Episode 94
· 39:38
You know, we were getting lots of questions around, you know, like how can we trust you? Because ultimately, if something goes wrong, it's gonna be really bad. Kinda sort of thing. It's gonna be very, very bad. First of all, it's gonna be very bad for the company.
Vlad Matsiiako:It's also very bad for the person, right, who convinces their organization to start using a particular tool. And so the open source aspect and the self stability aspect made it much more trustworthy. Yeah. And it made it much more secure and reliable and and they see this community around it. Also should I be looking at you?
Jack Bridger:Or Yeah. You can look.
Vlad Matsiiako:A lot of people can
Jack Bridger:mix it up. If you wanna say something profound, you can look at that. Do you think we are just like slightly too close, aren't we? It's like it's just, like it's just a bit, like Maybe we're a little bit too close. There we go.
Jack Bridger:Hi, everyone. You're listening to Scaling Dev Tools. I'm joined today by Vlad from Infyyscal, which is an open source secrets management tool. Yeah. Did I get that right?
Vlad Matsiiako:Yeah. A secrets management platform or tool or tool set. I feel like we have lots of names for it now. But yeah.
Jack Bridger:Yeah. So maybe I'll I'll let you explain it. But I was explaining this to my roommate, and he said, I've never really had an issue with secrets. Like, why do I need that? And I said, well, if we work on the same team, how do you send me these API keys?
Jack Bridger:Slack? And then, yeah, he was like, oh, yeah. I see I see why that's invaluable.
Vlad Matsiiako:Yeah.
Jack Bridger:And once you have a lot of people, maybe you're like someone that really shouldn't get hacked, really shouldn't have things compromised.
Vlad Matsiiako:Yeah. Yeah. That that that's pretty much how it is, and it starts from kinda like the most the simplest use cases, right, where you just have, you know, like a 1 or 2 people team, where you need to just share secrets or environment variables. And and really by secrets, what we mean is any type of secrets. Right?
Vlad Matsiiako:It could be anything from, like, environment variables and different even like non sensitive configurations to, you know, like encryption keys and database access tokens and certificates, and we do lots of things there, but it'd be kinda like starts very simply, right, from just sharing it between developers and then goes to some more much more advanced use cases where it's not as much about developers even, but more about infrastructure. Right? If you have your Kubernetes clusters, how do you manage secrets there, or how do you manage secrets in Terraform or in your Jenkins pipelines or really anything. Right? And, the whole goal or the whole point or purpose often physically so that you you can have it centralized in a single secure location so that you know, you know, who has access to your secrets.
Vlad Matsiiako:It's not sprawled across infrastructure in a way that you don't know even how many secrets you have or who has access to it, or, you know, you don't have any auditability, with what's happening, but instead, you centralize it, you know, in a single location. It's very secure, so you don't need to worry about that. It's all encrypted, and you have, you know, perfect visibility around what's actually happening, which users, and also which machines, kind of like service accounts, are able to use different secrets or access different secrets, and you're able to track every step of what's happening.
Jack Bridger:Yeah. It's it it really makes so much sense. And I I see in my day to day workflow. Yeah. We're not using 1, and we're not using it physically yet.
Jack Bridger:We should be. And it's like even if you just wanna go work on another laptop Yeah. You haven't got Yeah.
Vlad Matsiiako:Yeah. That's that's actually a great use case. Right? It's like, for example, so it's kind of like developer onboarding. Right?
Vlad Matsiiako:So like, imagine you get a new developer, they get a new laptop. How do they get access to the right secrets, or you change your laptop, and then how do you get access to the right set of secrets again? Yeah. Right? Or like you maybe, like, wiped your laptop because you wanted to do a reset, and then all your secrets disappear.
Vlad Matsiiako:But instead, you can just yeah.
Jack Bridger:Yeah. Just like a productivity issue as well because someone's gotta wait around to, like Yeah. For someone else to send it to them or, like Yeah.
Vlad Matsiiako:Yeah. To figure
Jack Bridger:out what it was and go get it from every app
Vlad Matsiiako:Yeah. It's a lot about productivity and, like, productivity and efficiency and and yeah.
Jack Bridger:Very cool. And so you've been growing a lot, and I know that one of the things that's been a big part of it is open source. Mhmm. Could you share a bit about, like well, actually, maybe let's start of the game.
Vlad Matsiiako:Do you
Jack Bridger:wanna tell us a bit about the origin story of NVIDIA?
Vlad Matsiiako:For sure. So, actually, it started closed source. Right? And so for the first few weeks or or maybe, like, 2 months or so or something like that, Infysco was actually closed source. And, I guess kind of like with any early stage startup, you learn a lot, and, I I think as we entered the space, we realized much more about what customers actually care about.
Vlad Matsiiako:And what people care about is that us being an early stage startup, even though we provide a really, you know, great solution for a very particular use case of exactly this kind of like local development secret management, and how to get secrets into applications, and local machines, and so on. But even though we provided that, we had lots of feedback of companies, like how do we trust you. Right? Like you're so young, you know, you don't have any good customers yet, And it was very hard. And and so this what we realized, right, and and that was, not immediately obvious back then is that one way to kinda, like, find these concerns is to open source the product.
Vlad Matsiiako:Interesting. Yeah. And we open source it under the MIT license. Right now, it works. Yeah.
Vlad Matsiiako:Like, the core of the product is is still available under the MIT, and then we have kinda like some add ons on top. They're available in the enterprise edition. But the fact that we, you know, just put it out there and every developer could inspect the codes, You know, people could even contribute their own integrations, and we have lots of both developers and companies, right, like very large organizations who contribute their code to Infysql.
Jack Bridger:So
Vlad Matsiiako:and, you know, we review it and test it, and and and then approve it if, you know, it it matches the direction that we were going at. But the kinda like open sourcing and physical really allowed us to build trust
Jack Bridger:Yeah.
Vlad Matsiiako:In what people can do. And secondly, it kinda like very technically allowed people to sell post in physical. So now lots of different developers and companies and, you know, in governments, they were able to sell post in physical on their infrastructure. So oftentimes, it's within their, you know, public cloud instances, whether it's AWS or GCP or Azure, but also oftentimes, it's actually on their own data centers. Right?
Vlad Matsiiako:So a lot of organizations that we work with, they're actually very, large, and, you know, a lot of many of them haven't been moved to cloud yet, or maybe it's, like, 2, 3% of their infrastructure is actually on the cloud.
Jack Bridger:Wow. And how when you have an MIT license and, say, like, a government wants to use it, do they like, do you start working with them? Is it, like, they become a customer, or or they just kind of go away? And
Vlad Matsiiako:Yeah. Well, they don't go away. At least in theory, they should. Yeah. But, yeah, I think there are different stages to that.
Vlad Matsiiako:Right? So what makes open source really convenient, especially for these kinds of tools where procurement processes can be pretty complicated.
Jack Bridger:Right?
Vlad Matsiiako:So if you wanna use a secure like, basically, you're kinda like giving away the keys to the castle. Right? Imagine like a large bang that comes to us, and then we would tell them that they need to use our our cloud products. And so all of their, like, 100 of 1,000,000,000 of dollars would now be managed by this cloud tool that they never heard about before. Yeah.
Vlad Matsiiako:You know, they have lots of concerns, but, you know, if they are able to start self hosting on their infrastructure, it's much easier for them to, first of all, test it. So this kind of like period becomes very simple. They oftentimes don't need to get any approvals for that because, again, in physical is available with an MIT license. And then, on top of that, it's also much easier to get it into production because once again, it's it's much easier. People trust it much more.
Jack Bridger:Mhmm.
Vlad Matsiiako:People see, you know, we have, I think at this point, maybe, like, over 13,000 GitHub stores, and people see, how, you know, lots of other companies using it, and lots of companies opening issues, and lots of companies submitting pull requests and contributing. And they see this community around, and that's another, you know, very important point of open source because, developers don't want to use and and and we see that a lot in Yeah. Also in very large companies, you don't want to use the tools that are closed down behind the talk to sales. Yeah. Because usually these tools actually have very small community.
Vlad Matsiiako:And if you have a question, your only way is to, like, reach out to the company support, and maybe they'll help you, but it might take long. Whereas within physical, there's, you know, tens of thousands of developers there everywhere, like Stack Overflow and Reddit, and, you know, we have so much content that now it's on Charge GPC and perplexity or anything. And, you know, this community is another point to why open source actually makes so much sense.
Jack Bridger:Yeah. That that actually has, like, really helped me to understand that. So it's, like, basically because one of my questions was actually gonna be, like, how I saw, you know, you're working I don't you can say some of the big companies that you're working with. Right?
Vlad Matsiiako:We yeah. Yeah. We're working with, like yeah. We work with a lot of customers from, you know, some very small startups to some very big name AI companies like Hugging Face. Yeah.
Vlad Matsiiako:And HN, a lot of AI companies. Wow.
Jack Bridger:HN.
Vlad Matsiiako:But also with very big, you know, financial institutions and insurance companies and governmental institutions, telecom, manufacturing. So yeah.
Jack Bridger:Yeah. And that that was actually gonna be one of my questions, was, like, how did you get these guys to, like, trust you with their, like Yeah. Their biggest secrets after such a short amount of time? And I guess what you're saying is, like, you're like, well, go look at the code. Like, here it is, and you can handle it.
Jack Bridger:You don't need to trust us.
Vlad Matsiiako:Yeah. You know, that was in the beginning. Right? Yeah. It it was kinda like the step one of what we did, and and lots of customers would would sell post.
Vlad Matsiiako:Right now, I think we kinda like past the point where Infysmal is becoming like a very recognizable name. Yeah. You know, for like lots of CISOs know us, like chief security information security officers and lots of, you know, like, very large organizations. And because of that, it's also much easier for people to trust our cloud product. Mhmm.
Vlad Matsiiako:So lots of, you know, very large organizations, they're actually using a physical cloud. Interesting. In the beginning, it it was basically, like, you know, we were getting lots of questions around, you know, like, how can we trust you? Because, ultimately, what happens, right, is and secret management is so critical that if something goes wrong, it's gonna be really bad. Kinda slow for you.
Vlad Matsiiako:Like it's gonna it's gonna be very, very bad. Yeah. And first of all, it's gonna be very bad for the company. It's also very bad for the person, right, who who adopts the solution Yeah. Who, like, convinces their their organization to Yeah.
Vlad Matsiiako:Start using a particular tool. And so the open source aspect and the self stability aspect allowed it basically made it much more trustworthy. Yeah. And it it made it much more secure and reliable and and Yeah. Yeah.
Vlad Matsiiako:Yeah. Yeah. I feel I
Jack Bridger:feel like I'm even to like a kind of maybe slightly less disastrous, barely, I guess, but, like, super base, I feel like they did quite well in terms of at the beginning, it was like, well, don't trust us. It's it's Postgres. Yeah. You know, you're, you know like, you can you know this, and it's, like, slightly different approach or anything. Yeah.
Jack Bridger:It's open source. You can run it. You can inspect it. You can Yeah. They're just saving you time.
Vlad Matsiiako:They they did it really great because otherwise, you know, database is also incredibly critical. Yeah. And, you know, you don't wanna choose the wrong one.
Jack Bridger:Yeah. Yeah.
Vlad Matsiiako:Yeah. And it and it's you know, arguably, secret management is more critical Yeah. Than your database. You know, I feel like it's often said, you know, databases tier 1 infrastructure, but secrets management might be tier tier 0 infrastructure because Xyng is, you know, imagine you're a large organization, like a bank. Well, you have 100 or thousands of different applications, both internal and external, but guess what?
Vlad Matsiiako:All of them connect to a single secrets manager solution. Yeah. And so if your database is down, then only one of your applications is down. If your secrets manager is down, then potentially a lot of your applications are down, and so it's much more risky, and and this kind of, like, availability concern is is definitely something that a lot of our customers care about. So
Jack Bridger:So with the big companies that start adopting you with the MIT license, what happens down the road? Do they come back and say, we want SLAs. We want these sorts of things.
Vlad Matsiiako:Yeah. It it's it's lots of features. Right? And so how we work is we work on an approach that's similar to companies like GitLab Yeah. Where the core of what we do is open source.
Vlad Matsiiako:And, typically, how we do it is that all the developer level functionality is available for free under the legacy license, and any developer can self post it or try it out or run a POC or actually run, you know, like in their home lab, or, it's it's pretty, you know, amazing how much you can actually do with our open source version. But then if you're using it in an enterprise context, most likely your manager is gonna ask for more features or your CSO is gonna come in, and they're like, oh, we need maybe like this compliance certificate or we need this particular access control functionality or or something like that. Right? So when you're using it in a more complex use cases, then, you'll probably meet our enterprise edition.
Jack Bridger:Yeah. I think, one of our previous guests, Flaggedsmith, was saying that
Vlad Matsiiako:Mhmm.
Jack Bridger:A lot of the time, people actually won't pay you as well. Is that is that something that you found?
Vlad Matsiiako:Yeah. For sure. But but, you you know, it's we are fine with that because because we're getting lots of interest in what we do, and oftentimes, companies maybe don't need some of the features that we have yet.
Jack Bridger:Yeah.
Vlad Matsiiako:And it's totally fine. We, you know, we love when people use our open source product, and and oftentimes, you know, companies come to us and, you know, they start thinking about enterprise, and we actually actively recommend them to go the open source route. Right? We just start start using it physical because it, you know, when we when we work with people to, for example, to buy the enterprise edition, we really want them to have a strong use case. Right?
Vlad Matsiiako:And when people are just not sure, we actually recommend them to go with the open source edition
Jack Bridger:Yeah.
Vlad Matsiiako:And then, you know, try it for 3 months, for 6 months, for a year, and then actually understand, do you need it or maybe not? Maybe your use cases are are simpler. And, yeah, and and and kinda like our sales cycles are very fast.
Jack Bridger:Yeah. And let's make it way easier if they're they've already been using it
Vlad Matsiiako:for a year. Exactly. Exactly. And so we make it much easier for everyone. Right?
Vlad Matsiiako:Because those companies, they actually get to try out the tool and and use it in production environments completely free without any procurement, without any legal involved. And when the time comes and when they actually need something, they come to us, and, you know, they already know everything about Infysco and how it works, and and they know what exactly they need. Yeah. And so it you know, this kind of, like, conversation becomes very simple, because, you know, the customers know why they're reaching out to us.
Jack Bridger:Do you think you would have grown so fast if you hadn't gone for the MIT license, but you'd gone for something a little bit more restrictive?
Vlad Matsiiako:That's a great question. I just like MIT license because it makes things so much simpler.
Jack Bridger:Yeah.
Vlad Matsiiako:I feel like GitLab is actually a good example of a tool that started with an MIT license and stuck with it.
Jack Bridger:Do they still have an MIT license? They still
Vlad Matsiiako:have it until now. Yeah. Yeah. And, you know, it's kind of like an open core approach. They have they do have enterprise kind of like functionality around it, but the core of the product is MIT.
Vlad Matsiiako:And I think actually a lot of tools that started with different licenses, they end up switching to something else. So I think, to be honest, I think an MIT license with this these kind of like add ons is probably one of the best approaches that you can take. Yeah. For, you know, a commercial open source company.
Jack Bridger:Because they might. Because I was thinking, as you were saying, like, when you said they don't need legal involved, I was just thinking if it was, like, a slightly more complex Yeah. License, that might not be true if it's, like, a bank or something.
Vlad Matsiiako:Exactly. Because they have a list of licenses that are on the allow list for developers to use. Did they? Yeah. Absolutely.
Jack Bridger:So there there was
Vlad Matsiiako:Yeah. And if it's some kind of, like, unconventional license, like, for example, yeah, some companies create their own licenses, especially as they get larger, and they, you know, try to be very creative with that and and, like, put in lots of clauses. Well, guess what? Now no enterprise can actually use you because now they need to get through this multi week, and and these legal approval process can be so lengthy Yeah. That developers just don't wanna do that.
Vlad Matsiiako:And because, especially in banking, right, developers, you know, they have their task, or they have their goal of what they want to achieve, and they just want to get the easiest way possible. And if they have the task for, like, this quarter and the approval process is gonna take a quarter, well, they're not gonna use that tool anymore. So I think the license is very important. MIT is good. And, yeah, if, you know, if people are starting out, I I would probably recommend this.
Vlad Matsiiako:Industry. Yeah. I I guess you do need to be, you know, thoughtful about what what goes to to MIT and what goes into enterprise edition because you don't want to create barriers for features that are needed by developers, but you also maybe don't want to, like, you know, keep free features that
Jack Bridger:Managers' features.
Vlad Matsiiako:Yeah. That that managers might need. Yeah.
Jack Bridger:Yeah. And just trying to because I've never been a part of a team that's succeeded in this approach. If they're like, how does it look like typically a bank where it's like it's just like a team, and there's, like, one developer in, like, a 10 person team, and they adopt it. Like, is there, like, some and then they start telling people. Like, how does it typically kind of
Vlad Matsiiako:Well, first of all, it's something that was not immediately obvious to us to us is that a lot of very traditional organizations. Right? So anywhere from steel manufacturing to transportation to banking to insurance, they actually have incredibly large engineering teams. Yeah. And sometimes it's 1,000 or tens of thousands of engineers.
Vlad Matsiiako:So it depends on how on how large the company is, but it could be much much more, and and it's typically their engineering teams is larger than, for example, a midsize tech company would have. Obviously, not large as as Microsoft or, you know, like those types of companies. But but yeah. And it it depends on on how they adopt it, but sometimes they could adopt it organization wide. Sometimes they could adopt it for a particular applications that they're developing, on a team level.
Vlad Matsiiako:And then they, you know, recommend their friends. Sometimes what happens is, you know, our users and our customers, they switch jobs, and then they join a new company, and then they introduce in physical to a new company as well. Interesting. So, yeah, I I feel like there is lots of ways, for like, there is lots of ways to win physical spreads.
Jack Bridger:Yeah. Is it something that you kind of, like, think about, or is it this kind of, you know, you just grow the project. You keep on it it becomes more popular, and then, you know, like, suddenly a wild bank appears and Yeah. Starts using it.
Vlad Matsiiako:This growth is you know, it maybe looks very organic, but we definitely think about it a lot. Right? Like, how do we make it simple for people to adopt? How do we, you know yeah. Just, like, make it very easy and and make this decision process very easy for why in physical.
Vlad Matsiiako:Right?
Jack Bridger:Yeah. Are there any examples of things that were, like, harder and you made them easier?
Vlad Matsiiako:Yeah. Like, it's just how you self host in physical. Right? So in the beginning when we launched it, we you know, you needed actually lots of configurations, for for what you need to specify, like, lots of different JWT tokens and Mhmm. And lots of different environment variables and and and so on to actually set up in physical, and it would take, you know, a solid amount of time.
Vlad Matsiiako:And what we do now is actually much simpler, and and lots of these processes are automated, and you can just kinda, like, go to well, it it depends on if you want a highly available environment or not, but we are trying to do lots of these scenarios as simple as possible. And and so we spend lots of time there. And so this allows people not only, you know, kinda, like, get to the production deployment easier, but also just try things out. You know, like, you can just run Docker Compose up and have your instance in a few minutes. And, yeah.
Vlad Matsiiako:Yeah.
Jack Bridger:Is there anything that's, like, because you're kind of building, like, more like a team product. Like, probably not many, like, solo developers relatively. Like, a lot of the values are not when it's, like, multiple people involved. Is there anything you do to, like, make it, you know do you know what I mean?
Vlad Matsiiako:Like Yeah. To, like, expand to more developers in the organization? Or
Jack Bridger:You kind of wanna help them get other people to use it
Vlad Matsiiako:as well? Yeah. Yeah. So, you know, for sure, there's lots of things that we do. We recently launched this tool for secret sharing.
Vlad Matsiiako:Right? So even though developers use secrets management as part of their organization, sometimes you just need to share a secret, for example, on Slack. And it's not it's not just an infrastructure secret, but it could actually be a any any sensitive data, that you that you need to send to you to your colleagues or maybe outside of your organizations to consultants or contractors to your customers. Yeah. So what you can do is we have this tool, it's called share.inphysical.com.
Vlad Matsiiako:Mhmm. And you can put in any sensitive data there, and you can generate this end to end encrypted link, and you can, you know Oh,
Jack Bridger:that's cool.
Vlad Matsiiako:You can make it work, so, you know, it's only viewable once, and then you can send it to anyone else without actually worrying for it to be exposed to the Internet.
Jack Bridger:Yeah. That's that's super cool. I think, like, I was using, like, my password managers to send this sort of thing, but it makes a lot more sense to do it projects wide. It always felt like a kind of a hack to be using.
Vlad Matsiiako:Yeah. So we and and but that also allows, you know, lots of other stakeholders within the organization to find out about in physical. Because when we work with organizations who are, for example, like 20,000 employees, obviously, not not everyone is gonna know about Infysmal. Yeah. But, you know, like these types of tools that we create, and, you you know, like, shared on physical.com is also available for free, so you don't need to create an account or anything like that.
Vlad Matsiiako:But it lets people, kinda, like, learn about in physical and and what we do.
Jack Bridger:Yeah. And I guess, like, you don't need to be a developer to use that as well.
Vlad Matsiiako:Oh, yeah. Yeah. Not not even. Yeah. Yeah.
Vlad Matsiiako:Yeah. You you can be anyone, a marketing specialist or anything.
Jack Bridger:Do you ever get, like, adopted by modern developers? It's kind of like a rogue question.
Vlad Matsiiako:Oh, no.
Jack Bridger:Product managers like we need.
Vlad Matsiiako:No. Not very product managers. Yeah. I mean, maybe in future, we we we have more products. Yeah.
Vlad Matsiiako:Right. Right now, we really are focusing on developers and infrastructure engineers and DevOps engineers and SRE engineers and security engineers. So everyone in the engineering space.
Jack Bridger:Yeah. Okay. Makes total sense.
Vlad Matsiiako:Yeah.
Jack Bridger:So apart from making it super easy to adopt and kind of word-of-mouth, what are you doing anything else to kind of, you know, fan the flames?
Vlad Matsiiako:To kinda, like, spread within the organization or to the organizations? Or
Jack Bridger:Just general grow adoption, whether that's
Vlad Matsiiako:Yeah. Yeah. For sure. We do a lot of marketing, a lot of, you know, different we are, like, always on Hacker News on on Reddit. We have our own blog.
Vlad Matsiiako:Yeah. You know, we publish lots of things there, and we have this I I think the other thing that we do well is to have this kinda like very strong community around the product, and and community is also something that you can't really control. Right? Oftentimes, it's kinda like very independent. Right?
Vlad Matsiiako:And it's just kinda like, you know, you don't even know it, and then people somewhere in France, they organize a meet up Really? About in physical reality, or like someone someone, like, speaks about it at a conference or or something like that. And and so it's, like, completely organic, but also because we are open to a lot of different people around the world, and we talk to them, and we have, you know, this this kind of like forum workspace for them for, for anyone to join, and people can ask questions or propose their feedback or anything. It kind of like creates this community aspect, where people use it for their personal projects, and they tell their friends, and they tell their colleagues, and, yeah.
Jack Bridger:What brings people together would you say? Because to me, I guess, like, it would be, like, secrets management is one of the ones where, like, I think you said it yourself as, like, it tends not to be, like it's not the driver of the project. You know, usually, it's, like, the sort of thing that you wanna make sure it doesn't go wrong Yeah. Of, like how how do you think, like, people what what do people, like, come together on in physical
Vlad Matsiiako:You mean the community or or customers or so?
Jack Bridger:Is it, like, the they they like that you're obsessed with security? They like that they are also open source contributors to it? Yep. They're the advocates within their organization. Like, what because I guess, like, whenever there's a community, I always feel like people kind of identify with it in some way, and it becomes part of their Yeah.
Jack Bridger:Personality as a developer.
Vlad Matsiiako:Yeah. I think they like what we do in in a way that, you know, I think we really target a lot of security conscious developers. And I think on every team, especially kind of like on the early stage teams. Right? There is always this developer who is more security conscious, and it's kinda, like, always talking about, you know, different new tools that they should adopt or different practices or different processes that they should follow.
Vlad Matsiiako:And so I think a lot of these developers like what we actually do and and kinda like our approach to security. Right? Because another thing that we do is that because so secret management is is important or, you know, especially if you are, you know, a high risk organization, like like, you're in banking or health care or or something like that. It's very important, and and you really think about it. But the thing that also made Infysco call, I think, successful, is that, first of all, you can use you know, there are other secret management tools and and you can use it, but if it's too complex or if it's not obvious for your developers how to use it, then it will not stick really.
Vlad Matsiiako:And then what happens is you adopt it for your organization, but it's sometimes so so complicated as if it's almost kind of, like, actively hostile to developers. Mhmm. And so what happens is that you think that your developers are using it, but developers actually find ways around it. And so Yeah. What's happening is even worse.
Vlad Matsiiako:Right? Because then you get Full
Jack Bridger:sense of
Vlad Matsiiako:you you think that everything is going well, but actually, it's not until, you know, something terrible happen happens and you have a security breach or something like that.
Jack Bridger:No pasting around in Slack.
Vlad Matsiiako:Yeah. No. But it you know, even at large, you know, organizations like Mercedes Benz and AstraZeneca. Right? Like, they are using different security management solutions, but because they're so kinda like arcane and and so complicated, it's impossible to actually get developer adoption across the organization.
Vlad Matsiiako:It's it's a very complex issue that we all also work, kind of like very closely with organizations, on. And, yeah, it's just very important because you can have the most secure tool, but if it's not easy enough, developers are not gonna use it.
Jack Bridger:That makes total sense. Yeah. I I can imagine, like, it actually fitting really well into, like, all this, like, organizational change stuff where, like, you know, how fast can someone get set up and actually, like, push to production if it seems to fit within that? And when you were talking, I was thinking of that. You know that book that's, like, can't remember the Unicorn Phoenix Project or whatever where it's, like, takes someone, like, 5 weeks to actually get permission for everything.
Jack Bridger:Yeah. Yeah. Yeah. Interesting. Yeah.
Jack Bridger:That's super cool. And, oh, one of the things that we were talking about just off camera was you were I was saying, you know, what what stage you're at? What what are things like? And you were talking about these, like, mini games. Yeah.
Jack Bridger:Could you
Vlad Matsiiako:share a little bit about that? So it's actually not my concept. Right? So when
Jack Bridger:we were
Vlad Matsiiako:at Y Combinator, we would talk to Dalton Coble, who is one of the maybe earliest group partners at or at at at Y Combinator, and one of the concepts that he has is a set it's kinda like startups, is a series of mini games. Right? And from the stage where you're, you know, 2 people startup in a garage to the stage where you are NVIDIA, right, or like this ginormous public company, really, you know, there is maybe, like, 15 different levels that you need to advance. But the interesting part is that kinda like as you advance doing your mitigate, right, as you go from, like, a 2 people start up to just, you know, starting to get your first employees to when you're, like, 15 people, and you also have, like, not just engineers, maybe, but, like, you go in different directions, and you have sales and marketing, and then you need to scale these, and then you do, like, multi products, and then new IPO, and all of these. Right?
Vlad Matsiiako:And so the thing is, you know, like these stages, they kind of, like, last a certain period of time, and you need to kind of, like, deserve to go to the next stage. But sometimes you also switch these levels too fast. Right? Because, you know, some startups, they they grow very fast, and so what happens is you kind of like don't realize that you're at a new at a new mini game. Yeah.
Vlad Matsiiako:And, yeah, it's just very important to realize that kinda like as you go to a new mini game, the rules will change for for how you actually do. Right? When you are a 2 people start up, you really care about kind of like very early stage product development. Right? And, you know, it it it might need to change because it it at some point, you have a product, a very good product base.
Vlad Matsiiako:Yeah. And then you kinda like advance more on that, and you you define your ideal customer profile, and and you kinda, like, really realize who you're building it for. Right? And and so, I mean, it was you can probably talk about it for hours about different stages, but it it's just this very interesting concept of how how the rules change. Yeah.
Vlad Matsiiako:And kinda like every sometimes every couple of months, you need to kinda, like, change what you're doing and kinda, like, look back and realize, oh, we're actually at a different stage now, and we need to be doing different things.
Jack Bridger:Yeah. So have you got any examples of, like, rules that have changed for you recently?
Vlad Matsiiako:Yeah. I I guess one of the examples that we're talking about is is for a long time, we had, you know, a very very lean team. Right? It it was pretty much just founders, and and we were kinda like keeping it very lean, and we were kinda like building out this this product base. Right now, what's different is that we actually are, you know, actively hiring.
Vlad Matsiiako:We constantly kinda like need to remind ourselves that we need to think about how to grow in physical, because there is just too many things, and too many customers, and too many projects that we want to work on, and we kind of don't get to have enough people to actually go into these directions that we would love to pursue. And and so it's different. Right? And it also works different with sales because, you you know, kind of like when you started doing sales yourself, and it's kinda like early stage sales, especially in developer tooling. It's a lot about trying to figure out what developers need, and kinda like building the product with them, very closely, and and kinda like trying to build the best product possible for for what different people need.
Vlad Matsiiako:But as you advance, right, the sales is different, and you already have this base product. Right? And and it's more about starts being more about different recommendations that you provide to people. Right? You start working with these larger and larger enterprises, and it's much more about, hey, like, I think for this scenario or, like, for your type of infrastructure, you should go this route Yeah.
Vlad Matsiiako:Or you should go that route. Right? And so it's it's more about that and and kind of like yeah. It just changes. Right?
Vlad Matsiiako:And then you get your sales team, and then you start doing marketing differently and product development differently. Also, like with product development, it's maybe one of the biggest examples because, you know, when you are small and you don't have any customers yet, or maybe you have very few customers, you need to explore all the different directions that you could go at, right, and start building lots of different functionality. When you have, you know, 100 or thousands of customers, you really need to make sure that the things that you release that, you know, they're reliable. Yeah. And and and yeah.
Vlad Matsiiako:Because lots of people will see them immediately, as you release them, and, it definitely is the case for us as well because, you know, we started with just secrets management. Right now, we do more different things like secret scanning and secret sharing, and so another new thing that we launched is certificate management. Yeah. And then basically all the certificate, life cycle around, infrastructure, and it's it's it's very interesting. Right?
Vlad Matsiiako:Because it's very different from just launching secrets management from the store because now we have all the user base that already knows what Enfyscal is, and they tend to adopt things much quicker. And and, yeah, it's kinda like a very different challenge in a way.
Jack Bridger:Yeah. And certificates is more complex, I feel like.
Vlad Matsiiako:Even even certificate management? Oh, yeah. It's more complex. Right? Yeah.
Vlad Matsiiako:It it's definitely more complex. Yeah. Yeah. It's kind of for a very specific type of organization. Yeah.
Jack Bridger:Yeah. Yeah. One you mentioned, kinda hiring. And on another podcast interview that you did on Code Story, you said something that I thought was quite interesting. You said that you wanted to hire people that really wanted to work on in physical or I can't remember your exact wording, but it was, like, passionate about physical.
Vlad Matsiiako:Yeah. I I think we always do that. Alright? It's kinda like I think we have a very like, an incredibly strong team. And so, you know, folks are interested in analytics and technology.
Vlad Matsiiako:We have in physical.com/careers, so you can please submit your application. Yeah. We are actively hiring for a lot of different positions. And, yeah, but we we really look for, kinda like folks that are passionate about security and and developer tooling and infrastructure tooling, and, you know, some of people that we hire there there, for example, are open source contributors.
Jack Bridger:Interesting. Yeah.
Vlad Matsiiako:Yeah. And, yeah, and and some of them, for example, use it used in physical before for their personal projects or in in some other organizations, And, they must make the best hires. They really understand what a physical is. Yeah. And and so they're really excited because they maybe some of them brought it to, you know, their previous organization or something like that.
Vlad Matsiiako:Yeah. And then they're really excited about what what we do it in physical.
Jack Bridger:Wow. So it's another perk of open source.
Vlad Matsiiako:Yeah. Yeah. Yeah. For for sure. Because it's so open, and and, yeah, it's like this openness is is something that we really embrace.
Vlad Matsiiako:Right? We kinda, like, have a public handbook with, you know, like, all the different things that we do at our company, that people can read before they get into a musical. And, so GitLab's been
Jack Bridger:a big inspo for you guys.
Vlad Matsiiako:Yeah. Yeah. For for sure. Yeah. Yeah.
Vlad Matsiiako:I mean, they're also a Y Combinator company, and we talked to Sid in in the very early days. Yeah.
Jack Bridger:Yeah. Yeah. Amazing. Amazing. Okay.
Jack Bridger:I think we're probably coming up to a oh, definitely over time. Mhmm. Thank you so much, Vlad.
Vlad Matsiiako:Thank you. It was it was a pleasure. Yeah.
Jack Bridger:Is there anything that you wanted to share?
Vlad Matsiiako:Apply at atphysical.com/career. That's amazing message. Yeah. Yeah. And, you know, if you need help with securing your secrets, then physical Life of the Right Soul Breathe checkout.
Jack Bridger:Yes. I definitely think so. Yeah. Thank you so much, Vlad.
Vlad Matsiiako:-Thank you for waiting. -Thank you
Jack Bridger:for listening. Thank you. Awesome.
Listen to Scaling DevTools using one of many popular podcasting apps or directories.
