The PhD of Open Source Policy: Tim Hinrichs, Co-Founder, Styra
Editor’s Note: Welcome to the Unusual Founder Spotlight series! The goal of this series is to introduce the technology founders in our portfolio who have the rage to master and are currently building the future across categories and industries.
The cloud has completely transformed the way we shop, travel, get food, and conduct business. From pizza ordering applications to investment portfolios, cloud-based applications require new development tools, techniques, and resources. What’s behind this shift? The rise of accessible, affordable public cloud compute resources from the likes of Amazon, Google, and Microsoft, and the innovation made possible by containerization.
The shift to affordable cloud provides the means for app developers to run their code across diverse systems, servers, and locations, resulting in maximum availability and performance. Application development and delivery are completely being reinvented, resulting in explosive growth. Analysts predict this shift will result in market growth for the public cloud from over $140 billion today to $411 billion in 2022.
While the explosion of new technology is completely transforming the way we live, it also requires automation and scale to the likes of which IT and development teams have never before experienced. New tools like Kubernetes, Containers, ServiceMesh, and CICD Automation are speeding delivery and development, but can also introduce operational, security, and compliance risks that could cost companies millions.
Tim Hinrichs recognized these shifts would have massive implications for companies in every industry through his work on an OpenStack project called Congress during his time at VMWare. With the understanding that this policy problem would only become larger as more companies embraced the cloud, Tim and his co-founder Teemu Koponen created Styra. Purpose-built for the scale of cloud-native environments, Styra’s commercial and open source solutions provide a flexible, ubiquitous policy and security layer that mitigates risk across cloud applications and infrastructure they are built upon. In under a year, Styra has seen their open source project Open Policy Agent (OPA), graduate from early Sandbox to proven Incubating status in the Cloud Native Computing Foundation. They have also seen widespread adoption with well over 100 companies using OPA in production, and hundreds more using OPA in development and test environments. Additionally, Styra’s commercial solutions have been adopted in enterprises across verticals and sizes.
We recently sat down with Tim to learn more about his entrepreneurial journey, why he’s adamant about work-life balance, the new space Styra is helping to define, and more.
Unusual: Can you give a little background on yourself?
Tim: I’ve been working in the policy space for about 18 years. Before starting Styra, I was a software developer at VMWare. I spent half my time working on VMWare’s virtual networking solution that came out of the Nicira acquisition and spent the other half of my time working in the open-source within OpenStack on a project called Congress. This project is roughly the same thing at a high level that we are now doing at Styra — providing policy for governance over a stack of systems. Prior to VMWare, I was working on my PhD at Stanford, where I met Martin Casado. He eventually was the CTO at Nicira, which explains how I got my foot in the door at VMWare. Originally, I’m from Illinois and did my undergrad at University of Illinois.
Unusual: Did you always know you wanted to be an entrepreneur? If so, when did you know you were ready to start your entrepreneurial journey?
Tim: It was always on my bucket list to create a startup and see what that journey looked like. Starting a company from scratch was always attractive in theory. I started to think about taking the leap while I was at VMWare, but my wife and I have two kids and I wanted to wait until they were old enough to fend for themselves more. I remember being adamant about this when we stumbled upon this policy problem that inspired the creation of Styra and I started debating, “Well, is now a good time? I’ve got young kids at home, so that’s not ideal.” But then I decided life happens and the opportunity was too great to pass up. The problem we are trying to solve with Styra is in my area of expertise. I just felt like I could not pass up an opportunity to build a startup doing something I’ve loved and studied for almost two decades.
Unusual: Any regrets?
Tim: No, it has been fun. I think the kids have actually grown up quite a bit over the last four years, which has been great to see. One of the things that I’ve made sure I do is to pay very close attention to work-life balance — to make sure that I am home for the kids and I try not to ever work on the weekends. I try to spend the whole weekend with my family and do whatever is necessary during the week. That has actually helped quite a bit on the family side because during the week there isn’t a whole lot of time to spend with the kids anyways. They are at school and I’m at work. This arrangement seems to make everybody pretty happy. I also think jumping in on Styra has helped the kids in some ways. They are just a bit more independent, which I think is good overall.
Unusual: What is your “aha” moment that led you to start working on Styra?
Tim: Back at VMWare, I mentioned I had built the Congress Project. We started the project because we spoke to a number of customers of NSX, the virtual networking product that financial tech firms were on, and a lot of them said they needed a unified way of addressing a policy problem across multiple different products. That was the genesis of Congress at the time and we went ahead and built out the project. But, what we also realized from working within VMWare, was that VMWare has its own product suites, just like every other large company does. And if you look at how cloud vendors like Amazon, Microsoft, and Google actually deal with all these different products, it’s through a unified policy system that works across all of them. We realized there was a pretty substantial problem within the industry where you have all the leading vendors who are capable of putting together these policy systems to make it fairly easy for their customers to set up and control who can do what within their product suite. However, all the other companies outside of these large vendors just don’t have the team that they can dedicate to setting up these capabilities — and they struggled to do the same.
That was sort of the “aha” moment — we saw OpenStack and VMWare struggling with this problem, had customers articulate the need, and also saw this as a problem Amazon and other cloud vendors had solved. We just knew this type of solution was a real problem and generally needed throughout the industry. What we also knew was that more and more companies were going to struggle with the policy problem and it was going to become even more acute over time due to the technology landscape and how quickly it was evolving. The more companies embrace cloud technology, the harder and more important the authorization problem becomes. And we knew that everyone was moving in that direction.
Unusual: Can you tell us a bit more about Styra and the problem you are trying to solve?
Tim: There are people, and there are machines that are taking action all the time. The question then becomes, which actions can those people and machines actually execute? Which actions should they be able to execute? Here’s a good analogy: You go to your bank and you log in. Maybe you want to check your balance or you want to withdraw money. Those are both actions that you’re allowed to perform, but what you can’t do necessarily is deposit a bunch of money and just say, add $100,000 to my account. That’s an action you are not authorized to take. Instead, you have to send a check and then the bank verifies whether the check is valid. That question of which actions are allowed and which ones are not is at the heart of the problem that Styra solves. This problem has been around forever, but the new migration of all of the companies who are trying to embrace and use cloud technology to help them deliver software to their end customers faster spurred our decision to start Styra.
Think of it this way: a lot of companies are recognizing that they need to deliver new software and update old software much more rapidly than they did before. Previously, you would get a new version of your operating system for your phone or computer every six months or so. Now, we’re seeing that companies are delivering software continually — i.e. every minute. Cloud is an enabling technology for this shift. The big challenge with this change is that if you’re releasing software, you’re updating software every minute, five minutes, or whatever your cycle is. All of the security and compliance checks you had to go through previously every month or 6 months before, still apply. You still have to ensure that the software is safe, secure, and compliant. So what that means is that all of these companies who are trying to deliver software faster and are embracing cloud technology need to automate those security and compliance checks. They need to ensure that the right authorization policies are in place and things are being deployed properly. Automating the security aspect is where Styra comes in. We give you the tools and technology to help you take the rules around who is allowed to do what, around what kind of configuration you need to use for software, and you can codify all of that in the software itself. Now is the time to take those rules out of PDFs and Wikis, and hand them over to Styra software for automation at scale. Our software will take these rules and automatically enforce them, so when a developer updates their software, all of those rules that people used to manually run will now be run automatically by software. Now, when software goes out, it will be safe, compliant, and secure automatically.
Unusual: For you, what has been the hardest aspect about being an entrepreneur?
Tim: I already mentioned I struggle with the work-life balance thing — that’s probably the toughest aspect of being an entrepreneur. I don’t think anything else was all that surprising. Over 80% of startups fail, so qualitatively, you know you’re in for long hours and have to win against all odds. You know you’re going to have to hire people. You know you’re going to learn skills that you just simply do not have and you’ve never experienced.
When I was trying to decide whether I wanted to start a company, I read Ben Horowitz’s book, “The Hard Thing About Hard Things.” Early on in the book, he describes this tumultuous period in the company he was running where they went from an incredible high to an incredible low and it took just about everything in him to keep the company from going bankrupt. I read through the narration of this and at the end asked myself, “Okay, now does that scare me or excite me? Do I still want to do the startup?” And the answer was yes, I still wanted to start the company. That particular experience didn’t sound like fun, but it certainly seemed exciting and something that didn’t put me off. So for me, reading the narration of what he went through and still wanting to be an entrepreneur despite the risks and challenges, was a pretty good sign for me.
Unusual: What is the biggest tip you’d give aspiring entrepreneurs just starting out on their journey?
Tim: This seems cliche, but it is important — be patient, but not too patient. When you’re building a startup, maybe you already have something working before you launch the company. But we didn’t — we started the product from scratch. So we had to be patient. You have to understand the time frames in which it’s possible to be successful and be realistic about those timeframes. At the same time though, you can’t be too patient. You need to be aggressive. You want to be appropriately impatient. It’s important that with whatever you are doing, you have the capability to measure it and have concrete goals you can hit. So pushing yourself to be a little impatient, especially as an engineer, is easy to struggle with. For an engineer, it’s very easy to say, “Oh, I want things to be perfect before I show it to a customer or before I put it out there in the world.” But that’s actually not helpful. The best way to get to where you want to be is put stuff out there, even if it’s before you’re ready.