Courier is the fastest way for development teams to build product-triggered communications (email, chat, in-app, SMS, push, etc.) into web and mobile apps. To-date, they’ve raised $47.7M from investors like Bessemer Venture Partners, Matrix partners, Google Ventures, and graduated as part of Y-Combinator’s Spring 2019 batch. Twilio and Slack are also direct investors in Courier. Their customers include Vanta, Contentful, Lattice, Launchdarkly, and Cribl.
Troy Goode, CEO.
Troy has been a repeat engineering leader and CTO at companies like Eloqua, Oracle, and Winmore before founding Courier.
Seth Carney, CTO.
Over the last 2 decades, he has transitioned from his start as an InfoSec engineer to an engineering leader at a range of companies and sizes like Eloqua, Oracle, Winmore and now Courier.
Tejas Kumthekar, Software Engineer.
As Sym’s main point of contact and implementer, he works closely with the team to make sure workflows are functional.
When Courier first approached Sym, they were a company of 9 people. For some companies at this size and stage, investing in a high-integrity security posture might come as an afterthought to rapid growth and customer acquisition. As an experienced technical leader, Seth knew that Courier would encounter the traditional challenges that most software companies experience during maturity:
Chief among these challenges was his concern for maintaining high velocity of customer support. While having a tight access management culture was critical for mitigating breach risks, he knew that protectionary protocols often carried the cost of reduced response times and bottlenecks for customers.
Seth weighed the pros and cons of varying solutions: hire someone to own these processes, have his engineering team build a tool in-house, or look into a reliable vendor. The first two options were non-starters for him, because it meant that internal resources would have a focus outside of building value for Courier’s customers.
When Courier first evaluated Sym, they worried that the tool’s foundation in Terraform and Python would be difficult to adopt as a company that primarily uses Typescript and CloudFormation. Despite these initial concerns, they were intrigued by the customizability that Sym offered with their SDK and platform approach. They spun up a POC and found that Sym’s configuration-as-code and simple cloud deployment were a significant and critical differentiator to other tools. It meant that they would still be able to use their SDLC: GitHub for source control and branch protection, auto deployments, notification systems when builds fail, and of course, audit. As Seth put it, “The fact that it’s a developer tool is a pretty big enabler for us. If you’re thinking about building you probably shouldn’t. ”
A company’s security posture quickly becomes an integral part of their operating DNA, and building a process-heavy, limited-access culture was never in Seth’s plan. Instead, he wanted to make access safe, fast, and auditable. Sym’s context-based and time-bound access workflows were a major unlock to redefining how employees would experience access management. Since first implementing Sym, Courier’s engineering organization has scaled 5x, and Sym has remained a critical cog in ensuring their growing team can work quickly and safely.
Using Sym, Courier implemented a handful of workflows focused on AWS permissions and access to customer metadata, which teams review for troubleshooting technical issues. Seth always planned to create this kind of safety, but Sym helped Courier scale that strategy. Now, all access related to infrastructure or customer data is approved, either by a peer or via automation, granted by Sym, automatically revoked when completed and visible to everyone on the team.
Culturally, Sym helped prevent commonly-encountered friction for implementers, end-users, approvers, and compliance authors:
When asked to quantify the impact of using Sym, we were expecting to calculate one of two boilerplate formulas: (time to build * hourly cost of an engineer) OR (time to approve * number of requests). The answer, however, was not focused on Courier’s time savings. Seth was quick to measure the impact based on time that was saved for their customers - which is immeasurable.
“Imagine: a request comes in at 8pm but the engineer can’t get access to customer data to troubleshoot until the next day. That’s a critical issue that they can’t address until they have access to systems to triage it. The quantifiable time is how much faster we can respond to customer issues, and how fast we can offer support”.
In addition to being able to quickly access customer data in a safe and auditable way, Seth felt that Sym’s ability to help them streamline approval processes and experiences while capturing auditable activity, “made security and compliance not suck”.