Bart Copeland, is the CEO of ActiveState. Since the 90s, millions of developers have used the famous ActiveState distributions of Python, Perl and Tcl. In this episode, Bart narrates ActiveState’s journey, including several pivots and ownership changes. Stay tuned to the end to find out how they were able to pivot to the open source thing that they do so well.

Transcript

Intro

Michael Schwartz: Hello, and welcome to Open Source Underdogs. I’m your host, Mike Schwartz, and this is episode 36 with Bart Copeland, CEO of ActiveState.

If you’ve ever installed Python, Perl, or Tcl on a Windows workstation, there’s a pretty good chance you use the ActiveState installer and distribution.

ActiveState is one of the oldest open-source companies in existence. The founder was Dick Hardt, who some of you might know as one of the editors of the OAuth 2.0 specifications, among other notable achievements.

This episode is the first one we’re publishing that was recorded in person at the open-core summit. If you’re a fan of the podcast, you heard Joe Jacks, a few episodes back, describing the event which did not disappoint.

Don’t miss the next one if you can get to San Francisco. Especially if you’re a founder or entrepreneur interested in open-source software development.

ActiveState made some major pivots, although I think they ended up returning to their roots. It’s a pretty fascinating story. So, without further ado, here we go. Bart, thanks for joining the podcast today.

Bart Copeland: Thank you, Mike, it is great to be here.

Origin

Michael Schwartz: ActiveState was founded in 1997, which makes it one of the oldest companies we’ve interviewed so far. It was acquired by Sophos, I guess in the 2000s, and then, it was bought out by management.

Just focusing on what happened after the acquisition, can you take us back to the time after the buyout happened, and how you refocused a company?

Bart Copeland: It’s a really good question, Mike, but I should start with, in order to understand the refocus, we need to understand a little bit of history of why ActiveState was acquired in the first place.

ActiveState started in 1997, it was all around open source, building specifically language distributions around open source for the developers. Developers had needs specifically around Perl. Then, anti-spam became a huge problem. ActiveState came up with an anti-spam solution called Perl MX, and that caught the interest of Sophos.

Sophos acquired all of ActiveState, but Sophos really wanted the Perl MX product, which eventually became PureMessage under Sophos. The CEO Sophos had a lot of affinity, and pride, and admiration for all of ActiveState. And the other team, the language distribution team, was dormant within Sophos, and he did not want to do anything to hurt that team.

That’s where I got involved, and I was an early investor in ActiveState, but I wasn’t part of management. But then, Steve Munford, the CEO of Sophos, contacted me, and I, with a couple of few other outside investors, we acquired the team, the technology, the customers and the ActiveState brand.

And what we wanted to do leaving Sophos, is, we wanted to do the next great thing. We often said, “We want to do the next PureMessage.” So that started us on what we refer to as chapter 2, or version 2.0 of ActiveState. So, 1.0 was 1997 to 2003. And then, 2.0 was after the dormant period, from 2003 to 2006. And 2006, that’s when we started ActiveState 2.0.

Maybe, before I go on, did I give you a good grounding of…?

Michael Schwartz: Sure. And what was the plan when you bought it out?

Bart Copeland: There was two key plans. The first key plan was, we needed to extract ourselves from Sophos. There’s all this infrastructure and technology overlap that we needed to distract ourselves from, so that was our first plan.

The second plan was, let’s go do the next great thing. And that’s what we were going to do. We were a team, I think at the time, we were about 16 people or so. One other key caveat, above all this, was, I wanted to do it organically. I didn’t want to raise a bunch of money. I said, “Let’s do this the good old-fashioned way. Let’s drive revenue, let’s reinvest that revenue, our profits into growing even further.” So, that was what we embarked on.

Value Prop

Michael Schwartz: Would you say that you’re similar to Anaconda, or RedHat, making an open-source software distribution, consumable by the enterprise, by providing reps and warranties, and liability protection, and patches, and aligning with the enterprise procurement process?

Bart Copeland: The short answer is — I’m going to give you two answers, the short answer and the long answer. The short answer is, I say, we do the same thing that RedHat does for Linux, but we do it for open-source programming languages. 

We have RedHat Enterprise Linux or RHEL, and it’s a enterprise-grade distribution of Linux. We have Enterprise grade-distributions for Perl, Python and Tlco, and there’s a lot more we’re doing there. That’s a short answer.

The longer answer is, our whole mantra at ActiveState is twofold. Mantra number one is, making open-source easy for the enterprise. Mantra number two is, making open source that just works for developers.

When it comes to open source run times, whether you’re the enterprise or the developer, there’s different needs. But if you look at the complexity it is today, to build a language distribution from an open-source ecosystem, and have that consistency across operating systems, managing all the dependencies, managing the security issues, managing the license issues, and then, keeping it updated, and making it really easy to deploy and share with other developers, making it really easy to move that distribution from your dev environment to your test environment, or your staging environment, or it’s your production environment- it’s not easy.

We do a number of things that make it easy, as well as the indemnification that you talk to. There’s really two audiences, there’s developer audience and they have their needs, and then, there’s the Enterprise audience and they have their needs. And our goal is to meet both audiences’ needs.

Revenue Streams

Michael Schwartz: So, from a revenue perspective, what are the most important products, and which products do you think are the most promising for future growth?

Bart Copeland: I talked about the versions or chapters of ActiveState. Under chapter 1, the most important product in terms of revenue potential and growth was Perl MX product.

Under chapter 2, it was the Stackato product. The Stackato was our private PaaS offering. That product was sold to HP in 2015.

However, under chapter 3, it’s our language distributions product. But here is the important thing to recognize, Mike. Under chapter 1, and chapter 2, and under chapter 3, this has been a steady growing business, our language distribution business. What we’re doing different under chapter 3, is we’re trying to grow our business so that it doesn’t bifurcate. Because, if you notice in chapter 1 and chapter 2, we ended up with two business units.

In chapter 1, we had the language distribution business, and we had the Perl MX business. Under chapter 2, we had a language distribution business, and then, this product called Stackato, which I touched on briefly.

So, we ended up with two business units under chapter 1 and chapter 2, and I really felt what was important for us, as a company going forward under chapter 3, is, let’s have a unified product offering, no bifurcated businesses or two-business unit.

Our real growth opportunity and potential for ActiveState going forward is around this whole area, what we refer to as open-source language automation. This is a category that we’re leading in. It is bringing automation to your open-source runtime.

And, as you know, Mike, in the hole open-source ecosystem today, there is a lot of movement towards bringing automation to the software development life-cycle. We are touching on one aspect of that, and that’s the open-source runtime.

Why this is so important, and why we see this is a huge opportunity, not only for ActiveState, for a lot of people in the open-source ecosystem is that developers today have lost the freedom to do what they do best, and that is, write code.

Developers today are spending more time doing things other than writing code, they’re dealing with security issues, they’re dealing with license compliance issues, they’re dealing with IT compliance issues, they’re dealing with bug fixes. And it’s knowing that developers are losing their efficiency in doing what they do best.

Furthermore, developers are not able to use the best tools to do the job. What we’re trying to do, as a company, is to help free up developer, so they have the right tools to do the best job, and they’re doing what they do best and love to do, and that’s just writing code.

So, in summary to your question of, “Where is the biggest potential for ActiveState?” – It’s around this whole category that we have created called Open-source Language Automation.

Customer Segments

Michael Schwartz: ActiveState is serving many large customers, but the market for programming language is a very horizontal market, probably every company on the planet can use it. Do you segment the market in any way?

Bart Copeland: We do, and we don’t. There’s two ways we look at the market. The first way we look at the market is, we think of the developer, and we think of the large enterprise – we’re constantly thinking about that.

At ActiveState, we talked about bottom-up and top-down. Bottom-up is, we think of the developer, and how do we create an experience for them, to be very easy for them to consume our products and use them in working with us quickly.

The top-down is, the developers using our product, bring it into an enterprise, they bring it to their boss, and they say to the boss, “I really like to use the ActiveState platform in greater detail at the job.” That’s the top-down, it brings in the decision-maker, it brings the buyer. So, that is one way we look at the market.

The other way we look at the market is, in terms of verticals, who has the greatest affinity for the types of solutions we build and sell. And historically, and going forward today, we’ve had a lot of success in obviously high-tech.

We’ve had a lot of success in banking and finance, we’ve had a lot of success in aerospace and defense, we’ve had a lot of success in insurance, and we’ve had a lot of success in manufacturing. Whereas we haven’t had a lot of success for example in healthcare, to give you an example where we haven’t had success.

But on the whole, though, we don’t do a lot of segmentations, because you’re right, it’s a very horizontal play for us. And what we try to do is, we try to make our softwares accessible to as many developers as we can globally. Throughout the planet, we have downloads all over the planet. The number one download is the US, and I think after that, our downloads are really big in China and Japan, and then, in Europe.

Hopefully that gives you an idea of how we look at the marketplace. And I guess, if I would really wear my marketing hat, we could do a lot more segmentation that we’re doing than we’re not doing.

Sales Motion

Michael Schwartz: So, drilling down into the team a little bit, how do you organize the sales effort for such a global market? And how is that sort of adjusted over the years?

Bart Copeland: The first thing is actually, the adjustment has been the same under all versions of ActiveState, or all chapters of ActiveState, 1, 2 and 3. The selling motion has been the same. The selling motion from a sales organization is effectively comprised of account managers, account executives, and customer success managers, and inside sales reps, and depending on where you are in the selling cycle, involves those individuals.

Typically, what happens, we — and I got the other aspect of sales engineers — we get a potential opportunity. Usually, it comes from a developer, or group of developers, using our solution within an organization. That then leaves to greater interest into, going from the free version to a paid version. That involves an account executive, with a sales engineer, they work together, and we do this all over the phone.

All our selling is done over the phone, rarely do we go on-prem to an organization. It’s done over the phone, or through a series of video conference calls. Then, relationship is made, a deal is consummated, all our deals are based on annual subscriptions. That’s a recurring revenue model. Once the deal closes, then it goes to our customer success manager.

The customer success manager with her team, their job is to make the customer successful. Then, there’s an account manager that is brought in to nurture and manage the account, and renew it, and work with the account, to help them in other areas of their business, where our solutions can help them. And that’s typically the cycle that we work on.

Now, that is for the Enterprise tier. One thing that I haven’t touched on, Mike, is that we, not only have an Enterprise tier, we also have a lower-tier pricing structures. We have five tiers, we have the Community Tier which is free, but then, we have the Coder Tier, the Team Tier, the Business Tier, and the Enterprise Tier.

For the Coder Tier, Team Tier and Business Tier, that’s handled by an inside sales group that deal with the smaller price point products.

OEM

Michael Schwartz: I noticed that you have an OEM license – is that a material part of your business? And how did that come about?

Bart Copeland: Yeah. If you look at our business today, at the enterprise level, about 50% of the revenue at the enterprise level is enterprise subscriptions, and the other 50% is OEM. So, the way it came about is that when you get a distribution supported from ActiveState, there’s two ways you can consume that distribution. One way is, you consume it internally, and you consume it internally for all of your internal Dev practices or Dev applications that are enterprise wide.

However, another way you can consume our distributions is, you bundle it with your product, and you sell that bundle to your end-users. For example, you may have a product that requires a Python language distribution to run your Python product on your customers’ systems.

Then, we OEM our language distribution as part of a bundle, and that’s how it came about. It’s a sizable portion of our business, the OEM portion.

Other Partnerships

Michael Schwartz: Are there other partnerships that you think are important to ActiveState?

Bart Copeland: So, going forward with the ActiveState platform, around open-source language automation, we feel the partnerships that are really important, it is right now looking at the whole landscape around CICD, around what GitHub and GitLab are doing, and what the cloud providers are doing, specifically AWS, Microsoft Azure and Google with Google Cloud platform, as well as we watch IBM Cloud, it’s kind of the number four cloud player.

Those are the three key partnerships. We’re looking at other areas that we are concentrating aggressively. I would say there’s another area, fourth area of a bunch of miscellaneous groups that we feel are important. For example, we feel it’s very important to play well in the whole RedHat ecosystem.

Another ecosystem we feel it’s important to play well is in the VMware ecosystem. Another very important area, which is more around standardization, is the Docker ecosystem, or the containerization ecosystem, to make it very easy to consume our distributions as containers.

Is ActiveState Open Core?

Michael Schwartz: You mentioned a few tiers of product – would you consider ActiveState distribution to be open core?

Bart Copeland: Absolutely, yes. If you look at what comes off of the platform, the ActiveState platform is all about building your language distribution, certifying it, and resolving.

So, when I say building, you decide which packages you want from the open-source ecosystem, you decide which of the language runtime you want to use from the open-source ecosystem. For example, to stick to Python, you want Python 3.7, you want 35 packages from PyPI, you bring that all, and that’s all open source.

We then build it for you, for the operating systems you care about. You have three choices: Windows, Linux and Mac. You build it for the operating systems you want. That then is created as a distribution, the core of the distribution is open core, because it’s relying on all the open-source licenses that exist, and we preserve that.

Once you build the distribution, then, we certify it, we check for any “dependency hell” issues. What I refer to as dependency hell, we check for any security violations, we check for any license issues that you may have decided as a user, there’s certain licenses you don’t want.

The other thing we do is, we resolve any issues that come up automatically in the background. You’ve got this distribution on the ActiveState platform, and the result is, the dependency breaks or there’s a CV threat – we fix that automatically and we alert you.

Where I’m going with this in the spirit of your question, all of that is still open-core. It’s all based on all the open-source ecosystem, but the platform itself is closed-core. That’s the closed proprietary layer on the outside.

Pricing

Michael Schwartz: Over the years, have you significantly adapted your pricing strategy, or has it been relatively stable? Let’s just talk about the distributions, what you’re still in.

Bart Copeland: The distribution business has been relatively stable. The key thing that’s different is, historically, we’ve been distribution as-a-service. You come to ActiveState, and we provide you a distribution as-a-service. Now, we’ve evolved the business, where it’s, you self-serve with the platform and build your own distribution. It’s a software-as-a-service solution.

The pricing for the most part is the same, but we’re offering a lot more for the same price now under the ActiveState platform.

Open Source With A Third-Party Project?

Michael Schwartz: One of our guests previously made the case that it’s better to sell open-source software that someone else writes because, otherwise, you are funding engineers who are basically not billable – would you agree with that?

Bart Copeland: Yes. But I think you have to find a fine balance. Because, if you are always taking and not giving – that’s not good. From my perspective, you have to have a very fine balance of how you’re dealing with the open-source ecosystems.

Language Support Roadmap

Michael Schwartz: There are new programming languages every year, it seems. I’m guessing if you’re a new programmer, you’re not going to start learning Perl or Tcl – has that made these products more valuable, maybe as you face less competition in the tools market?

Bart Copeland:  I believe it makes it worth value for two reasons. The first reason is what you mentioned. It is that we have a lot of legacy languages that we support, it is very important to the enterprise. Because, for example, and some of your listeners may laugh at this, is that we support today Perl 5.12.

We have Perl 5.28, but we have enterprises, we have applications and production, and we support 5.12 for them, because it’s easier for them, if we support Perl 5.12, to migrate to 5. 28.

So, in that sense, that’s very valuable to us and valuable to our customers. But at the same time, the same customers are saying, for new applications, for greenfield applications, we need to use the new languages, and can we go to ActiveState to get the new languages.

Our goal eventually, with the ActiveState platform, is to support any language that our customers want to use. We’re not there yet, but that’s the vision for the ActiveState platform.

Michael Schwartz: Which languages do you think you’re maybe in sooner than later?

Bart Copeland: Great question. Right now, we’ve got Perl, Tcl and Python. On a roadmap for coming up here is Javascript, and Ruby, and Java. And then, most likely were looking at PHP, R, Elm, Rust – these are some of the languages that are on our radar.

Team

Michael Schwartz: Can you talk a little bit about your approach to building the team? Does location weigh into the hiring equation, or are you willing to use remote people?

Bart Copeland: That’s a really good question. My philosophy is, we go where the talent is, we don’t force the talent to come to us. So, we are a company about — what is it today — think about it, just under 2/3 are head office in Vancouver. But I think it’s getting closer to 50%. The other 50% are distributed throughout North America.

Our philosophy is, as I said, we go where the talent is. And as a result, especially on the development side, we are hiring developers, wherever the talent is. We have developers spanning four different time zones, from West Coast all the way to Halifax, which is one hour further than the East Coast time.

But we tried to bookend it within those time zones, because we haven’t yet expanded to either the Asian market or the European market, just because of the collaboration. We wanted to be able to collaborate in real time. We use Slack aggressively as an organization.

So, the answer to your question is, we are very open to a distributor organization. We think we’re doing a really good job of managing a distributor organization. There’s a number of things we do to include all of our virtual activators. We call ourselves activators at ActiveState. And we refer to our remote activators as virtual activators or remotes.

Here’s some things we do to make them feel inclusive. We use Slack aggressively. Most of our Slack channels are all public within the company, so everybody can see what everybody’s doing. There’s freedom to lurk, there’s freedom to participate.

We have regular company meetings once a month, with the entire company, with video on. We also really encourage video meetings all the time. Every morning, all the teams, various teams have daily stand-ups, the agile methodology, all those daily stand-ups are done with video or a video conferencing.

We also try to have all our activators, at least twice a year, come to head office, so we fly everybody in. We have them all together, so they can build relationships and cross-pollinate.

Also, many tech companies have a lot of nice fringe benefits, like free drinks, free food, we bring in a warm lunch every Friday, we call it “free-lunch Friday”. Unfortunately, our remote activators don’t have access to that, so what we do is, we send them a food package once a month with Amazon Prime — and I’m not sure exactly how we do it, I’m not involved with it myself — but we actually ask them what they would like and we arrange it in an Amazon Prime, and we deliver it to their homes.

And the other thing we do is, various members of the remote team fly up on a regular basis to interact with the head office as well. These are some of the things we do to promote inclusive environment, and also needs to grow. Because it’s very hard, given the type of work they are doing, to find all that talent in Vancouver – I would say it’s impossible. It’s not very hard – it’s impossible.

Balance Free And Paid

Michael Schwartz: As a sort of Python hacker myself over the years, I’ve been on the ActiveState site a number of times, looking at code examples – how do you choose which efforts to invest in? And how do you invest, I guess the R&D or community work that you do – how do you prioritize it?

Bart Copeland: It’s a really good question. I don’t have a good answer for you on that. At the end of the day, we have to find a balance between investing in developers and solutions for developers and meeting their needs, and balance that with ultimately the enterprise, because they long-term pay the bills. And we need a healthy balance there.

One of the things I should touch on, Mike, is that, if you look at ActiveState through its entire 20-year journey, there’s something common through that 20-year journey. And that commonality is as follows: every single product has been based on open source. Every single product has been built and designed with the developer in mind. 

And every single product has been built with a developer and the enterprise in mind. If they take the intersection of those three, that’s our sweet spot, that’s where we make money. We’re constantly trying to find the balance because we are a company that’s growing organically.

We don’t have outside money, we have to rely on our hard work and creating a happy balance between developers, who don’t want to pay for things, which we’re fine with, but finding and giving them those solutions that they’re free to use, and then find that happy balance with developers and the enterprise who are prepared to pay for what we offer.

How Far Do You Forecast?

Michael Schwartz: So, you’re 20 years in, which is not something a lot of tech companies can say – how far do you look ahead to the future? Are you looking 20 years out?

Bart Copeland: I look in three to five-year timeframes. Because if you look at ActiveState history, under ActiveState 1.0, we were focused on Perl, the high-rapid growth of Perl, and with the anti-spam problem under ActiveState 2.0, again we were focused on language distributions, and we were focused on the whole cloud computing space, and specifically for us, platform-as-a-service.

Now, we’re focused on open-source language automation and helping make software really work well for developers in the next three to five years.

Because tech moves so fast, the industry is so vibrant and so exciting. And I often say to younger developers, younger people getting into tech – because I’ve been it now for 30 years– I say, “We are still in the early innings. We’re like an inning 2.”

If somebody said to me this is a 100-year cycle we’re in right now in tech, and we’re still in it 20 years or so, we got a lot to do. It’s just starting to get exciting. I’m kind of looking here, I’m at the

the latter part of my career, and I’m looking at my two young sons, who are just starting their careers, and I want to do it all over again.

Because I think it’s going to get even more exciting. But the point I’m trying to make here, Mike, it’s very hard to look beyond three to five years in my view. We, right now, are focused on this audacious goal of building a platform for open-source runtimes and specifically solving the problem around open-source language automation. That’s our focus, that’s a three to five-year plan. We’re going to deliver on that, and then we’ll regroup again.

Bootstrap Governance

Michael Schwartz: Quick question on governance. As a bootstrap company, do you have a board of directors? What does governance look like in a bootstrapped company?

Bart Copeland: Bootstrap company, by definition, that means we’re a private company. So, the company is owned by its employees and some key shareholders. And I believe in good corporate governance, and there is a board. The board is comprised of some of the key shareholders – it’s a very small board.

I think it’s important, as a CEO, that you get external advice, so in addition to having a board, because that’s one form of advice, I have a group of advisers that advise me as well and advise my leadership team.

And I think that’s very important. I think as a bootstrap company, you shouldn’t do things in isolation. It’s very important that you have individuals that are not in the trees with you, and they can constantly spot and say, “Hey Bart, have you considered this, or what about that?”

There’s four of us on the board. And then, I have three other advisers, who are not part of the board, but advise me one-on-one.

Advice For Open-Source Entrepreneurs

Michael Schwartz: Last question. Any advice for new entrepreneurs, who are launching a business around an open-source software project?

Bart Copeland: Oh, that’s a good question, Mike. I think there’s a general advice, and then there is advice specific to open source. The general advice that I give — and I do a lot of Angel Investing with young entrepreneurs, and invest in small promising individuals and companies — the advice I give is, persistence, and perseverance and focus.

If you believe in something, stay at it. Don’t lose your focus. That doesn’t mean you shouldn’t pivot, but if you look at people who are successful – it’s about perseverance and persistence. That’s the general advice.

As far as open source is concerned, I think my advice is, I love open source. It IS the future. When I first started an open source, people were saying, “This crazy. Why are you doing open source? There’s no future in it.” Now, open source has one. There’s so much power in collaboration in open source.

My advice is, if you are not using open source, then there’s something wrong with your company. You should BE using open source. It’s the way to go. It is the de-facto standard to build a great organization.

Michael Schwartz: Bart, that was fantastic. Thank you so much for joining us today.

Bart Copeland: Thank you, Mike, it’s been great.

Michael Schwartz: Thanks to Bart and the ActiveState team for making this interview happen. Thank you, thank you to the Open Core Summit team for giving us a table at the event to promote the podcast, and for giving up their sponsorship room a few times, which was the quietest place we could find to record.

Please, support the event. We need more events like this to grow the industry and to share our experiences in person.

Transcription and episode audio can be found on opensourceunderdogs.com.

Music from Broke For Free and Chris Zabriskie.

Audio editing by Ines Cetenji.

Production assistance and transcription by Natalie Lowe. Operational support from William Lowe.

Have comments? Tweet at us. Our Twitter handle is @fosspodcast.

Please subscribe to the podcast and add it to your favorites on your podcast app. That helps us get the word out.

Next week, we have Ben Golub from Storj, who will take us through the first open-source, blockchain business model.

Until then, thanks for listening.

Loris Degioanni is the Founder and CTO of Sysdig, a platform for cloud-native visibility and security for workload production. In this episode, Loris discusses how his past entrepreneurial experiences have helped shape a successful business at Sysdig.

Transcript

Intro

Michael Schwartz: Hello and welcome to Open Source Underdogs. I’m your host Mike Schwartz, and this is episode 35 with Loris Degioanni, Co-Founder and CTO of Sysdig.

For you, older geeks out there, Loris is a legendary technologist who is one of the authors of Wireshark, a tool, which used correctly, could seem like black magic to layman. So, hearing the voice behind Wireshark is probably reason enough to listen to this episode.

Sysdig has raised over $120M on revenues of $30M, employees around 200 people, so to say that they’ve been successful for a company founded about six years ago is an understatement.

Loris has some unique metaphorical advice for entrepreneurs at the end of this interview, so make sure you hang in there. Enough of my blabbering – let’s get on with it.

Loris, thank you so much for joining the podcast today.

Loris Degioanni: Thank you for having me.

Origin

Michael Schwartz: What was it about Cloud Native infrastructure that gave you the idea for Sysdig?

Loris Degioanni: This is actually sort of a long story. Cloud Native infrastructure is, in my view and in terms of the rationale and motivation to Sysdig, just an inflection, one of the many inflections and radical changes in computer architectures.

We’ve seen several of them in the last couple of decades, the switch from physical servers to virtual machines, the generated arrays of VMware and similar companies, the evolution of virtualization into public Cloud, like Amazon AWS and so on, and most recently, the birth of containerization and modern application orchestrators like, for example, Kubernetes, created by Google.

Each of these big radical changes in the ecosystem typically require to reinvent the functionality that was available before, because the whole ecosystem needs essentially to update to the new paradigm. That’s essentially what I’ve done when I started Sysdig.

I essentially reapplied my previous experience in open-source and commercial products, and I just tried to make something that would be perfectly suited for the new world of cloud computing and Kubernetes.

To give you a little bit more context essentially, I come from a background, I’ve done computer networks and network packet capture for the first 10 years of my career, started in 2000. In particular, my first company was called CACE Technologies, and was behind an open-source packet network analyzer called Wireshark that essentially reshaped the industry of being able to essentially capture network traffic and look into networks.

That company was acquired in 2010 by a bigger company called Riverbed. When I was at Riverbed, I became the CTO of one of their business units, and I was in charge of the product roadmap for the business unit that was doing visibility and performance management for networks and applications by using essentially network packets and so on.

I realized that despite the business going very well, the world was changing, and so, I tried to essentially reapply what I did in open source and commercial, in the previous generation to the new world of Cloud Native and Cloud Computing. That was the summary of the basic reasons why I started Sysdig.

Project Or Company First?

Michael Schwartz: When you started Sysdig, did you start by writing some tools? And I’m wondering if a community coalesced around those tools from the beginning.

Loris Degioanni: Yes. And again, I’m going back, and I will do it probably multiple times during this podcast, to my previous experience with Wireshark, with network packets, because there are several parallels.

When I started my first company, essentially we already had Wireshark, and even before that, a network packet capture for Windows as strong established open-source projects.

That allowed us, me and my co-founders to bootstrap a business in a way that was very efficient, with minimal cost, and allowed us to create a brand and reach a pretty substantial market by just essentially having a very strong and very visible open-source property that was very relevant for our class of buyers.

In that first experience, first myself, and other people in that community that then started the business with me, operated the open-source tool and worked with the community for many years before we started a business.

When I started Sysdig, my second company, I definitely tried to leverage as much as possible the learnings, and in particular, I already knew how effective an open-source tool, adopted by the broader community, would be to bootstrap an enterprise and infrastructure company.

When I started Sysdig, I was in a different situation because I didn’t have an established open-source property, but I decided essentially to create one, to leverage its properties to successively create a business.

First, you need to make something useful. And you need that to be useful enough that people at least want to install it, try it, use it, maybe use it in production. And that both is validation for your idea and also as your initial source of marketing, visibility, lead generation and so on.

What I did with Sysdig was, essentially the basic idea was like what I was doing before with packets was going to be irrelevant because packets as a data source are not accessible anymore when you have, for example, virtual machines instances that are running on Amazon AWS.

You just have machines that are floating on somebody else’s network or infrastructure. You don’t really have access to the router for example to extract these packets to get inside.

Similarly, when you are running containerized infrastructures, based on Docker or Kubernetes, you have these many, many little elements that are pretty opaque, and you cannot really see what they’re doing from the network point of view.

I created a technology that would allow people to gain these insights again, by essentially sitting in the operating system, like for example Linux, and collecting signals, like system calls from this operating system.

Long story short, I sort of came up with a technology that would work again and reestablish that kind of visibility. By doing that, I stumbled into something that would have quite a bit of value for the community.

I decided to release this technology initially as open source, to create essentially a tool that would gather a community around it.

This was in 2014/15, so the very first release that we did of Sysdig was bringing these technology as open source to the community. And to the point Sysdig was born, and to the point the community noticed us, and to the point we started having people talking about us, we started having people installing our tools, and that was how Sysdig was bootstrapped.

Products

Michael Schwartz: I see. So, Sysdig, the company, actually predated the first release of the software?

Loris Degioanni: That’s correct. Sysdig was incorporated a few months before the very first release of the software. Then, of course, the company created a bunch of commercial tools on top of the Sysdig technology. But the timeline was, company started, open-source Sysdig released, and then, commercial products came like two years later.

Michael Schwartz: Sysdig has several product offerings delivered both as software and as-a-service. Today, what are the most important products from a revenue perspective, and which products do you think have the greatest growth potential for the future?

Loris Degioanni: I was saying before I’m going back again to the analogy of network packets, and if you look at network packets, they are a very rich and powerful data source, on top of which you can build many different things.

On top of network packets, you can build a router, a firewall, an intrusion detection system, a forensics tool, performance management tool, visibility monitoring. It is just because packets are data source that is a very horizontal, very rich in content, and typically pretty straightforward and lightweight to collect.

As I was saying before, with Sysdig, the original technological advancement that we did was inventing the new data source that would be similar to packets in terms of properties for Cloud Native in the next generation, which means that similarly to packets with these data source, you can create several classes of tools.

Sysdig in particular has multiple open-source solutions and multiple commercial solutions built on top of them. In particular, from the open-source point of view, we have Sysdig, which gave the name to the company, which is a command line open-source tool that is comparable to like TCPdump or Wireshark, but for modern cloud-based Kubernetes-based infrastructures.

Then we have a tool called Falco, which is a rule-based intrusion detection and runtime protection tool, which I often compare to open-source tools like Snort, or Suricata, but for modern Kubernetes environments.

Falco and Sysdig are completely open-source and are completely community-oriented. On top of them, we’ve built two commercial products. One is called Sysdig Monitor, and it’s for visibility, performance management, alerting, dashboarding, and so on.

The other one is called Sysdig Secure. Sysdig Secure is a bunch of functionality to essentially protect modern workloads that are based on Kubernetes, including forensics, including runtime detection and protection, including vulnerability management and image scanning, and many other things.

Michael Schwartz: Do you bundle those two together, or do you sell them individually?

Loris Degioanni: We bundle them together. Of course, you can buy them individually, but the majority of our customers buys them together.

Michael Schwartz: With regard to cloud, or as-a-service delivered vs. software delivered – which one is more important to you?

Loris Degioanni: I would say equally. As-a-service is the future, is our preferred way to deliver our product to our users. At the same time, Sysdig has many enterprise customers.

Actually, we mostly serve as target customer demographic enterprises, like financial, healthcare, media, and so on. As you can imagine, the SaaS model is something that everybody aspires to follow in terms of vendors, but some of these customers are still not ready for that.

As you can imagine, a substantial portion of Sysdig’s biggest customers’ demands from us software that they can install in their data centers.

License

Michael Schwartz: The commercial tools – are they commercially licensed, or is it just a commercial’s binary?

Loris Degioanni: These are commercially licensed. Essentially the model that Sysdig is following is our core technology, and some of our core pieces of functionality are open source.

I was mentioning Sysdig and Falco before. Those are part of our commercial offering, but at the same time, the commercial offering, instead of just being like licensing and support for our open-source tools, tries more to create bundles that include some of our open-source technology and orchestrate it to work essentially at large scales, and complements it with some proprietary functionality that we’ve built on top of that, which includes both pieces of functionality that are missing in the open-source offering, and workflows and user interfaces on top of everything.

Open Core

Michael Schwartz: Would you say it’s an open-core business model?

Loris Degioanni: I would say Sysdig is a unique open-core model. It is open core, but, for example, I do not compare it to — I have no idea – your typical MongoDB. There’s open-source core is more like a relatively small piece of a broader offering, rather than just the core of what we do. This is by design, by the way.

I always found it a little bit challenging to just commercialize what we’ve built in open source because you tend to pretty quickly fall into the dynamic, by which you’re always thinking about every new feature that you build.

Should I open-source it, or should I “make money” out of it. And I typically don’t like to be in the situation. I like to have the freedom, to have this choice to take every time. I prefer to build stuff where there’s a more clear demarcation between what’s open-source and what’s commercial.

They work more like together in symbiosis, rather than being an extension of the other one, and you have more space to evolve two sides in a less, let’s say, stressful way.

Go All Open Source?

Michael Schwartz: Yes. Would you say then that it’s more tools, where certain tools are open-source and certain tools are commercial – and that’s how you draw the line?

Loris Degioanni: Yes. Tools and also use cases based on these tools.

Michael Schwartz: One of the things I have recently observed is Cloudera, the database company, and also Chef, have gone to a model, where they say everything is 100% open source.

Has this changed your thinking at all about maybe whether to open-source or not certain components?

Loris Degioanni: Partially, from one point of view, there’s the dynamic that you’re describing, which I’ve definitely noticed.

On the opposite side, there’s some other companies struggling a bit to decide exactly what their posture should be, in particular with regards to cloud providers like AWS, taking maybe their software and packaging it for the users.

Elastic was one of the most recent examples of that. I think that there’s no perfect mix, there’s no perfect approach. I think that every product is different, every ecosystem is different, every company is different.

Again, from our point of view, more than looking at what other companies are doing, which we definitely do and we take it into account, we try to do our best to find out what’s best for our users first, and then, what allows us essentially to grow our business.

Material Benefit Of Open Source?

Michael Schwartz: Do you think that open-sourcing of the some of the software has materially benefited the company?

Loris Degioanni: Absolutely. Has and still is material benefit in the company. One example that I can bring is, I mentioned Falco, as one of our core open-source initiatives. We’re putting quite a bit of focus around it because, as I was telling you, there’s an exploding ecosystem, the Kubernetes one, which is more and more shaping to become the operating system for the cloud.

So, the platform on which everybody will build their applications in the future. One thing that is interesting is that Kubernetes is really gaining a lot of traction, and nowadays is essentially been adopted by all of the major product vendors, because it was an open effort.

It was designed to be this kind of lingua franca, completely community-oriented, completely open-source to build your modern applications.

We at Sysdig strongly believe there’s the strength of Kubernetes, and every single component and piece of functionality in Kubernetes eventually will be community-oriented and will be open source.

That’s why we did something that is not super common in the security industry. We started open source first. Security industry, compared to other industries, is still quite a bit more protective and a little bit more proprietary in its approach.

But in Sysdig, we just decided, “Okay, first would be the tool.” It will be Falco. We try to make it part of the ecosystem, we try to make it part of the Cloud Native computing foundation, and we do our best to make it part of the stack.

This is, of course, with the goal of providing value and functionality and security for the broader community, and there is something that can be like a standard, a part of the stack in the future. But, of course, doing that also made us very quickly one of the key players in Kubernetes security as a company.

Despite us giving to our community this important component for free, it’s also helped us essentially grow our revenues in the space. So, yes, this has been very useful for us as a business.

Michael Schwartz: Attaching to this really fast-growing ecosystem and becoming part of the stack had a huge marketing distribution advantage for you.

Loris Degioanni: Yes, and attaching to an ecosystem like this is only possible if you’re truly community-oriented right. That gave us an advantage, compared to our competitors, and is allowing us to grow faster than our competitors in that space.

Is Open Source Value Perceived By The Market?

Michael Schwartz: You made an interesting comment about security not always being open source.  I don’t know if you know but my company is in the identity security area, and we’re open source.

I was just reading one of the S-1 of our competitor, Ping Identity, who’s going public, and I did a text search for open source and their S-1, and the only reference I could find to it was a mention of the risks of open source software, and how the use of open-source software might come back to hurt them in the future, and therefore was a risk to investors.

Do you think there’s a disconnect somehow between investors’ perceptions of open source and the reality that you see as a technical professional using open source?

Loris Degioanni: I think that traditionally, for sure, in the investment community at any stage, starting from seed to going public, there’s been skepticism in the investment community.

There’s been skepticism because one of the things that many people say is that open source has generated less winners than expected, and not a lot of these winners have become really, really big. We could argue with it, but I’m just reporting what I’ve heard several times in the investment community.

At the same time, I am seeing more and more investors becoming sophisticated, becoming smarter, understanding what open source means, actually supporting it. I can, for example, make two examples that are extremely close to me.

I have two investors that bet on Sysdig pretty early on, Bain Capital Ventures and Accel, and in particular, my board members, Salil Deshpande, and Ping Li, and Eric Wolford, from these two firms – these are really strong open-source believers that really understand what an ecosystem means, are able to drive it, have a track record of generating successes with open-source companies.

The investors are there, the mindset is changing. I’m seeing, even just recently, multiple funds, these funds being created to focus specifically on open source. I think that the enterprise space, which is the one where Sysdig operates, is particularly ripe for disruption from open source.

I think that despite things not probably being where they should be, they are changing quite fast especially driven by a group of people that are leading the charge. In the future, we’ll see more and more of this, exactly for the reason that you just mentioned.

Open source will become, even more than now, the approach that dominates the software industry, and software is becoming more and more important. So, there’s no escape. The winners will be generated, existing players will be disrupted, and sometimes, it takes a long time, but it always has effects.

Challenges For Open Source Companies?

Michael Schwartz: What do you think are some of the biggest challenges today for open-source startups?

Loris Degioanni: Since we were just talking about funding, related to that is business model. I think that in some verticals, for example databases, we now understand the open-source model, like the go-to-market model pretty well.

We witness MongoDB, Elastic — there’s many of them, Cloudera — we witness to many success stories that essentially leverage sort of a similar playbook, or at least a variation of two or three playbooks.

In those verticals, where the playbook is understood, I’d not say straightforward, but it’s pretty clear how you approach this – open source is everything. Open source is much more than databases, and ranges anywhere from the operating system to user interface stacks, or JavaScript stuff.

I feel that in many of these areas, the go-to-market motion is less established, less proven and still requires a lot of creativity and experimentation from the founders, which also means that at the beginning, the open-source model can be relatively expensive to fund.

From one point of view, you’re focusing on your community, and that takes work, especially when you’re a small team, and takes focus. You have to do that, which means that you’re investing upfront, and you’re spending time and money upfront, have to essentially figure out the approach to market and the business model.

In my opinion, having bootstrapped, two open-source companies – that’s also the most delicate and the toughest part of the journey.

Challenges For Entrepreneurs

Michael Schwartz: One last question, because you have started two businesses, and I would’ve imagined most people who started one would know the dangers and emotional roller-coaster of that journey and not want to do it again, but do you have any advice for entrepreneurs that people going through that process of starting a business and not only starting a business but starting using open source?

Loris Degioanni: I wish I was able to say something magic that teaches people how to do this. I think that the only thing that I learned about, especially about the very, very early stages of a company is don’t give up, it’s really inch by inch.

Celebrate every little small success because that’s how you survive. You will get a thousand punches for every little success that you have. You need to cling to those because it is really a game of inches. It’s just the way it is.

And number two is, jump in the pool on the deep end, in the pool with sharks, and this is the best way to find out if you can swim or not.

I think if there’s something that makes me different from other people that maybe have not started company or have not been successful, that is, I just do it to survive. And yeah, we’ve seen what happens with Sysdig because it’s still relatively early in the life of the company.

But at the same time, Sysdig has over 200 people now. So, it’s a pretty decent-sized organization, and I still try to learn how to swim even at this stage.

Closing

Michael Schwartz: Thank you so much, Loris, for sharing some of your thoughts today.

Loris Degioanni: Thank you very much for having me. It was fun and pleasure.

Michael Schwartz: Thanks for the Sysdig team for helping to organize and promote this podcast.

Transcription and episode audio can be found on opensourceunderdogs.com.

Music from Broke For Free and Chris Zabriskie.

Audio editing by Ines Cetenji.

Production assistance and transcription by Natalie Lowe.

Operational support from William Lowe.

Have comments? Tweet at us. The Twitter handle is @fosspodcast.

iTunes listeners, send us here five stars, and please subscribe to the podcast – that really helps us get the word out.

Next week, we have Bart Copeland from ActiveState, another legendary company in the open-source ecosystem. Don’t miss it!

Until then, thanks for listening.