The Business of Open Source

In this episode of Cloud Native Startup, Justin Borgman, Chairman and CEO of Starburst Data, takes us through Starburst’s evolution as it speedily makes its mark in the enterprise software space. As a two-time startup founder, Justin illustrates his journey towards founding Starburst, alongside his fellow co-founders, and we explore how they built this unique company. He also shares his advice and lessons learned and we discuss what’s in store for Starburst as the company ventures into its next phase.Highlights:Exploring how Starburst came into being and what led to the realization that a business would be built around Presto. (00:14)Why Starburst has 12 co-founders and the factors that contribute to the strength of the founding team. (05:53)Starburst’s journey towards raising venture funding. (08:19)The evolution of PrestoSQL and how it became Trino – and Justin shares advice for anyone developing an open source project. (13:49)More on Starburst’s shift towards venture funding and how the founders came to that decision. (21:15)Differences between Justin’s first and second experience as a startup founder and how he applies what he’s learned. (24:53)A look at Starburst’s transition into its third phase. (28:13)Mistakes and lessons learned. (32:02)Links:JustinLinkedIn: https://www.linkedin.com/in/justinborgman/ Twitter: https://twitter.com/justinborgmanStarburst: https://www.starburst.io/

This week on Cloud Native Startup, I’m joined by Tobi Knaup, CEO & Co-Founder of D2iQ.In this episode, Tobi provides insight on how D2iQ helps its customers change the world through open source and how it is reflected in their core mission. We also explore what led to the creation of this pioneering technology company and how the cloud native space has changed since. Highlights:Tobi provides an overview of D2iQ and how it came to be - and he walks through their pivot from Mesos to Kubernetes. (00:11) More on the core mission of D2iQ - and how solving technology challenges at Twitter and Airbnb led to the creation of D2iQ. (04:05) How DQI2 partnered with companies in its early days - and the common mistake that D2IQ and most companies make early on. (13:30) Tobi reflects on his journey from an engineer to founder and CEO - and shares his perspective on the evolution of the cloud native ecosystem. (18:44)Tobi’s advice to the younger version of himself and his fellow co-founders. (28:17) Links:TobiLinkedIn: https://www.linkedin.com/in/tobiasknaup/Twitter: https://twitter.com/superguenterD2iQWebsite: https://d2iq.com/Twitter: https://twitter.com/D2iQ

HashiCorp’s Co-Founder and CTO, Armon Dadgar, joins me for a conversation on Cloud Native Startup.In this episode, we focus on open source and how it serves as the core to HashiCorp’s identity. We also explore Armon’s journey towards founding HashiCorp with Mitchell Hashimoto and what the future holds as they both lean into their respective passions. Learn a few keys to cultivating a successful open source community, why some companies don’t rely on this success, his lessons learned, and more.Highlights:A look at Armon’s role as Co-Founder and Chief Technology Officer and what sparked the decision to build HashiCorp alongside Mitchell Hashimoto. (00:13)Armon shares why HashiCorp began as open source and how that developed into a company. (4:46)How an open source community compares to a paid community - and Armon’s take on bootstraping an open source company. (11:23)Why creating an open source project directly from a closed source project is not the best strategy. (14:43)Keys to building a successful open source community and why this is vital to HashiCorp.(18:14)Armon shares lessons learned during the early days of HashiCorp - and his thoughts on the complexities of being a founder. (23:15)How Mitchell’s decision to step back as an individual contributor allows him to focus on his passion - and more on why they chose to monetize HashiCorp. (29:30)Links:ArmonTwitter: https://twitter.com/armonGitHub: https://github.com/armonLinkedin: https://www.linkedin.com/in/armon-dadgar/HashiCorpWebsite: https://www.hashicorp.com/Twitter: www.twitter.com/hashicorp

Neil Cresswell, co-founder of Portainer, joins me this week on Cloud Native Startup. In this episode, we talk about the evolution of Neil’s fascinating career, which began at age 17, and how it led to Portainer. We also discuss Portainer’s core ethos of simplicity, open source product, Neil’s predictions on Kubernetes, and more.Highlights:Neil recounts how he went from self-employed to co-founding Portainer. (00:19)A look at who Portainer was originally built for and the moment he realized it would be a commercial entity. (08:09).Neil dives into the three elements to success in open source product. (11:56)Neil’s advice for someone working on an open source - and a look back at his consulting experience. (14:54)Neil’s shares his lessons learned along his journey - and breaks down some differences in his past and present roles. (20:08)How Neil’s team ensures simplicity - and his Kubernetes predictions. (25:09)Neil shares some of the everyday challenges and advantages of working across different timezones. (29:19)Links:NeilLinkedin: www.linkedin.com/in/ncresswellTwitter: twitter.com/neilc_cloudPortainerWebsite: Portainer.io Twitter: twitter.com/portainer.io

Michael Hyatt joins me on this episode of Cloud Native Startup. Not only is Michael a leading tech investor and philanthropist, but he also ranks as one of Canada’s top entrepreneurs. In this episode, Michael provides a wealth of knowledge as he shares invaluable tips for aspiring, new, and current founders. We also discuss the early stages of founding companies with his brother Richard, the mentality behind hiring your weakness, the phenomenal impact of computing, and much more. In this episode, we cover:Michael’s take on why starting a company with his brother was a powerful and successful business move. (00:15)The power of computing - and the awful truth about technology. (4:12)The importance of being able to pivot and hire your weakness. (8:18)What Michael looks for when he is investing in a company. (17:27)The impact computing has on new companies now vs 20 years ago. (20:24)Michael reflects on the moment he knew success was on the horizon - and how his inferiority complex played a role. (26:07)The challenges of creating a company built around technology. (28:49)Why you need marque customers. (32:24)Michael’s advice to founders. (35:47)Links:Michael HyattLinkedin: https://www.linkedin.com/in/michaelhyatt1Twitter: https://twitter.com/mhyattoffice

J.J. Guy, Co-founder and CEO of Sevco Security, joins me this week on Cloud Native Startup. In this episode, J.J. breaks down Sevco Security and the IT security ecosystem. We also discuss challenges, lessons learned, building a solid team culture and more.Highlights:Introduction to Sevco and how it fits into the security product ecosystem. (:0016)What creates friction across the entire IT organization and why it is taken for granted. (5:05)J.J. shares ideas that he considered but then ultimately rejected and what he would have done differently. (10:39)The fascinating challenges around enterprise products in security. (17:44)Key lessons learned and how J.J. applies them to Sevco Security. (22:50)The challenges of developing a new product in a new market segment. (27:23)Links:J.J. LinkedIn: https://www.linkedin.com/in/jjguy/ Twitter: https://twitter.com/jjguy Sevco SecurityWebsite: https://sevcosecurity.com/

This week on Cloud Native Startup, I am joined by William Morgan, CEO of Buoyant, Inc. In this episode, William talks about his beginnings as a software engineer at Twitter and his transition towards starting and running his own company. We also discuss how rewriting Linkerd enhanced its core value of simplicity, the blessing and curse of open source, his advice to his younger self, and more.In this episode, we cover:Who is the CEO of Buoyant? William Morgan shares his background. (00:14)The story behind Linkerd and how it came into existence. (1:40)Building a company around Linkerd - and monetizing an open source project. (3:43)William’s thoughts on the open-core model. (7:52)The evolution of Buoyant: Building the long-term future of the business. (9:08)Lessons learned and advice to William’s younger self. (13:48)Deep dive into the process of simplifying Linkerd to reach its core value. (17:34)Istio or Linkerd? William’s take on deciding what is right for you. (23:26)The blessing and curse of open source. (27:03)William reflects on his journey as an engineer to starting and running a company: (32:00)Links:William MorganLinkedin: https://www.linkedin.com/in/wmorganTwitter: https://twitter.com/wmBuoyantWebsite: https://buoyant.io Twitter: https://twitter.com/BuoyantIOLinkerdWebsite: https://buoyant.io/linkerd/Linkerd Twitter: https://twitter.com/Linkerd

David Friend, co-founder and CEO of Wasabi Technologies, Inc. writes the rules of his own success. With 7 companies under his belt, David continues to be an impactful maverick entrepreneur. In this episode, David and I talk about the evolution of his journey, which started off in the music industry, and how it led him to found a cloud data storage company. Join us for more on this week’s episode of Cloud Data Startup.Highlights:The evolution of David’s companies from the very beginning of his entrepreneurial journey. (00:30)David compares running a synthesizer company to a cloud storage company. (5:42)How careful hiring allows David to focus on his strengths. (10:18)David shares why price and simplicity are the two most important ingredients in selling. (13:50)The influence of data storage and AI and how it has changed the mindset of customers over time. (16:59)David's philosophy on running a business and the joys of conducting the orchestra of his company. (20:46)Advice for first-time founders. (22:18)David’s philosophy on raising money as an entrepreneur. (24:47)Links:DavidLinkedIn: https://www.linkedin.com/in/david-friend-3660832/ Twitter: https://twitter.com/wasabi_daveWasabi Technologies Inc.Website: https://wasabi.com/ Twitter: https://twitter.com/wasabi_cloud

This week, Swaroop Jagadish, co-founder of Acryl Data, takes us through his journey from quitting his day job as an engineer to founding his first startup company alongside Shirshanka Das. Swaroop also shares his insights on Acryl Data’s business model and the advantages and challenges of building an open source project-based company. Tune in for more on Swaroop and Acryl Data in this episode of Cloud Native Startup.HighlightsHow Swaroop created Acryl Data and the story behind the name. (00:42)Lessons Swaroop learned on his journey towards becoming a startup founder. (6:52)Swaroop reflects on the challenges of building an open source project-based company. (10:31)How Acryl Data’s core ethos aligns with LinkedIn (12:49)The unique advantages of Acryl Data’s business model. (14:03)The scariest part of the startup journey. (16:27)Swaroop’s thoughts on approaching the modern data ecosystem. (17:32)Acryl Data’s use-cases. (20:12)Swaroop’s insights on building an open-source company and generally, as a first-time founder (27:32)Links:Swaroop:LinkedIn: https://www.linkedin.com/in/swaroopjagadishAcryl DataWebsite: https://www.acryldata.io/Twitter: https://twitter.com/acryldataData Hub Project Website: https://datahubproject.io/Data Hub Slack Community: https://datahubspace.slack.com

Dhiraj Sharan, CEO and founder of Query.AI, joins me this week on Cloud Native Startup. With a career that spans over 20 years in cybersecurity, Dhiraj has seen the swift adoption of multi-cloud environments and SaaS apps. In this episode, Dhiraj discusses the importance of evolving your product as the world changes and why you should ask yourself, “How can I be innovative for the next layer?” Dhiraj also gives his younger self advice on the cybersecurity game of chess and much more. HighlightsWhat led Dhiraj to pursue Query.AI? (0:23)Dhiraj shares ideas that he ultimately didn’t pursue (3:52)The importance of evolving and the layers of innovation. (5:30)The difference between being a founder and being an early employee. (8:52)Advice Dhiraj would give himself if he could go back 20 years. (10:19)Dhiraj’s advice on building a company. (11:52)Security team budgets and creating an ROI calculator. (13:11)Query.AI’s “unique” struggle. (18:47)CSO’s general response to Query.AI. (20:03)Dhiraj reflects on lessons learned and the importance of understanding your customer. (21:48)Dhiraj on the entrepreneur in everyone. (23:32)Links:Dhiraj: LinkedIn: https://www.linkedin.com/in/dhirajsharanTwitter: https://twitter.com/dhirajsharanQuery.AI:Website: https://query.aiTwitter: https://www.twitter.com/query_ai

Anurag Goel, Founder and CEO of Render, joins me on this episode of Cloud Native Startup. Learn about his beginnings at Stripe as employee #8, the birth of Render and how it solved a gap in the market, and his lessons learned while transitioning roles. We also discuss how open source fits into business strategy and much more.In this episode, we cover:Anurag and how he founded Render (00:27) Lessons learned while transitioning professional focus from engineering at Stripe to strategic business (05:42)Anurag’s advice for people who want to transition into larger business roles (11:11)The evolution of Render and its market and use case (13:57)The important role of open source in the developer tool ecosystem (19:46)Why Anurag chose to make Render open source (22:11)Strategies for making open source part of your platform (22:51)How open source fits into business strategy (23:55)Links:Anurag: www.twitter.com/anuraggoelRenderWebsite: https://render.com/Twitter: https://www.twitter.com/render

This week on Cloud Native Startup, I talked with Wei Dang, founder of cloud native security company StackRox which was acquired by RedHat in 2020. Highlights: How Wei met his co-founder and how the two of them saw the need for new types of security tools. Why talking to people throughout the Kubernetes ecosystem led to a series of a realizations that security in a cloud native world was going to me an increasingly important part of the conversations as more people adopted Kubernetes. Where the name StackRox came from. How even understanding if there was a market for a container security product. The moments wondering ‘are we building the right product’ was the scary. Why it’s important to focus at the beginning. How StackRox evolved from container security to Kubernetes security as the broader conversation shifted and the industry consolidated around Kubernetes. The moment Wei felt like there was product-market fit for StackRox. How Wei would define Kubernetes Security. The ways in which starting and growing a company forced Wei to learn new skills and gain knowledge. Why community is so important for companies in the Kubernetes ecosystem. How things have changed — and how they haven’t — since becoming part of Red Hat. Linkshttps://twitter.com/weiliendanghttps://www.linkedin.com/in/weiliendang/

The Business of Cloud Native is now Cloud Native Startup. Going forward, I'm moving away from talking to end users and focusing instead on what it takes to build a startup in the cloud native ecosystem. I'll be talking with startup founders, startup advisors and others in the ecosystem about making the transition from software engineer to startup founder, the stories behind companies we read about in the tech press and how to increase your odds of success in the cloud native startup world.

This week on The Business of Cloud Native, I spoke with Abby Kearns, CTO at Puppet, about the changing role of technology in the enterprise and how that changes things for software companies like Puppet. HighlightsWhatever the exact definition of cloud native, ultimately it is a way to improve scaling and resilience. The increasing importance of software for enterprises, because customers simply expect to use software to connect with companies of all sizes. Why cloud native is tied to digital transformation — because you can’t do one without the other. Picking tech and deploying it — that’s the easy part. But the people part is hard. Changing organizational structures is hard, but the companies that are succeeding in the new digital environment have to do the hard work. Why enterprises that are successfully using software to build a better relationship with your customers have top company leadership, from the CEO on down, investing in the transformation and incorporating technology into the company’s vision. How the changing role of technology in the enterprise has changed things for technology companies like Puppet. How technology decisions have now become board-level decisions, rather than decisions that made in a basement among technologists. How the changing landscape has forced Puppet to change its go to market strategy, positioning and messaging. The speed of change in the technology space seems to be accelerating and can lead to a lot of uncertainty. Why open source can be extremely rewarding, but requires companies to give up a huge amount of control that can be unnerving for enterprises. What is the role of a CTO at a technology company — is it tactical? Is it visionary? LinksAbby Kearns on LinkedInAbby Kearns on TwitterPuppet

This week on the Business of Cloud Native, I talked with Kelsey Hightower, principle engineer at Google and Kubernetes expert. We talked about how technology like Kubernetes helps engineers focus more on solving business problems instead of constantly solving the same low-level problems. Highlights: How the evolution of technology — and the evolution of customers’ expectation — have made cloud native practices table stakes. The more established a company is, the more layers it likely has in its technology stacks. Unless a company is under 10 years old, it probably isn’t 100% cloud native because it’s rarely practical to throw away everything they’ve been doing in the past.Why it’s so challenging for companies to “disrupt themselves” by adopting cloud native technology unless they have serious motivation. How successful cloud native journeys involve both grand strategic visions and boring tactical plans that can actually be implemented. Why companies need to take into account the entire ‘infrastructure’ needed to adopt cloud native. How do you collect the data you need to reach your goals? Do you have the human resources, both technical and non-technical, to achieve their goals? How cloud native transitions can quickly become an ‘onion’ problem where there is always another layer that companies need to solve. How to convince practitioners who are trying to build customer tools internally that they should use Kubernetes or other open source projects. The myth of ‘tech displacing people.’ Usually evolution of technology leads to more jobs for software engineers, not less. How Kubernetes helps engineers focus on the business — and that is a good thing. The difference between 20 years of experience and 20 years worth of 1-year experience. Why Kubernetes is a platform for building other platforms. Why Kubernetes and cloud native are not a magic bullet that will completely transform your business. Links: Kelsey Hightower on Twitter

This week on The Business of Cloud Native, I spoke with Mark Thiele of Edgevana about the definition of cloud and cloud native, where the line is between cloud and edge and situations where edge is the best option. Highlights: A discussion of situations where edge is the most appropriate option and how edge can help solve problems related to latency, data transfer costs, data sovereignty and network access. Why the right architecture depends on your business needs — there is no one size fits all way to design an edge solution. The relationship between data centers, public clouds and edge devices, including how co-location facilities fit into the equation. How IT is shifting from being a cost center in the business to being a profit center, and how this re-framing of IT is the root of fundamental change. What types of companies can successfully manage a data center and what types of companies should accept that they don’t have the skills and just go to the public cloud. Why success in the digital transformation is really a question of prioritization. Do you enjoy the podcast? Help others find it by leaving a review on Apple Podcasts and sharing on social media. LinksEdgevanaMark on LinkedInMark on Twitter

This week on The Business of Cloud Native, I spoke with Jana Boruta, Director of Global Events at HashiCorp, about building community — for startups, for big companies and for open source projects with no budget. We also touched on digital-first events and how they differ from in person events. Highlights:What is community and why does it matter for companies building commercial tools for developers. Why community building is for everyone — from Nike to volunteer organizations to enterprise software. Is it ever too early for community building? How to determine if you’re building community for the right reasons. Why community building is a long game — not something that will show immediate ROI after a single event. Community building starts with creating a community blueprint. While some tactics are common, but every company’s community is going to be different and has to be authentic to the company. Why product feedback can be an important first step for building a community. Why starting with community building too early, when the product is too buggy, can be counter productive. Why you should avoid thinking of your community as a demand gen program. How create digital events that provide value for the attendees, even if they deliver it in a very different way than an in-person event. Links:Jana’s websiteJana on LinkedInHashiConfEpicConfDigital-First Events, Jana’s book about digital events

This week on The Business of Cloud Native, I spoke with James Campbell, CEO of Cado Security, about his background in the security world and why he felt like there needed to be a better way to manage security forensics in a cloud native environment. Highlights: Why it’s important to get better information about security incidents — or potential security incidents — to make better decisions. Why security has to be relatively easy because otherwise people will ignore it — at their peril. How cloud native features like auto-scaling are great for compute but make security, especially security forensics, more complex. Without enough data collected in real time, companies can end up unable to know whether or not an anomaly actually caused data loss, which data was impacted and what the root cause of incident was. How some of the most sophisticated attackers operate and how they can cause havoc even if the impacted container has spun down. The triggers that led Campbell and his co-founder to start Cado Security. Why having better information is critical to responding effectively to breaches, large and small. Links: James Campbell on LinkedInJames Campbell on TwitterCado Security

What is edge? What is cloud? What is the difference and what are the different requirements for each use case? I talked to Samy Fodil, CEO and founder of Taubyte, about edge computing, industrial IoT and how the edge requires a dramatically different approach from the cloud. Highlights:Why edge is a truly distributed system, unlike the cloud. What inspired Fodil to start Taubyte and why he thinks the edge will be the default computing platform in the years to come.What overlap there is in skill sets between on-prem development, cloud development and developing edge-native applications.Why edge-to-edge communications can be so hard for developers to understand. What barriers prevent companies from taking advantage of the edge and why it’s worth it for those businesses in spite of the complexity. Links:Samy Fodil on LinkedInTaubyte

This week on The Business of Cloud Native I spoke with Travis Nielsen and Sebastien Han about how Rook has evolved over the years, beginning as a way to build a cloud native storage platform but before anyone was talking about cloud native or Kubernetes. Links: Travis on LinkedInSebastien on LinkedInThe Rook project page

This week on The Business of Cloud Native, I talked with former Gartner Analyst, current VP of Solutions at Securonix Augusto Barros. We talked about how Securonix’s positioning has evolved over the years as it has move between market categories as well as how to evaluate and test cloud native security solutions. Links:Augusto on TwitterAugusto on LinkedInSecuronix

In this episode with Evan Reiser, CEO of Abnormal Security, we explored how positioning and an understanding of who your ideal customers are and what their needs are can influence technology choices, including which cloud provider you build on. HighlightsHow a seemingly pure technology choice like cloud provider can have serious implications for customer experience. The difference between having a board-level discussion about cloud providers is different from gathering the engineering team to talk about cloud infrastructure Why being integrated in the Microsoft ecosystem was a strategic business decision and how technology decisions in general can be high-level business decisionsWhy technology teams should think more about what the customers need and want instead of just choosing the best tool from a technical perspectiveEvan’s hesitations about making the transition to Azure and why they did it anywayWhy they chose to re-architect at the time they didEven though the move to Azure was made to improve customer experience, customers don’t necessarily have a different experience since the moveWhy founders should keep in mind that startups rarely fail because their technology doesn’t work, but because they don’t meet the needs of their customersLinks: Evan on LinkedInAbnormal Security

This week on The Business of Cloud Native I talked with Yong Tang, one of the maintainers of CoreDNS, about how the project started, how it’s evolved over the years and how the team decided to integrate it with Kubernetes. Links: CoreDNSYong Tang on LinkedIn

This week on The Business of Cloud Native, I talked with Brian Gracely about using Kubernetes for edge workloads as well as the difference between “cloud” and “edge.” HighlightsIs edge part of the cloud, is cloud a part of edge or are they completely separate but slightly related environments? What makes something a data center vs what makes something an edge device? How enterprises think of edge vs how Telcos think about edge. How the edge has gone from being a cost center to a competitive advantage for enterprises.Why Telcos have always thought of edge as a market opportunity. Why Kubernetes can help standardize environments and make it easier to deploy software to the edge, but there are still challenges to overcome. Why edge deployments require re-thinking many basic environmental factors like bandwidth and compute capacity. Why consistency at the edge is so important. Why you can’t ignore the physical conditions that make edge environments unique. LinksBrian on TwitterThe CloudcastRedHat OpenShift

In today’s episode of The Business of Cloud Native, I talked with Julien Pivotto and Richard Hartmann, two of the maintainers of Prometheus, about how the project started, how it’s evolved over the years (and how it’s stayed the same) as well as some novel ways Prometheus is used in the real world. HighlightsWhy both Julien and Richard got started with PrometheusSome surprising ways that Prometheus is used to monitor things beyond the software engineering worldHow Prometheus has evolved in technology and usage over the yearsHow Kubernetes and its relationship with Prometheus has changed the projectWhat assumptions ‘cloud native’ creates for potential Prometheus usersLinksJulien on TwitterRichard on Twitter

In this episode of The Business of Cloud Native, Chris Holmes talks about bootstrapping Decipher Technology Studies and their core product, intelligent service mesh Greymatter.io. He also talks about why it's so important for brownfield and greenfield apps to talk to one another and the many similarities between public sector and private sector organizations. Highlights: How Greymatter combines business intelligence and security controls.The difference between working with public sector customers and private sector / enterprise customers — and why there are more similarities than differences. How segmentation is sometimes necessary for any highly security-conscious organization, including both government organizations and financial services companies in the private sector. Why we need to respect legacy applications — because they tend to be the mission-critical applications that drive revenue. Why connecting brownfield and greenfield applications is critical, because not all ‘legacy’ apps will ever be moved to the cloud.What ‘returns’ a company is looking for when evaluating ROI on cloud migrations. What we mean when we talk about an “ROI” on security tools. Why Kubernetes’ terrible networking is part of why Chris could see that service meshes would be necessary even back in 2015. Links:Chris on LinkedIngreymatter.io

This week on The Business of Cloud Native I spoke with Chris Psaltis, CEO and co-founder of mist.io. We spoke about why multicloud is necessary (and scenarios where multicloud is not necessary), where multicloud is headed in the future and the journey Chris and his co-founders have been on with Mist. HighlightsThe difference between using multicloud for legal / regulatory reasons or because of the company’s history and using multicloud strategically to improve developer velocity or improve customer experience. The complexity involved with pursuing multicloud and why many organizations are better off in just one cloud. Why being cloud agnostic from day one is not a good strategy in the vast majority of cases. Why no one seems to be able to correctly estimate how difficult it is to build a multicloud platform. Why ‘silos’ are the competitive alternative to a unified platform for companies How Mist went from working primarily with smaller teams before figuring out that they provided more value for large teams because the pain from multicloud management increases exponentially as the number of engineers, applications and environments increases. When the founding team decided to stop being consultants and start an open source technology startup. LinksMistChris on LinkedInChris on Twitter

This week on The Business of Cloud Native, I talked to Tzury Bar Yochay, founder and CTO of Reblaze, about building a cloud native security company before twelve thousand people were going to KubeCon. Highlights:Why your security measures have to keep up with hackers’ sophistication.The moment when Tzury decided to go from being a contractor for the defense industry to founding a company.Why the default path for startups is failure. Why open source is key to securing your cloud environment.How selling a security product to developers has evolved over time. Why lazy developers are good developers. Why selling software to developers is different from selling software to other types of professionals. Why he thinks the most brilliant developers tend to gravitate towards open source. Why security based on obscurity is a terrible, perhaps even evil, strategy. Links:ReblazeTzury on LinkedIn@tzury on TwitterTzury on GitHubCuriefense

This week, I talked with Karthik Ranganathan about the challenges going from employee of a large company to startup frounder and why he founded Yugabyte because he wanted a database that both was transactional and still could be highly available.Highlights: Why the ability to scale is important for any cloud native application, including for a cloud native database.Why Yugabyte is still open source and why being open source is important to the company. Why enterprises wanted an open source database to house their mission-critical data. Why the company went from an open core model to open source / managed service model. Why end customers care about open source. Why early-stage, small companies have trouble establishing trust and how being open source helps build trust. Why building around open source helps nudge customers to ‘buy’ instead of built it themselves. Why finding the right position and the right message is a major challenge at the beginning of the company. Links: Karthik on LinkedInKarthik on Twitter YugabyteYugabyte Slack

This week, I talked to Natalie Ledbetter, Head of People and Platform at Boldstart Ventures. We talked about how startups can approach team and culture building, including:How to prioritize your hiresCommon mistakes founders make when building a teamWhy you should always avoid brilliant jerks, even if they are very brilliantHow to divide responsibilities between foundersAnticipating growth and setting your team up so that it can scale as easily as possibleThe difference in skills sets between 'startup people' and employees you would want to hire later onLinks: Natalie on LinkedInNatalie on TwitterBoldstart Ventures

In this episode of The Business of Cloud Native, we talk about the hard business goals behind words like "freedom" as well as what it's like to go from engineer to CEO. My guest, Sirish Raghuram, is the CEO and co-founder of Platform9.Links: https://platform9.com/https://www.linkedin.com/in/sirishraghuram/

In this episode of The Business of Cloud Native, Shawn Lankton talks about how Microsoft 365 and related applications fit into an organization's move to the cloud and why organizations need to pay attention to security for all their SaaS applications. Links: https://www.coreview.comShawn on Twitter

Thomas Markey talks about how to remove some of the barriers to running an open source project with free hosting services. Links: https://fosshost.orgThomas on LinkedInFOSSHOST on TwitterDiscord

Ranjan Parthasarathy talks about why separating compute and storage makes it easier to operate at hyper scale and why he decided to found Logiq.ai to make it easier for companies to do so. Links: LinkedInLogiq.ai

Have you thought about how your OSS license could impact your ability to grow your community and monetize your OSS in the future? Attorney McCoy Smith talks about what to be aware of at the beginning to avoid messy legal issues down the road. Links: McCoy on LinkedIn Lex Pan LawOpsequ.io

As an analyst at CCS insight, Bola Rotibi gets a birds-eye view of trends in how industries use software to advance their business goals. We had an incredible conversation about how companies use cloud native technology to meet business goals and how vendors in the cloud native space should pay more attention to the needs of specific industries. Links: https://www.ccsinsight.com/blog/author/bolarotibi/https://www.linkedin.com/in/bolarotibi/https://twitter.com/bolarotibi

SaaS companies that handle customers' sensitive data need to worry about how they manage data locality. In this podcast, Canopy CTO and founder talks about how their business would not be possible without the flexibility and ability to easily spin up resources in regions across the world that a cloud native architecture offers. Links: https://www.canopyco.iohttps://www.linkedin.com/in/oransears

Here's what I covered in this episode: What positioning and market segmentation is and is notThe specific positioning challenges facing companies in the cloud native ecosystemWhy it's important to identify and talk about the types of application your product benefits the mostThanks for listening, and happy new year!

Jim Bugwadia, CEO and co-founder of Nirmata, talks about what has changed (and what has stayed the same) since the company started in 2013. Links:https://www.linkedin.com/in/jimbugwadia/https://nirmata.comhttps://kyverno.io

In episode 29 of The Business of Cloud Native, I talked to Krishnan Subramanian of Rishidot Research about trends he sees in how end users use cloud native technologies and how startups in the space can meet end users where they are. Links: https://rishidot.comhttps://www.linkedin.com/in/krishnansubramanian/https://twitter.com/krishnan

This conversation covers:Idit’s role at Solo.io, and what she typically does on a daily basis. Idit also talks about how her job duties have changed over the last two years, and the impact that COVID-19 had on the company.The common business reasons why customers come to Solo.io — and where they typically are in terms of cloud-native maturity. Some things that Idit has learned about customers over the last two years. In addition, Idit talks about her own journey at Solo.io and what she’s had to learn along the way.How Idit’s customers typically benefit from using distributed systems — and some of the top misconceptions that they tend to have about using them.Idit’s thoughts on the market for cloud-native technologies.LinksSolo.ioFollow Idit on TwitterSlackTranscriptEmily: Hi everyone. I’m Emily Omier, your host, and my day job is helping companies position themselves in the cloud-native ecosystem so that their product’s value is obvious to end-users. I started this podcast because organizations embark on the cloud naive journey for business reasons, but in general, the industry doesn’t talk about them. Instead, we talk a lot about technical reasons. I’m hoping that with this podcast, we focus more on the business goals and business motivations that lead organizations to adopt cloud-native and Kubernetes. I hope you’ll join me.Emily: Welcome to the Business of Cloud Native. I'm Emily Omier, your host, and today I'm chatting with Idit Levine of Solo.io. Idit, I want to start out, first of all, by thanking you for joining me. Idit: Oh, thanks so much for having me. Emily: And then, second of all, I wanted you to just start off by introducing yourself: what you do, what your company does, and also a little bit about how that translates into what you do every day, like, what activities you spend your day doing. Idit: Oh, for sure. Okay, so as you said, my name is Idit Levine. And I’m, right now, the founder and the CEO of Solo.io. I started Solo two years ago, and when I started it, my focus was try to solve our [00:01:24 unintelligible] application networking problem that we know that will come up. So, what does it mean? As you guys all know, there was a huge shift in the market between monolithic to microservices and, kind of like, moving from technology of monolithic to microservice stack mean that now we also moved to a distributed application. And it was clear to me that now everything is basically will go on the wire; any communication, small communication, between those two microservices basically will have to go to the network. And I thought that would become a big problem because stuff that we didn't need to take care of when everything was the same binary, now we need to actually figure out how to solve. And basically, I was really passionate, thought that that will be a huge problem in the ecosystem and I was very passionate to actually try to solve that. So, the idea was, how to connect, right? How to connect the application, how to connect everything related to your, eventually, application to the user.Emily: And then tell me a little bit, what do you do every day? When you start, what does an average day actually consist of?Idit: Oh, wow. So, it's really interesting, that I think it's a huge difference between now and what I was doing a year ago. Right now, basically, it's pretty simple. Corona came by and it was influence a lot of companies. I was assume that it will influence also my company, and therefore I basically freeze hiring, freeze everything, and try to do the best I can with the resources that we had. What happened is that actually, not only that we didn't was influenced, we actually over doubled our revenue every quarter. That's basically forced me to immediately grow the team to be able to actually serve all those customers. Right now, basically, the main thing that I'm focusing on is—besides the technology, of course, in the strategic of the company—is basically on growing the team. So, it's hiring, it's interviewing, it's looking for the right people, it's building. You know, basically try to grow the team as much as I can in order to basically, yeah, serve well, the customer that are asking for us to—you know, for our products. That's a lot of my focus this day.Emily: And what do you find are the business reasons? What's the business problems that cause somebody to come to you?Idit: So, as I said, once people basically is moving from monolithic to microservices, there is a lot of simple stuff that before that just natively happened inside of the organization; right now, it's a little bit more complex. So, first of all, they needed to find something to run it on, and this is what Kubernetes so great in this ecosystem is the ability to install, upgrade, and basically orchestrate their microservices. But then, as I said, simple stuff that before that people were baking into the microservices created a lot of issues, like small stuff, like how do two microservices communicate with each

This conversation covers:Mirage’s role as an API mocking library, the value that it offers for developers, and who can benefit from using it.How Mirage empowers front end developers to create production-ready UIs as quickly as possible.How Mirage evolved into an API mocking library How Mirage differs from JSON Server Sam’s relationship to Mirage, and how it fits in with his business. Sam also talks about open source business models, and whether Mirage could work as a SaaS offering.One interesting use case for Mirage, which involves demoing software and driving sales.LinksMirageSam’s teaching siteFollow Sam on TwitterSubscribe to Sam’s YouTube ChannelTranscriptEmily: Hi everyone. I’m Emily Omier, your host, and my day job is helping companies position themselves in the cloud-native ecosystem so that their product’s value is obvious to end-users. I started this podcast because organizations embark on the cloud naive journey for business reasons, but in general, the industry doesn’t talk about them. Instead, we talk a lot about technical reasons. I’m hoping that with this podcast, we focus more on the business goals and business motivations that lead organizations to adopt cloud-native and Kubernetes. I hope you’ll join me.Emily: Welcome to the Business of Cloud Native. My name is Emily, I'm your host, and today I'm chatting with Sam Selikoff. Thank you so much for joining us, Sam.Sam: Thanks for having me.Emily: Yeah. So, today, we're going to do something a little bit different, and we're going to talk about positioning for open source projects. A lot of people talk about positioning for companies, which is also really important. And they don't always think about how positioning is important for open source. Open source maintainers often don't like to talk about marketing because you're not selling anything. But you are asking people to give you their time which, at least for some people, is actually more valuable than their money. And that means you have to make a compelling case for why it's worth it to contribute to your project, and also why they should use it, why they should care about it? So, anyway, we're going to talk with Sam, about Mirage. But first, I should let you introduce yourself. Sam, thank you so much for joining me, and can you introduce yourself a little bit?Sam: Sure. My name is Sam Selikoff. These days, I spend most of my time teaching people how to code in the form of videos on my YouTube channel, and my website, embermap.com. Most of it is front end web development focused. So, we focus on JavaScript. I have a business partner who also works with me. And then we also do custom app development, you know, some consulting throughout the year.Emily: Cool. And then tell me a little bit about Mirage.Sam: Yeah, so Mirage is the biggest open source project I've been a part of since falling into web development, I'd say about eight years ago, I got into open source pretty early on in programming, kind of what made me fall in love with web development and JavaScript. So, I was starting to help out and just get involved with existing projects and things that I was using. Eventually, I made my way to TED Talks, the conference company where I was a front end developer, and that's actually where I met my business partner, Ryan. And we were using Ember.js, which is a JavaScript framework, and we had lots of different apps at TED that were helping with various parts of publishing talks, and running conferences, and all that stuff. And we were seeing some common setup code that we were using across all these apps to help us test them, and that's where Mirage came from. There was another project called Pretender, which helped you mock out servers so that you could test your front end against different server states. And we first wrapped that with something called Pretenderify, and then it grew in complexity. So, I was working on it on my learning Wednesdays, renamed it to Mirage, and then I've been working on it basically ever since. And then, the other big step, I guess, in the history is that originally was an Ember only project, and then last year, we worked on generalizing it so that it can be used by React developers, React Native developers, Vue developers, so now it's just a general-purpose JavaScript API mocking library.Emily: So, we would say that the position is an API mocking library. And—does that sound right?Sam: Yeah. If I had to say what it is, I would say it's a mocking library that helps front end developers mock out backend API's so that they can develop and test the user interfaces without having to rely on back end services.Emily: Why does that matter?Sam: It matters because back end services can be very complicated, there can be multiple back end services that need to run in order to support a UI, and if you're a front end developer, and you just want to make a change and see what the shopping cart looks like when it's empty. What does the shopping cart look like when there's one

This conversation covers:How Bloomberg is demystifying bond trading and pricing, and bringing transparency to financial markets through their various digital offerings.Andrey’s role as CTO of compute architecture at Bloomberg, where he oversees research implementation of new compute related technologies to support kind of our business and engineering objectives.Why factors like speed and reliability are integral to Bloomberg’s operations, and how they impact Bloomberg’s operations . Andrey also talks about how they impact his approach to technology, and why they use cloud-native technology.How Andrey and his team use containers to scale and ensure reliability.Why portability is important to Bloomberg’s applications.Bloomberg’s journey to cloud-native. Some of the open-source services that Andrey and his team are using at Bloomberg.Unexpected challenges that Andrey has encountered at Bloomberg.Primary business value that Bloomberg has experienced from their cloud-native transition.LinksBloombergBloomberg GitHubFollow Andrey on TwitterConnect with Andrey on LinkedInTranscriptEmily: Hi everyone. I’m Emily Omier, your host, and my day job is helping companies position themselves in the cloud-native ecosystem so that their product’s value is obvious to end-users. I started this podcast because organizations embark on the cloud naive journey for business reasons, but in general, the industry doesn’t talk about them. Instead, we talk a lot about technical reasons. I’m hoping that with this podcast, we focus more on the business goals and business motivations that lead organizations to adopt cloud-native and Kubernetes. I hope you’ll join me.Emily: Welcome to The Business of Cloud Native, I'm your host Emily Omier. And today I'm chatting with Andrey Rybka from Bloomberg, thank you so much for joining us, Andrey.Andrey: Thank you for your invitation.Emily: Course. So, first of all, can you tell us a little bit about yourself and about Bloomberg?Andrey: Sure. So, I lead the secure computer architecture team, as the name suggests, in the CTO office. And our mission is to help with research implementation of new compute-related technologies to support our business and engineering objectives. But more specifically, we work on ways to faster provision, manage, and elastically scale compute infrastructure, as well as support rapid application development and delivery. And we also work on developing and articulating company’s compute strategic direction, which includes the compute storage middleware, and application technologists, and we also help us product owners for the specific offerings that we have in-house. And as far as Bloomberg, so Bloomberg was founded in 1981 and it's got very large presence: about 325,000 Bloomberg subscribers in about 170 countries, about 20,000 employees, and more news reporters than The New York Times, Washington Post, and Chicago Tribune combined. And we have about 6000 plus software engineers, so pretty large team of very talented people, and we have quite a lot of data scientists and some specialized technologists. And some impressive, I guess, points is we run one of the largest private networks in the world, and we move about a hundred and twenty billion pieces of data from financial markets each day, with a peak of more than 10 million messages a second. We generate about 2 million news stories—and they're published every day—and then news content, we consuming from about 125,000 sources. And the platform allows and supports about 1 million messages, chats handled every day. So, it's very large and high-performance kind of deployment.Emily: And can you tell me just a little bit more about the types of applications that Bloomberg is working on or that Bloomberg offers? Maybe not everybody is familiar with why people subscribe to Bloomberg, what the main value is. And I'm also curious how the different applications fit into that.Andrey: The core product is Bloomberg Terminal, which is Software as a Service offering that is delivering diverse array of information of news and analytics to facilitate financial decision-making. And Bloomberg has been doing a lot of things that make financial markets quite a bit more transparent. The original platform helped to demystify a lot of bond trading and pricing. So, the Bloomberg Terminal is the core product, but there's a lot of products that are focused on the trading solutions, there is enterprise data distribution for market data and such, and there is a lot of verticals such as Bloomberg Media: that's bloomberg.com, TV, and radio, and news articles that are consumer-facing. But also there is Bloomberg Law, which is offering for the attorneys, and there is other verticals like New Energy Finance, which helps with all the green energy and information that helps a lot to do with helping with climate change. And then there's Bloomberg Government, which is focused on, specifically, research around government-specific data feeds. And so in general,

This conversation covers:An average workday for Thomas as senior systems engineer at Systematic.How Systematic uses cross-functional collaboration to solve problems and produce high quality software.How security and data privacy relate to cloud-native technologies, and the challenges they present. Systematic’s journey to cloud native, and why the company decided it was a good idea. Why it’s important to consider the hidden costs and complexities of cloud-native before migrating.What makes an application appropriate for the cloud, and some tips to help with making that decision.The biggest surprises that Thomas has encountered when moving applications to cloud-native technology. Thomas’s new book, Cloud Native Spring in Action, which is about designing and developing cloud-native applications using Spring Boot, Kubernetes, and other cloud-native technologies. Thomas also talks about who would benefit from his book.Thomas’s background and experience using cloud-native technology.The biggest misconceptions about cloud-native, according to Thomas.LinksSystematicCloud Native Spring in Action bookThomas Vitale personal websiteFollow Thomas on TwitterConnect with Thomas on LinkedInTranscriptEmily: Hi everyone. I’m Emily Omier, your host, and my day job is helping companies position themselves in the cloud-native ecosystem so that their product’s value is obvious to end-users. I started this podcast because organizations embark on the cloud naive journey for business reasons, but in general, the industry doesn’t talk about them. Instead, we talk a lot about technical reasons. I’m hoping that with this podcast, we focus more on the business goals and business motivations that lead organizations to adopt cloud-native and Kubernetes. I hope you’ll join me.Emily: Welcome to The Business of Cloud Native. I'm your host, Emily Omier, and today I'm chatting with Thomas Vitale. Thomas, thanks so much for joining us.Thomas: Hi, Emily. And thanks for having me on this podcast.Emily: Of course. I just like to start by asking everyone to introduce themselves. So, Thomas, can you tell us a little bit about what you do and where you work, and how you actually spend your day?Thomas: Yes, I work as a senior systems engineer at Systematic. That is a Danish company, where I design and develop software solutions in the healthcare sector. And I really like working with cloud-native technologies and, in particular, with Java frameworks, and with Kubernetes, and Docker. I'm particularly passionate about application security and data privacy. These are the two main things that I've been doing, also, in Systematic.Emily: And can you tell me a little bit about what a normal workday looks like for you?Thomas: That's a very interesting question. So, in my daily work, I work on features for our set of applications that are used in the healthcare sector. And I participate in requirements elicitation and goal clarification for all new features and new set of functionality that we'd like to introduce in our application. And I'm also involved in the deployment part, so I work on the full value stream, we could say. So, from the early design and development, and then deploying the result in production.Emily: And to what extent, at Systematic, do you have a division between application developers and platform engineers, or however else you want to call them—DevOps teams?Thomas: In my project, currently, we are going through what we can call as maybe a DevOps transformation, or cloud transformation because we started combining different responsibilities in the same team, so in a DevOps culture, where we have a full collaboration between people with different expertise, so not only developers but also operators, testers. And this is a very powerful collaboration because it means putting together different people in a team that can bring an idea to production in a very high-quality way because you have all the skills to actually address all the problems in advance, or to foresee, maybe, some difficulties, or how to better make a decision when there's different options because you have not only the point of view of a developer—so how is better the code—but also the effects that each option has in production because that is where the software will live. And that is the part that provides value to the customers. And I think it's a very important part. When I first started being responsible, also, for the next part, after developing features, I feel like I really started growing in my professional career because suddenly, you approach problems in a totally different way. You have full awareness of how each piece of a system will behave in production. And I just think it's, it's awesome. It's really powerful. And quality-wise, it's a win-win situation.Emily: And I wanted to ask also about security and data privacy that you mentioned being one of your interests. How do those two concepts relate to cloud-native technologies? And what are some of the challenge

This conversation covers:The value that Forter provides, and the types of companies that they work with. Iftah also explains what makes Forter so unique. The underlying technology that Forter is using, and how they quickly process hundreds of complex backend workflows. Iftah also talks about some of the tools that they are using, including AWS and Apache Storm.How Forter approaches the cloud, and how it’s helping them concentrate on the business of detecting fraud. In addition, talks about the types of cloud services that Forter is using.Forter’s ability to scale — including how they responded to increased customer demand during COVID-19.Forter’s biggest technical challenge that they are currently working through.Iftah’s thoughts on the security- speed tradeoff.Links:ForterForter on TwitterConnect with Iftah on LinkedInIftah’s email: [email protected]:Emily: Hi everyone. I’m Emily Omier, your host, and my day job is helping companies position themselves in the cloud-native ecosystem so that their product’s value is obvious to end-users. I started this podcast because organizations embark on the cloud naive journey for business reasons, but in general, the industry doesn’t talk about them. Instead, we talk a lot about technical reasons. I’m hoping that with this podcast, we focus more on the business goals and business motivations that lead organizations to adopt cloud-native and Kubernetes. I hope you’ll join me.Emily: Welcome to The Business of Cloud Native. I'm Emily Omier, your host, and today I'm chatting with Iftah Gideoni. Iftah is the CTO at Forter. Iftah, first of all, thank you so much for joining me.Iftah: Very glad to be here.Emily: So, I wanted to have you start by introducing yourself and what you do, and then also what Forter does.Iftah: Hi, I'm Iftah. I’m a physicist of education, and in the last 20 years, a CTO of several companies, mostly [00:01:11 unintelligible] governmental companies, and companies that I founded. In the last six and a half years, I'm with Forter. And what Forter started to do from 2014 is to provide what was, at the time, very bold vision of fully automated, fully cloud-based decisions about whether to allow or decline e-commerce transactions. Now, from that time we actually implemented and executed that, we decide very many more than 3 million transactions every day, today, all in real-time without a human in the loop. And we expanded into being a fully-fledged trust engine that gives decisions not only about transactions, but about many other points of interaction with the consumer, for example, in their login time, and in other points where trust decision is needed.Emily: So, just because I think it might be interesting to listeners, give me some examples of, like, when somebody might interact with Forter or have some sort of action approved or declined by Forter.Iftah: Right. The prime customers of Forter are the big e-commerce enterprises. Think about the [00:02:42 Sephoras], the Nordstroms, the Home Depots, and this kind of companies. And whenever you press the button of requesting to committing to the purchase and you see this small things rounding on the screen, then it is sent to Forter and Forter within, usually, half a second returns a decision. Now, Forter does not act as an additional data point, or input, or score into some system of the merchant. It actually answer whether to approve or decline the transaction. In very many—and most of the revenue of Forter comes from a covered transaction that, if this transaction was fraud, it’s on Forter. Forter will guarantee it. And we were pioneering this model to putting our mouth where our money is.Emily: Tell me just a little bit about why this is so difficult. What makes what Forter does unique?Iftah: What Forter does is unique because it tells the human story, and takes it all the way to the decision itself. For example, it's very easy to approve the fourth transaction of a person that is sitting at home, browsing from home, making the purchase on the same desktop they made at previous times, and sending the shipment to the same home. That's very easy. But we want to be able to approve the traveler, the person that is sending a gift to a third party, or a person that is sending a gift to another state while not browsing from home and not from his common device. We want to be able to approve those transactions that are checking out as guests from a new device and that's the first time this person ever appeared on our radar. And the ability to do that and to take the calculated risks and to look at the behavior, the cyber clues, and still be able to tell that this is indeed a new person and not someone that visited before and is trying now to hide. That's what makes what we do very difficult and complex.Emily: So, tell me a bit about the technology story. What technology do you use to accomplish this, and how does it work? What does your stack look like?Iftah: When I came to—from 2014, I looked at the sy

This conversation covers:Laying the groundwork for a successful open-source program office (OSPO).Why legal and engineering are usually the two main stakeholders in open-source projects.Why engineering teams tend to struggle at articulating their perspective on open-source. Tobie offers some improvement tips. How Tobie defines open-source strategy. Tobie also explains the risk of not having an open-source strategy, as well as his process for helping organizations determine the best strategy for their needs.Common challenges that businesses face when deploying open-source software. The secondary — or non-code — benefits of open-source, and why many organizations tend to overlook them.Tips for engineers in non-technology organizations like pharmaceuticals or finance to approach business leadership about open-source. LinksUnlockOpen: https://unlockopen.com/ Twitter: https://twitter.com/tobieTranscriptEmily: Hi everyone. I’m Emily Omier, your host, and my day job is helping companies position themselves in the cloud-native ecosystem so that their product’s value is obvious to end-users. I started this podcast because organizations embark on the cloud naive journey for business reasons, but in general, the industry doesn’t talk about them. Instead, we talk a lot about technical reasons. I’m hoping that with this podcast, we focus more on the business goals and business motivations that lead organizations to adopt cloud-native and Kubernetes. I hope you’ll join me.Emily: Welcome to The Business of Cloud Native. Today, I am talking with Tobie Langel from UnlockOpen, and I wanted to start, Tobie, by just asking, you know, what do you do? Can you give us sort of an introduction to what you do, and how you tend to spend your days?Tobie: Sure. So, I've been back into consulting for a number of years at this point. And I essentially focus on helping organizations align their open-source strategy with business goals. So, it can be both at the project level—so sometimes helping specific projects out—or larger strategy at the corporate level.Emily: So, I actually recently had Nithya Ruff, who's the head of the OSPO at Comcast on the podcast. For listeners who don't know, that's an open-source program office. So, are you sort of an outsourced OSPO for companies that aren't Comcast’s size?Tobie: So, that's a really good question. My answer would be no, but it tends to happen that I help companies build that capacity internally. So, I would generally tend to come up before an OSPO is needed, and help them figure out what exactly they need to build. For OSPO, my pet peeve is companies building OSPOs like they need to tick a checkbox on the list of the things that they have to do to be up-to-date with good engineering practices, if you will. In general, if you want to be successful, with an OSPO, it has to meet the particular needs of your company, and that's usually kind of hard to figure out if you just leave it to whoever in the organization is more interested in driving that effort. And so essentially, I sort of help in the early stages of that by bringing all of the stakeholders at the table, and essentially listening to them and making sure that what they want out of an OSPO is aligned between the different stakeholders and matches the overall strategy of the company.Emily: And who are the stakeholders that you're generally talking to?Tobie: So, essentially, open-sources is strange, for one reason, in terms of how it was adopted in companies from a historical perspective. Adopters have always been essentially engineers who just wanted better tools, or the package or the software that best fitted their current intention, and there's a very, very grassroots process by which companies start using open-source. And what happened at some point is companies sorted to see all of the software, and got concerned, and started trying to assess the risk. And so companies just tended to bring in the legal arm and lawyers at this point. And so to fulfill compliance questions, you bring in lawyers, and then the responsibility of grown-up open-source kind of falls on to lawyers, which tends to be problematic from the perspective of good engineering practice and velocity that you want from your engineering and product side in a company. And so clearly, the two stakeholders or the two main stakeholders tend to be legal and engineering, and there tends to be a tension between these two sides. And in lots of companies this tension, instead of being resolved to some degree, tends to be won by the legal side that understands business concerns better and is better able to praise or explain what they do in terms of business impact and business risks than the engineering side. And so this equilibrium tends to create OSPOs which are legal heavy, process heavy, and don't really give engineers the kind of freedom that they would need to be effective in their daily engineering practice. And the reason behind that being essentially over exaggerated ri

The conversation covers: Tracy’s thoughts on how the relationship between open-source and cloud-native should be described.The advantages and disadvantages to an organization using open-source.Some of the major risks associated with using open-source, and why companies should approach with caution. Why CI/CD is a rising security concern for open-source organizations.Tracy also provides her thoughts on how businesses are handling the CI/CD pipeline today, and where the trend is heading.Some of the unresolved challenges related to continuous delivery that currently exist.Tracy’s advice for companies that are just starting to develop an open-source contribution strategy.How companies should approach topics like open-source strategizing and building open-source communities.The common mistakes that individuals and companies make when nurturing open-source communities. Tracy also comments on mistakes that people are making with continuous delivery.LinksCloudBees: https://www.cloudbees.com/Continuous Delivery Foundation: https://cd.foundation/Twitter: https://twitter.com/tracymiranda Emily: Hi everyone. I’m Emily Omier, your host, and my day job is helping companies position themselves in the cloud-native ecosystem so that their product’s value is obvious to end-users. I started this podcast because organizations embark on the cloud naive journey for business reasons, but in general, the industry doesn’t talk about them. Instead, we talk a lot about technical reasons. I’m hoping that with this podcast, we focus more on the business goals and business motivations that lead organizations to adopt cloud-native and Kubernetes. I hope you’ll join me.Emily: Welcome to The Business of Cloud Native. Today, I'm chatting with Tracy Miranda. Tracy, thank you so much for joining me.Tracy: Hi, Emily. Thanks for having me. It's my pleasure.Emily: So, as usual, I just want to start off with having you introduce yourself, both what you do, where you work, but also, like, some details, what does this actually mean? How do you actually spend your day?Tracy: Yeah, so I'm the director of open-source CloudBees, and I'm also the board chair at the Continuous Delivery Foundation, which is an open-source foundation, which is home to projects like Jenkins, and Spinnaker, and Tecton, and Jenkins X. So, basically, I'm a big fan of all things open-source, which in day-to-day means I'm doing anything which is related to building communities. So, either involved with code, or building communities and through conferences, or sometimes just the boring governance stuff around open-source.Emily: What is the boring governance stuff around open-source?Tracy: So, I guess it is just trying to get folks moving in the same direction, and reminding people that it's sometimes more than just code. And whether it's updating a code of conduct, and one of the things we've seen and—okay, I wouldn't call this boring; it's actually taken over a bit in open-source communities, but it's sort of different from the code, but it's the whole terminology updates. We've seen a lot of open-source communities have become more aware about wanting to be better about using terms like ‘master’ and ‘slave’ and move away from that. That being said, it's not that easy, so there's a lot to do in getting people on the same page and ready to move forward even before you can start changing a line of code.Emily: Since the topic of the podcast is cloud-native, obviously, open-source and cloud-native are related. In fact, some people think that cloud-native must be open-source. Where do you fall on that spectrum? How do you think the relationship between open-source and cloud-native should be described?Tracy: Yeah, I think that they're pretty distinct things. So, cloud-native is all about using the Cloud effectively and having technology which takes advantage of modern architectures to give you things like rapid elasticity, or on-demand self-service. And that's distinct from open-source, which is around the licensing, and it's become more about communities, as well. But I think because Kubernetes has been the most successful cloud-native project that is open-source, I guess there's become this very, very strong association which, in my mind, is a very, very good thing because I think open-source communities are really the way to drive innovation very, very quickly across the industry.Emily: And this may seem sort of obvious, but what are some of the advantages and disadvantages to an organization in using open-source?Tracy: Yes. So, I think—well, lots—virtually every company uses open-source, and the first thing people can see as the benefits are just the engineering efficiencies. So, using technologies which, say aren’t core to the business, but then building on top of those and taking advantage of the features rather than dedicating their own engineering resources to developing them. I used to work as a consultant, and I would go from company to company, and usually, they would be ad

The conversation covers: The main function of an OSPO, and why Comcast has one.How Nithya approaches non-technical stakeholders about open-source. Where the OSPO typically sits in the organizational hierarchy.The risk of ignoring open-source, or ignoring the way that open-source is consumed in an organization.Why every enterprise today is using open-source in some way or another.The relationship between cloud-native and open-source.Some of the major misconceptions about the role of open-source in major companies. Common mistakes that companies make when setting up OSPOs.Why Nithya and her team rely heavily on the TODO Group in the Linux Foundation.Links:Comcast: https://www.xfinity.com/ Linux Foundation: https://www.linuxfoundation.org/ TODO Group and The New Stack survey: https://thenewstack.io/survey-open-source-programs-are-a-best-practice-among-large-companies/ Trixter GitHub: https://github.com/tricksterproxy/trickster Kuberhealthy GitHub: https://github.com/Comcast/kuberhealthy Comcast GitHub: https://comcast.github.io/Nithya Ruff Twitter: https://twitter.com/nithyaruff TranscriptEmily: Hi everyone. I’m Emily Omier, your host, and my day job is helping companies position themselves in the cloud-native ecosystem so that their product’s value is obvious to end-users. I started this podcast because organizations embark on the cloud naive journey for business reasons, but in general, the industry doesn’t talk about them. Instead, we talk a lot about technical reasons. I’m hoping that with this podcast, we focus more on the business goals and business motivations that lead organizations to adopt cloud-native and Kubernetes. I hope you’ll join me.Emily: Welcome to The Business of Cloud Native, my name is Emily Omier, and today I'm chatting with Nithya Ruff, and she's joining us from the open source program office at Comcast. Nethya, thank you so much for joining us.Nithya: Oh, it's such a pleasure to be here, Emily. Thank you for inviting me.Emily: I want to start with having you introduce yourself, you run an open source program office. And if you could talk a little bit about what that is, and what you do every day.Nithya: So, just to introduce myself, I started working in open-source back in 1998, when open-source was still kind of new to companies and organizations. And from that point on, I’ve been working to build bridges between companies using open-source and communities where open-source is created. At Comcast, I have the pleasure of running our open source program office for the company, and I also sit on the board of the Linux Foundation and recently was elected chair. So, it gives me a chance to both look at the community side through the LF and through corporate use of open-source at Comcast.So, you also ask what does an OSPO do? What is an OSPO, and why does Comcast have one? So, an open source program office is a fairly new construct, and it started about 10, 11 years ago, when companies were doing so much open-source that they really couldn't keep track of all of the different areas of open-source usage, contribution, collaboration across their companies. And they felt that they wanted to have a little more coordination, if you will, across all of their developers in terms of policy for use, the process for contribution, and some guidelines around how to comply with open-source licenses and, on a more strategic note, to educate both executives as well as the company in terms of open-source and opportunities from a business engagement and a strategy perspective. So, you find that a lot of large companies typically have open source program offices. And we, frankly, have been using open-source for a very long time as a company, almost since the turn of the century, around 2005. And we started contributing and our number of developers started growing, and we didn't realize that we needed a center of excellence, which is what an open source program office is, where people can come to ask for help on legal matters—meaning compliance and license matters—ask for help in engaging with open-source communities, and generally come for all things open-source; be kind of a concierge service for all things open-source.Emily: And how long has Comcast had an OSPO?Nithya: I came on board in 2017 to start the OSPO, but as I mentioned before, we’ve done open-source organically throughout the company for many, many more years before I came on board. My coming on board just, kind of, formalized, if you will, the face of open-source work for the company to the outside world.Emily: You know, when we think about open-source in the enterprise, what sort of business opportunities and risks do you have to balance?Nithya: That's a great question. There are lots and lots of great business value and opportunity that companies get from open-source. And the more engaged you are with open-source, the more business value you'll get. So, if you're just consuming open-source, then clearly it reduces the cost of your development

This conversation covers:The advantages of using a distributed data storage model.How Storj is creating new revenue models for open-source projects, and how the open-source community is responding.The business and engineering reasons why users decide to opt for cloud-native, according to Ben.Viewing cloud-native as a journey, instead of a destination — and some of the top mistakes that people tend to make on the journey. Ben also talks about the top pitfalls people make with storage and management.Why businesses are often caught off guard with high storage costs, and how Storj is working to make it easier for customers. Avoiding vendor lock-in with storage.Advice for people who are just getting started on their cloud journey.The person who should be responsible for making a cloud journey successful.Links:Storj Labs: https://storj.io/Twitter: https://twitter.com/golubbeGitHub: https://github.com/golubbeTranscriptEmily: Hi everyone. I’m Emily Omier, your host, and my day job is helping companies position themselves in the cloud-native ecosystem so that their product’s value is obvious to end-users. I started this podcast because organizations embark on the cloud naive journey for business reasons, but in general, the industry doesn’t talk about them. Instead, we talk a lot about technical reasons. I’m hoping that with this podcast, we focus more on the business goals and business motivations that lead organizations to adopt cloud-native and Kubernetes. I hope you’ll join me.Emily: Welcome to The Business of Cloud Native, my name is Emily Omier. I'm your host, and today I'm chatting with Ben Golub. Ben, thank you so much for joining us.Ben: Oh, Thank you for having me.Emily: And I always like to just start off with having you introduce yourself. So, not only where you work and what your job title is, but what you actually spend your day doing.Ben: [laughs]. Okay. I'm Ben Golub. I'm currently the executive chair and CEO of Storj Labs, which is a decentralized storage service. We kind of like to think of it as the Airbnb of disk drives, But probably most of the people on your podcast who, if they're familiar with the, sort of, cloud-native space would have known me as the former CEO of Docker from when it was released up until a few years ago. But yeah, I tend to spend my days doing a lot of stuff, in addition to family and dealing with COVID, running startups. This is now my seventh startup, fourth is a CEO.Emily: Tell me a little bit, like, you know, when you stumble into your home office—just kidding—nobody is going to the office, I know. But when you start your day, what sort of tasks are on your todo list? So, what do you actually spend your time doing?Ben: Sure. We've got a great team of people who are running a decentralized storage company. But of course, we are decentralized in more ways than one. We are 45 people spread across 15 different countries, trying to build a network that provides enterprise-grade storage on disk drives that we don't own, that are spread across 85 different countries. So, there's a lot of coordination, a lot of making sure that everybody has the context to do the right thing, and that we stay focused on doing the right thing for our users, doing the right thing for our suppliers, doing the right thing for each other, as well.Emily: One of the reasons I thought it’d be really interesting to talk with you is that I know your goal is to, sort of, revolutionize some of the business models related to managing storage. Can you talk about that a little bit more?Ben: Sure. Sure. I mean, obviously, there's been a big trend over the past several years towards the Cloud in general, and a big part of the [laughs] Cloud is storage. Actually, AWS started with S3, and it's a $90 billion market that's growing. The world's going to create enough data this year to fill a stack of CD-ROMs, to the orbit of Mars and back. And yet prices haven't come down, really, in about five years, and the whole market is controlled by essentially three players, Microsoft, Google, in the largest, Amazon, who also happen to be three of the five largest companies on the planet. And we think that data is so critical to everything that we do that we want to make sure that it doesn't stay centralized in the hands of a few, but that we, sort of, create a more, sort of, democratic—if you will—way of handling data that also addresses some of the serious privacy, data mining, and security concerns that happen when all the data is held by only a few people.Emily: With this, I'm sure you've heard about digital vegans. So, people who try to avoid all of the big tech giants—Ben: Right, right.Emily: Does this make it possible to do that?Ben: Well, so we're more of a back end. So, we're a service that people who produce-consumer-facing services use. But absolutely, if somebody—and we actually have people who want to create a more secure way of providing data backup, more secure way of enabling data communications, video sharin

The conversation covers: Josh’s role as CTO of Fugue, a leading cloud security and compliance provider for engineers. The difference between cloud security and data center security — and why old school approaches to security don’t work in the cloud. How engineers and security specialists can best communicate with business leaders about how to approach security, and how Fugue can help. Who should be the person in charge of setting up Fugue, running reports, and communicating results across an oragnization.The people who tend to lose their job when a cloud security breach occurs. Why cloud security requires organizational change, and how companies are adapting to prevent issues. The importance of upskilling employees and making sure they have the appropriate knowledge to solve cloud challenges. Why the cloud has the possibility to be more secure than a data center. Josh also talks about cloud perception, and why some are still viewing the cloud as scarier than the data center. What Joshn considers to be the most effective hacking strategies for cybercriminals. The relationship between security and compliance, and how organizations should approach that relationship. Why there is no such thing as a perfect security posture. LinksFugue: https://www.fugue.co/ Customer write-up on G2: https://www.g2.com/products/fugue/reviews/fugue-review-4269523Twitter: https://twitter.com/joshstellaLinkedIn: https://www.linkedin.com/in/josh-stella-949a9711/Fugue Blog: https://www.fugue.co/blogFugue Masterclass: https://resources.fugue.co/cloud-security-masterclass-registrationFugue Office Hours: https://resources.fugue.co/cloud-infrastructure-security-office-hoursTranscriptEmily: Hi everyone. I’m Emily Omier, your host, and my day job is helping companies position themselves in the cloud-native ecosystem so that their product’s value is obvious to end-users. I started this podcast because organizations embark on the cloud naive journey for business reasons, but in general, the industry doesn’t talk about them. Instead, we talk a lot about technical reasons. I’m hoping that with this podcast, we focus more on the business goals and business motivations that lead organizations to adopt cloud-native and Kubernetes. I hope you’ll join me.Emily: Welcome to The Business of Cloud Native. I'm Emily Omier, your host, and today I'm chatting with Josh Stella. Josh, thanks so much for joining us.Josh: Well, Emily, thanks so much for having me.Emily: Of course. I always like to start the same. Can you just introduce yourself and your company, and tell me a little bit about what the company does, and then also what you do?Josh: Sure. So, Fugue does cloud security for public cloud providers like AWS, and Azure, and Google. Prior to founding Fugue, I worked at AWS as a principal solutions architect primarily focused on national security; Department of Defense, and similar things. My background is I'm a programmer and I'm a software architect, and I've kind of lived between national security kinds of work and high tech in startups. And so what Fugue does is we’ll tell you all about the security posture of your cloud environments, and teach you where you have weaknesses that hackers can exploit; we help you close those, and then we can actually keep things from having those misconfigurations going forward. So, that's a little bit about us. If you're a developer, you can use our forever free developer version, and we work with a lot of enterprises folks like SAP, and big organizations, too.Emily: So, were you involved with setting up the super-secret CIA cloud that AWS was involved in?Josh: I was not personally. A very close colleague of mine was actually working very closely on that, but no, I was not directly involved in that.Emily: Okay, you probably couldn't talk about it, even if you were so. [laughs].Josh: No comment.Emily: Anyway, I always like to ask also, what do you actually do? Like, you get up in the morning, presumably, you don't go to an office anymore, but—Josh: Oh, true. True, yeah. Whether going to an office or not, my days are… so I started out founding the company with my co-founder, Andrew Wright. And for a while, I was the CEO when we were in the kind of R&D phase, but then I always intended to hire a really great CEO, which we did a couple of years ago, Phillip Merrick, and I became the CTO. And there are different kinds of CTO. My main functions are, like, I get up in the morning, I go read the news about any breaches in Cloud that have happened, and then I try to recreate them whenever possible, if there's enough information, because the attack vectors on Cloud are completely different than in the data center, and are inobvious to folks. So, when you read about a breach, and you see that they use the identity and access management service almost like a network, to get to S3, that's really interesting and it's really important so that Fugue can protect our customers. So, I spent a fair amount of time doing that. I do wor