Skip to content

Search the site

Puppet CEO Yvonne Wassenaar is gearing up to take the company public. Here's where she's focussing attention.

"People tend to commingle public cloud with cloud native..."

Puppet CEO Yvonne Wassenaar has her hands full: she's overseeing an ambitious open source-based company on the cusp of going public with $40 million in fresh capital from funds led by Blackrock in the bank, and busy adding purpose built business solutions for compliance, security, and self-service at the company. (All while overseeing a small menagerie of pets at her San Francisco home, including chickens, rabbits, dogs and cats -- "I love animals" -- none of which, disappointingly, interrupted our call.)

The former VMware executive is among the rare breed of CIOs (for two years at observability platform New Relic) to have stepped into the CEO role, and along with 25 years of experience scaling companies globally in a range of leadership roles, she retains hands-on technical chops, having started out as a software engineer at Accenture (“back when COBOL was cool"; The Stack: "COBOL's still cool"; Wassenaar: "I'm very employable...”)

She has been at the helm of Portland, Oregon-headquartered  Puppet since January 2019, where she has sharpened focus on specialised tools for larger commercial organisations, and overseen the addition of a wide range of new offerings at the open source-based software configuration management (CM) and deployment provider – traditionally used to “pull the strings” on multiple application servers simultaneously – as Puppet eyes a chunk of the growing compliance and security markets.

The CEO is gearing up to take the company public later this year, which she believes it is ready for after strong numbers last year. She tells The Stack: “In 2020, Puppet’s revenue was north of $100 million and growing as we added new customers, expanded within our existing enterprise customers and increased the average size of our deals. Our renewal rates are close to 90% and our expansion rates are close to 120%.  Gross margins are +80% and we have a strong profit/loss position for a company of our size”.

Puppet CEO Yvonne Wassenaar: "People tend to commingle public cloud with cloud native..."

By "describing and managing infrastructure as code" Puppet allows users to automate infrastructure configuration; harden infrastructure security, or deliver applications to hybrid and multi-cloud environments at scale. Like many open source-based companies, it has layered a range of premium, paid-for tools on top of this open source bedrock and is pushing into an increasingly eclectic space with its new offerings -- which include a growing focus on interaction between IT Ops and infosec teams -- as customers themselves scale into ever more complex hybrid infrastructures.

(Among Puppet's recent moves are integrating its Puppet Remediate -- an infrastructure vulnerability tool that synchs with a wide range of vulnerability scanners that infosec teams use to get read-only scanning data in real time -- with its Puppet Enterprise premium IT automation tool. Wassenaar notes:"[Often still] the security team literally gives a PDF or an Excel file that can be tens, if not hundreds of pages of things to go fix to the Ops team. And they kind of look at it like, 'OK...'. What we've done is we've created the integration to be able to identify in the environment where the vulnerability actually is -- is it a vulnerability on your soda machine or is it a vulnerability in production -- then automate remediation.")

It also pushed out new tool Relay in June 2020, which connects cloud platforms, tools, and APIs that many DevOps engineers use like Datadog, GitHub, Jira, Slack, Terraform, more to support a range of cloud automation use cases, from incident response through to identifying and deleting (if required) underused cloud resources across the three hyperscalers, like unattached volumes, unused load balancers, and untagged instances.

That's among the shifts helping broaden the market for the software company, which has also launched new compliance services.

As Yvonne puts it: "We are addressing multiple markets from platform ops, provisioning, configuration management, security and compliance, operations and incident response. [This is a] total addressable market of $45.2 billion."

This scope -- along with a tight focus on the global 5,000 largest companies -- is being helped by the increasing complexity of hybrid environments.

This doesn't just mean a vanilla mix of on-premises apps and those built for and running in the public cloud. As she puts it: “So I think one of the important things for people to understand is the world has gotten exponentially more complex as we've moved to cloud... People tend to commingle public cloud with cloud native. There’s many people who are moving more traditionally architected applications into the cloud and even running containerised VMs in the cloud. Then there are people running Kubernetes applications in their own data centre -- which are cloud native. Puppet helps abstract away the complexity of running in these kinds of environments.

Both the new tools, the focus on industry verticals and the targeting of larger customers is bearing dividends, she says: "With this focus on the global 5,000 what we're finding is we're able to go from being in service to the practitioners at those companies to also actually being able to serve some of the higher value business needs. And that's been that's enabled us to drive bigger deal sizes... If you think about the evolution of Puppet, we initially began as a power tool for practitioners. What's happened over time is that our customers have told us we want you to be more prescriptive. So we need to be able access a larger population that isn't as technically savvy, or that have other things they have to do. So we've integrated three different types of automation capabilities: here's task-based automation, model-driven automation and intelligent workflow automation. That gives you the flexibility to manage all these different types of infrastructures in these different types of application structures.

ServiceNow executes a workflow. That's great, but the workflow has to get some work done. Puppet closes the loop.Puppet CEO Yvonne Wassenaar

Partner integrations have also been a focus, as Puppet ramps up its push to become a configuration management/infrastructure visibility/security-fixing hub that's the go-to for IT Ops teams wanting to make shit happen at scale: "We've built out partner integrations" Wassenaar says: "We've recrafted what we call The Forge [a repository of different Puppet modules] and we're increasing the interoperability of the platform.

"Think about well adopted technologies like ServiceNow or Splunk. If you think about it, ServiceNow executes a workflow. That's great, but the workflow has to get some work done. We have a customer whose engineers use Slack to trigger a ServiceNow workflow. ServiceNow then triggers Puppet, which actually does the work. Puppet closes the ticket in ServiceNow and all the engineer ever sees as a response in Slack that says that is done. And so this interoperability in environments, whether it's that or working with a DataDog or a Splunk, they identify the problem but they can't fix it. Puppet is that kind of close-the-loop place."

Will investors be as enthusiastic at the perceived opportunity. Wassenaar, like others, will no doubt find out in the near future.

See also: Climate risk data is a hot mess. These open source pioneers want to set things straight