Infisical: The Open Source Security Stack

1. 0:00 – 0:10

   Introduction

   1. DHDiana Hu0:00

      Today, I'm excited to welcome Infisical, who just announced your Series A led by Elad Gil. So we have here Vlad, Maidul,

2. 0:10 – 0:33

   What is Infisical?

   1. DHDiana Hu0:10

      and Tony. So tell us what Infisical is.

   2. TDTony Dang0:13

      We're an open source secrets management platform. So we help developers across all types of companies, you know, from the fastest growing AI companies like Hugging Face to very large Fortune 100 enterprises like LG. We help them manage sensitive credentials across their infrastructure, um, and yeah, solving lots of very complicated problems in the security and infrastructure spaces.

3. 0:33 – 0:58

   Managing Secrets at Scale

   1. DHDiana Hu0:33

      What are these secrets you manage, and how many are you managing?

   2. TDTony Dang0:37

      Yeah, I mean, y- you can think about secrets anything that's sensitive for developer infrastructure. So anything from database access tokens to certificates to API keys to any types of credentials that developers have to manage. And at this point, it's billions and, and, you know, north of 10 billion per month, uh, that we are processing at Infisical.

4. 0:58 – 2:43

   Origin Story

   1. DHDiana Hu0:58

      Let's go back to the founding origin story of Infisical. How did all the three of you meet and decide to be co-founders?

   2. VMVlad Matsiiako1:06

      Sure. Uh, so we all met at Cornell, uh, dur- throughout college, essentially. We were hacking together different side projects over the years, um, ultimately which culminated in Infisical. And, you know, this isn't our first rodeo working on something. Um, we had worked on a different project, uh, before, but it was just only a matter of time, uh, in terms of figuring out, you know, what is it, uh, to build next, and that became Infisical.

   3. DHDiana Hu1:31

      I remember you guys had actually applied with that previous idea and didn't get into YC on the first try. Uh, but you kept working on it and found another idea, which became Infisical and got in, in your second try. And how did you land on this new idea? It's a bit of a kinda esoteric idea for new college grads.

   4. VMVlad Matsiiako1:53

      Yeah. I can, I can speak a little about it. Um, so yeah, Tony mentioned we worked on, like, a number of, uh, different things before Infisical, and one of the common themes that, uh, they all had was the .env file. And, uh, this is something we've seen kinda time and time again. And, uh, it, it, you know, it's, it's difficult to kind of pass around sensitive information, even with a smaller team. Um, and so we wanted to go out and solve the .env file. How do you make sure that things are syncing between teammates? And so that was really the core focus when we started.

   5. DHDiana Hu2:26

      Because you were hacking all, all these projects-

   6. VMVlad Matsiiako2:28

      Yeah, yeah

   7. DHDiana Hu2:28

      ... and you kept having to add all these secrets somewhere.

   8. VMVlad Matsiiako2:31

      Yeah, exactly. And, and that's kind of how we started, uh, Infisical. A- and so we started off with this, uh, problem set, which obviously evolved into a ton of other things, but that was kind of the start of it.

5. 2:43 – 3:51

   From Closed Source to Open Source

   1. DHDiana Hu2:43

      When you had applied to the batch with this idea, you were actually closed source, and then during the batch, you decided to open source it, and that became a key advantage from you. You went from zero to 5,000 GitHub stars in the span of just, like, less than two, three months. And now, two years later, you're at 18,000 and over GitHub stars.

   2. TDTony Dang3:05

      Yeah. Uh, I mean, even during the YC interview, one of the questions you asked us, like, kind of was like, you know, "Why are you not open source?" And, and I think at that point, you know, we, we were building Infisical, it was closed source. It was just kinda like a simpler SaaS tool that developers could sign up for. And we got into YC, but then eventually growth kind of flattened out, and, you know, it wasn't really growing that much. And so we were talking to, to you and, and, you know, in general, like, what we, we should do. And the problem was that we kept hearing from people, right? Is that they wanna have more trust, and they want to manage these secrets on their own infrastructure. And so for us, kinda like going open source look... kinda like in the retrospect actually is a very logical decision because, you know, people feel much more comfortable about it. And, and they're able to satisfy a lot of different compliance and security requirements that these enterprises have.

6. 3:51 – 5:17

   Landing Big Contracts

   1. DHDiana Hu3:51

      I think the wildest thing I remember during the batch, you actually got a lot of very big enterprises using your product because of this.

   2. VMVlad Matsiiako4:00

      Yeah.

   3. DHDiana Hu4:00

      And the crazy thing is that just couple months later, one of those users ended up becoming a big customer, and it's like a Fortune 50 company.

   4. VMVlad Matsiiako4:10

      Yeah.

   5. DHDiana Hu4:10

      Tell us about how that happened.

   6. TDTony Dang4:11

      Exactly. I mean, a, a lot of people who find us, they eventually... You know, at this point we have, like, very big developer mindshare and developer community around Infisical, right? So a lot of people who find us, they, you know, might have been self-hosting Infisical for a long time, maybe in their home labs, right? So like, or sort, like maybe they're using it for some weekend projects. Maybe they are starting to adopt it within their company because it's easy, right? Than for self-hosted solutions, you can just do it very easily. And so w- with this company specifically, right, it was, like, some people who actually used Infisical, uh, at, at the old, uh, company, and then they switched to, to a new enterprise. And they also introduced Infisical there, and it's also a very, very big channel for how developers and companies adopt Infisical too.

   7. DHDiana Hu4:50

      Very cool. And that got you to close this Fortune 50 company. You also got this large semiconductor company-

   8. TDTony Dang4:56

      Yeah

   9. DHDiana Hu4:56

      ... using you. Same, same deal, right?

   10. TDTony Dang4:58

       Yeah. I mean, at this point it's, you know, any industry. You name it. Banking, uh, healthcare, government, defense. So anything. And, and it's kinda like crazy to think that, you know, at this point Infisical secures a very non-trivial part of world's infrastructure out there, so...

   11. DHDiana Hu5:13

       There's an interesting thing about your company, is that

7. 5:17 – 6:39

   Competing in a Crowded Market

   1. DHDiana Hu5:17

      at the surface people could think that you're going after a very competitive space. Because as you started the company, there were exist- existing solutions like HashiCorp Vault or AWS Secrets Management. But you guys did something special because you closed some large deals. Like, tell us about this big contract you got going on. This is a, a different one.

   2. VMVlad Matsiiako5:39

      Yeah, I mean, there's a [laughs] lot of different contracts. One that comes to mind is a big defense, federal defense company with north of 20,000 employees. They decided to go with Infisical over some of the existing solutions that you mentioned. Um, and when I think about why they chose Infisical, I think about our core product philosophy, which is to make security more accessible to all developers and all engineers at large. And that's something that other existing competition in the market hasn't done really well.Um, we exist in a market with a lot of legacy tooling in place, a lot of very cumbersome technology that takes in the order of s- you know, I think the average, uh, deployment time for this type of tooling is in the order of twenty-one months. That's crazy. Um, and so when you can reduce your deployment time from twenty-one months down to just a few months or even a few weeks, um, becomes a magical experience for a lot of these customers, and, you know, that's why they turn to Infisical over other solutions.

8. 6:39 – 8:15

   Technical Challenges and Innovations

   1. DHDiana Hu6:39

      So, so what's the tech underneath Maidul?

   2. MIMaidul Islam6:41

      Yeah. So, uh, Infisical is really, uh, i- interesting because it needs to be... it needs to really accommodate a lot of different environments, and this is different from, uh, a lot of other products that, that are on the market, right? We need to, uh, be as simple as possible to deploy in on-premise, right? That's where a lot of our, uh, largest customers are. Um, and, uh, unlike other products, right, you're really only thinking about getting the feature out to production. Here, every time we think about, you know, making a new feature, a new project that we're working on, it's, it's always how do we, uh, how is the, the self-hosting experience going to be for customers? And, uh, unlike other secrets management tooling that are on the, on the market, um, we really, really care a lot about how the solution is, uh, going to be deployed on-prem, and that comes with a lot of interesting engineering challenges, right? And so, uh, one of the common challenges with, uh, you know, secrets management, other secrets management tooling is that they treat the application, um, as a database, and so that makes it really difficult to scale up, um, in high availability settings, right? And so Infisical is actually stateless, and so this is a big difference, um, is because you can... let's say that you, you wanna scale up your fleet, right? Uh, with Infisical, you can essentially just replicate across because all the containers are stateless versus, uh, other secrets management tooling where you actually need to make sure the data is persistent on each of these new replicas before you can even think about scaling up, and so there's a lot of overhead, uh, that, that comes up.

   3. DHDiana Hu8:14

      That's cool.

9. 8:15 – 9:48

   Future Vision and AI Integration

   1. DHDiana Hu8:15

      So how are you guys feeling about Infisical in the future?

   2. VMVlad Matsiiako8:18

      Super optimistic, [laughs] I will say. I think when I think about Infisical in the future, there's really two things. Uh, the first thing is to continue forward with that mission of making security more accessible to all developers. I think what started as a open source secrets management platform is now becoming much more. It is now launching into, from secrets management into certificate management with Infisical PKI into SSH access with our new product line, Infisical SSH, into encryption as a service with Infisical KMS. You know, we are working our way towards from becoming just the secrets management platform into a much fuller, uh, open source security infrastructure platform. And the second thing that I think is really interesting is to think about, uh, this AI world that's coming up in front of us and what Infisical's role essentially is in that future world. Um, and so I think in the past, we've mainly been thinking about users and machines accessing infrastructure and the tooling built around that. But what's interesting here is now we almost have a new kind of actor, and this is in the form of an AI agent, which also needs access to resources and even needs to be able to trust and talk to each other as well. So I feel like there is a future kind of, uh, world here where Infisical will secure access, uh, for AI agents to infrastructure.

   3. DHDiana Hu9:43

      So this is really cool future where you're going after. There's lots of stuff to build.

10. 9:48 – 10:25

    Hiring and Opportunities

    1. DHDiana Hu9:48

       So tell us a bit about the kinds of roles you're hiring for.

    2. VMVlad Matsiiako9:52

       Yeah. I mean, we are hiring across 15-plus different positions right now, spanning through engineering to go to market as well, so anything from front end and full stack engineers over into account executives, and also even on the operational side as well in terms of recruiters too, um, and even dev rel as well. Um, so really there's a lot of different, uh, positions, uh, to fill.

    3. DHDiana Hu10:18

       Okay. Very cool, guys. So thank you so much for coming and joining us.

    4. MIMaidul Islam10:23

       Thank you. Thank you.

    5. VMVlad Matsiiako10:24

       Thank you

Episode duration: 10:32