When it comes to the Silicon Valley, there are two titans that make all the decisions: CTOs and venture capitalists. At least one newly minted VC finds that being a CTO is quite similar to being an investor.
Steve Herrod was VMware’s founding technologist, having developed the virtualization technology behind the company while at Stanford. He has spent the last two years working as a venture capitalist and managing director at General Catalyst.
(Related: Investment news from Amazon)
The crux of the similarities comes from the fact that both jobs are heavily focused on having strong opinions on technology, and betting heavily on which tech will win in the long term.
“I got into venture capital after realizing the CTO job can be pretty similar to the VC job,” said Herrod. “You have to have pretty strong viewpoints and opinions on where the world is heading. We acquired 20 companies while I was at VMware, so you learn how to evaluate companies and how to integrate them. Once you’ve invested, a big part of the CTO job is to influence without direct ownership. Helping people get to the right answer is something you do as a board member quite a bit.”
There is one giant difference between the two roles, however. “CTOs say yes to everything. VCs have to say no a lot,” said Herrod.
So just what lessons has he learned from his time at VMware, and how does he apply them to investing?
“I realized very early on that infrastructure itself is a huge spending area, and it’s really just a means to running apps,” he said. “I got very interested over the last four or five years, not just in DevOps, but in general how can all the infrastructure move faster? How do you get it to allow apps to move out faster?
“I worked with Heroku and the spinout of Pivotal. In this role as VC, a big part of what I’m doing is looking at the changing world of infrastructure and how the DevOps movement can be applied to mainstream enterprises.”
That means paying attention to things like Ansible, Chef, Puppet, Salt and Vagrant. “If you just abstract it out a little bit higher, the more profound thing is that people are beginning to capture infrastructure as code,” said Herrod. “If you can have it be in code, you can do all the things people like in code. In an ideal world, the code itself is the most efficient way to express the infrastructure. Any modern TV you buy tries to be super smart. Netflix keeps popping up with a ‘Do you want to update your software?’ pop-up.”
Another technology Herrod has been looking at has been containers. Just like with VMware, he said that this is technology that has existed for some time, but hasn’t really seen mainstream adoption until now.
Specifically, Herrod said that virtualization technology was invented in the 1970s, and that his team at Stanford jokingly referred to their software as “Disco,” because they were bringing it back. Similarly, containers have existed for some time, but the sudden market enthusiasm for them is what has changed.
Herrod is interested in seeing how containers can drive developers and admins to go faster. He said that containers will likely allow developers to compose their applications from smaller components, and that both virtualized and containerized systems will exist side by side.
There’s one area of software development Herrod is aching to see fixed, however: security. He has spent a lot of his time as a VC trying to figure out, “How do we incorporate security from the very beginning? How do you get the security team to have a seat at the DevOps table?” he said.
“Security just moves slower than the speed everything else is going. I think security needs to be abstracted from the infrastructure, not like it is today with firewalls. I also think you need to find a way for developers to incorporate whatever security is in there from the get-go. You move very fast with agile, and when it comes time to deploy it, stuff gets wrapped around it.”
In an effort to allow developers to add in security by simply including a single line of code at the top of their applications, a la New Relic, Herrod has invested in Illumio.
“The one company that gave me hope is New Relic,” he said. “I thought it was so cool what they did: If you put in an include at the top of your code, all of a sudden it was giving the developer something interesting. The real search has been, can you find something security related that is trivial to include?”