Guy Guzner first computer when he was 5, which was a Commodore 64, where he learned to program in BASIC. As a teed, get started getting into the internet, back with dialup and a modem. He startec hacking into places where he shouldn't be, and eventually got into trouble - but now, he has flipped that for good and works to protect systems now. Outside of tech, he plays tennis, and likes to ski. He also plays guitar, jamming Led Zeppling and 80's / 90's rock.After selling his past company to Symantec, he stayed on to help existing and future companies. What he realized was that people were still mis-using their identities. He observed this behavior, and decided to take identity to the next level.This is the creation story of Savvy Security.SponsorsP0 SecuritySpeakeasyQA WolfSnapTradeLinkshttps://www.savvy.security/https://www.linkedin.com/in/guyguzner/Our Sponsors:* Check out Vanta and use my code CODESTORY for a great deal: https://www.vanta.comSupport this podcast at — https://redcircle.com/code-story/donationsAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy
This episode is sponsored by PZero Security. Cloud governance is a problem facing many organizations. With PZero's universal access governance platform, your security team can identify access risks and automate the user access lifecycle, all without interrupting developer productivity or disrupting production operations.
Visit pzero.dev to learn more and secure access for all identities, human and machine.
One of the things that we didn't pay enough attention was the user experience. We said, we need to deploy this browser extension. We needed to authenticate the extension and that created kind of a pop-up that asked the users for credentials and customers told us, there's no way I'm going to deploy something and that's going to pop up for 30,000 users. You need to go back and fix this.
And then we realized that we were naive in our assumption of how we do the deployment, but that also gives us the opportunity to innovate and come up with another feature that I'm really proud of. My name is Guy Guzner, and I'm a CEO and co-founder at Savvy Security.
This is CodeStory. A podcast bringing you interviews with tech visionaries. Who share what it takes to change an industry. Who built the teams that have their back. Keeping scalability top of mind. All that infrastructure was a pain. Yes, we've been fighting it as we grow. Total waste of time. The stories you don't read in the headlines. It's not an easy thing to achieve, Mike.
Took off the shelf and dusted it off and tried it again. To ride the ups and downs of the startup life. You need to really want it. It's not just about technology. All this and more on CodeStory. I'm your host, Noah Laphart. And today, how Guy Kuzner is giving you a way to discover and remediate your SaaS identity risk automatically. This episode is sponsored by Speakeasy.
Grow your API user adoption and improve engineering velocity with friction-free integration experiences. With Speakeasy's platform, you can now automatically generate SDKs in 10 languages and Terraform providers in minutes. Visit speakeasy.com slash codestory and generate your first SDK for free. This message is sponsored by QA Wolf.
QA Wolf gets engineering teams to 80% automated end-to-end test coverage and helps them ship five times faster by reducing QA cycles from hours to minutes. With over 100 five-star reviews on G2 and customer testimonials from SalesLoft, Rata, and Autotrader, you're in good hands. Join the Wolfpack at QAwolf.com.
Guy Guzner got his first computer when he was five, a Commodore 64, where he learned to program in BASIC. As a teen, he started getting into the internet, back with dial-up and a modem. He hacked into places where he shouldn't be and eventually got into trouble. But now, he has flipped those skills for good and works to protect systems. Outside of tech, he plays tennis and likes to ski.
He also plays guitar, jamming Led Zeppelin and 80s and 90s rock. After selling his past company to Symantec, he stayed on with the corporation to help existing and future companies. What he realized was that people were still misusing their identities. He observed this behavior and decided to take identity to the next level. This is the creation story of Savvy Security.
Savvy Security is a SaaS security company focusing on identity. And it's based on the premise that if we think about modern IT, the cloud, then identity is sometimes... That's the gateway to access applications and data because there's no longer... a perimeter out there.
And what Savvy does, it helps customers find all of their different SaaS identities and then find the gaps where people are misusing identities, weak or compromised credentials, reusing passwords, not using MFA or single sign-on correctly. And then once we expose all those things we call toxic combination, then it's about how We help customers remediate that through automation.
I've spent my entire career in cybersecurity, so there's a progression here. And later I started working at Check Point. And then 10 years ago, I realized that the threat landscape is evolving and attackers are targeting applications.
And this is when I started the company in the domain of web isolation called FireGlass, which was protecting the most common used application, which is a web browser. We ended up selling that company to Symantec. And I stayed two years in Symantec building that business, traveling everywhere, meeting with customers.
And one thing that I realized is that even if we were isolating people and the technology was great, it was never breached, we still didn't prevent breaches entirely from happening because people were still misusing their identities. Savvy was about taking this to the next level and moving from the network to the application, to the user level and to the identities.
Tell me about the MVP. So that first version of Savvy Security. Tell me about, you know, how long it took you to build and what sort of tools you were using to bring it to life.
We actually took our time building our MVP. I think that one of the lessons that we learned when you build enterprise software, you don't get that many chances with customers, so you need to be more ready. And we've taken the time to consider different architectures. We went and we visited 10 companies and saw what was the latest and greatest developments.
And it was a big change because in Fireglass, when I started it in 2014, the cloud, it was there. AWS and Microsoft started with Azure, but actually really developing Cloud Native applications wasn't that easy. We started trying to use containers and dockers and ran into a lot of issues. And 10 years later, it's completely different. The ecosystem has matured.
We were able to make going to Cloud Native right from the beginning, have a microservices architecture, build our backend on top of Golang, use GraphQL for management, implement a CI-CD pipeline. I think that in every point we needed to make a technology decision, there were new solutions out there that have evolved just in the last few years. And it's just amazing.
So overall, it took us a little bit over a year to to get to an MVP, but the architecture that we've built, we've built it for scale and resilience, and we hardly had to change that architecture since that first release.
This episode is sponsored by Speakeasy. Whether you're growing the user adoption of your public API or streamlining internal development, SDKs can turn the chore of API integration into effortless implementation. Unburden your API users from guessing their way around your API while keeping your team focused on your product.
Shorten the time to live integration and provide a delightful experience for your customers. With Speakeasy's platform, you can now automatically generate up-to-date, robust, idiomatic SDKs in 10 languages and Terraform providers in just a matter of minutes. SDKs are feature-rich with type safety, auto-retries, and pagination.
Everything you need to give your API the developer experience it deserves. Deliver a premium API experience without the premium price tag. Visit speakeasy.com slash codestory to get started and generate your first SDK for free. This message is sponsored by SnapTrade. Link end-user brokerage accounts and build world-class investing experiences with SnapTrade's unified brokerage API.
With over $12 billion in connected assets and over 300,000 connected accounts, SnapTrade's API quality and developer experience are second to none. SnapTrade is SOC 2 certified and uses industry-leading security practices. Developers can use the company's official client SDKs to build investing experiences in minutes without the limitations of traditional aggregators.
Get started for free today by visiting snaptrade.com slash codestory. So then you've got your MVP, you're ready to, you know, to grow it, to deploy it to the world. How have you matured and progressed the product from there? And I think to wrap that in a box a little bit, what I'm looking for is how do you build your roadmap?
How do you go about deciding that, okay, this is the next most important thing to build or to address with Savvy Security?
That's a good question because it's hard. I think it's a combination of talking with customers and understanding their pain points, but that doesn't give you everything. Because customers will not necessarily tell you about... what to build or if there's a new way to solve something that they will be looking mostly for kind of the same solutions.
So it's looking at what customers are dealing with. It's looking at what is developing in terms of technology in the market. the whole ai transition and transformation and a lot of it in the end it's just based on years of experience of building products of understanding trends in cyber security and taking some guesses or gambles and then the thing is to
to have some experiments with the product, create some prototype, create some specific features, run them by customers, collect the feedback, have those short loops of deployment and then see what works and take it from there.
Now, I'm curious about team, right? Team is important to get something done as fantastic as savvy security, something built and something done. So tell me about how you built that team and what you look for in those people to indicate that they're the winning horses to join you.
First, I was fortunate enough to start Savvy with a team of three other co-founders that in the end, they are the ones that are doing all the heavy lifting. And these are people that I worked with together, some of them going back. three companies together more than 20 years.
So it's a lot about knowing who is in the team and their personalities, their strength, their weaknesses, and also a lot of the other people who joined after the company are people who worked in previous companies. So in that sense, we did an experiment. We knew who we were getting.
But I think that one thing that we learned is when we're building a team is never to be blinded by talent and never compromise fit to the team and personality. No matter how much talent an employee is, if they're toxic to the team and the organization, it's just not worth it.
And you can get people that maybe don't have enough experience and you can teach them things if they have the right attitude. And that's what's important.
This message is sponsored by QA Wolf. If slow QA processes bottleneck your software engineering team and you're releasing slower because of it, you need a solution. You need QA Wolf. QA Wolf gets engineering teams to 80% automated end-to-end test coverage and helps them ship five times faster by reducing QA cycles from hours to minutes.
With over 100 five-star reviews on G2 and customer testimonials from SalesLoft, Drada, Autotrader, and many more, you're in good hands. Ready to ship faster with fewer bugs? Join the Wolfpack at QAwolf.com to see if they can help you squash the QA bottleneck. This message is sponsored by SnapTrade.
Link end-user brokerage accounts and build world-class investing experiences with SnapTrade's unified brokerage API. With over $12 billion in connected assets and over 300,000 connected accounts, SnapTrade's API quality and developer experience are second to none. SnapTrade is SOC 2 certified and uses industry-leading security practices.
Developers can use the company's official client SDKs to build investing experiences in minutes without the limitations of traditional aggregators. Get started for free today by visiting snaptrade.com slash codestory. You've kind of already answered this, but I'm going to ask it in a more open-ended way. And maybe you could describe the approach a little bit, but I'm curious around scalability.
You built this to scale from day one, but how did you go about doing that? And even in that, were there interesting pinch points where you had to fight it as you grew?
Scalability was one of our goals. Major pain points in the previous company, I mentioned that we were doing browser isolation and we were running a browser instance, a Chrome instance in the cloud, and that wasn't very scalable. One of the biggest problems that we had in that company was the unit economy.
when we started this company we really wanted to be scalable right from the beginning because we understand that some decisions that you make early on are very hard to change later so one of the things for example that we did is we created a distributed model where we have our cloud service and we also have but also a component that runs as a browser extension built this in
in a way that we can do a lot of the processing and the CPU intensive activities using compute resources that are running on the browser extension that is on a customer machine so we don't need to run them in our cloud. That has been very effective because we were able to add tens and hundreds of thousands of users to our environment and you hardly see an impact.
Another decision was also based on that, is that we don't want to be in the data path. Because that was also a thing that we did in Fireglass. And once you go in public cloud and you need to pay for inbound bandwidth and everything, AWS, that becomes really expensive.
So we've built this in a way that we just need to be in the control path of the traffic, just capture metadata, but then transactions and sessions don't really need to go through our product.
Given everything you've told me, I'm curious, as you step out of the balcony and you look across all that you've built with Savvy Security in particular, what are you most proud of?
I'm really proud of the architecture that we've built, taking the best practices from several sources. And then there's a lot of unique IP in our product. One of the things that I'm really excited about is what we call zero touch integration.
And that's a patent pending technology where we're able to integrate with SaaS applications without the administrator having to create and maintain that integration themselves.
What we're doing is we're using our browser extension footprint to become not just passive in collecting data, but also active in generating requests into the application backend, reusing the trust that is already created by a user going to that environment.
And then it enables us to collect data about all the other identities that are being used in that application, the posture of that application, and whether there are any gaps there.
Let's flip the script a little bit. Tell me about a mistake you made and how you and your team responded to it.
One mistake that we've done and that there was a big price to pay for it is underestimating the complexity of deployment within an enterprise environment. One of the things that we didn't pay enough attention was the user experience. We said, we need to deploy this browser extension. We needed to authenticate the extension, and that created kind of a pop-up that asked the users for credentials.
And customers told us, there's no way I'm going to deploy something and that's going to pop up for 30,000 users. You need to go back and fix this. And then we realized that we were naive in our assumptions.
of how we do the deployment, but that also gives us the opportunity to innovate and come up with another feature that I'm really proud of and for something we call Pathfinder that allows us to learn the identity automatically from signals that we're watching as someone deploys the product. So we don't need to authenticate it immediately.
And once we collect enough data, then we can do this authentication silently in the background And once we implement it to come back to those customers and do deployments over tens of thousands of users within a day with really no impact or no complaints or no entry calls to the help desk.
So this will be really interesting to hear. Tell me about what the future looks like for Savvy Security, the product and for your team.
I think that we're in a stage where we came up with the product last year. We went out of stills last July, and so we've built a customer base with a few enterprise deployments. And the future for us is now creating a go-to-market motion.
One of the things that I've spent the majority of my time in the last few months was building a go-to-market sales team, moving from doing everything by founders, doing a founder-led sales motion, and now getting...
more people train them to tell the story train them to demo the product train them to go and scale the company and i think that the future now when i think about the rest of the year next year is how we scale the company to tens or even hundreds of customers because we think there's a really unique offering here that brings a lot of value and now it's let's get this to everyone
Let's switch to you, Guy. Who influences the way that you work? Name a person or many persons or something you look up to and why.
I think that the people who influenced me the most were my managers in different places. If it was the VP engineering who gave me the in the startup 20 years ago that gave me my first job. position over there. And he was a great technologist and I learned a lot from him. And then later, when I worked at Checkpoint, I spent there 13 years starting as a developer.
And this is where I had been fortunate to have great managers that were very hands-on, very technical, but also able to manage large-scale development efforts.
of hundreds and thousands and the ability to both have the focus for details but also not losing sight from the big picture so i think the 13 years they're working under the red door was the vp products gonda was my direct manager you know i i learned so much from them
We talked about a mistake earlier, but this is a little different spin. If you could go back to the beginning, what would you do different? Where would you consider taking a different approach? And not to be a mistake, could have been something that even worked well, but maybe you tweak it a little bit.
When you look back in retrospect, you can always say you could have done things better. I think that one of the things is taking more time with go-to-market and really thinking through enterprise-grade deployment. Like I told you the story, we went to customers and we had to come back to the drawing board. So spending more time there.
And I think the other thing, and that's a constant battle every day, is being more focused. And that's really hard because you start something, and you have some idea, and then you test it with the market, and you talk with people, and you hear different ideas in different directions. And it can go in many directions.
And I think that in the beginning, we tried to win every customer's and started developing in parallel a lot of different features. And what we realized in the end is that we need to choose just a few things and do them really well.
We realized that and we did that, but I think going back, I would do this just from the beginning and just say some things are off the table and we're never going to touch them.
Guy, last question. So you're getting on a plane and you're sitting next to a young entrepreneur who's built the next big thing. They're jazzed about it and they can't wait to show it off to the world and can't wait to show it off to you right there on the plane. What advice do you give that person having gone down this road a bit?
First, relax. Being an entrepreneur is hard. There's a lot of pressure, a lot of expectations that you need to manage, but you need to be able also to enjoy that journey. And it's a roller coaster. And it still is for me. And one day you hear something great and the next day something bad happens, but you never know.
So just relax, enjoy the ride, have the composure and the resilience to take the different turns. And the other thing is that having the idea or building something, that's only part of the journey. And I do have these conversations. I'm doing some investments and I'm working with some entrepreneurs. There's a lot of hard work in getting something out there.
It's not just enough that you've built something great. You need to invest in how to make it accessible, how to get that to the market, how to make your customers happy. And... It's really hard to do this alone. So you have to have some partners to share that load with you.
And that's the most important thing, because choosing the right partners could have a material impact or choosing the wrong partners could just end the company. Choose good partners. Take time for doing this. Don't rush it.
Couldn't agree more. That's fantastic advice. Well, Guy, thank you for being on the show today. Thank you for telling the creation story of Savvy Security.
Thank you very much for having me here.
And this concludes another chapter of CodeStory. Code Story is hosted and produced by Noah Laphart. Be sure to subscribe on Apple Podcasts, Spotify, or the podcasting app of your choice. And when you get a chance, leave us a review. Both things help us out tremendously. And thanks again for listening.