It might seem like it is the dawn of digital transformation, but there have been certain players – good and bad – who have thrived in the digital environment for quite some time. Digital security has always been top of mind for many companies, most especially as Internet access has gone wireless. How can PMs be at the forefront of secure digital transformation? Fmr Illumio Product Leader Matthew Glenn shares the dynamics of cybersecurity and explains the zero trust model.
On Assembling Product Teams at Big Company vs Startup
Matthew first explains for product leaders build teams at different-sized companies, no matter the sector, including cybersecurity. Ultimately you want to find people that are naturally drawn to different aspects of product management but sometimes might need to be a person of all trades.
“When when you’re a leader of a large product management organization, you’re really assembling a team of people and helping them do their job on a daily basis. As a product manager, I like to do this exercise where I draw up all the different things we do as product managers. You could be doing pricing, you could be sitting in a room with engineers doing product trade-offs, you could be working with product marketing on descriptions of like data sheets, you could be giving presentations to the field, you can be working through and just prioritizing your backlog. There are just a million different things that we can do on a day-to-day basis.
The fact is that everybody sort of gravitates towards things that they like to do the best. … I did this with my kids when they were young. I put all their toys in a big circle and I put the kids in the middle of the circle, and they would always gravitate towards the same toys. I’m gonna make the argument that product managers are not different than that. There are some things that product managers love to do, and there are some things that product managers don’t like to do. The thing is, none of that is wrong. So when you start thinking about assembling the team, you need to look at that team, sort of like the child. You need to look at who wants to do the pricing work, who’s going to be going in with engineering and going toe-to-toe on trade-offs for that brand new product? Who’s going to have that really customer focus, thinking about how this product is gonna be supported long-term. …
The thing that we often do is hire people just like us. I’m going to make the argument that that is probably the first mistake that we make in hiring as product managers when you should actually hire someone that addresses all of your weaknesses. When you’re assembling a team, you need to look at how the team is going to be assembled, who’s good at what. … You can’t have one point guard scoring all the points; you need a forward, you need a center, you need a team of people that’s going to help support the field and the engineering organization and guide the product when you’re a large organization.
Going to a small company … I’m writing requirements, I’m actually building demo systems for the product, I’m out visiting customers, so I’m sort of a one-man band. I know the attributes of the first person I am going to hire are all the things I can’t stand doing but are really valuable. That’s sort of the difference. When you’re at a big company, there’s a huge support infrastructure. The process sets your daily regimen. When you’re at a start-up, there is no process. You’re building the process as you go. One minute you are cleaning out the garbage cans, the next minute, you could be talking to the Board of Directors. You have to be sort of prepared for a lot of chaos.”
On Zero Trust in Cybersecurity
Cybersecurity, and zero trust, in particular, are an ever-evolving sector of the marketplace. With zero trust a popular topic but relatively new, Matthew shares his knowledge of this area and gives us great examples for understanding the model.
“I love going to New York City. When I was young, I actually interned at Oppenheimer Capital and I spent a summer there. I was a poor college kid. Inevitably you’re walking around New York City and you see these parties with these big dudes wearing tuxedos and clipboards outside. Basically, it’s a party where only people on the guest list can actually get into it. That’s effectively what zero trust is. Unless you’re absolutely known, to be able to communicate, you’re not allowed in.
It’s a fundamental shift to how we’ve traditionally thought about cybersecurity. Traditionally, the way we think about cybersecurity, you have to go back to the beginning of the internet. The Internet, after was sort of taken out of DARPA in the military, became sort of a kumbaya, like, Hey, isn’t this great, we can all communicate with one another. In fact, everything about IP networking and the internet is if there is a way for point A to point B to communicate, it will find a way. It just does everything it can to find a way for two things to communicate. That fundamental architectural mindset and all the protocols that work inside of a network make it so that when you want to check the score of your favorite basketball team on ESPN, you can click on the scores and boom, it happens, nevermind that there could be an outage in part of the internet because it’s going to route around it.
Those protocols actually give the advantage to the hacker because all they need to be able to do is to infiltrate and provide one little beachhead inside of an organization. Then they can move anywhere they want laterally within an environment. There’s no sort of gateways or bridges or doors or bouncers at those doors, for that matter, that’s really going to stop them from communicating. Back when I was doing wireless, the whole idea was, hey, you’re bleeding WiFi into this street in New York, and now, with my laptop sitting down on Wall Street, I can basically infiltrate any bank and move laterally within the environment. This is obviously a long time ago but that was what was happening and the advantage was to the hackers because they had these flat networks without a lot of controls in them.
Zero trust fundamentally shifts that paradigm. It says, Hey, I know that Dimitry is a member of the product management organization because when he logged into the network and provided his credentials, I validated it was Dimitri probably using some form of two-factor authentication. Based on what Dimitry’s job role is, I know that Dimitri should only be able to communicate with these 38 applications. And so it will only allow Dimitri to connect to those 38 applications in the data center, or VPC, wherever those applications may reside. That’s fundamentally different than what probably most people can do from their laptops, which is, I can SSH into a server in the data center from my laptop, never mind that I shouldn’t be able to do that. That’s sort of a big threat factor. So what zero trust does, it says you should only be able to connect to those things that you’re supposed to be able to connect to, and everything else is by default, not allowed. So just like that bouncer not letting me into that club when I was 21 years old because I wasn’t on that guest list, what zero trust says is unless you’re on the guest list that allows you to connect to those things, then you will not be able to connect.”
On Product Marketing and Product Management in Cybersecurity
With big-name companies in the cybersecurity sector, it’s easy to be recognized, but new startups need brand recognition in addition to great products. Matthew explains how a startup can educate about its product while also becoming well-known in the marketplace.
“Early on in the company, product management and product marketing were really tied at the hip, and still continue to be tied at the hip. I always had product marketing in my staff meeting, because I wanted them to know what was coming down the pipe and I thought it was super important for them to understand what was happening in the organization. At the same time, I always believe Maslow’s Hierarchy of Needs, where it’s most important that you eat and drink. Well, in the market … product management is the most credible organization short of the engineers during the implementation. Ultimately, a lot of the work we did on building a zero-trust brand and talking to analysts was really product management. Our CTO … and I did a lot of that missionary work. So there was always a lot of work done where product management was put in front of analysts and the press because we can speak a lot about what was going on in the market and the capabilities they’re in. Over time we cultivated and were able to pass that on so that marketing was also really capable of doing that, but that’s a muscle that you need to build. You could do everything in the world, but you don’t have the time to do everything. So building the muscle, wherein the product marketing organization can be just as credible, or close to as credible, as a product manager, takes a lot of time and energy. Early on, we did a lot of that ourselves. In fact, at one point I was asked to rebuild the product marketing organization and the technical marketing organization. That sort of moment where I rebuilt those teams made me really feel like they had to be at my meeting so they understood what was going on, why we were building features, and the relevance of those features, so that they could go out and talk to analysts and help with sales training and all those other things because they got it right from the horse’s mouth.”
About the host
Products That Count is the original and most influential product acceleration platform in the world. Almost 300,000 product managers globally read, watch, attend and listen to our 3,000+ free blog posts, videos, webinars and podcasts. C/VP-level product executives such as Netflix Product VP, Coinbase CPO, and Box CPO share best practices and raise their profile at our curated product salons, podcast show and mastermind circles. Leading brands such as Autodesk and Capital One join as corporate members to turn their product teams into a competitive advantage. Hyper-growth companies like Amplitude have generated 10X ROI from marketing partnerships. Learn more at productsthatcount.com