When it comes to startups making waves in cybersecurity, Smallstep is a name that’s hard to miss. Founded in 2016, the company was born from a firsthand frustration: while working as CTO for an online gambling company, founder Michael realized the industry was facing a fundamental issue with how developers were pushing code.
Determined to fix the problem, he set out to build a solution – and what started as an effort to improve internal standards in a tightly regulated industry soon evolved into something much bigger.
The Journey from Standards to Open Source Leadership
Smallstep first focused on developing standards, particularly crucial in the online gambling world, where compliance is everything. But the team didn’t stop there. Over time, they expanded into open source, creating what has become the most popular open-source certificate toolchain on the market.
They even played a part in setting global standards, working alongside tech giants like Apple and Google, which helped propel Smallstep into the spotlight and shape the company’s future direction.
The Underrated Superpower: Locking Down Devices
At the heart of Smallstep’s value proposition is a deceptively simple idea: making sure that the device you trust is actually the device your employee is using.
Companies invest heavily in antivirus software, trust tools, and other protective measures, but all that investment can unravel if an employee logs in from an untrusted or personal device. Smallstep’s solution ensures that only verified, company-approved devices can access sensitive resources—providing one of the strongest guarantees in the industry.
Surviving (and Thriving) in a Fast-Changing Industry
Eight years in, Smallstep has learned a lot about staying relevant in the ever-evolving world of cybersecurity.
The biggest lesson? Adaptability.
Cybersecurity- and tech as a whole – moves fast. Smallstep’s ability to pivot, whether from building standards to open source or shifting into enterprise IT, has been key to its longevity. As the company puts it: if you’re not agile, you’re going to drown.
Keeping the Team Engaged in Startup Life
Startups are notorious for being intense, and Smallstep is no exception. But the company’s approach to culture helps keep its remote team motivated and energized.
With a fully remote setup and an unlimited, flexible time-off policy, SmallStep trusts its people to manage their own time like adults. But they also know the importance of connection. That’s why they prioritize bringing the team together in person at least once a year. Last September, they hosted the entire team (and even some family members) at an all-inclusive resort in Cancun – a mix of work, play, and genuine connection that keeps everyone fired up for the road ahead.
Looking ahead, the company has big ambitions. The goal? To double in size within the next year and cement its place as a major player in the identity and access management space
For a company that’s already gone from solving an internal pain point to setting industry standards, the future looks very bright.