Now more than ever, businesses around the world should pay close attention to how they manage their credentials and control access to their sensitive data, in order to protect it from being hacked or compromised in any way.
During this interview for TechStrong TV, Mason McLead of Software.com and Elizabeth Zalman of strongDM, discuss the great responsibility of safeguarding credentials and how strongDM has proven to be an effective credentials management tool, helping Software.com to control access and keep their data safe, even when working from a remote environment.
Software.com is a data platform dedicated to help developers and engineering teams learn from their data, increase productivity and improve their coding routine.
Check out the interview below and follow along with the transcript to find out more.
Transcript
Alan Shimel: Hey, everyone, thanks for joining us on another episode here of TechStrong TV. We’ve got our recurring guest friend, Elizabeth Zalman, of strongDM joining us, hereโhey, Liz.
Elizabeth Zalman: Hey, Alan.
Shimel: And joiningโhiโand joining Liz and I is Mason McLead of Software.com. Hey, Mason, welcome to TechStrong TV.
Mason McLead: Hey, thanks for having me.
Shimel: Alrighty. So, Mason, you’re the new kid on the block, and we’re gonna give you a chance to lead things off. I think a lot of our audience has certainly heard of Software.com if they’re not really, really familiar with it. But for those who arenโt, you know, why donโt we give them a little background?
McLead: Sure. I mean, high level, Software.com is a developer data platform, and our aim is to create and provide insights for productivity for individual developers as well as engineering teams. And we do this by gathering telemetry data from inside of code enders and then layering on contextual data from other parts of the software development life cycle, like how many hours you’ve been at meetings, what kind of music do you listen to while you code, do you code during work hours, after work hours, at the office, remotelyโand then really pain the full picture of where your time goes and how itโs impacted by these external inputs. And thatโs what we provide back to developers as kind of the product there, so you can really see how your time is impacted and what you’re doing throughout the day in order to improve.
Shimel: Very cool. And then, Mason, we should tell people or at least give them a little backgroundโwhatโs your role at Software.com?
McLead: Yeah, so, I’m the CTO here at Software, just joined this year. And you know, itโs an exciting time to join in. The productโs been out for a while, and so, thereโs a lot of proven track record and itโs just taken to that next level, and I’m excited to be here.
Shimel: Very cool. And, you know, we do have Liz from strongDM here, so the obvious question is, you guys are using strongDM, I’m gonna assume. Talk to usโwhy? Whatโs happening that strongDM was a solution for you?
McLead: Yeah. I mean, the main thingโand this is actually the second time that I’ve signed up to use strongDM. I used them before at my previous company I worked at, Fair, itโs a fintech company. And the real premise is that, you know, at Fair, itโs in fintech, so we gather a lot of personal information. At Software, itโs a lot of information about your behaviors and all of that stuff.
And itโs just personal information, and I feel like, in the role that I have of being CTO, I have a responsibility to protect that, and I really, personally, feel like itโs a moral obligation to protect my usersโ data. And strongDM helps me do that in a number of ways. And so, itโs been a rock steady foundation that I always build into the tech stack whenever I go and build something now.
Shimel: Excellent. So, you know, you opened the box, we gotta see whatโs packed insideโwhat are the number of ways why, you know, you canโt just leave us hanging there.
McLead: Sure. [Laughter] Yeah, I’ll enumerate. So, for getting access to developersโand the classic way that you do it for databases, right, is you have credentials that you share amongst however many developers need access to that database. Which means, as soon as you rotate that password, if you do, then you’ve gotta update everyone else. And now you’ve got copies of passwords everywhere on peopleโs local machines. And not everyone stays at a company for their entire life, so whenever they leave, you must do something about that. Like, that credential is now out in the wild, and thereโs not very many good tools to manage that.
So, strongDM really fills that gap really, really nicely, that use case. So, we can issue credentials automatically for people as they come on. We use Gusto for our HR stuff. So, if they’ve got an API, we can justโas soon as someone comes online, we can issue them credentials to data stores immediately. And then, if they go offline to their contractor, they’re immediately revoked. And the perimeter of the security just gets really tight and really well controlled, which is such a relief for me.
And then on the other side, securing access to servers via SSH, and we’re also deploying a new Kubernetes cluster, controlling QTTL access, and having all of that be auditable, because we also have some contractors working on our database so we can see what commands they’re running, what queries they’re running, and be able to trace that all back. And beingโlike, most of the time we’re not, of course, looking at the audit trails. Itโs really, like, knowing that itโs there if something happens, we’ll know exactly how to trace that back.
Shimel: Love itโvery, very good stuff. And, you know what, I applaud your personal, you know, taking this, I’m gonna call it fiduciary duty or responsibility for safeguarding peopleโs really personal dataโyou know, for taking it personally like that, no pun intended. And, you know, maybe if more people did, weโd be better off.
Though, look, no one ever raises their hand and says, โI wanna be breached,โ right? And even sometimes doing everything you can, itโs still not enough in order to prevent these things, but you can certainly take precautions, you can make it harder by using tools like a strongDM and so forth. So muchโI had a friend of mine call me last week, an old client of mine from my security days who, unfortunately, they got to pretty bad. They got into his Charles Schwab account, they got into his payroll account, they got into all of his e-mails. And heโs in the merchant processing business, so there was merchant applicationsโit was crazy. And, you know, he was beside himself. On the other hand, he didn’t use a password managerโyou know, typical kinda things you hear. So, it happens.
Anyway, but itโs interesting, you know, that across verticals, right, from fintech to what you do now at Software.com, though the mission may have changed in terms of the business, you know, goal, the mission in terms of protecting data hasnโt, is still relatively the same.
Liz, is thisโis Masonโs experience, Masonโs motivations typically, you think, for strongDM customers across the board?
Zalman: I think our customers feel deeply that there isโour customers feel deeply that there is a right way to do things. I think Mason, as an early customer of ours and at Fair, I think came in it from day one, just had a very particular point of view on how things should be done. I think he was actually one of the first customers to even be deploying Kubernetes in a production environment.
And so, our buyer is the head of infrastructure or infosec or DevOps as a way that they want to do things, itโs always very forward thinking. And finding a way to do them in an automated fashion that sort of fits into these, you know, Infrastructure 101, the ABCs of how to set something up in a way that helps them scale is probably a core precept that they have. I mean, Mason, how big are you guys now at Software when you inherited the team?
McLead: When I inherited the team, there were five other engineers and we’ve grown that up by about 50%. So, itโs still small and growing, but you know, I think no matter the size, the problem is still the same. And, for me, the solutionโs been the same, too.
Zalman: Yeah. Yeah, so, at Fair, I think you guys were maybe 100 people who were touching some form of infrastructure, and here, Masonโs starting, he started at six. So, yeah, certainly, itโs like, when you know that thereโs a good way to do something and a right way to do something, you start it right at the beginning.
Because, to do that when you’re a thousand people isโyou can do it, but itโs a two year process of rinse and repeat sort of work group by work group. You do it right from the start and you’re off to the races.
Shimel: Well, if we all had the luxury of starting in a green field, right, and starting it from the beginning as it growsโwhat a wonderful world it would be, as they say. But unfortunately, we donโt, right? Thereโs a lot of brown fieldโmuddy brown fields out there.
Mason, letโs talk a little bitโand Liz as wellโletโs talk a little bit about, you know, so, this whole COVID thing comes up now, right? We’re all here, you guys are in your houses doing this interviewโwhat, if any, effect has that had on the business and has strongDM helped, hindered, not been a factor in that?
McLead: Yeah. So, actually, Software.com was fully remote from the very beginning. So, internally, it hasnโt made a big difference in how we work. I think itโs an upgradeโlike, going to strongDM for access control is an upgrade, no matter how you work. I think itโs probably more important whenever you’re remoteโI mean, people have central VPNs and those sorts of things, but itโs still, building that defensive wall in strength and depth is still the right move there.
And so, internally, it hasnโt affected us too much, just because of the way the company is set up. For the business itself, though, it actually highlights a big advantage that we can provide as part of our products, of being able to see productivity metrics between remote and in office. Because people are gonna have a big choice coming back in from COVID whenever this is resolved of how much office space do I actuallyโdo I need an office? And then how do they actually guide that discussion and that decision when you donโt have data around it? And thatโs where we can really fill a gap there between knowing how people are working remotely and how they’re working in the office, so you can have a real comparison.
Shimel: Wow, what a great use case that is. I’m sure that was one of the use cases they drew up when they were starting the company, right? If thereโs a worldwide pandemic and everyoneโs working from home, wouldnโt it be great to know how well they’re working from home?
McLead: Yeah, itโs amazing the foresight we had. [Laughter]
Shimel: Yeah. But, nevertheless, itโd be nice to have there. You know, I wonder about that issue, question myself, though. I mean, here, you know, we’re a small company, we’re about 23, 25 people, and everyoneโs remote now except for me and my video director and, you know, we’veโwe have three and a half years left on our lease. Actually, September, it’ll be three years, so three years left on the lease. So, I’m stuck with, you know, this for three years. But I donโt see people running back, and if they do, they might just come in a day or two a week.
And, you know what? Thatโs fine. As the CEO here and founder, itโs fine with me. We’re working fine remotely. No one needs to necessarily be here to do their job, though I do think there isโthere is some good you get from having people in the same office, whether itโs the water cooler or hallway talk or what have you. But that isโyou know, thatโs the new normal, thatโs the new now, and I think we need to get used to that.
Liz, you know, again, in any situation there are winners and losers. But this whole COVID thing hasโyou know, not your fault, obviously, right, but itโs given people a reason to say, โJeez, I need something like a strongDM,โ right? โI want to spin up my remote forceโ or, โI want toโwe need to secure it betterโ or what have you. What are you hearing from companies? You know, Masonโs a two time user alreadyโbut first time people, what are they saying when they come by?
Zalman: Yeah, Alan, I am the mastermind behind COVID, you justโ
Shimel: Yeah, exactly. [Laughter] Dr. Evil, okayโwe got ya! [Laughter]
Zalman: No, yeah, Mason is certainly in a subset of companies that enjoys being remote from the start and being able to build that way. We saw a doubling down of an existing customer base where even if they had remote or satellite teams, now everybody became distributed. But also, new people reaching out because traditional companies, you canโt rely on the corporate network as a perimeter any more. Itโs dead. Itโs justโitโs completely gone and you had to switch on a dime, and what do you do?
And I canโt even imagineโyou know, by deploying strong, oftentimes, you can just throw out the VPN. Many customers choose to do that. And I canโt even imagine what these poor IT folks were dealing with in old companies who, you just had to go into the office, there was no other way of working, all of a sudden getting all these requests, โI canโt connect to the VPNโ or any sort of IP-based white listing. Oh, my God, to get access to privileged systems? My heart goes out to them.
Shimel: Yeah. No, you know what, I actually did an interview last week from an analyst based up in Canada who just put out a report about, you know, how COVID caused a short term increase in people buying concentrator licenses and more VPN capacity, but how long-term, thatโs probably throwing good money after bad in terms of out the window. I mean, you gotta justโyou gotta re-architect is the bottom line, there.
But itโs hard to do an engine transplant in the middle of the race. And so, people get stuck, you know, in those situations.
Zalman: Well, as one of my investors is fond of saying, โYou gotta build the Ferrari while you’re driving it.โ
Shimel: Yeah, and thatโsโainโt it the truth? I hear ya. Mason, what about you guys at Software.com? I mean, are you just ready for the new normal here and you were remote, anyway? Because thereโs a part ofโlook, we can function in this environment, thatโs fine. But are your customers functioning in this environment? Because ultimately, if they cease to function, no matter how high functioning you are, you knowโbig deal.
McLead: Yeah. I mean, developers are customer based, so we’ve got to make sure that is continuing to function, yeah. You know, we’ve actually taken surveys on this for our customer base, which is nearing about 100,000 and the majority actually said that they would want to do a bit in the office and a bit remote. So, kind of a mixed use case, there. And I think that that fits really well to get the advantages of being able to control your own schedule and control where you are with the in person being able to white board together, being able to really come together and think of new ideas and I remember all the hours that I spent in the office at Fair with a tight group of people developing all the stuff that we did there, and there are definitely some advantages to just being able to randomly yell out to the person in the other room to go and fix something.
So, you know, I think that itโs gonna be a mix of that, and you’ll have some people thatโll wanna go full remote once they’ve had the taste of it. Like, I really enjoy it. Like I said, and you can tell by the bare room behind me, I’m moving this week, actually, and itโs really interesting to start to feel the effects of being able to live anywhere and work the same job. Like, having it completely disconnected is a new feeling for me, and itโs weird, but I like it. And so, you know, I think [Cross talk] โ
Shimel: I think we’re gonna see it.
McLead: Yeah.
Shimel: Yeah, no, I thinkโlook, I read an article, I forgot what percentage rents in San Francisco are down, right? I think we’re gonna see rents going down in a lot of the cities because people are realizing where they work from physically is not necessarily tied any more to where the company is based.
Now, you still want to hire people with skills in places like New York and San Francisco or Austin or Boulder. They still have high concentrations of people with skills, so it pays to maybe put an office there. But, you know, I’ve had this conversation with Sid Sijbrandij, the CEO/founder at GitLab. They got, like, 1,200 people in 1,200 offices, because they donโt have an office. Everyone, including Sid, works from home, and his thing is, you know, for newer companies, it just doesnโt pay, because you know, once you put an office down, you’re saying, โThatโs it, I’m only gonnaโI’m confined to that talent pool.โ Where, if you wanna swim inโyou know, have choices in a wider talent pool, you’re not big enough to open an office wherever you’ll find talent.
And so, you know, a remote force is probably the way to go. I mean, good for Liz and the strongDM team, right? But thatโsโI think thatโs part of where we might be headed.
McLead: Yeah, and I think if you limit yourself to one specific geographic region to hire from, you’re limiting the upside of your entire company.
Shimel: Yep.
McLead: And incurring costs along the way. [Cross talk]
Shimel: Absolutely.
McLead: For the corporations that can do it.
Shimel: Right, I think thatโs an outdated look.
McLead: Yeah, I think so.
Shimel: You know, I think thatโs where we’re headed. Anyway, guys, we’re about out of time. Mason, I told you the 20 minutes goes quick, because usually Elizabeth talks so much, she takes over the whole conversationโno, she doesnโt. We’re just kidding.
But I’m gonna give you each a chance to say something before we log out, here. Mason, you’re the new kid on the block, so why donโt you go first?
McLead: Okay. Well, again, thank you for having me on, and it was a pleasure to talk about what we do at Software where itโs a developer data platform designed to help developers individually to see where they’re spending their time, look at productivity metrics, and improve, as well as helping manage the entire software development life cycle from input all the way through output. And thanks to Liz for strongDM and strongDM for a great product that helps us secure our data. Itโs definitely a huge benefit that I put into every stack that I build now.
Shimel: Very cool. Elizabeth, I’m giving you the last word.
Zalman:ย I think Mason just summed it up for me, although I think my hair is better than his, so, I’m gonna retain that for me. [Laughter] [Cross talk]
Shimel: I think both of your hair is better than mine, and we’ll leave it at that. [Laughter]
Zalman: I don’t know how his looks so tightโdude, whoโs cutting your hair?
McLead: I cut it. I learned how toโI watched YouTube. I missed this part here, butโ
Shimel: Yeah, noโyou know what? I think thatโs been a thing. I mean, yeah. Itโs easier for guys than it is for gals, I will say that.
Zalman: I commend you, Mason, both on your haircut and your choice of infrastructure technology products. [Laughter]
Shimel: Very cool. [Laughter] Guys, on that note, we’re gonna call it a wrap. This is Alan Shimel for TechStrong TV. Elizabeth Zalman from strongDM, Mason McLead from Software.comโthanks for being our guests. We’ll be right back with our next interview.




