Interview with Nicolas Dard (Oort’s VP of Product Management)

Nicolas Dard, Oort’s VP of Product Management, took the time to share with us a little bit about his position with Oort and how he got involved in the cyber security world. With almost 15 years of experience in his field, Nicolas has a strong track record of managing and growing product teams, building product strategies and launching products. Get to know more about another amazing employee from Oort’s team!

Q: You have a great deal of experience in product management and I think generally in the security space. Could you tell me a little bit more about that? Is that something you always knew you wanted to do or go down that specific path?

A: That’s a good question. It’s almost been 15 years now that I’ve been in product management. One of the particularities of that discipline is that there’s no dedicated training track , college track or anything like that. So you can find people coming from a variety of horizons and backgrounds and every story is a bit different, so it’s always interesting. On my end, it really happened when I worked for a small startup back in France. I joined the company when there were four of us. So I was kind of coding in the morning (I’ve got an engineering background) and doing marketing activities in the afternoon…even a bit of sales here and there because that’s what you do when there are only four people.

You have to do everything to keep the ship afloat but I was very lucky. I was reporting straight to the CEO, who had spent years actually in the U.S. working for Nortel and then Bosch. And as the company was growing and we were recruiting more specialized people, and discussing my career, he told me that what I wanted to do had a name and it was called product management (it was not really a discipline back in France at the time). I think now it’s evolving. When I moved to the U.S. a bit later in 2013, I really just kept doing that and this is really a job I love and enjoy.

Q:What was it like going from a super small team, seeing some growth, and then going to a larger company?

A: I’ve always been into innovation and startups, so when I joined in Cisco it was for something that they called an Alpha project. The idea is for large companies to innovate. It can be very complicated because most processes and the way the company works is very rarely geared towards innovation and more towards sustaining existing product lines. So, one of the ways Cisco innovates is through those Alpha projects which are essentially internal startups. So when I joined Cisco, that was to work for a product called Cisco Defense Orchestrator a start up within a big company. That’s why I stayed there for a couple of years to take that product and make it bigger, put a couple of hundreds or thousands of customers on it, that type of thing…and there’s also where I met quite a few of the Oort engineers, including the Oort CTO. That’s one of the reasons I joined Oort because I really enjoyed working with the team at the time.

Q:When did you first hear of Oort?

A: A few months back, from Didi, our CTO… He’d been doing both engineering, (running engineering) and product management, which is not unheard of for some smaller companies, but as the company is growing, as we’re getting more customers, it makes sense to have a dedicated product management team. So he called me telling me that he needed someone to come and run product management for the organization.

Q: What was most intriguing about Oort or what did you see in making that decision to make that jump?

niko

A: There were a couple of things. First, the team, as I’ve already mentioned. I’ve had the chance to work with them in the past, and they’re a team that’s extremely strong. people that I have really enjoyed working with, with very high competency, technically speaking. And the second one is that the identity market is an emerging one. I love cyber security. Identity has always been one of those things that goes across the board. But more recently, with people working from home a lot more than before, all the major products switching to being pure SaaS, a lot of the cyber security controls that used to be in place simply do not work any more. They’re much harder or even impossible to use when everyone’s in a different place, when you don’t have a firewall to protect you in your office, when applications are not running within your perimeter. And this is has dramatically changed the importance of identity from a security standpoint. It’s much more central, it’s much more critical. We can hear it from analysts, we can hear it from the market, we can hear it from customers. It is not a new topic, but as a market it’s completely renewed and it has tremendous potential.

Q: Is it like a good guys versus bad guys scenario where you guys are the good cops? Does it have that kind of feel to it when you go to work?

A: Yeah, totally. That’s one of the reasons I love cybersecurity. Like product management, it is at the intersection between highly technical concepts and human psychology. That makes it, in my opinion, so interesting because you’re fighting against the “bad guys”. They are always looking for a weakness, they’re looking for the cracks. And you’re here to basically try and guess what their next move is…try to fill in the cracks and it’s a never ending cat and mouse game. That’s what keeps it interesting.

Q: Is there ever a day that you guys claim victory, or is there just always going to be these innovations that find a new way to break through the walls?

A: I don’t think there’s ever going to be a day where either side of the battle can really claim victory because there’s always a new tool, a new angle, new capabilities, more processing power. For example, Machine learning is now used by both camps. On the good guy’s side, we use machine learning quite a bit to understand, to try and track specific patterns that were difficult to identify before. But the bad guys also use the exact same techniques to actually look for weaknesses in the armor for each company, et cetera, et cetera… And then there’s the human element. Humans are not perfect, Social engineering is always going to be a thing, and social engineering techniques get more advanced by the day. A big piece of our job is to actually design systems, design products around human weaknesses to protect them against social engineering but there’s always going to be a new threat. It’s like the military. There’s always going to be a bigger gun, there’s always going to be a bigger shield.

Q: What are the things that most excite you about Oort?

A: Great question. First is the reaction of customers when we first show them what the product can do, how it can make their life easier. Some products have a better, bigger, sooner “aha” moment and this is exactly the case with ours. So we see excitement, we also sometimes see panic when they realize that the position they are in is actually not as good as they were expecting. Because we have to be honest: managing identity at scale when you’re in a large company is an extremely complex problem. There’s a lot of moving parts. There’s a lot of people. It’s a mix of HR, people and technology. It gets messy fast. So what we bring to the table is really that ability to boil down that very complex and a huge data set to a few takeaways that are much more actionable…and sometimes there’s this realization that there’s an issue that has to be worked on. So that’s one of the exciting part…and the second one is to be on it. Matt, our CEO’s vision long term is extremely exciting. I know we have a couple of good years ahead of us, no doubt.

Q: For potential prospects or new clients, assessing their giant landscape of users and finding out that there’s hundreds of inactive users and identity threats is part of what Oort does. Are there moments where you can’t even believe they are not aware of all threats?

A: Yeah, absolutely. Problems with passwords, problems with manufacturer authentication, inactive users, temporary workers that got into the system and then were never removed before, good or bad reasons. And all of that really increases the surface of attack, gives more ways in to the bad guys. You want to always minimize the surface of attack while keeping the company functional, of course. And yes, this is exactly what’s right. This is exactly what we’re looking for.

Q: Is there any company that is doing the best right now or that you see innovating faster when it comes to just your identity and logging into solutions like that?

A: There are a lot of solid products out there. Okta, Microsoft, Cisco (Duo), Google, and more… I can’t say that one is much better than the other, to be honest. Most of them are implementing similar capabilities in their own way, to keep their edge, so it very much depends on their customers’ use cases.

We often see those products used in combination, too. And this is one of the reasons we exist. We know that in a lot of cases it is useful to have two or three working together, either because none of them has the full feature set that you want, or because some of them have integrations with some of the products and applications or website that you use that another one doesn’t have. And this is why we’re here because what we do is we pull information from all those IDPs or all those MFA products all together in one place so our customers can actually see the big picture and identify potential issues. And there are other products with identity at their core, like HR systems. There’s value in having a dedicated HR system which is not related to your I.T. System but you want to make sure that those two match all the time. Make sure that everyone that is in your I.T. system is actually an employee and using the HR system because otherwise you could end up in legal trouble. Because why do you have an employee that’s actually not reported right? Or vice versa? Make sure that all your employees actually are properly documented in the I.T. System so that they don’t have some access that you’re not aware of…

Q: What are some of your other thoughts you may have on the industry or things that you may want to elaborate on. Is there anything else that you’re excited about in the next six months or the next five years of either the industry or Oort?

A: There is always something to be excited about in this industry. I come from a company that was all about Privacy, and I’m really interested to see how the intersection between Privacy , new regulatory frameworks on the one hand and identity on the other hand is going to change the market. And I’m really looking forward to seeing that because I think a lot of good can come out of it.

Q: There’s probably no shortage of work on the horizon for you guys. I know Mark Zuckerberg was saying the future is private and stuff like that where we kind of all share everything and all of a sudden now we’re trying to pull it all back in. So do you think there’s this inevitable movement that’s kind of dialing its way back in comparison to what it was?

A: Yes and that’s the thing and in order to push privacy to the next step, having a very good understanding and a very good control over one’s identity is going to be critical. There’s no other way around it. That’s going to be one of the most powerful tools we’re going to have in our tool belt. This is something I’m looking forward to.