Cybersecurity needs fixing. Over the past two years, criminals have leveraged the Covid-19 chaos to up the number of hacks, assault healthcare services, decimate national infrastructures and become the cause of growing tension between global superpowers. For businesses to have a shot at avoiding paying digital blackmailers, they need to take a long, hard look at their approach to their digital defences. This is the moment cybersecurity unicorn Snyk has been waiting for.
“It provided a significant bump in the market interest for our solutions,” Guy Podjarny, founder and president of Snyk, tells Verdict.
Cybercrooks taking advantage of the pandemic has raised businesses’ awareness about the importance of cybersecurity. Podjarny believes that this growing awareness will encourage companies to stop seeing cybersecurity as something you glue on at the end of a development cycle. Instead, the Snyk founder believes developers should include cybertech in their development from Day One.
Snyk is seen as one of the pioneers of this so-called DevSecOps approach. As the name suggests, DevSecOps is similar to DevOps where developers work closely with the IT operations teams to provide a constantly improving service. With DevSecOps, security is thrown into the mix, meaning it’s not an ad hoc feature but a central focus for the company.
The Snyk founder argues that this approach empowers businesses to plug holes in their digital defences faster than before. He’s not alone in thinking that.
For comparison, companies using dynamic analysis to fix vulnerabilities on average take 174 days to do so in production whereas DevSecOps-enabled companies do it in just 92 days, as highlighted in recent research from GlobalData.
Snyk was founded to enable companies to adopt a DevSecOps approach. Today the cloud-native application security startup provides tools for developers to just that end. Promoting this approach has enabled Snyk to raise $752m in total in venture funding since its launch in 2015.
It has offices in Boston, Tel Aviv, London, Ottawa and Zürich. To date the company has north of 1,000 customers. Understandably, there’s even rumours about an upcoming initial public offering (IPO).
Becoming the founder of Snyk
In short, Podjarny has come a long way since he founded Snyk with CTO Assaf Hefetz and angel investor Danny Grander. However, the idea behind the startup is one that’s been a long time coming.
Podjarny first cut his teeth in the realm of cybersecurity during his military service when he served at the famous Israeli unit 8200. The military branch is comprised of young draftees between the ages of 16 and 18. The unit has nurtured the talent behind some of the most well-known cybersecurity companies out there. 8200 alumni include the founders behind data privacy startup Mine, multinational Palo Alto Networks and the controversial surveillance firm NSO Group.
To Podjarny, it’s unsurprising that 8200 alumna have gone on to found such big startups. He argues that the unit puts talented young people together in a way “similar to Ivy League universities” and then instils in them an “everything is possible” mentality.
“It really instils this strong assessment of the broad possibilities of technology and the problems that can be solved, especially in the security space,” the Snyk founder says. “So you come out of it, feeling [as if] everything is possible and knowing a whole bunch of other people who believe the same, which is a great way to build a disruptive company.”
Ending his stint with 8200 in 2001, he spent the next decade working in a string of application security roles, including for heavy hitters like IBM.
In June 2010, he became the founder and CTO of Blaze.io, the web front end performance startup that was acquired by Akamai Technologies in 2012. Following the acquisition, Podjarny served as the global VP and CTO for Akamai’s web performance business.
During this time, he had been intimately aware of the need for speed when it came to cybersecurity.
“The maths was [that if] you find a bug early, it’s 100 times cheaper to fix it,” Podjarny says.
But the game-changer came when DevOps became part of normal developer parlance.
“This was like a revolution in how we think about tooling and autonomy,” the founder remembers.
However, the new DevOps paradigm meant that the old modus operandi of security development had become clunky and slow. In Podjarny’s mind, something had to change and change quickly.
“My kind of lightbulb moment, if you will, was that we need to get developers to embrace security [and] the way to do that is to build a developer tooling company, not a security company,” he recalls.
“That small phrase really set the stage for what Snyk is, which is we aim to build a solution that feels natural, that works like the best tools that a developer loves to have around them, and that delivers security functionality that helps you identify and fix security problems as you build the app.”
Of course, Snyk isn’t alone in having adopted a DevSecOps approach. Other players in the field include Synopsys, Aqua Security and Sumo Logic.
Armed with the idea, Podjarny and his two co-founders set out to develop the company. However, they would soon make their first big mistake.
While the initial product successfully captured developers’ attention, it proved a poor product for security teams.
“We learned that while developers love depth, security have a need for breadth,” the Snyk founder remembers. “If I tackle a security risk for 50% of your apps, you need to buy another solution to tackle the other 50% of your apps.”
Recognising their mistake, the founders expanded the breadth of Snyk’s solution to satisfy security teams’ needs as well.
“The combination helped propel us upwards,” he says.
Still, even today the team goes depth first before looking for breadth.
“We don’t ship crap,” Podjarny says. “We don’t ship shallow products. We ship deep products, but we start with a narrow product. So we provide a narrow slice of functionality or to a specific narrow audience, providing a great experience for the developers there. And then we ship that as an add-on to the product and expand it until it’s big enough to stand on its own two feet.”
This lesson propelled the company’s growth and, alongside it, the growth of its staff. Having started out with 10 employees at the end of the first year, that figure had ballooned to 450 people by the end of the fifth year.
“We’re now in the sixth year and we’re already over 700 people,” Podjarny says. “So the pace has really kind of exploded [once we found] that product market fit for both developers and security.”
How about that IPO?
The year has arguably started off well for Snyk. Not only did it raise a $300m Series E round in March, but rumour has it that the cybersecurity unicorn may be gearing up for a public debut. It’s easy to see why people may have that impression.
For starters, Accel and Tiger Global co-led the round. Both venture capitalist firms and several of the other Snyk investors have form when it comes to late-stage investments. The $4.7bn valuation also added to the notion that an IPO may be incoming as does Podjarny’s joking about how bringing in Peter McKey (pictured right) as CEO in 2019 means that “getting to IPO is now Peter’s problem.”
However, when asked about it, Podjarny won’t provide a timeline for when an IPO might happen.
“What we’re building in Snyk as a long term, sustainable company and such a company will become public at some point,” he says. “At the same time, right now, there is no urgency for us to go public. We are getting great investors and have all the access to funding that needs to it.
“Going public is definitely in our future and we are investing in operating like a public company internally. So ensuring that our internal processes and mindset are building those muscles. And when the time is right, we will actually pull the trigger.”
Similarly, he won’t provide any hints about whether or not there will be another funding round before Snyk files for an IPO, only giving the regular tech entrepreneur spiel in that Snyk’s “fundraising opportunities are constant” and that it will raise more money if there’s a need to give the company’s growth a power boost.
“We’ll pull the trigger when we think the time is right,” he says.
Admitting that the startup isn’t profitable yet, he also neglects to provide a timeline for when it might become so, instead saying that Snyk reinvests all profits into the company to ensure it can continue to scale.
To that end, Snyk is currently investing in getting boots on the ground in Singapore, Australia and Japan, with Podjarny saying there’s “north of 20 people now” and that this figure will grow “to be about 40 by year end.”