A

Foreign welcome to Coruscant Technologies, home of the Digital Executive podcast. Welcome to the Digital Executive. Today's guest is Pajman Rashan. Pajman Rashan leads Menlo Security's marketing organization page has over 25 years of product and marketing experience, successfully leading go to market teams for pioneering companies of all sizes including Agito Networks, Shoretel, Terradon, Cisco Systems, Aruba Networks, Xilinx and VMware. Throughout his career he has held roles in IT operations, IT planning, marketing, product management and executive roles across large and small companies. Driven by the challenge of developing storylines to convey information about technical solutions to wider audiences, he finds the marketing and product focus roles the most fun and rewarding. Well, good afternoon Paige. Welcome to the show.

B

Thanks for having me, Brian.

A

You bet, my friend. I appreciate it and you're taking the time hailing out of the great state of California there in the Bay Area. I appreciate it. I'm in Kansas City. Two hour difference, but no worries. Glad you could make it. And Paige, let's jump into your first question. You've had an impressive journey across companies like Cisco, Aruba and now Menlo Security. How has your approach to go to market strategy evolved across these different stages and sectors?

B

That's interesting question. Ultimately outside of the technology differences approach really hasn't changed too much. In fact, if you think about it at the macro level, going from Cisco, where I was, I started my career in network infrastructure to Aruba which was around cloud delivered networking, to now Menlo Security which is cloud delivered browser security. They're ultimately just maybe one standard deviation apart. And what I learned early on was classic mistakes are about selling products, features, talking about nerd knobs as opposed to the evolution around what business problems can you solve for an organization? How can you help them operate their business more securely, more effectively, more efficiently and do so in a way that is either making life better better or at the very least transparent to the end user. So you're, you're meeting them where the end user needs to work. So being able to articulate the value of what you're doing in, in those terms is probably the, the core approach that I've used throughout my career, whether it's been at Cisco, Aruba and certainly here at Mental Security.

A

Thank you, I appreciate that. Gives our audience really a background of kind of your journey and your career and whether you're where you are today. I like how you mentioned across the verticals you worked in the go to market strategy was not that much different. And I like how you had that tech background and while you learned early on some of the tech geeky type stuff, you did learn that if you can understand the business, understand and speak to the business, to the customers, obviously that goes a lot further than just being a tech nerd and being in tech here, I totally get it. So thank you. Paige. Memo Security emphasizes isolation based browsing as a defense mechanism. Key. Can you explain how that works and why it's more effective than traditional detection based approaches?

B

Great question. So isolation, if we just step back for one second, is basically a proxy technology. So if you think about this in its most. Using very rudimentary imagery here, if I'm on my machine, my corporate laptop, and I'm opening up a browser to access a website, let's say I get an email from you, Brian, and it's got a link embedded in it. I click on that link and that's going to open my web browser. And while you and I are colleagues, you may have accidentally sent me or forwarded to me something that might be a little nefarious. It could be a phishing link, it could be a link to some malware. But nonetheless, because I trust you, I clicked on that link. And what isolation will do is intercept my web session. So it's running in the cloud. So it grabs my web session from my browser and then it spawns a browser running in our cloud and tries to go to that actual destination, it'll open up that website. And if there's anything bad on that website, let's say there's some malware it's trying to push down on my machine, it'll push down into that cloud session. And what we do with isolation is we rip open what's happening in the browser. We rip that open, we strip out all of the active content, we reassemble it with all of the bad stuff taken out and then push that back down to my machine. So what I get is a sanitized version of that website or application that you had sent me to by clicking that link. And the difference between using isolation, which is a preventative, what you would typically hear about detect and respond is that I am preventing the attack from ever coming down to my machine, to my browser if I'm inside of the corporate network, to come inside of the corporate network where you might have the attack that would get initial access and then start to move laterally going from my machine to other machines. Maybe do some reconnaissance, talk back, you know, phone home to whatever nefarious application is driving it. Like we've seen in so many famous phishing and ransomware attacks. That's where isolation really sets itself apart. For Menlo, isolation is one of the arrows in our quiver. But because of how good we are doing this, and I say that with as much humility as I can, we are deployed in 8 out of the 10 largest banks in the world. The US DoD has us fully deployed. So we take great pride that we're defending our country, we're defending many other countries and Asia Pacific and EMEA as well. This is a high efficacy solution and that's what sets it apart from traditional off the shelf detect and respond approaches.

A

Thank you. That's amazing and I'm glad you broke that apart for our audience. I like the isolation based browsing and how it works. As you explained, your browser basically intercepts that web session, send it to your cloud session and disassembles, takes out the bad stuff, reassembles, brings it back down to the user's computer. And I think that's pretty awesome that you're doing that security measure to prevent hacking, phishing, malware, ransomware, you name it. Again, thank you for breaking that apart for our audience. As someone with a deep background in IT operations and product management, how do you see the role of the CMO shifting in cybersecurity companies today?

B

Oh, that's a big one. You know, for me it was an interesting transition moving away from product management where the bulk of my career has been. I made that move for a handful of reasons, but the biggest one was classically you think of a head of marketing as someone that skews more on the creative side, who's coming up with brand oriented campaigns and slogans and kind of leading demand generation and you think about emails and events and so on. The evolution that occurred that I thought was really interesting was as the Martech stack has gotten significantly more advanced and richer. There is an analytical side to marketing that I found absolutely captivating. As captivating as innovating on the product side, which is what was the appeal for product management. For me to be able to work with very smart engineers and solve real problems and invent new capabilities, that was a super. It scratches such an inch. But to be able to do something comparable that's on the go to market side, that has significantly more customer intimacy and it did in the past where you were a couple steps removed. That I think is where you see the shift occurring broadly. So the ability to really get in and understand the leading indicators, which is typically challenging to do in marketing. Usually you think about marketing, you think about lagging indicators Thinking about how many leads did I generate, how many of those converted, what was that conversion rate like? Why was the conversion rate this way? Was it our messaging, was it the tactic that we use? And so you're playing this a little bit of A, of a guessing game and a B testing and experimenting. And now with the ability to have deeper insights into leading indicators, you can get in front of these things and make game time changes on the fly. Combined with this degree of intimacy that you're getting with customers and your prospects, that holds large appeal for me, which is why I made that career shift some years ago. And I think while you're asking specifically around cybersecurity, I think in tech companies in general, this is the shift that's occurring. And I'll tell you, we're smack in the middle of yet another shift, which is the preponderance of AI, generative AI and gen AI based tool, then agentic AI that's now on the horizon that is radically changing the game yet again as you're able to really take advantage of that degree of automation and ingenuity in advancing how you, you move your approach to marketing forward. Scratching that it's for me just is just the same as it was in the world of product.

A

Thank you. It's really cool to hear you find something in a different space, right? Product management to marketing and you found something that's comparable, that really piques your interest and your curiosity and fulfills you basically. I liked how you talked about that evolution and the fact that you found you can be more analytical in this space, especially with more and more technology integrating into the marketing space. I just love how you adapted to that. And of course generative AI just keeps leapfrogging, literally, like it doubles every day. We could go on with this for hours, but that's amazing. I appreciate the insights. Paige, last question of the day. Looking ahead, what innovations or paradigm shifts do you believe will redefine how enterprises approach secure browsing in the next three to five years?

B

That's a great question. I think we are in the midst of this transition from kind of classic applications, what I would call client server based or thick applications, to SaaS delivered browser access applications. Today it's been like this for the last couple of years. Five, six years ago we called this digital transformation as you move from your classic or legacy apps and infrastructure and application development model to what we now refer to as SaaS delivered applications. And you can really personalize this. You can think about how you work, how I work, and how your listeners Work every day. I'm willing to bet 8 out of the 10 applications that you're using are all within your web browser. So for me, I'm accessing, you know, we use the Google Workspace suite here at Menlo, so I'm accessing Mail, Calendar, my Google Docs, Google Sheets, Google, Google Slides, all within the browser. And it's the minority of applications that I access as a classic application, like in the case of thick apps that I would use in Zoom and Slack. But the rest of my time I'm living in inside of my browser. And that shift changes how we have to secure our organizations. It's only logical, right? We are going from one set of applications that work one way to an entirely different application. This super application, this browser that can do everything, it could be all applications, but really no application, right? It doesn't do anything in and of itself other than get you to the Internet. And if you layer that on with the fact that we are in the midst of permanence of hybrid work, right? This post pandemic transition to work remote to now hybrid work, where it's not uncommon for people to go into the office two, maybe three days a week maximum, which requires that the work experience is equal. Whether I'm in the office, whether I'm at home, or whether I'm in the parking lot of my kid's high school watching his tennis match, I have to have the same fidelity of capabilities of experience. Whereas pre pandemic, I definitely had maximum fidelity and capabilities when I sat at my desk in the office, I had slightly lower fidelity when I was working from home. And it was really kind of best effort when I was on the road, right? So you combine the notion of hybrid work together with the digital transformation and move to SaaS delivered applications. And that is the paradigm shift. What forces CISOs and CIOs to think about is the fact that your security stack, which was designed to secure your infrastructure to secure components, now has to kind of be upended and designed to secure people where they work and how they work. And I'll give you a good example of this. If you think about kind of the six core areas of security. And again, I'm painting with broad brushes here. You've got identity, you've got endpoint security, you've got network security, you have data security, you have cloud security, and you have security operations, right? We're painting with a broad brush. All of these areas, with the exception of identity, are infrastructure components. Network security firewalls are securing your corporate network VPN is providing users access to the network. Endpoint security is securing my laptop, Email security securing my inbox. Cloud security is securing an application running in a cloud. These are all designed to secure infrastructure and components. We live in a world where workspace security is now what's dominant. And workspace security is about securing the user, how they work, where they work and meeting the user there, as opposed to forcing the user to twist themselves into a pretzel in order to get their work done. Which is where you see ZTNA rapidly evolving, going from, you know, heavy clients to identity based access and now browser based access. The notion of the corporate firewall migrating into the cloud firewall as a service that's cloud delivered so that it can secure me whether I'm sitting at my desk or whether I'm sitting in my car, in my kids high school parking lot and so on. That's the evolution. And again, if what we're using to access the applications that we work is the browser, that becomes the hub of what requires securing. And conversely, the bad guys, the attackers that are out there, they know that we're using the browser to access these applications and that is where they hone and aim their attacks. Phishing and credential theft, it may be attempts to deliver it via email, maybe how it gets transported, but ultimately you're clicking on a link and you're really hoping that your email security is catching that link and redacting it. But you know that's not happening because phishing attacks still occur, ransomware attacks still occur, malware attacks still occur. And these are all being delivered via URLs embedded in emails, embedded in SMS messages in your Slack or instant messaging and getting delivered to the desktop and launching through the browser. And this is where you see in the last 24 months this real big focus around browser security and enterprise browsers and why I think this is the evolution of workspace security for the foreseeable future.

A

Thank you, appreciate that. You know, like you discussed, I'll just highlight a couple quick things. This transition that we've been in the last few years from those traditional thick client apps to a SaaS or web based apps, Covid helped push that along even faster. But we need to rethink how we secure our organizations. As you said, we're now bringing that full functionality to the browser. But the browser is not behind a firewall anymore. The browser's out, you know, across the globe. It's not just outside in a different state or a different city. But I like the mindset that security shift is more about protecting the people, the endpoints in a global wan versus how it was done traditionally, as you mentioned. So I appreciate that, Paige. It was certainly a pleasure having you on today, and I look forward to speaking with you real soon.

B

Thank you. The pleasure was mine. I appreciate you having me on.

A

Bye for now.