Managing Risk In Shipwreck Diving and Security
Denzil Wessels is the Chief Product Officer at Oort. He brings decades of industry experience to the team from multi-billion-dollar market-cap network security companies including Juniper, Aruba and most recently, as one of the first 100 employees at Zscaler.
Can we start by having you share a bit about your background in the cybersecurity market?
I started my career in the 90s designing and implementing large networks, and even helped build an ISP. I moved to the Valley in the 2000s and that was the first time I started to build products rather than just using what was being put out there by other solutions providers.
The first company I joined was called uRoam, which was one of the earliest SSL VPN companies. That company was acquired by F5 and after about a year I left to join Neoteris to help build risk posture management on top of SSL VPN. That company was acquired by Netscreen, which was eventually acquired by Juniper Networks. While at Juniper we started building what nowadays everyone likes to call “zero trust,” which was really fun as I reflect back on that experience. At the same time, something bothered me throughout my early career experiences about how hard it could be for customers to realize value. In most cases, the rollout of a new project could take 6-12 months minimum.
After my time at Juniper and a couple years I spent at Aruba Networks, I had the opportunity to join Zscaler as one of its first 100 employees. It was an amazing experience to help build what is now referred to as the “software-defined perimeter,” which is a much more surgical way to connect users to apps than the old-world of VPNs. One of my proudest memories from Zscaler is how we were able to get customers up and running in a way that delivered value quickly compared to our competitors and in a way no one else could match at the time.
That’s a really valuable set of experiences to bring to a startup. What do you feel is still left unsolved out there that you want to tackle here at Oort?
You don’t need to go that far into your news feed to find the latest example of a supply chain breach, and part of that is because the market hasn’t yet delivered an agentless solution that allows you to (1) establish trust at a very granular level (i.e. down to the individual packet) and, (2) make the right decisions in real-time to maintain risk at a level that’s acceptable based on your business policies. Whereas a lot of network access solutions look at the problem as, “We’ll give you a way to connect users you trust to applications you trust and off you go,” that type of approach isn’t good enough anymore. We really need to solve multiple parts of the problem in a single solution spanning identity lifecycle, network access, continuous risk monitoring and control.
The good news is we’re seeing plenty of solution providers at least talking more about the importance of an identity-centric approach for security. The bad news is it’s all still managed in a centralized manner that’s insufficient, especially when you think about the unique attributes of managing B2B relationships and the identities of third-party users and entities. It’s crazy that the standard way third-parties get access to things is by onboarding them like they are employees, when all the breaches we have seen should have taught us what we really should be doing is treating our employees more like third-parties.
Beyond that, if you look at how every VPN or Zero-Trust Access type solution has been built, all these products were built to enable a network or security architect to do their job, with little consideration for everyone else who is involved. Oort has a unique opportunity to help leaders bake security into the DNA of how their businesses operate across all functions of the org, rather than this esoteric thing bottlenecked in the hands of a few experts.
Let’s pivot to a quick fire-round of three final questions. First, what makes a team great in your opinion
To me it’s all about how much you can think outside the box and actually deliver on something that initially sounds outside your comfort zone. You unlock value when you can see a problem in a different way and approach it with a solution that is contrarian at the time but then turns out to obviously be the right way to do things.
Next, tell me about a non-work experience in your life that most impacted how you approach your day-to-day work.
The cave diving and shipwreck exploration I’ve done has shaped a lot of how I approach my work life. As they say about the 7 P’s, “Proper preparation and planning prevents piss poor performance.” I’ve explored some very risky shipwrecks where, if you didn’t execute the dive properly, you or others who were with you could die. At face value it seems like failing to execute a dive properly is life-or-death and what we do in our work day-to-day isn’t as critical, but then I’m also reminded that one of the most revered people in the business world, Warren Buffett, describes cybersecurity as posing the greatest existential threat to mankind aside from nuclear warfare.
OK last question we have time for right now, why did you decide to join the team on this journey to launch Oort?
Launching a new product or company is an opportunity to learn from what existed before you and chart a new course with proper preparation and planning. Joining Oort is an opportunity to apply those 7 P’s, and it was very simple to see “Why Oort” and “Why now.”
First off, safely connecting third-parties to a set of resources sounds so basic, but it’s a massive problem that has not yet been effectively solved. Anyone who pretends third-party access is “just another” use case for their zero-trust solution is proving they don’t really understand how to correctly solve the problem. Second, for me it was about the vision Matt shared about where we are going to go as a company, after we solve the third-party problem, to help organizations transform how they think about and implement security at scale.
I hope you enjoyed this interview and will share it with your network. If you aren’t already following us, please click here to be taken to Oort’s company page.