SFG 27: Loris Degioanni on leveraging open source for cloud security
In this episode of the Startup Field Guide podcast, Wei Lien Dang chats with Loris Degioanni, CTO and founder of Sysdig about the company's path to product-market fit. Sysdig is a cloud native application protection platform that helps stop cloud and container security attacks.
Be sure to check out more Startup Field Guide Podcast episodes on Spotify, Apple, and YouTube. Hosted by Unusual Ventures General Partner Sandhya Hegde (former EVP at Amplitude), the SFG podcast uncovers how the top unicorn founders of today really found product-market fit.
If you are interested in learning more about the topics we discuss in this episode, please check out our resources on starting an open source company, developing open-source customers, and building GTM for an open-source company.
TL;DR
- The founding insight: The inspiration for Sysdig came from two directions: a market change related to cloud computing and containerization, and a technological stack change that made it difficult to provide visibility and security for applications and services by looking at the network
- Pivot to containerization technology: The Sysdig team identified containers as something to focus on. They had complete creative freedom since they were pre-revenue and could take risks, which gave them an edge. They had to be patient and frugal in the early stages, but now have an advantage since they engineered their product for a problem that has increasingly become important.
- Sysdig’s open source foundations: Sysdig started with an open-source approach because their powerful instrumentation required them to deploy something inside the kernel of the Linux operating system, which is open source. They also had prior experience with open source and knew its benefits for generating brand, leads, and community.
- Building a robust open-source community: In the early days of Sysdig's open-source project, they focused on building a community around it by gathering champions in the industry, generating virality, and getting attention from early adopters.
- Iterating to product-market fit in an open-source context: Sysdig’s approach to their open-source product involved treating it like a product with, marketing, sales, and customer success components. They measure adoption and paid attention to both contributors and end users, and balanced the respect for the open-source project and community with the need to generate leads and establish a positive brand connection to the commercial entity behind it.
- Advice for founders building open-source projects: Be patient especially when starting an open-source project which requires winning over users one at a time.
Episode transcript
Wei Lien Dang:
Hi, everyone. Our guest today is the founder and CTO of Sysdig, Loris Degioanni. Loris is a prolific technologist, having been one of the original people behind Wireshark, an open source network traffic analyzer, and a serial founder. Last valued at $2.5 billion, Sysdig is native security and monitoring platform built around several open source projects, including Sysdig and Falco. Sysdig makes it easier for companies to protect themselves from attacks on applications running in containers. Kubernetes and on the cloud. Welcome and thank you for joining us.
I'm really excited to chat with you today because I remember meeting you almost ten years ago and being very inspired by your vision. And it's funny because at some point we became competitors. But I will say I always had tremendous respect for what you were building and how you've driven several industries forward.
The inception of Sysdig: Leveraging market and technology stack changes for a promising future
Wei Lien Dang:
And I would love to start off our discussion by, if you go back to 2013, when you founded Sysdig, what was the inspiration for the idea? Where did it come from in terms of identifying the problem to solve? Would love to hear about how you came up with the original idea.
Loris Degionanni:
Yeah, I think that the original idea of Sysdig and what we did, especially in the early days, came from two different directions. One was a market change, and the other one was a technology stack change. The market change was related to cloud computing and containerization. So during those years, we're talking about 2013, 2014, when a little platform as a service company called Cloud was renamed into Docker and Google was releasing the first version of Kubernetes and the container revolution was starting. And it was pretty clear that this was going to become the computing platform for the cloud. And at the same time, Cloud AWS was becoming something serious that enterprises were starting seriously looking at for production environments. And these two things created an opportunity, a market opportunity, but also a disruption, a technological disruption, because I come, as you were mentioning, from the world of packets. My first company was the company behind Wireshark, the network packet analyzer. And the first ten years of my career were in the space of providing visibility and security for applications and services and infrastructures by looking at the network. The problem is, the world was changing in a way that the network was not clearly not going to be anymore in the long term. A good vantage point, a good way to collect the data necessary with the network. During the 2000s, with network packets, you could build a number of categories in software visibility, monitoring, intrusion detection, firewalls routers, you name it, they were all based on packets. The problem for what we were doing that was more related to security was that normally in traditional data centers, you were collecting packets by plugging into the router and telling the router, “okay, mirror all the packets to warn me so I can see everything.”
And that was beautiful because it allowed you to get a very nice visibility and a lot of richness, especially if you can decode what goes in the network communication and we could tell what applications were doing, what the performance was, what attacks were coming and all this kind of stuff. And then all of a sudden you go in the cloud where you're renting these virtual machines from the cloud provider and you don't have access to the router to do this trick anymore, right? So there was no good way to get this horizontal always-through kind of visibility. We used to say packets never lie. Well, packets started lying because you cannot collect them. And then when you pack a lot of containers inside the host, all of this kind of stuff that you can do in the cloud, there's a lot of going on that sort of escapes the point of view of the cloud. So when we started Sysdig, there was this technological step that we had to do. We had to think about essentially what would be the best instrumentation that would allow to provide the right visibility for security and for performance management in the cloud that would, from one point of view, bring the right data to the table, but on the other hand, sort of be lightweight and non-invasive like packets. And these two things the market opportunity, because when people migrate to the cloud from the data center, there's like an opportunity to intercept them in their journey. And the technological change that allowed us to intercept them with something that was really relevant, with something that you could not do with the prior technologies based on library instrumentation or network packet capture or installing demos because you could not do that kind of stuff inside the container gave us essentially the mix that inspired us to start this and then allowed us to grow the company in the early days.
Wei Lien Dang:
I love that story, Loris, because you have such an authenticity for it. You saw the previous generation of technology that would solve some of these related problems. You know when we talk to founders, we always think, what's the “why now?” I think as a founder, you have to think about what's the why now that will drive a customer, company or user to adopt. And I think you're highlighting some very interesting large tailwinds around, move to cloud around technical innovation and disruption related to cloud native architectures. And you were positioned to see how those two things could come together to form the basis for a new product and company.
How Sysdig Leveraged Containerization for Cloud Markets
Wei Lien Dang:
I'm curious, if you go back to, as you were talking about, docker became really popular, people started to think about containerization. How did you kind of wrap your head around how things needed to be built in a new way? Were there other folks in the ecosystem whose experience or who that you talked to or were there users that you engaged? Did you draw on your own? How did you kind of think about how something should be built given that it was new at the time?
Loris Degioanni:
At the time we had some ideas about serving essentially the cloud market. Containers were so early that no one had even started looking into them. So I would say if I think about those times, actually challenge number one, goal was identifying, okay, these containers are something that we want to worry about. We're really talking about really early days. We started even before that and we were exploring technological alternatives to sort of serve the cloud market in the best possible way, especially based on our prior background, as I was saying, networks and connections and packets and that kind of stuff. And we're like, how do we apply them to the cloud? And then we started seeing, okay, there's this thing that people are starting talking about called containerization. Containers are essentially one way to deploy software in the cloud, everywhere, but especially in the cloud, that allows you essentially to pack applications into these containers. The names sort of explain, you know, what they do. And the advantage of containers is that you can pack sometimes many of them, where previously in the same compute instance, you could only have maybe one application with containers, you can have more of them. This was the property that sort of inspired us to start thinking about new technological ways to do this because all of the old ways were just not working. And once we latched into this upcoming technology, then our focus was how do we solve this problem in the way that is as good as possible for this technology. Because we knew we were a company with zero sales, this was pre revenue, so we didn't have any captive market to protect. So we could really approach this with a true blank sheet of paper. And that's also the advantage if we can intercept an inflection and you have nothing to lose because you have nothing up to that point, then you have complete creative freedom. And you can also take, number one, a little bit risk in what you architect from the technology point of view and you can take a little bit of more risk on optimizing for something that is still extremely small. So I think that was what gave us an edge architecturally at the beginning. The fact that we could focus on something that was tiny, no one cared about, no one established, was willing to, let's say, take a technical risk to support these in a really great way and maybe give up something in their existing business while we could. And of course, the big risk for us, which we had to wait for several years because containers took a while and in general, cloud took a while and is still taking a while. So we could still say after Sysdig was founded almost ten years ago, we're still at the early stages of this industry. So that required patience and being pretty frugal, especially at the beginning, the first two or three years. But we were lucky and now this is something that has really matured and everybody's using. So now we are the ones that had engineered exactly for this problem and this problem has become the main one and so now we have an advantage.
Sysdig’s strategic shift from monitoring to cybersecurity
Wei Lien Dang:
You talked for a moment about sort of really focusing on a specific problem to start with, Loris, and I'm curious today Sysdig is a leading cloud native security company, but you actually started with monitoring. That was the initial use case: performance monitoring operations, things like that. Why monitoring as opposed to just sort of jumping straight into the more security-oriented use case? Could you share a bit about that?
Loris Degioanni:
Let me start from by expanding a little bit what I said before when I was describing packets. So my prior life and network and data coming from the network. I was telling you how these data can be used to do several different things, each of which have generated multibillion markets. The firewall, the network intrusion detection category, you name it. There's many of them that are based on that data source, and they do something slightly different with that data source. These are big important categories. And when approaching the inflection in architecture that was coming with the cloud, we first recognized that the core underlying data source was not going to work anymore. And this was very familiar to us because we were coming from that industry. I was coming from that industry, so I knew that industry in and out and so I had a very clear sense that industry was not going to exist as is for very long. And also I had a very good sense that the solutions that were architected at the point by the industry to try to keep being relevant were not the right ones for the innovator dilemma problem that I was describing before.
So we were trying to protect existing revenue and so we didn't have the freedom to really create the right thing. So based on that, we went with something that was what we believed was the correct solution from the instrumentation point of view. And then since we built this underlying mechanism to collect the data, then we had the potential to sort of choose one of these verticals and which one to go and disrupt. It was not an easy decision. We decided to go with monitoring and visibility first because that's what we had done previously. So my previous company was focused on that. So we knew that market better. So we decided that we would have had a better advantage compared to the competition by playing in an area that we knew better. We knew not only, let's say, the technical properties of that market. But also we had operated in that market, so we had more domain knowledge, more competitive knowledge, and so we were more capable to build something that we believe would be unique. But of course, you're a small company, you explore your market. And after a year or two, we perceived that there was a very strong opportunity in security, even bigger, because the security market was going to be disrupted even more because we realized that it was even more sensitive to the lack of good instrumentation. So we started realizing, okay, this core instrumentation that is applicable to many verticals, we picked a great vertical, but there's one that seems to be even more with potential for disruption
And there was not one, but several conversations with our board in which I sort of convinced them that the opportunity was there and convinced them to try to invest early in the life of the company into another vertical. And still now Sysdig has two product lines Sysdig Monitor and Sysdig Secure. But as predicted, the security side grew faster and with a bigger total addressable market. So now Sysdig is essentially a cloud cybersecurity company that also has a monitoring product because the security part of our product line has grown and is growing extremely well.
The power of open source in building Sysdig
Wei Lien Dang:
You were also disruptive in the sense, Loris, that you launched from the beginning with an open source project for these capabilities. And I know you have a long track record in open source and you've done a lot of pretty low level systems work over the years. I guess my question with regards to open source is, was it a no brainer for you to start with open source? Is it something you had to think about? And even if it was obvious to you, what did you think some of the main advantages of going open source were from the start?
Loris Degioanni:
Yeah, it was a no brainer from the beginning. There was a little bit of a technical reason, and the technical reason has to do with the fact that this magic instrument, this powerful instrumentation that I've been describing during this podcast, requires you to deploy something inside the kernel of the operating system. This is sort of a technical detail, but the important thing is that the Linux operating system, which is Linux is the operating system that powers the cloud. The Linux operating system is an open source piece of software that is licensed with a license called GPL that requires you to release the source code of what you do if you want to operate within that kernel. And we needed to operate within that kernel. There are plenty of companies that find creative alternatives to avoid releasing that source code. But we decided no. We decided no because we thought it would remove an element of friction. But we also decided no because we wanted to start with an open source approach. And this is I'm going to sound like a broken record, but even in this case, the goal was like leverage our strengths and what we knew before, we were coming from ten years of open source. We were coming from releasing and maintaining an open source property that is probably one of the top 50 open source properties in the world that had at the time like half a million downloads per month. So pretty big numbers. And we knew the power of open source not only a generating brand, but also generating leads at creating a community, at being able to give you a visibility that otherwise you would not have. Being able to make you look bigger than what you are, which is very important during those early days when you are maybe a sub ten people company. So all of these plus we sort of had expertise in the field. So to me it was clear from the beginning that we wanted a play that would play into our strengths and that's how we picked open source. And to be honest with you, the first two or three year of life of the company were strategically oriented toward, yeah, we want to build a business, but we also want to gather a community around it. We want champions out there in the industry for us. We want to generate virality. We want something that people say, okay, I love what these people are doing, even if I don't have budget to buy the product. Right now.
Wei Lien Dang:
You and I have chatted about this a bit with open source. It's like you said, long-term success is really based on building up a community around the project that you've released. And in the early days of Sysdig, after you put out what's now Sysdig, like, how did you bootstrap the community? How did you get attention? And who were your early adopters who were wanting to use Sysdig after you released the open source? I think a lot of founders who are building around open source have this question around, well, how do I get started? How do I jump start a community and a following and a user base? How did you think about that and how did it play out?
Loris Degioanni:
Yeah, so this powerful instrumentation that I've been describing, I had a certainty that would be valuable for the ecosystem and for the industry. So thing number one was like when starting crafting our open source strategy, the first important requirement was let's bring something that is innovative and valuable to the table. I don't know if it's the only way to do it. I'm telling you the way I approach it and I approach open source, I've always done it. I've at this point been behind at least two or three substantially popular open source projects. And I've always approached the community and generating popularity in the open source tool as a product. You need a product strategy, you need a value proposition, you need product-market fit even if it's free. You need marketing and you need sales. I mean, sales in open source is slightly different, but you still need adoption.
Every time somebody downloads and installs your product, that's a sale for $0, but somebody is actually taking the time. And then you need to do like product lifecycle management. You need customer success, you need to make sure that your product is sticky, that there's no churn. So you need to be able to, number one, provide substantial, continuous long term value. And number two, you need to be able to proactively help your customers in adoption, removing frictions and being able to support them. And that's what we did when we launched Sysdig. That's exactly the way we approached it, including the viral launch, including what we put in Sysdig, our open source command line tool that gave the name to the company. Again, the audience that was similar to what we were serving with packets before, but in a new demographic and in a new technological landscape. But we tried to put inside this tool all of the things that we knew were useful for people in the prior technological landscape where we were. And again, you never invent something completely new, but you try to get the best from your prior experiences. And so we put in our open source tools all of the expertise and the domain knowledge that we grew during the prior ten years, during Wireshark, during Case technologies, the Wireshark company and so on. And so we had a little bit of an advantage in knowing essentially what people like and what people didn't like. But then we explicitly, for example, at the beginning when we launched the tool, tried to embed features that would be a little bit more viral, right?
So the ability to script it with an embedded language, stuff like this, that a geek would go and look, okay, this is cool, I want to play with it. Of course, this kind of stuff is useless if there's no value. But if there's value, it's like an addition like marketing touch that you do to your open source. So, long story short, we really approached this from architecture, product management, engineering, marketing launch, customer success and so on. And now we have multiple of these projects. The main open source project for Sysdig now is Falco, which is essentially a runtime security tool for containers and for cloud infrastructure, but still exactly the same approach. It's like a mini company inside a company that is to have the right sensitivity and sensibility for the open source ecosystem, but approaches this as if it's a product that has to be sold and has metrics and sells for $0.
The nuances and commitment necessary for a successful open source project
Wei Lien Dang:
I mean, it's really great to hear you unpack that a bit, Loris, because I think there's some open source founders out there who think all you have to do is post a project on hacker news and it's going to take off and have a life of its own. And as you and I know, it requires much, much more. It requires the level of commitment across all these different dimensions that you're describing and in many ways much more nuanced than simply expecting things to go viral. I think there's a lot of thought that has to go into what you're describing as competition....
Loris Degioanni:
For example, you have competitors in open source. They are part of the same community. You play nice with them, you go to the same conferences. But there's always other tools that do the same thing that your open source tools do. You need to treat that competitively and you need to create an edge and make sure that your solution is the winner.
Finding product-market fit in an open-source context
Wei Lien Dang:
The big focus of our podcast, Loris, is finding product-market fit, which you talked about earlier. And I love how you talked about these different features that you and the team thought through to really catch people's attention. I think part of it is I often think of it as what's the AHA moment for a user when they're first getting started with the product? Like what really delights them and makes them sort of captures their imagination about what's possible in a way that wasn't previously. I'm curious, as you navigated towards product-market fit, how did you measure progress in the open source context? What were you paying attention to? How did you know you were on the right track in terms of getting to stronger indicators of product-market fit?
Loris Degioanni:
Yes, we area for profit company that, let's say, bootstap around open source. So there's two different things that have two sets of metrics, right? The first one is the success of your open source family of tools and ecosystem of users. And there I think there's two I mean, adoption is king. So of course, what you measure is adoption and there's a lot of derivative metrics that use for adoptions.
But I would say in terms of adoption, there's two different demographics that we pay attention to. One is the contributors and the other one is the end users. They're both important. The end users, of course, is what eventually you want. But the contributors are what makes your community thrive and the real community, there are people that show up, that contribute, that provide technical enhancements. They fix bugs, they talk to their users. They are champions. They go to conferences presenting, and they are the leading indicator in the success of the product, right? If you get the contributors that are excited to be part of your community and you need to create a community that is welcoming to them, which is not trivial, when you also need to build a business, then that is a good indication. Then you will also be healthy in terms of end users and adopters.
The other thing that is important for us to measure and to make sure it's healthy is the connection between the open source project and community and the commercial entity, the company behind it. And an open source project brings many benefits to a commercial entity that range from just brand, making you more visible and more liked by a broader set of people, to marketing and ability to market and to create a positive connection to your commercial product that allows you to essentially market your commercial product in a better way up to lead generation and sales. This is dedicated because it's very hard to balance the true respect for the open source project and the community and the need maybe to have a business and to generate leads. So it's clearly not a matter of asking the emails to the members of a community. It's not that simple. And lead generation comes more from maybe people using and loving the open source solutions, which is, by the way, in our case, completely free and so supportable by anybody in the world, including our competitors.
So establishing yourself as a strong, positive brand connected to that open source project and offering a technical solution that enhances and complements the open source project in a delicate, constructive and positive way is really the key strategically and then influences the metrics that essentially you're measuring from the business point of view. For us, the two sides, so the community side and the commercial side have always been we've worked on them together in parallel essentially from the beginning. I'm not saying that's the only approach in many cases, maybe for many years, you don't want to even worry about the commercial side and just focus on making the open source side as successful as possible. That's totally legitimate. We tried in our own approach to be thoughtful about this from the beginning, essentially.
How Sysdig commericalized its open source project
Wei Lien Dang:
I think that's very insightful, Loris, because even though you invested in the open source primarily early on, it doesn't mean that you weren't thinking about what would go into open source versus commercial, what's the business model that would support the company longer term? I think these are all key issues that open source founders in particular need to think through, even it doesn't necessarily mean that they have to commit to building it right away.
Loris Degioanni:
In my experience, from day one.
Wei Lien Dang:
I love that from day one. That's how early one needs to think about it from a product strategy perspective. And I think you and I both know that it sets yourself up in many other ways too, even just from a cultural standpoint, to get teams aligned on how open source and the commercial side both help each other and make the company better.
Loris Degioanni:
Yeah. And again, this comes from one more time from our prior experience, one more time. We didn't invent anything, but we came from Wireshark, essentially. We started Case Technologies, the company behind Wireshark, like five years after Wireshark became popular. So with that company, we were extremely young at that point. So I started contributing to Wildshark when I was in school. Right. When we started the company, wireshark was an established product with many users, many enterprise adopters, many, many contributors, hundreds of contributors, and so on. Which was great because essentially we started the company from day one with a property that was really established with a trusted strong brand. But at the same time, we had less degrees of freedom from many points of view because the project was already there. There were already multiple stakeholders there. The licensing was designed more for a project started by students at school and that wanted contributors rather than by a commercial organization that maybe would be the business around it. Right?
So what we learned from Wireshark is that even if you have some really strong open source property and community, if you don't start thinking early enough about this kind of stuff, then you can be caught off guard and your degrees of freedom and your ability to maybe grow a business behind it can be limited. So with Sysdig we try to end with Falco as well. We try to think about this from day one in a way that would still be respectful to the community, because you will never get users if you're not. But it would also think about all of the implications and the licensing and the ownership and contributing into the cloud native computing foundation, all of this kind of stuff. We tried to be thoughtful and explicit from day one about the fact that we wanted a great tool that would make people fall in love and would create a great community. But at the same time, we also wanted to create a company that would make people successful behind it.
Loris Degioanni’s advice to founders building open source projects
Wei Lien Dang:
Maybe one last question to wrap up, which is we have a lot of founders who want to build around open source in our audience. And in 2023, what would your advice be for first time founders who want to build an open source company? I mean, given you've been around it for so long, are there key pieces of advice that you would highlight for the founders who are listening?
Loris Degioanni:
I think if I have to give one piece of advice is don't give up. I mean, that's true for any founder. Anybody who has studied companies knows exactly what I'm talking about. The need to give up is there every single day of your life because it's tough, because if it wasn't really hard, everybody would do it. And this ability to be patient and to be able to withstand negative days and discouragement and so on is very important for a founder in general. I
feel that with open source, it's even more important because essentially, if you think about that when you are starting an open source company, especially if you do it the way that I described that you and I discussed during this podcast. You sort of have to start two companies. If we go back to the fact that your open source project is your very first product, right. You need to find product market fit for your open source and community and then after that for your business company.
So if starting a company already requires patience and the ability to keep going with open source, I think that characteristic in a founder needs to be even more amplified. And I know it's easy to say be patient from the outside, but if there's something that I think allowed me to be modestly successful with two companies behind open source, is that I kept going inch by inch. I celebrated every little success, and I tried not to be too discouraged by the failures.
Wei Lien Dang:
Well, that resonates. Loris. With open source, I often think about it as you have to win over the hearts and minds of one user at a time, really, in terms of how you build up the community and your user base. Thank you so much for sharing about your founder story and the journey of Sysdig to date. Thanks for your insights and for joining us on this podcast.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.