Joining Snyk

September 21, 2016

I remember sitting around with a few friends at Chrome Dev Summit last year. The conversation eventually turned to security. We all agreed about how massively important it was, but we also each acknowledged that it’s not trivial to do correctly. It’s not the most accessible topic and the tooling and standards can be a bit unwieldy.

Since that time, Let’s Encrypt came out of beta and did a lot to really simplify the process of moving sites to HTTPS. I’m a big fan, as I’ve mentioned before.

But moving to HTTPS, while important, is just one tiny step in what it really takes to make sure that the people using our sites and applications are safe. If the web is really going to be secure by default, then we need many more tools and standards along a similar vein. We need security to be demystified.

Maybe that’s why when Guy was showing me the first incarnation of Snyk I was so impressed. He and his team had created a tool that focused on one part of the security equation—how to make sure you’re not unknowingly introducing vulnerabilities while using open-source code (focusing on Node initially)—and made addressing that part pretty trivial. Each feature they built on top only made me more and more impressed.

I found myself talking about Snyk casually to friends, each time seeing them respond with the same sort of enthusiasm I had the first time I used it. I’m not one to get super excited about tooling very often, but I do appreciate a well-built tool that makes important things easier.

After many conversations, coffees and other drinks, I decided to take the leap and join Snyk. I’m going to be starting and leading developer relations there. I’ll be rolling up my sleeves and getting my hands dirty with code quite a bit (I’ve got a long list of things I want to build)—something I’m looking forward to.

Several friends who I told about my move all asked the same question: “Does this mean you’re not going to focus on performance anymore?” The answer is: of course it doesn’t. You’re not getting rid of me that easily.

I’ve always considered myself a “web” person, not a “performance” person. I talk about performance so much because it interests me and I think it’s critical to the success of web. I still do and am unlikely to stop thinking so anytime soon.

But of course security, too, is critical. Along with performance and accessibility, it’s one of those “unsexy pillars” Paul Lewis wrote about—unseen, yet critical.

The team at Snyk is doing important work—work that I want to help with. I’ve talked to them about what they have in mind for the future, and it’s pretty exciting. That, plus the fact that Anna promised to bake me cakes (I have a massive sweet-tooth), made this an opportunity I couldn’t pass up.

Last Friday was my last day at Akamai. Before I joined, I already had a tremendous amount of respect for Akamai. Leaving, I have even more. In a segment of our industry that I worry can be a little shortsighted at times, they continue to think bigger—investing in the web as a whole through standards and browser involvement. In addition, they are smart. I mean, really, really smart. There’s a reason they’ve been around as long as they have.

The only place to go after a company where you are surrounded by brilliant and passionate people is another company filled with brilliant and passionate people. Snyk’s team is absolutely top-notch and I’m looking forward to working with them to make it easier for the web to be secure by default.