Tech Brew Ride Home [Bonus]: Cohesity CEO Sanjay Poonen

Date: November 1, 2025
Host: Brian McCullough (Morning Brew’s Tech Brew Ride Home)
Guest: Sanjay Poonen (CEO, Cohesity)
Episode Focus: Market Leadership, M&A Strategy, Cybersecurity, AI Innovation, and IPO Outlook in Data Protection

Episode Overview

This bonus episode features an insightful interview with Cohesity CEO Sanjay Poonen. The discussion focuses on Cohesity’s industry-shaking combination with Veritas’s Data Protection business, the strategic rationale behind the deal, key shifts in the data security landscape, and how Cohesity is integrating AI. Sanjay also touches on IPO timing, public company valuation, and why influential tech investors matter more than public milestones.

Key Discussion Points & Insights

1. Strategic Rationale for the Veritas Deal

Timestamp: 01:29 – 04:26

Objective: Sanjay explains that upon joining Cohesity, he saw the company had “the best tech in the industry” but was mostly limited to North America (80% of revenue), only seventh in market share despite technical leadership.
Market Context: The data protection market is crowded, with around 50 players vying for single-digit-percentage market shares.
Deal Motivation: The acquisition of Veritas’s NetBackup business was about expanding customer base and market share—not technology.
- “[Veritas] Netbackup as a data mover was a good data mover. Lots of bells and whistles put on our file system and our zero trust immutable platform would be incredible combination.” (Sanjay Poonen, 02:58)
Results:
- Cohesity skyrocketed to #1 in market share (IDC 2025).
- Customer base grew from 4,500 to 13,000.
- International revenue neared 50%.
- Combine “profitable growth” by fusing Cohesity’s aggressive expansion with Veritas’s profitability.

2. What the Merger Means for Customers

Timestamp: 04:26 – 07:23

Three Customer Types:
- Existing Cohesity Customers: Benefit from a bigger engineering team, more innovation, rapid releases (notably in security and AI).
- Legacy NetBackup Customers: Get to modernize onto Cohesity’s immutable platform with minimal disruption, keep familiar workflows, and upgrade seamlessly.
- New Customers: Get the latest Cohesity tech, which is inherently more modernized.
Customer Assurance:
- No customer left behind; special care for legacy NetBackup customers.
- “That competition now has become a very collaborative discussion about their go forward roadmap.” (Sanjay Poonen, 06:28)
- Sanjay notes nearly no customer defections since the deal, a reversal from prior steady outflows to competitors.

3. The Security Paradigm Shift—It’s About Recovery

Timestamp: 07:23 – 10:07

Modern Reality:
- “Assume you will be attacked and focus on fast recovery.”
- Using the NIST framework: detect, prevent, recover, remediate.
Key Insight: Prevention is important, but ensuring rapid recovery is paramount—like having strong immunity and being able to get back on your feet fast after an “inevitable” infection.
- “The more relevant question isn’t that you’re not going to get the virus… How quickly can you recover?” (Sanjay Poonen, 08:18)
Preparedness Analogy:
- Prepares clients with app recovery time categories, akin to disaster or health preparedness.
- Competitive advantage: rapid, secure “cyber recovery” distinguished from legacy approaches.

4. Cybersecurity Best Practices & Leadership

Timestamp: 10:07 – 13:49

Employee Culture:
- Many employees don’t immediately report cyber incidents due to culture or process issues.
Operationalizing Resilience:
- Cohesity partners with Google/Mandiant, CrowdStrike, Palo Alto, etc., to receive early threat feeds.
- Offers a free “Cyber Event Response Team” (CERT) to clients, modeled after health industry “concierge” services.
Data Protection Advice:
- The “rule of three”: always maintain three copies of your data, the third in an air-gapped “bunker” (Cohesity’s Fort Knox).
- “Often we find a cyber attack happens with the first copy and sometimes the second… the third copy though, being in an air gap, meaning disconnected… is safe.” (Sanjay Poonen, 12:08)
- Five-step cyber resilience process, focused heavily on education, process, and thought leadership.
Security Council:
- Cohesity’s security advisory board includes icons like Dave DeWalt and Alex Stamos; regular learning and process sharing with clients, including government and defense agencies.
- Cohesity is used across NATO-friendly governments—indicating trust and geopolitical relevance.

5. AI and the Challenge of Responsible Data Insight

Timestamp: 15:47 – 19:21

Cohesity’s AI Agent (“Gaia”):
- Integrates retrieval-augmented generation (RAG) to allow safe, LLM-powered queries over decades of backup data.
- Example: instantly summarizing data from “200 million PDFs” to find contract patterns.
Responsible AI:
- Hallucination Mitigation: RAG ensures LLMs only reason over actual customer data, not random internet content.
- Security & Data Governance: Enforcement mechanisms prevent unauthorized users from accessing data they couldn’t normally recover. This forms the foundation of a “responsible AI framework.”
Quote:
- “If you are not allowed to read that document in a recovery process… you shouldn’t be allowed to query that data.” (Sanjay Poonen, 18:14)

6. IPO Timing, Valuation, and the Value of Strategic Investors

Timestamp: 19:21 – 22:42

IPO Viewpoint:
- Sanjay sees IPO as a “milestone, not a destination,” drawing from his public company officer experience at VMware and SAP.
- Cohesity is now “number one in market share,” outperforming public rivals like Rubrik (#6 by share) in both scale and profitability.
- “We can see eyesight to 2 billion in revenue… create a 5 billion revenue company which has never been done in this space.” (Sanjay Poonen, 20:39)
Valuation Philosophy:
- Valuation benchmarks come from existing public competitors, but “if you’re bigger, you should hopefully get better metrics.”
- The focus is on building a durable, innovative company, prioritizing employees and customers.
- “Having Nvidia invest in Cohesity is more important than IPO… Five really good tech investors… collaborating with us to ensure we’re successful. That to me is very important.” (Sanjay Poonen, 21:39)
- Investors (Nvidia, AWS, Google, Cisco, IBM, plus VC giants) are as important for current execution as any public market outcome.

Notable Quotes & Memorable Moments

On the merger’s impact:
- “We were able to construct a deal which was one of the deals of the century…” (Sanjay Poonen, 03:32)
On data recovery vs. prevention:
- “The more important procedure which we do really well is focus on rapid recovery, cyber recovery of your data.” (Sanjay Poonen, 09:40)
On responsible AI:
- “It builds a very sophisticated kind of… responsibility, security, privileges… a responsible AI framework for Gaia.” (Sanjay Poonen, 18:32)
On company priorities:
- “My focus is really on employees first to ensure employees are engaged, building great innovation… second focus is customers, really customer obsession.” (Sanjay Poonen, 22:13)

Important Timestamps

01:29 — Strategic rationale for the Veritas acquisition
04:26 — Customer impact explained
07:23 — Security mindset shift: prevention vs. recovery
10:07 — Employee & organizational cyber resilience
15:47 — Cohesity’s Gaia AI/Responsible AI approach
19:21 — IPO, valuation, and market leadership philosophy

Episode Tone & Style

Sanjay Poonen is forthright, pragmatic, and occasionally humorous. He draws from analogies (healthcare, disaster preparedness) to underscore cybersecurity realities, and speaks with the polish of an executive steeped in both strategy and product detail. The conversation is high-level but accessible, balancing market talk and tangible customer relevance throughout.

Summary for Listeners

This episode provides a sharp look at the transformation underway at Cohesity with its Veritas merger, a growing focus on global market share, cutting-edge use of AI, and evolving philosophies around cybersecurity and recovery. Sanjay’s reflections and practical examples give both industry insiders and general listeners clear context on why data protection is no longer just about backup—but about resilience, insight, and trust, from the enterprise CIO down to the end user.

Tech Brew Ride Home [Bonus]: Cohesity CEO Sanjay Poonen

Episode Overview

Key Discussion Points & Insights

1. Strategic Rationale for the Veritas Deal

Timestamp: 01:29 – 04:26

Objective: Sanjay explains that upon joining Cohesity, he saw the company had “the best tech in the industry” but was mostly limited to North America (80% of revenue), only seventh in market share despite technical leadership.
Market Context: The data protection market is crowded, with around 50 players vying for single-digit-percentage market shares.
Deal Motivation: The acquisition of Veritas’s NetBackup business was about expanding customer base and market share—not technology.
- “[Veritas] Netbackup as a data mover was a good data mover. Lots of bells and whistles put on our file system and our zero trust immutable platform would be incredible combination.” (Sanjay Poonen, 02:58)
Results:
- Cohesity skyrocketed to #1 in market share (IDC 2025).
- Customer base grew from 4,500 to 13,000.
- International revenue neared 50%.
- Combine “profitable growth” by fusing Cohesity’s aggressive expansion with Veritas’s profitability.

2. What the Merger Means for Customers

Timestamp: 04:26 – 07:23

Three Customer Types:
- Existing Cohesity Customers: Benefit from a bigger engineering team, more innovation, rapid releases (notably in security and AI).
- Legacy NetBackup Customers: Get to modernize onto Cohesity’s immutable platform with minimal disruption, keep familiar workflows, and upgrade seamlessly.
- New Customers: Get the latest Cohesity tech, which is inherently more modernized.
Customer Assurance:
- No customer left behind; special care for legacy NetBackup customers.
- “That competition now has become a very collaborative discussion about their go forward roadmap.” (Sanjay Poonen, 06:28)
- Sanjay notes nearly no customer defections since the deal, a reversal from prior steady outflows to competitors.

3. The Security Paradigm Shift—It’s About Recovery

Timestamp: 07:23 – 10:07

Modern Reality:
- “Assume you will be attacked and focus on fast recovery.”
- Using the NIST framework: detect, prevent, recover, remediate.
Key Insight: Prevention is important, but ensuring rapid recovery is paramount—like having strong immunity and being able to get back on your feet fast after an “inevitable” infection.
- “The more relevant question isn’t that you’re not going to get the virus… How quickly can you recover?” (Sanjay Poonen, 08:18)
Preparedness Analogy:
- Prepares clients with app recovery time categories, akin to disaster or health preparedness.
- Competitive advantage: rapid, secure “cyber recovery” distinguished from legacy approaches.

4. Cybersecurity Best Practices & Leadership

Timestamp: 10:07 – 13:49

Employee Culture:
- Many employees don’t immediately report cyber incidents due to culture or process issues.
Operationalizing Resilience:
- Cohesity partners with Google/Mandiant, CrowdStrike, Palo Alto, etc., to receive early threat feeds.
- Offers a free “Cyber Event Response Team” (CERT) to clients, modeled after health industry “concierge” services.
Data Protection Advice:
- The “rule of three”: always maintain three copies of your data, the third in an air-gapped “bunker” (Cohesity’s Fort Knox).
- “Often we find a cyber attack happens with the first copy and sometimes the second… the third copy though, being in an air gap, meaning disconnected… is safe.” (Sanjay Poonen, 12:08)
- Five-step cyber resilience process, focused heavily on education, process, and thought leadership.
Security Council:
- Cohesity’s security advisory board includes icons like Dave DeWalt and Alex Stamos; regular learning and process sharing with clients, including government and defense agencies.
- Cohesity is used across NATO-friendly governments—indicating trust and geopolitical relevance.

5. AI and the Challenge of Responsible Data Insight

Timestamp: 15:47 – 19:21

Cohesity’s AI Agent (“Gaia”):
- Integrates retrieval-augmented generation (RAG) to allow safe, LLM-powered queries over decades of backup data.
- Example: instantly summarizing data from “200 million PDFs” to find contract patterns.
Responsible AI:
- Hallucination Mitigation: RAG ensures LLMs only reason over actual customer data, not random internet content.
- Security & Data Governance: Enforcement mechanisms prevent unauthorized users from accessing data they couldn’t normally recover. This forms the foundation of a “responsible AI framework.”
Quote:
- “If you are not allowed to read that document in a recovery process… you shouldn’t be allowed to query that data.” (Sanjay Poonen, 18:14)

6. IPO Timing, Valuation, and the Value of Strategic Investors

Timestamp: 19:21 – 22:42

IPO Viewpoint:
- Sanjay sees IPO as a “milestone, not a destination,” drawing from his public company officer experience at VMware and SAP.
- Cohesity is now “number one in market share,” outperforming public rivals like Rubrik (#6 by share) in both scale and profitability.
- “We can see eyesight to 2 billion in revenue… create a 5 billion revenue company which has never been done in this space.” (Sanjay Poonen, 20:39)
Valuation Philosophy:
- Valuation benchmarks come from existing public competitors, but “if you’re bigger, you should hopefully get better metrics.”
- The focus is on building a durable, innovative company, prioritizing employees and customers.
- “Having Nvidia invest in Cohesity is more important than IPO… Five really good tech investors… collaborating with us to ensure we’re successful. That to me is very important.” (Sanjay Poonen, 21:39)
- Investors (Nvidia, AWS, Google, Cisco, IBM, plus VC giants) are as important for current execution as any public market outcome.

Notable Quotes & Memorable Moments

On the merger’s impact:
- “We were able to construct a deal which was one of the deals of the century…” (Sanjay Poonen, 03:32)
On data recovery vs. prevention:
- “The more important procedure which we do really well is focus on rapid recovery, cyber recovery of your data.” (Sanjay Poonen, 09:40)
On responsible AI:
- “It builds a very sophisticated kind of… responsibility, security, privileges… a responsible AI framework for Gaia.” (Sanjay Poonen, 18:32)
On company priorities:
- “My focus is really on employees first to ensure employees are engaged, building great innovation… second focus is customers, really customer obsession.” (Sanjay Poonen, 22:13)

Important Timestamps

01:29 — Strategic rationale for the Veritas acquisition
04:26 — Customer impact explained
07:23 — Security mindset shift: prevention vs. recovery
10:07 — Employee & organizational cyber resilience
15:47 — Cohesity’s Gaia AI/Responsible AI approach
19:21 — IPO, valuation, and market leadership philosophy

wavePod

(BNS) Cohesity CEO Sanjay Poonen

Powered by Wave AI

Summary

Tech Brew Ride Home [Bonus]: Cohesity CEO Sanjay Poonen

Episode Overview

Key Discussion Points & Insights

1. Strategic Rationale for the Veritas Deal

2. What the Merger Means for Customers

3. The Security Paradigm Shift—It’s About Recovery

4. Cybersecurity Best Practices & Leadership

5. AI and the Challenge of Responsible Data Insight

6. IPO Timing, Valuation, and the Value of Strategic Investors

Notable Quotes & Memorable Moments

Important Timestamps

Episode Tone & Style

Summary for Listeners

Summary

Tech Brew Ride Home [Bonus]: Cohesity CEO Sanjay Poonen

Episode Overview

Key Discussion Points & Insights

1. Strategic Rationale for the Veritas Deal

2. What the Merger Means for Customers

3. The Security Paradigm Shift—It’s About Recovery

4. Cybersecurity Best Practices & Leadership

5. AI and the Challenge of Responsible Data Insight

6. IPO Timing, Valuation, and the Value of Strategic Investors

Notable Quotes & Memorable Moments

Important Timestamps

Episode Tone & Style

Summary for Listeners