Michael Crandell

>> Craig Gould: Michael Crandell, thank you for joining me this week on the podcast. Michael, you are the CEO of Bitwarden, a company that empowers individuals and enterprises with solutions to manage sensitive information online. It’s more than just passwords. Michael, I like to start these conversations with C level executives with one common question, which is, what are your memories of your first job?

>> Michael Crandell: that’s a good one. First off, thanks for having me on the show, Craig. it’s a pleasure to be here. Memories, of my first job, My very, very first job was actually as a dishwasher in a Mexican restaurant. and so I was in the back area as a dishwasher and then later graduated to busboy. And for those not familiar with the nomenclature of restaurants, the busboy is the person who kind of fills the glasses of water and takes away dirty dishes and stuff to make the waiter’s job easier. and I was, boy, I was nervous and I was so focused on doing well and eager to do well. And one evening, I’ll never forget, I, was pouring water into the guest’s glasses and instead of going around kind of in a circle around the table, I reached over the table. If you can picture this, I’m reaching over with my left hand to grab the glass, but the pitcher of water is in my right hand. And if you do this motion yourself, you’ll see your right hand starts to tilt. So I ended up pouring ice water into the woman’s lap who was closest to me. I got back, sent back to the dishwasher area. So, you know, it was, it was a good learning experience about eagerness is not enough. You also need to focus on some of the tips and tricks and skills.

>> Craig Gould: You’ve been at Bitwarden for five, six years. Where, where did you enter the picture at Bitwarden?

>> Michael Crandell: Well, just to create a little bit of reassurance for any Bit Warden users out there. There were a number of years between my busboy experience experience and my joining Bitwarden. I got into Bitwarden. First off, I’m a serial entrepreneur. I’ve started a bunch of companies. I go back to the days I was a senior exec at a company called Efax, which was, Internet based, faxing, so kind of innovative company. Then I was a co founder of a company called rightscale. Very early days of cloud computing management. And after we exited rightscale, I took a little bit of time off, but then got connected with the founder of Bit Warden through a venture firm and the founder is Kyle Spiran. I was familiar with the category of password management and I had my own conviction about the importance of it, from an experience I had had. there’s a brief story there, which is why I got interested in Bitwarden, which was, many years ago, LinkedIn got breached. As I was reading about the breach, I read that passwords had also been breached. As an early user of a different password manager, I got a very scary feeling in my stomach and I thought, oh my gosh, what if they have my Gmail password, my bank password? I was at a stage where I was still reusing some passwords and so I thought, wow, if that, I better get on this now. And I looked and by chance I had created a strong and unique password management kind of oriented password for LinkedIn. I got this rush of relief because what I had done is segregated off and firewalled off the danger of that password being breached. So after that I changed all my passwords to strong unique ones to get that effect. And I never forgot the feeling of relief and security that I got from having done that. Part of doing that is making sure that you’re using complex passwords that you would never remember, so you’re putting your trust in the system. So when I got connected with Kyle and saw what he had built, which was a more modern, I guess, architecture for how to approach password management, and it was open source and it had this great product led growth motion where people were self serving and contributing in the, in the open source community and so on. That really intrigued me because that leads to the possibility of frictionless adoption of your product where you don’t have to work so hard, but people tell each other about it. And he had also incorporated a full featured free version, so I was kind of sold at that. And I met him and we hit it off and I thought, along with Kyle, that there was great opportunity to grow the company, particularly by improving the business features. And so with all those things put together, I was a goner. And I said, sure, I’ll go help you raise the money for the Series A. He had one employee when I joined him, hired another while we were raising the money and I was person number four.

>> Craig Gould: Being an open source product in a category like security, was there friction there? Did you have to convince users that being open source was still secure or did people just see the value in the benefits in the product?

>> Michael Crandell: That’s an insightful question because I had a bit of an epiphany along the way about that very topic. I was concerned that because the source code was out there, that people would actually wonder if it was more hackable, if it was more vulnerable as a product. The reverse has turned out to be true. What we’ve learned from the community, the global community that’s active, on the Bitwarden open source front is, which by the way involves developers, engineers, but also security researchers, is that actually people in the security business regard it as more secure because it’s not a question of whether anybody’s software has bugs in it. Right? Everybody’s does. It’s a question of how fast they’re found and how fast they’re fixed. Our experience is that open source is actually a better way to develop security software because it’s got all eyes on it. I think we have in excess of 15,000 stars on GitHub. And so what that means is that was just 15,000, people on GitHub who decided to give it a star. There are many, many more. They’re looking at the code, they’re vetting it. We also do, obviously our own quality control and testing, the way any company would. We also hire an outside firm called HackerOne, which is white hat hacking, where you pay good guys to find vulnerabilities. But there’s a huge community out there vetting our software. And so it actually creates a huge amount of trust, capital T, with our customers because they know there’s that community. And beyond that, if they want to point their own security teams with larger customers at, looking at how we do what we do, how we store and treat their sensitive information, the code’s all there, every single bit of the code is there, and they can go vet that themselves.

>> Craig Gould: Also, what is it like managing an organization that utilizes this huge pool of interested people that are, assisting, I mean, because it seems like it allows your W2’d organization to be rather lean. How do you manage that? How do you control it? Is it different than what you’ve run into in your other leadership roles at technology companies before this one?

>> Michael Crandell: It, it is very different. You have a much more public and open character to your business and to whatever you do. So there are many, many more eyes on what you’re doing. I would point out there’s a reality, almost a little bit of a myth about open source, which is, and it varies by open source project, but often people believe, wow, you’ve got the world full of people writing your code for you for free. The reality is that, you know, almost all the code is written by your own Paid team members, and if anything, open, the open source community ends up being a great recruiting tool. When we find people who are actually pretty active in contributing and doing a good job at that, we contact them and say, hey, are you interested in working at Bitwarden? it doesn’t happen every time, but that’s probably one of the big factors. But we do get contributions, even though it’s not most of how we create and test the code. And they end up becoming what are called on GitHub, pull requests, which is a little bit of a reverse terminology. It’s basically a request. Here’s some code. I’m asking that you put it into the project. And all of those are reviewed by our team. So nothing gets into our product and our code that doesn’t go through the Bit Warden Engineering and product development team.

>> Craig Gould: Can you talk a little bit about the customer life cycle, which I feel like is kind of what you brought to the table, which seems like there’s this freemium component where you’re offering this high quality free service to individual users, and then there’s the opportunity for upgrades, and if you make those people raving fans, then they advocate for you in the enterprise. Can you kind of talk about whether my perception of that is right and what that’s turned into?

>> Michael Crandell: I think you put it well. Before I get into that, I just want to point out something that is really critically important, which is that the main reason we have the free version, or one of the main reasons, and it’s a major commitment and kind of value, an important value in the company, is that we’re doing something good to make a difference in the world. Every other major password provider has crippled their free version or doesn’t even have one. Bitwarden invests in keeping the free version alive and not just offering it, but we actually answer support tickets from any user, even of the free version. We even answer some support tickets of people that don’t even have accounts with us. It’s our view of, trying to give back something in the security world, which is where we are as a company, to make a difference. And that we hope matters in the world. It certainly matters to our team because when a bit Warden person gets up in the morning and I’m talking about a team member, an employee, I always say, I hope you know that in your own way you’re making a difference to help keep people safer. And by the way, if you’ve ever known anyone who got breached or, who had identity theft, it’s miserable. So to the extent we can help prevent that kind of suffering, that’s a good thing. And, you know, we all want to feel like we’re making a difference, A, difference for the better in the world. So that’s part one. It also has a function that you were mentioning around word of mouth and frictionless adoption and awareness. and it took me, funny, about a year to finally put the pieces together in my mind. Early on, people in the company were saying, hey, Michael, are we B2C focused, or are we B2B focused? And I would kind of mumble. And then about a year later, I realized the answer is, yes, we’re both. The way that functions is pretty special in the password management world because password management applies to you and me at home and in our personal lives and also at work and in our work lives. And so, yes, we find that people who use it at home do end up working for companies. And if it’s purely by the value of the product and the reputation of the product and their experience of it, if they like it, they’ll say, hey, I, I use Bitwarden. Warden. Why don’t we take a look at that? And so that’s a great help. And also when we’re doing pure, like, enterprise sales, every seat that’s licensed at an enterprise, every Bit Warden license comes with a free coupon for a family plan of Bitwarden. Warden. The idea being to take that home and protect you and your family, or you and up to five other people. because this is about creating a practice and a hygiene of how you secure yourself. And the more you get into that practice, the better it is in both worlds.

>> Craig Gould: My personal business experience includes a startup in Silicon Valley that I and three other guys founded back in 2000, 2001, which was using voice print authentication as a biometric for resetting passwords. And that that company eventually got acquired and became part of rsa. It was a different world back then because our ROI proposition was replacing the help desk guy, in the IT department that was resetting people’s passwords. It was, it was previous to the, the larger scale password management. We were using speech recognition to automate the transaction and then using the voiceprint to authenticate it. In that time, 2001, when we would go to a CIO about budgeting for the service, one of the pushbacks that we would get was instead of worrying about, you know, one security breach for one customer, they were worried about dealing with breaches that were going to compromise thousands, in one fell swoop. How has that conversation Changed at the.

>> Michael Crandell: Enterprise level, that’s a big change. first off, we know from research that’s out there, the IBM threat analysis, the Verizon data breach report, that these breaches now on average are costing companies almost $5 million. I think it’s $4.88 million on average. And the vast majority of the breaches are number one, credentials that are compromised and number two, those typically happen through social engineering attacks that are focused on individuals. So it’s exactly the weak point that gets in and then becomes a thousand person problem. But they’re getting in through one person who lets their guard down. It’s sort of the old saying that security is only as strong as your weakest link, which sadly is true. And that’s how these things are happening. So really that was a long time ago, but that point of view today just would not wash. It’s more, you have to be protecting everybody all the time or somebody’s going to squirrel their way in and they’re often very patient and they, they get access and then they hang in there for a long time and watch what’s going on and figure out their next move. but it’s, it’s almost always that kind of access point. what. One of our major competitors, I won’t mention the name, probably most people know by now, was compromised by virtue of a contractor who had downloaded a, a version of Plex, the sort of free video watching application that was, had had malware in it and that, that’s what ended up causing all that damage. So that’s actually what we look at. And when we talk to those buyers today, the discussion is around, look, you, you have all these apps in use with all these credentials. Many of them have sensitive, ah, information inside them. That number is growing every day because people want to be more productive. So they sign up for a new app. It’s shadow. It is what it’s called sometimes. so the number of apps that are just out there with whatever. So you either make the choice to try and protect that part of your app application estate or you don’t. And if you’re going to protect it, you need a tool like Bitwarden.

>> Craig Gould: How do you feel customer behavior or enterprise IT priorities have shifted in the six years you’ve been at Bitwarden. because, I mean the environment’s always changing, right? How have things been changing and how do you adapt to that?

>> Michael Crandell: Well, the first big change is in the whole field of identity and authentication in general. And that is the gradual but now growing advent of the use of passkeys. So passkeys for those who are not familiar is a better way to authenticate than passwords. it involves a way to authenticate where you don’t need to remember the device. Often they are basically approved to be able to be used by biometrics like your touch id, face id, things like that. Unlocks the passkey that’s on your device to be able to authenticate then into whatever service in place of a password. and the nice thing about it is it’s doing an actual encryption exchange called a public private key pair that does not give the passkey to the website you’re authenticating with. It just signs a challenge it essentially says proves that it has the passkey. So that’s even more secure because doesn’t matter what happens to that website, they’ll never get your passkey. The bad, bad actors, the threat actors. So that’s been a major evolution. and passkeys are growing pretty fast in use. And that’s one of the reasons that most of the password managers certain, certainly at Bit warden, we have embraced those 100% so those can get used alongside passwords. either way, our view and what we see happening in the world is it’s a gradual, I call it a tectonic shift. It’s kind of happening gradually. Where some websites accept passkeys or promote them. Great, we’re covered there. Some of them still, most of them still have passwords. Great. You need coverage on both sides. So that was one major change that we saw and it’s going to keep happening for people. one of the ways we differentiate there is that we are in effect an independent wallet or vault for passkeys. So you don’t often, if you’re using a device from Apple or Google or Microsoft, they tend to create solutions that are kind of live in the walled garden of their own set of devices or set of software. We’re a solution that can independently go with anything that takes a passkey, and sort of take them with you as opposed to be locked in. So that’s passkeys. I suppose the other advent is just the relentless improvement of threat actor vectors. they’re better and better funded. They’re huge money making enterprises, criminal based enterprises and now they’re using AI. So AI is just accelerating the threat because the threats are getting more believable on the social engineering front. They’re coming through more vectors like imitated voice generated voice, even generated videos, and so they’re getting more sophisticated. And as a result, both basic forms of protection have become more important. And also some parts of the security world. It’s an arms race using AI on the good side to thwart AI on the threat actor side.

>> Craig Gould: So how do you manage innovation in this space? I’ve heard you mention before that password is intentionally not in the name of the company. What does that say about the larger vision for bit warden?

>> Michael Crandell: That’s a great question. that is an important commitment on our part. Our mission is to help companies and individuals protect their sensitive information and to be able to utilize that information, share it, and have it under safekeeping in all contexts. And the word password didn’t enter in there. So passkeys was kind of the first thing, that happened. That comes under that banner of not being limited to password. And then it’s expanded from there. We have a secrets manager product and secrets management. Think of it as, whereas a password manager helps a human authenticate with a website, a secrets manager helps one module of software communicate and authenticate with another module of software. So if you imagine a bank’s website somewhere behind the scenes, they’ve got a web server, an application server, a database server with all of your transactions in it. And those things have to authenticate with each other to have the privilege to go retrieve that information. God help us. But I don’t think the bank has the database server. They’re giving that information to just anyone. So that’s what secrets management does, is it’s an automated and safe and fully encrypted way to handle those kinds of, authentication. We acquired a company called Passwordless.dev which handles not just the user side, but the web creator side. If somebody wants to add passkey support to their website as a website creator, they can use passwordless.dev. and the latest thing we’re rolling out is something called access Intelligence. And that’s based around, the pretty simple observation that one of the big challenges in all this is change management and human behavior modification. So the, the actual fact I’m holding up on the screen here a post it note, there’s still a lot of us where that’s the most easiest and most convenient and familiar way to save our password. Put it on a post it note, stick it under the keyboard. I know how to do that. I know where it is. I’m good. And so if people continue to do that after their company, you know, buys security software and buys password management, it’s not great for anybody and there are levels of using it properly or not. The reality is that if you want to, you can use the password fluffycat for every site that you go to and just reuse it. Not a real secure practice. Right? So. Or you may use a password that later was discovered on the Dark web as a breached password. Not a good idea. Or maybe you use one that’s too simple, like your pet’s name. So all of these are characteristics of what we call at risk passwords and what. Access Intelligence. One of the key things it does is it helps give insight into the risks of password use at an organization. So basically the flow is an IT admin. This is a tool for IT admins to make their life better and more effective. They can look at all of the applications that people have stored passwords for. Then they can prioritize the ones that are more critical. So imagine the password to, a bank account more critical than the password to Netflix. Somebody steals that, they’re watching your videos for free. Okay, that’s one kind of damage. So they, they rate the most critical ones. Then there’s an easy button where they say, click, all right, go notify the people who have weak or reused or breached passwords for those sites. Remind them that they’ve got, a weak password and that it is asking them to fix it. And then give them a button to click on at the user level where it will guide them to go fix it. So that’s step one. We call that Risk insights. And it’s part of access intelligence to help people do the right thing, thinking about where the rubber meets the road, which is again, change management, human behavior, et cetera. In the enterprise. there’s also another aspect that is a phishing blocker. So because Bit Warden sits as a browser extension in your browser, that feature enables the system and bitwarden to catch a bad link that you might click on by accident. So a lot of our training around security is don’t click that link, don’t click that link. Inevitably somebody clicks the link, right? So we check that URL when it, when it then goes to the browser to try to access it against, an updated list of malicious sites that gets updated every 24 hours. And if it’s a malicious site, we put up a warning and block that. So these again, are on a very basic level, but a very important level, designed to help people do the right thing and follow the right behavior and make it easier for everybody to get there.

>> Craig Gould: How has your job changed as Bit Warden’s grown? Because when you Started it was a handful of people. You’re shepherding and herding a much larger crowd while maintaining a vision. Can you talk about over the last 6 years how your day to day job has changed?

>> Michael Crandell: It’s changed a lot. In the beginning when you’re four people, obviously you do everything and you do what needs to get done and the communication circle is tight and clear and and all of that’s beautiful and wonderful. But you’re small and inevitably if you succeed, you’re going to grow. So we’re, we’re approaching about 250 people now, which is still small compared to a lot of companies. But now that the job has changed to looking forward a little bit more out into the future, what we need to watch out for, where we need to go, and trying to communicate that in a very regular cadence to people and make sure it’s clear. So a lot more of it is about communication, including back and forth, about what people might see as the challenges or blockers to that. And also listening. you’re dead in the water if you’re not listening to people. My goal has always been to hire people smarter than I am. So, so what a set of resources, if you can pull that off. And I think we have at bit warden because the ideas are coming from all over of what we can do or should do or could be able to do. And so it’s really communicating the importance of that. And also if you want to innovate, you’ve got to take chances. And so this has been known for a long time and there are lots of sayings around moving fast and breaking things and fail fast. And all of those I think are in general true. By the way. One caveat is I think that works well when you surrounded by a lot of smart people because there’s a lot of kind of self control there. but when you’re doing that, the important thing is you cannot have a culture of blame where if something does fail or goes wrong, then everybody’s all over that and analyzing the bomb crater and you know, nobody’s ever going to try something again. It’s important to understand what went wrong, to spend enough time to kind of learn from it and then move the heck on to the next thing. And that has to do with a core principle that’s even wider. And maybe we talk about it a bit in the context of remote work, but it’s about trusting your people. And so it’s critical to have an environment of trust with people and for them to experience that, so that you can encourage the chance taking that’s required for innovation.

>> Craig Gould: That’s one of two terms that just seems to keep, coming up over and over again with CEOs, one term being curiosity, but the other one, trust. Right. Only with, with your employees, but with your customers. And you’re, a trust based business, right? I would love to, talk more about culture and how you establish and maintain culture in a remote first environment. I’ve heard you say before that you’ve had conversations with, for example, you know, folks in the investment community that, you know, they had interest, but when they found out that it was strictly remote first, maybe they felt like they couldn’t provide the same boots on the ground value. If it’s a distributed workforce, I mean, can you talk about some of the challenges? But also, I assume that there are some great benefits there, otherwise, you know, you wouldn’t be growing and thriving, right?

>> Michael Crandell: There are. and I would say Bitwarden’s been consistent on this front and the greater world has not. and so a little history there. When I linked arms with Kyle to raise money in the summer of 2019, and one of the experiences, you just repeated that some of the VC firms we went to said, where’s your headquarters going to be? And I said, nowhere. And they said, well, and in all good spirit, they just didn’t see how they could get comfortable with it or maybe help as much as they thought they could with a network of people in the Bay Area, this kind of thing. so we were a little unusual then. but we did find investors. and then the pandemic hit and suddenly everybody’s going, oh my gosh, I’ve got zoom fatigue and whatnot. And we thought it was kind of cute because we always had zoom fatigue, right? We were always, always operating remotely. I had experience from a previous company where about half the company was remote. and then we continued on and it became the norm. Remote work. And now we’re seeing things change again. Kind of the fashion change again, back to sometime in some companies, five days back in the office. this has all been a benefit for us. First of all, the core benefits are people really value, at least knowledge workers, which is what our company’s full of. They value some freedom to get their work done in the best way that fits for them, whatever their rhythms are, whatever their personal life is, you know, so if they need to walk the dog at 3pm and they don’t have a meeting that day, fine, who cares? I learned long ago that Butts in seats is the wrong way to think about productivity the right way. And this is an important point about be careful what you focus on and what you’re trying to measure. And look at what is an engineer getting done over a week or a month. That’s the right way to look at it, how that person gets it done provided they’re collaborating in a useful way with others. That’s what matters and not were they sitting at their desk at 10:31 morning or not. And what we found is that and some of this self selecting to people who want remote work and can manage themselves that way, we found that we just get it paid back in spades in terms of what people do get done. Their productivity, their accomplishments and also their loyalty to the company and their gratitude for being able to have a lifestyle that’s just a lot friendlier and more pleasant for them. I don’t, we don’t maintain that that’s for everyone or that there’s no advantage to getting together. We do get together at times and then we try to sponsor other ways that are online based to foster community and doing fun stuff together. We’ll do cooking classes. I think there’s a painting class happening with our we call it Femme Morden. The women’s erg group at Bit Warden is doing a sit and paint class together. So we do stuff like that. We do some in person meetups and then we just find that people are really grateful and that they pay it back in spades when they’re given that trust that they’re going to do what they need to do.

>> Craig Gould: If you are allowing more autonomy on the process side then you probably have to have a little bit more focus on the goal setting and knowing what the big goal is and the cascading smaller goals so that regardless of what process you go through, I need you to be hitting these and if you, I guess communication is also there. M Am m I thinking of that in the right way?

>> Michael Crandell: Absolutely right. we started from day one with a set of business metrics that are typical with SAS companies that you know, we’ve monitored ever since. You know the classic things like ARR growth and gross, margin in terms of the profitability of the business, efficiency ARR per full time employee, what’s our cash position, et cetera, all the financial metrics. How’s our net retention? So we’ve tracked those consistently. And also in every other department there, there are metrics and there are things that we track. there’s never Any substitute for that. I think even if you’re an in person company, you need to be clear about the goals that, that you’re trying to achieve. We also learned, and we had some models out there of other companies we learned from. One of them was GitLab, which at the time we started I think had about a thousand people fully remote. But one of the things we did was to try to memorialize any meeting or any work into an asset that lives in a shared document system. We happen to use Google Workspace, but if there’s a meeting you either record it or you write up the notes to it in a Google Doc that’s shared. So because we have people In I think 26 states and 22 countries around the world, not everybody’s working at the same hour of the day. So that lets people catch up, synchronize in on what’s being done. Those are as you know, it’s a collaborative kind of document sharing environment. So that, that’s been key. The other thing we learned is that it’s an incredible hiring lever for us because you go from trying to hire people in San Francisco or Austin or New York or Seattle to hiring people almost anywhere. and it let us tap into pools of talent, especially in the open source world that’s very international. So those people who got interested and were contributing, we could go contact and we didn’t have to do any special gyrations to hire somebody in Sweden or in Spain. Those are two real examples. And also our support system dealing with customers 24, 7, 365, we can have people working normal, their normal hours over in Europe or in Australia or Malaysia who are helping cover that, 24, 7 and weekend coverage. And it’s helped a lot with that too.

>> Craig Gould: You know, combining what you just said with what we were talking about earlier with maybe the vc, they felt like they, you know, part of their value proposition was helping with talent in Silicon Valley. Do they, do they feel like distributed talent around the world may not be the same quality? Or is it a matter of their ability to help round up resources locally? I don’t know if my question is.

>> Michael Crandell: Making sense, but yes, absolutely. it’s, it’s mostly that their network of folks they know is in that area, is in the Bay Area. That’s most of it. Look, there’s no doubt that people in the Bay Area sort of feel like it’s the center of the universe, for software development. And there’s a lot of truth to that. but I Don’t think it was so much judgment of the quality of people elsewhere, because that would be highly inaccurate. and that began to change 20 years ago. It’s not been true for a long time that you can’t start a software company almost anywhere and find talent. I, think it was mostly that their particular networks had built up over time. And there’s no question it has been the center of the universe for a long, long time. So there’s momentum and gravity that builds up from that. And they were basically saying, hey, we have a network of people. But if you’re going to be all over the place, you know, it’s not going to help as much as if you said, we have an office in Menlo Park.

>> Craig Gould: So tell me about grit, these core concepts that are kind of the basis for, for your culture and because again, you have to be really intentional with culture when you’re not running into people at the water cooler.

>> Michael Crandell: So like most companies, many companies, it’s important to try to memorialize what your values are. And inevitably you end up picking an acronym or often do. and you know, I’ve always felt, and we’ve always believed that values are not the plaque that you put in the lobby. It’s how people treat each other every day, day in and day out. And so that’s really what we focused on. But we did go through an exercise, partway into the company, we were maybe 20 people of trying to memorialize it into something which is also important. Our people ops head, led that exercise and there were many words put out and values and so on. She finally hit on this acronym of grit, which stands for gratitude, responsibility, inclusion and Transparency. Those are pretty self explanatory. but a note on each part of it is designed for the fact that in our culture we like to say, bring your whole self to work. You’re not just a partial person who’s a worker, but you’re a person with passions, ideas, hobbies, likes and dislikes and things that we’ll do better if we get to know some of that and that you bring that to work. So gratitude, I think, is just a great practice in personal life also at work, especially as it involves acknowledging others. That creates a snowball effect. When you see somebody else who’s done something, well, mention it, celebrate it. Let’s give some acknowledgement of that. That’s something that starts to snowball. It certainly has. At our company, responsibility is an obvious one, like be accountable, do what you say you’re going to do, produce what you’re supposed to inclusion, is partly related to the fact that we are a global company with people from different countries, different, languages, different nationalities. Obviously the other things like gender and race and religion and whatnot. but it also has to do with ways of thinking. I mentioned passions and ideas. So part of what I believe we need to do is bring people together who do have different ways of looking at things. You talked about creativity before. Who help us better represent the fact that we’re serving customers in more than 100 countries across more than 50 languages. Our user base is very global. The final one, transparency, goes right along with being open source. It also has to do with how we talk to each other. Let’s be open, be respectful, but be direct with people about what needs to be done, what needs to be fixed, as well as what’s going well. when that people Ops leader, woman named Sarah Frost said, so here it is, it’s grit. And she read through each one and I said, that’s great, Sarah, but we’re a startup. Where’s the part about hard work? Like, let’s be honest, there’s gotta be hard work here. She said, duh, Michael, it spells grit. And I went, okay, got it. There we go. That’s good.

>> Craig Gould: I think I mentioned before our conversation that, a lot of my listeners are people that are in middle management, upper management, looking to get from where they are to the C suite. What advice would you provide? A lot of your growth has been from the benefit of kind of an entrepreneurial background. You know, you’ve gotten to the C suite by, you know, making it yourself. But, you know, as you’ve grown companies, you have brought people up to leadership positions. So maybe from that perspective, what do you look for? What do you look for in that person that, has been at one level of their career, but you’re ready to, you know, give them something bigger in a bigger role. What, what sort of qualities and what, how should that person maybe make themselves apparent and visible to, to someone at the top of the organization so that they’re, they’re considered.

>> Michael Crandell: So I have some very definite thoughts and advice on that. Of, course, it depends on your leadership and your organization. I always invite people to come and speak with me directly anytime they want to try to have an open door about that. If there’s an open door at your organization, take advantage of it. Go talk to that person. obviously have a topic you want to talk about and have thought it through and whatnot. But the main thing is showing Initiative and having the eagerness and the drive and the desire behind that. And then, you know the old saying of don’t ask for permission, beg for forgiveness. And in general, that’s what I’ve done. obviously you can take that to a ridiculous extent, but if you’re doing the work and thinking things through and you have conviction about an idea, or, you know, a new product feature or a new approach to the market or whatever it is, act on it. Do something. Like, instead of talking about it or how we might do this or that, or hypothesizing, like, get a start on it. Too often I see people saying we. You know, I’ll give you an example. We should edit this press release. Here’s. Here’s an example of what I mean. We should edit this press release to make it more punchy. And they think they’re contributing. And I guess at some level they are. Here’s what I admire. Hey, I edited this press release to make it more punchy. What do you think? That moves the ball forward. So always think about taking the initiative. Where can you do something? Where can you move something ahead? In these days, with all of the tools at our disposal, it’s always possible to do that. Now, it may get rejected, people may throw it away, but if you want us to be seen for the quality of your thought process, the quality of your creativity, how you can contribute and move up, then do something.

>> Craig Gould: Well, Michael, I really appreciate your time. This has been a great conversation. I really value not only what you’re doing, but your ability to accomplish it, have a vision and, build a culture. I really appreciate you sharing your insights.

>> Michael Crandell: Well, thank you so much, Craig. if any of the listeners are not using a password manager, definitely use one. And you could always check out bitwarden too.

>> Craig Gould: So bitwarden.com is that the best place?

>> Michael Crandell: That’s it. It’ll take your hand and lead you right there. And by the way, there is a full featured free version. You can try that out first. And thank you. I’d love to stay in touch. This has been a really great conversation.

>> Craig Gould: Awesome. Thanks very much, Michael.

>> Michael Crandell: Thank you, Craig.