The Incredible Power of Stubborn Optimism with SolarWinds CEO Sudhakar Ramakrishna
This week our special guest is Sudhakar Ramakrishna, President and Chief Executive Officer of SolarWinds. He shares insights from his first year at the company, joining at a very dynamic time as news of the Sunburst attack first started making headlines.
He provides perspective on what we consider a master class in leading through crisis – putting employees and customers first, the importance of transparency, continuous and two-way communications (even when you don’t have all the answers) and building a culture of trust. And why through his many years in security, he still has stubborn optimism for the security path ahead – with people being a critical part of the solution.
The Incredible Power of Stubborn Optimism with SolarWinds CEO Sudhakar Ramakrishna
[02:18] A Stubborn Optimism About the Notion of Community and Sharing
Rachael: Excited to have joined us in conversation today, welcome to the podcast, Sudhakar Ramakrishna. He is president and CEO of SolarWinds.
Sudhakar: Thank you, Rachael. Happy to be here.
Rachael: I've been reading some interviews with you and they've been wonderful and congratulations. I saw you on the Time Leadership Brief. Every Sunday, I look forward to getting that email. One of the great things that you talked about was this idea of community vigil.
So much in security, and I'm sure you can speak to this from the last year as well. I really love this notion of community and sharing, and I’d love to hear more about how you came up with this and how it's been going.
Sudhakar: I will not say that there was a lot of thought put into coming up with the phrase, community vigil. But being part of the security software community for a long time, I have always felt that it is the obligation of us as vendors, suppliers, researchers to share as much as we can amongst ourselves. At the end of the day, we are a small community.
I go back to the basics, which is, our job in life is to protect our customers' environments and the trust that customers have placed in us. To do that effectively, yes, on one hand we compete against one another to provide a better value to our customers. But on the other hand, we live in an ecosystem where customers depend on many of us to get their jobs done.
Why Community Vigil Is Important
Sudhakar: It is important for us to collaborate. That's how I thought community vigil is important. In this particular case, the community includes the government, public sector, and other authorities as well.
Eric: Sudhakar, I'm going to take Rachael's offer and take us back to the actual incident because I just have so many questions. You took the job and accepted the position on the 9th of December, having no idea on December 13th, FireEye came out with a report about SolarWinds. But before we get there, so many people call it the SolarWinds attack. That's a really bad name for it. We've heard of Sunburst and everything else. What do you call it?
Sudhakar: We call it Sunburst. That is the right connotation. Again, going back to the security industries norms, breaches are named generically. You dub it with either the source or some generic name. Unfortunately, this was named the SolarWinds Breach or the SolarWinds Attack or whatever.
While we have done our very best to reset some of those, call it, misplaced perceptions. We took upon ourselves the first obligation to make sure that our customers are protected. Our partners are understanding of the situation and we learnt something from this and we start working towards it.
So if I look at some companies, they might have done way too much. If I were to think about the lessons learned aspect of it, way too much in terms of drowning out that aspect of the press. So if you think about it as you have limited resources, where do you put your energies? We chose to put those energies with customers, partners, and employees. Unfortunately, we did have the mis-tag, if I can use that term, associated with us.
A Stubborn Optimism That Consistent Efforts Will Pay Off
Sudhakar: But I do believe that our consistent efforts have been paying off with customers and with the broader industry. Understanding that it's not a one-company issue, especially when a potential foreign nation is involved in an attack like this. As you also know, Eric and Rachael, more and more vendors have come out since we announced their own attacks. Some could argue that those attacks were bigger and more significant than others.
Eric: Including Microsoft. You don't get much bigger than that. So we'll call it Sunburst from here on out on the show and in our work.
Sudhakar: Appreciate that. I think that's the right terminology. Even Microsoft has reset some of its blogs and termed it Nobelium as a threat actor and so on. That's a recognition on their part that it's broader than ours. But it's unfortunate that some people misused it and maybe have used it for their advantage as well. But that's not the main point of our discussion today.
Eric: No. But we will correct because we've called it everything but SolarWinds on the show. There are probably five to 10 different names out there about the same exact attack or different components. I'd love to take you back because I've read the Times article. I'm a father of boys myself. It was December 9th when you accepted the position after selling your prior company.
Sudhakar: Yes, December 9th was the day it was announced. Technically, I would have verbally said yes a few days, if not several days, before that.
Exciting Endeavors Ahead
Eric: You have conversations with at least your family, "I'm going to become the CEO of SolarWinds." I imagine there is excitement, there is energy there. You're starting to ramp down what you were doing before, you're ramping up in your mind SolarWinds, getting your mind around that. This is where I'm going to take this company, I've got a lot to learn about them. But exciting endeavors ahead.
Sudhakar: I believe I finished my previous assignment on December 1st and then a few days later accepted this.
Eric: So you got a little more than a week. What is it? Is it a phone call? Did you learn from FireEye's blog? How does that work? You're not even an employee yet.
Sudhakar: No, I'm not an employee. I learned about this on a phone call on December 12th. Let's call it around 11:30 PM Central, 9:30 Pacific from our current Chief Administrative Officer who is a legal counsel of the business, Jason Bliss.
Eric: I bet you had nightmares that night. I know I would've.
Sudhakar: To be honest, at that point, he did not really know a lot of the detail. He simply said, "This could've happened," and so I took it in stride in the following way: being part of the community, we are all not immune to or unaware of security breaches. At that point, you are starting to process what may have happened, what could be the remedy and remediation. I was just mostly extrapolating without knowing a lot of detail. It was not until a day and a half, before I started understanding the detail behind it.
[09:30] We Have a Problem
Eric: So the information's flooding in. You're learning more and more, we have a problem here that you're obviously going to become a Crisis CEO in the near term. In fact, you don't even start until the 4th of January. That was a fascinating part. I feel like if I were the board of SolarWinds, I would've said, "We probably need to move that start date up a little bit. Sudhakar, we need some help right now."
Rachael: Yes, and we'll give you an email address too so we can get started.
Eric: And you need a PR person like Rachael to help you out a little bit.
Sudhakar: I'm sure Rachael is a fantastic PR person but we also have a good PR team at SolarWinds. So you're absolutely right. The way I would describe it is from the day it was announced, that was the 9th, all the way till the 14th. All I received back, "Congratulations, SolarWinds is a fantastic company, you'll do great," this, that and other thing.
Eric: And it is.
Sudhakar: Yes, is, was and will be. Starting on the 14th, all I received was their commiseration saying, what have you gotten into? So congratulations turned into commiserations. But coming to the board, there were a few important conversations I had with the board.
One was with my chairman because I'm a believer in continuity when something like this happens. And one was with my chairman, suggesting that while I'm excited, you're excited and everybody's excited. If you want continuity of leadership in the moment of crisis, I'm perfectly fine either delaying my start significantly or not starting at all if you want to move forward.
Going Back to What’s Important
Sudhakar: That, obviously, was a thing I felt strongly that I had to propose to the company. Going back to what's important here is not me or any one person. What's important is the situation at hand, the customers and the employees, most importantly.
So that was one important conversation. The other conversation about getting an email and such was, the board knew about my background of dealing with security and security issues. They did ask me to start helping earlier. So the way it happened was by me joining the board earlier than joining as CEO. I was able to get the daily briefings and start contributing to the team and through my actions.
Eric: You're learning information about what's happening. Was there a CEO at this time? Or he or she has departed?
Sudhakar: No, the outgoing CEO, Kevin Thompson, was the CEO till December 31st.
Eric: In the Times article, it talks about your two sons and you speaking with them. Your younger son talks about a lesson or lessons you shared with them while you were raising them. I'd love to get a little more, as a father of three boys, how do you handle that conversation? You've got one of the biggest cybersecurity crises underway right now. You're a central role figure in this. How do you have that conversation and where do you go?
Sudhakar: They are reading from newspapers and the web themselves. I’m not really sharing much. I don't tend to share too much about what goes on at work with my wife or my kids. But talking to them about career options is something that I've always done.
The Stubborn Optimism of Nationally Ranked Debaters
Sudhakar: Before I joined Pulse Secure, for instance, I did talk to them about it because what we do impacts them. Therefore, it's important to take their point of view as well. Not that you will make a decision solely based on their point of view, but it's important for them to be involved.
On a different day, I can go into the discussion that I had with them before I took Pulse amongst other options as well, and the considerations that led to it. But coming here, the reason why it was a more important discussion is right or wrongs. My boys have always said enough with corporate life, go and teach. They are both nationally ranked debaters and they like to get into academia and help the community. That kind of mindset. Like many young children and young people are these days.
Eric: But if they're nationally ranked debaters, they know how to take an argument and tear it apart from both sides. Really analytically get to a resolution, which is probably helpful for you.
Sudhakar: Most definitely. As we went through that conversation, I just basically said this is where we are, this is what's been going on. It wasn't like hours and hours of debating or anything like that.
Many of these discussions, as you know, are simple in the sense that my family's always said, my wife and kids, if you want to do something, go for it. That has always been the attitude. And that gives me a very strong foundation in some ways to do what I need to do, and obviously, what I want to do.
A Very Important Conversation
Sudhakar: There's not that conflict. It’s important to hear everyone's perspective and make that choice. It was a fairly short conversation but it was a very important conversation. As I described in the Times interview, my older son used that as another opportunity to reinforce why I shouldn't be in the corporate life. Go teach or go do something from a community service standpoint because that's how he's very wired.
The younger one is also wired similarly but he said, "You already signed the contract, you already made a commitment. Whether you signed a contract or not, you made a commitment. So let's follow through on that." I was of that mindset by then, but it was good to get them to reinforce it. They both come from a good place with good thoughts and good logic to their points of view.
Eric: You would imagine from nationally ranked debaters. To me, this is almost a human interest story. In the thought process you went through, carrying through with your word, your commitment, serving the customers. When I watched you on The Hill interview, everything I've read, it's always about the customers and employees. It truly comes across as sincere and genuine, and SolarWinds has about 3,200 employees.
Sudhakar: Yes, after the spinoff of the N-able, we are more like 2,500 employees now.
Eric: So about the size of Forcepoint, but you're talking about employees, you're talking about families of employees. I can't imagine, as an employee, your mind when you read about this because I imagine every employee didn't find out about it right away. You find out about it from the open press, which, you know, is changing too.
The SolarWinds Story
Eric: Am I going to lose my job? Is my company going out of business? What just happened? How do I do my job, how do I take care of my customers? It's definitely a time for strong leadership which we eventually see over the months up to now.
Sudhakar: As you can imagine, this is a very wide world and so imagine those times that were close to Christmas, close to the holiday season. You go to any party, everybody has seen the SolarWinds story. So what happened? You're immediately on the back foot as if you've done something wrong when, indeed, it is not a mistake of somebody that you lead to.
But then you have this victim shaming that goes on when these types of things happen. That sets us back as a community and as an industry because we are now hesitant to come out with breaches and attacks as we all know has happened in the past.
Eric: And openly disclose, so we can address them early. This attack itself, Brad Smith at Microsoft was quoted as saying this was likely the work of around a thousand engineers. We know at least the attack time frame, the earliest domain was registered in August. This was a nation-state effort. Maybe multiple nation-states working not together, but separately that there's no company out there that could sustain this. That's a lot of personnel. You have a problem you have to deal with but there is a major effort against you.
[19:12] How Stubborn Optimism Won Over a Craftily Planned Attack
Sudhakar: As we also noted, the attacks were initiated and carried out from servers within the US. That took some of the oversight away from some of the authorities as well. It was very carefully and craftily planned and very patiently planned over several months. Who knows, maybe several years as well. But we were the subject of it, unfortunately.
Eric: It was clearly an intelligence operation. Putting resources in the US and launching it from the US. It takes the US intelligence community out of the game from a visibility perspective. The whole world learned that with Snowden, that's a real problem. So you talk to the family, you make this decision. There's this decision in your heart, "Okay, I'm going to do this." What are the first steps? You've got customers, you've got employees. How did you think through that problem?
Sudhakar: I'm a believer in frameworks in terms of helping people with frameworks when going through situations like this. Having been an engineer for several years, there is a certain structure you apply to thinking. Then you are constantly learning about this as well.
Trust me, before I accepted the job, or when I was announced, I did have in my mind the top 10 priorities so to speak with regards to what I wanted to do when I joined the company.
Obviously, on December 14th, all of that changed. So we said, "Okay, what do we do in this particular situation?" There are two options: we can take the PR angle and talk about how we've been a victim and spend all our time and resources trying to reset that.
Secure by Design
Sudhakar: Or equally learn from this and figure out what you need to do with your customers, employees, partners, and so on. That's how we came up with this phrase of Secure by Design. By the way, I used Secure by Design two companies ago in the Citrix timeframe. But that was more from the standpoint of how you continuously build software that is secure.
In this particular context, it takes a much more heightened sense of focus. One was a framework. How do we rally around a framework? What are the pillars of Secure by Design? That was number one.
Number two, which I would say can be polarizing in terms of how the approach you take was transparency. Come out and say what happened, say what you did, what you know, and what you don't know. I look at it this way, we all talk about customers should trust us. We should trust customers.
I believe that transparency is a foundation of trust. When you know I'm being open and straight with you, you will tend to believe more of what I say. More likely than not, you will be empathetic and sympathetic if I have any gaps and issues with what I do or say.
Transparency was sensitive but we determined that we would be more and more transparent about this.
Eric: They don't have awards for this but everybody I've talked to, they talk of the transparency of SolarWinds, and of FireEye. There were others that weren't as transparent, at least from my involvement from this or in what I've seen. It really allowed the industry to understand what’s going on and address it more quickly. Huge kudos to the team at SolarWinds for opening up like you did.
Stubborn Optimism in the Face of Cyber Threats
Sudhakar: That'll continue to be the case. The third one is humility, meaning especially in the security world, you have to learn all the time.
When I use the word "humility," it is about constant learning and constant discovery. I've been asked even recently whether we can guarantee that there won't be any cyber threats or issues or attacks. The right answer is no, you don't. You can always try and you must always try and take responsibility and improve. But there is no such thing as a no-risk situation.
Then the next part of the action plan was basically a sense of urgency. You have to have step one, step two, step three sense of urgency, but on a foundation of being calm or with a sense of calmness. When situations like this happen as I'm sure you have experienced, the initial reaction is, "Do something. Show something." Which I totally understand and respect.
But if you don't do it thoughtfully and urgently, you might end up doing the wrong things or keep doing the wrong things over and over again. It's important to be thoughtful, it's important to be urgent. If you ask me what is the value I added to the company because a company had a tremendous number of talented people, it was about we will get through this.
We will get through this together, we will work on it with a sense of urgency. But nobody's going to run around with their hair on fire. It is one of those hair on fire situations, but you don't act like that. You don't run helter-skelter and you just go step by step. That yielded a lot of results.
A Stubborn Optimism Builds a Positive Momentum
Sudhakar: When people see progress day by day, that builds a positive momentum, be it with customers or partners or with employees. So related to that, it was constant communication. How do you communicate? And how do you keep everybody posted? How do you tell them what has happened, where you are going next and what you still don't know? Oftentimes, you don't know a lot. That's the process we took, that's the framework that we built.
Eric: Your boys who wanted you to go and teach may look back on this as a lesson you're teaching to the cybersecurity community, to the global community on how to handle a crisis such as this. I met with two of your personnel. We were at the TechNet Augusta, in Augusta, Georgia a couple of months ago. The SolarWinds booth was directly across from our Forcepoint booth.
I’ve watched the way they engaged with customers and it looked very trusting, just the closeness. I went over and spoke to them. You talked about transparency and humility, it absolutely came through in those two employees. I didn't capture their name or anything, but you could sense the culture of the company. It was one of those companies you wanted to trust and do business with despite a major crisis.
Sudhakar: That's awesome to hear and I really appreciate you saying that because at the end of the day, it is incredibly important for me. We call ourselves Solarians. Alongside addressing the crisis and figuring out our strategy for the future, there's a set of common values that we've also established.
The way I describe it is Solarians care. We call our value systems Solarians CARE.
Sudhakar: CARE, it’s described as: C for being collaborative, A is being accountable, R is being ready. Ready for customers’ needs, transitions, trends. E is being empathetic. That's how we have defined our value system. It's only maybe three months since I announced it to the organization. Now it's a matter of living that every single day, learning from it, and improving upon it. Culture building is done one person at a time. We have at least 2,500 people and our extended partner ecosystem on and on. So we have work to do.
Eric: They were living, probably a month and a half, into the initiative. They were very proud. It just made you feel good talking to them. I only spent a few minutes with them but it was a great interaction.
Rachael: The leadership through crisis, I hope you write a book because there's such a wealth of knowledge that many can learn from. One of the things that you mentioned in one of your conversations is something that we see time and time again with security. It’s that a lot of times, budget doesn't get allocated to security until there's this mitigating event.
Eric: An incident.
Rachael: You said, "Wow, everything's so great right now." But that's the point, we should be investing now so we can keep being great. The events in this last couple of years' spurt, there's 18 cybersecurity bills now sitting in front of Congress.
What are your thoughts on that? It's everything to what you were talking about, disclosure, funds for smaller companies. I don't know if you've been involved in any of those bills or how they've been developed with public-private partnership. There’s huge implications here and a huge opportunity.
Cybersecurity Is a Vendor and a Customer Obligation
Sudhakar: We’ve had the opportunity to provide our input and I'll summarize it in this particular context. Even enterprises not taking cybersecurity as seriously as we should, it's a vendor obligation as well as a customer obligation in partnership. We recently did our IT trends survey which we do annually.
The IT trends report that we do annually, one of the key findings there is that every company believes that security and security threats are a real issue. But every company or majority of the companies also report they lack trained personnel. They lack the budget to support their security needs.
The incongruousness exists and that is an opportunity for threat actors to do a lot of damage. They are making it their priority to do so. Now coming to some of the bills associated with Congress, some of the key reinforcements that we are trying to get to is to help us with real two-way partnerships.
Oftentimes, I'm sure I can speak for many vendors, we are providing information to the authorities. But we don't really get back anything or very little, should I say. That is against this notion of community vigil and free sharing of information. I understand there are limitations but I think there's a lot more we can do there. That's number one.
Number two, which I hope gets a lot of time and attention, is do not penalize companies that come forward with breaches early. In other words, try to provide some level of indemnity. The thing about being sued, being in the spotlight is very debilitating, and against the whole notion of value creation.
The Whole Value Creation Mindset
Sudhakar: We're all here to serve customers, create value for employees and shareholders. But when everybody is suing everybody just because there's been a breach, it's fundamentally against that whole value creation mindset.
Eric: The purpose of a corporation, of society even. It's against the purpose of society.
Sudhakar: Yes. I’d go so far as to say if we have to serve the community at large, which I would say one of our principles as a business now, is to support the community at large. Every time I am spending resources, dollars, time, and people worrying about who is going to sue who, I am serving my community less.
This is a very important issue that the government has to address. I'm not taking away any accountability on part of the enterprise. In all of these situations, there is something to be learnt, something to be accountable to. You've got to have checks and balances. That's absolutely the right thing to do.
But don't penalize people for being transparent, don't penalize people for stepping up, don't penalize people for helping. Unfortunately, our society has been reduced to doing all of those. We need to do better on that dimension. Those are two broad areas that we have provided.
The third is the whole Secure by Design framework. We have taken the approach of doing something really innovative in that space and we are freely publishing our work. My hope is that more vendors and more customers will leverage it. I'll give you one customer, call it context. I'd say between January to March, April, most of my customer discussions were, "What happened? What did you do? How did it happen?" et cetera.
Stubborn Optimism Contributes in a Meaningful Way
Sudhakar: Since about the April timeframe, most of my customer discussions are, "What did you learn? How can we apply your learnings in our environment?" because the fact is many of my customers also write software. They also recognize they are not immune to these types of challenges. Others have come out and said it.
To me, that is a wonderful opportunity to serve them on a broader scale than simply supporting their immediate needs of IT transformation or digital transformation. My hope is that we'll be able to contribute in a meaningful way to that broader need in the industry.
Eric: You may find that to be your number one contribution to society. Not you personally, but SolarWinds. How you handled this, that trust, that transparency, the candor, and the way you interacted with the employees and the customers. I fully agree, that is the one thing, as a society, we must do a better job at. It almost reminds me, no one wants to report their breaches. Something happened, they're worried about losses.
It almost reminds me of kids who do something minor and then they lie about it and build it into something bigger or some crisis. Or something happens that's so much bigger than, "Oh, I ate that lollipop before dinner. I'm sorry mom." Which is all it would have to be. That's accountability and trust and openness.
The industry acts like that kid who says, "I don't know where it is. Johnny took it." It just snowballs into this big problem, and we see it over and over again. I believe SolarWinds and FireEye were magnificent in your openness early on. When you didn't even know what was happening to a great extent.
[35:42] Stubborn Optimism Creates a Domino Effect
Eric: You had no idea what was going to happen. That will be your biggest contribution.
Sudhakar: I hope that to be true as well because this is going to create a domino effect of transparency, communication, and collaboration. All of which will result in better value creation for everyone.
As they say, the cliché is to increase the size of the pie, but then our actions are focused on decreasing the size of the pie. We say one thing and do another, whether consciously or not. There's an opportunity and a wake-up call for all of us.
Eric: I'm wondering about some of the victims since Sunburst, if anybody really learned from this and took your playbook or pieces of it. I'm thinking about Colonial Pipeline and a few others but I'm not sure I'm quite there. I'd have to do a little more thinking I think. I think we need a Harvard Business Review article, if not a book.
Sudhakar: Our part, on that front, we have reached out to some of the other victims to say, "Look, we are here. Unfortunately, we're ahead of you. That's not an area where I want to be ahead, but we were and we are happy to share whatever we did with you." We gave that option, we created that bridge and I recognize that for a variety of reasons. They may or may not be in a position to take advantage of it.
Eric: How are customers responding? You are a mission-critical software component of major businesses. How are they responding to the transparency and the openness and the planning? The plan of what you're doing?
A Work in Progress
Sudhakar: Admittedly, some customers were upset at the beginning. They have the absolute right to be upset. Some customers were looking for guidance on, "Hey, what does this mean to me? Should I be worried?" and on and on, which is completely understandable. A vast majority of the customers have been very understanding and appreciative of us coming out and standing in front of them. Saying, "We apologize for whatever has happened to you and us. Can we work together and correct the situation?"
I'm really proud of how our teams handled those interactions as well as how customers have been understanding, accommodating and responsive to what we have done. That's still a work in progress. As you know coming from this industry, you can't take customers’ trust for granted. You have to earn it almost every single day.
I don't want to take it and celebrate. There's no cause for celebration. There is more cause for learning and doing better is an attitude that we have taken in this process. At the same time, we are able to serve them on a larger scale, "What did you do in Secure by Design?
How can I apply it to me?" It’s allowing us to be even more critical to customers, not just from a solution standpoint, but from their transformation standpoint. Hopefully, that'll give us, call it, the position or the ability to serve them better and more going forward.
Eric: We're coming up on three quarters of a year. Looking back, is there anything you would've done differently had you had more time? Had you not had a crisis evolving, not even around you, before you and around you?
Why It’s Extremely Important to Have Stubborn Optimism
Sudhakar: We touched on it briefly at the beginning. That some companies benefit, and I'll put "benefit" in quotes, by drowning out the news with more news or different news or deflection tactics. In that respect, if we had done some of that, maybe it would not have been associated with the SolarWinds breach and something else or not at all.
I'm not saying that would've been the right thing to do, but I can also see that we went through a lot more pain than breaches that were more significant than us. Was it all worth it is a question that comes up from time to time. But quite honestly, if I had to do it all over again from a standpoint of transparency, urgency, communication, and the humility that our teams display, I would do exactly the same way. But we are constantly reflecting and constantly learning from that.
Rachael: What I love through all of this is your optimism and we talk a lot about optimism on this show. Some folks are not so optimistic about the security path ahead. But I love everything through the companies' actions and your focus areas. As you look at the security path ahead, what are changes that need to happen? There's many but if you could have your top three to help us finally move this needle forward, what would they be?
Sudhakar: I'm smiling as you use the word optimism in reference to me because I consider myself to be a stubborn optimist. This is a running joke amongst many of my colleagues. I believe that it’s extremely important for us to be optimistic because there are a number of reasons for us to be optimistic.
Stubborn Optimism Means There Will Always Be Solutions
Sudhakar: The simple way I would describe it is that as long as people are there, there will be problems. But the good news is, as long as people are there, there'll always be solutions. I tend to look on the other side of it. We just have to be relentless and persistent about it.
So now coming to the security aspect of it, my strong belief is that more collaboration and sharing of information amongst the security industry is very important. This is not about diluting our competitive capabilities and forces. It’s about improving our competitive factors and forces by sharing what need not be rediscovered by every single company.
We talk about platforms, we talk about reusable modules and software. The whole idea is by reusing that, you create time, space, dollars to do more innovative things rather than have to repeat the same old things. To me, that is a very important element of the security business and practice. Two, is simplification. I definitely believe that the security industry connotation sometimes is, "I'm buying security tools as insurance." No, you should be buying security tools because they are truly adding value to your business.
There's an element of insurance. I get that. But what's overall productivity? How do you reduce complexity, how do you reduce cost, how do you create value? The security industry also has to do a better job of positioning some of those value drivers to customers and not build on their fears of being breached. That's the second thing I would suggest.
Security Can Be a Business Enabler
Sudhakar: The third thing just to round it out is the discussion we had about the government. The regulators of a two-way partnership, two-way information sharing, and encouraging victims to speak up rather than discouraging victims to speak up. Those would be the three I would mention.
Rachael: You mentioned about security being part of business, I really love to read that. You took it to the board level as well. When it starts coming from the top down for companies, that helps them start thinking in that way, security could be a business enabler. I love that one of the first things you did was set up that cyber committee for the board of directors.
Sudhakar: A while ago, I started using this phrase well before SolarWinds that security should be about access, not about control. At the end of the day, our job as an enterprise is to make our employees more productive, not less productive. Control has a connotation of making you less productive because I'm making you jump through many hoops.
Security has to be there, be always prevalent but support access rather than restrict access without compromising the security posture. The intersection is where innovation lies, not in providing hundreds of more unusable policies.
Eric: It's interesting. We just went through an exercise here in my business unit where we debated and looked at the interrelationship between accessibility for information data and then security and control of that. Where is that balance? How do we think about that balance and make sure that we're on the right side of it, where we're providing all the information we can with the appropriate controls?
[46:09] The Key Pillars Are Humility, Simplicity, and Stubborn Optimism
Eric: Not overbearing, not totally non-existent. We just went through this over the last two months, a continuing dialogue, it's very important. And we don't get it right in the industry.
Sudhakar: No, we don't. Going back to that humility and the key pillars. Simplicity is one of the key tenets of the solutions that we strive to build at SolarWinds. At the same time, how do you make it simple but powerful? These are two words but there is a lot of work that needs to be done to make those two words count. That's the objective of what we are working on going forward.
Eric: There are a lot of organizations and people across the world right now that are glad you made the decision that you did. SolarWinds continued in the fashion that it did to serve its constituents, whether employees or customers, partners across the globe. So thank you.
Rachael: I still want to make another plug for that book. I would love to see a book or a screenplay.
Eric: We need an HB article. It would be a great book.
Rachael: Somebody would learn from it. I can see you as an academic. We look at the cyber talent coming up and we absolutely need more people like you out there showing them a path forward. Also inspiring people because we can change things. I really appreciate you being that voice out there for the industry today.
With that, thank you for your time. We greatly appreciate it. For all of our listeners, smash that subscribe button and get a fresh episode every Tuesday in your inbox. You don't want to miss this one. Until next time, be safe.
About Our Guest
Sudhakar Ramakrishna joined SolarWinds as President and Chief Executive Officer in January 2021. He’s a global technology leader with nearly 25 years of experience across cloud, mobility, networking, security and collaboration markets. Most recently, he served as the CEO of Pulse Secure®, a leading provider of secure and zero trust access solutions for Hybrid IT environments.
He was responsible for all aspects of business strategy and execution. Prior to Pulse Secure, Mr. Ramakrishna served as the Senior Vice President and General Manager for the Enterprise and Service Provider Division at Citrix®, where he had responsibility for Citrix’s portfolio of virtualization, cloud networking, mobile platforms and cloud services solutions.
Mr. Ramakrishna also has held senior leadership roles at Polycom, Motorola and 3Com. He is an experienced public and private company board member. He’s also a partner at Benhamou Global Ventures, a leading venture capital firm investing in emerging startups in the fields of security, analytics and applications. He earned a master’s degree in computer science from Kansas State University and a master’s of management degree from Northwestern University’s Kellogg School of Management.
Listen and subscribe on your favorite platform