Episode 35: Sysdig – Native-Cloud Visibility and Security with Loris Degioanni

Loris Degioanni is the Founder and CTO of Sysdig, a platform for cloud-native visibility and security for workload production. In this episode, Loris discusses how his past entrepreneurial experiences have helped shape a successful business at Sysdig.



Michael Schwartz: Hello and welcome to Open Source Underdogs. I’m your host Mike Schwartz, and this is episode 35 with Loris Degioanni, Co-Founder and CTO of Sysdig.

For you, older geeks out there, Loris is a legendary technologist who is one of the authors of Wireshark, a tool, which used correctly, could seem like black magic to layman. So, hearing the voice behind Wireshark is probably reason enough to listen to this episode.

Sysdig has raised over $120M on revenues of $30M, employees around 200 people, so to say that they’ve been successful for a company founded about six years ago is an understatement.

Loris has some unique metaphorical advice for entrepreneurs at the end of this interview, so make sure you hang in there. Enough of my blabbering – let’s get on with it.

Loris, thank you so much for joining the podcast today.

Loris Degioanni: Thank you for having me.


Michael Schwartz: What was it about Cloud Native infrastructure that gave you the idea for Sysdig?

Loris Degioanni: This is actually sort of a long story. Cloud Native infrastructure is, in my view and in terms of the rationale and motivation to Sysdig, just an inflection, one of the many inflections and radical changes in computer architectures.

We’ve seen several of them in the last couple of decades, the switch from physical servers to virtual machines, the generated arrays of VMware and similar companies, the evolution of virtualization into public Cloud, like Amazon AWS and so on, and most recently, the birth of containerization and modern application orchestrators like, for example, Kubernetes, created by Google.

Each of these big radical changes in the ecosystem typically require to reinvent the functionality that was available before, because the whole ecosystem needs essentially to update to the new paradigm. That’s essentially what I’ve done when I started Sysdig.

I essentially reapplied my previous experience in open-source and commercial products, and I just tried to make something that would be perfectly suited for the new world of cloud computing and Kubernetes.

To give you a little bit more context essentially, I come from a background, I’ve done computer networks and network packet capture for the first 10 years of my career, started in 2000. In particular, my first company was called CACE Technologies, and was behind an open-source packet network analyzer called Wireshark that essentially reshaped the industry of being able to essentially capture network traffic and look into networks.

That company was acquired in 2010 by a bigger company called Riverbed. When I was at Riverbed, I became the CTO of one of their business units, and I was in charge of the product roadmap for the business unit that was doing visibility and performance management for networks and applications by using essentially network packets and so on.

I realized that despite the business going very well, the world was changing, and so, I tried to essentially reapply what I did in open source and commercial, in the previous generation to the new world of Cloud Native and Cloud Computing. That was the summary of the basic reasons why I started Sysdig.

Project Or Company First?

Michael Schwartz: When you started Sysdig, did you start by writing some tools? And I’m wondering if a community coalesced around those tools from the beginning.

Loris Degioanni: Yes. And again, I’m going back, and I will do it probably multiple times during this podcast, to my previous experience with Wireshark, with network packets, because there are several parallels.

When I started my first company, essentially we already had Wireshark, and even before that, a network packet capture for Windows as strong established open-source projects.

That allowed us, me and my co-founders to bootstrap a business in a way that was very efficient, with minimal cost, and allowed us to create a brand and reach a pretty substantial market by just essentially having a very strong and very visible open-source property that was very relevant for our class of buyers.

In that first experience, first myself, and other people in that community that then started the business with me, operated the open-source tool and worked with the community for many years before we started a business.

When I started Sysdig, my second company, I definitely tried to leverage as much as possible the learnings, and in particular, I already knew how effective an open-source tool, adopted by the broader community, would be to bootstrap an enterprise and infrastructure company.

When I started Sysdig, I was in a different situation because I didn’t have an established open-source property, but I decided essentially to create one, to leverage its properties to successively create a business.

First, you need to make something useful. And you need that to be useful enough that people at least want to install it, try it, use it, maybe use it in production. And that both is validation for your idea and also as your initial source of marketing, visibility, lead generation and so on.

What I did with Sysdig was, essentially the basic idea was like what I was doing before with packets was going to be irrelevant because packets as a data source are not accessible anymore when you have, for example, virtual machines instances that are running on Amazon AWS.

You just have machines that are floating on somebody else’s network or infrastructure. You don’t really have access to the router for example to extract these packets to get inside.

Similarly, when you are running containerized infrastructures, based on Docker or Kubernetes, you have these many, many little elements that are pretty opaque, and you cannot really see what they’re doing from the network point of view.

I created a technology that would allow people to gain these insights again, by essentially sitting in the operating system, like for example Linux, and collecting signals, like system calls from this operating system.

Long story short, I sort of came up with a technology that would work again and reestablish that kind of visibility. By doing that, I stumbled into something that would have quite a bit of value for the community.

I decided to release this technology initially as open source, to create essentially a tool that would gather a community around it.

This was in 2014/15, so the very first release that we did of Sysdig was bringing these technology as open source to the community. And to the point Sysdig was born, and to the point the community noticed us, and to the point we started having people talking about us, we started having people installing our tools, and that was how Sysdig was bootstrapped.


Michael Schwartz: I see. So, Sysdig, the company, actually predated the first release of the software?

Loris Degioanni: That’s correct. Sysdig was incorporated a few months before the very first release of the software. Then, of course, the company created a bunch of commercial tools on top of the Sysdig technology. But the timeline was, company started, open-source Sysdig released, and then, commercial products came like two years later.

Michael Schwartz: Sysdig has several product offerings delivered both as software and as-a-service. Today, what are the most important products from a revenue perspective, and which products do you think have the greatest growth potential for the future?

Loris Degioanni: I was saying before I’m going back again to the analogy of network packets, and if you look at network packets, they are a very rich and powerful data source, on top of which you can build many different things.

On top of network packets, you can build a router, a firewall, an intrusion detection system, a forensics tool, performance management tool, visibility monitoring. It is just because packets are data source that is a very horizontal, very rich in content, and typically pretty straightforward and lightweight to collect.

As I was saying before, with Sysdig, the original technological advancement that we did was inventing the new data source that would be similar to packets in terms of properties for Cloud Native in the next generation, which means that similarly to packets with these data source, you can create several classes of tools.

Sysdig in particular has multiple open-source solutions and multiple commercial solutions built on top of them. In particular, from the open-source point of view, we have Sysdig, which gave the name to the company, which is a command line open-source tool that is comparable to like TCPdump or Wireshark, but for modern cloud-based Kubernetes-based infrastructures.

Then we have a tool called Falco, which is a rule-based intrusion detection and runtime protection tool, which I often compare to open-source tools like Snort, or Suricata, but for modern Kubernetes environments.

Falco and Sysdig are completely open-source and are completely community-oriented. On top of them, we’ve built two commercial products. One is called Sysdig Monitor, and it’s for visibility, performance management, alerting, dashboarding, and so on.

The other one is called Sysdig Secure. Sysdig Secure is a bunch of functionality to essentially protect modern workloads that are based on Kubernetes, including forensics, including runtime detection and protection, including vulnerability management and image scanning, and many other things.

Michael Schwartz: Do you bundle those two together, or do you sell them individually?

Loris Degioanni: We bundle them together. Of course, you can buy them individually, but the majority of our customers buys them together.

Michael Schwartz: With regard to cloud, or as-a-service delivered vs. software delivered – which one is more important to you?

Loris Degioanni: I would say equally. As-a-service is the future, is our preferred way to deliver our product to our users. At the same time, Sysdig has many enterprise customers.

Actually, we mostly serve as target customer demographic enterprises, like financial, healthcare, media, and so on. As you can imagine, the SaaS model is something that everybody aspires to follow in terms of vendors, but some of these customers are still not ready for that.

As you can imagine, a substantial portion of Sysdig’s biggest customers’ demands from us software that they can install in their data centers.


Michael Schwartz: The commercial tools – are they commercially licensed, or is it just a commercial’s binary?

Loris Degioanni: These are commercially licensed. Essentially the model that Sysdig is following is our core technology, and some of our core pieces of functionality are open source.

I was mentioning Sysdig and Falco before. Those are part of our commercial offering, but at the same time, the commercial offering, instead of just being like licensing and support for our open-source tools, tries more to create bundles that include some of our open-source technology and orchestrate it to work essentially at large scales, and complements it with some proprietary functionality that we’ve built on top of that, which includes both pieces of functionality that are missing in the open-source offering, and workflows and user interfaces on top of everything.

Open Core

Michael Schwartz: Would you say it’s an open-core business model?

Loris Degioanni: I would say Sysdig is a unique open-core model. It is open core, but, for example, I do not compare it to — I have no idea – your typical MongoDB. There’s open-source core is more like a relatively small piece of a broader offering, rather than just the core of what we do. This is by design, by the way.

I always found it a little bit challenging to just commercialize what we’ve built in open source because you tend to pretty quickly fall into the dynamic, by which you’re always thinking about every new feature that you build.

Should I open-source it, or should I “make money” out of it. And I typically don’t like to be in the situation. I like to have the freedom, to have this choice to take every time. I prefer to build stuff where there’s a more clear demarcation between what’s open-source and what’s commercial.

They work more like together in symbiosis, rather than being an extension of the other one, and you have more space to evolve two sides in a less, let’s say, stressful way.

Go All Open Source?

Michael Schwartz: Yes. Would you say then that it’s more tools, where certain tools are open-source and certain tools are commercial – and that’s how you draw the line?

Loris Degioanni: Yes. Tools and also use cases based on these tools.

Michael Schwartz: One of the things I have recently observed is Cloudera, the database company, and also Chef, have gone to a model, where they say everything is 100% open source.

Has this changed your thinking at all about maybe whether to open-source or not certain components?

Loris Degioanni: Partially, from one point of view, there’s the dynamic that you’re describing, which I’ve definitely noticed.

On the opposite side, there’s some other companies struggling a bit to decide exactly what their posture should be, in particular with regards to cloud providers like AWS, taking maybe their software and packaging it for the users.

Elastic was one of the most recent examples of that. I think that there’s no perfect mix, there’s no perfect approach. I think that every product is different, every ecosystem is different, every company is different.

Again, from our point of view, more than looking at what other companies are doing, which we definitely do and we take it into account, we try to do our best to find out what’s best for our users first, and then, what allows us essentially to grow our business.

Material Benefit Of Open Source?

Michael Schwartz: Do you think that open-sourcing of the some of the software has materially benefited the company?

Loris Degioanni: Absolutely. Has and still is material benefit in the company. One example that I can bring is, I mentioned Falco, as one of our core open-source initiatives. We’re putting quite a bit of focus around it because, as I was telling you, there’s an exploding ecosystem, the Kubernetes one, which is more and more shaping to become the operating system for the cloud.

So, the platform on which everybody will build their applications in the future. One thing that is interesting is that Kubernetes is really gaining a lot of traction, and nowadays is essentially been adopted by all of the major product vendors, because it was an open effort.

It was designed to be this kind of lingua franca, completely community-oriented, completely open-source to build your modern applications.

We at Sysdig strongly believe there’s the strength of Kubernetes, and every single component and piece of functionality in Kubernetes eventually will be community-oriented and will be open source.

That’s why we did something that is not super common in the security industry. We started open source first. Security industry, compared to other industries, is still quite a bit more protective and a little bit more proprietary in its approach.

But in Sysdig, we just decided, “Okay, first would be the tool.” It will be Falco. We try to make it part of the ecosystem, we try to make it part of the Cloud Native computing foundation, and we do our best to make it part of the stack.

This is, of course, with the goal of providing value and functionality and security for the broader community, and there is something that can be like a standard, a part of the stack in the future. But, of course, doing that also made us very quickly one of the key players in Kubernetes security as a company.

Despite us giving to our community this important component for free, it’s also helped us essentially grow our revenues in the space. So, yes, this has been very useful for us as a business.

Michael Schwartz: Attaching to this really fast-growing ecosystem and becoming part of the stack had a huge marketing distribution advantage for you.

Loris Degioanni: Yes, and attaching to an ecosystem like this is only possible if you’re truly community-oriented right. That gave us an advantage, compared to our competitors, and is allowing us to grow faster than our competitors in that space.

Is Open Source Value Perceived By The Market?

Michael Schwartz: You made an interesting comment about security not always being open source.  I don’t know if you know but my company is in the identity security area, and we’re open source.

I was just reading one of the S-1 of our competitor, Ping Identity, who’s going public, and I did a text search for open source and their S-1, and the only reference I could find to it was a mention of the risks of open source software, and how the use of open-source software might come back to hurt them in the future, and therefore was a risk to investors.

Do you think there’s a disconnect somehow between investors’ perceptions of open source and the reality that you see as a technical professional using open source?

Loris Degioanni: I think that traditionally, for sure, in the investment community at any stage, starting from seed to going public, there’s been skepticism in the investment community.

There’s been skepticism because one of the things that many people say is that open source has generated less winners than expected, and not a lot of these winners have become really, really big. We could argue with it, but I’m just reporting what I’ve heard several times in the investment community.

At the same time, I am seeing more and more investors becoming sophisticated, becoming smarter, understanding what open source means, actually supporting it. I can, for example, make two examples that are extremely close to me.

I have two investors that bet on Sysdig pretty early on, Bain Capital Ventures and Accel, and in particular, my board members, Salil Deshpande, and Ping Li, and Eric Wolford, from these two firms – these are really strong open-source believers that really understand what an ecosystem means, are able to drive it, have a track record of generating successes with open-source companies.

The investors are there, the mindset is changing. I’m seeing, even just recently, multiple funds, these funds being created to focus specifically on open source. I think that the enterprise space, which is the one where Sysdig operates, is particularly ripe for disruption from open source.

I think that despite things not probably being where they should be, they are changing quite fast especially driven by a group of people that are leading the charge. In the future, we’ll see more and more of this, exactly for the reason that you just mentioned.

Open source will become, even more than now, the approach that dominates the software industry, and software is becoming more and more important. So, there’s no escape. The winners will be generated, existing players will be disrupted, and sometimes, it takes a long time, but it always has effects.

Challenges For Open Source Companies?

Michael Schwartz: What do you think are some of the biggest challenges today for open-source startups?

Loris Degioanni: Since we were just talking about funding, related to that is business model. I think that in some verticals, for example databases, we now understand the open-source model, like the go-to-market model pretty well.

We witness MongoDB, Elastic — there’s many of them, Cloudera — we witness to many success stories that essentially leverage sort of a similar playbook, or at least a variation of two or three playbooks.

In those verticals, where the playbook is understood, I’d not say straightforward, but it’s pretty clear how you approach this – open source is everything. Open source is much more than databases, and ranges anywhere from the operating system to user interface stacks, or JavaScript stuff.

I feel that in many of these areas, the go-to-market motion is less established, less proven and still requires a lot of creativity and experimentation from the founders, which also means that at the beginning, the open-source model can be relatively expensive to fund.

From one point of view, you’re focusing on your community, and that takes work, especially when you’re a small team, and takes focus. You have to do that, which means that you’re investing upfront, and you’re spending time and money upfront, have to essentially figure out the approach to market and the business model.

In my opinion, having bootstrapped, two open-source companies – that’s also the most delicate and the toughest part of the journey.

Challenges For Entrepreneurs

Michael Schwartz: One last question, because you have started two businesses, and I would’ve imagined most people who started one would know the dangers and emotional roller-coaster of that journey and not want to do it again, but do you have any advice for entrepreneurs that people going through that process of starting a business and not only starting a business but starting using open source?

Loris Degioanni: I wish I was able to say something magic that teaches people how to do this. I think that the only thing that I learned about, especially about the very, very early stages of a company is don’t give up, it’s really inch by inch.

Celebrate every little small success because that’s how you survive. You will get a thousand punches for every little success that you have. You need to cling to those because it is really a game of inches. It’s just the way it is.

And number two is, jump in the pool on the deep end, in the pool with sharks, and this is the best way to find out if you can swim or not.

I think if there’s something that makes me different from other people that maybe have not started company or have not been successful, that is, I just do it to survive. And yeah, we’ve seen what happens with Sysdig because it’s still relatively early in the life of the company.

But at the same time, Sysdig has over 200 people now. So, it’s a pretty decent-sized organization, and I still try to learn how to swim even at this stage.


Michael Schwartz: Thank you so much, Loris, for sharing some of your thoughts today.

Loris Degioanni: Thank you very much for having me. It was fun and pleasure.

Michael Schwartz: Thanks for the Sysdig team for helping to organize and promote this podcast.

Transcription and episode audio can be found on opensourceunderdogs.com.

Music from Broke For Free and Chris Zabriskie.

Audio editing by Ines Cetenji.

Production assistance and transcription by Natalie Lowe.

Operational support from William Lowe.

Have comments? Tweet at us. The Twitter handle is @fosspodcast.

iTunes listeners, send us here five stars, and please subscribe to the podcast – that really helps us get the word out.

Next week, we have Bart Copeland from ActiveState, another legendary company in the open-source ecosystem. Don’t miss it!

Until then, thanks for listening.

Popular Episodes

Sorry. No data so far.

Subscribe to our newsletter
for news and updates