Nicolas Dard, Oort’s VP of Product Management, took the time to share with us a little bit about his position with Oort and how he got involved in the cyber security world. With almost 15 years of experience in his field, Nicolas has a strong track record of managing and growing product teams, building product strategies and launching products. Get to know more about another amazing employee from Oort’s team!
A: That’s a good question. It’s almost been 15 years now that I’ve been in product management. One of the particularities of that discipline is that there’s no dedicated training track , college track or anything like that. So you can find people coming from a variety of horizons and backgrounds and every story is a bit different, so it’s always interesting. On my end, it really happened when I worked for a small startup back in France. I joined the company when there were four of us. So I was kind of coding in the morning (I’ve got an engineering background) and doing marketing activities in the afternoon…even a bit of sales here and there because that’s what you do when there are only four people.
You have to do everything to keep the ship afloat but I was very lucky. I was reporting straight to the CEO, who had spent years actually in the U.S. working for Nortel and then Bosch. And as the company was growing and we were recruiting more specialized people, and discussing my career, he told me that what I wanted to do had a name and it was called product management (it was not really a discipline back in France at the time). I think now it’s evolving. When I moved to the U.S. a bit later in 2013, I really just kept doing that and this is really a job I love and enjoy.
A: I’ve always been into innovation and startups, so when I joined in Cisco it was for something that they called an Alpha project. The idea is for large companies to innovate. It can be very complicated because most processes and the way the company works is very rarely geared towards innovation and more towards sustaining existing product lines. So, one of the ways Cisco innovates is through those Alpha projects which are essentially internal startups. So when I joined Cisco, that was to work for a product called Cisco Defense Orchestrator a start up within a big company. That’s why I stayed there for a couple of years to take that product and make it bigger, put a couple of hundreds or thousands of customers on it, that type of thing…and there’s also where I met quite a few of the Oort engineers, including the Oort CTO. That’s one of the reasons I joined Oort because I really enjoyed working with the team at the time.
A: A few months back, from Didi, our CTO… He’d been doing both engineering, (running engineering) and product management, which is not unheard of for some smaller companies, but as the company is growing, as we’re getting more customers, it makes sense to have a dedicated product management team. So he called me telling me that he needed someone to come and run product management for the organization.
A: There were a couple of things. First, the team, as I’ve already mentioned. I’ve had the chance to work with them in the past, and they’re a team that’s extremely strong. people that I have really enjoyed working with, with very high competency, technically speaking. And the second one is that the identity market is an emerging one. I love cyber security. Identity has always been one of those things that goes across the board. But more recently, with people working from home a lot more than before, all the major products switching to being pure SaaS, a lot of the cyber security controls that used to be in place simply do not work any more. They’re much harder or even impossible to use when everyone’s in a different place, when you don’t have a firewall to protect you in your office, when applications are not running within your perimeter. And this is has dramatically changed the importance of identity from a security standpoint. It’s much more central, it’s much more critical. We can hear it from analysts, we can hear it from the market, we can hear it from customers. It is not a new topic, but as a market it’s completely renewed and it has tremendous potential.
A: Yeah, totally. That’s one of the reasons I love cybersecurity. Like product management, it is at the intersection between highly technical concepts and human psychology. That makes it, in my opinion, so interesting because you’re fighting against the “bad guys”. They are always looking for a weakness, they’re looking for the cracks. And you’re here to basically try and guess what their next move is…try to fill in the cracks and it’s a never ending cat and mouse game. That’s what keeps it interesting.
A: I don’t think there’s ever going to be a day where either side of the battle can really claim victory because there’s always a new tool, a new angle, new capabilities, more processing power. For example, Machine learning is now used by both camps. On the good guy’s side, we use machine learning quite a bit to understand, to try and track specific patterns that were difficult to identify before. But the bad guys also use the exact same techniques to actually look for weaknesses in the armor for each company, et cetera, et cetera… And then there’s the human element. Humans are not perfect, Social engineering is always going to be a thing, and social engineering techniques get more advanced by the day. A big piece of our job is to actually design systems, design products around human weaknesses to protect them against social engineering but there’s always going to be a new threat. It’s like the military. There’s always going to be a bigger gun, there’s always going to be a bigger shield.
A: Great question. First is the reaction of customers when we first show them what the product can do, how it can make their life easier. Some products have a better, bigger, sooner “aha” moment and this is exactly the case with ours. So we see excitement, we also sometimes see panic when they realize that the position they are in is actually not as good as they were expecting. Because we have to be honest: managing identity at scale when you’re in a large company is an extremely complex problem. There’s a lot of moving parts. There’s a lot of people. It’s a mix of HR, people and technology. It gets messy fast. So what we bring to the table is really that ability to boil down that very complex and a huge data set to a few takeaways that are much more actionable…and sometimes there’s this realization that there’s an issue that has to be worked on. So that’s one of the exciting part…and the second one is to be on it. Matt, our CEO’s vision long term is extremely exciting. I know we have a couple of good years ahead of us, no doubt.
A: Yeah, absolutely. Problems with passwords, problems with manufacturer authentication, inactive users, temporary workers that got into the system and then were never removed before, good or bad reasons. And all of that really increases the surface of attack, gives more ways in to the bad guys. You want to always minimize the surface of attack while keeping the company functional, of course. And yes, this is exactly what’s right. This is exactly what we’re looking for.
A: There are a lot of solid products out there. Okta, Microsoft, Cisco (Duo), Google, and more… I can’t say that one is much better than the other, to be honest. Most of them are implementing similar capabilities in their own way, to keep their edge, so it very much depends on their customers’ use cases.
We often see those products used in combination, too. And this is one of the reasons we exist. We know that in a lot of cases it is useful to have two or three working together, either because none of them has the full feature set that you want, or because some of them have integrations with some of the products and applications or website that you use that another one doesn’t have. And this is why we’re here because what we do is we pull information from all those IDPs or all those MFA products all together in one place so our customers can actually see the big picture and identify potential issues. And there are other products with identity at their core, like HR systems. There’s value in having a dedicated HR system which is not related to your I.T. System but you want to make sure that those two match all the time. Make sure that everyone that is in your I.T. system is actually an employee and using the HR system because otherwise you could end up in legal trouble. Because why do you have an employee that’s actually not reported right? Or vice versa? Make sure that all your employees actually are properly documented in the I.T. System so that they don’t have some access that you’re not aware of…
A: There is always something to be excited about in this industry. I come from a company that was all about Privacy, and I’m really interested to see how the intersection between Privacy , new regulatory frameworks on the one hand and identity on the other hand is going to change the market. And I’m really looking forward to seeing that because I think a lot of good can come out of it.
A: Yes and that’s the thing and in order to push privacy to the next step, having a very good understanding and a very good control over one’s identity is going to be critical. There’s no other way around it. That’s going to be one of the most powerful tools we’re going to have in our tool belt. This is something I’m looking forward to.