Cybersecurity unicorn Snyk was founded in 2015 with the mission to help developers make their code secure. Just a few years on and Snyk has evolved from being an open source vulnerabilities scanner and to becoming the world’s first developer security platform that start-ups worldwide can build upon. Snyk customers and users collectively have run more than 300 million tests in the last 12 months and fixed more than 30 million vulnerabilities in the last 90 days.
As the company announces its $530 million Series F at a valuation of $8.5 billion, it’s clear that Snyk is driving the industry’s shift to a new developer-centric approach to security and is now the undeniable leader in this space. In 2021 so far, the company has:
- Increased annual recurring revenue by 154% year-over-year
- Grown its customer base to 1,200+ companies, including established enterprise leaders and emerging hypergrowth technology companies
- Hired and onboarded 320 employees, projecting 800+ by year end
- Delivered more than 40+ new product features
- Acquired FossID to expand license compliance and C/C++ capabilities
I sat down with co-founder Guy Podjarny to get his tips on building a community, how to deal with hypergrowth, the importance of having people across multiple offices and continents feel like one team and more…
Let’s start with your entrepreneurial journey. You’re a serial entrepreneur - some of your companies have been acquired and Snyk’s a great success. What attracted you to entrepreneurship, coming out of the 8200 Intelligence Unit?
I’ve always been interested in creation, in finding problems, and figuring out and creating solutions. That’s what I found most attractive about software development: building things. And I’ve always taken initiative. As an employee, I never waited for instructions to do something. So at some point I concluded it’d be an interesting adventure to try and actually found a company.
I was at IBM at the time. They’d acquired a company that had acquired a company I was at, and I didn’t want to stay there – it wasn’t the right environment for me. Founding my own company made sense. The idea, and how to tackle it, were secondary considerations. It was really all about building and creating solutions.
Even within companies, I found myself constantly looking for the next mountain, and how I could learn something new. How could I grow my impact? That always brought me back to looking for bigger problems to solve. The specific idea would always come afterwards.
What was your approach to picking co-founders, and what advice would you give entrepreneurs on this?
I think having a co-founder is very important. The entrepreneurship journey is hard. Founding companies is an emotional roller-coaster - you have highs and lows, sometimes several times a day, and they can get pretty extreme. You need close partners in that journey and you get many sorts of partners - investors, employees etc. - but you need someone who’s into the cause and all in with you. I’ve seen people succeed as solo founders – but I think not having a co-founder makes an already hard journey that much harder. For me, it was clear I needed a co-founder and that they could bring in a relevant skill set that I didn’t have.
Mike Weider, my co-founder at Blaze, was a much more experienced, technology-minded business person than me, and much better connected to the VC world. So, while he was CEO, leading the company and helping to fundraise, I focused on building the technology and product.
For Snyk, I was based in London, and wanted a branch in Tel Aviv, building a security company. I needed someone who was all in with me in Israel and wanted them to be the opposite of what I had with Mike at Blaze – I wanted someone who’d drive the technology while I could evolve as a CEO and build out the go-to-market strategy. A complementary relationship is important. You need to have enough overlap to communicate well and build the same thing together, but not so much that you’re both redundant.
It’s important, too, to have some background with your co-founder, or certainly a strong reason to believe you’ll enjoy spending a lot of time together. You’ll be persevering through some very hard times and it’s a long journey. The co-founder / marriage analogy is apt. If you fall out, the “divorce” can be very painful. I think not having any history together can be super risky.
You mentioned you first wanted to build a company and then try to find the idea. What was the lightbulb moment for Snyk?
The idea came to me in the shower! I’d been in security for over a decade, building application security solutions, but we weren’t successful in persuading developers to embrace them. In hindsight, I realise we built security solutions that we integrated into a development environment but we didn’t build the tools to be developer friendly.
I left security and founded Blaze, a web performance company, where I spent seven years or so at the front line of the evolving DevOps movement. I learned to appreciate two things. The first was that DevOps changed the world of software. It really drives everything into these independent teams that will run, and security has to be a part of the movement, or we’re never going to be secure. The only way to scale security is to have security built into these development teams’ activities. The second thing was that DevOps gives us a playbook - it has taught us how to build great developer tools that are embraced by developers. That was my lightbulb moment - what if we build a DevOps tool that tackles security?
I think ideas through by talking about them. The more I talked about this one, the more convinced I was that it was necessary. I wouldn’t let it go and it evolved into what we today call “dev first security”. The rest is history.
Did you have to work hard to convince (co-founders) Assaf and Danny to join?
They were both about to found a different startup, so I didn’t need to convince them to found a company – I just needed to convince them to join mine! Fortunately, they weren’t too far along with their idea. It was still fairly abstract, while mine was very concrete and compelling – and, because of my past relationships with the investors, I already had funding lined up. I visited Israel and, after a bunch of meals together, they decided to join. It wasn’t easy, but it wasn’t the hardest part of the journey.
When you started Snyk, did you think about the importance of building a community from the offset, and is that what drove your decisions in terms of building and architecting the product?
Everything you build in a company or solution should really revolve around the eventual users’ pains and needs – especially if you’re building from the bottom up. Snyk was a developer-first security company. The whole thesis was to build a developer tooling company that tackled security. Everything about it was built through that lens.
The go-to-market strategy was to start free and open source and grow from there. The community approach is instrumental to the developer tooling landscape. Developers look to the open-source community to see what’s being used there; they ask their peers; they like to try before they buy – to get their hands dirty. Everything was designed to mimic what I believe to be best-of-breed developer tools.
The other model we had was DevOps, and we wanted to bring security back into the fold of DevOps. It’s a community movement, rather than a technology or specific practice. So it was important to mobilise the notion of developers needing to take on security and to help them embrace it. This drove a lot of educational activities within this conceptual community, which led to business impact from the bottom up, while the freemium self-service model helped us get people on the platform and start tackling that mission.
What tips would you give to entrepreneurs who want to build a community – particularly a developer community?
First, you have to think about the user. If you’re talking about a bottom-up play, it needs to focus much more on the user than on the buyer. You need to ask how these users find out about and consume technology, and orient your presence toward this. In the case of developer tools, discovery and usage are often very community-based.
You also need to think about whether you’re trying to get these communities to embrace a new practice. Sometimes you’re shipping products that are doing something that’s already been done, they’re just doing it better. So you might just need greater awareness and reach. But if, like Snyk, you’re trying to change behaviour and persuade a community to embrace a new practice, you may want to think about thought leadership, and maybe even investing in certain communities.
Finally, if you’re building a platform, and you want to pull people in to create plugins and additions – especially if it’s open source – you should also think about appealing to a community of builders. This is similar but not identical to the community of users.
One thing that’s been particularly impressive is the speed at which Snyk expanded internationally. Starting in three cities - Tel Aviv, London and Boston - at almost the same time helped, but can you walk us through how you thought about building a global company from day one? What have you learned from it?
The company started as a two-headed monster, evolving into three and four heads with Ottawa and Boston. We ensured each office – with its own talent pools – was part of one team. We intentionally divided the teams so they never existed in one office alone – each was present in at least two offices. This required more effort but it also forced us to write things down and communicate asynchronously.
Bringing together people, perspectives, skills and opinions from different locations prevents an “us versus them” mentality
that can arise when every office specialises in a particular topic. There’s a lot of family and cultural value in having local presences but as part of a global company, and it’s an approach that’s helped as we’ve continued our international expansion. “One team” is one of Snyk’s core values
Commercially, it’s all about reach. The technology problem, the people problem, and the user pain the company solves are international. Anyone embracing DevOps that cares about security should use Snyk’s solutions to help them build security into their software development practices. The whole go-to-market motion is product-led and has naturally expanded globally so it’s been international from the beginning. We let the technology community spread it wherever it may go and then complemented this with an inside sales team, supporting anybody coming in and wanting to upgrade. This team then grew, becoming more time-zone friendly, evolving internationally, but always with a local presence.
Instead of pursuing big economies, we’ve followed the users, and grown in the Nordics, the UK, and Spain. In the complicated APAC market, we’ve had to combine the community adoption concept with an intentional presence, as well as an understanding of how business is conducted regionally and how to reach local communities. As at the beginning, we’re helping users in the region embrace the product by fulfilling inbound demand, and reaching out to similar users to ensure they’re aware of Snyk.
Snyk went from low single digit revenue to $100 million+ in ARR in a record time, which is amazing. What did you learn in terms of hyper-growth and the shift from being a founder leading a small team to hundreds of people?
One of my key learnings is to
think further ahead than you originally believe – especially when hiring.
When you’re hiring leaders, you need people who’ll stretch to the full scope of responsibilities you’ll give them. In hyper-growth, that scope will multiply many-fold within a year or two. You don’t want to be in a position where, after your company has doubled or tripled in size and scope of activities, the person you’ve hired is suddenly in the biggest job they’ve ever done. It’s tempting to take a leap of faith with an external hire and think they’ll be able to stretch to the size, but it’s risky. You should only do this with internal hires who you feel can take the role on.
Secondly, don’t underestimate infrastructure. Putting something in place - like an internal system, for example - to suit the needs of your company today is risky. In a year’s time, when you’ve grown, that system will likely be too small for you and need replacing again. I’ve appreciated thinking a few steps ahead and investing in something that felt a bit too big at the time but suited our needs a year or so later. The future is closer than you think when it comes to both people and infrastructure!
And, finally, define clear boundaries. Once you’re successful, and opportunities are plentiful, your biggest enemy is a lack of focus. You must balance taking on new opportunities and not spreading yourself too thinly. By agreeing on certain boundaries for six or 12 months, it becomes harder to deviate from them. We drew a line while deliberating whether to do certain things or partner with certain companies. It made decisions easier, and helped everyone in the organisation maintain focus.
After being CEO for the first four years, you hand-picked Peter McKay to take over in that role in 2019. Can you talk about that decision?
Like picking co-founders, picking a CEO to lead the company at the right time is a crucial decision. Peter and I have known each other for eighteen years. When I was at Watchfire building AppScan, Peter was the President and CEO, and when I started Blaze and Snyk, I asked Peter to be on our Board of Directors. As I built Snyk over the years, it became clear that the market opportunity was enormous and that my role as founder was to ensure the longevity of our developer security vision, including our technology evolution and product roadmap. And, as we reached GTM maturity, it also became increasingly obvious that we were ready for an experienced operator like Peter to partner with me. Given that Peter was already on the Board, it was truly a no-brainer and then ultimately a seamless transition.
Looking back at when you closed your Series A in 2018, what do you wish you’d known then that you know now?
Many things! My earlier point about hiring is one. I think I’d equip the business better in terms of data. Back then I could just about hold the business in my head and understand what was moving. I had enough exposure to deals, product features and such that I could make good decisions and the exec team could make good decisions based largely on intuition. But as the business grew, this became dangerous as I’d have less detail on what was really going on. So I’d have invested in more data around the business and product, and become a more data-driven organisation at that time - it’s less painful to do this earlier on.
Snyk’s been very proactive throughout its lifecycle, raising rounds ahead of time. What advice would you give when it comes to choosing an investor, and the timing of financing?
Most importantly, an investor must be someone you get along with. You’re going to spend a lot of time with them. Just as with co-founders, you need to be happy about this, and feel like you’re having productive conversations. Even if they’re great at what they do, they may be the wrong fit for you personally.
I’m a fan of stage-appropriate and stage-focused companies. Different funds and partners excel at different phases. I’m sure there are amazing individuals and companies that go all the way from seed to super-growth, but there’s a mental state and organisational setup for firms more attuned to just a couple of rounds. Be mindful of the stage you’re in.
You also want investors to have knowledge and experience in areas you appreciate. It could be a market, like DevOps in our case, or it could be a stage. Ask yourself - what do they know that I can tap into and benefit from? You want to have investors that can help you a lot and add a lot of value in a little time.
That makes a lot of sense. What’s been the hardest part of building Snyk that you didn’t anticipate, and what’s been easier than you expected?
The hardest thing has been saying no to exciting opportunities in the name of focus.
You see many things on the road ahead, but you have to stagger them. I can’t do everything. If I try, it’s gonna fail!
The easiest was finding funding when things were going well. I think the market’s set up for investors to actively find companies that are succeeding. Capable investors found us more easily when we were doing well. I don’t think it’s a coincidence. The best investors have their ears to the ground and will find you.
And, in closing, are there any valuable life hacks or habits you’ve developed over the years to cope with the demands of founding a startup?
Whether it’s relaxing or spending time with the family, define your non-work boundaries so you don’t need to decide on them every time.
For me, I leave the office at 6:30pm and go home to have dinner with my kids and might be back at my computer at 9pm once they’re in bed. I also try not to travel on weekends and do back-to-back trips. It’s an approach that’s helped me stay sane and feel like I’m not constantly working.
***************************
Read our Secrets to Scaling interviews with:
- Personio's Hanno Renner here
- Chainalysis' Michael Gronager here
- BlaBlaCar's Nicolas Brusson here
- Supercell's Ilkka Paananen here
- Miro's Andrey Khusid here
- Trade Republic’s Christian Hecker here