Stacklet’s Travis Stanfield: ‘We're not just going to help you with jobs to be done today. We're taking an approach to help pay dividends over a longer term’
The Cofounder and CEO of the cloud governance tool on how he got his start, the struggles he faced along the way, and how Stacklet is changing security and operations for the Global 2000.
Stacklet CEO Travis Stanfield got to know Cofounder Kapil Thangavelu at Capital One, when Kapil was collaborating with the company on its move to public cloud and developing Cloud Custodian, an esteemed project that’s since rolled into the Cloud Native Computing Foundation (CNCF).
“What we basically did was create a startup to help continue both the growth of the community, but also offer customers a commercial offering in the form of a managed service around the open source,” Travis says. It was a domain-specific language for policy and governance. “If you are a Cloud Engineer, Cloud Security Engineer, or FinOps Engineer, you would use it to create controls for which the organization’s best practices or policies are enforced in the cloud.”
Now, they’re running Stacklet, a commercial cloud governance platform that helps Global 2000 companies manage security, operations, visibility, and cost optimization policies in the cloud. It’s built with an open core model around Cloud Custodian.
Here, I sat down with him to talk about getting started with Stacklet, lessons learned along the way, and his advice for other founders in the space.
So why would someone use Stacklet?
It's about getting that managed accelerated experience. You can manage and operate the open source in your environment, but once your cloud estate starts growing into hundreds or thousands of accounts across multiple clouds, and you've got hundreds or thousands of policies that you want to get applied out there, you are starting to feel the challenges of the DIY, and we can offer you that managed SaaS-ified solution.
How many engineers are in a typical organization that is adopting Stacklet?
Where we start to see the attachment point is a couple of dozen cloud developers. This is because once you have a certain threshold, you have enough people creating infrastructure that is unknowable in a single person's head. You need automation, you need the insights that we're able to provide for you quickly, and that's where the value and the attachment point start to show up.
What were you doing before coming to Capital One? What made you decide to leave to start this business together?
My first job out of undergrad was at Microsoft. I was actually focused on the enterprise middleware, and I got a front-row seat to watch the company start to learn about the enterprise. I also worked at DealerTrack and was an Architect and Development Manager. Thematically my career has focused on enterprise platforms. In terms of starting the company, it was a very clear opportunity. We saw who was getting into this community and saw that having a corporate presence continued to grow the community and unlock an accelerated opportunity. It’s something that we recognized and became very passionate about.
Did it feel like a big risk when you decided to do it?
Yeah. A part of that was because we started the company right as the pandemic began. Right in the midst of a one-in-100-year event. That, in addition to the more common cofounder startup anxiety, was pretty unique. Now we’re progressing past some of those early times, getting more perspective, and looking back on it with a bit of a smile.
What are your interactions with customers like?
We’re in a fortunate position where our customers already have some familiarity with Cloud Custodian. Even if they don’t, they’re certainly familiar with the problem. So it's not like we are market-building to the degree of convincing folks about an innovation. They already have empathy and are living challenges in the cloud, and we're able to speak directly to the jobs that they have to do.
We do often come in and say, "Hey, we have what we feel is a very different view of the problem, and a thesis-driven approach to the solution. It could perhaps be very compelling for you to make a strategic investment with us. We're not just going to help you with jobs to be done today. We're taking an approach to help pay dividends over a longer term.”
That becomes a very good conversation to have with customers. We're able to connect with their pains and gains right away, and we're able to also get them to understand why this will be returned value to them over time.
So when you created the company, were there already people outside of Capital One using it?
Yes. There was already a vibrant community when we launched the commercial side. Now, there are over 340 contributors and close to a couple million downloads a day. We have thousands of organizations that have used or are using the open source.
Who is your competition?
We tend to get compared to AWS Config and Azure Policy. We integrate often with those solutions, so it's not necessarily an either/or. The other area that we often get compared to would be what's referred to as CSPM (Cloud Security Posture Management).
How is Stacklet different?
We focus on helping people manage their cloud, not just find, measure, or fix it. We're pointed toward practitioners that want to be able to do things like remediate, manage cost, and communicate. We do visualizations as well, but we go a step further. We focus on the capabilities around policy and governance, resource management, and helping to unlock resource utilization efficiencies.
What would your advice be to an early stage open-source business that is balancing between the tension of needing to figure out monetization and wanting to get real community adoption?
Talk to folks, and reach out. What I found was there were a lot of people who had done community and commercial in the past that were very willing to talk to us, give advice, and share the benefits of their experience. So I think people are maybe a little reluctant to reach out, but I've found that folks, myself included, are very happy to pay it forward where we can.