In episode 39 of EnterpriseReady, Grant Miller is joined by Loris Degioanni of Sysdig. They discuss Loris’s storied career journey, the creation of Sysdig, tactics for better understanding enterprise customers, and the future of open source.
About the Guests
Grant Miller: All right, Loris. Thank you so much for joining.
Loris Degioanni: You're welcome. Thanks for having me.
Grant: Awesome. Yeah. So let's dive right in.
Tell us a little bit about how, you got into enterprise software and what your background is.
Loris: Boy, my story is actually pretty long.
Grant: That's great. Let's hear it.
Loris: It starts actually at this point over 20 years ago, because the way I got into software and enterprise software was originally through my graduation thesis, the project that was given to me when I was still in Italy.
So as a background, I am the founder and CTO of Sysdig but Sysdig is my second company.
So I assume that we'll go into the details of Sysdig later, but my first company was called Case Technologies and was the commercial entity behind an open source network analyzer called Wireshark.
Actually started working with Wireshark at same time when I was in school, when I was at Polytechnic called Turino.
And this started because my professors in the computer networking class decided that the best way to teach computer networks to students was to let the students observe the network traffic.
So essentially give a network analyzer to all of the students.
The only problem that network analyzers at the point were commercial only, very expensive and very often hardware based.
So it was absolutely unfeasible to have essentially one for each desk in the lab so that students could just capture, send it to traffic and see what happened.
So yes, me and the other students who start working on building an open source network analyzer, and the first thing that you need to do, of course we had windows in the labs and the first thing that needed to be done was to build a packet capture driver for windows.
So a piece of software that would allow.
So a piece of software that would allow a windows workstation to be connected to a network and collect all of the traffic like sniffing all of the traffic on the network.
That project was called Wind Pickup and was essentially the first open source networking packet capture driver for windows.
And by the time I got my degree six months later, it was generating more traffic than the rest of the university combined.
So it was not easy inside and outside the university and initially got me essentially an offer to continue staying with the university and doing a PhD.
And then later on spawned my first company called Case Technologies which was started in 2005.
Grant: That's amazing. Okay.
So Wireshark I think is probably the more well-known, is that right?
Is that the more well-known project that came out of it?
Loris: Yeah. So let's continue the story. What happened?
Loris: What happened is that while doing my PhD on this wind pickup, on this packet capture diver for windows, this guy called Gerald Combs in Kansas city had built an open source network analyzer for Solaris called Ethereal.
This was a 2001, something like that. Gerald saw that I had finally made it possible to essentially get your packets from windows and saw that I had ported TCP dump to windows using this technology.
And so I decided to make a windows version of Ethereal that would be based on wind pickup and that caused the overnight explosion of both Ethereal and wind pickup.
So these projects kept growing for few years until when I moved to the United States I was invited essentially as a PhD visitor student to California, to UC Davis.
And while I was there essentially, I told Gerald why don't we start the company together and we commercialize this?
And Ethereal at the point was extremely well-known and was the defacto open source network analyzer that everybody was starting using.
And so the idea was why don't we create a company that can essentially build products around Ethereal and around wind pickup?
The only problem was we didn't own the brand and the website domain of Ethereal.
This was owned by Gerald's previous employer and we were at that point poor, not far from being out of school, unprepared for running businesses and unequipped for a negotiation essentially to acquire these assets to start the company.
So what did we do? In May of 2016? We fought the Ethereal project. We renamed it into Wireshark.
We told the community, we'll keep working on this. We're building a company around this, we'll have our back but the project is moving.
Ethereal would stay there but we won't maintain it anymore.
And Wireshark is the new open source network analyzer, and that started as a simple branch of Ethereal and then Wireshark is still what we have now, 14 years later, still thriving with millions of users.
And as you probably know has grown quite a bit since then.
To give people context, maybe not everybody's technical or into network analyzers but Wireshark at this point is a tool with the tens of millions of users in the world and address of thousands of monthly downloads and everybody that does anything with the computer network ranging from troubleshooting, security, forensics, protocol development, equipment installation, everybody that does anything with the network uses Wireshark.
And that was born just because we had to change the name of the tool because we couldn't own the assets of the tool.
So there's a power of open source if you want.
Grant: I love that. That's amazing. And what was your co-founders name for the Wireshark? Gerald?
Loris: Gerald Combs.
Grant: Gerald. Great.
So you met and you'd both been working on these independent open source projects, your projects were complimentary and so you formed together to create Wireshark.
And did you start the company around exactly at that point, is that when case was launched?
Loris: We started the company together with another co-founder called John Bruno, which is the professor or invited me as a PhD student to UC Davis.
So it was interesting because I had never had a job.
I was still a student before while John had spent his all career in academia and was essentially a tenured professor, but neither of us nor Gerald had any experience at all in business.
And that was really, really the very first job that I had was starting a company.
So I always find it unique that the first time somebody gave me a salary for working was years later after my company was acquired essentially and at the point I became an employee of another company.
But I started essentially Case just out of my PhD and I started it with absolutely zero experience, myself and my co-founder, absolutely zero experience in anything related to business, especially enterprise business.
And for the same reason as you can imagine, we started the company without investors.
No one for sure would have been crazy enough to give us money at that point.
So this was truly all school, no investment, no VC kind of bootstrap company that survived and the in group probably more because of miracles than actual strategy or skills by the founders.
Grant: But you had technical acumen and you had all these people using Wireshark and so I'm guessing some number of those were companies who were asking you for, were they doing support contracts? Were you doing-
Loris: Yeah, that's absolutely the case.
So we had yeah, the technical skills. We had a big community that we're bringing with us, which again, it's a very interesting lesson that I learned.
The fact that even when you're giving away your software for free and you do that for years, you're creating value and you are creating if your software is equality and you treat your community well, you're creating essentially an ecosystem, a community that then will stay with you when you start the company and when you start selling products or services. Because the way we started the definitely was by doing consultancy and services.
When you don't have an investment from a VC and you want to bring in income, typically you leverage your skills and your intellectual property to offer services to other company. In particular, the way we started that adventure was in the avionics space.
So networks, computer networks for airplanes and in particular we participated to the Airbus A380 development, but especially we were pretty heavily involved in the Boeing 77 development and that the complexity of these modern airplanes that they have a proper networking and hubs and switches in the airplane, instead of just having cables that connect every single device that needs to talk to another device.
So there was essentially an element of complexity in the industry that was matching our skills very well and for the first couple of years essentially, we brought revenue to the company largely by doing these kind of consultancies and growing essentially this consultancy business to bring enough money to pay for more of the salaries for us and to invest into hiring employees that then we could in turn direct to help us build our own products that we started selling a couple of years later.
Grant: And then Riverbed came knocking.
Can you talk a little bit about what happened there?
Loris: So we were miraculously able to grow the business pretty nicely.
And in a matter of a few years, three, four years, we were in the millions of yearly revenues and this was largely based on trying to keep our open source properties and ecosystem strong, investing heavily into these open source tools like Wireshark and wind pickup, but at the same time building products that would be the periphery of this ecosystem like USB adapters for wifi packet capture.
So in other words solutions to monitor and troubleshoot wireless networks or devices that you could plug into data center networks and could collect traffic at high speeds for a long time so that you could go investigate and understand what the problems are.
So we started building these products and we were at the point still without any investments, so independent company, generating revenue, growing pretty nicely.
The team at that point was a 20 or 30 people.
As you can imagine, we were a pretty nice acquisition target.
We received several offers and we always decided to pass because we were having fun doing what we were doing.
When a company called Riverbed based in San Francisco came and knocked to our door, that was different because the founder of the company called Steve McCanne was also one of the pioneers in our industry.
And when he was in school actually he brought some seminar pieces of software and some seminar papers for example, related to this kind of stuff that was really like how I was formed as an engineer.
So I taught the opportunity to work with him and his team and grow the thing together would have been fun and exciting and micro founders shared that opinion.
And so we ended up being acquired by Riverbed in 2010.
And interesting piece of trivia since Grant that you adjusted the baby, this transaction happened truly while I was having my twins, my first two kids.
And I remember I was at the hospital.
My wife and my co-founders were knocking on the door asking me to sign paperwork because we were essentially really at the last inches of the acquisition while we were at the hospital with Stacy and Stacy was ready to deliver our twins.
So that was definitely a memorable, intense, very intense time of my life.
Grant: I can't imagine. That's hilarious.
Were they acquiring it because they saw the opportunity to really scale out these products that you had been building?
Was it more about the open source community? What was the most exciting asset for them?
Loris: I think it's a combination.
So Riverbed was at that point that a company that had been extremely successful with their primary business which was when acceleration.
So simplifying when you have a network that is disconnecting, for example two offices or data center of an office, you can put these devices at the two ends of the network and they will optimize it, they will do compression, they will do optimizations and they will essentially save you bandwidth and still save your money.
And they did very well with that product line, extremely well to the point that they went public in four years or something like that.
And by the time they called us, they were looking for essentially differentiate our business and move into new spaces and performance management in monitoring and visibility and troubleshooting was one of the spaces and we brought our product line there and it was a very exciting and very formative journey for me for sure.
First of all, because as I told you before, for the first time somebody gave me money to work which I found to be amazing, but also because I learned a lot by being part of a team of really skilled people and of a company that was much bigger than mine.
And we had a really nice success story there because our products essentially were put in the hands of--
Our salesforce when we were acquired was tiny, a handful of people while Riverbed had its solid structured widespread Salesforce and with global reach.
So our technology was pretty good.
So immediately the revenues of our product skyrocketed.
And I remember, by the time I joined Riverbed case with our products, we were generating around probably, four or five million dollars of revenue.
By the time I left Riverbed two years later, the revenues of the product line were a directionally toward 100 million dollars so very nice success story there.
Loris: A very nice win-win proposition, a very exciting journey because then when you're successful, you get visibility inside the company and you can accomplish stuff.
And of course the merit was everybody in the business unit, but just was very successful and very fun.
And they spent two years there and those were two years in which I learned definitely a lot.
Grant: Yeah. That's amazing. I had a slightly similar experience.
I'm guessing, is that where you really picked up what enterprise customers wanted and you saw how an enterprise go to market really worked and you saw how these big organizations and support teams and is that where you got a taste for how to really structure an enterprise software company and enterprise software go to market?
Loris: Big, big time. Without that experience, without what I learned in terms of what is an enterprise customer?
What is the journey of selling, even of building a product for an enterprise customer?
What does it mean to have a lifelong relationship with the customer, because at the point already and even more now with the recurrent business models, your customer is your partner forever and the relationship that you need to establish with the customer and what support is, what customer success is, what pre-sales and post-sales are.
All of these I learned at Riverbed and I was lucky enough to learn it from one of the best teams.
That was eye opening. I had no idea all of this stuff existed.
Grant: Yeah, exactly. It really is. You probably thought, "Hey, I built this great company. We got four or five million in revenue. We started from nothing. Look what we've done."
And then you watch it in the hands of a bigger company and they have the full machinery going where they know how to roll things out and their customers know how to sell stuff and position. It really is.
Loris: The machinery is something that I just had no idea even existed before.
It's probably many people that maybe start with the little companies and then they go into enterprise later, you know?
Loris: It's a bunch of stuff, all very important data needs to operate in harmony and it's a trivial.
Grant: Yeah. Did you develop any almost frameworks or if you distill some of the things you learned, were there any key lessons or stories from that time that were formative as you moved in to start Sysdig?
Loris: Many of them. One is what I just mentioned, so the customer journey, right?
So what is the journey of you as a software provider and the customer need to do together for the company actually to be successful?
The other one is the role and importance of product management.
Before that, my products were built more like on instinct.
Starting from something cool and definitely technology driven, I'm pretty skilled at identifying technological gaps and building maybe exciting stuff around these technological gaps, but this is just a part of the equation, understanding your customer, understanding the market, reading the signals, using the right metrics and informing your decisions.
That's all stuff that I learned how to do by essentially observing very good people doing that at Riverbed.
Maybe one last thing that I learned, I learned about myself which was, I am an entrepreneur.
So despite loving working for a bigger company, I was really craving just going back and being again the true owner of my future which happens only if you have your own company.
Grant: Very true. Okay.
So going back to these two lessons, this idea of product management is funny because I think about, as early founders and early product people, you have these ideas and I think you talked about this as identifying the gaps, right?
And this sort of like, "Oh, this is a technical gap and we can do something cool here."
Which is a skill upon itself.
But then this idea of then taking that and really finding a market opportunity around it I think is a much larger skill.
That's often why companies exist to go find that.
So is there an example of some of the technology that maybe you sold into Riverbed or even at Sysdig of how you had this cool technology but then the steps you took to really understand the customer or the market or find the right metrics along the way?
Loris: I need to see because I have so many examples, but to give you an example that is more recent so I'm jumping a little bit in history and I'm jumping to the current Sysdig product line, but Sysdig the offers products to run essentially containerized in Kubernetes and cloud infrastructures in production.
And we have a monitoring and visibility product line and we also have a security product line.
The security product line is relatively recent.
We launched it in 2017, essentially spawned from the core technology that Sysdig had developed initially for monitoring and visibility.
And when building that product, we talked to people, we talk to users and we did as much market research as we could and we identified essentially set of features that we put in the first version of the product.
This set of features were revolving more based on my inclination as a technologist on the harder runtime security and protection kind of features.
So stuff like anomaly detection, like ability to detect threats for containerized infrastructures and so on.
And we didn't include initially technology that we considered to be much more trivial and less differentiated like CICD pipeline scanning.
So essentially being able to look at your applications as they're built by your continuous integration pipeline and being able to find the anomalies or issues or security vulnerabilities at that level.
So we loved that feature because it was not very differentiated and it was too easy and we started selling the product and the product started selling pretty nicely.
But immediately the users started screaming to having also the less sexy functionality because you want the sexy stuff but you absolutely also want to have the check boxes, otherwise the product is not fully useful for you.
So we had to scramble and modify our trajectory and go and include the scanning stuff, the not sexy stuff.
And the moment we did the release, the product exploded, exploded overnight.
So that taught me that, first of all, listen to your customers.
Try to do possibly as early as possible even before you start building.
But if you cannot do that, maybe because you don't have the resources, keep listening and keep bringing this information and inform your decision as effectively and quickly as possible after the product is out so you can quickly modify your roadmap to consistently match what you're hearing and that can make a huge, huge difference.
Grant: Yeah. That makes sense.
I'm glad you touched on Sysdig's. I think we should jump there and then maybe we'll come back to some of these other things you learned along the way as well, but let's talk about it.
So you said the final thing you learned was you're an entrepreneur and working for a bigger company isn't really your style.
So talk about what inspired you to launch Sysdig. What was the aha moment and how did it go?
Loris: I think that in every field but especially in enterprise, opportunity comes at industry inflection points, right?
Because if uncommon to convince this enterprise could replace this with something else that is marginally better.
At the same time when something new happens, when physical servers become virtual machines, when data center becomes cloud, when software that is packaged with an operating system becomes a container, those are moments of radical change where you can find an insertion point.
So I left Riverbed in 2012 and I took a little bit of a break, but around the time, first of all, cloud computing was in its phase of explosion and company, a little past provider called Dot Cloud was being renamed into Docker and the container revolution was born.
So that was really coinciding almost exactly with me essentially leaving Riverbed and looking for new adventures.
So the impetus for me was take what I learned before.
The type of functionality and technology from an industry that I had helped shaping and realizing that that kind of technology, despite being very useful, despite clearly having a value for the enterprise, realizing that it was not going to be applicable anymore because there was a technological shift that was making it architecturally not really applicable.
And at the same time, this technological shift would generate a new Greenfield market that was big enough for a new player to essentially go and grab the market.
So a mix of technology opportunity and Greenfield in the market and I thought, this sounds exciting.
Let's see if we can do something.
Grant: Yeah. Well I think we first met at a Docker com but I think we met someone from your team at a CoreOS event just around the founding.
It was very, very early containerization.
Loris: Yeah, the conference, yes.
Grant: CoreOS Fest, right. Exactly.
Loris: It was 2015, I believe. Yes.
Grant: Yeah. So you'd started the company a couple of years before and you were really getting things off the ground at that point around containerization.
What made you think-- It's interesting.
I think we look at it now and it's pretty obvious that the containerization and Kubernetes have shifted the market, probably an order of magnitude, maybe two orders of magnitude more than we expected, but why were you confident that this was a technology shift that was worth building a company around?
Loris: I was not confident at all.
I was projecting conviction to the external world, but the reality is you make a bet and that in my opinion is the key moment when you approach the market, the way you just described.
There are many ways to go to market but when you are essentially looking for a major inflection in a big industry like enterprise IT, you need to jump early and you need to make a bet early before everybody else is seeing it.
So containers at that point, especially pre-Kubernetes.
You remember the times when it was just Docker and then Mesos came and then Kubernetes came.
It sounded very exciting. It sounded technologically the right approach and the approach that should be used in the future.
But it was absolutely a bet and part of being an entrepreneurs is making informed bets.
Of course, you don't want to make stupid bets but still you are making bets and there's an intrinsic element of luck and containers went exactly where we predicted, probably surpassing our predictions and it's easy now and I should probably come here to you and present myself as the genius visionary that felt this way before everybody else.
But you know this truth, I made an early on something that felt like it had potential of being a radical change in the market and that fortunately paid off.
Grant: Yeah, no, I love that.
I think it's funny because I think it matters who else is betting alongside of you.
I think part of the reason that this has become so successful is because the ecosystem is here.
Because containers existed and companies started betting on it and Google bet on it with Kubernetes and open sourcing that, it then opens up the market even more and then more people bet on it and Red Hat bets.
Everybody starts to back it and it gains momentum and become self fulfilling.
Loris: Yeah. And philosophically for sure around those days, I was more interested in being the leader in a tiny market with opportunity rather than a little player into a much bigger market but with less growth opportunity.
So that was the philosophy.
Grant: Yeah. That makes a lot of sense as well.
Maybe there's a different way to do it but I think growing a company as the market is growing feels like the easiest way to do it because the large competitors are scared away from these tiny markets and that for you, you're well, the market's bigger than my company is so there's room for me to grow and then you're like, "I believe that this market will continue to grow in the future and then if I'm right, I'll be able to take up as much space as it grows."
Loris: If you're right by the time your competitors realize this market is important, you've already taken off.
Grant: Yeah, exactly.
So obviously one of the bets was on containerization and eventually Kubernetes.
Were there other bets that were part of your early thesis, maybe it was the world will use more apps or just anything else that was part of the story.
Loris: Yeah. I would say from the technology point of view, nowadays they call it shift left or DevOps.
But in a general way, the CICD pipeline becoming more and more important, more and more like the center around which you build software.
So a higher level depiction of this is traditionally software was built in a monolithic giant pieces of code that were released in a pretty manual way every six, 12, 18 months.
Nowadays software is split into components, microservices, built continuously.
So every time a developer makes a change in the code, the code is built released automatically It's built, it's tested and then it's released.
So describing these nowadays is absolutely normal.
No one would crazy enough to be software in a different way.
But when we're talking about five, six, seven, 10 years ago, that was absolutely not the norm yet.
So this movement of let's say DevOps and CICD and shift left and microservices is another big bet that we did from the technology point of view.
So Sysdig product line is not only specialized in let's say containers in Docker and Kubernetes but in everything that has to do with the way you architect and structure modern software, especially modern software that runs on the cloud.
That's another conscious bet that we made early on during the life of Sysdig and it still drives our strategy nowadays.
Grant: Yeah. That makes a lot of sense as well, this focus on DevOps and the move towards cloud native, both architecture as well as deployment targets.
That makes a ton of sense to me and saying, we're going to build towards those things and build the tooling that captures those trends and build a business on top of those.
Loris: And the pattern is the one that I was mentioning before.
Identify something that has the potential to be revolutionary.
Loris: And make the existing tools that people use not functional anymore, CICD.
So even intuitively, even if you're not into writing and shipping software, it's intuitive that tools that are designed to whatever, secure or visualize software that is released every eight months are very different, radically different from tools that are designed to do the same with software that is shipped 20 times a day.
Loris: So clearly if a change in that direction happens, then people will need new solutions and will need new vendors.
Grant: Yeah. It's interesting too because I didn't know that there was going to be multiple here but I assumed there would because I have a belief that any decent company is actually making multiple bets.
You're saying, "I think that these four things will be true in the future."
And if three of those four things are true like you might build $100 million company.
If four of them are true you build a billion dollar company and if two of them are true, you'd acquire for $20 million, and if one of them is true, you're out of business and if zero of them are true, you've literally just gone the opposite direction of the entire ecosystem and everyone wonders what you did wrong.
It's more than just one bet, it's you have to place a couple bets and predict the future.
Does that map on to what you're talking about?
Loris: Yeah, absolutely.
Especially if you have the ambition of building the company of a certain size, right?
Loris: Let's say in order to generate a billion dollar company, your predictions about multiple things in the future need to be pretty accurate.
Grant: Yeah. And you need to constantly tune those predictions as things become more clear and keep making predictions.
Loris: That is constant. That never stops. That happens always.
Or at least in my experience, that's happened always on a weekly basis, not even on a monthly basis, but yeah, especially when you're working on the bleeding edge in ecosystems like the cloud native one, there's really something new every day.
There's a new technology every day. There's a new direction every day. There's a new cloud every day. So it's constant, constant, constant refinement but the initial assumptions are still important. It's like chaos theory.
Grant: Yeah. Yeah, exactly. Do you believe that the not trajectory, but sort of that--
You were talking about this cadence of every day in the cloud native space, there was a new project, a new thing.
I felt like it was very hard to keep up with. Do you feel like it stabilized a bit in the last, year or two?
Loris: So I feel like if a wave on top of each other. So some things stabilize.
We were remembering things like CoreOS Fest in 2015.
At that point, it was absolutely not clear if, first of all, the container market would have been a big market at all, but even assuming it would be, there was Kubernetes, there was a Dockers one, there was Mesos and all of them.
Grant: I think even at that point, CoreOS had one called fleet I think, right?
Grant: Open shift wasn't yet Kubernetes.
Loris: Yeah. So it was so much influx.
So that part of the ecosystem is stabilized quite a bit text to the fact that Kubernetes and the stack around Kubernetes has become the winner and is the default one.
So from the point of view of the orchestrator, we are in a much more stable place but there's something new going on all the time like I don't know, network meshes, tooling around data and, I don't know--
Sysdig is active in the security space, so anything related to security in the Kubernetes ecosystem and the file codes and all of these tools.
There's something new every day, there are new ideas, there's continuous innovation and continuous adoption of new tools.
The Prometheus and open telemetry, open sensors.
Even in the visibility space, which is the other where Sysdig is active , there is still quite a bit of stuff going on.
So it's almost as the fundamental base pieces stabilized and slowed down a little bit, the pieces on top of them, there's always something new that happens, that accelerates.
Grant: Yeah, that's a great point.
So you talked about these platform shifts that come about, I think about that sort of shift in technology that creates an opportunity for a company.
As some of those stabilize, that allows the companies and the ecosystem around it to even go faster.
I think a lot of folks were on the sidelines waiting to come in to the cloud native ecosystem until there was a clear winner.
But now this innovation is happening a little bit higher in the stack in different sides like security or I guess tooling like you're saying.
Just anything beyond just the standard like the core bits that drive it underneath the hood.
Loris: Some of these meshes are very good example of that.
Something with huge promise for the future, almost as revolutionary as Kubernetes itself.
But definitely still very much in the early stages and with a lot of continuous change coming in the space.
In other area, the customer mind is containers and Kubernetes in the cloud, right?
So every cloud provider now is heavily investing in Kubernetes and each of them, their own flavors like for example, the Fargates in AWS and so on and there's a ton of work that is done there and the landscape is quite fluid still.
Grant: Yeah. It's interesting how these evolve and put the new areas pop up and that's where new opportunities come in for all of us to investigate and to introduce.
Loris: Yeah. Hopefully this gives ideas to listeners to start their own companies.
Grant: Yeah, yeah, exactly. That's part of this.
Hearing about how we think about identifying opportunities, this is what part of the goal is, right?
Let's explore how we think about these things.
Grant: So with Sysdig, your initial product for I was more around monitoring and observability, that was the core and you still have that as a product.
Was it open source from the very get go or not?
Loris: Part of it was open source.
Loris: From that point of view we can say that Sysdig, my second company is largely an evolution of what I did with my first company, the Wireshark one, Case Technologies, reapplying the technology and the lessons of the first adventure to the new world, to the changing world of cloud and containers.
And the underlying technology in my first company and the underlying actually more than technology, data source for my first company was packets, network packets.
So the unit of transfer on a wire or wireless if you're using a wireless network, that unit is not very suitable for the modern world of containers and cloud computing so what we did was we focused on other data sources and we ended up picking system calls.
So instead of looking only at the network traffic, a system call is everything that a piece of software does when running somewhere like opening a file is a system call, communicated on the network is a system call, executing a command is a system call.
So all of these signals, we build software to essentially collect them and treat them a little bit like network packets so that you could capture them, you could filter them, you could save them and so on.
So we essentially found a data source that would be suitable and applicable to the modern world of containers and cloud but we could use the powerful workflows that we knew were working for the previous generation of the industry.
And that brought us to the creation of an open source tool called Sysdig which then gave the name to the company and was the first thing that we released, Sysdig as a company.
You could almost describe it as a Wireshark for system calls and for containers and for cloud computing.
For that reason we adopted a open source approach, exactly like we did with Wireshark before.
Sysdig is still a very popular open source tool which is broadly used in the community for troubleshooting forensics, incident response for containerized infrastructures.
This was the core piece of technology and on top of this, we built Sysdig monitor which essentially uses the same data collection, the same rich data collection technology, but instead of focusing on the troubleshooting forensics workflows, and so more a single machine, single container workflows, Sysdig monitoring is more like an end to end visibility tool that you deploy on every single machine on every single piece of software and they can collect the data from all of the sources in a centralized way and give you metrics, visibility, dashboard and all this kind of stuff.
So it's almost like the core technology for both products is open source but then we have an open source tool that is for the community and then we have a distributed commercial tool, which is commercial for our paying customers.
Grant: Right. You followed that same model with the Falco product and projects as well, right?
Loris: Yeah. And Sysdig was inspired by tool like Wireshark, Falco was inspired more by tools like, so intrusion detection systems that were, again, purely networking that we evolve to containers.
So again, nothing is reinvented or at least we didn't reinvent anything.
We tried to get the best ideas that were working and useful for people in the previous generation and we essentially did the technological steps to make them useful and valuable in the next generation.
Grant: Okay. That makes sense to me.
And so yeah, that's another interesting framework for thinking about products is, what was useful before and what's changed and how do we bring this into the new world.
Loris: To me, that's what I've always done and to me it's a much more effective and less risky and more potentially successful way to build the business.
I'm totally aware that you can go and essentially create a market, create a category by yourself single-handedly.
But identifying a category that is working in a specific area or industry and finding a way to board this category, this technology in a different industry is one of the safest and potentially successful ways to do business, especially in the enterprise.
Grant: Yeah. And then from an open source perspective, realistically Wireshark and the work you did there to commercialize that, that was pretty early in the open source journey.
And even when you started Sysdig, I think there was likely much less known about how to build and scale an open source business that we didn't have like the HashiCorp and get labs that were running these huge companies that point.
So did you ever consider not doing open source? Was it really obvious to you from the beginning?
And then talk a little bit about what it provides in terms of value to you as a business and how you interact with the community.
Loris: Yeah. So at this stage, we're really talking about the very, very early days.
So at this stage as an entrepreneur, you have a tension between building valuable and differentiated protectable, I don't know if protectable is a word, but intellectual property.
Grant: Seems good to me.
Loris: Exactly. And be known.
Even the world know that you exist.
So the intellectual property protection pushes you against open source, especially if you're bidding stuff in powerful and valuable and hard while giving it away and giving it away to the community, giving it away potentially also to your competitors.
The need of having the world know you, pushes you toward open source because open source is one of the best generators of brand and visibility and virality that one can imagine, especially in enterprise software, especially when you're targeting DevOps developers in the highly technical audience.
So to me reason number one to do open source at that point was, I'm a pre series A company.
I have big ambitions. No one knows about me. How do I show the world who I am?
How do I make the world understand and appreciate what I'm doing?
And that's why we decided to release some of our IP, actually the vast majority of our IP, and have open sources being released in 2014.
That bootstrapped our company in terms of being known by the world and that generating our series A of funding because the thing went viral.
Grant: Yeah. It's interesting.
So off the back of some open source adoption, you then were able to raise.
Did you raise a seed round before that or not?
Loris: We did raise a seed round before that. Yes.
Loris: The seed round was in 2013 and the A round came at the end of 2014 thanks to the fact that everybody at this point in our segment was talking about us because we had released these very useful and cool open source tool.
Grant: Great. And then, you raised DA, you start to build.
And then when did you decide that you were, okay, we're really selling the enterprise.
We need to get in here and get all these features like role based access control and on-prem deployment and all these kind of stuff.
When did that become part of the roadmap?
Loris: Yeah, that's interesting because my thesis was that containers and Kubernetes being the bleeding edge of the bleeding edge would follow the same pattern that cloud computing followed in terms of penetration.
So cloud computing and clouds like AWS started by being adopted by startups, small bleeding edge organizations, little teams inside the enterprise.
And only years and years later, a decade later, they were actually accepted a scale by most of the enterprises.
And there was quite a bit of just a long tail Silicon valley adoption of cloud technologies before it became mainstream.
So we were convinced it would be the same with containers so we started by preparing ourselves essentially to sell to small and medium enterprises, actually very small and small enterprises. We found out after going out in the market and started selling our product, that Kubernetes and microservices were something that was more appealing to bigger organizations, especially the biggest organizations like banks, media companies, television providers, healthcare, this kind of insurances, this kind of companies in addition to the Silicon valley startup.
So as we started going out and equipping ourselves essentially to sell these into our steps for product market fit, we were, I wouldn't say caught off guard but a little bit surprised by the fact that these study looking more and more like an enterprise business, a set of technologies that the enterprise would be interested in.
So despite starting early on, equipped with just a go to market engine that would focus on smaller organizations, we pretty quickly pivoted into bigger organizations as customers because again, we were pulled into that.
Grant: I love that. Yeah.
So it's interesting because you're like, that was actually one of these bets that maybe you were initially wrong but you were able to move fast enough and say, "Oh, our ideal customer profile is not small team. It's actually these much larger organizations who are thinking about scale and using Kubernetes to manage lots of different services across lots of different teams."
Loris: Absolutely. And definitely, I don't know if I would say a wrong bet or an assumption that seemed to be pretty reasonable at the time that turned out not to be right.
And I think it's not uncommon in that phase and yes, the solution for that is being able to react quickly when an assumption that you've made turns out not to be true.
And I think it's also likely very helpful that you had spent that time at Riverbed and really learned what enterprises needed and you had been selling that customer.
So I'm guessing a different founder who didn't have that real enterprise experience.
They think they're going to sell at a small businesses like them and these high growth companies then they start to realize the inbound is from these bigger companies and they have no idea how to manage that or sell to it.
It's a harder transition, but because you had had the experience at Riverbed, I'm guessing you were able to see the signals a little bit faster and react and actually know how to handle those customers, right?
Loris: Yeah. And that's one of the reasons why I was saying there would be no Sysdig now if I hadn't learned those lessons while at Riverbed, for sure.
Grant: Yeah. And so let's fast forward a little bit into the companies.
Now you've been around for a few years and Falco seems like it's a really important part of the company and you made a different decision with open sourcing that in that you didn't just open source it and act as the key maintainers but you actually donated it to the CNCF, correct?
Loris: That is correct.
And the rational there is, again, trying to read essentially where the industry's going and try to make the right bets and assumptions for the future.
The assumption here is that we are going through a radical change in approach to cloud computing.
It's almost like stage two of cloud computing.
Stage one was Amazon, Microsoft, Google, IBM beating their clouds and offering essentially services on top of their clouds.
Phase two is these computing stack for the cloud is being created that sits on top of the clouds and as an agnostic operating system for the cloud.
And the unique, very powerful thing about this stack is that it's completely open and community driven, which means that the units to run your software like the container engine like Docker, the orchestrator like Kubernetes, these are all essentially open source, but also everything that revolves around them like storage, networking, firewalling, you name it.
It's all open source and community driven.
So five years from now, 10 years from now, that will be the default stack, which means that in order to be relevant and the winner is a vendor five years from now, you will have to be part of the stack because you have contributed essentially creating the stack.
And that happens only if you do that with the community.
So we realized as Sysdig that if we have ambitious to be the security company for Kubernetes and for the cloud, we don't do this.
We cannot do this as a single company but we need to do it by driving this, by being the thought leader together with the rest of the community by essentially having the technology underneath it, being essentially truly part of the Kubernetes stack because it's part of the CNCF.
So essentially we took the decision of donating all of the available intellectual property to the Cloud Native Computing Foundation, so that we can drive these not as a company but as a community and we can make sure runtime security is an integral part of Kubernetes and runtime security is based on what we believe is the right technological approach because we've built it with our conviction and if the community embraces it that means we were true.
Grant: Yeah. I love that.
That's actually really interesting perspective in long-term too which is really important.
And it's something that we think about it replicated, right?
We donated the project recently called SchemaHero which isn't core to our business.
I think it's this interesting piece of technology that my co-founder built and we thought it would be really well designed and well-suited to be part of the CNCF but it's interesting to hear how you talk about that and thinking about long-term, what do you want to make sure is aligned with your product vision that's part of this ecosystem.
Loris: Yeah. And as an entrepreneur, you always need to take into account long-term play versus short-term play, right?
So something like an open source approach is again probably damaging in the short term because you release intellectual property that is yours to the community and to your competitors.
But if a winning strategy in the longterm, especially in dynamics like the ones where I described where the stack is becoming open because it allows you to build much better solutions that are much better integrated with the stack and much more embraced by the community.
And Sysdig is knowingly playing the long-term game but what you do heavily depends on what you want to optimize for your company.
If you want to be acquired next week, probably that's not the right choice.
Grant: Yeah, sure.
And I'm guessing potentially some of this was informed by how you saw Prometheus perform compared to some of the core Sysdig technologies, is that right?
Loris: Yeah. With Prometheus it's interesting because definitely, since they was already offering monitoring tools before Prometheus but this scenario where it was pretty clear.
The community wanted a standard.
That's exactly what I was describing.
The next generation computing stack is going to be open and is going to be standard and is going to be driven by the community.
So clearly is a monitoring vendor, the right choice for us was to embrace this and to try to work together with the community and at the same time offer something that can sit on top of the standard for monitoring which is Prometheus and offer full compatibility on it but with enterprise functionality.
And right now, yeah, the reason why people buy Sysdig as a monitoring tool is because we have the most scalable, more enterprise ready, more complete monitoring software that is fully 100% compatible and swappable with what the community offers.
So Falco on one side and Prometheus on the other side really are the cornerstone of our strategy and how we are essentially positioning a platform that is ready for the enterprise but very much based on standards that are open, community driven and allow our customers to use us or use a completely home-built solution in a way that is completely compatible.
Grant: It's interesting. I'm just thinking about this evolution of open source, right.
And so at first it was like, just even open sourcing stuff was great.
And then it was like, open source and then actually donate the IP to a foundation.
Loris: A neutral organization, yeah.
Grant: Yeah, a neutral organization.
Is there in five years a thing that is even a step beyond a neutral organization?
I can't think of anything off the top of my head but I'm wondering if you think about the future of open source going in any direction or the other.
Loris: I think the present and the future of open source is building communities.
Open source in my mind means less than less a bunch of software written in some language and more and more people, people that work together to achieve a common goal.
This is what's unique in Kubernetes and the model cloud computing is multiple companies including the cloud providers that are competing with each other, working together on having a standard that is accepted by everybody and as interoperable as possible.
Open source is not called and not the license that you use but it's people how they work together, how do they influence each other and how do they coordinate to reach a common goal and it will be in my opinion more and more like that in the future.
And that is very relevant for entrepreneurs because more and more the future of enterprise software and you name it, you were mentioning a company like HashiCorp or GitLab.
I'm thinking about Kong, which recently raised almost 100 million dollars.
I'm thinking about, I don't know, NGINX, I'm thinking about Cassandra.
All of these companies start by building communities and then they find their way toward the essentially commercializing commercial products around it.
Grant: Yeah, that's great.
I think that's a really unique perspective and I hadn't even thought about the idea that it's more and more about the people, less about the code which makes total sense because ultimately, and it's also such an important part about standards and collaboration because if we were all just building these projects independently and open, it's not that valuable.
But it's the collaboration, it's the consistency and that's what allows communities through laws, ecosystems to evolve as well is because then, okay, if I know that there's consistent protocol underneath the hood, I can place a bet on that platform and then do my thing on top of it and maybe that's open as well.
So yeah, that's a really great point.
Loris: Exactly. And there are industries where they have traditionally been pretty open.
The database it's uncommon nowadays to have a piece of backend.
Red is my sequel, Cassandra and so on, Elastic to have any of these components.
Elastic is a little bit recently but they are not open source, but they are at the same time other industries.
For example, the security industry in which Sysdig operates have been pretty resistant to adopt open source and they'd be more opaque.
And they think one of the trends in the future is that this will change and companies like Sysdig that approach to security from the open source point of view, starting with a community driven efforts like Falco will become the norm in security as well.
Grant: Yeah, I totally agree.
I think that we'll see more and more open source security companies over the next five, six years as well.
That really disrupt the ecosystem because part of it is that shift left concept where developers are getting more into security, developers expect more open source, but also it's just such a powerful model.
It's almost an unstoppable force because it just keeps rolling and then if the end users prefer it, it's almost like it's just a war of attrition over time.
Grant: Cool. Loris, this has been a really fantastic stroll through your career, the insights, the things you've learned, your perspectives.
Is there anything else that you want to share with the audience?
Maybe a bit about the future of Sysdig or things you're excited about.
I don't know, just anything that you want to cap it off with.
Loris: Yeah. Future of Sysdig, I wish I could, but Sysdig at this point is a strong player.
I would argue Sysdig is the leading player in security for containers, Kubernetes and cloud.
We have an organization that is growing very nicely.
And for the moment together with my team, I'm still very, very excited to be part of and to keep growing.
So my first company, the Wireshark company, Case Technologies was acquired relatively early on and it was a great experience.
Very exciting. We see what happens with Sysdig.
The future is always unknown but with this one, my ambition, the ambition of the team is building something big that can live long and really be a strong leader of the market.
And that's what we're doing and we're coming up with new features, new functionality, new exciting news on a daily basis and we hope to be able to do that for still quite a bit of time as our organization grows.
The important thing hopefully is keeping having fun and for the moment I'm having a ton of it.
Grant: I love that. Yeah. To echo that, you do have an incredible team.
I've gotten to know the folks over there for the last five, six years.
We owe you a debt of gratitude as one of our early customers.
But this has been super interesting to learn from you and to hear your perspectives here.
Thank you for coming on the show and sharing everything.
Loris: My pleasure. It was fun.