Innovating Fast To Meet Changing Customer Needs w/ Josh Bregman

ABOUT THIS EPISODE

Prior to 2020, Josh Bregman, Chief Operating Officer at Cyglass, and his team spent a large amount of time building out a SaaS multi-tenant architecture with containers, Kubernetes, and DevOps practices.

When COVID hit, that investment paid off in a big way because it allowed them to innovate quickly as the needs of their customers changed.

In this episode, we talk about:

  • How CyGlass has adapted quickly to changing customer needs
  • How DevOps and Kubernetes enables speed and agility
  • Advice for software leaders looking to innovate faster

Want to hear more stories from high growth software companies? Subscribe to Application Modernization on Apple Podcasts, Spotify, or check out our website.

Listening on a desktop & can’t see the links? Just search for Application Modernization in your favorite podcast player.
 

You are listening to applicationmodernization, a show that spotlights the forward thinking, leaders of HighGros software companies from scaling applications and accelerating time tomarket, to avoiding expensive license and costs. we discuss how you caninnovate with new technology and forward thinking processes and savesome cash in the process. Let's get into it hello and welcome toapplication modernization today, we're talking to Josh Brigman aboutinnovating quickly to meet changing customer needs. Just Brigman is chiefoperating officer at side glass, a leading provider of network centricthreat, detection solutions, side, glasses, used by small to medium sizedcompanies to uncover, pinpoint and respond to advanced cyber threats thathave invaded traditional security controls. In this episode, we'lldiscuss how coverd has impacted the business and learn how side glass hasquickly adapted to the changing customer needs. Josh'll share howsideglance, well architecte containerized environment and developsprocesses allowed the company to quickly release new features to meetthese changing needs and stay competitive. Here we go with our guests:Josh Brigman, Hi Josh, welcome to the PODCAST. How are you today good Rosathanks? So much for having me on yeah really excited to hear about yourjourney today. Let's start off with a little bit about Cyclas, and what doyou do? Yeah sure so? SIGA is network defense as a service, which means thatwe monitor customers, networks for anomalies and threats. We do thatthrough set of artificial intelligence of machine learning that we built outover the past decade. We think our...

...secret sauce is that we do all of thisprocessing actually up in the cloud we're actually to play globally in sixregions of actually eight regions now of Amazon Web web services. Part ofwhat we've learned kind of I've been a sideless for the last four years. Isthat you know getting this traffic from people's networks is actually quitehard. Networks are sort of complicated things. They've been built up over someperiod of time. In a lot of cases, the person who built the network isn't eventhere anymore and so just having something which which goes up withoutany additional hardware or software, which is really our kind of Aha. Usinga technology called net flow right, so net flo is a standard networkmonitoring protocols invented by Cisco. It's been out there for a long time,but only recently really have people ourselves include had been using thisfor anamile detection, and so it's sort of challenging Davi science problem,which we can sort of talk about, but you know really from a customersperspective. This is something that runs on their existing. That work sendsthe traffic securely confidentially up into our SASS application, and then youknow the the machines do the work. We look for weird behavior, suspiciousbehavior, threatening behavior, and then we alert them or their sock teamor their MS SP, and we can even take a remediate of action like disabling theuser or closing a firewall, and we wrap all this in a really nice assexperience. I'd say headline by some really is going to sound norty, butit's really great reports. You know with one of the things that peopleforget is a lot of times. These businesses run on reports that cybersecurity teems, particularly small businesses, are trying to show peoplewhat they're doing prove that they're doing a great job comply with rules andregulations, and so just like building those reports. Typically almosthistorically has been really painful, and so we just know that it's somethingthat really resonate with customers. So the fact that it goes up easy, it'sdelivers value right away and then ye...

...keep them safe and then they can showpeople that it's a good use of time and money and is really resonated for thesmall and medium enterprise customers that that we've been targeting right soworking at a at a company, and I receive an email and click on it, andit's ransomer is: is that an example of something that you can help people withyeah? Absolutely right. So all of these things are these sort of what's beenhappened, Rendso. Where is the thing which has been making the news, but thereality is: is that the over the last year, particularly thetime of Ovid? We just seen a huge spike in sophisticated attackers. You knowgoing after you w smaller and smaller companies right. So, if you think aboutbeing a very large enterprise, a very large financial services institutionthat company might have you know five hundred or a thousand people in theirinformation security, their sober security function, they might run asmany as two hundred and fifty tools and they've got twenty four by sevenmotoring. They've got a sock. I mean this is a serious endeavor from a Siversecurity perspective. You know because they have to their highly regulated andthey've got. You know trillions of dollars and assets. So if you were abad guy, would you want to like go after that? Or would you go after youknow the local county right, or would you go after the regional bank? Orwould you go after the small manufacturer because, to be honest,those companies just don't have the same resources available to them.They're, just honestly, not as big of the teams are smaller and so like a lotof the tools that have been built. Really I've been honestly been builtfor these huge companies, and so it's really left what we always saw as theopportunity and sideless was to go help these small medium enterprises solvethis ever increasing threat, so you'll...

...ran somewhere. You know what you talkedabout as effectively a fishing attack right where I get an email he fishingemail is getting me to click on it right. The whole idea there is that ingeneral, companies have a set of primitive defenses, not fire walls. Youknow etcetera, VP and you're, trying to get behind them to get to the softbelly of the network and get to the good stuff right, the good stuff,meaning the critical customer information or in the case of somethinglike Granson, where the sensitive information that you're willing to paymoney to get back from right. So fishing is one way that people getbehind there. The thing about modern ransomer and the and these attacks is,you know like in the movies they happen like you know like that, but thereality is if you're an attacker and you stumble into somebody's network andyour mission is to find their sensitive information and crypt it sended up. Youknow basically encrypted in such a way that you, you don't get noticed andthen hold it for ransom. That whole process doesn't happen in like eightseconds right that might take depending upon you know, which study you readthirty days forty days sixty days, it takes days right because they show upon your network and they don't really know where you know the the good stuffis right. The fiscal example there would be imagine you know if a burglarwas breaking into an office and they had to find the right file cabinet, Imean it would take a while. It was a big office. He would you know, and sowhat that provides is lots of opportunities if you're, actuallymonitoring that network to say well, that's you know. Well, that's weird.I've never noticed that machine talking to that Bashid before in that way orover that protocol. You know one one thing that we've learned from analyzingsort of w a what bad guys do is. You know sometimes like they'll use othersecurity tools that are normally used...

...by good guys to do bad stuff right, sosecurity tools, running at weird times or running by people who are anauthorized for in most companies. What they're really trying to go at the goalthere is to go after the active directory, the domain controller,because the domain controller you to get privileged credentials right,become an administrator and then go and then go to the main controller and thenfrom the demain controller. You can basically do anything, and so lookingfor anomalous activity on that active directory server and like all of thesethings, if you're actually watching it, can give you the opportunity to stop itbefore the ransom happens or honestly, even earlier, because now what'shappening, unfortunately, with ransom ware. Is it that's a sort of doublethreat which is basically hey? I've got your stuff pay, theransom and you're like no we're not going to do it. They're like okay,that's cool, but I've got all your customer data and if you don't pay theransom, I'm going to release your customer data and, oh by the way it'ship up, so each cut one records got a huge fine, so it s sort it sort of puts companies inan impossible position. So the idea here is that, by you know using artificial intelligencemachine learning. It's actually really great application. The technology,because even in a smaller company, these networks are massivelycomplicated. You see my previous comments about how they're set up- andyou know so, for a person to sort of you now look at stuff and look at thealerts and try to understand. What's normal and respond is just impossible.It's a really think. That's not a recipe for, like you know, personalsuccess, career growth, happy employees, some people, don't do it right. So whatwe're doing is we're monitoring this network, basically twenty four by sevenfor you and looking for the types of things that attackers would do if theywere going to do a ransom where or more and more these supply chain attacks. Ithink everybody sort of heard solar wins where just people are coming inthrough weird ways and because we know norm on your network, we can alert youand then we can take remediate, ive...

...action so a little bit of a roundabout answer,but like there's a whole class of these things that bad guys have basicallyfigured out how to get on your network, you can no longer just assume thatyou're going to keep them off, and so the game is. Can I spot them oncethey're there quickly and take some action before they do real damage rightright? You got to be proactively monitoring your network. To preventthese types of you know. Ransom were yeah, I mean the I the only word Iwould pass there as, I would say, detect. So, like Okay E, which is it'sa subtle point, but you know, if you think about it from an informationsecurity perspective, there are always a set of protective controls right. I'mnever a people should have fire walls right, they should have anti virus likethese are things that like stop thing from happening and what that effect wedoes. It just raises the bar for the sophistication of the of the attack,but unfortunately, just it's becoming easier and easier for less skill,people to launch more sophisticated attacks and therefore they're go here,they're just targeting smaller and smaller companies, and so we just thinkit's what we've seen is. The opportunity, unfortunately, is orreally the need there is to is to provide this kind of sophisticateddetection capabilities to the mid market. God it got it. So when we smokeoff one earlier, you really should shared a story around the changingmarket place of the last twelve months with coved, and what from her like, howhas the market changed and like what is side glass done to quickly adapt tochanging customer needs yeah. So you side, that's right: Network Defenses, aservice, and we were doing quite well with this. Like you know, network is asort of interesting term Sisa when they issue their alerts. Is this as theInformation Security Agency for the US...

...and they they're rising? They saynetwork defenders right so network defenders, a sort of a generic term forsomeone who helps keep, but companies never say, but I hate the thing thatwe're we've all realized is that you know what is a company and what is anetwork has sort of been shifting for some time. Obviously, people have beenusing SASS pace services like officers sixty five or sales for us. People havebeen using infrastructures of service like aws as your yea that that's allthat's all been happening for some period of time when ovid hit. You knowin the states here like last March, I think after the sort of initial shotkind of through the summer. We just saw this massive acceleration of movementto the cloud you know, so everybody was working from home and so they weren'tin the office and so the places where sort of what the office was was waschanging and a lot of it. We saw a huge up take in a couple of things right.One was a VP's right, so you know last year the think well to be fair. Thefirst part of the year. The thing you wanted to be selling was laptops right.I mean you and I work in technology. We think, of course, you know. Everybody'sgot a laptop everybody's, just like working from home now. So that was thefirst thing you wanted to be selling was, like you know, left like literallythe machines. Let you go work at home and then you know Antiversi and thenyou know remote working kind of connectivity. Software, like officeread sixty five or VP's, because that was really what everybody was thinking about, andso he everybody knew remote working or work from anywhere was was going tohappen and the push the cloud was going to happen. You know it just happenedfive years faster and it happened all at once, like you know in so manyindustries, where just the coved just accelerated trends that were alreadyhappening, and so this was a real challenge right, because wefundamentally had spent a lot of time making side glass work well withtraditional networking equipment like...

...for in the Fire Walls just go routersSOFA's fire walls. You know Sisco switches check what like like thosetypes of things now it didn't mean that we weren't aware of the cloud,obviously part of our whole value proposition was we ran in the cloud sowe're you know we're keenly aware of the cloud, but just what we saw as theopportunity at that time was really about all these mid market companieswho had these offices that couldn't be easily secured by existing solutions.But you know all of a sudden. All of these customers are now like- hey,that's great, but we're working from home now. So how can you initiallythey're like we're not doing anything but your Rin and now they're? Like youknow? How do you solve that challenge right? So the thing that sort of hashappened when we think about the network going forward is that thecenter of the network used to be kind of a like physical space like an officeor a data center. But now the center o of the office is as a person likereally the company is a collection of people and they work. However, theywork and wherever they were so we had a whole suite of artificial intelligence,machine learning, algorithms that were all about building base lines onactivities, and so the main activity that were building base lines on wasnetwork activity right. This machine is so net flow is really like this. Ipadres talk to that Ip address for this period of time or this protocol, andit's like learning on that and finding anomalies, and you know he we got datasign to see now the stuff better than I do, but that's basically what they'rethey're learning on and they're saying. Well, that's that strange in this youknow complicated and clever way. So the first thing that we had to do is to saywell well, okay, well, we can no longer be learning solely about not and Ip addresses, because that'snot really Werthy, because those anomalies don't mean anything anymore,because you know if somebody comes over a VP like what's their I p address like.Is it really about that? I patres now...

...it's actually really about that user orif I'm up in office, three a D sixty five and I'm looking for weird thingslike it's about the user, so the whole notion our whole idea about what anetwork was and and what was the center in that work, changed right, and so wehad this realization and we're. Not The only people have this realization. Imean this is the zero trust story right. Zero Trust is really assumed that thenetwork is hostile and orient everything around users, devices andservices. So this is where we were certainly headed, but you know I'mreally surprised that, like we had to do with this year and so quickly, sowhat that meant for us in practice was was a couple of different things right.We had to go ingest new types of data, whereas before we were solely focusedon ingesting that work data and we had to analyze, I wholly build a whole newset of base lines around that data a whole set of new UI. I mean just you,know, kind of reorient the whole product. You know around users and youknow to be fair. We C N, we kind of had to do it while we're still supportingthese network pieces because you fundamentally it's not. There are somecompanies that are a hundred percent like I really see everything thenetwork lands. There are some companies, you know who see literally everythingfor the user lands, but the reality is most of the companies who you know we're talking to. We talkabout the smaller banks, so the those county governments, all thosemanufacturers- I mean they still have a physical presence that they care about,but they also have remote working and things like that. So so we have to dothe atmore up. We have to use ER stuff, and now we have to also work onbuilding. You know strong correlation between kind of what's going on in thenetwork and what's going on in the users as well. So so it sounds like youneeded to sort of add some additional...

...features and functionality to your aptto support these changing customer needs. How are you able to innovate atsuch speeds to get these new features out to the market yeah? So I'm in asieges for four years right. So when I joined sidecast, it was really kind ofa government research project, and I would say there, I think, is a funnystory, but you know the the job I did before. I was at side I so s, companycalled conjure and conjure was in the Deva Sec Deva, space secrets, Mantispeand we exited and got pop by sider Argan. So prior to joining Silas, I'vebeen spending all my time kind of a wash in sort of devos automation,because that was really the the key and conjure was about machine identity atscale, and so I started at side glass on my on my first day and we had A. Ime there was a SASS application. I make I it's a podcast coo he's can't in myear you know and I'm like. Oh that's, cool like you like cool cloud staffs.Like that's awesome. How can I help I like to help I like to learn I like todig in and it was like a very I was like I knew here. I just want to kindof understand so what you know, what can I do to help right, and so what Igot back was yeah. Well, if you could just like ssh into each one of theseboxes and get the log files and pull them down and see. If there's anyerrors like that would be like super help- and I was like like by hand like literally go to likeinto these machines and like pull the logs down and like look at the sun,like you know honestly like coming from from Contra like I felt like, I was aman from the future. You know, but you know the reality was you know, condosof leading at start up. I was talking to all these sort of leading edgecompanies, and you realize that you know not. Everybody ends going back four years ago was likenet flix. You know like fully cist or er any of that stuffs, so we spent a...

...lot of time prior to to two thousandand twenty just investing in building out a proper SASS multi tenant. You know,architecture right, so we are in a WS, but the vast majority of ourprocessing is donning Hobern ttes. So I E T s a question we get often is youknow the AI that you guys have? Is that just stage maker or some Amazon piece?So it's not? Actually, it's our own sort of, maybe our own out rothes, butour own sort of implementation in it's not just sort of off the shelf stuff.This actually a hard problem, although that's probably a topic for the datascience podcast, but so we've got all this stuff running. Basically, you knowin containers now in Cuban ettes and couple clusters that are running inAmazon and we and we had made that investment as a company to get to thepoint where we were delivering at a much higher velocity that were able tosort of. We got a very solid devos team. We've got a lot of like really goodmonitoring capabilities in place and you we built strong capabilities in ourCIS pipeline, most of with Jenkins to be able to kind of deliver softwarekind of independently and go pretty fast. I mean, I think, the thing thatyou have to Recois, that a lot of people in this space are actuallyphysical appliance. So you know I mean I wish my velocitywas faster but like we can deliver a kind, we can push stuff out pretty muchon demand whenever we want, whereas I've got competes in the space who areliterally shipping physical Lindman, to put physical appliances in people'snetworks and analyze the traffic so like by that measure. You know ourdevos velocity is awesome, and so we've got everything you know we're sort of,like always within striking distance.

It's sort of like our idea there like.If we had to like really go, make that you know faster. We could do itwhenever we wanted. So we've got like a thoughtful approach to our likedelivery. Pipe Line. We've got it to where it's like more than fast enoughto stay ahead of the of the competition. We've got an architecture which isbasically SAS based, so I don't have any real like heavy on premise:deployment collectors, you W E N W n. When I got here the thinking with therewas like a physical box that we occasionally put in people's networks.We've really gotten away from any of that. So you know, basically byspending the last three years of getting us from a not so high velocitykind of delivery mechanism to much more of Devos continuous delivery, SassPlatform. When we started talking about all these changes, it was really justabout mean honestly how fast we could sort of think about what needed to bedone and how fast we could sort of go and execute. There was very few sort ofinfrastructure or operational. You know hurdles in our way. Probably the onlything that you know was gated is some of the data signs promise that wetalked about. You know and they're hard right and we've got a awesome team ofdata. Scientist and they're very you know clever, and so they come up withsort of good solutions, but from a software delivery and operationsperspective, we really were able to just kind of be like all right. Youknow I got a tweeked pipe plan, so we'll put a different container inthere like we got a scale. The sat like just there was nothing standing in ourway and because we're already in the in the cloud, I think we're actually ableto be quite responsive to what was a very dramatic shift in our market andthe and the needs of our customer right. You, you had the technologies, the theprocesses in place to enable this speed to market during the last twelve monthsyea. So if I'm a software leader at a software, I gross software company.What advice do you have for them? If...

...they're looking to move a littlequicker than what they currently are? Yeah, I mean it's a sort of easier saidthan done thing. Obviously, I think what we've tried to do is to really cut down the distance between the engineering team and thecustomer that fundamentally engineers want to build stuff that people use andget value out of and like that, we certainly know. Certainly our team does.I think you know most softer engineers want to want to build something thatpeople like and get and get value out of. I think sometimes there can be adisconnect. There could be a lack of understanding, not wilful, just by thenature of Hey, I'm talking to more customers andyour sort of whatever, and you don't understand, and why am I asking forthat? You know so what I've just tried to do is to try to get the end. Youknow the engineering leadership, the product management leadership. Theengineer is like, as close to the customers s as possible, because Ithink ultimately they will do the right thing. I think they understand that, if,like they just understand, you know what people want they're going to go.Do that. So I think this was like such a profound change for us that you knowwe have to make a considerable effort to just like get people to sort ofunderstand the types of customers I mean. Look in the early days I mean thecustomer. trolly shifted right. We had to the people who are working at sortof like govern research speed. You know, and that was like a huge change, and sosome of that was just getting them to understand that they have to bebuilding a forca product is differently. Doing commercial government researchbut as we sort of pivoted or shifted through this co Vid, it was reallyabout just getting them closer to so they could actually understand theproblem. And now what I would say is the beauty of assass platform. Isthat's not that heart right, like all the Datas there, like people are usingthe applicating we instrumented our...

...application. We brought in a customersuccess platform from another start up called Cuala where we sort of track.You know what's going on and where are they going and where are they gettingstuck? I mean there's other tools of people can use there as well, butthat's the one that we pick, and so I guess Y- U fundamentally be approachedthere is it's just like you got to like get engineers bought into the thing,there's lots of ways to get them bought in engineers a lot of engineers likedata. I like data, so you know like just show them the things like they'llget it right. You know, and so it is changed and it's hard, but I think youjust have to trust that people given kind of the same information thatyou have would come to a reasonable. I mean they may to be honest, a lot Imean I'm not asking them to come. The same conclusion I come to, but I justwant them. I mean that's why we have great discussions, but I just want themto have some of the same information so that they can understand why we'redoing it. I mean, I think, also in a start up software company, like we'reall on the same mission right, so you just have to like guys the mission hereis we got to make these costumers successful. I think they didn'tunderstand what those customers are like again, a lot of them. You know ifyou're used to building software, that's going to work for a hugeenterprise footprint versus building software, which is more SASS paced ormaybe more user driven, there's a different set of assumptions when youthink about the software and use ability, and things like that. So Ijust think it's like you know, trust the people that you have tell themabout the mission make sure that they understand get them sort of close tothe customers, so they can have to kind of see it from themselves. And then youknow you do have to then say: okay, guys now you know now we have to you,know, deliver, and you know, at the end of the day, like we're just we're allat side glass to help keep these customers say, and I think we get a lotof sad stuff, the bad guys right. Yeah I mean this is a is a scourge rightthis, like cyber like the cyber criminals and all the stuff which ishappening. It is just so brutal and you...

...know all you know the cost of a ransomware attack and what it costs and things like that, and you know I know,shadows of a you- know small company to Awesome Company. You just imagine youknow what a several hundred thousand dollar you know blip and in a businessdoes, for you know, companies these sizes. I mean it's just our government,it's brutal, so I think we just see that, as like our mission like whatwe're really trying to do here, I think the engineers are bought into that andthen we can. Then we get satisfaction out of you know, delighted customers,who are you know getting value out of the product who are engaged in helpingus, make it better who are honestly buying and renewing this offer. Youknow helping us build something you know successful and sustainable yeah. Ithink you're in a very interesting market, you you're serving a segment ofthat market that you know has been maybe neglected in the past and asthese attacks start, you know getting more and more intense than you knowthese. These smaller companies are going to need to help. So you knowthinking about the next five years for CYCLAS and the vision. Where do you seeSiglos, you know in the market yeah I mean I wish the answer was and all ofthe sider comes going to stop and we'd go find another job like that would beawesome. I'm I mean right, but unfortunately right so assuming that'snot going to happen. I think what we're hearing from our customers is the directionthat we're on is right that were delivering by bringing in the sort ofnetwork by bringing in the users. I think what they would like to see us do is just kind oflike more right so bring in more threat intelligence, bring in more and pointdata. Just you know help me simplify. I mean it's. The thing that we've seen,which is amazing, is they just want help right? Tell me what to do. Give mea more you know, give me reports that...

...are more actial. You Make Remedia ionmore actionable, and so you know I think, we're just trying to make thatyou know we sort of that skinny shop I'll make air quotes skip. We talk thisone great customer in Canady he's like I'm a skinny shop. My eyes can't beeverywhere, that's sort of like you know, and it's actually amazing, as wetalked to a guy the other day and he's like I am the shop. So if don't don'ttell me me and my team, it's like me right so, like small Tanes, yeah yeah,it's like I'm the Guy Right, so we just keep that guy in mind or Gal, and it'slike what can we do to make that person successful, and so we just see a prettywide open space here. As you said, it's been fairly neglected by a lot of thesebig big vendors. The big thing which is happening over all in cibory is there'sa bit of a like convergence right. So we started in the network lane nowwe're doing some user stuff you will probably have to which honestly I mean,I think all I ever try to do. Is just be humble enough to like listen to thecustomers like hey, you know, could you do this? Could you do that and you knowhonestly, most of the time the answer is short and we should so what I hearfrom them is help me get a few more logs into my system like help me get myweb application firewall logs in here. Help me get my casby log, give like afew more logs in here my firewall lodge. That would be helpful help you pullsome more and point information in here. That would be helpful. So is that the you know at that point? Are we stillyou know in this like network to tecton response space? Are we in some othersort of etext respond space? I'm not super hung up to be honest on thosekind of labels. Those are more like Gartner terms and honestly, a lot ofthe people who we sell to aren't like super obsessed with those you know withthose labels and those in those market terms. So I think all that we're reallygoing to try to do is delight. Those customers, like really just try to makesure that we're delivering a valuable...

...service for them. That's Helpin, keepthem safe and just keep listening to them and to try to keep delivering areally great experience, and you know a valuable product for them yeah foryears to come, because I mean the reality, is there are so many of these?You know smaller companies who you need and we need something right, and so wesee we see a fantastic opportunity for the company for years to come. Oh Josh,it's been a pleasure having you on our show today, you're doing some greatwork, you're really serving a market that has been under served for manyyears. So thanks for joining us, I really appreciate your time. Yeah Rossthanks. So much fo me on the PODCAST application. Modernization is sponsoredby Red Hat, the world's leading provider of enterprise, open sourcesolutions, including high performing Lenox cloud container and Cubantestechnologies. Thanks for listening to application,modernization, a podcast for high growth software companies, don't forget to subscribe to the showon your favorite podcast player. So you never miss an episode and if you useapple podcast, do us a favor and leave a quick rating by tapping. The stars join us on the next episode to learnmore about modernizing your infrastructure and applications forgrowth until next time.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (13)