Betterment is a goal-based financial advisory company that provides robo-advising services to help customers make the most of their money, taking away all the complexities of investing and saving.
In this interview for TechStrong TV, strongDM co-founder and CEO Elizabeth Zalman and Chris Becker, SRE manager at Betterment, joined us to discuss how strongDM helps make things faster, automated and easy at Betterment by tracking and auditing all changes on their system.
Chris was the project lead for implementing strongDM at Betterment. During this segment, Chris shared his journey of becoming manager of the SRE team at Betterment and the reasons why they chose strongDM to secure access to their data.
Check out the interview below and follow along with the transcript to find out more.
Transcript
Alan Shimel: Hey, everyone. We’re back here at TechStrong TV, and for our next segment. For this segment, we have one of our semi-regulars back here, Liz Zalman of strongDM. Hi, Lizโhow are you?
Elizabeth Zalman: Hi, Alan. I’m well, thank you.
Shimel: Good, thanks for joining us. And joining Liz and I today is Christopher Becker, SRE with Betterment. Is that correct, Chris?
Chris Becker: Yep, SRE manager at Betterment.
Shimel: Very cool. So, Chris, you know, I got a little background on Betterment before we started recording today, but why donโt you share with our audienceโwhatโs Betterment? What do you guys do?
Becker: So, yeah, the elevator pitch for us is that we’re a robo-advising platform that helps you make the most of your money. So, the idea with us is, we take away all the complexities of investing and saving and we’ve turned it into a goal based platform that lets you invest your money, save for what you’re going for, and try and make the most on top of the market and everything like that.
So, weโyeah, we try and take all the trouble of saving and all that, we dynamically balance portfolios and things like that for you and, as Liz said, it kinda removes all the distracting stuff with money.
Shimel: Very cool. And, you know, whatโd kinda unique about it is, itโs very goal based, right? So, you gotta tell Betterment what are your goals, what are you saving for, here? I wanna buy a house, I wanna buy a car, I wanna put money away for retirement.
Becker: Mm-hmm.
Shimel: I wanna go onโI wanna take 180 days off and cruise around the world. That would be mine, but anyway. [Laughter]
Zalman: [Laughter]
Shimel: You know, so, itโs a pretty unique kind of thing like that, and itโsโI guess itโs kinda uniquely situated for, I’m gonna assume, a lot of your customer base is sorta Millennial, Gen Z kinda folks, or do you get, you know, old people like me?
Becker: [Laughter] We have everyone, all over the gamut. I thinkโyeah, like, you mentioned the goal based investing, and thatโs whatโs super important to us. And it helps us sort of likeโit helps us make the calculations about how we balance everything.
Me, for instance, I have a goal thatโs like saving for a house, and thatโs a much different trajectory than something like retirement for me, based on my age and my income and everything like that. And what Betterment helps you do is just save in the best way to hit those goals. So, if you’re trying to get X amount of dollars by Y date, thereโs sort of a formula that does that, and if you’re saving for retirement, thereโs a different formula that works with that. Itโs all kind of within our platform.
Shimel: Cool. Soโand, of course, the website, letโs get that out of the way, B-E-T-T-E-R-M-E-N-T dot com?
Becker: You got it.
Shimel: Okay.
Zalman: And thereโs a mobile app.
Becker: And thereโs a mobile app. [Laughter]
Shimel: [Laughter] Thereโs an app. And we should alsoโhey, full disclosure, Liz has told me not only is Betterment a customer of strongDM but Liz is a customer of Betterment, so.
Becker: [Laughter] Exactly.
Zalman: Itโs a great product. [Laughter]
Shimel: Take it with a grain of saltโtake it with a grain of salt. [Laughter] Anyway, Chris, letโs talk a little bit about your background, though, now. So, you are manager SRE there, and our audience is very, very familiar with SRE and SREs in general. But how does one become a manager of the SRE team?
Becker: Absolutely. My background is particularly interesting. I guess, rewinding the clock a little bit, I wasโI got into sort of computers and computer management and server stuff, like, way back in high school. I come from a pretty, I guess you could say, classical IT background. I actually have, like, a Microsoft MCP, if you can believe that, like, from back in the day.
Shimel: I do.
Becker: [Laughter] Yeah, Server 2003 Active Directory, so.
Shimel: Mm-hmm.
Becker: Thatโsโyeah, I went to a high school with a really great computer program that let a lot of the students get hands on access to stuff, and by my sophomore year, me and my other classmates were sort of managing our computer labs and learning about how to do all that kinda stuff.
So, thatโs likeโyeah, I guess I was fortunate in that I got into this really early and it was something that I was really excited about and I was kind of like, you know, that guy in high school with my buddies, we built computers and things like that as well.
But yeah, and then right out of high school, I went to college and studied Information Technology as well. And one of the things that, like, for me, I’ve always sort of been, I guess, the jack of all trades when it comes to technologyโeverything server management, a little programming, and things like that. And then out of college, I actually got a job at Warby Parker doing office support, so like, IT support.
And thatโs kind of, for me, where, I guess you could say the automation bug, I got bit by that. Because we were doing a lot of software installations and things like that on peopleโs machines and we wanted a way to, like, with our two person IT team scale out to support, like, you know, 300 people at Warby at the time.
So, it was like investigating, you know, more things that we use in the SRE world today, like, things like Ansible and things like automation scripts and stuff like that. I was kind of, like, getting introduced to that as a way to just make it so that our small team could manage and automate installations on a bunch of work stations.
And then from there, actually, within Warby Parker, I had the opportunity to change to what they called an infrastructure engineer role which, looking back on it now, it was essentially, like, DevOps, right? You know, because DevOps is, I guess, the big umbrella that covers a lot of different disciplines and stuff like that.
So, from there, I reallyโI leveled up a lot of my programming skills as well, writing automation scripts and stuff to set up developer work stations. But what was important, I think, in that role for me is that I had a really good relationship with sort of internal customers, as I like to call them, for my IT role where my sort of stakeholders of the things that I built werenโt people that were the traditional customers of the business but rather those that, people that worked or the business.
So, I think a lot ofโlike, one of the reasons why I like DevOps and SRE and things like that is because it allows you to have a really close relationship with your customers, because they’re in the same company as you are a lot of the time, so.
And yeahโand then after Warby Parker, I got a job as an SRE at Betterment and our team was similarly very small. There was, I think when I started, there was four of us and we were supporting an engineering organization of around 80 folks and then, from there, our engineering team grew as well as our SRE team. And now, I’m the manager of that team and so, having been on that team for two years and change before becoming the manager, I had a really good sense of what we liked to do, things we wanted to build or our engineers and platform things as well. So, now, I’m kind of like at the helm and get to control that, which is really, really cool.
Shimel: Excellent, man. Great story. You know what, Chris, I don’t think your journey is that unusual, to tell you the truth. I mean, I spend my life talking to people like you and Liz andโI mean, whatโs different is, you know what, my high school didn’t have a computer lab, my college had punch cards. But, you know, my children, for instance, our local high school here in West Boca Community High, they actually do have, they have actually a Microsoft Certified program. So, a lot ofโyou know, you become Office certified, big deal, as a freshman. But by the time you graduate, you are Microsoft Certified.
They might have, I don’t know if they’ve moved over to Google stuff now and more cloud-based kinda things, but thereโs a cyber security area of concentration they call it, which is pretty cool, too. And, you know, itโs good. I mean, because so many people of my generation whoโlook, we took the Internet commercial, right, and built what you see here. But so many of them are self-taught, especially in things like DevOps or cyber or, you know, those kinds of things. And so, itโs good to hear people with real academic backgrounds in this stuff. I think it bodes well for the future.
But, you know, part of what you guys are doing, obviously, is, you called it infrastructure engineering or at Warby Parker, DevOps. But the real thing here is that we’ve moved, in your lifetime, right, in your careerโI don’t know if they ever had the concept of the server closet and the data center on prem. Everything is SaaSOps, right, or cloud or some sort of hybrid of that, right? There might be some third party data center you use where you’re running, letโs say, a private cloud kinda thing. You mentioned Ansibleโwell, that was back at Warby, so I don’t know if you’re using OpenShift or anything like that.
But clearly, right, itโs notโthis is todayโs infrastructure, todayโs kinda new stack as I like to call it. What about Kubernetes, cloud native, any of that stuff?
Becker: Yeah. So, thatโs like, at Betterment, we’re using Kubernetes. We’re on top of AWS as well. And I think itโsโI like that you mentioned sort of like old server clouds and stuff. I think the last time I interacted with a physical rack server was probably in college. But, I mean, I grew up punching Ethernet cables and racking and stacking and configuring, you know, Ratarays and things like that. And I think whatโ
Shimel: Fun times. [Laughter]
Becker: Yeah, right? [Laughter] Well, not with Ratarays, but I thinkโyeah, what I really like about sort of my, I think where my background has been really helpful for me is like, you know, when you enter this new world of AWS and cloud configurations and Kubernetes and stuff like that, like, itโs all still based on the fundamentals. And I feel like I got a really good sense of, and a really good education in networking fundamentals and things like that. Which, if you look under the hood, Kubernetes abstracts a lot away from you, but you still might have to do some kind of site or notation calculations, right? Or figure out, like, some [Cross talk]โ
Shimel: Itโs been a long time since did CIDR.
Becker: [Laughter] And itโsโand things like, yeah, and figuring out, like, we were debugging an issue with network connections and being able to Wireshark and look at the TCP handshake and figure out why we were dropping packets or getting RSTs or something like that. Like, being able to sort of zoom into those things that we donโt necessarily think about a lot these days when we sort of turn on a server in AWS and we donโt really think aboutโlike, being able to sort of lean on that knowledge is incredibly helpful in those head scratching debugging moments and stuff like that.
Shimel: Yeah. No, no, itโs always good to understand what the underlying technology is about. But part of whatโand this is really something strongDM does, right? Part of what we’re doing here is, we want to make it chimp simple. We want it to be fast, automated, easy. Thatโs a big part of the SRE kinda mantra as well, right?
Becker: Yeah.
Shimel: And so, letโs talk a little bit about strongDM over at Betterment, right? How didโwas it there when you got there? It sounds like you’ve kinda built the thing, though, you brought it in. Talk to us about the use case, here. What made you go with strongDM, why, what problem were you trying to itch, hereโor, yeah, what scratch were you trying to itch?
Becker: Absolutely. Yeah, no, for usโso, I was actually the Project Lead for implementing strongDM at Betterment. So, I absolutely love it, first of all. Itโs one of my favorite apps because I donโt have to think about it ever, and thatโs likeโif I forget, like, itโs something so seamless and it is so well run that I forget about it, those are my favorite kind of pieces of software. [Laughter]
Shimel: Well, no, that goes to what we just said. We wanna make it that simple, man.
Becker: Easy, simple, automated.
Shimel: I donโt wanna do CIDR calculations.
Becker: [Laughter]
Shimel: [Cross talk] [Laughter]
Becker: Yeah, noโso, for us, we had a need at Betterment, obviously, we’re a financial institution, we have regulations that we abide by and these things, one of these things is auditability and we need to make sure that any changes to any systems that we have and that we run and we operate are auditable, itโs tracked, itโs logged.
So, for us, strongDM was sort of like the perfect picture, because it allowed us to use that platform to get auditability, we could track and log everything as well as push everything with SSH at the time through one system, which was really nice. And it also had the added goal of not being dependent on our VPN, which we’re trying to get rid of as well, for a lot of reasons. [Laughter] strongDM, yeah, allowed usโฆ
And also, the thing that I’ve said amongst my team and one of the reasons why I really like strongDM is, it sort of abides by what I like to call the Unix philosophy, right? Like, it does one thing and it does it well. And itโs very predictable in its command line, itโs very predictable in the way thatโits interface and it interacts with other servers and things like that. And it was really easy for us to build out this entire system with, you know, literally running two EC2 instances and they’re able to get into hundreds and hundreds of servers every day and have never had an issue, so.
Shimel: So, Liz, five interviewsโthis is the longest I’ve ever heard you go without speaking. Whatโs up? What can you tell us about this?
Zalman: What I can tell you is that Betterment, I think, is, I’m gonna say top three in terms of forward thinking customers that we have. They’ve pushed the envelope in a variety of ways. They were using SSH, I think, where they had requirements for how they wanted engineers to interact with SSH that we didn’t yet support in the platform. I think the same thing went for kubectl as well or usage of Kubernetes. They were the first to really stress our systemโnot stress our system in terms of, like, we went down, but stress in terms of, โI wanna automate stuff like this, and you’re doing this, and I need you to get to this.โ
I canโt count the number of times that Chris asked for a REST API. Have you used it yet, by the way?
Becker: [Laughter]
Shimel: Tell the truth, have you?
Zalman: Have you used it yet?
Becker: Oh, yeahโno, we have. Yeah, we used it.
Zalman: Okayโgood, good, good. [Laughter]
Becker: Yeah.
Zalman: They had requirements in terms of directory syncingโyeah, so, it was a pleasure to work with them. And I actually donโt recallโdid we meet when you were at Warby, or were you just sort of aware of that relationship?
Becker: You actually, I think you came in to meet the infrastructure team, like, the Ops team at Warby at one point.
Zalman: Yeah.
Becker: Because I remember we were piloting strongDM at one point. I donโt think I was there when the implementation happened or anything like that.
Zalman: Oh, yeah.
Becker: But I was familiar with the product from Warby, actually.
Zalman: Yeah. And Alan, itโs actually interestingโChris is part of a, Chris used to be based in New York City and in New York, there is this group of infrastructure folks that stays within sort of the B2C world in my opinion and goes to the unicorns. And it was almost borne out of Warby, some went to, like, Harryโs for shaving, some went to Peloton, some went to BettermentโI’m sure I’m missing a couple companies. And they’re almost more forward thinking than our traditional B2B clients are. Itโs a very interesting trend.
Shimel: Yeah. You know, one of my good friends is a guy named Brad Feld out of Boulder, and Brad, he founded TechStars and Foundry Group. He used to beโheโs a big VC. But heโs also an author and heโs written this whole series around what they call startup communities, and it really talks about, Liz, what you were just saying, right? Generally, you get a pool of talent, right, in a geographic regionโwithin a community; it doesnโt have to be geographic, actually, but within a community. And that talent, itโs almost like the six degrees of separation, right? You can see a company has a liquidity event, people make money and they start other companies. Or they develop some really great expertiseโin this case, kinda B2C, using real edgy kind ofโฆI gotta stop using the word edgy, because itโs now meaning The Edge. But, you know, kind of cutting edge is what I meanโtechnology players.
And they do, thatโyou can almost trace the DNA, if you will, right, from company to company to company because itโs that same, the same roots of people. And thatโs what makes a startup community, because along the way, right, more people get added into the tribe, if you will, right? And that tribe continues to grow. And thatโs howโI mean, thatโs how tech centers are born, right? You can traceโlike Boulder, for instance; Boulder, Coloradoโyou can trace a lot of what came out of, whatโs coming out of Boulder by from when the storage folks were there and IBM had a big facility there and the University of Colorado and Brad coming in and investing a lot of money. There were a handful of companies that had really great outcomes or liquidity events, and it gave rise to this wholeโAustin the same way, I mean, by the way.
AnywayโstrongDM. So, Chris, what are you guys using it for? Liz mentioned some REST APIs and stuff like that, but howโwhat are you using it for, how is it working out, what do you see?
Becker: Yeah, so, we’re using it for, our sort of highest level use case is any time a developer needs to access a server or a database or a cluster, a Kubernetes cluster that we run and operate, they go through strongDM. And for us, like I said before, that was super important, because we want to make sure that all of the changes to our systems are tracked and audited.
So, we haveโwe actually started out just implementing sort of the SSH back end, and like Liz alluded to, we had some very interesting requirements around directory services. So, we use Okta as our identity provider and directory service.
Shimel: Sure.
Becker: And strongDM helped us wire that together so that a person on the team, their e-mail address and their Okta identity is used by strongDM so that we can sort of tie all those things together.
We also had, like, another thing that Liz alluded to was sort of like, we had a ton of servers and one of our unique use cases was, at the time, we were heavily using autoscaling groups within AWS. So, one of the big things with us and strongDM was that the server inventory was extremely dynamic, depending on load of our servers, depending on deployments and things like that. We might have 100 servers in inventory, we might have 200 servers. And they were coming up and down sort of all day.
So, for us, one of the other interesting requirements is, we needed some kind of automation so that when an AWS would turn on a new server to handle extra server load that that server was automatically enrolled and registered in the strongDM platform.
So, yeah, again, we worked with strong a lot on sort of nailing down that interface and we’ve written some automation scripts and things like that to get it to register and everything like that, and their admin, their admin token API and everything like that made that a breeze. And then our most recent implementation is actually, we use strongDM for Kubernetes. So, we basically have a, when you need to get access to our Kubernetes cluster or debug an application in our cluster, we actually live provision a container and then your proxy through strong, like, right into that container and all of that is audited as well.
And all of our developers, actually, they donโt evenโthe best part is, they donโt even understand, like, they can connect to an old system or a new system and for them, itโs completely transparent. But yeah, it all runs through strong and it all isโand for our compliance reasons, thatโs all audited and tracked and logged, which is great.
Shimel: Thatโs nice. Two things I wanna highlight here and then Liz, I’m gonna ask you to expand on it. Number one is that, by using strong, what Chrisโ team is able to do, as he mentioned, they use Oktaโthey donโt have to worry about hooking up this personโs identity maybe via e-mail with their Okta identity for purposes of IAM, right, across their disparate network infrastructure, right?
strongDM here, as part of the proxy process, is lining up that personโs real identity, right, their e-mail or whatever you wanna use as their real identity with their IAM identityโI call it an IAM because it could be Okta it could be others, right? And thenโbut the person doesnโt have to think about that, and quite frankly, Chris, neither do you or your team, right? strongDM just makes thatโagain, chimp simple, easy, done.
Becker: Yep.
Shimel: Thatโs number one. Number twoโand Liz, this is where I really, Iโd like you to comment inโthe idea of using it in this Kubernetes system and containers, as Chris is referring to, is that the norm now, or do you think this is kind of an advanced use case?
Zalman: Itโs an interesting question. And yeah, I think to your first point, itโs, we’re acting as an infrastructure API, right? We donโt care what Chris is using as his identity store. We donโt care where his infrastructure is, we’re just connecting the dots.
Shimel: Yep.
Zalman: Kubernetes wasโI mean, we’ve seen different instantiations of Kubernetes over the years, right? Docker tried with Swarm and it didn’t stick and Kubernetes did. And maybe people were using it, they were trying it on. And I remember, like, the month that it hit production workloads, because I think we got seven or eight requests in one week. Itโs likeโwhy donโt you have support for this protocol? And we said, โOkay, time to build kubecl support.โ
Shimel: Time to do that, yeah.
Zalman: Yeah.
Becker: Yeah, guilty. [Laughter]
Zalman: Yeah, you were one of them. [Laughter] It was like plain, plain, plain, plain, plainโmainstream. And so, I think everybody is trying to find some way to systematize and puppeteer everything thatโs going on and abstract away a lot of complexity.
So, no, to me, Kubernetes is certainly here to stay. I see everybody using it.
Shimel: But is theirโbecause it sounds like their Kubernetes installation, if you will, the way they’re using strongDM is maybe a little different thanโis that the standard way that people are using strongDM and Kubernetes or is theirs a little different?
Zalman: I think Betterment has a particular approach to locking down access which is, you literally get this much access or this much access or this much access or over here, maybe this much access. Itโs highly tailored and fine-tuned, and I think that is theโthatโs sort of the forward thinking way. Like, people talk about lease privilege and Betterment has actually implemented it across the board for every single thing that somebody needs access to.
Shimel: Thatโs great, man. Thatโsโand Chris, kudos to you and your team for that, right? Because that isโlook, you’re in the financial industry, you’ve gotta do what you’ve gotta do there, but thatโs an excellent thing.
Guys, we’re over time, to tell you the truth, but I kind of enjoyed the conversation today, so I let it go. But we need to break out of here. Chris, enjoyโI know you’re about to take, you said, like a week off over that at the shore and enjoy it. I see maybe you’ll get that oar off the wall and actually do something.
Becker: [Laughter] Some paddle boarding.
Shimel: Yeah, that sounds cool. Anyway, I’m just thinking, I’m supposed to be going out on the boat tomorrow, but itโs also supposed to rain, so I’m not sure. But anyway, enjoy your week off. Thanks for joining us, thanks to Betterment for allowing you to tell your story here today.
Liz, always a pleasure to have you on and hear more about strongDM and this whole kind ofโyou know, these new companies, not necessarily new like today new, but a new way of doing things and a new way of making it easy to bring people on and access assets wherever the infrastructure is, soโfantastic.
We’re gonna wrap. This is Alan Shimel for TechStrong TV. We’re going to be right back with our next guest.




