Season 4, Ep. 39 – Founder to Founder: with Jeremy Snyder, Founder & CEO, FireTail

(THE FRONTIER THEME PLAYS)

Bill, via previous recording (00:04):

Welcome to another Founder to Founder interview from Gun.io, your source for hiring world-class tech talent. Today, Gun.io’s CEO and co-founder, Teja Yenamandra, sits down with Jeremy Snyder, CEO and founder of FireTail, a company focused on API security that provides application layer visibility and blocking of malicious API calls. Okay, here’s Teja. (THE FRONTIER THEME ENDS)

Teja (00:35):

So let’s start with like, tell us about your background. Like, where are you from? Where’d you grow up? Who were you like as a child, (Jeremy: <Laugh>.) and like, how are you now an entrepreneur?

Jeremy (00:47):

<Laugh>. Well, as a child, I was a nomad, because that’s what my upbringing was like. My father was American. He was an Army doctor. My mother’s from Finland. I spent periods of my childhood in Finland, Germany. I was an exchange student in France, and of course in the US, we also lived in, I think, four states by the time I graduated high school. So normal childhood for me was moving every two to three years, which I found super exciting, but is not everybody’s cup of tea, I know, because it also means new friendships, and new relationships, and starting over at a new school, new teachers, all of the stuff that you know, can be challenging for kids to go through and pretty disruptive.

Jeremy (01:34):

I certainly didn’t appreciate logistically how difficult it was for my parents to manage that with, you know, packing all this stuff, and unpacking, and making the decisions about what you keep, and what you sell, and what you let go of. So that was my upbringing. It, for me, like I said, was a lot of fun. Very exciting, because I really like exploring new places, and meeting new people, and so on. Where it maybe was a challenge, was I also didn’t really have a super strong sense of direction when I finished high school as to what to do next, because that was always decided for me up until that point in time. You know, it was always gonna be, “Hey, in two years or three years or whatever, there will be something new. You don’t have a say in the matter.”So when I actually had to make that decision for the first time, myself, I didn’t make the right decisions. (Teja: Mmm <affirmative>.)

Jeremy (02:27):

I went to a university for a year. That turned out to be completely not the mental space that I was in. So I had my worst academic year ever, my freshman year of undergrad, and I actually ended up dropping out after that year. I worked over the course of that year to save up money. The next year, I went on this kind of, I would almost call it like, an educational retreat program. It was a school in the middle of a forest in Finland. We studied four days a week. We worked one day a week doing chores around the school, it’s not a college or a university, it’s just a school, you know, and that was everything from washing the dishes, to cleaning the buildings, to chopping wood, and picking crops, or, you know, preparing vegetables for preservation over the long Finnish winter.

Jeremy (03:27):

You know, we did all of that stuff, and that was a very formative experience for me. I learned kind of the value of hard work, and all the things that have to go into just like, making a place run, (Teja: Mmm <affirmative>.) and keeping like, a community of people going. So [I] did that, that kind of caused me to, I’d say like, mature and grow up a little bit, (Teja: Mmm <affirmative>.) then I felt more of a sense of direction. So I applied to a couple of universities, got into a few of them. I’d actually go back and study to prepare. In Finland, you take entrance exams. It’s not like in the US where you take kind of the SAT at the end of high school. (Teja: Mmm <affirmative>.) In Finland, you apply to a university, you apply to a specific degree program, so in my case, I applied to chemical engineering, and then you may or may not get invited to go take the entrance exams, and then you show up, and really, whether you get into the school or not is dependent on your performance on that day.

Jeremy (04:23):

I mean, luckily enough, I got in. I did that for a year and a half, two years before realizing, okay, like, I’ve grown up, I understand how to now like, prioritize studying, and being a student, and taking care of myself, and all that good stuff, (Teja: Mmm <affirmative>.) but actually chemistry is not the thing that I wanna do. (Teja: Mmm <affirmative>.) So I kind of learned almost like, one step of the way like, how to kind of grow up and become an adult, really. So I actually ended up dropping out of school one more time, and then went to the University of North Carolina at Chapel Hill to do a degree. I had accumulated some credit here and there. I didn’t get a lot of credit for the work that I had done in Finland.

Jeremy (05:11):

They didn’t know how to transfer. They didn’t know how to kind of like, line up the courses to give me credit for who knows what. So after two and a half, three years in Finland, I had nine credit hours given to me by the university. [I] had a little bit of AP credit from my high school days, and they’re like, “Alright, this is what you got,” and I really overloaded heavily. I took summer school, and I finished a degree in computational linguistics in a year and a half. I used to take language classes to boost my GPA, because I’d know I’d have hard classes that were gonna, you know, I was probably gonna get like, a B- in. So I took intensive Portuguese, Norwegian, Spanish, and maybe I still took a French class or two as well, ‘cause I knew I’d get As in those, and you know, wanted to kind of balance things out. That was my childhood.

Teja (06:03):

It’s so funny. My language classes were the worst scoring classes, like, throughout my academic career <laugh> <inaudible>.

Jeremy (06:12):

Yeah. It’s just a function of upbringing. You know, I was just exposed to a lot of foreign languages, you know, having a Finnish mother and an American father, living in Germany, near the French border. I was hearing all this stuff and picking it up. So it was, for me, it was really more just a question of exposure and upbringing that laid the foundation. So I think a lot of it is really set in those early childhood years.

Teja (06:36):

Do you keep up with language practice? Do you try to make an attempt to learn and acquire like, new languages or practice the ones that you already know?

Jeremy (06:44):

It’s more practicing the ones that I already know. I have done a little bit of studies into like, Italian. I tried Chinese for a year. (Teja: Yeah.) Weirdly, out of all the languages I’ve ever studied, that’s the one where I did terrible, and I understand it, because it’s a very different language, the tonal system, all of that. That tripped me up more than anything else, but yeah. I definitely try to maintain. I have lost, I used to be pretty conversational in Swedish, in Norwegian. I can’t really do those much anymore, but I’ve kept up like, five to six pretty reasonably. 

Teja (07:18): 

Yeah. I actually, I lived in China for like, two years, and so I studied Chinese in school, and it was pretty challenging, but it’s one of, for me at least, it was one of those languages that like, practical usage of the language is very different than the academic study of the language, because the way that a university can score your proficiency is like, they basically have you memorize characters. (Jeremy: Totally.) You know, but using it in the streets of Shanghai or wherever (Jeremy: Yeah.) is like… eeehh. You’re two beers deep; you’re talking to people in the street. It’s actually quite easy, you know, because the grammatical convention is the same as in English. It’s like, subject/verb/object, and you know, even if you mess up the tones, people still know what you’re saying <laugh>, you know? 

Jeremy (08:09):

Yeah, yeah, yeah. Totally. You know, and it’s not like anybody on the streets of Shanghai is gonna pull out like, a piece of paper and quiz you on characters, right? Like, I always find it kind of funny that, aside from the Portuguese class that I took my last year at UNC, all language instruction is like, paper and book driven, (Teja: Yeah.) but language use is just conversational, right? (Teja: Yeah.) Like, you’re mostly just trying to communicate, convey a point, (Teja: Yeah.) and that’s like, almost never what you learn in class. I think it’s something kind of fundamentally broken in language instruction. 

Teja (08:44):

I think I know your point of view on this, but I’ll ask it anyway. Like, do you think that studying languages, the way that we do it, let’s say in the US, is that…number one, I guess. It’s a two part question. Is that similar to the way that other countries learn language, and then number two, is it like, an effective way to acquire new languages? 

Jeremy (09:06):

So on number one, I can only speak to the places where I’ve lived and studied languages. So I’ve done language classes in US, Finland, Germany, and France from times that I’ve been in school in these places, and yes, it’s very similar. Again, it’s like, books, paper, written, primarily, not so much spoken. (Teja: Mm-hmm <affirmative>.) When I studied Chinese in Singapore, that was like, private tutor, you know, one-on-one kind of thing. So that was a little bit different. But number two, is it effective? No, for exactly the reasons we just talked about. Like, what are you trying to do? I don’t know too many people whose primary motivation for learning a language is to get fluent in written communication. (Teja: Right.) Like, nobody says like, “Oh, I wanna be able to write Spanish.” No, you wanna be able to communicate, right? So that you can, you know, go to Mexico on vacation, and communicate with people, and order good food, and have good experiences, maybe with a local tour guide, right? Like, that’s your main motivation. Or like, maybe for work purposes, I need to be able to explain API security to somebody in Portuguese, in Brazil, right? Like, that’s a much more compelling use case than, I don’t know, writing a letter to somebody or something like that, and like, (Teja: <Laugh>.) maybe it all developed out of pen pal friendships in the 50s and 60s, who knows, but it’s like, I don’t think it’s effective. No.

Teja (10:31):

Yeah. Do you think your facility with languages equipped you well to like, work in the technology industry and like, basically, you know, be in product, be in engineering, because effectively, you have to learn like, new modes of thinking and being?

Jeremy (10:49):

Funny enough, like, I thought that that would be the case, and I started studying programming. I did, you know, I dunno, four semesters of computer science, and I did courses on Visual Basic in C++, and I thought that, you know, knowing different languages with different grammatical structures and so on, would prepare me for (Teja: Right, logic.) syntax, and…exactly. Nope. Turns out I’m a terrible programmer. (Teja: <Laugh>.) and so like, I got one programming job early in my career, and I failed at it, and they reassigned me, and they’re like, “Listen, you know, Jeremy, you’re smart. Whatever. We like you. We like having you with the company. You’re not gonna be on the development team. Now, we’re growing as a company. Do you wanna do IT and cybersecurity? Like, that’s the path that’s available to you.” (Teja: Huh.) So in a way, I’m actually like, a failed developer. (Teja: Huh.) But the other part of the question is like, what I do think it prepared me for, outside of programming, is it prepared me to learn concepts quickly. So to like, as technology changes, I can’t do the specifics very well, but I understand architectures, and structures, and you know, data objects, because that has parallels, but actual programming, nah. It’s terrible. 

Teja (12:13):

You know, we sort of make up myths to like, explain these things to ourselves, right? (Jeremy: Yeah.) So I’m curious like, what is your understanding of yourself as to why, maybe like, you have such a facility with languages, but maybe just lack the interest in programming?

Jeremy (12:34):

I actually think interest is the key word there, (Teja: Yeah.) and like, one of the things…like, I enjoy communicating with people. I enjoy learning from their experiences and whatnot, but that’s a communication with an animate object at the other end who’s providing value to the conversation, right? (Teja: Yeah <laugh>.) When you’re writing code, like, you know, like, unless you’re writing a chat bot, and even then maybe not, but it’s like, a one-way communication. What’s interesting about having to learn a way to do a one-way communication, like, I think in my lizard brain, there just wasn’t something that clicked that made me wanna do it or to get better at it.

Teja (13:!6):

No, I’m right there with you. I mean, we run a business that caters to programmers, and so I did not like, start as a programmer, but it’s something that like, I felt like, you know…there’s a Chinese saying, “Rù xiāng suí sú.” It’s like, “When in Rome, do as Romans do.” Like, it’s a way to understand the culture. So I was like, “Okay, even if I’m on the sales and the marketing side of the business, I should actually understand some of the day-to-day of a programmer,” and I did for a little bit, but, like you, I had to exert like, a massive amount of discipline, such that I would basically procrastinate doing it until I had like, five coffees, and like, I forced myself to stay at my desk, (Jeremy: <Laugh>.) to work through to build some stupid app that has no actual business value, just to like, teach myself how to do it, and it just became like, (Jeremy: Yeah.) why am I doing this? Like, I’m doing it to respect half the community we serve, but like, practically, I’m marshaling all of my discipline resources to just learn like, this little thing. (Jeremy: Yeah.) So I’m right there with you. You know, if I had a job as a programmer, I would be fired within like, a week, for sure, (Jeremy: Yeah.) because they’d be like, “Here’s this thing. It should take you an hour.” It would take me a week, you know? So <laugh>.

Jeremy (14:28):

Look, I mean, maybe with ChatGPT nowadays, you’d get it done, but, you know, that would be my only option at this point.

Teja (14:34):

No. So that’s actually true. Like, I will say that like, like you, I’m super interested in like, the adjacent areas around let’s say computer science, like, around math theory, and around like, you know, let’s say data science, as it were, and I think ChatGPT like, really levels you up so you can make like, these, you know, regression models using ChatGPT that would take you hours to do. You can just make it in a sentence. So that’s actually quite cool. I’m pretty pumped with that. Maybe it’s because it feels like I’m talking to a person like you (Jeremy: Yeah.) <laugh>. (Jeremy: Maybe, maybe.) So you kind of pivoted from programming to security. Is that like, the right way to say it?

Jeremy (15:22):

Yeah, I mean, IT and security. I mean, in those days, in most companies, those were not separate functions. (Teja: Right.) So, you know, you fixed printers, and you fought viruses. You know, but yeah, that was the pivot.

Teja (15:39):

How did FireTail come to be? Like, what kind of took you to starting a company? Based on your like, childhood and your background, like, I could tell you have like, a sort of an adventurous bent. Is that fair to say? (Jeremy: For sure.) So it’s probably a natural outcome, you know, at some point, (Jeremy: Yeah.) but I’m just curious about the path.

Jeremy (15:59):

Yeah. I mean, and without going through like every step along the way, ’cause that’ll get tedious, I did a couple startups early in my career. I definitely got bit by the startup bug, (Teja: Yeah.) and then, you know, I joined a larger company at one point, and I was like, “Yeah, no, I’m a hundred percent a startup guy at heart.” Not to say that I don’t think I can do okay inside a larger company, but I definitely have a creative drive to, you know, build something, have an adventure. I, a hundred percent, somebody asked me once, like, “What have you always tried to maximize in your career?” And some people, it’s the money. Some people, it’s like, the position. They’re more interested in progression up the corporate ladder. (Teja: Hmm <affirmative>.) For me, it’s always been maximizing the adventure, (Teja: Mmm <affirmative>.) and so I like, a hundred percent agree with what you said about that, but yeah. I did a couple startups, so one, two startups, then a video game company, which was also a startup, and we raised a bunch of money and built a game that was not very good, and that crashed and burned after about four years.

Jeremy (17:05):

Kind of the pivot into like, the path that I’ve been on for the last 10 years was, at that point in time, I had gone through like, 13ish years, I wanna say, of being in IT and security, like, hands-on, day-to-day building, you know, systems operations, et cetera, and had done the 3:00 AM trip to the data center, had done the carry a pager, be on-call 24 hours a day to keep servers online, all that fun stuff. Then there was this little startup called AWS that had just opened up, and they were recruiting people who had a background in, you know, IT and infrastructure to get into this whole cloud thing, and it so happened, you know, like, my company was just shutting down, and they were recruiting, and I went through the interview process and got the job, and that kind of like, put me into the cloud side of things, which was by the way, like, such an eye-opening experience, because you…first of all, I don’t think people who are like, coming into it nowadays realize how good they have it. (Teja: <Laugh>.) Like, the pain that we went through, both mental, but also sometimes physical.

Jeremy (18:23):

Like, unless you’ve lifted these like, you know, crazy heavy servers and put them in these metal racks for days on end, cutting up your fingers on, you know, screws, and sharp edges, and things like that. Like, there’s some physical pain as well as mental. It’s so easy nowadays, right? Like, oh, I need infrastructure to run an app or whatever? Like, five clicks, three minutes, I’ve got it, right? So that was the eye-opening side of it, is like, there is so much potential; this gives you so much flexibility. So I kind of fell in love with the technology and the possibilities of what you could do with it. So I’ve kind of stayed in that ecosystem ever since, and about seven years ago, I got pulled much more into the security direction of things on the cloud side. I joined a little five person, or six person company at the time called DivvyCloud.

Jeremy (19:21):

We were making an early cloud security software product, and we evolved it over time. That company doubled year over year for four years running. (Teja: Wow.) We got acquired in 2020. Yeah, it was a great ride. I mean, and the team that I worked with over there, we had some amazing people. We had some really amazing customers that we got to work with. That was honestly, we were all pretty lucky to live through that experience, but there was a couple moments along the way when I started to see changes in the technology patterns and how customers were building things on top of cloud platforms that led me to start thinking about APIs much more deeply, (Teja: Mmm <affirmative>.) and so that’s really like, kind of the path that it was. You know, we got acquired in 2020, two months into lockdown, and so it wasn’t maybe the best time to go start something new.

Jeremy (20:16):

Also, we had some obligation to the company that acquired us to stay on board for a period of time. So, worked through that, and then in late 2021, left that organization and started thinking about what’s next, and I went back to those observations that I’d had previously about like, “Hey, there’s a shift going on towards, you know, service-oriented architecture, microservices, API-driven development patterns,” et cetera. Then I started thinking, you know, with my security hat on, started thinking about like, oh, are there risks here that people don’t know that they’re taking on when they go down this path in building applications this way? So my co-founder and I, we actually did a lot of research into the space before coming up. Like, we knew it was a problem, but we did a lot of research into what exactly the problem is, where are the risks, how do you try to defend against them, and so on?

Jerem7 (21:15):

We came up with an initial kind of thesis around how we wanted to tackle the problem, and, you know, put together a concept around building a company. Started talking to some people, recruited six design partners who, you know, committed to working with us through that journey. Not all of them have fallen through on that commitment, but such is life. One lesson: always recruit way more design partners than you actually need, because some of them will get busy and not actually be able to follow through on that. But yeah, that was the beginning of FireTail.

Teja (21:48):

So I guess the move to microservices and service-oriented architecture created the need, and like, this sort of set of new technology patterns created the need for like, a new way to look at security. Is that fair to say? (Jeremy: Yeah.) What like, created the, I don’t know, ability or created the movement towards like, microservices, because I would just see like, microservices are now a thing, but I don’t quite understand like, what was the use case or business need that, I don’t know, precipitated the invention of microservices and that as like, a design pattern?

Jeremy (22:30):

Let’s take like, a common example. Like, let’s say you’re ordering food from like, a mobile delivery app, right? Doordash, Uber Eats, whatever, right? Think about all the things that go into that transaction, right? So first you’re just opening the app, and the app…actually, by the way, like, almost nothing happens in the app on your phone, (Teja: Right.) which I think like, maybe a lot of people kind of academically know, but you don’t think about, right? So the first thing that actually happens is like, it checks, is there a like, a saved token that says, “Hey, this is Jeremy,” and then it fetches your geo coordinates (Teja: Right.)

Jeremy (23:07):

The geo coordinates actually come from the, well, a combination of the phone plus the carrier, right, but you get your latitude and your longitude. Those two things are then sent to the backend, by the way, over an API, and that says like, “Oh, okay. Jeremy is in this location. We know it’s Jeremy. If we don’t have a stored credential, we’re actually going to, or maybe if we see this for the first time in another country, we’re gonna prompt for a re-authentication to verify that it’s Jeremy or whatever.” But the geolocation will also fetch a list of services available and restaurants available, (Teja: Mmm <affirmative>.) and then you’re going to like, go through the restaurant list and the menus. You’re gonna select your items, you know, put them in your cart, and then you’re gonna go check out.

Jeremy (23:50):

When you go check out, a couple things are happening on the backend, the order is being sent to the restaurant, and the restaurant is then confirming the order, plus let’s say, an estimated delivery time or an estimated completion time for the order. Like, when is the food gonna be ready for pickup? Then a delivery driver is contacted, or a delivery fleet service, or whatever it is, to say like, “Hey, it’s this restaurant and it’s, you know, 6:25 PM is the pickup time,” and then by the way, also the payment is sent to the credit card company. Okay. So like, all of that complexity is happening for just, you know, Jeremy ordering a bowl of phở soup, right? (Teja: Right, right.) The need for microservices is kind of twofold. One, is are you going to build all of that functionality yourself inside your application? Maybe, yes, but more likely, no.

Jeremy (24:38):

Just take payment processing as an example. The ability to take and process credit card payments is kind of annoying to build, (Teja: Mmm <affirmative>.) right? You have to go through all of this compliance work and crazy security designs. You have to get approved by a regulatory compliance authority, et cetera, et cetera, et cetera. So nobody wants to do that. So what do they do instead? They incorporate a third party service like Stripe, or Checkout.com, or whatever it is. So there’s one instance where you just have the question of like, are you going to build all the functionality yourself, and if not, then you have kind of a service-to-service communication pattern that you need to enable. So that’s one use case. Second use case around why you need microservices or why it’s become a popular thing, is think about all those other steps.

Jeremy (25:26):

Loading the menus, contacting the drivers, contacting the restaurants, coordinating the order with the restaurants, et cetera. You may have a surge in traffic, or you may have a surge in usage for any one part of the application at a time, and so are you gonna scale the entire application to meet the maximum utilization of, let’s say, just menu browsing, or are you gonna separate them so that like, when there is a huge number of log-on requests, because of whatever reason, it’s noon, and everybody in the office buildings in Manhattan is trying to order, you can process all the log-ons without having to without having to hyperscale the backend for the menu fetching? (Teja: Mmm <affirmative>.) So wherever the majority of the action is, or the majority of, kind of, the processing bottleneck is, you can scale that component independently of the others that are not overburdened. (Teja: Mmm <affirmative>.) That’s the other main driving force behind this kind of microservice architecture. You just alleviate whichever bottleneck separately from the others by being able to scale each service component individually. Does that make sense? 

Teja (26:36):

Yes, gotcha. Okay. That makes a ton of sense, and thank you for going through that for a layman such as myself.

Jeremy (26:43):

Yeah <laugh>, no worries. 

Teja (26:45):

Okay, that makes a ton of sense, and so I guess that introduces the security need, because these applications are so tied into third party applications, and I guess that information flow needs to be done securely.

Jeremy (26:59):

Yeah. I mean, just again, that same example, you’re coordinating. I mean, maybe your home address isn’t that sensitive to you, but maybe it is, (Teja: Right.) right, and so like, you’re sending your personally identifiable information, PII as we call it. Like, you’re sending that to a third party, maybe multiple third parties, by the way. You’re also sending like, payment credentials or a request for payment, you know, your credit card details. Like, so you do have sensitive information crossing between party A, party B and so yeah, you wanna secure those connections. By the way, there’s also just the fact that the app itself is communicating to the backend over an API. What if I don’t use the app, but I just try to talk to the API directly? Because hackers are not going to use your app to try to hack you. (Teja: Right.) They’re gonna go straight to your backend and try to like, access that. What might they be able to do? They might be able to gain access to my account, order a bunch of food on my dime, if I have a saved credit card on file, for instance, right? So there’s all kinds of ways that the systems can be abused directly through access to the APIs as well. So it’s not only like, the communication from that app to the third parties it uses, but it’s actually like, hackers trying to go directly to the service itself, directly to the API of that service to abuse it as well. 

Teja (28:17):

How did you conceive of the name FireTail? 

Jeremy (28:22):

Actually, one of our investors suggested it to us. (Teja: Okay <laugh>.) We originally incorporated with like, a placeholder name that we knew was not very good. We just needed to get a company up and running, you know, incorporated, et cetera, et cetera, and we played around. Like, I think my co-founder and I, we must have collectively spent 20 hours on our own brainstorming names and playing around with…there’s this one domain registrar that has a tool where you can do like, beast mode name search, (Teja: <Laugh>.) and you throw in like…it’s pretty awesome, actually.

Jeremy (29:00):

You throw in a bunch of keywords, and it tries to look for available domain names for you, (Teja: That’s cool.) and we played around with that tool for too many hours. It’s a lot of fun, but not super productive in the end. Then literally one of our investors was like, “I like a super neutral brand name like ‘FireTail,’ because like, you don’t know what direction the technology’s gonna go based on what customer’s needs are,” So like, you want something that’s like, cool, catchy, easy to pronounce and remember, but is also not hyper-specific to a particular technology, you know, and then like, is not like, a used brand name somewhere else, and he literally threw that name out, and we went searching. We’re like, “Actually, yeah, it’s pretty good,” and it just stuck with us, and we did a trademark search. That was all clear. We actually ended up having to buy FireTail.io from somebody else who was squatting on it. Yeah. 

Teja (30:00):

That’s a thing. Yeah, for sure. (Jeremy: Oh, for sure, yeah.) Yeah, but was that an easy transaction, or was that kind of a pain?

Jeremy (30:08):

No, it was relatively easy, because it was done through a broker service that specializes in this. They know how to coordinate buyer and seller. They knew how to manage escrow, yeah. So that was super painless, actually, very straightforward. From the time that we decided and agreed to the price, it was less than 24 hours.

Teja (30:30):

Have you thought about moving to a .com at any point ever or…<laugh>?

Jeremy (30:34):

<Laugh>. Yeah, but they want like, 10 times more than we paid for the .io, and we’re like, do we really need it, (Teja: Yeah.) because .io is kind of trendy now? (Teja: Yeah.) I don’t know. We have thought about it.

Teja (30:49):

Yeah, and like, I don’t know. If you’re like, on the engineering side, you know, of the house, .io is like, pretty common I think for a lot of (Jeremy: Yeah.) domains, you know? (Jeremy: Yeah.) We run into some issues when I’m like, “Gun .io <emphasis>,” and they’re like, “.com?” And I’m like, “No, no, just ‘.io.’” <Laugh>. Yeah, yeah, yeah.

Jeremy (31:10):

I mean, have you guys…I imagine “Gun.com” would be insanely expensive, and it’s probably like, owned and actually run.

Teja (31:20):

Yeah, yeah. It’s…so I think actually the last time that I checked, it’s like, a gun magazine or something like this. I mean, you could imagine that that’s the case. (Jeremy: Yeah, for sure.) I occasionally, in my LinkedIn, I get people being like, “Support the Second Amendment,” and my LinkedIn, you know, because they just, they like, do a LinkedIn search for like, “Okay, who’s in the firearm industry?” So that’s always funny <laugh>. (Jeremy: <Laugh>. Oh, man.) But yeah, I think it’s prohibitively expensive. I tell it like, to him, that’s like, a Series B issue. That’s like, (Jeremy: Yeah.) that’s not a today thing. That’s like a <inaudible>.

Jeremy (31:59):

We said exactly the same, (Teja: <Laugh>.) and we’re seed-funded only, and we were like, yeah. Even, you know, if and when we raise it, we’re lucky enough to raise a Series A, we’re like, it’s still not a priority at Series A. Yeah.

Teja (32:13):

Yeah. For sure, for sure. Well, okay, so in maximizing adventure, how are you thinking about like, building your company like, over the next, let’s say decade? Like, you know, what are some of your ambitions? How are you thinking about, you know, writ large, like, financing strategy, all that stuff?

Jeremy (32:35):

That’s a big question. It’s funny, because, you know, we’re seed stage, right, and we had an initial thesis, and we went out with our design partners and with some new customers that we were talking to, and we kind of invalidated about half of our initial thesis and revalidated that the other half of it, but then we also learned the things that we didn’t even have in our thesis that were real pain points. So we’ve ended up having to like, kind of really pivot a lot of the technology approach that we had and the technology strategy that we had, (Teja: Mmm <affirmative>.) and that’s been a journey. That’s been occupying so much of my mind and energy, and not just mine, but our whole team, over the last nine months that I don’t know that we have like, a 10 year like, strategy, because it’s been so consuming that…like, I have a two to three year technology vision based on all the things that we’ve learned like that, for sure.

Jeremy (33:36):

And financing wise, like, we’ve looked at, you know, what would a Series A look like? What would a Series B look like? What would be the valuations, and then what would be like, the goals that you’re trying to achieve with the company given that kind of trajectory? (Teja: Right.) That’s all relatively straightforward, and I would honestly say that like, I don’t think that we’re trying to do this differently than the typical kind of, you know, enterprise B2B startup or enterprise-focused B2B startup, right? Like, there I think we’re really, like, we’re not reinventing (Teja: Right.) the wheel or anything like that. The technology side, that’s a bigger vision that we have, and the problems that we’re looking at solving around APIs are a much bigger concern. I’ll give you one example right now. Like, and this has been a very, very hot topic in a lot of our conversations recently, which is, alright, so there’s all this AI hitting the market right now, and LLMs, and generative AI, blah, blah, blah, blah, blah, right? (Teja: Right.)

Jeremy (34:35):

Okay, well, here’s the challenge that a lot of organizations have. There’s general AI, like, these LLMs that are just kind of out there like ChatGPT that you can use that’s been trained on like, everything. (Teja: Yep.) So it has kind of like, general knowledge about everything that it has access to, (Teja: Yeah.) but it doesn’t know Gun.io or FireTail in depth, right? (Teja: Yeah.) It doesn’t know our internal documentation. It doesn’t know our code, it doesn’t know, you know, our messaging and our whatever, like, the things that we’ve put out into the world on our blog posts, and in our white papers, and all that good stuff. Nor does it know yours. (Teja: Right.) So really what you wanna do, if you wanna leverage these things is you need to train them with your data that is specific to your point of view.

Jeremy (35:22):

How do you do that? Well, actually, the number one way that you do that is by sending data to these models, and it turns out to be like, really expensive to run a model yourself. So for smaller organizations, they’re not going to do that. They’re gonna interact with a model that is hosted and owned by somebody else. That might be your cloud provider, right? Like, all the cloud providers have their own…you know, there’s Azure AI, there’s AWS, Bedrock, there’s Google Cloud Bard, right, and so they’ve got like, a base model that you can then compliment with your data to get something more meaningful to you. Well, guess what? How do you transfer that data? It’s all over APIs, (Teja: Mmm <affirmative>.) and then there are like, potential risk factors around was that data allowed to be transferred to the model? Are there things that we don’t want to go into the model?

Jeremy (36:09):

Are there things that we need to do to make sure that the data that we’re sending to the model never gets to third party organizations or can’t be extracted from any place other than us interacting with the model? (Teja: Mmm <affirmative>.) And so there’s like, a ton of API interactions around that, and there’s a lot of concern right now about like, oh crap, my team is already sending proprietary company documents to ChatGPT.

Teja (36:34):

Oh yeah. That’s been a thing. (Jeremy: Yeah, exactly.) You’re just like, what are we doing <laugh>?

Jeremy (36:38):

Yeah. So there’s like, this whole wave of, I think, people just now waking up to the fact that APIs are actually super important in data projects that they want to do to gain efficiency. So that’s like, a big area that we’re thinking a lot about and working on right now. If you ask my vision, or my plan, or our ideas, like, it’s so focused on all this new stuff that’s coming out that customers are using for the first time and the APIs associated to them, and the API risk associated to them, and helping them manage, because ultimately, like, what you want from security in general, is you want security to enable things. (Teja: Mmm <affirmative>.)

Jeremy (37:20):

You want security to kind of like, make sure that the organization is managing any risks to an acceptable level so that the organization feels like, yeah man, you need to go use ChatGPT, go do it. We’ve got these safeguards in place, we know that we’re comfortable with you doing that, because we have controls against whatever risks that we’re worried about. Like, that is in a best case, you know, scenario. Security enables organizations to move forward, and so helping our customers manage that is like, a big part of what goes into our vision. 

Teja (37:53):

How do you think about orienting the roadmap to this type of use case that is not quite like, there yet? So you have to basically think into the future and assume that’s where the puck is going. (Jeremy: Yeah.) Like, how do you like, practically orient your product management, and your product, like your engineering resources to build into something that like, probabilistically you assume will happen, (Jeremy: Yeah.) but it’s not yet happening at scale. Let’s say.

Jeremy (38:24):

This is such a great question, because this is like, what we live almost every day. (Teja: Yeah <laugh>.) I don’t want to toot our own horn too big or anything like that, but I do think API security is one of the most cutting edge security use cases to solve for right now. (Teja: Right.) To that end, one of the things that we run into pretty often, is we go talk to customers, and they’re like, “Yes, I’m worried. Yes, we’re using a lot of APIs. No, I don’t have concrete ideas about exactly which risks I need to mitigate,” and so to some extent, they come to us, and they’re like, “Well, what are you guys doing, FireTail?” (Teja: Mmm <affirmative>.) “Like, what are you thinking?” And so there’s a balance where, you know, we know certain things that we’ve discovered through repeated interactions with customers, and we found a few things to be like, kind of universally true. One example is like, almost nobody knows all the APIs that their organization has created. So, you know, from some perspective, that tells you like, okay, well one big problem is just like, discovery and visibility. Great.

Jeremy (39:29):

So that one’s like, pretty common, but then you scratch it one level deeper, and it’s like, well what are the risks around those APIs or what could they be? Then to the point of this question, it’s like, oh yeah, but then there’s all this new AI stuff, and we know we’re gonna be using APIs with this stuff, but we don’t know exactly how, so what are you gonna do? Like, we ask them, “Hey, what do you want us to do?” and they’re like, “I don’t know. Protect us. What are you gonna do?” (Teja: Mmm <affirmative>.) right? And so what we’ve tried to do, and I don’t know if we’ve succeeded like, any better or worse than anybody else at this, is we have a researcher, we have a couple people who have, you know, decades of experience in security and in API development, and things like that. We brainstorm internally, we work with our researcher. We continuously monitor breach events looking for new learnings around like, how APIs got breached, or how they got abused, or things like that. 

Jeremy (40:28):

So we try to stay very much, you know up to date on what’s going on, (Teja: Mmm <affirmative>.) use all of that to inform opinions, use those opinions to create ideas about potential risks, potential attacks, et cetera, try to design ideas about how you would mitigate them without committing to building too much first, (Teja: Mmm <affirmative>.) and maybe you like, show that idea to some existing customers or some new prospective customers who express a concern, test the idea with them, and if the idea itself isn’t right, you might get some feedback that helps like, kind of correct course a little bit. Or we’ve also done design specs where we’ve kind of said like, you know, “This is how this thing is going to work. What do you think?” bounce that off of, again, existing and prospective customers. We’ve also done mockups, you know, where we say like, “Oh, it’s gonna look like this.” (Teja: Right?) So like, you can run this kind of experimentation and then, you know, some of it will actually build experimental code that is like, not production quality, quick and dirty, just show the potential of something and then demo that to a couple of people.

Jeremy (41:38):

But it is a balancing act where you like…’cause you have limited resources, right, within the development team, and sometimes you have a backlog of things that like, concrete things that need to get done, and so you’ve gotta decide like, what percentage of your development team do you dedicate towards experimentation in the new use cases versus, you know, making sure that what you’re already doing is like, rock solid, and scalable, and ready for production. That is a constant balancing act, and plus, the fact that like, the use cases aren’t clear, and so you have to go through cycles of experimentation, recognizing and not getting frustrated that like, at least 50% of what you’re gonna do is not gonna make it to prod. You know, you’re gonna do a lot of ideas that aren’t gonna be the right thing.

Teja (42:26):

How do you…this is like, maybe more of a tactical like, engineering management question, but it’s like, how do you get your team excited about getting something that’s just like, quick and dirty, not production quality code, but it takes their time to make and ship, and then they’ll probably make an argument like, “Well, if we’re gonna do this, we should do it right.” How do you like, actually navigate that conversation? Because that’s been a problem that I experience in our company. Like, “Hey, if we’re gonna do this,” (Jeremy: Yeah.) “we should do it right,” and it’s like, well the business case is actually, we don’t know if it’s right. We just need to prove that it’s right. You know?

Jeremy (43:01):

Yeah, yeah. I mean, thankfully on this one, I get to mostly defer to my co-founder and let him manage that. (Teja: <Laugh>.) What I try to do from my side, ’cause I do a lot of the, you know, customer engagement stuff, and talking to customers, and so on. (Teja: Yep.) What I try to do from my side, is communicate internally who the customer is, what are the challenges that they’re expressing to us, you know, what’s their use case, their architecture, whatever, and then point out to them why they’re worried about a certain thing in one way or the other to just really make sure that they understand that there are actual customers on the other side of this conversation.

Jeremy (43:39):

And again, like, whether we get it right the first time or not, it is for the purpose of serving a customer, (Teja: Yeah.) and that’s super important. (Teja: Yeah.) So I can only convey that side of it, the day-to-day management of like, “Hey, don’t get bummed when this experiment doesn’t turn out to be the right thing, and don’t take it hard when I’m asking you to build something quick and dirty instead of quote unquote the ‘right way’.” (Teja: Yeah.) That’s my co-founder’s job to manage, thankfully. 

Teja (44:07):

Cool. That’s awesome. What advice would you have for yourself, let’s say 10 years ago, or if there’s somebody in your shoes 10 years ago, you know, up-and-comer working at a startup, that sort of thing.

Jeremy (44:23):

Yeah, look, I co-founded a startup about, just about, I guess, 11 years ago. That was the first, second one that I co-founded, and that was my first time as CEO, and I did not do great. Both like, day-to-day as a CEO, but more importantly, I didn’t great (STATIC) in managing my mental state around it. (Teja: Mmm <affirmative>.) I took way too much of the stress to heart, (Teja: Mmm <affirmative>.) and it like, it affected both my mental and my physical health. I think like, the main advice that I would give anybody is to try to zoom out for a second and recognize what you’re doing. So what I mean by that is, and this is gonna sound weird, because a lot of people will say things to the contrary of what I’m about to say about like, your startup being your passion and your life’s project and everything. Actually, a startup is a job, and it is not what defines you and your success or failure as a human being, and I could not separate that at that point in time or at the level of maturity that I had at that point in time. We were a company founded by a group of individuals, funded by a group of professional investors who understood the risk, right? So they put money into us, yes, because they believed in us, but they put money into us, because that was also their job. 

Jeremy (45:55):

Their job is to invest in these things that are high risk, high reward. Our startup didn’t really work out. We ended up selling the technology at the very end, but it was not a successful sale. It was not a good outcome. People have asked me over the years like, “Oh, you had an exit.” I was like, “Hmm, I had an exit on paper, maybe, but like, there was in no way a positive financial aspect to that exit event,” (Teja: Yeah.) but I really let that consume me, like, both mentally and well, didn’t consume me physically, but it did make me physically sick. (Teja: Mmm <affirmative>.) So my main advice would be to like, to recognize that that is the situation you’re in, and that is what you’re doing. Yeah, it’s super exciting, and it’s challenging, and all these things, but it’s just a job, and it doesn’t define you as a human and your success or failure. So remember that and don’t let any like, success or failure define you or consume you. I know that’s easier said than done, because when you’re living it day-to-day and in the moment, it’s really easy to get down, and this is one of the things about a startup that’s, as you probably know yourself, the highs can be crazy high, but the lows can be really low if you let them, and like, trying to kind of contain that I think is is is tough but important.

Teja (47:14):

Oh yeah. I know. I mean, I think it’s like, if you have…if your mental state, this has been my experience, if your mental state is not like, supremely managed and like, the key focus of every day, you can get buffeted by these things that are like, actually not in your control and like, decrease in control (Jeremy: Yeah, totally.) as the company scales, right? So you (Jeremy: Totally.) could be in a great mood with your spouse or significant other, partner, like, and then the next day, something bad happens at work and you’re just like, you’re not a pleasant person to be around, and that cascades in your personal life in some ways, you know? (Jeremy: Yeah, totally.) That’s something I also had to learn the hard way, like, just like, maintaining a center at all times, you know? So, okay. That’s awesome advice, and I feel like we could spend like, another hour just exclusively on like, how do you manage your mental state? What are some rituals that you do like to center yourself? How do you detach from like, almost like, the mythology of Silicon Valley that is propelling you in a certain direction, you know, and I would love to have you back on and talk exclusively about that if you’re down.

Jeremy (48:32):

Love to. Anytime. More than happy to.

Teja (48:35):

Okay. You seem like somebody that’s like, at a lot of experiential context, previous to starting a business, whereas many founders, excellent founders, it’s like, their first taste of adventure is in the context of a company. So like, their entire sense of adventure is actually defined by building a company, whereas like, totally moved around a lot. (Jeremy: Yeah.) Like, you sort of can see adventure in a different way, like a company is just one context. (Jeremy: Yeah.) It’s not the only context, you know? (Jeremy: Yeah, yeah, yeah, yeah, yeah.) Where can people find you and FireTail on the interwebs? 

Jeremy (49:10):

FireTail.io, as we talked about. We’re a .io, and you know, for finding me, probably the best place is on LinkedIn. You know, I’m just Jeremy Snyder. I know there’s like, six or seven of that name, but if you look “Jeremy Snyder FireTail,” you will find me, I promise. If you just google “Jeremy Snyder,” there’s a chance that you’ll find an indie musician (Teja: <Laugh>.) who does some good stuff, or you’ll find (THE FRONTIER THEME FADES IN) a professor in health information or health sciences and public policy who’s also doing some great stuff. Shout out to those two Jeremy Snyders. Keep the name proud, but just “Jeremy Snyder FireTail,” and you will find me, I promise.

Teja (49:46):

Cool. That’s awesome. Do you own the domain “Jeremy Snyder?”

Jeremy (49:51):

I don’t. The musician does. The musician does, and good on him for grabbing it before I did <laugh>. (Teja: <Laugh>.)

Abbey, via previous recording (49:59):

You’re listening to the Founder to Founder podcast, powered by Gun.io’s Frontier Network. We release a new episode every Thursday morning, so be sure to subscribe on Spotify, Apple Podcasts, Stitcher, or wherever you stream your music. Please leave us a review and share with your friends. You can follow us online at the Frontier Pod or drop us a line at [email protected] to get in touch about hiring world-class tech talent.

(THE FRONTIER THEM ENDS)