Elizabeth Lawler is the co-founder and CEO of AppMap, a provider of developer observability tools that run in the code editor, eliminating hours of toil that stalls creativity and innovation for developers.
AppMap’s industry-first platform delivers dynamic software performance, security analysis and runtime insights to developers in the code editor. The company disrupts traditional approaches to the developer experience by seamlessly integrating its open source runtime code analysis tool into the code writing process. This empowers developers and their organizations with real-time observability shifted “all the way” left.
Previously, Elizabeth was Vice President, DevOps Security at CyberArk (CYBR), where she launched the company’s open-source go-to market-strategy for developer-focused tools and technologies. Prior to CyberArk, Elizabeth founded Conjur (acq. CyberArk), which delivered the first product to address Privileged Account Security gaps for DevOps, cloud, and container-native software. Elizabeth has also served as Chief Data Officer of Generation Health (acquired by CVS Caremark) and held national leadership positions at the Department of Veterans Affairs. She holds a doctorate degree and is a data scientist by training. She is a speaker on topics of software development, DevOps, and cyber security.
In this exclusive interview, Elizabeth Lawler discusses optimization of the code development process, security analysis and so much more.
In laypersons terms, please explain what AppMap is and what prompted its creation?
AppMap provides the first developer observability platform that delivers software performance, security analysis, and runtime insights to developers in the code editor. Think of it as Google Maps for your backend code. The platform collects information about how your code works and its predicted production behavior and presents the information as interactive diagrams and recommendations that you can search and navigate.
AppMap was built on the simple premise that developers should be able to see the runtime behavior of software as they write code so developers can fix design problems immediately. AppMap is founded by a serial startup team from the DevOps, security, and development tools space, focused on improving software delivery and security.
What problems does AppMap effectively solve and how does it optimize development?
Existing software analysis tools and linters are unable to identify complex code-related design issues or troubleshoot anticipated customer performance issues. With its open source runtime code analysis platform that lives directly in the code editor, AppMap disrupts traditional approaches to coding by empowering developers and their organizations with real-time observability and troubleshooting.
Until now, developers and software teams have been forced to rely on static analysis tools and complex software workflows and break-fix methodologies to find and remediate issues. This results in hours of rework that stalls creativity and innovation. Software toil is one of the main drivers of developers quitting at an unprecedented rate of 20% per year, one of the highest of any industry.
AppMap solves this through its free, open source developer platform that continually maps, analyzes and assesses the performance, stability, and security of application code as it is written, dramatically reducing software development toil and rework, which costs organizations up to $85 billion per year. Its user-friendly interactive experience as a code editor extension enables developers to cut through complexity, reduce rework, and unleash their creativity.
How did you manage to acquire more than 35,000 users as a seed-stage startup?
This speaks to just how critical it is for developers to be able to see their code and understand any issues it will experience before they commit it. Our deep integration into the VS Code and JetBrains marketplaces makes it incredibly easy for new users to find AppMap and to get started with it without having any data leave their development environment. Developers are able to stay in their software engineering flow because AppMap installs right into their code editor, right alongside the code they are actively working on.
And perhaps most importantly, no data leave the code editor. It all remains local to their coding environment! So developer can feel safe in choosing to use AppMap to improve their code quality and code understanding.
AppMap is commercial software, but it also has an open source extension. Could you please share your view of an ideal balance between commercial and free open source development? How does open source help you, in particular?
AppMap is open source first which helps us distribute our software freely to development teams. Security teams trust AppMap because of our open source approach. The ability to understand the value of AppMap for development teams is unimpeded.
However, there is more benefit to using AppMap as a team to increase software delivery velocity and software quality through enhanced code reviews, automated API documentation and runtime software quality analysis. These features require orchestration between systems from the developer’s own laptop, to the source code repository like GitHub for example, and verification of the latest release further down the CI/CD pipeline from the laptop. These are paid features for teams and we provide the integrations and services to deliver these enhanced features.
Please share a bit about your unique approach to design – your collaboration with musicians and comic book artists?
It is no surprise that many of the early employees with AppMap are designers and artists. It takes a team of creative people to rethink such a fundamental part of the developer experience, how we code. We’ve always taken a design first approach when building the visualizations that power these deep runtime insights. It takes outside the box thinking to deliver real innovation. We are hiring!
With more and more services and applications moving to the cloud, what are the main security challenges?
The DevOps movement has spent the last 10+ years working to optimize the software delivery lifecycle. It has succeeded in large part because product development teams are always looking to lower the time it takes for them to deliver software to their users. The cloud has also decreased the speed it takes for developers and companies to deploy their applications, making them available to their customers. The unexpected outcome of this result is that many teams have not also improved their security analysis tools to keep up. This then leaves the burden on security engineers who need to find vulnerabilities after they have already been deployed to production.
For the first time, AppMap helps developers find and fix runtime software security issues and performance issues even before they commit their code.
From a security perspective, what should potential users know about AppMap?
AppMap is distributed via the VS Code and JetBrains marketplaces and installed locally by a developer and the files are locally stored in the code. AppMap can be included as a development dependency software library on their project and all of the AppMaps are saved locally when generated by the software. Users can securely share their AppMap with their team members via Github Pull requests, Jira tickets and inside of their corporate Slack environments.
How do you hope to evolve the company in the next 6 months, year and 5 years?
The next 6 months for AppMap is just continuing to deliver on the promise to our users to reduce toil and rework in the software creation and development process. Over the next year we hope to continue to expand our partnership and integration with leading software developer tools platforms who are aligned in the focus on improving the developer experience, such as our partnership with Postman, for example.
Over the next 5 years, I think the emphasis will be on developers’ experience moving beyond the internal optimization of process within a software development group, to the external acceleration of time-to-value for the API and service oriented world of modern software development. With applications typically being composed of thousands of consumed libraries, SDKs and APIs, it is impossible to be expert at the runtime behavioral optimization of each and every one. Yet how developers experience success in the code editor and efficacy with consuming these tools is a core part developer experience. Stepping forward, we see this as a tremendous opportunity to accelerate software development at a massive scale through runtime analysis in the editor.
Your perspectives on the present and future of IT? Any 2023 predictions to share?
Last year, we predicted that code would be increasingly written and edited by code, and I think we nailed it- look at the amazing attention that Co-Pilot and now ChatGPT commanded in 2022. AI powered code generation is coming to an editor near you. But how will that drive future maintainability issues? How does it impact understanding of code’s design and structure, and what other considerations are not included in the generative models? We believe data about software behavior generated as part of the coding process has a strong part to play here as well to ensure that generative coding tools are appropriately incorporated into cohesive software design. Code design is the new constraint to delivering high quality software, not code writing, and AppMap is here to help.
Is there anything else that you would like to share with the CyberTalk.org audience?
For engineers who are curious to learn more about AppMap, you can join the growing AppMap user group in Slack (https://appmap.io/slack). You can also find our projects on Github (https://github.com/getappmap).