Pejman Roshan Podcast Transcript
Pejman Roshan joins host Brian Thomas on The Digital Executive Podcast.
Brian Thomas: Welcome to Coruzant Technologies, home of the Digital Executive podcast.
Welcome to the Digital Executive. Today’s guest is Pejman Roshan. Pejman Roshan leads Menlo Security’s marketing organization. Pej has over 25 years of product and marketing experience successfully leading go-to-market teams for pioneering companies of all sizes. Including, uh, Gito Networks, ShoreTel, radon, Cisco Systems, Aruba Networks, Xilinx, and VMware.
Throughout his career, he has held roles in IT operations, IT planning, marketing, product management, and executive roles across large and small companies. Driven by the challenge of developing storylines to convey information about technical solutions to wider audiences, he finds the marketing and product focus roles the most fun and rewarding.
Well, good afternoon, Pej.
Pejman Roshan: Welcome to the show. Thanks for having me, Brian.
Brian Thomas: You bet my friend. I appreciate it and you’re taking the time. Hailing out of the great state of California there in the Bay Area. I appreciate it. I’m in Kansas City two hour difference, but no worries. Glad you could make it. And Pej, let’s jump into your first question.
You’ve had an impressive journey across companies like Cisco, Aruba, and now Menlo Security. How has your approach to go-to-market strategy evolved across these different stages and sectors?
Pejman Roshan: That’s an interesting question. Ultimately, outside of the technology differences, the approach really hasn’t changed too much.
In fact, if you think about it at the macro level, going from Cisco where I was, I started my career in network infrastructure to Aruba, which was around cloud delivered networking. To now Menlo Security, which is cloud delivered browser security. They’re ultimately just maybe one standard deviation apart.
And what I learned early on was classic mistakes are about selling products, features, talking about nerd knobs. As opposed to the evolution around what business problems can you solve for an organization, how can you help them operate their business more securely, more effectively, more efficiently, and do so in a way that is either making life better?
Or at the very least, transparent to the end user, so you’re, you’re meeting them where the end user needs to work. So being able to articulate the value of what you’re doing in, in those terms is probably the, the core approach that I’ve used throughout my career, whether it’s been at Cisco, Aruba, and certainly here at Menlo Security.
Brian Thomas: Thank you. I appreciate that. Gives our audience really a background of kind of your journey and your career and where you are today. I like how you mentioned across the verticals you worked in the go-to-market strategy was not that much different. And I like how you had that tech background and while you learned early on some of the tech geeky type stuff.
You did learn that if you can understand the business, understand and speak to the business, to the customers, obviously that goes a lot further than just being a tech nerd and being in tech here. I totally get it. So thank you. Pej Menlo Security emphasizes isolation based browsing as a defense mechanism.
Can you explain how that works and why it’s more effective than traditional detection based approaches?
Pejman Roshan: Great question. So isolation, if we just step back for one second, is basically a proxy technology. So if you think about this in its most, again, using very rudimentary imagery here, if I’m on my machine, my corporate laptop, and I’m opening up a browser to access.
A website. Let’s say I get an email from, uh, you, Brian, and it’s got a link embedded in it. I click on that link and that’s going to open my web browser. And while you and I are colleagues, you may have accidentally sent me or forwarded to me something that might be a little nefarious. It could be a phishing link, it could be a, a link to some malware.
But nonetheless, because I, I trust you, I clicked on that link and what isolation will do is intercept my web session, so it’s running in the cloud, so it grabs my web session from my browser, and then it, it spawns a browser running in our cloud and tries to go to that actual destination. It’ll open up that website and if there’s anything bad on that website, let’s say there’s some malware, it’s trying to, to push down on my machine.
It’ll push down into that cloud session. And what we do with isolation is we rip open what’s happening in the browser. We rip that open, we strip out all of the active content, we reassemble it with all of the bad stuff taken out, and then push that back down to my machine. So what I get is a sanitized version of that website or application that you had sent me to by clicking that link.
And the difference between using isolation, which is a preventative than what you would typically hear about detect and respond is that I am preventing the attack from ever coming down to my machine, to my browser if I’m inside of the corporate network, to come inside of the corporate network where you might have the attack that would then get initial access and then start to move laterally.
Going from my machine to other machines, maybe do some reconnaissance, talk back, you know, phone home to whatever a nefarious application is driving it like we’ve seen in so many famous phishing and ransomware attacks. That’s where isolation really sets itself apart. For Menlo Isolation is one of the arrows in our quiver, but because of how good we are at doing this, and I, I say that with as much humility as I can, we are deployed in eight out of the 10 largest banks in the world, the US DOD has us fully deployed.
So. We take great pride that we’re defending our country. We’re defending many other countries and Asia Pacific and EMEA as well. This is a high efficacy solution, and that’s what sets it apart from traditional off the shelf detect and respond approaches.
Brian Thomas: Thank you. That’s amazing and I’m glad you broke that apart For our audience, I like the isolation based browsing and how it works.
As you explained, your browser basically intercepts that web session, send it to your, uh, cloud session, and disassembles takes out the bad stuff, reassembles brings it back down to the user’s computer. I think that’s pretty awesome that, uh, you’re doing that security measure to prevent hacking, phishing, malware, ransomware, you name it.
Again, thank you for breaking that apart for our audience. As someone with a deep background in IT, operations and product management, how do you see the role of the CMO shifting in cybersecurity companies today?
Pejman Roshan: Ooh, that’s a big one. You know, for me it was an interesting transition moving away from product management where the bulk of my career has been, I made that move for a handful of reasons.
But the biggest one was that classically you think of a, of a head of marketing. As someone that skews more on the creative side, who’s coming up with brand oriented campaigns and slogans and kind of leading demand generation, and you think about emails and events and so on. The evolution that occurred that I thought was really interesting was as the MarTech stack has gotten significantly more advanced and richer, there is a an analytical side.
To marketing that I found absolutely captivating, as captivating, as innovating on the product side, which is what was the appeal for product management for me to be able to work with very smart engineers and solve real problems and invent new capabilities. That was. That’s super. It scratches such an itch, but to be able to do something comparable that’s on the go to market side, that has significantly more customer intimacy than it did in the past where you were a couple steps removed.
That I think is where you see the shift occurring broadly. So the ability to really get in and understand. The leading indicators, which is typically challenging to do in marketing. Usually you think about marketing, you think about lagging indicators. Think about how many leads did I generate, how many of those converted?
What was that conversion rate like? Why was the conversion rate this way? Was it our messaging? Was it the tactic that we used? And so you’re playing this a little bit of a, of a guessing game and AB testing and experimenting. And now with the ability to have deeper insights. Into leading indicators. You can get in front of these things and make game time changes on the fly combined with this degree of intimacy that you’re getting with customers and your prospects.
That holds large appeal for, for me. Which is why I made that career shift some years ago. And I think while you’re asking specifically around cybersecurity, I think in tech companies in general, this is the, the shift that’s occurring. And I’ll tell you, we’re smack in the middle of yet another shift, which is the preponderance of ai, generative AI and, and gen AI based tools and agent ai that’s.
Now on the horizon, that is radically changing the game yet again. As you’re able to really take advantage of that degree of, of automation and ingenuity in advancing how you, you move your approach to marketing forward. Scratching that itch for me just as, just the same as it was in the world of product innovation.
Brian Thomas: Thank you. It’s really cool to hear you find something in a different space, right? Product management to marketing, and you found something that’s comparable that really piques your interest and your curiosity and fulfills you basically. I liked how you talked about that evolution and the fact that you found you can be more analytical in this space, especially with more and more technology integrating into the marketing space.
I just love how you adapted to that. And of course, generative AI just keeps leapfrogging literally. Like it doubles every day. I, we could go on this for hours, but That’s amazing. I appreciate the, uh, insights. Pej, last question of the day. Looking ahead, what innovations or paradigm shifts do you believe will redefine how enterprises approach secure browsing in the next three to five years?
Pejman Roshan: That’s a great question. I think we are in the midst of this transition from kind of classic applications, what I would call client server based or thick applications to SaaS delivered, browser accessed applications today. It’s been like this for the last couple of years, five, six years ago we called this digital transformation is you move from your classic or legacy apps.
And infrastructure and application development model to what we now refer to as SAS delivered applications. And you can really personalize this. You can think about how you work, uh, how I work, and how your listeners work every day. I’m willing to bet. Eight out of the 10 applications that you are using are all within your web browser.
So for me, I’m accessing, you know, we use the Google Workspace Suite here at Menlo, so I’m accessing mail calendar. My Google Docs, Google Sheets, Google. Google Slides all within the browser. And it’s the minority of applications that I access. As a classic application, like in the case of thick apps that I would use, it’s Zoom and and Slack, but the rest of my time, I’m living inside of my browser, and that shift changes how we have to secure our organizations.
It’s only logical, right? We are going from one set of applications that work one way to an entirely different application. This super application, this browser. That can do everything. It can be all applications, but really no application, right? It doesn’t do anything in and of itself other than get you to the internet.
And if you layer that on with the fact that we’re in the midst of the permanence of hybrid work, right? This post pandemic transition to work remote to now hybrid work where it’s not uncommon for people to go into the office two, maybe three days a week maximum, which requires. That the work experience is equal.
Whether I’m in the office, whether I’m at home, or whether I’m in the parking lot of my kids’ high school, watching his tennis match, I have to have the same fidelity of capabilities of experience. Whereas pre pandemic, I definitely had maximum fidelity and capabilities. When I sat at my desk in the office, I had slightly lower fidelity when I was working from home.
It was really kind of best effort when I was on the road, right? So you combine the notion of hybrid work together with the digital transformation and move to SaaS delivered applications, and that is the paradigm shift. What that forces CISOs and CIOs to think about is the fact that your security stack, which was.
Designed to secure your infrastructure to secure components now has to kind of be upended and designed to secure people where they work and how they work. And I’ll give you a good example of this. If you think about kind of the six core areas of secure, again, again, I’m, I’m painting with broad brushes here.
You’ve got identity, you’ve got endpoint security, you’ve got network security, you have data security, you have cloud security, and you have security operations, right? We’re painting with a broad brush. All of these areas, with the exception of identity, are infrastructure components. Network security firewalls are securing your corporate network.
VPN is providing users access to the network. Endpoint security is securing my laptop. Email security is securing my inbox. Cloud security is securing and application running in a cloud. These are all designed to secure infrastructure and components. We live in a world where workspace security is now what’s dominant and workspace security is about securing the user, how they work, where they work, and meeting the user there as opposed to forcing the user to twist themselves into a pretzel in order to get their work done, which is where you see ZTNA rapidly evolving going from, you know, heavy clients.
To identity-based access and now browser-based access. The notion of the corporate firewall migrating into the cloud firewall as a service that’s cloud delivered so that it can secure me, whether I’m sitting at my desk or whether I’m sitting in my car, in my kids’ high school parking lot, and so on.
That’s the evolution, and again, if what we’re using to access the applications that we work is the browser, that becomes the hub of what requires securing and conversely. The bad guys, the attackers that are out there, they know that we’re using the browser to access these applications, and that is where they hone and aim their attacks.
Phishing and credential theft. It may be attempts to deliver it via email, may be how it gets transported, but ultimately you’re clicking on a link and you’re really hoping that your email security is catching that link and redacting it. But you know that’s not happening because phishing attacks still occur.
Ransomware attacks still occur, malware attacks still occur, and these are all being delivered via URLs, embedded in emails, embedded in SMS messages in your slack or instant messaging and getting delivered to the desktop and launching through the browser. And this is where you. See in the last 24 months this real big focus around browser security and enterprise browsers and, and why?
I think this is the evolution of workspace security for the foreseeable future.
Brian Thomas: Thank you. Appreciate that. You know, like you discussed, I’ll just highlight a couple quick things. This transition that we’ve been in the last few years from those traditional fit client apps to a SaaS or web-based apps, COVID helped push that along even faster.
But we need to rethink how we secure our organizations. As you said, we’re now bringing that full functionality to the browser, but the browser’s not behind a firewall anymore. The browser’s out, you know, across the globe. It’s not just outside in a different state or a different city. But I like the mindset that security shifts more about protecting the people, the endpoints in a global wan versus how it was done traditionally as you mentioned.
So I appreciate that, Pej, it was certainly a pleasure having you on today, and I look forward to speaking with you real soon.
Pejman Roshan: Thank you. The pleasure was mine. I appreciate you having me on.
Brian Thomas: Bye for now.
Pejman Roshan Podcast Transcript. Listen to the audio on the guest’s Podcast Page.
