Welcome to DevX Unpack. I'm Alan Carson, co-founder and chief strategy officer at Cloud Smith. We're solving the challenges of artefact management and are on the path to becoming the software supply chain itself. In this weekly podcast, we share knowledge from Cloud Smith employees, customers, and other great guests from the software industry. Along the way, we'll unpack topics like the cloud security supply chains, and of course the developer experience. Welcome to the podcast. It's great to have you here. Jack and I have known each other for a couple of years now, maybe two or three years I would think. Yeah, and the podcast is called DevX Unpacked, so it's all about developer experience. And Jack, you are the first external guest. We've recorded a few episodes now, but it's all been internal, which is to get me into the spirit of asking questions and figuring out all the technical details, but we thought that you would be a really good first external guest to bring in, given that our paths have crossed in the past and you actually did a bit of work for us at Cloud Smith a couple of years ago, and you are a prominent startup founder in the Northern Ireland ecosystem at this point.
So I would love to hear a bit about your background on what your path was to becoming a CTO.

Yeah, well thanks for having me, Alan. Really good to be on the podcast and yeah, as you say, it's always great to chat with you. Loved, loved every conversation we ever had, and it was really great to be a very small part in helping Kyle Smith out, I think a couple of years ago now bizarrely, which doesn't seem like that long ago. So my self entry into what I'm doing now was probably a little unorthodox, but I don't, I suppose that's how a lot of these journeys start. I did an aerospace engineering degree and I was saying to someone recently, it was probably due to a lack of understanding of what a computer science actually was or whether it even existed. I remember sitting there thinking about what degree I should do and I wanted to keep lots of options open. I didn't really know what I wanted to do with my life and chatting to someone saying, well, I like computers, I like solving problems, I like writing code. Any ideas, big shrugs all around. So I thought, well, I'll do aerospace. I quite like planes. And then two years into that, I enjoyed the course, but I did a placement year at Rolls-Royce. Found out that building jet engines is hard and slow and there's a lot of safety involved as there should be, and I'll come onto why I think there's maybe interest

Software. Sounds pretty similar it

There's no one undo button on a jet engine in a test bed though, but true. Yeah, it's actually interesting. In all seriousness, there are lots of parallels. I now realise later on in my career, especially as a CTO around safety and QA and security, all those kinds of things. So I think there was definitely something in that, but going back 15 years, I realised that I kind of wanted to be more closer to the tech. I kept finding myself gravitating towards things like writing visual basic macros to make handling spreadsheets easier and solving those little rough edges, little bits of friction on a computer rather than on a technical diagram or with a screwdriver. So I went back to finish my degree, but all the mine stuff, I'd realised at that point I didn't want to graduate and go back into the kind of job my placement was.
So I sort of tweaked my final year module slightly and did a business module and actually an environmental science module so that I'd still get all the credits to get my aerospace engineering degree, but with a few extra modules plugged in and became a technology consultant or management consultant really, but specialising in technology out of university. I can't remember, my first manager on day three of joining Deloitte said to me, have you ever written any objective C as it was at the time for iOS apps? I said, no. And he said, well, do you want to learn? I said, yes. And he said, right, well, here's a two week intense course online. Do that and then we'll put you on a project. And more or less from then it was hands-on, get stuck in, learn as you go. And yeah, about 12 years after doing that, I find myself in the CTO position for the second or third time depending on how you measure it. I think

You actually have a CEO credit on your LinkedIn as well,

But I spent the tail end of 2020 as a solo founder, CEO, that's my CEO credit there getting Gratzi, which is a contactless tipping platform. I was trying to make micro appeared to be a payments easier, so I did that. That was great. It was a really good experience, but I realised that being a solo founder and especially a solo technical founder was tough and pretty on unforgiving. And also I wasn't particularly good at marketing and sales people sort of said, oh, you can bring that in, you can find the right people, and I was sort of midway through looking at doing that and thinking about doing arrays of sorts when Strike Pay, who were basically doing a very similar product to me, they're based in Dublin. I got a kind of intro from them. It was one of these intros where it was actually Ian Brown from Ignite said, have you seen these guys?
I looked them off and I thought, oh no, very similar to what I'm doing, and they're a fair bit further ahead than I was. So it was one of those things where Ian said, have you seen these guys? An hour later I sent them a LinkedIn message called saying, Hey, look, we're in the same boat here. Should we have a chat? They came back to me and said, let's have a call tomorrow morning, and I had an offer of an acquisition by the 24 hours later now. It was very much an acquihire. I mean they had a gap in there, tech and engineering leadership, and I had every other gap other than that.

Was it a good fit then?

It was a perfect fit for that. So it worked really well and I came in, brought some of my tech, but also helped get their tech on track, helped them hire, they just raised a pre-seed round at that time and went on to raise a seed round shortly after. Initially I joined them as VP of engineering. They weren't sure whether I was going to be someone that could be in the CTO seat, but after a couple of months they made me CTO and that went really well actually, and we did that for about 18 months after that.

But that was good. That was good for us. Then you started your consulting side of things, right? Yeah,

That's right. So after that I was probably a bit burnt out and just looking to try something different and I thought, well, I'll do some consulting. I didn't really know what that would necessarily look like, but it was a combination of fractional CTO work and what I was doing for K Clouds with, which was sort of in a specific niche that needed some attention. I think it was sort of front end stuff I was looking at with Clown Smith, and I really enjoyed that. I did that for about 15 months in total, the contracting, I was always making sure never to do more than one or two days a week per client, which was interesting. It kept things very different, but it was a bit exhausting trying sort of spin all those plates so useful and I guess it was a little bit of a kind try before you buy in some sense because right at the end of that, I mean this is why I was right at the end of that. I was introduced to Control Alt who were looking to hire A CTO and actually was introduced to them by Michael Blakely, actually from Equitas. He'd been approached by one of them to help them do hiring, help 'em do interviewing, and he put them in touch with me and I was going to interview a series of CTO candidates and we did a few interviews and broadly feedback was the people that they had in their pipeline was more so good senior engineers than engineering leaders. And

So sorry, you were trying to hire the position that you ended up with?

Yeah, exactly. Wow. So I mean I did go into it sort of fully expecting to hire somebody that wasn't me, and after probably a month of doing, I know maybe somewhere between five and eight sort of interviews, I all come back with me not saying this would be a good hire for an engineer, but I don't think it's who you want in the leadership team. I said, look, do you want me to do this fractionally for a couple of days a week until we fill the gap? And by this point I was really falling in love with the problem and the team were just really onto something. They just raised a decent seed round, so it was sort of I thinking maybe there's a full-time role here. Unfortunately. They then said, would you be interested in the full-time role? And probably had said yes before they'd finished answering the question,

Don't be too eager.

I'll have to think about it. But yes, and it's been great sd, so that was, let me think now, that was October, 2023, so yeah, over 18 months ago and yeah, at that point, I think it was employee number five and we've just hit 30 this week, so we now, which is great actually. And there's about half in Northern Ireland, predominantly product engineering, and then the other half combination, roughly a third in that half roughly some remote, some in London and some in Dubai. So it's really interesting. We're going through all those challenges that I know you've been through with things like ISO and how you scale beyond. We've now had to have multiple engineering teams and how do you manage multiple roadmaps and stuff, but really interesting, really, really sort of fun time at the moment as we try and grow. That's

Amazing. I'm really pleased to hear that things are going well.

Yeah, thanks is good. Nice.

Yeah, so maybe give us the pitch. What does Control ALT do?

Yeah, so Control Alt is an alternative investment platform, so alternative investments are really anything that isn't traded traditionally on an exchange. So to take a step back, we're a FinTech and what would traditionally happen if somebody was wanting to buy a large financial instrument or any size financial instrument like a share in a company is they go through lawyers, they draw up a share purchase agreement and they'd go through months of expensive legal work. And again, often that's one buyer, one seller. If you have 10 buyers, pretty much time that effort by 10 times that price by 10 or thereabouts. What our platform allows people to do is to list traditional assets. They're then fractionalized and token tokenized, so we use the blockchain for a very specific use case in this, which is to give a digital representation of a share and then those can then be traded on our platform.
The way to think about it, it's sort of like building an exchange for trading alternative assets, but lowering the barriers for who can list assets and who can buy these assets and yeah, it's interesting. We're doing quite a lot of work. A good example of alternative assets is property. We're doing work at the moment to allow people to fractionalize property, which means that rather than having one buyer, one seller, if you've got very valuable property in London, say you've got, say you own the Gurkin, you could effectively fractionalize it and have a thousand buyers each own 1000th of the property, right? Amazingly, of course it lowers the cost of that, but it also lowers the speed effectively. If you think about how easy it would be for me to transfer a cryptocurrency or even regular currency through my banking app to you, we're trying to make it so that's the level of effort required to transfer my one sat and 1000th of the kin to you.

Right. Great. Amazing. So I would love to dive in maybe a little bit around, you mentioned your developer teams and your product and engineering being in Northern Ireland. Are they all remote or do you have an office?

We have an office actually in Hurst, so we would be very much hybrid. We have three engineers who are fully remote, but they are all based on the island of island, so we're able to get together probably monthly with everyone. The rest of the team though are all hybrid and we tend to be in the office two, three days a week and that's been interesting. We've largely found that at our stage of how it is in those early stages of really iterating and pivoting and seeing what works and what doesn't. Having people in a room around a whiteboard has been really helpful. We've also got a relatively junior team, so we've hired, we've about five graduates in the team and what we found is that just having that mentorship of somebody who sat next to them effectively who can prepare, do reviews, and just generally pick up on those unspoken messages you might get from people about body language or if it looks like they're getting stuck on an issue, something stalled, then being able to intervene. So we found that the hyper pressure is working quite well for us at the moment. Interest to see how it scales,

I mean we are all remote now. We do have an office and people do come into it for meetings and we have Wednesdays usually it's fairly filled, but there's some pot desking and everything from that perspective, but not a lot of coding gets done in the office. I mean all the coding gets done at home at this point, and as we have scaled and we have people now in island of Ireland, quite a few based in Belfast and surrounding areas, the uk, India, and those are our centres. Yeah, I mean it's hard from the point of view of trying to keep, you don't want the remote people to feel like they've missed out when that's the balance is like how do you get people together and typically we do offsites three times a year and then we do product and engineering like mini offsites for that team or for those teams, and that seems to be working for us, so we are up to, we're about 88 people at this point, so just the level of scale just magnifies everything.

Yeah, doesn't it? I mean even I find that already just those things that used to just take, oh, it takes a minute per Mac for example, and I go, okay, well that's 30 max now that's half an hour. If it does little things that scale very quickly on that, do you find the levels getting okay with that mix as well? Do you have junior people that would be fully remote as

Well? So we actually don't have a lot of junior people. We've kind of hired a bit higher up the stack. We've got one guy starting this summer, he's a newly graduate and he did a placement with us last summer, but we typically haven't been doing graduate programmes or anything like that yet. I think we will, but it's been interesting and I mean actually this is one of my questions for later in the chat, but it might be worth talking about it now. I'm sort of seeing a general trend in the industry of there's not a lot of jobs for graduates and there's not a lot of placements floating around and the excuses AI has taken over a lot of that sort of early stuff that it's nearly easier to have an AI augmented senior engineer than it is to try and bring somebody in and junior and train them up. It's an interesting paradigm for what's going to happen in the next three to five years in terms of who's available on what they're doing. How have you been thinking about that in terms of your hiring strategy?

Yeah, it's a really good point. It is something we have been thinking about and we've been trying to make sure outside of hiring is a second, trying to make sure that our strategy is to really embrace AI where it can help us but also not get carried away by some of the hype. There obviously are huge benefits to some of the tooling using site cursor or copilot or any of these tools just to have that almost like extra pair of eyes. One thing that's interesting I found actually is we've had to be maybe a tiny bit careful on letting some of the grads or people too early on in their career run too loose with these tools in that if they don't get the right questions or the right setting for them or they don't know the right way to review the inputs and outputs and get some real garbage code in there because they won't fully understand the assignment, and then of course rolled up in an AI tool that then misunderstands it a step further.
So we're trying to make sure that we don't let, it is not this sort of unguarded tool that people are given and not told how to use. So I'm actually trying to teach some of the grads and even the mid-levels actually about how to use these best for their, to make them better engineers rather than people standing over at all and not really understanding what's coming out of it in the hiring sense. Yeah, it's interesting. We've almost looked at it the other way, rightly or wrongly, in that if we get some people that earlier on in their career who perhaps have a real desire to learn a real interest in the industry, but obviously they don't have years and years of experience, they maybe have one year experience or two at best and often fresh at university that we're trying to think of is if we give them some good coaching, so some good seniors around them plus the tools like the AI tools that they can run with and get that kind of feedback from those very short loops using ai, then perhaps that means that we're getting, obviously speaking slightly facetiously and you can a senior for the price of a junior because you've enhanced them with those tools.
It'll be interesting to see how it all plays out on that. We've definitely found that if we put a graduate job out, we get hundreds and hundreds of applications. So I would definitely agree that there's a shortage of roles and I've seen a lot of the big players in the industry close up their graduate schemes or at least reduce the numbers, and that's going to be interesting and the kind of optimist in me is thinking, well, that's an opportunity for us as a relatively unknown startup to get some of the people coming out with the top grades and the most impressive cvs who may have gone to look at the big players and they're now finding the gold shot might come to smaller players, but I'll be interested to see how that plays out.

Yeah, no, that's really interesting, and I suppose I want to point out that it's actually not our strategy to hire senior engineers and get them to use AI to replace juniors. That's not what we're trying to do. I think our code base is pretty, I'm pretty multifaceted, and so we have just sort of been on this path of trying to get people in to really raise the tide very, very quickly, and that has just sort of meant that we've gone a bit more senior at this point. I do think as we grow, I was very passionate about this kind of graduate programme that we had at Nazi because I really, people, I really like young people coming into the business and asking the questions and asking the hard questions, and a lot of the time I would find, well, I actually don't know the answer to that, and I would've to run off and try and figure it out. And I kind of feel like sometimes when you bring in experienced people, they actually don't ask the hard questions. They just go off and kind of figure it out, and then actually the shared knowledge is not actually maybe as tight as you would think, but yeah, no, I mean I really hope that strategy works for you. There are some amazing people, amazing graduates that come out of the local universities.

Yeah, yeah. My approach has always been it's easier to take the kind of enthusiasm and desire to learn and that kind of attitude of, okay, I don't know this spot, but teach me and then give them the tools or the support that they need to really get the most out of them. Then it is perhaps to take someone that's the senior but will say, well, I do this tech and this and that, but I won't. I'm not going to touch this, or I'm not going to do any DevOps or I'm not going to do that. Now, obviously, I'm not saying that every senior engineer is like that, but I've definitely found that in the hiring cycles, there's maybe in the earlier stages of people's career, they're willing to sort try a bit of everything, and that's worked quite well for us at our early stage. I think it's probably a stage thing as well, because 18 months ago we had no lines of code. We just had a thing that we knew we wanted to build. We had an idea of how it all plugged together from a technology point of view. One example of that is, I suppose, or one example of the decisions we made is that we decided to be node TypeScript across the board, front end backend because I thought, look, I want to hire some TypeScript engineers, some JavaScript engineers, and know that I could put them absolutely anywhere as needed, and that's starting to creak a little bit now. It's funny how that

Happens.

Yeah, it's still one of the things I'm clinging onto is not sort of going, well, actually this tech or this language is going to be better for this problem and then have to have the team that can do that. Now, that is an interesting one. That could be back to the ai, could be something that I think it'd be easier to find someone who's a very experienced typescripts engineer and say, look, we are going to start porting some of this over to Python or Rails or Java or whatever it is. Use AI as your teacher and run with that. But yeah, it is been an interesting one with, because what we do, there's blockchain related to it. We initially set out saying, well, let's try and hire some blockchain experts to really come in. And really, although we could find a few of those people, very much, they were of the, I mean, it's probably just people we found, but they were very much of the attitude of, well, okay, I'm going to join you and I'll do your blockchain stuff, but I'm not going to go and build you a next JS app, or I'm not going to go and dip in and update some backend express JS code.
So we would sort of say, well, okay, well let's take the people we have and give 'em a real crash course on the fundamentals of blockchain and some of the integrations that we do because ultimately you'll relate to this whatever the technology, whether it's ai, blockchain, anything else. Usually you can break it down to some APIs that do some things and some data that goes from here to here. It's very much the same with blockchain really. I mean, obviously I'm hugely oversimplifying everything, but at its core you can say, right, well, let's start with what do the interfaces look like and then move from there. And it's such a,

Oh, no, I completely agree. It's basic building blocks, but it's how you build those basic building blocks into something magical.

Yeah, exactly. And it's all about making it so that it's taking those building blocks and putting one on top of the other in a way that you're building a foundation and not stacking them all over the place. We've been, we've sort of supporting multiple blockchains at the moment as well for different use cases and different geographical regions and various reasons. Trying to build this platform in a way that means it's really easy to plug in another blockchain or another type of wallet, another token type has been the big challenge really in making it all common. When I said there was no lines of code 18 months ago, it was not strictly true because there was an agency before I joined who had built a very quite, I mean a pretty good MVP that was a very thin slice, but of course the questions were then coming, okay, now we want to change it to another blockchain, can we, no, not with this, not the way this has been done. And it was very good for proving out a use case and probably raising it the C round, but when I came in it was every leadership team hates hiring the CTO that says, I'm sorry, we're going to start again. But that's what we did really, and what we've got now is pretty robust and using it for a number of different use cases in a number of different regions. So it's broadly touch wood doing what it needs to do. But yeah, getting those building blocks is the challenge.

So I mean, starting afresh must have been a really interesting challenge. So how did you think about those more of the tools and frameworks and platforms and cloud-based?

Yes, cloud-based, again, we've kind of decided early on to go freely cloud-based, build everything on the infrastructure in the cloud, try and do everything infrastructure as code as well to make, so we didn't have to getting people that had to maintain certain states or had assumed knowledge. We set up with that from the beginning where we've got certain blockchain technology, we have to run nodes as well as we try and run those in our ecosystem as well, we run them on the cloud as well. And that can be interesting as well because you're trying to run, some of these machines can be quite intensive and they're a part of a big network doing lots of transactions, but it gives us that edge and that we have our own nodes that we can communicate with. Stepping back from the blockchain, we're largely building really, it started off as a UI with a very simple backend that was a thin wrapper to do things on and off the blockchain, it's very much in the 18 months changed to be a platform.
We call it our platform, which is a set of APIs which allow you to tokenize and trade, sell and buy and find out various information including things like listing your assets to sell. And then what we initially built to plug into that was a set of almost like micro front ends, not the wrong term really, but very small MVP UIs that would use our APIs to do very specific use cases, whether it's like property or for a certain customer listing a certain type of assets. We could bake some of the journeys if you like, into these apps and then it would just plug into our platform in January we decided to, it's one of those things, you know what it's like as a startup, you sort cast your net, put a few MVPs out there and see which ones land. And happily for us, but also slight headache for us was that we found that actually three main ones landed really well and stuck and we had to take a step back and go, okay, we hadn't really planned to support three products on the front end.
How can we make these common and core? So that's our big roadmap item right now is we're building a UI called Unity, which is supposed to be the one interface that everyone will use to go in and out, and if you are a property seller or buyer, you'll have a certain set of feature flags which will give you a certain experience versus doing something different. But it's all SaaS, it's all cloud, there's nothing sort of on-prem or anything like that. So that's interesting. And it's also quite interesting because a lot of our, we are often working with quite traditional companies, traditional finance type companies who will often ask us about do we do, how are we set this?

Yes, we've been asked, do you do on-prem M every week since we started and we were like, cloud Smith is in the name of the company. It's literally name. Yeah, exactly. Yes,

It's an interesting one. And we got all kinds of, I'm sure you found this too, that when you're in, you are obviously in the very much the space of security and supply chain, we're very much in the compliance need to be regulated. There's a lot of boxes you have to tick in terms of security and ISO and we know Dora, have you had to do anything for Dora yet in the island?

No, I don't think so. Well, let me answer that again. I don't think so, but that doesn't mean that we're not looking into it.

Yeah, I believe if you're doing ISO, you get most of, you're sort of ticking most of Dora's boxes by default is what I'm told. Whether that's the case or not, I don't know, but it's just interesting, we sort of go full circle on this. We set out as a technology function and say, well, let's make sure we're doing security best practises and designing this way and building this way. And then our compliance team who are trying to get us our various regulatory frameworks in various jurisdictions will go around the houses and they'll come to me and say, oh, they've said we need to be ISO, we said we need to be door compliant. And you'll say, okay, that's great. We're on it, but there's a give and take here. So we'll then try and work out exactly what it is is being asked for and where, but it does make them custom change.

Yeah, no, and I think we are seeing compliance being more important than ever and security and supply chain management are leading more to compliance just being a function that things need to be secure. So a number of our customers are trying to go for FedRAMP and there's a whole list of how do you make sure the provenance of the assets that you're assets and artefacts that you're bringing into your system. And so Cloud Smith has become kind of a key tool for solving some of that. So actually we're not as far apart as you might think. What has traditionally been FinTech government has definitely started to bleed out into the private sector.

And you can see just in the news today actually, I had the co-op apparently have had a security breach or something and then it was Mark's dispensers at the weekend and there was another one I think, and you're starting to realise that I think these sometimes very big organisations that maybe thought, oh, well, it doesn't matter as much for us, and I'm sure they wouldn't say that publicly, but what I mean is the people that think, wow, this is for the banks to care about. They're starting to realise that it really can wreck your business if you're offline for a week or co-op telling people not to send messages internally because they could be being read by malicious actors and things. It's a very interesting time. I think security is going to become more and more of something that gets taken seriously from day one of any startup and any tech business rather than something that's sort of bolted on at the end.

Yeah, no, we've always thought it was really interesting that when you go for investment, the first thing that the VCs ask for is what open source are you using and do you have the licences to own it? And so almost at the very, very beginning, you need to know what open source you're bringing in and how you're utilising it.

Yeah, it was interesting. Even like Grady, bear in mind the business was less than a year old and it was just me when the acquisition was going, one of the first things that I got asked was, please, yeah, exactly that, a list of all your open source software and what licences. And I remember thinking, oh no, I haven't thought about this, but it is really fascinating. And we had, I won't name the party, but we had a vendor contact us this week, say we've had a supply chain attack.

Yeah, no, we see a lot of companies struggle with things like that, bits of code getting put into open source, put on a public registry. And then quite interestingly, a lot of the time it's then removed so that it only exists in a historical version and then it would get pulled and then can easily get patched, but you don't really know what the blast radius of the damage is and how long. I think there's some crazy statistic about how often the log for J package is still downloaded to this day, even with all the controls and checks, and I assume that it has been pulled down from the public registry at Cloud Smith. We immediately put in a block so that none of our customers could download that. And now we have a whole enterprise policy management feature set where you can actually write your own rules to basically prevent things like that. But no, it's a big problem.

It's just interesting to see. I don't know any tech organisation now, including banks. I did quite a lot of work with banks when I was consulting that aren't using open source somewhere. There must be a very small number that aren't using it anyway. And I think some are probably taking it very seriously and doing everything they should to manage their software supply chain. But I'm sure a lot, especially those ones that are just, it's maybe some ancillary part over here, they think, well, that's fine. It's just a widget that plugs in. It's just, I don't know, an intercom widget or something. Yeah, sure. But what's that pulling in with it and it got access to once it's in your code. It's a really interesting one as well. And I'm trying to get our software engineers to just be mindful of that. We have some sort of controls in place, but I also want 'em to just think about it as well rather than blindly adding some package because I read about it on Stack Overflow that actually go and interrogate it and look at whether it's proper and legitimate.

Yeah, no, there's definitely, I mean that's definitely the first step is a sort of mindset shift of really thinking about it and making sure that, and then it's about tooling and observing and audit trails and all of that is sort of how you can ultimately manage it, but it's not an easy problem to solve and that's not just like, and Claud Smith only solves a certain part of it. There's a lot of tooling in and around it that is required in order to takes a village to solve the problem if it even is solvable. I mean, there's so many things that you can do and so many checks and balances, but at the same time, at the end of the day, you can try and reduce your risk as much as possible, but it's very, very difficult to solve it so that nothing could happen.

Yeah, I mean this is an interesting callback maybe to the aerospace engineering bit I remember doing on that. You have to think of a bolt that goes into a jet engine has so much QA on it, it costs you way more than a bolt. You go and get down at BNQ for obvious reasons. And it's partly the materials, but it's also all, every one of those will be sort of kite marked and checked and there'll be a full audit trail, the QA history all the way back to the smelting plant where the metal was created to make sure it's the right grade and everything. And obviously they've had hundreds of years to work out these systems, but we've not. But even then things fail. But it's interesting because what they've got there is part of the reason why it's very slow and very expensive and why it takes seven years to go from a jet engine on a design to actually being on a plane. So much regulation and safety obviously that's really important, incredibly important. And we need to get somewhere closer to that as software developers, but not so close that it takes us seven years to ship an update. I dunno what the answer is, or as you say whether it's even solvable, but

Well, I mean it is interesting. It's a really good analogue to aerospace and software. I actually had a bit of a background in aerospace as well. I was like MRO maintenance, repair and overhaul type software at the start of my career. And a lot of that was to manage which parts worked with other which parts. So the FA would put out these sort of technical directives of what parts were valid against other parts, and basically software's kind of the same. It's like which the CVEs come out and give you a view of what software's safe and you basically are trying to thread the needle through all of that, not noise, but initiatives to find the CF path. So those are very similar concepts.

Yeah. Yeah, it's interesting. I mean, I was thinking with the saying about the CVS and thread in that as well. We've a very small React native app as well, which we use for a very specific use case. And it's always irks me a little bit. You get all your depend bot or whatever it is will tell you all your things that need to be patched, but a lot of them are just in the build pipeline. You say, well, okay, it's not actually in any software that's distributed. It'll tell you that there's some query parameter vulnerability and you go, well, yeah, but there's no way someone can use that in the build pipeline or something that's easy for me to say because I want to ignore it. And I think I understand it a bit, but it can be a bit of a blunt instrument is what I'm saying is that if you try and get your vulnerabilities to zero, that's often something that's just not possible to do in certain cases. So we try and be kind of pragmatic but also not so pragmatic that we leave a big grip and hole in the side. That's the hard bit I think.

Well, I think you're probably representing every CTO and CISO out there. It does have to be tempered with pragmatism, but there's a lot of tools out there that can help and it's picking the right one and making sure you have the right partner to make that work. I've really enjoyed the conversation so far. Jack, if you have any questions for me?

Yes, we've great. Thanks Alan. Yeah. One question I'd love to ask is obviously Glenn stepped into the role of CEO relatively recently. I'd love to know a bit more how that was for you going from founder and to bring in A CEO and some of the challenges and benefits that came with that.

Glenn likes to remind me that it's like 20 months. It fairly recently has now turned into beyond a year and a half, which is kind unbelievable. It has flown in. Yeah, no, I'm happy to chat about that. Lee and I obviously founded the company and kind of built it up and we went global sort of from the get go. It's cloud, it's a developer platform. And so we started to pick up customers all over the world very early on. So our first big enterprise was in Australia. And then what happened, which we kind of expected was obviously we were selling in Europe, but the US became our biggest market and there was basically this seismic shift of quarter on quarter. It went from 50% to 55% to 60%. And so it felt like the gravity was kind of moving to the states and at series A we had taken on American investors as well. So that also was kind of part of it. And I always like to think that rightly or wrongly, we always felt like we were kind building an American startup in Belfast, trying to build it in a way that was fast moving and the old Zuckerberg of MoFA break things type approach.
And we'd done that. And I think the lessons we learned were that there's sort of different people for different stages of the company and I kind of had felt like I was a pretty early stage CEO and when we got to a certain size, I felt like it made sense to take a step back and bring in somebody who had scaled a business before and could really drive us US forward. So there was a conversation with the board and we agreed that it was the right thing to do. And then that started a process. And I always think it was funny because the first, we brought on this sort of American recruiter, Jason at Diversa Partners, and he was like, Alan, if you do everything you can have a new CEO in place in about four months. And I was like, great, okay. We did not do everything, but we did actually end up with the CEO in place in four months. And Glenn was great in terms of, I think he had wanted a break between rules and I was like, no, no, you need to come now.
And that was a really interesting process. We were actually really lucky in terms of the timing because I do remember Glen was actually one in the first batch of maybe about 30 candidates that we had to review. We didn't interview all 30, but we sort of whittled it down and Glen was at maybe one of six or seven and then we took about three or four of those into sort of a second stage interview and we were trying to be efficient and we had scheduled them all essentially on the same day, one after the other. And I remember just thinking, oh my goodness, I'm not looking forward to the next five hours of talking to all these people. But then I looked at the calendar and Glenn was first and I was like, oh, but I don't mind chatting to Glenn. We had such a good conversation the first time around and I was like, wait a minute.
That means something. That was like, and look, he ticked all the boxes. We wanted an American, we wanted somebody who'd been a founder and exited. He wanted to come from a good gig in corporate America and he came from Twilio. I wanted him to be impressive. I kept thinking about if I have to go to, and that was the other thing, I think a lot of this was happening in the background, so the staff didn't really know that we were kind because you don't want to upset people and you kind of want to manage it carefully and ultimately come in and go, here's the plan and here's the solution. And I just kept thinking, if I don't put somebody impressive in front of them, they're just going to think that the business is going to fail and they'll all leave. So that was really important to me.
I'm sort of lucky with fine Glenn. We got on, well, I flew to America a few to New York to give him the offer in person. He had come to Belfast as well, actually to he met at that point. I had some of the leaders in the business, Lee and Paul McKeever and a couple of people had chatted to him then. And then I flew to New York, gave him the offer, and then he came back to Belfast. The funny thing is I kind of thought that the gravitational pull would mean that Cloud Smith would sort of move across the Atlantic, but he loved Belfast so much. Now he spends half his time here. He does three weeks here and then goes home for three weeks

Ask. I mean, I've seen on LinkedIn he should get some kickback from the Northern Ireland tourist board, Phil. Absolutely. Wow. I want to live in Belfast. Oh wait, I do live in Belfast.

And then just in terms of the story of the last 18 months, it's been great. He's been a great ambassador for America, a great ambassador for Northern Ireland. Great ambassador for E one. I was kind of proud of this. I wrote the entry E one business personality at digital DNA last year. And to be honest, I kind of positioned it as I, I'm not going to lie, I felt pretty smug about the whole thing, but I kind of positioned it. It was a new paradigm for Belfast, Northern Ireland companies to build to a certain stage and then hand it over to somebody who knows what they're doing. And I think that could work for other people too. I mean there's so much talent in Northern Ireland and in Belfast and really harnessing that. And we've been very lucky that Rory, Michael Roy winning the golf and that puts a sort of spotlight on our little country. But at the same time, there's so much good technical people here, lots of ideas, lots of spirit of building, but they don't all have to take it all away. There is this way of passing off the button to somebody else and getting them to take it forward. So no, it has worked out amazingly well.

That's really good. That's really interesting to hear. I really agree with what you said about the gravitational pull bit as well. We more or less had this control is we obviously way earlier, but there was found in London, the COO actually worked. Now he's from Ammar originally, but he was living and work in London and met the founder Matt Ong in the banking jobs. They decided they set this up, so actually Matt was the founder. He went off and did it solo for a few months for nearly a year I think, and then raised money to bring the first few people in. But he brought in someone from our miles. I was living in London. Then the next hire was someone in London. He brought in someone working for Matt, who's our CPO. He was working for Revolut in London, but happens to be from Belfast originally, well actually from Bali Claire I think.
But so basically then they introduced to me who sounded like I was living in London but actually live here and I've been here for 10 years. So organically, naturally we ended up with I think three out the five leadership team in and living in Northern Ireland. And so when it came to hiring an engineering team, I just thought, well, I'm just going to hire where I know has got great talent. There's great support for startups like investor and I have been really good as well. They've been really helpful having that link to Ireland. So we have to have to be regulated in the eu, we have to have an EU base. We looked at Luxembourg, we looked at other places This made sense to drive down the road to Dundalk. So we have an office in donor and that means we've got a nice relationship there and that we've got a handful of staff based in or near donor and we can get there really easily.
It just seemed like why would we look anywhere else? That's been really interesting. Now got this company that's notion the age quartered in London does so much of our work and so much of our foundation is it's built in Northern Ireland and it's just been really interesting to see that. And obviously as someone who wasn't born here, moved here 10 years ago, I think, well, I'm not going to go and good move. No, I'm not going anywhere. But it's an interesting thing is the kind of psychology of people who are born here. They'll say, why did you move to Northern Ireland with this sort of look on their face? And I try and tell her it's a great place to live and also great place to work.

Yeah. Well look, thank you so much for your time today. It's been great having you on the podcast. And maybe you'll come back at some point and we can discuss more. I certainly will. Thank you so much for having me.

It's been really good chatting. Great to catch up.