Sanjay Nagaraj started his journey in India, where he was born and raised. He earliest influences started at home, as his father taught him honesty and integrity and his mother heavily influenced his growth as an individual. Though he spends most of his time in tech, anytime outside of work is dedicated to time with family, where he gets to see the world through his wife and kids - along with fueling his passion for singing and following his favorite sports team.For Sanjay, one thing that was clear to him was that application builders exposing APIs, you are responsible for making sure those API's are secure. Prior to his current venture, he and his co-founder built AppDynamics, and they saw the growth of API's first hand. As such, businesses were looking for products to help understand API's and protect them - in real time.This is the creation story of Traceable.SponsorsPermitCacheFlyClearQueryKiteworksLinkshttps://traceable.ai/https://www.linkedin.com/in/sanjaynagaraj/Our Sponsors:* Check out Vanta and use my code CODESTORY for a great deal: https://www.vanta.comSupport this podcast at — https://redcircle.com/code-story/donationsAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy
So I've been working on my authorization service, and it's totally sweet. It's only taken me six months to build it. Just six months. I started implementing some basic RBAC library, but that wasn't enough, obviously. So I designed relationship-based, fine-grained authorization for the highest security possible.
And then, to make it super fast, I used a GPU tower, running in my mom's basement, of course, connected via optic cable to a bare metal server at my local esports lounge. Permissions, restrictions, and admin. Nailed it.
Wait, wait, wait, wait, wait. Whatever you did sounds cool, but there's also another option. Oh, really? Yeah, with Permit.io. Permit is the full-stack authorization platform created so you never have to build permissions again. Build and manage permissions for any application with policy as code, APIs, developer-friendly SDKs, and user-facing UI.
Permit is an end-to-end authorization platform built on top of open source policy engines. It's high performing, gets decisions in less than 10 milliseconds, and uses a hybrid approach where config is in the cloud, but data and decisions are made locally. Not only is it intuitive, it lets you implement fully functional authorization in five minutes, not six months, and in the code base you prefer.
Check out the link in the show notes or go to permit.io to learn more. That's P-E-R-M-I-T dot I-O. Sign up for permit and stop rebuilding off.
One thing that we at Traceable look at is more in the terms of what we like to call it as the minimum sellable product rather than something as a viable product. The reason why we look at that is at the end of the day, when you're building a business, you're looking to sell that product to customers so that they're actually paying money for it because they're deriving value from it.
Viable doesn't always mean it's fully sellable as well. Is this a product that's going to be a better mousetrap, as in an upgrade to something that exists, or is it a brand new market? My name is Sanjay Nagaraj, co-founder and CTO of Traceable.
This is CodeStory. A podcast bringing you interviews with tech visionaries. Who share what it takes to change an industry.
Who built the teams that have their back.
Keeping scalability top of mind. All that infrastructure was a pain. Yes, we've been fighting it as a group. Total waste of time. The stories you don't read in the headlines.
It's not an easy thing to achieve.
Took it off the shelf and dusted it off and tried it again. To ride the ups and downs of the startup life.
You need to really want it.
It's not just about technology. All this and more on CodeStory. I'm your host, Noah Lab Park. And today, Hasanji Negarov built one platform to secure every API through contextual security and the traceable advantage. This episode is sponsored by KiteWorks. Legacy managed file transfer tools lack proper security, putting sensitive data at risk.
With KiteWorks MFT, companies can send automated or ad hoc files in a fully integrated, highly secure manner. The solution is FedRAMP moderate authorized by the Department of Defense and has been so since 2017. Step into the future of secure managed file transfer with KiteWorks. Visit KiteWorks.com to get started. This episode is sponsored by ClearQuery.
ClearQuery is the analytics for humans platform. With their full suite of features, you can go from data ingestion to automated insights seamlessly. With Ask ClearQuery, you can find valuable insights into your data using plain English. Don't miss the opportunity to simplify your data analytics with ClearQuery. Get started today at clearquery.io slash code story.
Sanjay Nagaraj started his journey in India, where he was born and raised. His earliest influences started at home, as his father taught him honesty and integrity, and his mother heavily influenced his growth as an individual.
Though he spends most of his time in tech, any time outside of work is dedicated to time with family, where he gets to see the world through his wife and kids, along with fueling his passion for singing and following his favorite sports team. For Sanjay, one thing that was clear to him was that application builders exposing APIs are responsible for making sure those APIs are secure.
Prior to his current venture, he and his co-founder built AppDynamics, and they saw the growth of APIs firsthand. As such, they also saw that businesses were looking for products to help them understand APIs and protect them in real time. This is the creation story of Traceable.
Traceable as a company is in the business of protecting APIs for businesses. If you look at businesses like Starbucks, it could be Disney, name it, many of these businesses that exist out there, most of their applications are built on APIs. That means that every single business today, if it is already not API driven, they are going to be in the next five years.
a lot of the transformation around apis are the ones which are leading what they say as a digital transformation that's been happening but most importantly when you think about what happened during the pandemic the lines outside starbucks that used to be there was replaced by the lines online in terms of everybody using mobile applications to order or the delivery pretty much used to happen as part of the lines outside right
So that means that a lot of the traffic started to move towards APIs, because if you have a mobile application or a web application, it's almost guaranteed that behind the scenes, they're all being served with APIs in the background.
so one thing that was clear for us was that as a business if you are using apis to build a customer base and serve the customers that means that you need to be protecting those customers as well in terms of the data they are trusting you with those apis but also you as a business you're responsible for making sure that
you're protecting against attacks on those APIs and you're protecting those APIs against abuse or fraud that can be committed as part of those APIs. That means that you're protecting the bottom line The way we got started was, prior to this, there was another company that me and my co-founder were part of building. My co-founder was the founder of AppDynamics, Jyoti Mansal.
We built that company, AppDynamics, as well, where we were in the business of application performance management. where we were helping businesses to make sure that the end user experience is maintained.
But one of the things that we were seeing was as this growth of APIs started to happen and picked up a lot more when we started the company in late 2018, was that these businesses were really looking for products that can not only help them understand these APIs, but also protect these APIs at runtime.
So we got started with this idea in mind that let's go not just go solve a niche problem of API security, but go solve the problem of understanding these APIs from the ground up. And then, of course, go and protect these APIs based on that understanding and the context that we build around those APIs.
Tell me about what you would consider the MVP. So that first version of the product you built, how long did it take to build and what sort of tools were you using to bring it to life?
One thing that we at Traceable look at is more in the terms of what we like to call it as a minimum sellable product rather than something as a viable product. The reason why we look at that is at the end of the day, when you're building a business, you're looking to sell that product to customers so that they're actually paying money for it because they're deriving value from it.
viable doesn't always mean it's fully sellable as well is this a product that's going to be a better mousetrap as in an upgrade to something that exists or is it a brand new market because if it's a if it's an existing product that means that the minimum sellable product typically looks at hey here are the table stake features that exist as part of the product and on top of that how do you go add differentiating functionality within that product that's one late one category of it
If you're creating a brand new product, something like what OpenAI came up with, then you're thinking about this as a totally green field in terms of where you can go and solve a brand new problem.
We had an interesting aspect where there were parallels in the application security world for us from building what could be looked at as a minimum sellable product, but also there was brand new where like API security as a market did not exist. So we drew from both places in terms of what is required for an existing. I'll give an example.
In the parallel side of it, Universe in the AppSec world and broader InfoSec world, there existed, always has existed, web application firewalls, which were built for protecting these legacy applications. So we drew some of the key features that are required to be in the API security product from that old world.
But we had to now go and say, on top of that, what is the differentiation that people need from a brand new market where they can go and say, this is the product that actually bridges that gap between legacy applications into your next generation of APIs. So we started to think about that in that terms and obviously approach that to build a V1.
with those key features that are needed from what would be from a runtime protection perspective, but key features that are needed from solving an API security as a new problem.
This episode is sponsored by CashFly. The web is a competitive place, and if your site delivers its content pixelated slow or not at all, well, then you lose. But that's where CashFly comes in. CashFly delivers rich media content up to 159% faster than other major CDNs.
Through ultra-low latency streaming, lightning-fast gaming, and optimized mobile content, the company offers a variety of benefits. For over 20 years, CashFly has held a track record for high-performing, ultra-reliable content delivery.
While competitors call themselves fast or use cute animal names, only CashFly holds the record of being the fastest and serves customers like Adobe, the NFL, or Roblox, where content is created by users and must be delivered in real time. For the first time ever, CodeStory listeners can get a 5TB CDN for free. Yep, you heard that right. Free. Learn more at cashfly.com slash codestory.
That's C-A-C-H-E-F-L-Y dot com slash codestory. This episode is sponsored by KiteWorks. Legacy managed file transfer tools are dated and lack the security that today's remote workforce demands. Companies that continue relying on outdated technology put their sensitive data at risk. And that's where Kiteworks comes in. Kiteworks MFT is absolutely the most secure MFT on the market today.
It has been FedRAMP moderate authorized by the Department of Defense since 2017. Through FedRAMP, Kiteworks' level of security compliance provides a fast route to CMMC compliance, saving customers time, effort, and money. Kiteworks MFT makes it easy for users to send automated or ad hoc files via fully integrated shared folders and emails.
Administrators can manage policies in a unified console and create custom integrations using their API. Did we mention it's secure? The level of security with KiteWorks solution is rare to find. Step into the future of secure managed file transfer with KiteWorks. Visit KiteWorks.com to get started. That's K-I-T-E-W-O-R-K-S dot com. So then you've got V1. Let's move forward then.
How did you progress the product from there and mature it? And I think to wrap that in a box a little bit, what I'm looking for is how you went about building your roadmap and what sort of criteria you were using to decide the next most important thing to build or to address with Traceable.
There is a concept that we use internally that comes out of actually one of the investors in the company, Unusual Ventures, is something which we look at it as a four lists as an approach. What I mean by that is typically when you go build anything as a roadmap, you're thinking about what are the sellers asking? What are the customers asking? What's the innovation that we want to build?
that exists. Anything that we do build out as a roadmap is always part of these four characteristics that way. The early versions of the product that we build is always vision and customer driven. It's not sales driven per se, right? And of course, the tech tech part of it would be less at that given point of time.
So everything in my head, I look at it as 18 month journeys that every product building and every customer focus company is going to go through, which is what we exactly did as well. The first 18 months was about vision building with those early design partners as part of the customers and vision part of it.
Then the next 18 months was a lot driven from a sales perspective and definitely existing customers. Then the next 18 months is a little bit focused around the tech tech aspect of it. And of course, the sales and customers will always be there. But one thing that we have done continuously is slot these into four lists as part of the list itself that we have.
But one key thing that we have always done is to make sure the vision is always at the top of everything that we do, because customers can take you in directions that your vision doesn't align with. or your sales folks can take you in a direction that the vision doesn't align.
Tech debt aspect of it is something that all engineers love to go and attack, make sure that it's always up to date and you're continuously addressing those. But the approach that we take is tech debt should be aligned with something that we're building against the vision or against what the sellers are asking or what the customers are asking, right?
Because otherwise you're solving tech debt for the sake of solving on the a feature that may not even be getting used or may not actually have an impact.
So I hear you saying we. Tell me about how you built your team and what do you look for in those people to indicate that they're the winning horses to join you?
One of the first things that me and my co-founder did on day zero of the company was to lay out what is the philosophy of the company itself and the values that we want to align by. One of the key philosophies that we have followed as we built the company was it's your company is the philosophy. Yes, we happen to start the company as founders of the company.
But beyond that, we are equal contributors compared to anybody coming in, whether they have minus two years of experience or 25 years of experience in the industry itself solving problems. It's their company that they are building now going forward, right? That philosophy actually has served us well, because when I say minus two, we had some early engineers who were in their
Second, third year of undergrad, for example, they came in as an intern working with us for three months, but they built some of the core pieces of functionality three years ago, which is actually the reason why the company exists today in terms of selling the product itself.
Some of the technology that we used, which was EBPF-based data collection and everything else, came from some of the contribution from some of these interns, as an example, who came in. They're now part of the team and as full-time employees. But why I'm saying that is it means that the philosophy helped us to bring in the right set of people.
Now, what are we looking for is someone who has that mindset to go build that company. with us because it's a journey. Startups are always about ups and downs. If you're just purely coming in to say, I'm only going to have those highs or I'm only going to be learning all the time, then you're not going to succeed as part of that startup building, right?
Someone should be with that mindset that what is that they want to build as a long-term company? What is that final customer success that they want to see? There are two things that mainly we look for anybody coming in. One is the grit, as in the passion that they have to go and build and the perseverance that they have to actually go make it happen.
Both of those things are very critical as part of the grit itself. The second component that we really look for and they grow into it in some cases as well is the customer obsession that they bring to the table. That means that they are serving the customer at the end of the day.
This episode is sponsored by CashFly. The web is a competitive place, and if your site delivers its content pixelated slow or not at all, well, then you lose. But that's where CashFly comes in. CashFly delivers rich media content up to 159% faster than other major CDNs.
Through ultra-low latency streaming, lightning-fast gaming, and optimized mobile content, the company offers a variety of benefits. For over 20 years, CashFly has held a track record for high-performing, ultra-reliable content delivery.
While competitors call themselves fast or use cute animal names, only CashFly holds the record of being the fastest and serves customers like Adobe, the NFL, or Roblox, where content is created by users and must be delivered in real time. For the first time ever, CodeStory listeners can get a 5TB CDN for free. Yep, you heard that right. Free. Learn more at cashfly.com slash codestory.
That's C-A-C-H-E-F-L-Y dot com slash codestory. Hello? Welcome to the Data Analytics Club. Do you know the password? No, I didn't know there was one. Do you know how to code? Uh, no. Do you know how to query data? Like, ask a question? I guess not. Hmm, I see. Then you can't be in this club. Sorry. Goodbye. Don't be left out of the analytics club. ClearQuery is the analytics for humans platform.
With their full suite of features, you can go from data ingestion to automated insights seamlessly. ClearQuery provides you with the information you need without requiring you to do the heavy lifting. Their Ask ClearQuery feature allows you to ask questions in plain English, helping you find relationships and connections in your data that may have previously gone unnoticed.
You can even visualize your data with presentation mode, taking your data storytelling to the next level. Pricing is based on storage, not licenses, and that ensures that you get the most bang for your buck. Don't miss the opportunity to simplify data analytics, your data analytics, with ClearQuery. Get started today at clearquery.io slash codestory.
Okay, this will be interesting given what you've built. And I'm sure there's interesting stories here. Did you build this to scale efficiently from day one or with scale in mind? Or are there interesting areas where you've had to fight it as you've grown?
We built the platform for scale. One of the values that we have is dream big. That means that for us, from day one, we basically were looking at solving a big problem for the 10 years as a journey that we go. The problem was understanding the APIs as a platform itself and solving a bunch of security and many other use cases over a period of time on top of the data that we have.
So we built the platform for scale. but what we did not anticipate was the complexity of customer environments the complexity of some of the large financials that we run where we process close to 400 billion calls per month yes the platform was able to scale but not the complexity of how we collect the data and the use cases that we need to make sure that we are solving for the customer
to make sure that they're deriving value on a continuous basis. And the second part of it is the go-to-market scale. How do we actually scale this across financials to fintechs to healthcare to retail and entertainment and everything else? How do we scale this across businesses from an overall go-to-market perspective?
All of those scales in terms of collecting data, go to market itself, we definitely had a lot of challenges along the way. And that's a fun part of building a startup.
As you step out on a balcony and you look across all that you've built with Traceable, what are you most proud of?
I think the most that I'm proud of is the team that's actually behind the product, the company and everything else. Because these are the folks who are making this happen day in, day out. If you look at it as a size of the company, we have about 180 people going to about 200 people as we scale the year and everything else. People ask me how big is our customer success as a team, as an example.
The way I look at it is the customer success team is a 180 people strong team. Why I say that is you have
the customers and customer success and customer obsession everything's showing at the top but the people below that the entire team is focused on making sure the customer is realizing value starting all the way from a stage zero as in if you look at it as a sales cycle right i'm not even talking about the product building but purely from a customer touchpoint perspective
all the way into deployment to renewals to whatever the three, 10, five years right now. It's a three-year journey that customers have gone through, making sure that each of those touch points is what we are obsessed about end-to-end, right? So the team behind making all that happen is the one that I'm most proud of.
They all come from varying degrees of experiences, but their single most in their mind is, are they solving a customer's problem?
Okay, let's flip the script a little bit. Tell me about a mistake you made and how you and your team responded to it.
As we started the company itself, the focus was a lot more on runtime protection from an API security perspective. But one thing that kept coming back to us was, hey, it's all nice that you're able to discover the APIs and able to identify the APIs in the data, give us visibility into it, but also protect it at runtime.
But we want to be able to identify these vulnerabilities that are getting exploited at runtime in our pre-production system, right? So the mistake that we did, if I were to wind the clock back a long time ago, was we maybe delayed enabling that functionality for some of the customers, maybe about six months to a year. I wish that we had acted on that a little bit sooner than what we did.
But the thing finally worked out as in the same, what I consider as a delay and a little bit of a failure on our end turned out to be a bit of a success. The reason is we did not go and build a me too.
When we realized that delay or the failure, but instead we doubled down and we said, let's go solve this the right way because customers would be benefited by us innovating on it, like going back to the minimum sellable product that way rather than just going and doing the table stakes. We took it to the next level to say, what should that differentiation be?
So eventually when we went and launched our testing product, it's getting used everywhere. For example, today, because of the innovation that's come with it, we were able to replace some of the DAS tooling that the customers have, which are really not getting used from when it comes to APIs. So yeah, some of these failures that we got converted into successes, but the key was success.
keeping our focus on executing and learning from some of those mistakes.
Okay, so what's the future look like for the product and for your team?
The biggest thing that's happening now is, of course, we're accelerating our go-to-market from bringing in an amazing set of leaders in terms of sales and marketing and the product team and everything else. And of course, expanding internationally as well. Just recently, Citibank, with a whole bunch of existing and new investors, decided to do a strategic investment project.
We were not looking for money, but it was more of we wanted to bring in some of these strategic investors to help us grow in larger organizations because they bring a lot of that context that may be missing on our end from understanding these large enterprises out there.
So that investment is helping us expand from an R&D perspective and go-to-market perspective as well, and lots more from a customer success perspective. But from a future, from a platform perspective, we are expanding into other areas. Just recently, we announced GenAI.
API protection because at the end of the day, most of the generative AI applications are being built on APIs which are wrapping up either local models that exist as an open source models that can be deployed locally or they're using third party APIs like OpenAI or Gemini or whatnot as more and more these third party services, AI services start to come in.
uh so the gen ai application protection became very key for us and we announced that at rsa as an early access so we're going to continue to expand we have a very rich platform which enables a lot of the threat hunting aspects of it that we look to expand that beyond because all businesses are going to become api driven that means that
All the traffic that's flowing through in the web is going to be more API focused. So looking forward to expand a whole bunch of functionality and, of course, growing the team to serve more and more customers.
Let's switch to you, Sanjay. Who influences the way that you work? Name a person or many persons or something you look up to and why.
The family is always behind the scenes, motivating you to do things the right way, motivating you to go achieve what you're set out to achieve. But an individual, as I was talking about, my co-founder as well, has had a great influence in the past and also continues to have that great influence even today.
There are, of course, a lot of the investors that influence, great investors that we have, not just from Citi that are joined newly, but Steve Herrick from IBP, John Rionis at Unusual, Gio Disick, Sorenson. All these guys have lots of influences in terms of very positive influences in terms of helping us where the market.
is going to go and also making sure that they're supporting us as we scale the company. But I think there are, of course, two key things that I think I continue to always grow towards. One is I'm sure you and your listeners may have looked into these things. There are two books that I'm always very interested in. One is great. Angela Duckworth is the author for that one.
Influenced a lot of my thinking around. It's not enough just if you have passion, you need to have perseverance associated with it because it's not just enough saying, yeah, I want to do this. I want to do this because there are going to be a lot of ups and downs as part of what you build as a startup. So you need to persevere. There are many naysayers that we have had in the past as well.
You can't do this. You can't do this. We were able to persevere and make things happen, right? The other one is the mindset by Carol Duet. Those two books that at least have influenced a lot in terms of my thinking from a startup building. But at the same time, am I telling you that as a startup, we have somehow reached a place where we are amazing? Nothing like that.
Everything is a journey, right? It's a five-year journey. I believe it's going to be a 10-year journey where at least you get to a point where you can say that, yeah, there are some things you set out to achieve and you have achieved those, right? So it's a journey that we are going through. And I'll be very honest, as I said, when you asked me what am I most proud of, it's the team.
So I get to learn from the entire team on a daily basis.
Last question. So you're getting on a plane and you're sitting next to a young entrepreneur who's built the next big thing. They're jazzed about it. They can't wait to show it off to the world and can't wait to show it off to you right there on the plane. What advice to give that person having gone down this road a bit?
Humility and conviction probably are the two things that are most important for taking this forward because it may be the best thing since life and you may feel that you know everything about it.
So that's where the humility part of it comes in, where they should be willing to learn and make sure that they are not somehow stuck with the idea that this is the best thing that's been built and maybe many other things that others have done. So they need to be a lot more open. to listening than feeling that they know everything.
But at the same time, the reason why I combine the conviction part of it is that there will be a lot of naysayers as they go and build this. Make sure that you have the conviction to go make things happen that you think is right. So the gut side of it from an entrepreneur perspective is probably the most important thing, right? The second thing that I would tell them is
If you are the most passionate about it, but if the moment there is a downer that comes your way and you give up on it, or there is a moment where your team may not like what you've done or your team may not be the right team because you'll go through a lot of changes as well as you go build a company. If you are not able to go through, that's when you will fail.
You may have the next best thing, as you said, from an idea perspective or a product perspective or whatnot. Don't underestimate the rest of the things that are needed to go build a company. And that's where the last thing that I would say is make sure that you understand all aspects of go-to-market information. If you're an engineer, make sure you understand the entire sales side of the process.
Without knowing that, you won't be able to take the company forward. The products I like to look at as the most important thing for any company, but at the same time, products along with the right go-to-market execution and the right kind of customer obsession, those three are the ones which form a basis for something that you can succeed as a company.
So I would highly recommend all the young entrepreneurs think beyond just what they built as a product.
That's fantastic advice. Well, Sanjay, thank you for being on the show today. Thank you for telling the creation story of Traceable.
Thanks a lot for having me on this one. It was a pleasure.
And this concludes another chapter of CodeStory. Code Story is hosted and produced by Noah Laphart. Be sure to subscribe on Apple Podcasts, Spotify, or the podcasting app of your choice. And when you get a chance, leave us a review. Both things help us out tremendously. And thanks again for listening.