What's 🔥 in Enterprise IT/VC #202

Developer first security + 5 lessons learned as Snyk scaled to 1.5 million developers 🚀 in 5 years

While this week was filled with lots of interesting stories from Berkshire Hathaway buying into the IPO of Snowflake to Roam Research raising a seed round at a $200 million valuation, I’d like to dive deeper into one of my own investments at boldstart, Snyk and it’s recently announced round led by Addition Capital at a $2.6 billion valuation. More importantly, I wanted to share some lessons learned so far in this 5 year journey and hopefully there’s some relevance for your startup as you build a developer first business.

To get started, read this post from Guy Podjarny, founder of Snyk (his co-founders are Danny Grander and Assaf Hefetz)

  1. Don’t let the naysayers bring you down. Being a mission driven founder means lots of folks will say you can’t do it - don’t listen to them and stay dialed in - Snyk’s original vision and mission continue intact from day one.

  2. Developer first requires patience and a focus on building the community - this all takes time, in fact, it took about 2 years to really find the initial growth and now Snyk has 1.5 million developers using the product 5 years later. This is how the early days felt like

    and what it’s like today.

  3. Developer first is not DevOps first. If your target user is DevOps, then think how you can make the product for the developer, how you can make a developer’s daily life an order of magnitude better because they are using your product. There are millions upon millions more developers than DevOps professionals and if done right, developers will bring the product into the org and eventually get DevOps to standardize on it. In Snyk’s case, it started with a one click auth to your Git repo, and then like magic, it not only found vulnerabilities and dependencies, it also offered a one click fix to those. Not being developer friendly would be finding those vulnerabilities but then not making it easy to fix those.

  4. Focus on your product North ⭐ - in Snyk’s case every business decision was made around how to be the most developer friendly security product. I remember one of our early board meetings when we discussed a key strategic direction - does Snyk go wide and narrow and support multiple languages out of the gate because that’s what enterprises wanted or go narrow and deep, only supporting one language but going deep, i.e, not only finding the vulnerabilities and dependencies but also fixing them as well.

    Going back to the North ⭐, the decision was made to go deep into javascript, even at the expense of losing early customers to Sourceclear, a competitor which had raised $10 million and was “supporting” all languages out of the gate for the enterprise. As you can imagine, we did not have many enterprise customers early and turned them down in the initial days because we did not support multiple languages. In April 2018, after $18 million of funding, Sourceclear was acquired by CA Technologies and not for much. By the way, that is still the North ⭐ from which every new product has been launched from containers to cloud configuration. Once you lose that balance, you lose the soul of the product and business.

  5. Don’t go enterprise too early (see above post). This ties into Aaron Levie’s comments from this past week.

    Snyk resisted the urge in the early days to go enterprise early and instead focused on making the Snyk the most developer friendly product and incredibly easy to use at the expense of adding enterprise features (like on premise and more languages but only finding but not fixing vulnerabilities). Only once the community started growing and the enterprise users and leads started coming in, did the company offer the lightest touch way of delivering to those customers using an agent that was on prem while keeping the core service in the cloud.

    One of our first enterprise customers at $40k ARR expanded to 7 figures 2 years after that.

So those are the lessons learned thus far 5 years into the journey with Snyk, and I look forward to sharing many more lessons as the company continues to pioneer a new category of developer first security.

Thanks for reading and please feel free to share with your friends and colleagues. To my west coast friends, I hope that you and yours are safe.

Share What's Hot in Enterprise IT/VC

Scaling Startups

  1. What to think about when hiring your first head of product marketing from Helen Min, formerly at Plaid, Dropbox, Quora. What I love most is first defining what type of product company you are, sales led product a la Benioff or technical led product like Jobs.

    Marc Benioff has been known to say that “your biggest customers own your product roadmap.” Most of the (technical) founders I’ve worked for agreed more with Steve Jobs, who said, “Our job is to figure out what they’re going to want before they do.”

    The difference in philosophies impacts the role of the product marketing manager perhaps more than any other because marketing lies upstream of so many other external activities like PR and sales.

  2. On office first teams going remote permanently: This past week I was in several conversations with founders on their return to work policy and the vast majority were going to a permanent flexible WFH policy. While I’ve talked in the past about how much easier it is to go default distributed from day one, we are going to see a whole new class of companies that were used to an office life, trying to go remote. Frankly, this is going to be super hard for many as there are so many keys to getting this right from policies on documentation, the importance of written communication, etc. So it’s no wonder that one of the new titles emerging is the Head of Remote Work.

    “You have to re-architect or at least rethink every element of how you work, from [technology] tools to ‘Do we have set working hours?’ ” he said. “Some people have access to an on-site gym — do we now have a wellness credit for those that don’t?”

    Sahil Lavingia has a great thread as well on their remote policies and a wiki for more info.

  3. Arni from VMware resurfaced this great thread on what it takes to build a great b2b product from Shreyas Doshi (first lead PM Stripe)

  4. Bessemer Venture Partners has open sourced investment memos from some of their biggest wins like Twilio and Shopify.

Enterprise Tech

  1. 😯 productivity tools - Roam raised at $200mm valuation for its hyperlinked note taking service and Retool on the low code, no code ops side apparently went from $0-$10mm ARR in 3 yrs of first funding…

  2. Product design category has been hot lately, all about unbundling and replacing Adobe but here’s another view…

  3. Cloud Native landscape updated with over 1400 projects

  4. Cloud cost management becoming a huge deal these days. Wave 1 was around optimizing after the fact to analyze complicated bills including companies like CloudHealth (acquired by VMware, reported $500mm) and Cloudability (acquired by Apptio). Wave 2 will be around proactive management and revolve around tying cloud spend to business outcomes. Super excited about portfolio co Env0 which is a company helping drive change by shifting cloud cost management left with DevOps and developers.

    More from Marco Meinardi from Gartner on how to think about this and the new ways of managing spend.

    The addition of the correlation of cloud costs with business value. Many digital business applications do not have steady budgets. Their cost often varies on the basis of the number of transactions or users that they handle. The framework helps identify business KPIs and calculate their ratio with cloud costs. Monitoring the trends of that ratio allows organizations to manage costs of applications that have variable demand, in relation to the value that organizations receive from cloud services.

  5. Progress software buys chef for $220mm on $70mm ARR - tough exit multiple for one of the originals in infrastructure automation - Ansible, Puppet and others passed it by and growth significantly slowed in last couple of years

  6. Wow, that was fast - Microsoft a Visionary in the Gartner MQ for RPA and far right of leaders UIPath and Automation Anywhere. Full report here.

    Specifically, Power Automate provides organizations with an intelligent cloud-based automation service that combines RPA with API-based automation, infused with AI. All these capabilities are available in a low-code platform that natively integrates with Microsoft Power Platform, Microsoft Azure, Microsoft Office 365, and Microsoft Dynamics 365.

  7. Either you’re a Fortune 500 making the right investments and executing on the digital side or you’re not. Pretty negative article on Kroger in WSJ as being a laggard - making wrong decisions on central vs. smaller warehouses, being slow to move…Which leads to my next point, if you’re a Fortune 500 and don’t get the tech right, you won’t be one for long. There is still so much room for investment in infrastructure and engineering productivity as companies like Kroger continue to upgrade their online services.

    Kroger Co. has spent years—and hundreds of millions of dollars—investing in technology to give it a digital edge in the grocery business. But when the coronavirus changed customers’ buying habits overnight, the grocery chain wasn’t as ready for the online shift as some of its competitors.

    The nation’s biggest grocer, Kroger has poured money into projects ranging from a self-driving grocery delivery robot to a partnership to sell goods in China through Alibaba Group. It also bet that a delivery model using remote fulfillment centers, popular in Europe, would resonate stateside. Yet, when the pandemic sent a tsunami of customers ordering groceries online for the first time, it was unable to meet higher demand.


  1. On the cover of Barron’s this week “The Tech Bubble Could Get Even Bigger” and subtitle, “That Doesn’t Mean Trouble for Investors Just Yet.”

  2. So is the Oracle of Omaha brilliant or buying in because Berkshire Hathaway has missed the whole tech rally? Pretty astounding news from this past week as Buffet is buying $570 million of Snowflake at the IPO.

    The weight of high expectations as Slack gets crushed in the market

    • Butterfield warned that the economic slowdown has caused some pain. “On the enterprise side there was also more budget scrutiny especially from new categories with longer adoption curves,” Butterfield told analysts on a separate conference call. Slack experienced more paid customer churn and slower expansion inside of existing paying customers in the past two quarters, the company said in a filing.