Podcast Summary: The Digital Executive
Episode: Pejman Roshan on Redefining Cybersecurity: From Infrastructure to Browser-Centric Protection | 1096
Date: August 9, 2025
Host: Brian (Coruzant Technologies)
Guest: Pejman “Paige” Roshan, CMO of Menlo Security
Overview
In this concise but in-depth episode, host Brian welcomes technology executive Pejman “Paige” Roshan, CMO of Menlo Security, to discuss the shifting landscape of cybersecurity—especially the move from traditional, infrastructure-focused defenses to browser-centric protection. Pejman shares insights from his 25+ year journey across top tech companies, explores the innovation of isolation-based browser security, explains the evolving role of CMOs in cybersecurity, and forecasts key paradigm shifts for enterprise secure browsing over the next several years.
Key Discussion Points & Insights
1. Career Journey and Go-to-Market Strategy Evolution
[01:23] – [02:39]
- Continuous Core Approach: Despite moving from companies like Cisco (network infrastructure) to Aruba (cloud-delivered networking) and now Menlo Security (cloud-delivered browser security), Paige notes his overall approach to go-to-market has remained consistent.
- Focused less on “products, features, nerd knobs” and more on “what business problems you solve” and making life “better or at the very least transparent to the end user.”
- Emphasis on articulating real business value, not just technical specs.
“Being able to articulate the value of what you’re doing in those terms is probably the core approach that I’ve used throughout my career, whether it’s been at Cisco, Aruba, and certainly here at Menlo Security.”
— Pejman Roshan [01:58]
2. Menlo’s Isolation-Based Browsing Explained
[03:20] – [06:11]
- What is Isolation?
- It’s a form of proxy technology where web sessions are intercepted and run in a cloud-based browser.
- Any potentially malicious content (from phishing, malware, ransomware, etc.) remains in the cloud session. These elements are “ripped open,” stripped out, and a sanitized version of the webpage is reconstructed and presented to the user.
- The attack is prevented from ever reaching the user’s device or the corporate network, setting it apart from traditional detect-and-respond methods.
“We rip open what’s happening in the browser, we strip out all of the active content, we reassemble it with all the bad stuff taken out, and then push that back down to my machine.”
— Pejman Roshan [04:40]
- Real-World Efficacy:
- Deployed in “8 out of the 10 largest banks in the world” and fully by the US Department of Defense.
- High efficacy solution versus “off-the-shelf detect and respond approaches.”
3. The Evolving Role of the CMO in Cybersecurity
[06:50] – [09:39]
- Transition from Product to Marketing: Paige transitioned from product management to marketing due to the increasing analytical opportunities in marketing, enabled by the advanced Martech stack.
- Classic marketing was about creative campaigns; now, “there is an analytical side … absolutely captivating.”
- Shift from focusing on “lagging indicators” to actionable “leading indicators,” allowing for more immediate and data-driven decision making.
- Increased intimacy with customers compared to traditional product roles.
- Emergence of GenAI: Generative and agentic AI are reshaping the field, enabling new levels of automation and innovation.
“Now with the ability to have deeper insights into leading indicators, you can get in front of these things and make game-time changes on the fly.”
— Pejman Roshan [08:30]
4. Paradigm Shifts: The Future of Secure Browsing
[10:21] – [16:03]
-
From Thick Apps to SaaS Browser-Based Work:
- Majority of productivity now occurs in the browser (e.g., Google Workspace suite), with legacy apps becoming a minority.
- The move to SaaS and remote/hybrid work is forcing organizations to redesign security strategies “to secure people where they work and how they work”—not just infrastructure.
-
Workspace Security as the New Priority:
- Traditional stack: Identity, endpoint, network, data, cloud security, and security operations—all historically infrastructure-centric.
- Now, workspace security is about protecting the user experience everywhere—office, home, or remote (“the parking lot of my kid’s high school”).
- ZTNA (Zero Trust Network Access) evolving towards browser-based user access and cloud-delivered firewalls.
- Browsers are simultaneously the “hub of what requires securing” and the focus of most modern cyberattacks.
“That shift changes how we have to secure our organizations. … We live in a world where workspace security is now what's dominant. And workspace security is about securing the user, how they work, where they work and meeting the user there, as opposed to forcing the user to twist themselves into a pretzel in order to get their work done.”
— Pejman Roshan [13:00]
- Attack Patterns and Need for Modern Defenses:
- Attacks have followed users into the browser: phishing, credential theft, ransomware, and malware now primarily propagate through web browsers, often via links in email or messaging.
- This trend is driving the focus on both browser security and the emergence of enterprise browsers.
5. Memorable Quotes & Moments
-
“We are deployed in 8 out of the 10 largest banks in the world. The US DoD has us fully deployed. So we take great pride that we're defending our country, we're defending many other countries and Asia Pacific and EMEA as well.”
— Pejman Roshan [05:28] -
“If what we're using to access the applications that we work is the browser, that becomes the hub of what requires securing. And conversely, the bad guys … know that we're using the browser to access these applications and that is where they hone and aim their attacks.”
— Pejman Roshan [15:20] -
“It scratches such an itch for me just the same as it was in the world of product.”
— Pejman Roshan [09:19], on the appeal of data-driven marketing
Timestamps for Important Segments
- [01:23] – Go-to-market philosophies from infrastructure to cloud security
- [03:20] – Isolation-based browser security: how it works and why it matters
- [06:50] – Evolving CMO responsibilities and the draw of analytics
- [10:21] – SaaS, hybrid work, and the future of browser/enterprise security
- [13:00] – Workspace security and the demise of infra-centric security
- [15:20] – Why browsers are now the primary attack vector and defense focus
Summary Takeaways
- Core lesson: The fundamental goal in tech—especially cybersecurity marketing—remains solving real business problems, not merely touting features.
- Technical edge: Isolation-based browser security fundamentally prevents threats by interposing a cloud-secured session, versus traditional reactive methods.
- Role evolution: Marketing in cybersecurity now demands deep analytics, quick adaptability, and customer intimacy, much like product roles, driven by AI's rapid ascent.
- Strategic shift: As browser-centric SaaS and hybrid work models become dominant, cybersecurity must move from protecting static infrastructure to securing users—anywhere and everywhere.
- Urgency: Browsers have become the new frontlines in the security battle, and forward-thinking companies are investing in browser-first protections accordingly.
