Permit.io

How I Developed A $100K/Year Permissions Management SaaS

Or Weis and Asaf Cohen
Founder, Permit.io
2
Founders
14
Employees
Permit.io
from Israel
started January 2020
2
Founders
14
Employees
Discover what tools recommends to grow your business!
reviews
social media
productivity
analytics
other
Discover what books Or recommends to grow your business!
Want more updates on Permit.io? Check out these stories:

Hello! Who are you and what business did you start?

My name is Or and I’m the CEO and co-founder of Permit.io, co-maintainer, and author of the OSS project OPAL.ac. A serial entrepreneur who is passionate about developer tools, previously founding Rookout.com, a leading production debugging solution; and managing “Upwards”, the largest founders’ PLG community.

Before becoming a founder, I worked as a lead engineer in multiple cybersecurity and big data companies, the intelligence corps, as a consultant for the Ministry of Defense, and as VP R&D at Netline CT cyber division.

Prompting better and safer engineering I have been recognized as a Snyk Ambassador, and as a JFrog Superfrog

Permit.io is a Fullstack permissions service, we enable developers to bake in permissions and access control into their products within minutes, and scale and update policies on the fly.
So they can focus on actually building their core product.

We are catering to developers at dozens of companies of various sizes, already looking at a few $100K in ARR.

permit-io

What's your backstory and how did you come up with the idea?

I’m a developer at heart, I started writing code at the age of five.

Leave cold-calling behind - put your product upfront.

For most of my career I worked on cybersec solutions, with my career truly kicking off with my service in the intelligence corps. In the IDF- in a unit called 8200 (equivalent to the NSA or GCHQ).

There I learned the importance of deeply understanding software and how to evolve it- with code you deliver to production under pressure, having a direct impact on if people live or die.

I always knew I wanted to be an entrepreneur, and powering that with deep technology always sounds to me like the right thing to do - this often brought me to innovate around cybersecurity, cloud technologies, and one of my favorites - developer tools.

Working on my previous venture (Rookout) I ended up rebuilding access-control five times, for a product that wasn’t even three years old. It drove me crazy - so together with my co-founder Asaf, we decided to solve this once and for all.

It was easy to see the (huge) size of the opportunity here; aside from the clear pain we felt ourselves; it was easy to see that permissions are the 3rd part of the IAM waterfall; each of its previous tiers creating several multi-billion dollar companies.

We started by exploring and investigating the space; Asaf brought in his experience working at Meta/Facebook (where they invested a team of ~30 people for half a decade to cover their authorization needs). On top of our own experience, we interviewed multiple dozens of developers and security managers in companies big and small (e.g. Cisco, Booking.com, Armis, Monday, JP Morgan, ChanZuckerberg, as well as smaller startups).

Interacting with CISOs we quickly learned that while they deeply care about the problem, they are not the ones making the de facto decisions here, but rather developers are the ones setting the tone.

Take us through the process of designing, prototyping, and manufacturing your first product.

We started by adopting the existing open-source solutions in the space; primary among them OPA (open-policy-agent). We quickly realized we needed to add a lot more on top to bring OPA to the speed and scale needed by the application layer. For this purpose we created our own open-source project OPAL (Open Policy Administration Layer) which enables using OPA in scale, distributed, and while being event-driven.

On top of OPAL+OPA, we created Permit’s SaaS offering. We worked with a select group of design partners representing companies of various sizes to get the core aspects of the product as right as possible early on. And most importantly we set our goals to launch the product as a self-service SaaS as soon as possible. And did so shortly after closing our seed round.

permit-io
Pictured: Asaf publishing our OSS project - OPAL for the first time. My living room, circa April 2021

Describe the process of launching the business.

As a business initially we started with bootstrapping, both Asaf and I believed in investing time to deeply understand the space to make sure we speed forward in the right direction.

In this bootstrapping “garage mode” (or more correctly “living-room” mode, since we don’t own a garage) we focused almost exclusively on building an MVP, design partnerships, and market research.

Thanks to the momentum we gained in bootstrapping (initial SaaS usage [a dozen users], growing Slack community [about 150 members], OSS project being used by market leaders like Tesla) we were able to raise a $6m seed round rather quickly (few weeks) - and brought in amazing investors to support us, most notably NFX, Rainfall, and a long list of devtools and security leaders.

The community we created for developers, initially for OPAL, and later on for additional supporting OSS projects, and the SaaS offering as well- grew organically to a few hundreds very quickly- with people mostly learning about the offerings in other communities and via word of mouth. Conversations with customers reaching out to us through the community helped us improve the maturity of the product and our top-of-funnel go-to-market.

We were happy to see the promise of PLG fulfill itself, as huge and small companies alike reached out to us.

From raising seed, we quickly grew the team (from two to 17), with an HQ in Tel-Aviv, but with all employees working in a hybrid fashion, and with team members all over the globe.

Product-led growth works and is almost always a must when marketing to developers.

Since launch, what has worked to attract and retain customers?

We are a PLG, bottom-up, dev-focused company; and are zealous about this from day 1.
We have no sales people, and in everything we do we strive to authentically connect with our customers. We believe in putting real value for people out there and making it as approachable and easy to use as possible.

Unlike some of our competitors, we focus on what developers actually need and want, and not just what tech sounds cool. At the end of the day, you either solve a problem for your customer and solve it right; or you’re missing the point.

This approach has proved itself several times over, with constant organic growth of our community, constant adoption of our OSS, and of course growth of adoption of our SaaS offering.

As a by-product of that, we also spend very little on ads, or any over marketing / sales efforts that are not organic / authentic at their core.

How are you doing today and what does the future look like?

Now that our core team is all in place and we have achieved significant growth with both our OSS offering and our SaaS offering, we are looking to expand our reach into the market by reaching and onboarding as many developers as possible onto our platform.

With our initial customers, we learned that a single developer can migrate their company’s product (Supporting more than tens of thousands of users) to be powered by Permit.io in production within a few weeks.

Thanks to our PLG motion these interactions are mostly low-touch, and even zero-touch on our part; which has the benefit of having the minuscule cost of sale / COGs, and very wide margins for the business as a whole. You gotta love PLG.

Intimately understand who you’re taking money from.

Through starting the business, have you learned anything particularly helpful or advantageous?

I’m happy to share from the accumulated experience here from starting two dev tools companies (Rookout.com, Permit.io).

Product-led growth works and is almost always a must when marketing to developers.

Leave cold-calling behind - put your product upfront, remove as much friction as possible, and focus on creating great and well-aligned experiences for your customers with said product.

If you’re a founder looking to learn more about PLG, you can join Upwards (the world's largest founder PLG community).

There’s a huge difference between product-market-fit and go-to-market-fit; if the two seem similar to you as an entrepreneur or if your answer to the two is too similar you are probably missing a key part of the real story you need to figure out and tell.

What platform/tools do you use for your business?

Linear.app for ticket management.

Logrocket and Pendo for analytics.

What have been the most influential books, podcasts, or other resources?

Probably my favorite book, and also the one that most influenced my thinking is The Selfish Gene by Richard Dawkins, it teaches critical thinking with evolution, recursion, and emergent phenomena. These are built-in mechanics of our world that control and affect so many aspects of our lives from biology, economics,politics, to startups.

Advice for other entrepreneurs who want to get started or are just starting out?

  • Don’t get lost in the rollercoaster, you’re running a marathon, not playing Mario Kart.
  • Most software business models are going to be adapted into PLG, and usage based pricing in the next few years; take that into account when planning your own.
  • Start small, and grow fast. It’s all about exponential growth; not the initial leaps you take.
  • Intimately understand who you’re taking money from.
  • Listen to investors, but never take their advice as is. If they knew how to build the business they would be building it, not investing in it.
  • It’s your company, your child; no one will ever understand it as well as you do, and no one will ever feel its pains as deeply as you do. Keep that in mind.
  • Celebrate. The big things, the small things, and even nothing. The road is tough and the tough get going, but it's easier with happy people on the journey.

Are you looking to hire for certain positions right now?

We are always looking to hire amazing engineers across the globe for both dev and dev-advocacy roles. Check out our careers page.

Where can we go to learn more?

If you have any questions or comments, drop a comment below!