How I started to build again.
“No way.”
That was the response I kept hearing when I talked to my CISO friends about any new cybersecurity technology for their cloud environment. It didn’t matter the size of the company or the sophistication of their security strategy, the talk track was always the same:
“Our infrastructure is too complicated as it is.”
“I can’t hire enough people to manage what we have.”
“I can’t ask our security engineers to do one more thing.”
“I can’t even find more security engineers.”
“We’re drowning in all the noise from all the vendors and tools we already use.”
It was earlier this year. My startup, Fortscale, which had my utter focus and passion for the past six years, had been acquired by RSA six months earlier. I was trying to enjoy the moment. I was determined to take some time to hang out with my AMAZING wife, my kids (a year ago it was two incredible Israeli-Americans and now it’s magic — there are three of them!), our friends, to play my guitar, hike like crazy, and reflect on what my next chapter should be. I was looking for perspective.
Running a startup is a fulfilling, but demanding job. I hadn’t had too much time these past years for anything else. Looking back, I felt big success but also some failures. It took me a while to accept that sometimes they could live together.
If I was going to jump back in, it needed to be for something that was worth it. Something that I was passionate about. Something that I could do to make a big difference.
I was discouraged that all these cool ideas I was considering were all meeting the same response — “no way” — when I tested them with trusted cybersecurity friends and colleagues. My wife assured me, “your new path will come.” I trusted she was right, so I waited and continued to explore.
I found fellow adventurers in Guy Eisenkot and Barak Schoster — we didn’t know what we wanted to do just yet, but we decided we would do whatever it was together. Guy is an amazing strategist, a skilled tactician and all around funny character. He is a gifted product manager, with hands on experience defining successful new security platforms — if anyone is going to break an idea into a new market, it’s him. Barak is easily one of the smartest, and most humble, engineers I know (when I was watching Seinfeld at the age of 14, he was getting his bachelor’s degree in computer science). He’s a positive thinker and problem solver — there is nothing that intimidates him, no problem too big for him to tackle.
We talked to more than 150 CISOs, security engineers, clouds infrastructure leaders, and DevOps managers to see what bubbles up. The overarching theme was that everyone was both excited for the future but overwhelmed from its prospect (and no one was sleeping well at night)! All the technology that was supposed to make their lives easier and more secure, was actually creating more headache.
It soon became clear that what everyone needed, was not a new security technology, but a new approach to deploying and managing it — they needed a way to keep-up and make things simple, so their security didn’t consume tons of resources and talent that they didn’t have.
When we started to zoom-in on the problem at-hand, I spoke with Gigi Levy, one of the most well-known and distinguished entrepreneurs and experienced investors out there. The San Franciscan early-stage VC he co-founded, NFX, has a reputation of thinking differently, coming with strong entrepreneurial and operational experience, so I knew he would tell us right away if we were onto something. He pointed where we had our heading right, and highlighted where we were missing a clear path to our destination. NFX joined us, as an early stage investor, to help us get there. We feel so privileged to have folks like Gigi with us, as well as Ken Elefant, from Sorensen Ventures, and Kevin Mahaffey, the founder of security trailblazer, Lookout, believing in our vision and taking this journey with us.
We set to work to fill our missing pieces. We built out a talented team, in both the US and Israel, and zeroed-in on how to fix the biggest cloud security problems. In a nutshell, we quickly realized they were all really software engineering problems. We needed to bridge the gap that exists today between traditional security practices and codified cloud infrastructure.
We are working to deliver Security as Code, so that agile, fast paced development teams can build secure products in the public cloud. Now, with our heading and path forward clear, we needed a name.
We decided to call ourselves Bridgecrew.
If you are a Trekkie you already know who are the bridge crew; for everyone else, — the Bridge Crew are the commanding staff of a the starship. It’s where information is processed, and decisions are made. It’s also where colleagues come together to propel the starship forward. That’s the role we aspire to play — to bring experts together, security and DevOps engineers, with a common framework and language, to keep things moving in the right direction.
We decided that our northern star will always be our customers. We looked for savvy early adopters that don’t sugarcoat reality. It’s been gratifying to have our approach received so well by our network. In a very (very) short amount of time, we had amazing companies sign-up and use our platform, with more exciting prospects coming soon. Our customers became active partners in this journey and it’s an essential element of our value creation.
We love sharing best practices and code, and our customers share this passion and do the same. Check out some of the work we’ve done on our repo.
2019 was a significant year for me — I started to dream again, and returned to my passion — building. It’s great to pause to reflect on all the inspiration I drew from the advisors, friends and colleagues I’ve talked to in the past 18 months. I can’t wait to see what we will create together and how the revolution of codifying security will change the way we will build more secure code in 2020. Stay tuned, we just started…
