is the ambition. Uh. And so I think with Blaze it was a very concrete uh you know, in hindsight feature. You know that I was building while here we're looking to transform an industry and said no developers will embrace security, and there were a lot of vcs as. Good luck with that, uh and uh and it doesn't really matter what your track record is. And so I think the first round, the seed round, it was easier because I had an investor who believed in me and believed in the vision and saw the potential and leaned into it. About a year into it, I had a catastrophical failure in the fund raise in which everybody wanted to talk to me and nobody wanted to sign a check at the end because they saw that we managed to get developers to use the product, but we had no revenue because we you know, we a little bit the depth versus breath we discussed and uh, and that you know, it didn't matter the track record. It was still you know, you can't do it. And you know, fortunately you know again both started as a as a as a believing investor, right and sort of seeing it helped us up in a in a very positive fashion, right on great terms and and pulled us up and buy. By the time we were kind of back at back at the drawing table or back at the fundraising cable, things were already curving in the right direction on the revenue side as well. Uh. And it was it was more about chasing investors away than uh than getting them to come. Was the cash traffic failure that you burned through your your first investment. No, I leaned, I made a mistake. I was so we we had So it's it's worth understanding that Sneak is a product led growth company, a peal G company bottom up, and when you're a PELG company, revenue is a second order measure. You need to build a great product, then you need to get users to use it, and then you need people to buy h So and when you're sort of going directly commercial you can you know, it's it's reversed. You build a product, you get people to buy it, and then you get users to actually use it um and so it takes longer. And for us, we were very tunnel visioned on saying our biggest challenge is to get developers to embrace security, and so we were entirely focused on that and entirely blind to all sorts of things. We needed to get security, who is typically the buyer to actually sign the check. Um and and so the reality was that about a year and a half, this was about a year and a half in you know, maybe not quite and um. You know, we had tens of thousands of developers using the product for free and practically nobody paying. I think we were in the hundreds of maybe thousands of a r R uh and uh. And everybody from outside saw that we have all these users. They didn't know what the revenue was and they saw my track record and and so everybody wanted to talk about a preemptive round, and I, you know, I wasn't even I just leaned into it. So I triggered everybody. I told everybody else that someone is trying to prevent Everybody wanted to talk to me. I wasn't, you know, raising and sequoia and battery and just everybody wants to talk to me. And literally nobody wanted, you know, kind of to get a turn cheat. And I eventually did get some offers, and...

I got some you know, I got some offers from good investors, and I got some you know, uh good offers you know, from others, but I didn't get like the right offer from the right investor um. And you know, to top that off, you know, at the same time, my father in law passed away. So I was like, literally, I gotta you know, I live in London, my families in Israel, my wife's as well. So in the morning I got a had a call with an investor who made me, gave me a term chreet, and five hours later we got a call from Israel that my wife's dad passed away, and we jumped on a plane and it was it was a crazy week. Um uh and and period really you know that was very challenging. And again, you know, I can say enough good things about Ed shim At at both start because during that time he stepped up. I had two great experiences with investors. Then one is Tom Human and this is worth a shout out here. Tom Human GV who I was talking to about potentially an investment, and literally I had a call with him in the you've in the sort of the seven days of sort of sitting after someone passes away, and I wasn't sure what to do. I was behind it, and I told him that at the beginning and that guy, don't talk to me right now, and I don't think you want to talk to any investors who wants to talk to you right now. Now, settle down, call me later, which I thought that was great, and Tom absolutely made it into the next round what had happened? Um. And then the second was was Ed, who you know a month later said instead of coming back to all of that, we believe it, we see the path, we see the developer success. Um, why don't you take you know, three million dollars instead of a full round on the best terms that you've had in any of these offers. Uh and uh and just just keep going UM. And that's what we did and it worked. It worked. You know, like a year later, you know, we were we we had curved. It took us another i want to say, eight months after that to kind of crack the revenue target. UM. And then yeah, we sort of seven ext and four months and then with seven next again you know, in the we were at that point, you know, shy out five million by the end of the year after. So you know, we were we were off to the racist guy. This is a super interesting topic to us, and I don't think one that we ventured into UM on founder formula before, and we've interviewed like dozens of founders. This concept of obviously adoption versus revenue generation. You know, there's there there is kind of this perception that mass adoption obviously comes with a certain valuation. Right. Certainly, a lot of the big the big names that we hear of today, particularly in kind of the social platform world, are wrapping, you know, have wrapped an investment thesis around a freemium model just by virtue of it being adopted at mass scale. So why is kind of the world that you play in different Did those companies not pave the way for that? For that type of thinking and investment UM this concept of look, you're investing in a company that has a tremendous amount of potential because there's tremendous amount of adoption versus versus kind of that revenue the revenue piece, Yeah, the revenue mandate exactly. It's it's UM. Uh so it's it's not always the case, of course, sometimes it is. It's actually fairly common in dev developer tools UM and generally the the the reason or the impetus behind it is the difference between is when there is a difference between the user and the buyer. So if the user is not the buyer, then increasingly in the world, there is an advantage to winning over the user because while they're not the ones signing the check, they are the ones that effectively say whether a product would be successful or not or use. You've seen that with tools like Slack, you're saying that with tools like Mirror, you're saying that with with with with trel oh, and you know you're seeing a lot of those and you know, good luck to the c I O who sort of thinks that they can just stop down, you know, roll down a tool without consent from the sort of the users in the ranks. Right, it's it's sort of it's it's just no longer the case. Decisions are increasingly determined for their...

...success at least by the bottom of motion and so, but by the the users of the product, and so a bottom of motion UH focuses on winning the users UM. There. From there you kind of get a little bit into the question of what's the distance between the user and the buyer and UH, and what's the sort of the minimum unit for which someone would purchase UM And here we come back to the depth versus breadth problem, because for a developer, the minimum immunity of value is, you know, give me a product that helps me secure my code. It's very small, it's not dependent on anybody else. Download the snick cl I, integrate the idea, maybe a little bit in the team. You can put it into a Git or a build. But then you know, you run it and and and it helps you security your code. You get the value, you fix the issues. All goodness. They don't do security governance for us. Typically the tipping point and today the world is evolved, but definitely at the beginning, you know, tipping point for actual purchase was more security governance. And security governance is then that the security unit team, and it's hard to do it as something that is smaller than a business unit. Um and and so because of that, you know, we the distance between what it takes to get a developer to duced the product and and what it takes to get a security person to to purchase. It's quite big, um uh and and maybe even totally different needs. You know, so it might not even be the same capabilities. So there are a whole bunch of examples out and in developer tools because what happens is a small team really likes it, but by the time you know, they want to purchase, they get streamed, like moved into something that requires that breadth. So that's kind of the the exercise that we had here. We started Developer Tooling playbook, no JS. We only only picked one stack JavaScript, you know, we we won that over and developers in that ecosystem were entirely gung ho on um on you thnk sneak, Except nobody was only developing in ogs, or at least nobody you know, not many and security needed us to support Ruby and Java and more net later and others. Today we support all of them, but at the time it was it was hard to uh to add to those and so I think the not all products work that way. Um. You know, if you look at the A p M vendors like data Dog and such, they built a product that approach. But in in data Dog, the minimummunity is a team. Uh. You know, it's okay if one team uses one a PM solution and another team uses another. It's not optimal. It's better if everybody uses the same thing, but it's okay. You kind of get the value. So they charge in that fashion. Mum. So, so, so that's a concern. I'll add one more thing, which is important. I think for security purchasing something is friction. And when you talk about getting developers to embrace security, we had to deal with a lot of friction to begin with. People didn't think that that can be done. But it's tools that might not on they you know, we had to battle with a lot of things, and introducing a credit card into that process of the individual developer probably would have prevented them from actually using it. Uh, And so we believed and I think that's correct then and I think it's still correct today that you can't do a bottom up motion to developers for security without you know, and and charge them right away. So that requires a friendium offering some other things that individual developers do maybe they care enough about to pay right away. You can see like intellig or for certain ideas that charge right away, and and and so all of these things are very context specific, and they boiled down to the difference between the user and the buyer, the the how much they care versus how hard it is, you know, like what's the what's the friction versus what's the demand? Yeah, and uh and understanding kind of who's the what are the differing capabilities for the two audiences. Yeah, it's like you have to get them to love of not like love stage before you can introduce any...

...type of friction i e. Payment, charging me, etcetera. In our case, even believe that it's possible right like that that there could actually be a security tool that as a developer they will enjoy using that was basically combarrassing. So yeah, it's uh, this is amazing. This thing has gone completely full circle. When we went back down, went back to depth and breath, and then there was also like we're thirty minutes into this podcast, we had a birth and a death in Guy's life. My gosh, it's like you have to remember that these are real people with real lives, and wow, it's crazy. We we are not going to have probably time to cover everything. But I do want to talk a little bit about thought leadership with you. With you Guy, because you know, you're an author of a couple of these O'Reilly books, author and co author, and I remember a time when, um, those types of books were. They were it like I would hop on a plane and by the time I landed, I had read a whole O'Reilly book. I had developed, you know, a new skill set, and I came away from that, you know, looking at the author's kind of like the gurus. I would. I would follow them and reach out to them. That world has changed a little bit. I don't know how many people are still buying books or consuming, you know, learning how to develop through a book. So how is the thought leadership world changed? How are people like you developing thought leadership outside of the authoring of books. I think so so. My uh kind of perspective is that teaching is a means of learning. Um and And generally when I talk about you know, even before you go to books, right, when we think about messaging or so, how do we communicate what the product does, or you know, or or a concept to customers? I think people people make the mistake of thinking that that is for the others. It's for the consumer, right, It's it's you're trying to simplify it. You already know all of that stuff. Now you're just trying to sort of simplify it for for others. And um, I think that's the wrong view. I think. I think when you need to explain it, then you you learn to understand it better, and you learn to reduce it to the things that matter. Um And And in turn, once you for yourself understood that you know the things that matter, you can think bigger. You know, you've simplified that complexity into these things. Yes, you maybe are able to drill down, but you know, once you've structured it in your mind, you can build on top of it better. Um And I think about that as messaging, whether it's inside the company outside the company. And so I find public speaking and writing books they're basically an excuse. There are time consuming excuse, but they're an excuse to to get my thoughts in order, you know, get complicated topics like open source security or like responsive website performance which was previous one, or serveist security. You know, understand, Okay, how do you how do you simplify it? What really matters? What models actually makes sense? And invariably every time I write one of those, I end up learning. I find what matters and what doesn't matter, and that feeds are are thinking. And you know, when we talk about new products in the company and things like that, we do the same exercise. And I'm you know, I'm probably an annoying reviewer because I'm very, very fussy about how was it presented, Not so much like you know, if it was pink or or green. You know, it's it's more about the um, what's the mental model, what's the structure? And so I think books today still carry a weight, you know, maybe not as much indeed told as a as A as UM as they used to. There's still time consuming to write, There's no doubt about that. UM and UH, and I think they're helpful for our understanding. They're helpful for internal alignment, and they're helpful for aligning our conversations with our customers. Right. They represent our view of a bigger world, and at the end of all of that, they're also uh, we're very big on community. We didn't get to talk about that too much, but you know, in Sneake were very you know, a big part of the ethos is to be to help kind of lead this community of of...

...practice of DEFs coops. You know, how do we learn about it? You know, I you know, and we do a lot. You know. We acquired def Scon, which is a conference that is you know, vendor neutral and it's all around you know, being a place to allow people to share security practices to a conference. We acquired a conference. You know, it had technically only two employees, but you know, de Sicon was running for for a while. It was a bit of a weird, weird move. It's not one of the six that I mentioned that before, um and uh, and it was there's no we don't make money off that. We try to run in the break even, you know, and the pandemic got a bit in the way, but it was really just a great place to help drive and invest in in the community, having thought leaders, having a space to share. I host a podcast called The Security Developer. I get to talk to smart uh you know, security leaders and and and give them, you know, an opportunity to share their stories. Uh and I and I think like the books and the content create, they're all a part of that same of that same mix. It's around driving collaborations. I came through when I found out the Blaze. I became a part of the velocity of the Philosophy Programming Committee, which is kind of the one of the places, you know, that's one of the key originators of develops, and we're a lot of sort of the seminal uh talks that the drove develops adoption came up, and you know, we kept driving that, you know, through the through the ACAM I days. And one of the things I learned to appreciate from Develops I learned a lot was that a big reason for the reason develops kind of took off and a big change in the industry. There was sharing and talking about failures, ensuring about practices and I think security, you know, we're not very good at it. You know, definitely on the product security side, we don't share enough. We don't. You know, we don't talk about things we didn't get right. It's scary and security um to do that. But you know, if we don't do that, everybody needs to learn on their own, and we advanced a lot more slowly. So a lot of what we do is around promoting that, and to me, the books are a part of that. A bit of a long winded answer, but I guess there's a broader picture. It sounds like you're lesson to brand building and more into learning and building a community, um, which is that we come together right like they become. They go hand in hand when you're when you're doing a category creation. If you're just inventing a new mouse trap, you know, maybe not all of these lessons applied to you. I'm not diminishing it too much. Sometimes you're trying to do the same thing just better. Um. In our case, we're doing it different and different. It's hard, Okay, guy, listen. We we promised to keep this brief, but there's so many things that we didn't cover. And I know I speak for Sandy when I say, you know, we have just learned a ton. This is probably one of the most enlightening conversations we've ever had. Candidly, thank you so much for for hopping on the podcast with with Sandy and myself. We really appreciate it. It was a pleasure guy, Thank you, My pleasure, happy, happy to share my own learning. Trace three is hyper focused on helping I T leaders deliver business outcomes by providing a wide variety of data center solutions and consulting services. If you're looking for emerging technology to solve tried and true business problems, Trace three is here to help. We believe all possibilities live in technology. You can learn more at Trace three dot com slash podcast. That's Trace the number three dot com slash podcast. You've been listening to the Founder Formula, the podcast for all things start up from Silicon Valley to innovators across the country. If you want to know what it takes to lead tomorrow's tech companies, subscribe to the show wherever you get your podcasts. Until next time,.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (39)