Sanjay Beri: First thing you want to do is make it clear what that culture is, and so you embed it into your systems or processes, and how you think from myself to everybody else, how they think and hire. The second is if you hire on that culture and you espouse it, hopefully all your other leaders will do the same.
Speaker 2: Hello and welcome to Security Visionaries hosted by Jason Clark, CSO at Netskope. You just heard from today's guest Sanjay Beri, Founder and CEO of Netskope. Being an industry leader for over two decades has given Sanjay insight into what makes or breaks a security company, culture. Determining what company culture is and driving into every facet of business is just as important as the work that's being done. Sanjay has created a culture at Netskope that relies on innovation, transparency, and collaboration, without it Netskope would not be where it is today. Because some of us are working room remotely and connecting through a screen instead of face to face, culture is more important than ever. It's the North Star of our work as Sanjay puts it, having a strong culture isn't just up to the leaders, but the responsibility of every person in the company. And from that comes a positive impact on employees and business itself. So before we dive into Sanjay's interview, here's a brief word from our sponsor.
Speaker 3: The Security Visionaries podcast is powered by the team at Netskope. Netskope is the sassy leader, offering everything you need to provide a fast data centric and cloud smart user experience at the speed of business today. Learn more at netskope.com.
Speaker 2: Without further ado, please enjoy episode 11 of Security Visionaries with Sanjay Beri, Founder and CEO of Netskope and your host, Jason Clark.
Jason Clark: Welcome to Security Visionaries. I'm your host, Jason Clark joined by Sanjay Beri, the CEO of Netskope. Sanjay, how are you today?
Sanjay Beri: Doing well, fortunately, how are yourself, Jason?
Jason Clark: Super fantastic, feeling great after a long weekend. So it's very refreshed. So what we want to talk about today is a little bit about just your vision and your founding of Netskope and just the journey that your life has brought you too, and a little bit about culture and leadership. But I want to start with, seven years ago you came and met with me when I was the Chief Strategy and Head of Services at Optiv, right? To share your vision. I get pitched at while I was in that role by over a 1,000 security vendors and spent time with at least 500 CISOs and CIOs every single year. And so I was really trying to be close to the problem and a lot was changing at the time and your vision, just it wowed me, it stuck out. So I want to talk about maybe just what was the problem that you were looking at and how did you bring together all of these components that were seven years in a way almost ahead of their time?
Sanjay Beri: Yeah, that's a great question. So one of the big things that I love to do is spend time with CIOs, with CISOs, with CTOs, even with CEOs, keep your nose to the ground and was very clear to me was that amidst this changing environment of how people work. Remember nine years ago, work remote happening a little bit, use of cloud for many was happening, but many were fighting against it. But the reality is that when I looked within a company, I could see that, wait a minute, it doesn't matter actually in this case with the CXOs are saying the users had voted, they were using SaaS, they were working remote, they were bringing their own devices. Most people know when a user votes and an end user decides to do something, it's an immovable force in many times, and there's no point in fighting against that. And so the reality is what I saw when I looked within organizations was their data had moved to the internet, to the cloud. Their users had moved using their own devices, working from anywhere, and their apps were slowly moving, even if it was business units moving it, not yet corporate IT. And yet at the same time, if you looked at their budgets, you're like, wait, all of the budgets for networking and security was being spent on things, protecting the old world, on-prem, apps, assets, data living in the four brick walls. And that wasn't going to work for what was happening in reality under the hood in the companies. And so it was very clear to me that the perimeter of a company would change, the edge of a company would change and security would be transformed because the transformation digitally was happening under people's nose. So that's the macro thoughts and learning that led to obviously over time, the creation of Netskope.
Jason Clark: When I was the CISO for Emerson Electric, we were a heavy Blackberry, right. [inaudible 00:05:12] shop and was...
Sanjay Beri: Hey, don't say too much bad things about Blackberry. I was Canadian and I went to university right beside where they were just a fledgling company.
Jason Clark: It was one of the best devices I've ever owned, I think was indestructible.
Sanjay Beri: The key is was.
Jason Clark: Yeah.
Sanjay Beri: Yes.
Jason Clark: And I was die hard this is the best thing for security, this is what every executive and everybody gets in the company. And people started bringing in the iPhone, version one, two, and I said, no, it's not going to happen, as a security leader, nope. Not allowed. Right. And then the CEO got one and then all direct reports got one, and then all their direct reports got one, and it was like that's the example of where security says no, and the user and the business just said, yes. Right. It was the example of what not to do as a security leader today. But back then, it wasn't the way. Right. And so it just happened, and that's I think a lot what happened with SaaS. Right. Where the business and the user just said yes. So as that was one of your main first focus areas, what about SaaS is very hard for security teams? What makes it hard?
Sanjay Beri: Yeah. And so, one thing is that the reality only started the company was we knew this would happen for all the internet, not just SaaS, but my belief was that all properties on the internet would look more and more like cloud. I call websites just dumb SaaS apps. And the reality is that over time they would all look like that. And so, one, the vision was much broader, the reason that SaaS was the focus... Was two factors. One was, obviously, look, nobody was doing anything from a security perspective from it. And when you build a company, you focus on white space, build your brand, so that's the pragmatic entrepreneur's view is, look, you know this trend is going to happen where all of the internet is going to look like cloud apps. They're going to be based on JSON and APIs and your language is going to change on how you interpret them. But pragmatically, let's focus first to get in the door on how do you secure something that is a wide open problem? And that was SaaS. And the reality is SaaS at that point was 90 plus percent led by business units. You'd go to financials and they would say, "No, we're not using cloud." You look in and you go, "But you use 1000 SaaS apps from marketing and HR and so on." And I couldn't tell you how many times that happened. Now you'd go to a high tech company and they would say, "Look, we're building our company. Why would we not build it by leveraging the beauty and the mobility and the efficiency and the innovation of SaaS?" But anywhere beyond that, in that time, they were holding on to the old way of doing things. And under their nose stuff was being used in the SaaS world. So it was a hard problem because your buyer, the person who has the money, they in many cases had not yet admitted to their organization, that they were using SaaS. And so why were they going to go buy something that the company didn't think they were using yet? And so many times, to move that along, you had to rip the blindfolds off and just show them that, wait a minute, it's one of your biggest security risks. You don't even know you're using this. You can't even track the transactions of the data, and this is your most sensitive data, and this is high, high risk. So rip that blindfold off, show the risk so that they know they have that, they used to call it problem. I said, "Don't fight the problem." It's not a problem because SaaS is frankly, where the innovation is going to happen and you're going to end up with the majority area apps being SaaS. So, Hey, get on the front of that and build a program and security that could enable the use of SaaS. Don't view it as, "Hey, I got to go find it and shut it down." And so that was why there was a lot of confusion on, do I have it? Do I not? Oh, no, I have to convince my org that we have it. And you had to go through all of that. But now of course we're well past that, but in the beginning, those were the...
Jason Clark: How did you explain to them that Salesforce or Workday, or any of these SaaS apps, the thousands that organization's using and only maybe 5% they accept they're using. How did you explain it's different than a website?
Sanjay Beri: Yeah. So I'll give you a simple example. We used to go into organizations and we'd say to them, "Look, what do you think the risk of a website is?" And they'd say, "Well, the risk of a website is they go to a malicious website and they get hit with malware and they infect us." Right. And say, "Oh, okay, great." And then I'd say, "Well, what's the risk of a SaaS app?" And they go, well, the risk of a SaaS app is... And when they thought about it, they went, "Wait, the risk of a SaaS app is that people will use it unfettered to put sensitive data in and they share it everywhere and it propagates." Right. It was a data problem actually. Now everybody knows, well, not everybody, but folks I think, realize that data's their most valuable asset, that's what everybody's after. And so SaaS became a data problem. It became a, I want SaaS so that I can process my data faster in a more deeper way. I can share my data. I can create more useful data. That's what SaaS was for. Yet then they realize, and that's the risk is that I need to let people do that, but protect that data. And so that's how focused them on the data problem, once they realized that SaaS was there and was never going away. And that was very different than how they viewed websites, which they just viewed as content filtering, frankly, Hey, can you go there or not? Is it bad or good? It was binary. SaaS is not binary. You can't go, is it bad or good? It's good in general, and maybe some of the activities are bad. And so I think it opened up to people's mind, a whole notion of, wait a minute, I can't just block or allow, I can't just do what traditional proxies and web filtering does. I need to actually understand what's going on here. So I can set these more granular policies that let people use these apps yet protect our data and stop risky activities. And that Jason, led to this creation of what we call this Layer 8 concept of processing internet traffic at the API level, because the only way to intelligently process SaaS and enable it and prevent risky behavior was doing it at this level that we called Layer 8 in the beginning.
Jason Clark: Yeah. I feel like we need a new OSI model now. Right. Because most of all the context is above layer seven, right? It's all what the user's doing. And they usually used to say that Layer 8 is the user problem, well, it is, right. We need to know what the user is doing in that app, just like that app was on-prem. So maybe talk a little bit about SSE, but also how that's different from SASE which has been around for a couple years.
Sanjay Beri: So SSE which is obviously a Gartner term for what in many cases are described and SASE are very much similar, but the best way to describe the difference between SASE and SSE, is SASE is just SSE with an SD-WAN, right? That's the simple way to describe it. And SSE is really this notion of what we just described, a virtual consolidated edge, which has the ability to govern all your internet and on-prem traffic in line and out of band and protect your data and protect against threats. And that integrates with the rest of your ecosystem, your identity endpoint and SIM ecosystem. And so in my view, it's one of the four big platforms that a security organization will want to center themselves on. You have your identity platform, your [inaudible 00:13:19], your [SimSo 00:13:20], and then you have your SSE platform as well. And so really for 10 years early, we used to sit around describing what we do saying, "We're the new cloud edge, we're the secure edge, we're the new virtual perimeter." Okay, well, now Gartner stamped a term on it. And as people learn about it and adopt it. We won't have to go through that description. We can say it's SSE.
Jason Clark: I think people will see this as the biggest change in cybersecurity in a decade, and probably a decade forward. Right. It's significant, the consolidation of all of the various technologies that make up SSE is... That's never been done before, right. You're basically taking the entire perimeter and virtualizing it into the cloud.
Sanjay Beri: Yeah, totally. I think as well, if you're a CIO or you're a CISO, there's the beauty in simplicity of consolidation, there's obviously the efficiency of processing your traffic and doing SL encryption once and doing data protection in real time and doing it at Layer 8, there's all those advantages. And then there's obviously in my view of significant cost advantage over time, right? You're not keeping a large part of your infrastructure on premise, truck rolling it, you're managing it in a consolidated way. And so I think in many times when you have a new quadrant or you have a new space, a lot of people look at them and go, "How is that really what I like, or what I want, or is that the future?" In this case, I think people realize that, "Wait, this is actually what we have been talking about doing." Even the most rigid financials who hairpin VPN back and stay on-prem even them go, "This is where we want to be." Right. And this is where we're going to end up. This is our North Star for what used to be data network security. It's categorized now as SSE and let's step our way into that. And so I really do think that this is a quadrant and a space and a name and a category that does redefine that market forever.
Jason Clark: Last question on just from a Netskope perspective. You've got thousands of customers now, as you're meeting with all of them, what do you hear is the most consistent problem or thing that they want you as the CEO at Netskope to stay true to?
Sanjay Beri: So one, I'm a big believer that in security you innovate or you die. And we've seen this happen with some of the biggest names in security, right? Some it's already happened, they got bought by PE, they went down, didn't innovate, they invested 15% of our capital in R&D. That's a death knell for security companies, if you start doing that. So I think one of the things that has been true to my heart is that when you think about building and being a partner of organizations, they want you to be a step ahead from an innovation point of view. They want you to invest in the R&D. Because that is the basis of why, in many cases they chose you. And so, one is I think they want us to stay true to what we've been always been doing and I firmly believe in that. The second is look, in any relationship and in the industry, you're going to have left turns and right turns and hills. And the other big piece is, Hey, be a partner, culturally, the company Netskope was founded on the notion of being open, collaborative, a partner, we're not a transactional drive by company. And I think anybody who works with us knows that, and I think that's what they want. Right. They know that they don't know everything. They know that a year down the road, they're going to hit this roadblock or they're going to need X. And they just want partners who work with them on it. Right. And I think too many times you have organizations that especially when they become too bureaucratic or too large, they lose that partnership and intimacy with a customer. And so those two things, you asked me for one, I gave you two.
Jason Clark: So on that partnership, the source of that has to be the culture, right. And Netskope is known for having a great culture, from its customers, from its partner and employees. How do you maintain that? Netskope is a rocket ship and you're doubling your employee base. How do you maintain that culture over time?
Sanjay Beri: Yeah, it's a good question. And actually it's a question I think true of... Many folks who may be listening, if you're around a security organization or an IT organization, or a part of that, you used to keep the same thing about your organization, how do I drive a certain type of culture? And the reality is one, the first thing you want to do is make it clear what that culture is, and either you're five people or 2000 or 10,000 or 50,000 people want to know. And so one of the things is we make it very clear what our culture is, the concept of being open, of being innovative, of being transparent, collaborative. We put it everywhere. It's on our walls. It's our virtual walls. It's in every hall hands, actually it's how we rate everyone. At the end of the year, the six cultural traits people actually get reviewed on. And so you embed it into your systems, your processes, and how you think from myself to everybody else, how they think and hire, and it has to be that. The second is, there's no one person who holds your culture. The reality is that, especially as you grow and you are spread worldwide, in every geography, in every function, every region, and every person needs to be a beholder of that culture. And especially your regional and your functional and your executive leaders and your individual architect and other North Star people, they need to drive that in how they operate, how they think, and how they hire. And so the second is, if you hire on that culture and you espouse it, hopefully all your other leaders will do the same. And then you measure it, right? At the end of the year for each of them and in between. And so I think it's about that, it's just about driving it. To give you an example, at Netskope we have four open dialogue calls every few weeks, and anybody in the company, depending on your region, because it's done in specific time zones to be amenable to those teams. They come on and they can, for example, ask anything they want from myself. We have another one tomorrow, for example, and they'll ask, you really get to know what's on people's minds and they feel comfortable asking you about anything. It could be snacks in this specific office. It could be some targeted questions around what we're doing with specific product areas. It could be around benefits. It could be around how we're making a positive impact in our giving. It could be so many topics. And the fact that you have such an open door means that you really are not just saying you want this culture and reviewing it and metricing it, but you got to live it. And I think it needs to be lived across the board from everyone and that drives culture. You'll deviate, everybody deviates, but you got to stamp those deviations out and just be self-aware enough and correct.
Jason Clark: I've never seen a company that does for all hands open calls with all employees, where they can ask you anything they want. It's not an easy thing to manage, Sanjay. I'm sure you've gotten some tough questions where you're like, okay. And you have to respond on the spot. So do you have a number of people that are ready to type you what the actual answer is, if you don't know it?
Sanjay Beri: Well, it's funny. I think we have a place in our company now where everybody feels comfortable asking anything and like, so you will get the absolute toughest questions, but the beauty is not even mattering what the question is, the fact that the person asked it, to me is success. Because that means you've created a culture where they're comfortable being open and asking it. And if it's on their mind, it's probably on others' mind. And so we want to talk about it. And so one is, I try to answer every question that I can to my knowledge, but if I don't know something and I'll give you an example, once somebody asked me about bills rising during the pandemic, in our health plan and the pharmacies, and I didn't know the answer to the question, I was like, "Really? I didn't even know." But what we promise is we follow up, and so we followed up that week. We tracked out what was going on with this specific pharmacy, nothing to do with our specific health plan. It's a very nuanced question, and you go, "What? Wow, they're asking that." But the reality is, that was what's important to that person at that time. And so us making sure we listen and follow through, yes, there are people who helped do that. And I think the key is making sure that everybody in those forms is heard and followed up on, even if it's not live because they don't have the answer.
Jason Clark: So you talked about so much of the culture is about hiring, right? And your leaders, right. Representing that culture, and then who they hire. As you've grown, right. As a leader throughout your career, you look back, what have been some of your... This is two part question. What have been some of your greatest learning experiences and maybe a little bit about people who have also helped mentor you?
Sanjay Beri: Learning experiences for me, one of the things that I love about what I do and working with folks like yourself and others is, you're constantly learning and that's the beauty. It keeps you going and you're like, "Wow, this is amazing." And so one, I think one of the things that everyone should know is that, look, your goal, for example, my goal as CEO is to bring people on who are amazing at what they do, way better than I could ever be at those functions and let them loose. Get them aligned on a common vision and a goal, but don't micromanage them and let them, ultimately, in our case, beyond entrepreneurs they want. And so for me, I've always felt there's a great, I don't know who said it, but great quote that, leadership isn't about control, it's about influence, right? And I really do take that to heart. When you're thinking about leading your organization, it's not about what you tell them to do or what you control, right? It's about bringing in people who really are entrepreneurs, who want to own an area and influencing them so that in their heart, they actually want to go down that path. And so that's one, to capstone it, leadership, I think learning is about influence more than anything. The second, which we just touched on is that everybody wants to come to a place and they want to be part of a mission where not only does it have a positive impact, but frankly that they like working with the people in the company and that's about culture. And so I have learned through good and bad places, that culture in many cases of this decider, it's why people join your organization. It's why they stay, it's why they put in that effort. And I think that is often lost. It's often lost in many cases, when you have very large public companies with large boards, they don't even operate well at that level. How are the people in the company supposed to operate well, when you don't have your governance team operating well? And so I think culture all the way down and up and across and everywhere, and then people really taking to heart that leadership is about influence, not about control. So those are two things that I would take away.
Jason Clark: Yeah. It gives your company a soul.
Sanjay Beri: Totally.
Jason Clark: So the second part of that question from a mentorship.
Sanjay Beri: So I've had many people that I would look to in different areas as mentors. One, as you grow your career, you have different types of mentors, you may have in the beginning of your life, you may have somebody who is not a domain mentor, I call it. It's a, "Wow, I'm really inspired by that person." I may not even know them well, I'm just inspired by watching them and doing what they do. And so for me, that would've been my father who came the country with just a few bucks, lived in a YMCA was in Canada, and just built himself and his family up. And so that was a great mentor for me just to say, wow, what does hard work and determination and so on, really what happens when you apply yourself to do that and do it in the right way? And so that's what I call a non domain mentor. Domain mentors, like where are, when you, Hey, you're picking your [inaudible 00:26:07], you're driving to do what you do. For me, I view throughout my career, a bunch of them. Right now, I view a gentleman named John Thompson as a mentor. He used to be the chairman of Microsoft and Symantec and so on. But you sit down with someone like that and is the most down to earth person, who talks only about what he could have done better than all of his accomplish, and really sets the tone for how you want to drive positive impact and culture. And yet in our space also knows a heck of a lot about security and beyond. And so it's a mix of a domain and a soul mentor, and those are just some examples of people.
Jason Clark: Those are great. Those are the two brilliant examples. I think that people and leaders, right. Don't focus on that enough of who you surround yourself with, who you're inspiring to be. I also like a saying that, you're pretty much the result of the top 10 people, right. That you are with, right. That you surround yourself with, that's who you become. And when you're surrounded by people, you inspire to be, right. As a human, as a leader, right. Then you naturally get those attributes from them. Right. So I think that's something I think everybody should always think about is who am I surrounding myself with? And who am I being inspired by? So in our final segment part here, it's more a quick hit on some quick things about you, right? The first one is what's one talent or skill you have that wouldn't be on your resume?
Sanjay Beri: Wow. Okay. There you go. Well, let's see, I can play basketball and tennis, and in Canada where they don't have the professional sports bar that we have here, I wasn't so bad.
Jason Clark: Nice. So were you a point guard or a shooting guard or what?
Sanjay Beri: You know what? I was definitely not a center or a forward, so I would definitely say I would fall in the category of a guard and then tennis, usually we'd play both singles and doubles.
Jason Clark: Nice. Cool. And so if you were not doing what you're doing today in networking security, what would you be doing?
Sanjay Beri: I would say what I would want to be doing is playing in...
Jason Clark: Yes. What would you want to be doing?
Sanjay Beri: What I'd want to be doing is I want to be playing in the NBA damn it, Jason. But the reality is that if there's a division a 100 levels below the NBA, that's what I'd be playing in.
Jason Clark: I love it.
Sanjay Beri: There you go. Yeah. The second would be some baseball league that's 10 levels below Minor League.
Jason Clark: I'm surprised you didn't say hockey.
Sanjay Beri: I grew up playing stick hockey, but I was never really the ice hockey player.
Jason Clark: Yeah. I always also just want to keep my teeth.
Sanjay Beri: Yes. There you go.
Jason Clark: I was going to ask you, what's your favorite hobby? But you just named it. It's probably a lot of watching these sports. So for a first time CEO, of let's call it something, the 2000 cybersecurity companies or more that there is. What would be your top piece of advice for them?
Sanjay Beri: So, one, we talked about some of it, culture and innovation matter most, that's the summary. Culture, drive your company the way that you would like that culture to live and never forget about innovation, right? And as part of that, you are going to get people who tell you to do something different. Change your culture, don't let it be open and collaborative, for whatever reason. They'll tell you to flood the market with sales and marketing and less on R&D or innovate. My summary in telling you this is culture and innovation matter most. And don't let anyone tell you otherwise, and don't let anyone change your view, if you truly believe what I just said. That is perhaps the hardest thing, there are going to be so many times and opportunities and people who try to make you sacrifice those things. And if you want to chart and play the long game, culture and innovation matter the most.
Jason Clark: Love it. And then last question, what would be that piece of advice you'd give to any CISO that just landed and is a first time CISO?
Sanjay Beri: Well, first of all, me giving advice to a CISO on their job, there are far better people to do it. I know my place. So for one, I'll tell you that because I admire so much what all those women and men have to do in that role. It's such a tough role. And so-
Jason Clark: But you've met with of thousands and thousands, right?
Sanjay Beri: I met with [inaudible 00:31:05] yeah. Look, I think the advice I would give them is one, build bridges, as all of us know, under an organization, security can get things done, but they need the support, both of the board, they need the support of their networking and IT, and beyond partners. And so a way to build that bridge early, to make sure that folks don't feel that, Hey, security is an inhibitor or threatening, right. That's the number one thing, because we all know you need others to accomplish your goal and that includes business units. So building those bridges. Two, is reach out to the innovation ecosystem. If you don't have inroads into new companies, innovative companies, CEOs, others, and those... Try to build that network because hearing and seeing what's happening right in that ecosystem will open up so many ideas for you, but also will let you unleash a great set of technologies to take advantage or solve some of the big challenges they're going through. And so one is, reach inside and build bridges and then reach outside and build bridges to that innovation ecosystem.
Jason Clark: Yeah. Amazing. Well, that is all we have time for. And Sanjay, thank you so much for sharing your insights and passion and thank you for this whole conversation. But also, it's just amazing to see again, we had this conversation seven years ago, where you drew on a whiteboard your vision and see it, to turn into one of the fastest growing security companies in the world, one of the largest security companies now, and also creating an entire category based on your vision it's just amazing. It's rare to ever see and I think you obviously just keep doing what you're doing and help them make the world a better place. So thank you so much, Sanjay. Sanjay Beri: Yeah. Thanks, Jason, for inviting myself. Great. Had a lot of fun.
Speaker 3: The Security Visionaries podcast is powered by the team at Netskope. Looking for the right cloud security platform to enable your digital transformation journey? The Netskope security cloud helps you safely and quickly connect users directly to the internet, from any device to any application. Learn more at netskope.com.
Speaker 2: Thank you for listening to Security Visionaries. Please take a moment to rate and review the show and share it with someone you know, who might enjoy. Stay tuned for episodes releasing every other week, and we'll see you in the next one.