Smallstep and a Fundamental Tension of Early Stage Venture Capital
In the early spring of 2016, when Mike Malone told me he was ready to start Smallstep, I was thrilled. He was someone I had been tracking with the hope that Upside Partnership would be able to write the first check to fund his new company. When he told me it was a “big, computer sciencey” idea I was still eager. He was the right person for this sort of thing. But when Mike jokingly mentioned to me that it might involve revisiting von Neumann architecture, I may have held my breath a bit.
There is a fundamental tension within early stage investing. The desire to back bold, technically challenging ideas is often in conflict with the desire to back ideas which have the potential to grow quickly after funding or, at a minimum, allow for market feedback soon after funding. This is why Peter Thiel’s 2013 critique that “We wanted flying cars. Instead, we got 140 characters,” is fair.
It’s less risky to fund web development than it is to fund computer science. If the solution you are building requires a full reconsideration of the way code is structured, it is going to take time to build. There is risk associated with whether or not the problem is technically feasible. And then if it is, years after beginning the project, you’ve earned the right to test the market’s appetite for it in the real world. Fake it ’til you make is not an option.
Building a company focused on solving a computer science problem also means you need to have (and hope to find more) patient investors who don’t solely rely on ARR or logo counts to measure progress. As a Founder or early team member, this means you have to be willing to live with a lot of uncertainty for a long time. It requires conviction that you are solving a big problem.
The mission of Smallstep became: To own Production Identity to enable companies to secure their entire infrastructure by identifying everything and everyone, issuing credentials, encrypting data and communications, and driving a strong security policy.
There was a lot of product risk. And it wasn’t just development risk, it was truly computer science risk. It would be awhile before we knew if it would work. It would be longer until we could really test the market’s appetite. And these risks assumed, we would be able to address the meta-risk of securing future funding for a partially developed, long to be brought to market product, with no easy milestones to reflect progress or momentum.
But Smallstep had the benefit of pursuing a very big idea. Production Identity & Certificate Management is a fundamental part of every computing system. Certificates identify software, devices, and people. Without them, systems cannot be secure. And yet they are issued manually, too often generated & stored insecurely, and are neither auditable nor observable. A fundamental, if basic, part of every computer system.
Risk on, please.
Roughly 6 months after our first conversation, Smallstep quietly closed its seed round with a great group including Accel, Boldstart, and Upside. Bain Capital Ventures later joined the syndicate. And for much of the company’s history, it’s been this group which continued to re-invest in Smallstep.
This past summer, nearly 5 years following the seed financing, Smallstep began commercial discussions with customers. The company has won more than $650k of ARR since then. Smallstep is being built slowly, and now all at once.
Today, I’m excited to congratulate the company on the close of their $15M Series A financing and to welcome Hunter Somerville and his StepStone Group colleagues to the company’s syndicate of investors. There’s plenty of of company building to do. But we know that the computer science and product work, and the last few months proved that the market wants it.
