A Conversation With Oort’s Founder & CEO
Matt Caulfield is the Founder & CEO of Oort, a next-generation cybersecurity platform for the Enterprise. This week I sat down with Matt for part two of our interview. If you missed part one, you can find it here.
I’d love to start by asking about whether you have a long-term vision for Oort, and if so, what is it?
The long-term vision for Oort is to replace the Internet itself with something we’re calling the Oort Cloud. The Internet wasn’t built for security; packets don’t have any concept of identity. Everything is anonymous. This is great for privacy and perfect for consumers. However, for business use cases, it’s the opposite of what’s needed. Every security company for the past 30 years has been trying to correct this problem by inspecting traffic flows or layering identity on top of existing systems. Still, none of them are solving the root cause of the problem.
Imagine that, instead of the raw Internet, we had a platform that was built for Enterprise security. A pervasively-available global fabric – a cybersecurity mesh – to which any manner of users, devices, networks, applications, or data could be connected. And with a connection to this fabric, you don’t just get a dumb pipe to the Internet. You don’t just get a simple proxy. When an asset connects to the Oort Cloud, we instantiate a dedicated and comprehensive security stack just for that asset. The stack covers identity, authentication, authorization, access, behavioral analytics, and risk assessment. Achieving something similar with the current security ecosystem would require maybe five different products. With Oort, it’s one clean system.
Having a vision like this is great. It’s our north star. However, we need a solid place to start the journey. We’ve spent the past year speaking with security leaders and practitioners about both our vision for Oort and how we’re going to get started. I’m excited to share more about our strategy and some of the immediate, burning problems that we are solving for Enterprise security teams in the weeks ahead.
How should people think about Oort in relation to the dizzying landscape of cybersecurity solution providers out there?
I spent a brief period of time working on protocol standards while at Cisco. The mantra was something like: “We have too many standards, but if we just make one more then we can finally clean up this mess.” Of course, that never worked and the security landscape is not all that different. The security landscape is, indeed, dizzying, but there are a couple of ways we, as an industry, can reduce the noise.
First, new solutions entering the market, including Oort, need to interoperate seamlessly with the existing ecosystem, while also providing a path towards rationalization and consolidation.
Second, we really need to up-level the conversation. Security is all about managing risk to an acceptable level for the business. And yet, so much of security is still tech-driven and tech-focused. Let’s change that. By tying security to real business context and risk management, we speak the language of not just the CISO but the other functions with which the CISO needs to interact, such as risk, procurement, finance, and legal. Fitting into the security landscape is one thing, but we focus just as much energy on fitting into the businesses we serve and the touch points that go beyond the security team.
By building the concepts of business context and risk management into our product from the very beginning, we can help CISOs modernize their tech stack in a way that makes security a “we all” priority for the entire business.
Can you talk a bit about why you spend as much time working on company culture as you do on product vision, and what are the specific attributes of people you hope to bring onto the team?
When I first set out to start my own company, everyone told me about the importance of culture. I didn’t believe it. I had seen corporate culture and I knew how fake and artificial it could feel, even with the best intentions. It wasn’t until recently that I’ve really grown to appreciate what company culture even means, let alone what it can do for you.
At the core of our culture, we are always challenging ourselves to think bigger. We look for people who can think big and have the mental flexibility to look out five, ten years into the future and feel excited, rather than intimidated. Paradoxically, we also look for the same individuals to hyper-focus on the here and now with a bias for action and execution. These kinds of people are hard to find, but that’s exactly what it takes to think big and move fast.
We’ve been very fortunate to bring on exceptionally smart people across each of the many disciplines we need. However, new needs are constantly emerging. I look for qualities like curiosity, authenticity, and optimism in each new hire. On curiosity, I’m looking for learn-it-alls instead of know-it-alls. On authenticity, it’s important to find people who are genuine, confident, comfortable in just being who they are. And on optimism, the startup grind in general and the security industry more specifically can be pretty bleak, so a bit of optimism goes a long way.
Finally, I’ve found that with everyone being remote, culture is more important than ever. We’ve fully embraced remote-first and remote-forever. We use rituals and traditions to create a cadence that is predictable, yet still allows for those random conversations and encounters that might spark something great. Culture goes well beyond the hiring process. It’s ingrained in what we do every day and it drives us forward, faster.
I hope you enjoyed this interview and will share it with your network. If you aren’t already following us, please click here to be taken to Oort’s company page.