The following interview is a conversation we had with Mike Malone, Founder and CEO at Smallstep, on our podcast Category Visionaries. You can view the full episode here: $26 Million Raised to Build the Future of Certificate Lifecycle Management For DevOps.
Mike Malone
Thanks, Brett, good to be here.
Brett
Yeah, excited to chat. So, to start us off, could you just share a quick summary of who you are and a bit more about your background?
Mike Malone
Yeah, sure. So, yeah. Hi, I’m Mike. I’m a software engineer. That’s my background. Pretty much all my career I’ve been bouncing between startups across a bunch of different verticals. I’ve done consumer web, various SaaS and platform plays. Most recently I was CTO at a company called bettable that was a platform for online gambling. So yeah, software engineer, architect. I like to say my happy place is distributed systems architecture. So I like building large software systems and building teams that are building large software systems. And that goes back a long ways. I was a nerd as a kid. I went to college for business information technology. So sort of a hybrid between computer science and management science. My dad was like a real engineer. My mom used to joke that engineer is not a career, it’s a diagnosis. So I think she might have been onto something.
Brett
And are you surprised that you ended up becoming a founder and you’re a CEO today? Would you have had any idea that this would be the case five or ten years ago?
Mike Malone
I’m not surprised. I’m trying not to sound like I have any sort of hubris, only that I’ve always wanted to do, like as a like I was into technology. I follow the goings on in Silicon Valley and I knew what I wanted to be. So I think I am excited to be in this position. But it was always my goal.
Brett
And two questions that we like to ask just to better understand what makes you tick as a founder and entrepreneur. First one is what CEO do you admire the most and what do you admire about right?
Mike Malone
Good question. And it was a funny one because I don’t generally look up to CEOs, I guess, which is sort of a weird thing. But thinking about that, I think there are two. One, and this may be a weird one, is Satya Nadella at Microsoft. I just think that company has been through so much and the execution there under his leadership has been so incredible. I read an article the other day where they’re sort of describing what Microsoft tells their managers and it was like the number one goal is create clarity. After that great leaders generate energy and then after generating energy, deliver success. Iteratively regardless of circumstances. And I was like, it’s so right and so succinct. I don’t know, I just think that company is doing really well. And then I have another one, maybe even a little more off center. Jim Farley at Ford again, I think they’re executing so well through a challenging time and I like cars and Ford isn’t maybe like the most exciting car company but they’ve been delivering exciting new products in the EV space.
Mike Malone
And then the way that he restructured the company to make that happen I think was smart and a bold move. So respect to yeah.
Brett
It’s been fun watching Microsoft, especially the last few months. The fact that anyone’s even talking about a challenger to Google, I didn’t know if that would ever there. They really are challenging Google search. We’ll see. I guess. I did try Bing the other day and it was still a pretty bad experience. But just the fact that we’re even having the conversation, I think that’s pretty fun and pretty exciting. I think. I like picturing Microsoft as the upstart trying to disrupt Google. It’s pretty funny. Absolutely.
Mike Malone
Like who would have thought we’d be here 1020 years ago?
Brett
Yeah, it’s pretty wild. Pretty cool times. Now let’s talk about books. Is there a specific book that’s had a major impact on you? And this can be one of the classic business books or just a personal book that really influenced how you view the world.
Mike Malone
Two of my favorite books for similar reasons are on the Road by Jack Carowack and Fear and Loathing in Las Vegas by Hunter Thompson. And I think the reason that I like them is because they capture a perspective and a view of the world that’s so different but also not wrong. So those two I think in the fiction space are like two of my favorites. And then a book that has been important to me in the way I think is A Theory of justice by John Rawls, which is actually a philosophy book. Nice.
Brett
I’ve not heard of that but I’ll have to check it out. And on a fear and loathing in Las Vegas. How does that compare to the movie? I’ve not read the book but I did watch the movie a long time ago. How does that compare?
Mike Malone
The book’s better, Brett. The book’s better.
Brett
I feel like the book’s always better.
Mike Malone
Right.
Brett
I’ve never seen a book I read a book that wasn’t better than the movie that comes out.
Mike Malone
It’s a good movie though. Johnny Depp in know.
Brett
I think I watched that when I was like 14 years old and my brain couldn’t process what I was seeing. It’s a pretty gnarly movie for a 14 year old kid. I have to rewatch it again now. Let’s talk about the company. So can you tell us more about the origin story and just the early days of Smallstep?
Mike Malone
Sure, I mean, like a lot of founding stories, Smallstep formed out of my experiences as an engineering leader and as someone who’s building complex distributed systems. And the gap that I felt personally firsthand is that securing distributed systems in the context of modern software development. So think like DevOps CI CD continuous, deploy engineers on call iterative development with Kanban and sort of that pace and scale of development, microservices like layering on security and having real strong security guarantees and compliance guarantees without breaking all of that sort of modern technology. And modern philosophy was really challenging and unsolved. So that was the impetus for the company. How do we secure these modern, complex, fast paced software systems without taking away all of the desirable characteristics of the technologies and the philosophies that are going into them?
Brett
And then can you talk us through the solutions and use cases of the product?
Mike Malone
Sure. I mean the foundation we are open core, so the core technology that we offer is a certificate management tool chain, so Xi, one I certificates and SSH certificates. I mean, this is technology that predates the web, right? So it goes back a long time. But from a first principles perspective it does a thing well. You can critique sort of around the corners, it’s just like baroque syntax and format and stuff. But fundamentally certificate based authentication is a powerful capability tab and it’s sort of like a foundational identity dial tone for a large distributed system having these certificates issued out everywhere. So the core technology, our core open sources are all around certificate management. Then our commercial offerings are building around that and delivering sort of the enterprise level capabilities around identifying things that need to be secured, seeing when there’s a lapse in policy or compliance in your security program, assigning tasks and noticing where really giving that observability visibility and summary view.
Mike Malone
It’s a platform for managing trust.
Brett
And can you talk us through some of the customers that you have and just really talk us through what you’re able to do to capture their attention and to get them to start using the product?
Mike Malone
Yeah, as a security company we have a whole lot of NDAs, so I have to be really careful about naming specific names. But in open source you can go and look at our GitHub issue tracker, you can see some names there. But we have fintechs, automotive, large startups, publicly traded companies who are using our technology both commercial and open source. In terms of how we have attracted those customers. I think the core to our marketing has been one be ourselves and be authentic and solve a real problem that people have a real need for deliver this technology that is actually needed in the world and then talk about it and teach it and explain it to people. And really the way we’ve been doing that is through our content marketing program. So we have our open source community and that is a big sort of funnel into our commercial offering.
Mike Malone
But adjacent to that, we have our content marketing program where we have folks internally who have really broad mandate to just write about what they’re passionate about that’s in this space that we’re operating in. And that has been a tremendous asset for us because it turns out when you give people that sort of purview, you get really high quality content that’s really interesting and informative and it gets shared and it gets searched and people find us that way.
Brett
And are there any numbers and metrics that you can share that just highlight some of the growth and traction that you’re seeing?
Mike Malone
High level? Sure. I mean, we have millions of open source downloads on the order of like 10,000 sort of GitHub stars and we have tracking that indicates dozens of Fortune 500 are on our website reading docs for open source. In terms of commercialization, I can’t get into too many specifics, but we are selling six and beginning to sell seven figure deals. We have sort of scale down and scale up so we have a self serve option so people can there’s a free tier all the way up to a million dollars a year. And we have over 100 customers on taking advantage of various scale offerings on that platform.
Brett
This show is brought to you by Front Lines Media, a podcast production studio that helps B2 B founders launch, manage and grow their own podcast. Now, if you’re a founder, you may be thinking, I don’t have time to host a podcast, I’ve got a company to build. Well, that’s exactly what we built our service to do. You show up and host and we handle literally everything else. To set up a call to discuss launching your own podcast, visit frontlines.io podcast. Now back today’s episode.
Brett
I think there’s a lot of founders listening who are interested in running an open core company. What are some of the top things that you’ve learned doing so and what advice would you have for them?
Mike Malone
Don’t I think that has been one of our greatest challenges. If we’re talking about unsolved problems in the world, I’d say sustainable open source has been one of them, which is a problem that we’re really interested in. We actually just sponsored a guy named Felipe Velsardo, who is a core contributor to some Golaying libraries, like low level cryptography, X 509 libraries that we use in our open source, largely because he’s also interested in those problems. How do you build a sustainable open source ecosystem? I think from a business perspective, it is an asset. It can help, I would say, purely objectively, putting my capitalist hat on. It’s a marketing asset and it’s a feature for some enterprise customers to have an open source, an open court. One, because it derisks from sort of a vendor lock in perspective, even though they’re unlikely to ever move off of commercial because enterprises value having a nectarine.
Mike Malone
But two, because they can contribute, so they can join a community and they can sort of be the change they want to see in the world when it comes to the software that they’re purchasing. So it does have advantages, but the big challenges are like you end up competing with yourself, so you run the risk of anchoring people from a pricing perspective at zero. So you have to be really thoughtful about how you commercialize and what you commercialize. And then maintaining open source is sort of thankless work, frankly, from a funnel perspective. I also kind of sometimes refer to open source as crappy product led because it sort of has some of the same characteristics as SaaS, like freemium, right? But with none of the bi directional relationship and data that lets you actually optimize and pull people into a commercialization funnel. So I love open source, right?
Mike Malone
I think it’s an important part of our software ecosystem. But I will say that running an open core company is hard.
Brett
And I’d love to talk a little bit about market categories. So is Certificate Lifecycle Management, is that the category that you consider yourself to be part of today? And if so, how do you think about that category in the long term? Is the play for you to really transform and redefine that category or would this be a new category creation play at some point?
Mike Malone
I think it’s one of those two things. Certificate Lifecycle Management category as it exists today does not really capture what we’re doing. And that’s why we exist because the traditional Certificate Lifecycle Management category was all about noticing certificates for your website, expiring, maybe managing a small handful of certificates that you have for internal stuff like VPNs and WiFi, maybe issuing certificates to laptops, right? And we do all of those things. Our technology is more than capable of doing all of those things. But the gap that were really filling is like, hey, people don’t have just like a dozen internal certificates anymore. They have their kubernetes and their service meshes and their databases and all their VMs and microservices and Kafka and Elkstack and all of this distributed redis and kubernetes at multiple tiers, like your workloads in kubernetes and then the kubernetes control plan that all of this stuff is using TLS.
Mike Malone
Especially if you’re sort of like pursuing a zero trust strategy, right? It’s everywhere. So the pace and scale has changed, right? We’re not talking about a dozen certificates that renew annually, we’re talking about a million certificates that renew hourly or every five minutes even. So an order of magnitude difference in scale I think is a different thing. It’s a difference in kind. And I think that’s, again, it’s either a redefinition of the category or it is just a new category.
Brett
And when it comes to things like analyst relations, is that something that you’re actively working on and working towards and trying to redefine what this category could look like?
Mike Malone
Yeah, absolutely. We have a number of conversations like that we’ve been engaged in, and if anyone listening to this is interested in discussing that in more detail yeah, drop me a line.
Brett
Nice. I love it. Now, last couple of questions here for you. What excites you most about the work you get to do every day?
Mike Malone
I think we’re democratizing this really important technology. Again, aside from the pace and scale thing I was saying before, this certificate asymmetric cryptography, all this security stuff seems like it’s an area that a lot of smart software engineers shy away from and maybe don’t specialize in. It feels very baroque and obscure, and a lot of the tooling hasn’t helped with that. So the fact that we’re able to make this more accessible and reach a broader audience, I think it just feels really good. It feels like we’re actually making a contribution to the security of the Internet and that benefits everybody. So I’d say that’s I think what drives us and let’s zoom out into.
Brett
The future three years from today, what’s the company look like?
Mike Malone
I think we’re going bigger on this vision of how do we make sure that enterprises and large software systems and the Internet as a whole is more secure and safer for everybody. So I think you can look forward to pursuing product vision in that direction, broadly speaking.
Brett
Amazing. I love it. All right, Michael, we are up on time, so we’re going to have to wrap here before we do. If people want to follow along with your journey as you continue to build, where should they go?
Mike Malone
Oh, man. Well, I guess not Twitter anymore. Our website follow our blog. Smallstep.com slash blog. Awesome.
Brett
Thank you so much for coming on, sharing your story and talking about everything that you’re building. This has been a lot of fun and super interesting and wish you the best of luck in executing on this vision.
Mike Malone
Thanks, Brett. It’s been awesome. Thanks for having me.
Brett
All right, keep in touch.
Brett
This episode of Category Visionaries is brought to you by Front Lines Media, silicon Valley’s leading podcast production studio in you’re at.
Brett
B2B founder looking for help launching and growing your own podcast? Visit frontlines.io podcast and for the latest episode, search for Category Visionaries on your podcast platform of choice. Thanks for listening, and we’ll catch you on the next episode.