6 Go-to-Market Lessons from Smallstep’s Journey in Democratizing Security Infrastructure

Discover key go-to-market insights from Smallstep’s journey in building an open-core security company. Learn how they transformed complex security infrastructure into an accessible enterprise solution while scaling from free tier to seven-figure deals.

Written By: supervisor

0

6 Go-to-Market Lessons from Smallstep’s Journey in Democratizing Security Infrastructure

6 Go-to-Market Lessons from Smallstep’s Journey in Democratizing Security Infrastructure

Building an enterprise security company is challenging enough. Building one that bridges traditional security with modern development practices while maintaining an open-core model? That’s a different game entirely. In a recent episode of Category Visionaries, Smallstep founder Mike Malone shared insights from their journey that reveal several crucial go-to-market lessons for technical founders.

  1. Solve Problems at the Intersection of Two Markets

The most compelling opportunities often exist where two different worlds collide. Smallstep identified the growing tension between modern development practices and traditional security infrastructure. As Mike explains, the challenge was “securing distributed systems in the context of modern software development… with Kanban and sort of that pace and scale of development, microservices like layering on security and having real strong security guarantees and compliance guarantees without breaking all of that sort of modern technology.”

  1. Rethink Category Definitions

Rather than fitting into existing market categories, sometimes you need to redefine them. Mike points out that traditional Certificate Lifecycle Management “does not really capture what we’re doing.” The difference isn’t just incremental – it’s “an order of magnitude difference in scale” where they’re “not talking about a dozen certificates that renew annually, we’re talking about a million certificates that renew hourly or every five minutes even.”

  1. Use Open Source Strategically, Not Just Tactically

While open source can be a powerful go-to-market tool, it needs careful strategic consideration. Mike reveals that it’s “a marketing asset and it’s a feature for some enterprise customers” that “derisks from sort of a vendor lock in perspective.” However, he cautions that “maintaining open source is sort of thankless work” and describes it as “crappy product led because it sort of has some of the same characteristics as SaaS, like freemium, but with none of the bi-directional relationship and data.”

  1. Let Content Marketing Be Authentic

Instead of tightly controlling messaging, Smallstep gave their team “really broad mandate to just write about what they’re passionate about that’s in this space.” The results were surprising: “it turns out when you give people that sort of purview, you get really high quality content that’s really interesting and informative and it gets shared and it gets searched and people find us that way.”

  1. Build a Flexible Commercial Model

Successful monetization requires a model that can serve different market segments. Smallstep built a range “from a free tier all the way up to a million dollars a year” with “over 100 customers taking advantage of various scale offerings.” This approach allows them to capture value across different customer segments while maintaining their open source commitment.

  1. Make Complex Technology Accessible

Sometimes the biggest market opportunity isn’t in creating new technology, but in making existing technology more accessible. Mike notes that “certificate asymmetric cryptography, all this security stuff seems like it’s an area that a lot of smart software engineers shy away from and maybe don’t specialize in. It feels very baroque and obscure, and a lot of the tooling hasn’t helped with that.”

These lessons from Smallstep’s journey illustrate a broader truth about modern enterprise software: success often comes not from building entirely new technologies, but from making complex technologies more accessible and aligned with how modern teams work. Their experience shows that by focusing on real user problems, building authentic connections with your community, and maintaining flexibility in your business model, you can successfully bridge the gap between traditional enterprise requirements and modern development practices.

The challenge now lies in scaling this approach. As Mike puts it, looking ahead means “pursuing product vision in that direction” of making “enterprises and large software systems and the Internet as a whole is more secure and safer for everybody.” For technical founders building complex products, Smallstep’s journey offers valuable insights into how to make sophisticated technology accessible without compromising its power.

Leave a Reply

Your email address will not be published. Required fields are marked *

Write a comment...