Screaming in the Cloud
aws-section-divider
Audio Icon
Managing Access in Cloud Made Easy with Liz Zalman
Episode Summary
Liz Zalman is the co-founder and CEO of strongDM, makers of tools designed to make it easier to manage access to databases, servers, and Kubernetes clusters from one platform. Previously, she was co-founder and CEO of the cross-device profile company Media Armor, which was acquired by Nomi, where she later worked as VP of Insights and Client Services. Before that, Liz was an analytics professional at Dotomi for four-plus years.

Join Corey and Liz for a spirited discussion about managing access in the cloud era and how to do it the right way. They touch upon how VPNs are helpful but not enough, why access controls need to be easy and seamless, why many security products end up becoming shelfware, how not even Google has implemented zero trust at scale, how Liz tried to become a tennis pro at age 28, what Liz can control at strongDM and what she can’t control, how companies don’t get sold but do get bought, and more.
Episode Show Notes and Transcript
About Liz Zalman
Liz Zalman is the Co-Founder & CEO of strongDM. Previously she was Co-Founder and CEO of the cross-device profile company Media Armor. After its acquisition, she served as VP of Analytics at the acquirer, Nomi. With over 15 years of experience leading data-driven organizations, she is an expert in analytics, data privacy, and security.


Links Referenced

Transcript
Announcer: Hello, and welcome to Screaming in the Cloud with your host, Cloud Economist Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.


Corey: You’ve got an incredibly complex architecture, which means monitoring it takes a dozen different tools. We all know the pain and New Relic wants to change that. They’ve designed everything you need in one platform, with pricing that’s simple and straightforward; no more counting hosts. You can get one user and 100 gigabytes per month, totally free. Check it out at newrelic.com. Observability made simple.


Corey: This episode has been sponsored in part by our friends at Veeam. Are you tired of juggling the cost of AWS backups and recovery with your SLAs? Quit the circus act and check out Veeam. Their AWS backup and recovery solution is made to save you money—not that that’s the primary goal, mind you—while also protecting your data properly. They’re letting you protect 10 instances for free with no time limits, so test it out now. You can even find them on the AWS Marketplace at snark.cloud/backitup. Wait? Did I just endorse something on the AWS Marketplace? Wonder of wonders, I did. Look, you don’t care about backups, you care about restores, and despite the fact that multi-cloud is a dumb strategy, it’s also a realistic reality, so make sure that you’re backing up data from everywhere with a single unified point of view. Check them out as snark.cloud/backitup


Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I'm joined this week by Liz Zalman, the co-founder, and CEO of a company called strongDM. Liz, welcome to the show.


Liz: Thanks, Corey.


Corey: So, let's start at the beginning. What is a strongDM? It sounds like something that involves a little bit too much salty language on Twitter when I want to speak to someone privately. But I'm guessing that's not it.


Liz: That's not it. And in fact, there's an ongoing lottery as to what the DM actually stands for. The current winner is something called ‘Dragon Matrix.’


Corey: Oh, I like that. Or you could go with the test environment called saltyDM or something like that. It'll just go, it'll go super well because no one will ever get the wrong idea. So, what is it really?


Liz: StrongDM is a proxy, and it enables DevOps teams to both manage and audit access to infrastructure. And infrastructure could be servers, or databases, or Kubernetes clusters, or web apps or the cloud drivers themselves.


Corey: So, back in the dark ages, when I was a grumpy Unix systems administrator because it's not like there's another kind of Unix systems administrator out there, I found that all of my access control for infrastructure was gated by VPNs in a somewhat traditional environment. You'd have these fleets of data centers, and then there would be a VPN server, and if you're really clever about it, a backup VPN server and people would connect to that when they needed access for things. And I haven't gone deep into that world since I moved to Cloud, making all of security someone else's problem to worry about, or at least that’s what the brand marketing tells me. I haven't had to think about it since. What's changed?


Liz: So, I think a lot has changed, I think a lot has still stayed the same, simply because traditional security hasn't necessarily been reimagined. So, many of our customers today still have VPNs in place. But even if you have it, it's not enough. The analogy that I like to give there is a banking one. A bank doesn't just lock its front door. That would be the equivalent of a VPN getting you onto some sort of a network. There's also a bank vault, and then there's also security cameras to see what somebody is doing. So, VPNs are good, but they don't tell the entire story. 


Corey: It also didn't work well with Cloud in any reasonable way because, back when I was doing this, I would go on the AWS marketplace and spin up the OpenVPN appliance that was managed by hand, it didn't cost a whole heck of a lot. And I just kept that thing as its own beautiful hand configured unicorn there. And after I got out of managing infrastructure, AWS finally looked at this and saw the real problem with it that they then solved, namely, no one was paying AWS by the hour for this thing. So, they launched the AWS Client VPN, which sounds like, oh, good, a managed service that's slightly less hand configured. More expensive, but it still feels like the exact same approach and exact same technology. You're talking about something different. Where's the delineation?


Liz: Yeah, totally. And you can do that in AWS, but who were the people who were actually sitting there in the console spinning it up? But if you zoom out, infrastructure access used to be managed by somebody walking into an office and sitting on the corporate network, and there were only a few people that had access to that SQL Server, Oracle monolith, sitting next to you, or in the colo down the street. And those boxes had Active Directory sitting on top of it. And I think to your point, there were sysadmins managing that. 


And then Cloud came, and you all of a sudden had a proliferation of systems, of database management systems, of server operating systems. Kubernetes came into being in production workloads, what, 18 months ago now, and then you have CLI interfaces for the clouds themselves. And if you zoom out, you have, now, an entirely distributed workforce, you have lots of people who need access to lots of things sitting in lots of different places. And you actually need to sit there and say, “Okay, how do I actually manage access to this?” 


Well, I can tell you, AD doesn't speak Druid, right? And Octave certainly doesn't directly speak to Sybase. And so what do you do? You have to think about how you get people access to the systems that they need, in the fashion in which they need it, and it needs to be done in an easy, seamless way because security is known for spending a ridiculous amount of money on shelfware. Why does it become shelfware? Because it's so freakin’ hard to deploy.


Corey: It feels to me like there's a delineation somewhere, and you see this at, I guess, most startups, even some of the unicorns that have come out of the world, where there was a certain point in time—and this sort of—it feels like company archaeology, where you look at their office networks, and before a certain point, they had all their on-premises data closets running all the local stuff. And then at some point, there's a shift, where, “So, what do you have at your local office network?” “Uh, WiFi access points, and maybe a printer,” and that's usually it give or take. There's no privileged position for being on that network. It almost forces a rethinking of what it means to get access into an environment. You're no longer granted that access based upon what network you happen to be on, but rather who you are. As they say, “Identity is the new perimeter.” Is that aligned with how you see the world, or is there still a giant missing piece?


Liz: No, I couldn't agree with you more. There's getting access to the network itself, and then there's getting access to the things that you actually need access to, and to your point at the specific role or permission level that you need it. And then all of that has to be done with an ability to make sure nothing bad is going on; having that audit log if you need it. So, that's exactly right. We had a customer sign up with us once, and they're in France, actually, and I believe they launched and when they started with us, they had 17 different VPNs. That's how they were controlling network ingress.


Corey: Oh, and I've walked around the RSA Expo hall floor, and it's clear that the answer is you need a 19th VPN, and I would love to sell it to you.


Liz: [laugh]. Yes. People want to throw that VPN out. They want to be able to essentially dispense with that layer and just create that essentially a point-to-point network, right, if it's based upon who you are. Identity is, “Liz needs access to this particular server with non-sudo privileges.” How do we create that connection in a secure way?


Corey: So, a dedicated circuit vendor just heard part of what you said and made cash register noises with their mouth.


Liz: [laugh].


Corey: But that's not feasible for how people work with internet technologies these days.


Liz: Well, I think it is feasible. That's why we started the company.


Corey: Running dedicated circuits everywhere just isn't feasible to the way that most people use the internet these days, unless you have, you know, Google level of money.


Liz: That is true. And I think even Google has had challenges with taking—I mean, what is the Encore? It's a series of white papers and research papers into how you might create zero trust at scale, and yet how many people have actually implemented that commercially? Google certainly hasn't.


Corey: Oh, what's amazing is you see this at conferences all the time, where people get up and talk about what they're doing at their companies. “And you're like, wow, my environment's crap. I wish I could build something like that.” And the person next to you says, “Yeah, me too.” When you look at their badge and they work at the same company as the speaker. It's conferenceware: it isn't real. 


Every time I see something like, this is how Netflix does the DevOps—or whatever it is that they're trying to do this week—yeah, in some groups and some teams, absolutely, but every environment is a burning tire fire of sadness and regret. The only question is how honest people are going to be about that.


Liz: It's true. We've had—I mean, especially get into larger enterprises, the number of times I've heard, “We're using X,” and then you get into the conversation, and there's a team to get X implemented, whatever X might be, but, like, they're three years away from instantiating that. It's nuts. When people say they have a ten-year plan to migrate to the Cloud, I mean, they mean it.


Corey: Oh, absolutely. One of my first jobs was working in a university. And this was, oh I want to say back in 2006, one of the projects I worked on the year I was there was a wireless deployment with an eye toward getting it finally completed sometime between 2010 and 2012. And I'm staring at this going, that is so far future out there, we may not even have universities by then. That's 2010; that's years away. 


I developed something of a sense of patience since then, but these multi-year rollouts that seem so set in stone with a vision that is clearly built on technologies that are still shifting, and evolving, and improving, it just doesn't seem like the right path. But there's almost a level of ossification beyond a certain point of scale, where it's hard to do anything else.


Liz: It's true. I wonder if you put yourselves in the shoes of the—what are they—they’re an innovation departments. I mean, you have very, very, very smart people sitting in these departments, and you wonder how much they're actually able to get pushed through. I started off as an analyst. 


It was my very first job at a school, and I was talking to my boss, who's the head of analytics. And he said, “Think about what you want your next step to be because analytics has a tendency to be all of the power and none of the responsibility. You can just put a report in front of people and say, ‘here's the answer, and you decide what to do,’” or you can really have a hand in the outcome, which, right, is the same thing as consulting. And I see that tendency in innovation arms as well, where are these people are so smart, and so forward-thinking and yet, to your point about ossification, can they actually go and get these changes recommended and done in a timeframe that makes sense? Technology is always changing, and so what happens in one year? Is it already now out of style? Or is this something better?


Corey: Let's get a little bit more into specifics. Let's say I go to strongDM.com, I go to your buy page, I order one, and put in my credit card information. “Would I like it gift wrapped?” “Absolutely.” Yay, free two-day shipping. It shows up, I take it out of the box. What do I do with it from there? That may not be how SaaS products get sold, but I'm still fairly old-fashioned. What happens next? What is my user experience going through it and what problem is it solving that, as you’ve said—and we've all said that VPNs don't solve problems. What problem does this solve? How is life better now that I’ve bought strongDM?


Liz: You as a buyer, your problem is that you are managing access to infrastructure by hand. Your default state is to essentially—like, Terraform, right, infrastructure as code. And you want to be able to encode access as well and you can't do it today. So, that is the gap that we're trying to close for administrators. You should be able to hire somebody, and they should immediately get access to the things that they need to do their job from a least privilege perspective. 


As a user, you should be able to connect to the things that you need and to not have to change your workflow and to not have to have friction, and to not have to call your IT tests and say, “WTF. This is breaking?” Or, “Why can't I get onto the VPN?” Or, “Why is this timing out?” You should just be able to connect to things. 


And then the people who are administering it, you should be able to get this up really quickly. Our metric of success internally is, how long does it take you to get greenlit? And ‘greenlit’ means you got a gateway up, it's the entry point to your network, you register a database, or server, or whatever you want to test connecting to, and then you make that connection happen. I think the record is something like just under five minutes. We want you to feel the possibility of what it could be without the VPN, and without the traditional methods or scripts that you've held together today. What if it could be something different? I want you to feel that answer as quickly as possible.


Corey: So, it effectively unifies SSO, secure network access, and a single point of provisioning. 


Liz: Yep.


Corey: Is that roughly equivalent?


Liz: That's exactly right. Delegate authentication to your SSO or identity provider, create a secure tunnel between you and the thing you're trying to get access to, never have credentials on the end-users workstation, and get them connected. You have it exactly right, Corey.


Corey: Excellent. So, you wind up integrating with—according to your site—a whole bunch of different technologies, a bunch of different AWS services, you call out databases explicitly, but sadly, not my favorite database: Route 53.


Liz: [laugh].


Corey: But you do wind up talking about a bunch of different, I guess, systems of record. Splunk is on the list, Scalar’s on the list, a bunch of different AWS services, and the rest. Is this really done as a item by item process as far as getting it hooked up to each one of the data stores and the systems that the company needs people to be able to access, or does it wind up instead being something that lends itself to a more unified rollout process? 


Because, “Oh, we'll give you a free proof of concept rollout.” “Great. That's going to take me eight months of engineering time, and once I've done that, I may as well buy it because whatever you're charging me is tiny compared to what it cost me in engineering time.” What is the rollout process, and how does that look for existing environments that aren’t greenfield?


Liz: Yep, it is easy. You either buy the product or you don't, I'm not incentivized for you to do more or less.


Corey: Oh, it's a per user per month chart. That's kind of amazing. It's the exact opposite of an AWS billing model.


Liz: That's correct. It is literally one price fits all. You buy it or you don't buy it; everything is included. I just went through a procurement process with an unnamed CRM, and I have to tell you, I don't even know how these companies sell money. I don't want to sit through a PowerPoint. I want to try it on, I want to make sure it fits my use cases, and I want to click on the button to buy. 


Corey: What I think that a lot of SaaS companies completely miss is how their products or services get tested out. If I'm trying something new, and you've made a product that solves my problem, very often because I am who I am, I'm having a sleepless night. It's two in the morning; I'm trying to build something and see if it works as a proof of concept, and if I need to talk to a sales team before I can ever get involved in my environment at all, well, you don't generally have salespeople around at 2 a.m. I'm certainly not going to want to have a conversation then. I'm probably going to look elsewhere. 


But wow, that was easy; the onboarding story where I can set this up in my ridiculous twitterforpets.com proof-of-concept environment—okay, this works. Now I can start expanding beyond that, and okay, yeah, we're a giant company. Now it's time to do the enterprise sales dance. But there's something about self-service that I think a lot of companies miss out on.


Liz: And it's particularly important for this buyer infrastructure or DevOps. I mean, this is a closed-door community, they have been playing Minecraft and beer pong with their buddies, the same buddies they've had for 30 years. They're sitting in closed-door Slack communities. They trade tips, and tools, and secrets, and they only listen to their peer group. They don't want any sales bullshit, to exactly your point. They want to click on the button, they want to try it on, and they are going to decide what makes sense for them. That's it. And we should honor that, and that's what we've tried to honor.


Corey: Out of curiosity, one of the things that I noticed that you emphasize specifically, on what it is that you integrate with, you're all over the map, you have things like different versions of Linux, different AWS services, but you have a particular affinity for calling out specific databases. Why is that?


Liz: I don't want to replace or change anything that you're already buying today. So, going back to the SSO or identity provider, you have already decided that Active Directory is your IDP of choice; great, we're going to integrate with that. You have already purchased Sumo Logic or Splunk. Wonderful, here's a button you can click to send your logs to them. You already use Duo for MFA. Great, here's how you connect Duo. 


So, at the end of the day, strong is designed, I think of zoom out, to be an infrastructure API. I want to control network access and I want to be able to introspect as to what's happening to provide you with an audit trail: layer three and layer seven. We need to be able to natively support every single thing that you're using today. So, strong is the only company that supports databases natively; there's no other one. You can go to other places, perhaps, for SSH or RDP, but then you're just buying a point solution. 


So, the vast majority of companies, they have old legacy stuff, Oracle, Sybase, we just built Taradata, Db2. And then they also have memcached and they're also using Kubernetes in production. And so you have to honor where people are at, which is they've got a hodgepodge of stuff and they want something which manages access to all of that stuff seamlessly. That's what we've tried to honor as we've built this system.


Corey: This episode is sponsored in part by our friends at Linode. You might be familiar with Linode; I mean, they've been around for almost 20 years. They offer Cloud in a way that makes sense rather than a way that is actively ridiculous by trying to throw everything at a wall and see what sticks. Their pricing winds up being a lot more transparent—not to mention lower—their performance kicks the crap out of most other things in this space, and—my personal favorite—whenever you call them for support, you'll get a human who's empowered to fix whatever it is that's giving you trouble. Visit linode.com/screaminginthecloud to learn more and get $100 in credit to kick the tires. That's linode.com/screaminginthecloud.


Corey: There's really something to be said for meeting customers where they are. That's something a lot of products seem to miss, especially around the identity story, where it's, “Oh, you've been using your AWS account for ages. Great, take out all of those IAM users and use this thing instead that is going to force a complete rethink of how every single system that does anything approaching provisioning interacts with the environment. Step two…” it's one of those incredible ‘boil the ocean’ style of stories, and God, I hate that phrase, but I'm still using it anyway. It feels like it is almost insurmountable. 


I look at how I set up my own AWS environment four years ago, and I'm looking at it and I put my hands on my hips, and I survey the landscape, and I say, “Yep, absolutely. This is trash. What was I thinking?” But I'm stuck with it because migrating to a new form of management across multiple AWS accounts is incredibly daunting. How do you get around that problem? Because if—you don't have it, I know that because when I was doing homework for the show. No one I spoke to wound up complaining about the onboarding, so you've clearly solved for this problem somehow.


Liz: So, I think the thing is, how much of a pain in the ass is it today for the person who's managing that access? I remember, I got off the plane once in SFO, and there was a beautiful, there was a new ad campaign that Redis had launched, and the ad campaign said, “‘I love my slow database,’ said nobody, ever.”


Corey: It's like they’ve never heard of blockchain people. 


Liz: [laugh].


Corey: Please continue.


Liz: And with infrastructure, I have never heard anybody say, “I love AWS’s IAM.” AWS is not incentivized to make IAM easy. And even if you're using it, you're using other things that don't speak IAM, or you're on GCP, or you have owned and operated data centers. And so the person is managing access, their fingers are bleeding. They selfishly want to get out of this space. And so if they see a way to do that, to ease the pain, the switching cost almost becomes irrelevant because they get connected and they're like, “Oh, my God, there is a better way, and I can see the other side. I see the light at the end of the tunnel.”


Corey: One question I do have for you. This is more of a business ownership perspective. On strongDM.com, toward the bottom of the page, there's basically a whole section that has—says, “And yes, you can throw out the VPN.” And then there's a button with a trash can on it, and that is labeled ‘Trash VPN.’ Now, to my understanding, Trash VPN is a Cisco product. How did you get permission to use their branding on your website?


Liz: [laugh]. Did you click the button?


Corey: I did, and it is amazing. And I encourage everyone listening to this to click that button. It is absolutely phenomenal. Cisco need not listen to this episode.


Liz: Right. [laugh]. We were designing it, and we were spitballing, and I don't remember who said what [00:21:46 crosstalk], “Wait a second, can we actually put a trashcan there?” And then it animated, and it was glorious.


Corey: Oh, and then there's an emoji if you click it, it has a hidden easter egg that—yep. You need to look at this website, folks, this is worth looking into.


Liz: When you deploy a strongDM gateway, the gateway is the entry point to your network, and you can give it a DNS entry—make it publicly available—or you can put it on the corporate network, or you can put it behind a VPN; it deploys however you want. In roughly half of the cases, people end up asking, “Well, can I just get rid of the VPN thing because the only reason why I had the VPN was to get into the network access itself for infrastructure, and this kind of does the same job.” So, they just end up connecting the dots. There's no line item for a VPN. I don't have a line item in my budget: it's free, it's shitty, and they're free, so we don't sell like that, but it's a conclusion that people come to on their own, which is why we put that in.


Corey: It's phenomenal. So, other things that have come up when I was doing homework for this show, which is kind of awesome. I don't think I've ever found anything quite this incriminating. So, we're going to go with it anyway, and see if it survives editing. 


When you were 28 years old, you tried to become a tennis pro, and you lost your first and only match in 20 minutes, which is a great story in its own right, but more to the point, I did things when I was 28 where when I got married, I took a new last name in order to bury it. You are actively open about this. So, first, tell me about being a tennis pro, and secondly, why would you, I guess, not do everything in your considerable power to make sure that that story never saw the light of day?


Liz: Because I'm not afraid to embarrass myself. I'll answer the second question first. I think life is nothing but relationships and experiences, and [BLEEP] it. If I'm going to fail, it doesn't matter. I want it known that I had that experience. I'm proud of it. 


Anyways, I was in Chicago, I didn't have any friends—to give background on the story to listeners—and so I decided to join tennis, I played in eighth grade and never picked up a racket again. And I was like, man, I love this. And then somehow I was spitballing one day, and I was like oh my god, you can actually go and register for a qualifying tournament. The prize was $10,000 if you won, and it was essentially free to enter, and there was one in Atlanta. 


So, I flew down to Atlanta—a friend of mine lived there—and I entered the tournament and I showed up having never done this before. And I was wearing what I would normally wear when I played tennis, which was a Red Sox hat. I grew up in Boston, and I get on the court for this match, and the referee comes up to me—or the umpire I don’t—see I don't even know what they're called. And she says, “Hey, you can't wear that hat.” And I said, “Why not?” And she said, “Because it's branded with a logo. You can only wear the logo of a company or entity that sponsors you.”


Corey: I'm already getting angry just listening to that story.


Liz: I know, and I didn't have another hat with me, and so the salesperson to me retorts, “Well, how do the Red Sox aren't my sponsor?” [laugh].


Corey: Amazing. Oh, that's fine. They can be but they haven't sponsored us. You've got to pay our fee. It's like the re:Invent expo hall.


Liz: That's right, right. Paid a brand at eye level.


Corey: [laugh]. There's something to be said though, in seriousness, about embracing failure, especially once you for better or worse become something of a role model. And like it or not, you started and founded multiple successful companies. Sorry: you're a role model. Some of us look up to you. 


There's something to be said about being very open and transparent about failures because everyone fails, and people don't talk about it nearly enough. So, when people fail, as they invariably do, they start to worry that it's just them. And it's not.


Liz: I agree. I think, on interviews, I'm going to not answer the—are you a role model thing, but [00:25:32 crosstalk]—


Corey: Oh, that wasn't a question. That was a statement. Like it or not, you've got to deal with it.


Liz: [laugh]. Oh, man. On interviews, I get asked, “What's your vision for the company? What's your exit strategy? Tell me what we're going to be like in five years.” And the answer that I give is, “I have no idea.” 


Companies get bought, they don't get sold. We had two customers who were supposed to IPO this year. One couldn't do it because they were in residential construction and that got killed, and the other is effectively out of business because they were in retail. And so I can't control anything. The things that I can control are building a company, building a product that people want to pay at least $1 for, and doing so at scale. 


And then based on that, you get the ability to have outcomes. And so what I end up saying is, “I will speak openly and honestly about successes and failures.” Everybody at the company knows when we gain a customer, when we lose a customer, when we have a huge win, when we have a major loss, how much revenue we're making. Having been a part of a team in a startup before, I want to actually see the fruits of my labor, and I want transparency in what's happening. Don't sugarcoat it.


Corey: “Don't ever bring me bad news.” “Cool, I'll hide the thing you really need to know.” It's moronic.


Liz: Corey, it's funny, in my last company that I ended up selling, actually, we were running out of money and we weren't sure if we're going to pull an acquisition over the finish line. And I remember all the advice that I got from investors was sit down and tell the truth. And I was terrified; my hands were shaking. And I sat the team down and I said, we have two weeks of cash. I want you to stop working and I want you to start looking for another job, and I'm going to bend over backwards to get you another job. And the team sat there. And then one of them picked up their heads and says, “Are you done speaking? Can we get back to work now?”


Corey: That says a lot. Either they really believe in you or they are freaking terrified, one way or the other. We’ll take the charitable [laugh] interpretation instead. But no, in seriousness, that is…


Liz: Yeah.


Corey: It took me a long time to be convinced to go beyond just being an independent consultant because it terrified me to have other people's welfare resting on me. And I still don't know if I'll ever get used to it or not.


Liz: It's scary. Yeah. I mean, you put food on people's table. And the same thing in interviewing: so many people this year have lost their jobs, and you're on the phone with them, and I—[sigh]… it's just people at the end of the day, and relationships, and empathy. Everybody is fighting a battle and you may or may not know what battle they're fighting. It's a scary position to be in, and it's one that's very humbling.


Corey: Yeah, they say it's lonely at the top. It's not because so few people make it, it's because it's a different class of problem. You can't talk too openly in too many fora about these sorts of things with just anyone because until people have walked this path to some level themselves, they don't experience it or live it nearly as viscerally. It's a lonely road in some ways.


Liz: Thank goodness for co-founders. I am in awe of people who start companies as solo founders. I—


Corey: God, yes. I took on a business partner after two years of doing this, and that was the tipping point. When Mike came aboard, suddenly, I wasn't alone anymore. I could talk to people about NDA’d things without, you know, breaking contracts. So, it was nice to actually be able to vent to someone, and talk through things, and have the support. Hardest part of business running, in my experience, has been managing my own psychology.


Liz: I agree with that.


Corey: I want to thank you for taking the time to speak with me. If people want to learn more about you, and what you're up to, and what your company does, and exactly how strong your DM is, where can they find you?


Liz: [laugh]. It's www dot strongDM—that's D as in David, M as in Mary dot com, not BM like the toilet.


Corey: Excellent. [laugh].


Liz: [laugh].


Corey: Thanks once again for taking the time to speak with me. We'll throw links to that in the [00:29:22 show notes] while being careful of spelling and pronunciation.


Liz: Thank you, Corey. 


Corey: Of course. Liz Zalman, co-founder, and CEO of strongDM. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast app of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast app of choice along with a story about how you could have been a tennis pro but chose not to do.


Announcer: This has been this week’s episode of Screaming in the Cloud. You can also find more Corey at ScreamingintheCloud.com, or wherever fine snark is sold.


This has been a HumblePod production. Stay humble.
View Full TranscriptHide Full Transcript