The Founding of Crosswire as Told by Its Values

Hannah Young
Hannah Young
.
December 13, 2022
7 min
 read

Crosswire is building the future of enterprise identity in new and exciting ways. Just conversing with Co-Founders Johnny Wang and Nick Wong is refreshing in and of itself. There’s an endless sea of startups and founders who invoke buzzwords and hackneyed phrases around values and missions, but few who go beyond that to truly be driven by their values. What sets Crosswire apart is that they’re not just producing value-driven but value-ingrained security tech, for the story of Crosswire wouldn’t even exist without the values and first principles that drive the company today.

Now presenting, The Founding of Crosswire as Told by Its Values:

We give a shit

Apparently, the more adept you are at simulating cybersecurity threats and getting into the mind of a ‘hacker,’ the more Google wants to hire you. Such was the case for Johnny Wang, who was working as a Security Engineer on Google’s Red Team when he received an email from Product Manager Nick Wong. Nick was also at Google, where his passion for security had led him to try rotating onto the Red Team. He emailed the whole team alias, and while he had conversations with multiple people on the team, one conversation stood out from the rest.

“I really appreciated that Johnny took the time to talk with me,” writes Nick Wong in response to my question about Crosswire’s founding. “It became obvious that he cared about people and his work. It wouldn’t be enough for him just to be paid well; he also needed to work on problems he believed in and with people he liked. Plus, he cared enough about learning and exploring to take a meeting with me, random PM.”

Their initial meeting quickly turned into talking outside of work every day. They bounced ideas off of each other around security identity and eventually realized a significant gap in how enterprises governed their identities. They also discovered that they held the shared value of ‘giving a shit,’ of caring enough about security, people, and their roles regarding both to continue exploring information security and the IAM space. They started talking to security experts, other folks in the field, and anyone who, like them, gave a shit.

“[Nick] is someone who deeply cares about everything he does,” writes Johnny Wang when I ask him about his co-founding with Nick. “He would not hesitate to speak up and challenge your assumptions. He’s also highly creative, comes up with great new product ideas, and is very receptive to feedback.”

Iterate incrementally and continuously

Once they entered the brainstorming phase, the two of them met almost every day, constantly shifting through ideas and dedicating themselves to perpetually improving them.

“I think we worked through 50 different concepts of state machines, access impersonation visibility tools, and giant graphs,” Nick writes. “Elements of these are present in the product that we’re building today, but we’re constantly trying to iterate on what we’re building. It was more important to us that we were having discussions and brainstorming than that we had settled on something ‘correct.’”

Not only is perfection the enemy of progress, but it’s also the enemy of iterating incrementally and continuously in a fast-paced startup environment. This value informs every part of Crosswire now as it did then, from guiding initial timeline tradeoffs to the fact that Crosswire has evolved so continuously that the initial codebase no longer exists in its original form. While still respecting the effort and discovery that mistakes and previous iterations represent, the key to this value for Nick and Johnny was (and still is) the ability to tell each other when things aren’t going well and how to improve, regardless of how small the increment of change is.

“Mistakes and iterating incrementally and continuously go hand in hand,” writes Johnny. “Mistakes are a blessing — you can only learn if you make mistakes. We value getting prototypes created quickly, getting early customers to hop on a Zoom and look at our prototype (it could still be on Figma or Terminal), and then iterate from there. Only through iterating incrementally and continuously can we get the early feedback that enables us to build exactly what our customers need. If we were to avoid mistakes at all times, we would have missed out on most of the learning that comes from the journey.”

Build with curiosity and velocity

While a valuable tool to organize the founding story, you can see how these values bleed into and inform each other. Curiosity led Nick to Google’s Red Team, Johnny to take that introductory call with Nick, and the two of them to investigate security authorization and leave Google, taking the leap of faith that was starting Crosswire in October 2021. Curiosity is fundamental to Crosswire’s beginnings, and velocity is crucial to its continuation.

“We know that we need to keep moving forward,” writes Nick, “if we’re building something for a future that doesn’t even exist, then our work may not matter, so we care about the little wins and incremental improvements. Plus, if you’re building up velocity and iterating continuously, you set yourself up for this powerful sort of compounding effect that really skyrockets over time.”

Crucial to Crosswire’s founding was asking questions like “we want to see if this works and we’re open to trying almost anything/enlisting the help of almost anyone to do it — so we need to do ___, who do you know and who do I know that can help?” Even on an individual employee level, the initial scope for folks at the company moves quickly from “help us build this feature” to “what do you think the most important problem for you to solve is?” Projects at Crosswire don’t run without involving every team member’s curiosity and broadening their scope with velocity.

Have each other’s backs

Even before they had scaled the team, much of their teamwork involved taking the extra time to help each other understand the reasoning behind their ideas and actions. Early on, they prioritized having difficult conversations because they didn’t want to let things fester, which led to them prioritizing transparent collaboration and having each other’s backs as a core value.

“We tried our best to be complementary and reciprocal,” Nick writes. “An email that I forgot? Johnny had it. An investor chat that Johnny couldn’t make? No problem for me. It felt (and still feels) like there’s no issue if one of us is struggling because the other has their back and will do it without question.”

Within months of Crosswire’s inception, their customers ranged from leading fintech companies to innovative startups looking for best-in-class security. While the pressures of a rapidly expanding startup could have sent anyone into a tailspin, the foundational values they established early on provided the structure they needed to delegate and maintain level heads.

“In a busy space like security, everything can be very tricky, and it’s only made trickier when you avoid difficult conversations,” writes Johnny. “Take for example product roadmap prioritization. Through difficult conversations, we can distill our product roadmap to what delivers the most value to our customers and then build them in the most effective way possible. This is how Crosswire is able to achieve extremely high customer satisfaction scores across all sectors we serve.”

In a remote, high-stakes environment, transparency and trust are some of Crosswire’s most significant advantages. It allows everyone to be more able to act on each other’s behalf and continues to fuel Crosswire as they soar to new heights, as well as keep perspective when weathering difficult days together.

Remember what matters

“We lean a ton on our values in how we make decisions,” writes Nick. “We use them to guide different tradeoffs, like whether to spend more time designing or just ship a smaller version to get it in front of customers today (hint: it’s the latter because we iterate continuously and we build with velocity). Our values also drive our communication. When I receive a Slack message saying: ‘I don’t really agree with this approach; I think we should consider these factors….’ I know how to interpret it because we give a shit, so this person comes from a place of caring about our work.”

Today, the founding and the values that informed it culminate in the Co-Founders tackling everything they’re needed for. From sales to standups to Slack messages to bug bashes, there’s no part of Crosswire that Johnny and Nick don’t care about deeply. This results in a company that cares deeply about maintaining and evolving its culture, no matter where the journey takes them or what comes up on the horizon.

“The hardest thing to scale within a company is its culture, and one of the most effective ways to scale culture is to use the company’s values in every single decision made,” Johnny writes. “Whenever I need to make a decision, I always use these values as guiding principles. We spent considerable time debating and codifying our core values at the company’s beginning, and we’ve since aggressively screened for those values in our interviewing process.”

These values live on in the fabric of company culture and the product itself, which vastly simplifies the complexity of employee permissions lifecycles and provides easy-to-use features for requesting and managing access. In the spirit of continuous iteration and building with velocity, Crosswire is currently expanding its engineering team and building on top of its established policy engine.

What began as a small group of builders, thinkers, and hackers is continuously growing. To become a part of a great team that believes in its mission and culture, explore our career opportunities here and stay updated with our latest news by following our blog below.

More from our blog

Identity Governance Best Practices for Security Leaders

Explore essential identity governance best practices for security leaders, ensuring robust security frameworks and compliance adherence. Learn more today.

Johnny Wang
.
4 min
 read
UPDATE: Customer Impact in the Okta Salesforce Breach

An update on Crosswire and the September 2023 breach of Okta’s Salesforce instance.

Crosswire Security Team
.
1 min
 read
Breaking Down the October 2023 Okta Breach

A comprehensive timeline and breakdown of the October 2023 Okta Support Case Management System breach.

Hannah Young
.
7 min
 read
October 2023 Okta Compromise Guidance

In light of October 2023 Okta support compromise, Crosswire sent the following message to its customers.

Crosswire Security Team
.
5 min
 read
What is ITDR?

The term Identity Threat Detection and Response (ITDR) has gained significant popularity this year, but what is ITDR, actually?

Hannah Young
.
5 min
 read
CISOs on Identity Security Maturity in the Enterprise

CISOs Chris Castaldo and Tanner Randolph share insights on security maturity and identity in the enterprise.

Hannah Young
.
5 min
 read
Black Hat Guide for Conference Veterans

Whether this is your 1st or 21st time at Black Hat, these tips can help you weather a jam-packed and intense week.

Hannah Young
.
10 min
 read
You Should Feel ‘Positively’ About Your Security Tools: How We’re Mitigating False Positives in Identity Security

False positives are a huge problem in security: see what Crosswire is doing to prevent them and mitigate their effects.

Hannah Young
.
5 min
 read
Decoding the (Broken) Modern Identity Stack

We've made the modern identity stack entirely too convoluted and broken, but not for the reasons you think.

Hannah Young
.
10 min
 read
The Secret Third Step to Threat Detection and Response: Protection

How are you protecting your accounts before an incident can occur (or slowing an incident down before it really ramps up)?

Hannah Young
.
6 min
 read
How to Detect and Remediate Identity Threats; Solution 2: Remediate

This is Solution 2: Remediate of a two-part series on how to detect and remediate evolving identity threats.

Hannah Young
.
5 min
 read
How to Detect and Remediate Identity Threats; Solution 1: Detect

This is Solution 1: Detect of a two-part series on how to detect and remediate evolving identity threats.

Hannah Young
.
5 min
 read
AI D&R: AI (in Security) is Dead; Long Live AI (in Security)

Explore the historical use, modern approaches, and future applications of AI in detection and response (D&R).

Hannah Young
.
8 min
 read
Quick RSAC 2023 Recap: We’re Back (and Stronger Together)

From Armisen to AI/ML, catch up on what you missed from RSA Conference 2023 with Crosswire!

Hannah Young
.
4 min
 read
Defending Against Threats in Identity Security; Part 2: Remediate

This is Part 2: Remediate of a two-part series setting up emerging problems in identity security.

Hannah Young
.
6 min
 read
Why Now’s the Perfect Time to Join an Early-Stage Startup

If you’re looking for the right time to join a high-risk, high-reward venture, we’d argue that there’s never been a better opportunity.

Hannah Young
.
3 min
 read
It’s Not Just You: IT Security Audits are Stressful

IT security audits can be a pain for everyone involved: check out our solutions to make this auditing season just a little bit easier.

Hannah Young
.
5 min
 read
Why RBAC is obsolete

RBAC lacks sophistication and flexibility, failing to address the access needs of the modern company.

Hannah Young
.
3 min
 read
Defending Against Threats in Identity Security; Part 1: Detect

This is Part 1: Detect of a two-part series setting up emerging problems in identity security.

Hannah Young
.
5 min
 read
Identity Is a Co-owned Problem Between Security and IT

Who owns identity at your org? Identity is (and should be treated as) a co-owned problem between security and IT.

Hannah Young
.
5 min
 read
Your Okta Groups Should Be (Mostly) Empty

Yep, you heard that right; we at Crosswire believe that your Okta groups should be as empty as possible.

Hannah Young
.
2 min
 read
RSA Conference™ 2023: Stronger Together

The theme for 2023’s RSA Conference™ is “Stronger Together.” When info security is more important than ever, so is collaboration.

Hannah Young
.
6 min
 read
6 Early Warning Signs of an Under-Resourced IT Organization

It’s no secret that your IT organization is crucial to your company. But are they getting all of the resources they need?

Hannah Young
.
5 min
 read
Cybersecurity Is More Critical Than Ever, and You (Yes, You) Can Do Something About It Now

Why cybersecurity is more crucial than ever and what you can do to make your organization more secure, no matter your role.

Hannah Young
.
7 min
 read
Understanding Automation: How To Do More Than You Have the Resources For

Five significant ways to improve your workflows with automation and get more results than your resources permit.

Hannah Young
.
5 min
 read
Google Workplace Organizational Units (OUs) according to Parks and Rec

What are Google Workplace Organizational Units, and how do they work (according to Parks and Rec)?

Hannah Young
.
5 min
 read
Practical Survival Guide to Okta Lifecycle Management

Crosswire’s technical usability guide to Okta Lifecycle Management (LCM), from onboarding to offboarding.

Hannah Young
.
6 min
 read
Authorization (AuthZ) and Authentication (AuthN): A Brief History

Authentication is who you are, and authorization is what you can do. Here, we dive into the history of these terms.

Hannah Young
.
5 min
 read