The Spacelift Playbook: Building Developer Trust When Your Product Needs Root Access
Security concerns can kill an enterprise sale before it starts. In a recent episode of Category Visionaries, Spacelift’s Chief Product Officer Marcin Wyszyński revealed their systematic approach to turning what could have been their biggest weakness into their defining strength.
The Hierarchy of Trust
At Spacelift, security isn’t just a feature – it’s the foundation everything else is built on. “Spacelift must be secure, stable, usable, and awesome,” Marcin explains. This isn’t just a catchy slogan; it’s a strict hierarchy that guides every development decision.
The ordering is deliberate and absolute: “If we’re not secure, we’ll take down the application. If we know that there is a leak, we’ll stop everything. We’ll stop the world if no features that you built are worth anything.” When security concerns arise, there’s no debate about priorities.
Building the Security-First Organization
Most startups try to do security with minimal investment. Spacelift took the opposite approach: “We have a security team that is by comparison, much larger than other companies this size would have. We design things security first and we follow the security practices.”
This investment isn’t just about having better security features – it’s about building an organization where security thinking is embedded in every decision. As Marcin notes, they “try to even be a step ahead of the whole security community consensus.”
The Three Pillars of Trust Building
Spacelift’s approach to earning enterprise trust rests on three pillars:
- Technical Credibility First, they leveraged their team’s background: “I’ve been with Google for seven years… Then joined Facebook, then spent two years as a CTO of a static cloud analysis startup.” This experience building internal DevOps tools at tech giants gave them credibility with technical decision-makers.
- Network Trust They found early customers through “people in our network that would trust us, that they needed such solutions. And they would trust us because they knew us as the founders personally.”
- Institutional Validation They used investor credibility strategically: “If we could convince some of the best investors out there, people would look at our investors and consider that to be a proof of us being someone dependable.”
Meeting Enterprises Where They Are
Even with robust security, some enterprises have requirements that can’t be met with a pure SaaS solution. Rather than fight this reality, Spacelift adapted. “We couldn’t sign every logo on the SaaS version and there was a lot of demand for an on-prem solution,” Marcin shares. This led to their recent launch of a self-hosted version.
The Results
This systematic approach to building trust has allowed Spacelift to win customers across the spectrum, from tech-forward companies to the most security-conscious industries. They now count “German pharmaceutical companies, that’s like the definition of being conservative” among their customers.
For B2B founders building products that require deep system access, Spacelift’s playbook offers a clear lesson: don’t try to minimize security concerns – embrace them. Make security your foundation, invest disproportionately in it, and build your entire development culture around it.
This approach requires more upfront investment and might slow down feature development. But when you’re asking enterprises to trust you with their infrastructure, there’s no better investment you can make. As Spacelift’s experience shows, by making security your first principle, you can turn what looks like a weakness into your strongest selling point.