For decades securing a corporate network was as simple as securing your home office. Global workforces, outside partners, and widespread mobile access have changed that challenge into a seemingly endless set of attack surfaces for CIOs to battle. Whether it’s a website, SAAS app, or a program running in a corporate data center, 5G is moving that tech and the networks they run on closer to the end user. Companies like Netskope are securing that path.
In this episode of The Restless Ones, I had the chance to speak with Mike Anderson, CIO of Netskope, who is balancing the need for always-connected access with a zero-trust approach. Netskope customers depend on the company to be the gatekeeper to their networks, and the value that lies within. Mike’s approach to using an agile mindset when applying security is critical in an ever-changing environment where users are looking to access applications anytime from anywhere.
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:03):
Hey everyone, Welcome to the Restless Ones. I'm Jonathan Strickland.
As always, my focus is on exploring the intersection of
technology and business by having conversations with the most forward
thinking leaders. Throughout my career, I've covered everything from massive
parallel processing to advanced robotics, but what truly inspires me
(00:24):
are the stories of innovation and transformation. Today's guest is
Mike Anderson, the CIO of Netscope. Mike was at the
right place, at the right time to learn some really
valuable lessons in the tech space, becoming a co founder
of a company just as the dot com craze was
(00:44):
taking off in the nineties and industry defining disruption. Later,
and Mike found himself honing his skills as a business
leader before ultimately joining Netscope as CIO. Netscope is a
cybersecurity company that aims to dreamline client operations while providing
top level security. Leaders know that maintaining operations is a
(01:06):
challenge in an increasingly complicated world. Once upon a time,
a company might house all of its systems under a
single roof. These days, with cloud services, distributed offices, and
remote work all in the picture, it ensures that security
takes a lot more effort. I sat down with Mike
to talk about his perspective on security, the questions leaders
(01:27):
need to ask in order to keep their company's clients
and staff safe, and how emerging technologies like AI could
have an impact on business in the future. But before
jumping into all of that, I wanted to get to
know Mike a bit better. Mike, Welcome to the Restless Ones.
(01:48):
We are so happy to have you on the show.
Speaker 2 (01:51):
I am super excited to be a guest today and
looking forward to the conversation.
Speaker 1 (01:55):
Before we dive into everything that you're doing currently, I
always like to get some background and get a better
understanding of the path my guests took before they reached
their current level in their career. So what initially drew
you to the world of software development?
Speaker 2 (02:11):
You know? I remember there was a presentation from one
of these e commerce companies back when I first started
as a software developer, and a few of us said, Wow,
they're charging a lot for that software. We could go
do that too and make a lot of money. So
we went and started our own startup back in the
dot com days. Unfortunately, we had caught up in the
whole Dot com Bust as well, but I learned a lot.
It was very early in my career, and that gave
(02:32):
me experience beyond just being in technology, but dealing with
the board of directors because I was the president of
the company at a very young age. It's the challenges
we have in life. It's the failures we have in
life that if we learn from those, they shape who
we are as a person. And so I wouldn't change anything.
I wish it would have been super successful, but I
learned so much and met so many great people through
the process.
Speaker 1 (02:51):
There's nothing like a trial by fire to really have
you step up your skill set rapidly. I imagine that those
lessons are are ones that to this day remain relevant
in your work.
Speaker 2 (03:04):
It's interesting because it started in that software development side,
but then I spent the better part of a decade
as a business leader running sales engineering teams, technology practice,
sales overlay organizations, being a GM for a system integrator
or a VP of operations for Microsoft Joint Venture, until
eventually I had a customer say, you know what, I
ask you for advice all the time. We're looking for
(03:24):
a CEO. Do you want to give that a shot?
And so that was kind of my journey about a
decade ago when I became a CIO, and I've been
on that journey now for the past ten years.
Speaker 1 (03:33):
Wow. And so out of curiosity, were there any lessons
learned as a software developer that are relevant, like seeing
things from the other side on the developer side, that
inform your approach to leadership?
Speaker 2 (03:45):
There is so Admittedly, you know, we also use the
word shadow it. I would say I was the shadow
it guy back when I was in the technology side.
But I've always stayed close to tech hobbying, and even
as a CIO my first CIO job, I was more
in the weeds than I probably should have been, just
because I love the technology, and so I would go
learn things and then I would bring them back to
my team and say, hey, have you looked at this?
Have you thought about that? So even today we think
(04:07):
about generative AI. How do we think about our business
and how do we use that? You know, what problems
can we solve and how do we put the right
guardrails around it? And so I think that technical understanding
was helpful. Sometimes you get that question like what's your superpower?
And I think the superpower for me is like, how
do you take something super technical and then be able
to translate in terms that people that aren't technical can understand?
(04:27):
How do you use analogies in storytelling to help people
understand things better that don't have the technical depth? And
I think living on both sides help me get where
I'm at today.
Speaker 1 (04:36):
I completely understand where you're coming from With that. I'm curious,
how do you describe what your job is to someone
else in a way that doesn't come across to them
like a bunch of unrelated buzzwords that they can't quite parse.
Speaker 2 (04:50):
The first thing I explained is what netscope does. Because
a lot of people say you mean Netscape, I'm like, no,
I mean netscope. If we think about any works at work,
you're generally going to three destinations. You're going to a website.
You're going to some software as a service application like
a salesforce. You're going to some application your company runs
in their data center. The challenges you want to make
sure that you create a seamless experience for help people
get to those things and make it a great experience
(05:11):
so as you're not having to call someone to say
something's not working. And so what we do is we
create that secure, consistent, seamless experience for users connecting to
all those applications without sacrificing the security that you need
or the performance you want. And we also make sure
that people can't access board than they should. And so
that's what I explain to people what we do without buzzwords.
(05:33):
And then my job, I get the opportunity to lead
an amazing team and be part of an amazing company,
amazing culture, to not only help with strategy but also
how we use our own technology internally and technology overall.
Speaker 1 (05:44):
And as you point out, the landscape of how business
is done today is so much more complicated than it
was when we were both entering into the workforce. Back then,
it was regular for a business to have pretty much
all of its systems on premise us the word cloud
computing had not really emerged into the mainstream yet. And
(06:05):
now we're talking about work environments that can span multiple
networks across multiple providers. So the need for a solution
that creates a cohesive approach to all of this that's
absolutely critical. I can see how that is a crucial
service in the way that business is run today.
Speaker 2 (06:26):
No absolutely what happens in the consumer space always makes
its way to influence what we do in the corporate world.
So if you think back into the nineties, we used
to go in the office and email was something you
could only access when you were in the building. I
remember I was using Novel group Wise, you know, for
people on the podcast maybe listening. That was an old
email platform before Microsoft Exchange and Gmail existed. But I
remember we were like, I want to be able to
(06:47):
access some of the stuff from home. I got my
computer at homes. I don't have a laptop because we
didn't have laptops. You had a desktop. So I had
a desktop at home and a desktop at work. And
we're like, well, I want to work some of that
code at home. And so you afford email to this
new thing called Yahoo Mail and you get there. Then
people said that's not secure. We can't have people awarding
their email. So what happened all of a sudden Now
corporate email became accessible to people when they weren't in
the office, right, And so we saw the same thing
(07:09):
happen in mobile. We're seeing the same thing happen now
with software as a service. Right. It's users that are
trying to solve a problem, and they're bringing in an
application to solve that problem. We basically had that data center,
I had all my security stack, and a lot of
companies have eight different products, eight different pieces of hardware
from maybe eight different companies, sometimes the same company, but
(07:29):
they were never meant to talk together, never meant to
work together, and it just creates these speed bumps of
complexity inside of our organizations. And so there's this opportunity
to really take that, consolidate it, and leverage the new
capabilities that we get. You know, use a buzzword, I'll
use cloud, but basically deliver it where it doesn't have
to be that hardware that I Typically I buy hardware
based on my future demand, not what I need today.
(07:52):
So I'm over buying for what I need. It's like
paying for the house the law and you're going to
have in your future home. But even though you're in
a smaller home today, I don't need that lawn service today,
but I'm paying for it already. It's the same thing
people were doing. So now I've got all that capability
being delivered from the cloud, my supplying demand matches, and
at the same time, it's creating an amazing employee experience
because we're moving the tech closer to the user and
(08:14):
not back calling things to central place to be able
to run it through those eight speed bumps on the
way out the door.
Speaker 1 (08:20):
I'm very curious. We've talked about how businesses and the
way to do business has gotten much more complicated. I
think one of the things that really has transformed businesses
in a truly disruptive way is wireless connectivity. How has
that been reflected in the security sector, because we've seen
(08:40):
what it's doing for creating new business opportunities, But what
sort of effects does that have on the security side.
Speaker 2 (08:48):
Yeah, it's a great question when you look at today.
Anytime you connect from home, like the traditional way we've
all done it is, when I'm trying to access my
ERP system or whatever application inside my company, I connect
my VPN on it gives me an IP address that's
now on the network. So my device in my home
over that wireless network is now connected on that network
and it can route anywhere on the network once it's there. Now,
(09:10):
I could try to go create some complexity and firewall
rolls to head that off, but you know there's a
lot of overhead associated to that. If you think about,
there's a word zero trust out there, the idea being
if I'm from home, I don't want people to have
a routable IP address to get anywhere on my network,
because what happens if they've got their kid upstairs playing
you know, roblocks, and they're using some bot that's not
really safe, and all of a sudden, it's compromising, it's
(09:30):
attacking my company. This is word a tax surface we
use in security. Every one of those people connected VIAVPN
is part of my tech surface. If I'm at a
coffee shop on an unsecure network at a Starbucks, that's
part of my tech surface. And so that's the challenge
that it's created. And then I take that same computer
I was in the Starbucks with and I take it
back into my office and I've got full connectivity to everything. Now,
(09:52):
all of a sudden, I've got this different experience, different
access depending on where I'm working from. And really, if
we think about it, we want that cure access wherever
someone's working from. And if you apply one of the
core tenets of zero trust is don't trust any network.
And so if you talk to the CIOs and the
CISOs that are down this path. They've basically said, my
offices are like a Starbucks. Now, I only give people
(10:14):
access to the apps they need and nothing more. One
of the problems is how do I give that access
to applications without giving people access to the network and
make sure it's consistent. If I'm working from home on
my wireless connection, working over five G in my car
in the middle of a parking lot where I'm working
at my company's office, we want that to be the seamless,
consistent experience across both those without having more access than
(10:34):
you should excellent.
Speaker 1 (10:36):
One of the things I think is really interesting is
as we're seeing evolutions in things like wireless connectivity, we're
seeing some consideration being put forward towards security, even just
in those technologies at a baseline before we start adding
on top of that, could you speak a bit to
some of the security advantages that five G presents compared
(10:58):
to previous generations of wireless technology.
Speaker 2 (11:02):
I have the fortunate of being on the advisory board
for t Mobile for business right, and they're obviously pushing
a lot in the five G space. The big piece
I think that five G allows is it allows opportunities
to bring workloads closer to the users closer to where
decisions need to be made. Before, I was reliant on
how much of a circuit could I pay for or
connected to an office or a building, or how fast
(11:25):
is the internet access? Like a look at my home.
I love my gigabit connection, but why do I have
a fifty meg Because I can't always trust my gigabit connection,
So that five G presents another path, doesn't require someone
to bury things under the ground. Now there are things
where you can do private networks and things like that.
We see those in the federal government a lot where
we can leverage things like five G or at private
five G network. But even in that you want to
(11:46):
layer on top of that. So if I have an
IoT device, how do I make sure that's only talking
to things I wanted to talk to? Because if I
see all of a sudden and see that camera in
my building or that camera in an oil field, all
of a sudden, someone else is taking control of it.
I want to be able to see that and restrict
that and block and make sure that that doesn't lead
into a vulnerability in the rest of my environment. And
so five G creates a great path and opens up
(12:06):
new business opportunities, but we also have to layer the
security on top of that to make sure that we
can only allow things access, whether it's a person or device,
the things they should.
Speaker 1 (12:15):
Yeah, I remember when we started talking about big data,
it was in a time where it was all about
the collection, but we didn't really have great ways to
analyze information. Obviously that has gone by leaps and bounds
since then. But on the flip side to your point,
the Internet of things also represents considerations you have to
make when it comes to security because we've seen time
(12:36):
and again in the consumer world even how Internet of
things devices can sometimes allow unwanted intruders access to your home,
we have to remember that the devices we're connecting to
our networks, while they might be incredible and add value,
we have to do it in a way that continues
to keep security front of mind.
Speaker 2 (12:55):
No. One hundred percent. And it's an interesting topic, and
there's a corre layer here, which is, you know, we
always say we're only as strong as our weakest link,
and so even the one product that we put in
our home can have the best security possible if it's
used right. But the problem is when it's not put
in the optimal environment. We always say there's a happy
path in software, right, Well, people do things we don't
expect them to do, and it's those types of settings
(13:19):
and configurations and things we do that create that risk
for us. And so we see that today. I was
with the former chief of staff or SISA for those
on our film. With SISA, they're focused on our critical
infrastructure security and it's one of the largest federal agencies
in that space. If you think about all of our businesses,
at some point we are dependent on some small business
(13:39):
to provide some part or some capability or some service
for us today. And those companies don't have the budgets,
the people, the knowledge to be able to get the
right level of security we need them to have. And
so we have a social responsibility as an industry to
help all those companies because again we're only as strong
as our weakest link, and so how do we help
them be more secure? Because there's more all businesses in
(14:00):
the world and there are large ones.
Speaker 1 (14:02):
To that point, how do you think leaders should approach security?
What questions should they be asking and seeking answers as
they're building out their security strategy.
Speaker 2 (14:11):
First question ask is where you on your identity journey
because the first and foremost, I need to prove I
know who that person is and be able to then
reprove that that's really that person if I see something
that looks anomalous in what they're doing. The second piece
is then you know where we're starting to come in.
There's this term called Secure Access Service Edge, and as
part of that, there's a subcomponent called security service edge.
And if you look at the some of the guidance
(14:33):
from NIST, they basically created this what they call zero
trust architecture. So we took the zero trust term and
principles and put architecture with it, and they gave people
a guidepost. And if you look at that, there's this
policy enforcement point that sits between users and devices and
everything they want to access, whether it's an application or
resource data, whatever that is. And so I tell people
those are two very critical pieces. Is to have that
(14:54):
policy enforcement point, but you have to have identity with
it because that informs I know who the person is.
And then each thing you add to that, whether it's
something on the endpoint like a CrowdStrike, how are we
communicating to an OCTA, a PING or a Microsoft. How
do we have a better together story. So when you
think about security, make sure you ask the question, how
did all these things connect together? How do I make
sure that the investment I made in my identity is
(15:16):
going to work with the investment I'm making in my
security service edge, and so that's a critical component of that.
Then let's go with the remote users. We talked about
working on wireless from home in the coffee shop. That's
a great place to start. Let's get them in the
right order. And then next let's go to my branch
offices and look at how do I get my branch
offices where I can almost treat them like they're a
Starbucks coffee shop. Then I go to my headquarters locations
(15:37):
and I deploy the technology within my networks. There's parts
of that cloud piece that come down into my network
so that I can have that same experience inside of
my headquarters. And then to the extent that I've got
factories or plants or distribution centers, then I take it
to that and at that point, I'm trying to make
sure that that machine vision software that's sitting in the
server room that's inspecting a circuit board to make sure
there's no defects, that needs one millisecond latency in order
(16:01):
to be able to keep the manufacturing line running. I
can support that. So that's kind of the journey that
I recommend to people. They go about when they're thinking
about how they implement and the other pieces, think about, like,
what is the part of your world that would hurt
the most if someone were to take it down, because
you can't do everything at once, Start there and then
work down that list. Use an agile mindset as you
apply security. Get the thing that's going to have the
(16:21):
most pain attached to it, Address that one first, and
then move forward from there.
Speaker 1 (16:33):
You've touched on a lot of things that I would
love to dive into further. Letscope has several clients who
are in the healthcare industry. Clearly, healthcare has incredibly sensitive
security issues, right well, you have patient data which needs
to be as private and secure as it gets, and
you're talking about a mission critical element. And we've seen
(16:55):
that healthcare organizations can often be prime targets for actors
because they are aware this is a life and death organization.
So can you talk a little bit about the threats
that health organizations face and how netscope actually helps protect
against those threats.
Speaker 2 (17:15):
It's a great question. You know. The first thing when
you look at healthcare, I mean, because healthcare is a
broad category, when you think about hospital environments, you know,
we hear this concept of ITOT that's so present in hospitals.
The OT in that world, it's the dialysis machine, it's
the robot that the doctor is using. Right, So the
key piece is making sure you have the right level
of segmentation between those devices that are critical to patient care.
(17:38):
And then the place where you store the data, which
in the hospital world is going to be your EMR,
so it's your EPICA, your serner that you're going to
be using. You've then also got all these systems that
are out there in the software as a service pase.
It may be your HR system like a workday, it
could be a salesforce. So good example that we apply
inside healthcare and inside NETSCOPE as well is when there's
an employee that's exiting the organization, I want them to
(18:00):
be able to put their information in I don't want
to stop them from being able to get their job done,
but I want to stop any activity that lets them
downloading data to their local machine or taking data with them,
And so we can instrument that automatically for customers. So
if we trigger off the HR system, it puts someone
into an active directory group that then we can key
off of. That says, okay, any of these critical SaaS
applications block downloads of data. But then take it a
(18:22):
step further because we know that most people take data
thirteen days before they resign. Most people don't take it
after they put their notice in because they expect they're
on the watch list. But now I can go back
and look and see what are all the download activity
and upload activity that person's had for the past ninety days,
you know, especially the past month, And so that lets
me understanded someone do something that I didn't want them
to do. Then. But then let's take it a step further, right,
(18:43):
and this supply is cross industry chat GPT. So you've
got someone that says, you know what, I just wrote
up all these notes about this patient, let me organize
them better. So let me just post them into my
chat GPT and see if I can give them organized better. Well,
that can create a lot of concern because that's now
all that information. Depending on which chat GPT I'm going
to am I going to open AI that's a paid version,
(19:04):
or am I going to the web browser version I'm
paying for All of a sudden, that data is in
the public domain. So what we're doing is inspecting that
data as it's being posted into chat GPT, and if
that has anything that's considered PII about that patient, it's
going to block them from transmitting that information into chat GPT.
I can also warrant people and say, oh, that's not
a corporate instance of chat GPT, that's the free version.
(19:26):
Here's this acceptable use policy for how you use this.
One of the things that I think we all say
in the security space that the issue is not the technology.
We can have the best security tools, but if we
don't address the person in the chair between the keyboard,
that's a week link. And so what I struggle with
is we use this once a month, once a year,
once a quarter security awareness training, and we expect people
(19:47):
to take it once and remember it. And if you
remember earlier I said about analogies, I tell people it's
like we get in our car today, we don't pull
it our map to figure out where we're going to
go in our destination. When we get to the airport
and get a rental car. We don't say, let me
get the map so I can look at it. We
don't know. I just type in address in my phone
and if there's an accident, that guides me around it.
If there's a police ahead, it says, you know, you
may want to slow down. What's our GPS for our
users when they're going about the world. I'm on the Internet,
(20:08):
I'm surfing. There's a lot of destinations out there. And
to me, one of the key things and problems we're
solving at netscope is we're providing a GPS for people.
Don't go to that site. We already have an application
that does that. Don't bring another one in. They may
not know. People don't read emails and go to app
catalogs to find stuff. They just find things they go
to Google. So it's how do I give that GPS
to my users so that they have a way to
(20:28):
navigate the entire world of the Internet and my applications
without relying on reading emails, attending a webinar, or remembering
something from an annual or quarterly or monthly security awareness training.
Speaker 1 (20:39):
Gosh, Mike, you hit so many things bringing up AI
that one application of AI and how that represents a
security vulnerability. I'm curious what you think about AI from
the broader perspective of security, both potentially on the pro
security side of using AI to do things like perhaps
even identify ann intrusion attempt, or maybe on the flip side,
(21:00):
because we're starting to hear reports about people leaning on
tools like generative AI in order to craft new types
of malware. There's a lot of conversation. It's very hard
to separate the truth from the speculation. So I'm curious
to hear from an expert what your perspective is on
the topic.
Speaker 2 (21:21):
When it first came out, we said, okay, like you
have toys in the sandbox, let's go put in the
sandbox and let's learn as much as we can about it,
not only for our internal use but also for how
we can guide our customers because we need to stay
on top of what the new threats are that are
coming out and how these are being implied. We're looking
at different use cases. For example, internally, the pro things
is how can I take friction out? We're all challenged
with talent training people. So once I implement technology, what
(21:44):
can I do to eliminate how much effort it takes
to keep it running. So that's a big point. And
I've been in a lot of these roundtables in the
last few months on generative AI. And you can take
one approach and say, from a security standpoint, you can
block it, but when you do that, you're blocking innovation.
You can enable it, but then you're open yourself up
to security and vulnerabilities. How do you govern it and
(22:06):
allow people to innovate in a secure way is the
key piece. It's really about how do we educate our people.
It goes back to that GPS conversation, just telling people
this is a free version. Whatever you put in here
goes in the public domain and everyone else in the
world is going to see it. I don't think people
think about that because they don't study this topic. But
I think there's so many advances that we can do
around how we can use it to make some of
(22:28):
these routine decisions. Or I think about financial analysts, right,
why do we have financial analysts because they tell us
what the data means? Well, if I can now use
things like generative AI to look for the anomalies of
data and tell me what it means, you know, we've
seen that in some of the natural language based tools
out there from Tableau and answer rocket and thought spot.
How does that now take that to a whole new level.
How do we change the way we provide service to
(22:50):
our internal employees. You look at a company like move Works,
They've been doing some amazing things around how do we
provide better service to employees and get them what they
need without making their way on a ticket and wait
for someone to respond, right, And so I think those
areas where we can reduce friction in our companies and
then help the analysis happen faster. I think there are
going to be key ways that we can leverage generative
(23:11):
AI for positive ways.
Speaker 1 (23:13):
It's such a young technology too. I mean, it's been
in development for years, but really, when we're looking at
generative AI that is truly working on an impressive level,
we're talking about technology that's just a couple of years old,
and really in the last six months we've seen stratospheric
development in the space. I am also curious what's your
(23:34):
approach to evaluating a technology, Like how do you do
things like identify risk versus the value added of a
new technology.
Speaker 2 (23:43):
There's a couple of pieces there, you know. I always
encourage my peers to keep a pulse on what's going
on in the startup land. We see that disruption there,
so always learn, like for example, Generative AI or year
ago we were all talking about metaverse, and then before
that it was blockchain, right, so you think about how
do you learn about it because you're probably going to
get asked. You know, your CEO is probably going to
ask you, hey, what do you think about this? The
(24:04):
best thing to do is understand what problems can it solve.
Oftentimes we get a technology we get enamored with and
it's like we're running around with the hammer and everything
looks like a nail and we're trying to figure out
how we can solve it with our hammer. And so
the first thing, the most important thing, is to understand
the business problems that you're trying to face and then
ask yourself does that technology help address the problems that
(24:25):
you're experiencing in your role today? Or ask the vendor
what are the problems you're solving? For other people because
they talk to a lot of different companies and learn,
And that's a coaching I give to every startup out
there is don't tell me about the cool feature you
have tell me about the outcome you're going to deliver.
What's the business problem I'm going to be able to
solve that I couldn't solve before, And so that's one
of the key things. So once you've centered on that,
then the next piece is really then vetting the security.
(24:46):
You know, is it running in the right place? Have
they got the right safeguards? Have they got the right
security environment. I'm fortunate if I have an amazing peer
as our cisso and Lamont Orange. That's you know, his
team does an amazing job partnering to make sure we're
doing safe innovation inside the company. And so I encourage
people to make sure that you partner with your security
teams and leaders to make sure that you're working in
tandem to go evaluate those technologies again so you can
(25:07):
do safe innovation safe enablement across your organization.
Speaker 1 (25:13):
Before I could let Mike go, I needed to ask
him one more thing. What's the best piece of advice
you have ever received?
Speaker 2 (25:25):
He actually had a VP of marketing and she ended
up becoming what I would consider a member of my
personal board of directors. And she said, hey, I know
you want to go start another company. She goes but
if you'll invest the time, I'll teach you all the
things you need to know to be successful in your
career in business. Now, we all get these ideas that
we think are the best idea, the best way to
solve a problem. And she was trying to give me
again teaching. She said, next time we have a big idea,
(25:48):
I want you to sit down and think about what
are the alternative ways to solve the same problem. What
are the other ideas that could potentially be used, And
I want you to put the same energy into those
as you are the one that you came up with.
I want you to come present those to be and
I don't want to be able to know which one
that is the one you're most passionate about, her which
one was the idea you came up with first. The
reason that was such a good piece of advice was
(26:09):
because when you're presenting things, we always have a bias
for our idea, but we need to include the ideas
of others around us. And so that advice has helped
me throughout my career because it allows us to have
the view of other people. And then ultimately, if you
present the facts, the best idea will come forward. It
may not be the one you came up with the
first time. There may be a better approach.
Speaker 1 (26:28):
It's very similar to my personal philosophy, which is that
I never want to assume I'm the smartest person in
the room, and so far that hasn't been a problem
because I'm around a lot of really smart people. Mike,
thank you once again for joining The Restless Ones. It's
really been a pleasure.
Speaker 2 (26:44):
Thank you so much for having me. It's been a
true honor to talk to you. Hopefully we have a
conversation again in the future.
Speaker 1 (26:55):
Thanks again to Mike Anderson of netscope for joining the show.
I think Mike's practical pro coach towards security is something
we should all take to heart, even on an individual level,
and it's great to know that companies like netscope are
out there as a partner to help businesses achieve results
while keeping operations secure. And I'm thankful that Mike emphasized
(27:15):
that it's just as important to not let concern prevent
companies and people from embracing innovation. That if we try
to hold off on taking advantage of innovation, we can
miss out on opportunities. There must be a balance between
incorporating new solutions while also protecting the business. Yes, we
(27:36):
must be concerned about introducing vulnerabilities, but not to the
extent that we talk ourselves out of trying new things.
Join us for more episodes of The Restless Ones this season,
as we talk with more forward thinkers and pioneers. Until
next time, I'm Jonathan Strickland, ZAP
Hey everyone, Welcome to the Restless Ones. I'm Jonathan Strickland.
As always, my focus is on exploring the intersection of
technology and business by having conversations with the most forward
thinking leaders. Throughout my career, I've covered everything from massive
parallel processing to advanced robotics, but what truly inspires me
(00:24):
are the stories of innovation and transformation. Today's guest is
Mike Anderson, the CIO of Netscope. Mike was at the
right place, at the right time to learn some really
valuable lessons in the tech space, becoming a co founder
of a company just as the dot com craze was
(00:44):
taking off in the nineties and industry defining disruption. Later,
and Mike found himself honing his skills as a business
leader before ultimately joining Netscope as CIO. Netscope is a
cybersecurity company that aims to dreamline client operations while providing
top level security. Leaders know that maintaining operations is a
(01:06):
challenge in an increasingly complicated world. Once upon a time,
a company might house all of its systems under a
single roof. These days, with cloud services, distributed offices, and
remote work all in the picture, it ensures that security
takes a lot more effort. I sat down with Mike
to talk about his perspective on security, the questions leaders
(01:27):
need to ask in order to keep their company's clients
and staff safe, and how emerging technologies like AI could
have an impact on business in the future. But before
jumping into all of that, I wanted to get to
know Mike a bit better. Mike, Welcome to the Restless Ones.
(01:48):
We are so happy to have you on the show.
Speaker 2 (01:51):
I am super excited to be a guest today and
looking forward to the conversation.
Speaker 1 (01:55):
Before we dive into everything that you're doing currently, I
always like to get some background and get a better
understanding of the path my guests took before they reached
their current level in their career. So what initially drew
you to the world of software development?
Speaker 2 (02:11):
You know? I remember there was a presentation from one
of these e commerce companies back when I first started
as a software developer, and a few of us said, Wow,
they're charging a lot for that software. We could go
do that too and make a lot of money. So
we went and started our own startup back in the
dot com days. Unfortunately, we had caught up in the
whole Dot com Bust as well, but I learned a lot.
It was very early in my career, and that gave
(02:32):
me experience beyond just being in technology, but dealing with
the board of directors because I was the president of
the company at a very young age. It's the challenges
we have in life. It's the failures we have in
life that if we learn from those, they shape who
we are as a person. And so I wouldn't change anything.
I wish it would have been super successful, but I
learned so much and met so many great people through
the process.
Speaker 1 (02:51):
There's nothing like a trial by fire to really have
you step up your skill set rapidly. I imagine that those
lessons are are ones that to this day remain relevant
in your work.
Speaker 2 (03:04):
It's interesting because it started in that software development side,
but then I spent the better part of a decade
as a business leader running sales engineering teams, technology practice,
sales overlay organizations, being a GM for a system integrator
or a VP of operations for Microsoft Joint Venture, until
eventually I had a customer say, you know what, I
ask you for advice all the time. We're looking for
(03:24):
a CEO. Do you want to give that a shot?
And so that was kind of my journey about a
decade ago when I became a CIO, and I've been
on that journey now for the past ten years.
Speaker 1 (03:33):
Wow. And so out of curiosity, were there any lessons
learned as a software developer that are relevant, like seeing
things from the other side on the developer side, that
inform your approach to leadership?
Speaker 2 (03:45):
There is so Admittedly, you know, we also use the
word shadow it. I would say I was the shadow
it guy back when I was in the technology side.
But I've always stayed close to tech hobbying, and even
as a CIO my first CIO job, I was more
in the weeds than I probably should have been, just
because I love the technology, and so I would go
learn things and then I would bring them back to
my team and say, hey, have you looked at this?
Have you thought about that? So even today we think
(04:07):
about generative AI. How do we think about our business
and how do we use that? You know, what problems
can we solve and how do we put the right
guardrails around it? And so I think that technical understanding
was helpful. Sometimes you get that question like what's your superpower?
And I think the superpower for me is like, how
do you take something super technical and then be able
to translate in terms that people that aren't technical can understand?
(04:27):
How do you use analogies in storytelling to help people
understand things better that don't have the technical depth? And
I think living on both sides help me get where
I'm at today.
Speaker 1 (04:36):
I completely understand where you're coming from With that. I'm curious,
how do you describe what your job is to someone
else in a way that doesn't come across to them
like a bunch of unrelated buzzwords that they can't quite parse.
Speaker 2 (04:50):
The first thing I explained is what netscope does. Because
a lot of people say you mean Netscape, I'm like, no,
I mean netscope. If we think about any works at work,
you're generally going to three destinations. You're going to a website.
You're going to some software as a service application like
a salesforce. You're going to some application your company runs
in their data center. The challenges you want to make
sure that you create a seamless experience for help people
get to those things and make it a great experience
(05:11):
so as you're not having to call someone to say
something's not working. And so what we do is we
create that secure, consistent, seamless experience for users connecting to
all those applications without sacrificing the security that you need
or the performance you want. And we also make sure
that people can't access board than they should. And so
that's what I explain to people what we do without buzzwords.
(05:33):
And then my job, I get the opportunity to lead
an amazing team and be part of an amazing company,
amazing culture, to not only help with strategy but also
how we use our own technology internally and technology overall.
Speaker 1 (05:44):
And as you point out, the landscape of how business
is done today is so much more complicated than it
was when we were both entering into the workforce. Back then,
it was regular for a business to have pretty much
all of its systems on premise us the word cloud
computing had not really emerged into the mainstream yet. And
(06:05):
now we're talking about work environments that can span multiple
networks across multiple providers. So the need for a solution
that creates a cohesive approach to all of this that's
absolutely critical. I can see how that is a crucial
service in the way that business is run today.
Speaker 2 (06:26):
No absolutely what happens in the consumer space always makes
its way to influence what we do in the corporate world.
So if you think back into the nineties, we used
to go in the office and email was something you
could only access when you were in the building. I
remember I was using Novel group Wise, you know, for
people on the podcast maybe listening. That was an old
email platform before Microsoft Exchange and Gmail existed. But I
remember we were like, I want to be able to
(06:47):
access some of the stuff from home. I got my
computer at homes. I don't have a laptop because we
didn't have laptops. You had a desktop. So I had
a desktop at home and a desktop at work. And
we're like, well, I want to work some of that
code at home. And so you afford email to this
new thing called Yahoo Mail and you get there. Then
people said that's not secure. We can't have people awarding
their email. So what happened all of a sudden Now
corporate email became accessible to people when they weren't in
the office, right, And so we saw the same thing
(07:09):
happen in mobile. We're seeing the same thing happen now
with software as a service. Right. It's users that are
trying to solve a problem, and they're bringing in an
application to solve that problem. We basically had that data center,
I had all my security stack, and a lot of
companies have eight different products, eight different pieces of hardware
from maybe eight different companies, sometimes the same company, but
(07:29):
they were never meant to talk together, never meant to
work together, and it just creates these speed bumps of
complexity inside of our organizations. And so there's this opportunity
to really take that, consolidate it, and leverage the new
capabilities that we get. You know, use a buzzword, I'll
use cloud, but basically deliver it where it doesn't have
to be that hardware that I Typically I buy hardware
based on my future demand, not what I need today.
(07:52):
So I'm over buying for what I need. It's like
paying for the house the law and you're going to
have in your future home. But even though you're in
a smaller home today, I don't need that lawn service today,
but I'm paying for it already. It's the same thing
people were doing. So now I've got all that capability
being delivered from the cloud, my supplying demand matches, and
at the same time, it's creating an amazing employee experience
because we're moving the tech closer to the user and
(08:14):
not back calling things to central place to be able
to run it through those eight speed bumps on the
way out the door.
Speaker 1 (08:20):
I'm very curious. We've talked about how businesses and the
way to do business has gotten much more complicated. I
think one of the things that really has transformed businesses
in a truly disruptive way is wireless connectivity. How has
that been reflected in the security sector, because we've seen
(08:40):
what it's doing for creating new business opportunities, But what
sort of effects does that have on the security side.
Speaker 2 (08:48):
Yeah, it's a great question when you look at today.
Anytime you connect from home, like the traditional way we've
all done it is, when I'm trying to access my
ERP system or whatever application inside my company, I connect
my VPN on it gives me an IP address that's
now on the network. So my device in my home
over that wireless network is now connected on that network
and it can route anywhere on the network once it's there. Now,
(09:10):
I could try to go create some complexity and firewall
rolls to head that off, but you know there's a
lot of overhead associated to that. If you think about,
there's a word zero trust out there, the idea being
if I'm from home, I don't want people to have
a routable IP address to get anywhere on my network,
because what happens if they've got their kid upstairs playing
you know, roblocks, and they're using some bot that's not
really safe, and all of a sudden, it's compromising, it's
(09:30):
attacking my company. This is word a tax surface we
use in security. Every one of those people connected VIAVPN
is part of my tech surface. If I'm at a
coffee shop on an unsecure network at a Starbucks, that's
part of my tech surface. And so that's the challenge
that it's created. And then I take that same computer
I was in the Starbucks with and I take it
back into my office and I've got full connectivity to everything. Now,
(09:52):
all of a sudden, I've got this different experience, different
access depending on where I'm working from. And really, if
we think about it, we want that cure access wherever
someone's working from. And if you apply one of the
core tenets of zero trust is don't trust any network.
And so if you talk to the CIOs and the
CISOs that are down this path. They've basically said, my
offices are like a Starbucks. Now, I only give people
(10:14):
access to the apps they need and nothing more. One
of the problems is how do I give that access
to applications without giving people access to the network and
make sure it's consistent. If I'm working from home on
my wireless connection, working over five G in my car
in the middle of a parking lot where I'm working
at my company's office, we want that to be the seamless,
consistent experience across both those without having more access than
(10:34):
you should excellent.
Speaker 1 (10:36):
One of the things I think is really interesting is
as we're seeing evolutions in things like wireless connectivity, we're
seeing some consideration being put forward towards security, even just
in those technologies at a baseline before we start adding
on top of that, could you speak a bit to
some of the security advantages that five G presents compared
(10:58):
to previous generations of wireless technology.
Speaker 2 (11:02):
I have the fortunate of being on the advisory board
for t Mobile for business right, and they're obviously pushing
a lot in the five G space. The big piece
I think that five G allows is it allows opportunities
to bring workloads closer to the users closer to where
decisions need to be made. Before, I was reliant on
how much of a circuit could I pay for or
connected to an office or a building, or how fast
(11:25):
is the internet access? Like a look at my home.
I love my gigabit connection, but why do I have
a fifty meg Because I can't always trust my gigabit connection,
So that five G presents another path, doesn't require someone
to bury things under the ground. Now there are things
where you can do private networks and things like that.
We see those in the federal government a lot where
we can leverage things like five G or at private
five G network. But even in that you want to
(11:46):
layer on top of that. So if I have an
IoT device, how do I make sure that's only talking
to things I wanted to talk to? Because if I
see all of a sudden and see that camera in
my building or that camera in an oil field, all
of a sudden, someone else is taking control of it.
I want to be able to see that and restrict
that and block and make sure that that doesn't lead
into a vulnerability in the rest of my environment. And
so five G creates a great path and opens up
(12:06):
new business opportunities, but we also have to layer the
security on top of that to make sure that we
can only allow things access, whether it's a person or device,
the things they should.
Speaker 1 (12:15):
Yeah, I remember when we started talking about big data,
it was in a time where it was all about
the collection, but we didn't really have great ways to
analyze information. Obviously that has gone by leaps and bounds
since then. But on the flip side to your point,
the Internet of things also represents considerations you have to
make when it comes to security because we've seen time
(12:36):
and again in the consumer world even how Internet of
things devices can sometimes allow unwanted intruders access to your home,
we have to remember that the devices we're connecting to
our networks, while they might be incredible and add value,
we have to do it in a way that continues
to keep security front of mind.
Speaker 2 (12:55):
No. One hundred percent. And it's an interesting topic, and
there's a corre layer here, which is, you know, we
always say we're only as strong as our weakest link,
and so even the one product that we put in
our home can have the best security possible if it's
used right. But the problem is when it's not put
in the optimal environment. We always say there's a happy
path in software, right, Well, people do things we don't
expect them to do, and it's those types of settings
(13:19):
and configurations and things we do that create that risk
for us. And so we see that today. I was
with the former chief of staff or SISA for those
on our film. With SISA, they're focused on our critical
infrastructure security and it's one of the largest federal agencies
in that space. If you think about all of our businesses,
at some point we are dependent on some small business
(13:39):
to provide some part or some capability or some service
for us today. And those companies don't have the budgets,
the people, the knowledge to be able to get the
right level of security we need them to have. And
so we have a social responsibility as an industry to
help all those companies because again we're only as strong
as our weakest link, and so how do we help
them be more secure? Because there's more all businesses in
(14:00):
the world and there are large ones.
Speaker 1 (14:02):
To that point, how do you think leaders should approach security?
What questions should they be asking and seeking answers as
they're building out their security strategy.
Speaker 2 (14:11):
First question ask is where you on your identity journey
because the first and foremost, I need to prove I
know who that person is and be able to then
reprove that that's really that person if I see something
that looks anomalous in what they're doing. The second piece
is then you know where we're starting to come in.
There's this term called Secure Access Service Edge, and as
part of that, there's a subcomponent called security service edge.
And if you look at the some of the guidance
(14:33):
from NIST, they basically created this what they call zero
trust architecture. So we took the zero trust term and
principles and put architecture with it, and they gave people
a guidepost. And if you look at that, there's this
policy enforcement point that sits between users and devices and
everything they want to access, whether it's an application or
resource data, whatever that is. And so I tell people
those are two very critical pieces. Is to have that
(14:54):
policy enforcement point, but you have to have identity with
it because that informs I know who the person is.
And then each thing you add to that, whether it's
something on the endpoint like a CrowdStrike, how are we
communicating to an OCTA, a PING or a Microsoft. How
do we have a better together story. So when you
think about security, make sure you ask the question, how
did all these things connect together? How do I make
sure that the investment I made in my identity is
(15:16):
going to work with the investment I'm making in my
security service edge, and so that's a critical component of that.
Then let's go with the remote users. We talked about
working on wireless from home in the coffee shop. That's
a great place to start. Let's get them in the
right order. And then next let's go to my branch
offices and look at how do I get my branch
offices where I can almost treat them like they're a
Starbucks coffee shop. Then I go to my headquarters locations
(15:37):
and I deploy the technology within my networks. There's parts
of that cloud piece that come down into my network
so that I can have that same experience inside of
my headquarters. And then to the extent that I've got
factories or plants or distribution centers, then I take it
to that and at that point, I'm trying to make
sure that that machine vision software that's sitting in the
server room that's inspecting a circuit board to make sure
there's no defects, that needs one millisecond latency in order
(16:01):
to be able to keep the manufacturing line running. I
can support that. So that's kind of the journey that
I recommend to people. They go about when they're thinking
about how they implement and the other pieces, think about, like,
what is the part of your world that would hurt
the most if someone were to take it down, because
you can't do everything at once, Start there and then
work down that list. Use an agile mindset as you
apply security. Get the thing that's going to have the
(16:21):
most pain attached to it, Address that one first, and
then move forward from there.
Speaker 1 (16:33):
You've touched on a lot of things that I would
love to dive into further. Letscope has several clients who
are in the healthcare industry. Clearly, healthcare has incredibly sensitive
security issues, right well, you have patient data which needs
to be as private and secure as it gets, and
you're talking about a mission critical element. And we've seen
(16:55):
that healthcare organizations can often be prime targets for actors
because they are aware this is a life and death organization.
So can you talk a little bit about the threats
that health organizations face and how netscope actually helps protect
against those threats.
Speaker 2 (17:15):
It's a great question. You know. The first thing when
you look at healthcare, I mean, because healthcare is a
broad category, when you think about hospital environments, you know,
we hear this concept of ITOT that's so present in hospitals.
The OT in that world, it's the dialysis machine, it's
the robot that the doctor is using. Right, So the
key piece is making sure you have the right level
of segmentation between those devices that are critical to patient care.
(17:38):
And then the place where you store the data, which
in the hospital world is going to be your EMR,
so it's your EPICA, your serner that you're going to
be using. You've then also got all these systems that
are out there in the software as a service pase.
It may be your HR system like a workday, it
could be a salesforce. So good example that we apply
inside healthcare and inside NETSCOPE as well is when there's
an employee that's exiting the organization, I want them to
(18:00):
be able to put their information in I don't want
to stop them from being able to get their job done,
but I want to stop any activity that lets them
downloading data to their local machine or taking data with them,
And so we can instrument that automatically for customers. So
if we trigger off the HR system, it puts someone
into an active directory group that then we can key
off of. That says, okay, any of these critical SaaS
applications block downloads of data. But then take it a
(18:22):
step further because we know that most people take data
thirteen days before they resign. Most people don't take it
after they put their notice in because they expect they're
on the watch list. But now I can go back
and look and see what are all the download activity
and upload activity that person's had for the past ninety days,
you know, especially the past month, And so that lets
me understanded someone do something that I didn't want them
to do. Then. But then let's take it a step further, right,
(18:43):
and this supply is cross industry chat GPT. So you've
got someone that says, you know what, I just wrote
up all these notes about this patient, let me organize
them better. So let me just post them into my
chat GPT and see if I can give them organized better. Well,
that can create a lot of concern because that's now
all that information. Depending on which chat GPT I'm going
to am I going to open AI that's a paid version,
(19:04):
or am I going to the web browser version I'm
paying for All of a sudden, that data is in
the public domain. So what we're doing is inspecting that
data as it's being posted into chat GPT, and if
that has anything that's considered PII about that patient, it's
going to block them from transmitting that information into chat GPT.
I can also warrant people and say, oh, that's not
a corporate instance of chat GPT, that's the free version.
(19:26):
Here's this acceptable use policy for how you use this.
One of the things that I think we all say
in the security space that the issue is not the technology.
We can have the best security tools, but if we
don't address the person in the chair between the keyboard,
that's a week link. And so what I struggle with
is we use this once a month, once a year,
once a quarter security awareness training, and we expect people
(19:47):
to take it once and remember it. And if you
remember earlier I said about analogies, I tell people it's
like we get in our car today, we don't pull
it our map to figure out where we're going to
go in our destination. When we get to the airport
and get a rental car. We don't say, let me
get the map so I can look at it. We
don't know. I just type in address in my phone
and if there's an accident, that guides me around it.
If there's a police ahead, it says, you know, you
may want to slow down. What's our GPS for our
users when they're going about the world. I'm on the Internet,
(20:08):
I'm surfing. There's a lot of destinations out there. And
to me, one of the key things and problems we're
solving at netscope is we're providing a GPS for people.
Don't go to that site. We already have an application
that does that. Don't bring another one in. They may
not know. People don't read emails and go to app
catalogs to find stuff. They just find things they go
to Google. So it's how do I give that GPS
to my users so that they have a way to
(20:28):
navigate the entire world of the Internet and my applications
without relying on reading emails, attending a webinar, or remembering
something from an annual or quarterly or monthly security awareness training.
Speaker 1 (20:39):
Gosh, Mike, you hit so many things bringing up AI
that one application of AI and how that represents a
security vulnerability. I'm curious what you think about AI from
the broader perspective of security, both potentially on the pro
security side of using AI to do things like perhaps
even identify ann intrusion attempt, or maybe on the flip side,
(21:00):
because we're starting to hear reports about people leaning on
tools like generative AI in order to craft new types
of malware. There's a lot of conversation. It's very hard
to separate the truth from the speculation. So I'm curious
to hear from an expert what your perspective is on
the topic.
Speaker 2 (21:21):
When it first came out, we said, okay, like you
have toys in the sandbox, let's go put in the
sandbox and let's learn as much as we can about it,
not only for our internal use but also for how
we can guide our customers because we need to stay
on top of what the new threats are that are
coming out and how these are being implied. We're looking
at different use cases. For example, internally, the pro things
is how can I take friction out? We're all challenged
with talent training people. So once I implement technology, what
(21:44):
can I do to eliminate how much effort it takes
to keep it running. So that's a big point. And
I've been in a lot of these roundtables in the
last few months on generative AI. And you can take
one approach and say, from a security standpoint, you can
block it, but when you do that, you're blocking innovation.
You can enable it, but then you're open yourself up
to security and vulnerabilities. How do you govern it and
(22:06):
allow people to innovate in a secure way is the
key piece. It's really about how do we educate our people.
It goes back to that GPS conversation, just telling people
this is a free version. Whatever you put in here
goes in the public domain and everyone else in the
world is going to see it. I don't think people
think about that because they don't study this topic. But
I think there's so many advances that we can do
around how we can use it to make some of
(22:28):
these routine decisions. Or I think about financial analysts, right,
why do we have financial analysts because they tell us
what the data means? Well, if I can now use
things like generative AI to look for the anomalies of
data and tell me what it means, you know, we've
seen that in some of the natural language based tools
out there from Tableau and answer rocket and thought spot.
How does that now take that to a whole new level.
How do we change the way we provide service to
(22:50):
our internal employees. You look at a company like move Works,
They've been doing some amazing things around how do we
provide better service to employees and get them what they
need without making their way on a ticket and wait
for someone to respond, right, And so I think those
areas where we can reduce friction in our companies and
then help the analysis happen faster. I think there are
going to be key ways that we can leverage generative
(23:11):
AI for positive ways.
Speaker 1 (23:13):
It's such a young technology too. I mean, it's been
in development for years, but really, when we're looking at
generative AI that is truly working on an impressive level,
we're talking about technology that's just a couple of years old,
and really in the last six months we've seen stratospheric
development in the space. I am also curious what's your
(23:34):
approach to evaluating a technology, Like how do you do
things like identify risk versus the value added of a
new technology.
Speaker 2 (23:43):
There's a couple of pieces there, you know. I always
encourage my peers to keep a pulse on what's going
on in the startup land. We see that disruption there,
so always learn, like for example, Generative AI or year
ago we were all talking about metaverse, and then before
that it was blockchain, right, so you think about how
do you learn about it because you're probably going to
get asked. You know, your CEO is probably going to
ask you, hey, what do you think about this? The
(24:04):
best thing to do is understand what problems can it solve.
Oftentimes we get a technology we get enamored with and
it's like we're running around with the hammer and everything
looks like a nail and we're trying to figure out
how we can solve it with our hammer. And so
the first thing, the most important thing, is to understand
the business problems that you're trying to face and then
ask yourself does that technology help address the problems that
(24:25):
you're experiencing in your role today? Or ask the vendor
what are the problems you're solving? For other people because
they talk to a lot of different companies and learn,
And that's a coaching I give to every startup out
there is don't tell me about the cool feature you
have tell me about the outcome you're going to deliver.
What's the business problem I'm going to be able to
solve that I couldn't solve before, And so that's one
of the key things. So once you've centered on that,
then the next piece is really then vetting the security.
(24:46):
You know, is it running in the right place? Have
they got the right safeguards? Have they got the right
security environment. I'm fortunate if I have an amazing peer
as our cisso and Lamont Orange. That's you know, his
team does an amazing job partnering to make sure we're
doing safe innovation inside the company. And so I encourage
people to make sure that you partner with your security
teams and leaders to make sure that you're working in
tandem to go evaluate those technologies again so you can
(25:07):
do safe innovation safe enablement across your organization.
Speaker 1 (25:13):
Before I could let Mike go, I needed to ask
him one more thing. What's the best piece of advice
you have ever received?
Speaker 2 (25:25):
He actually had a VP of marketing and she ended
up becoming what I would consider a member of my
personal board of directors. And she said, hey, I know
you want to go start another company. She goes but
if you'll invest the time, I'll teach you all the
things you need to know to be successful in your
career in business. Now, we all get these ideas that
we think are the best idea, the best way to
solve a problem. And she was trying to give me
again teaching. She said, next time we have a big idea,
(25:48):
I want you to sit down and think about what
are the alternative ways to solve the same problem. What
are the other ideas that could potentially be used, And
I want you to put the same energy into those
as you are the one that you came up with.
I want you to come present those to be and
I don't want to be able to know which one
that is the one you're most passionate about, her which
one was the idea you came up with first. The
reason that was such a good piece of advice was
(26:09):
because when you're presenting things, we always have a bias
for our idea, but we need to include the ideas
of others around us. And so that advice has helped
me throughout my career because it allows us to have
the view of other people. And then ultimately, if you
present the facts, the best idea will come forward. It
may not be the one you came up with the
first time. There may be a better approach.
Speaker 1 (26:28):
It's very similar to my personal philosophy, which is that
I never want to assume I'm the smartest person in
the room, and so far that hasn't been a problem
because I'm around a lot of really smart people. Mike,
thank you once again for joining The Restless Ones. It's
really been a pleasure.
Speaker 2 (26:44):
Thank you so much for having me. It's been a
true honor to talk to you. Hopefully we have a
conversation again in the future.
Speaker 1 (26:55):
Thanks again to Mike Anderson of netscope for joining the show.
I think Mike's practical pro coach towards security is something
we should all take to heart, even on an individual level,
and it's great to know that companies like netscope are
out there as a partner to help businesses achieve results
while keeping operations secure. And I'm thankful that Mike emphasized
(27:15):
that it's just as important to not let concern prevent
companies and people from embracing innovation. That if we try
to hold off on taking advantage of innovation, we can
miss out on opportunities. There must be a balance between
incorporating new solutions while also protecting the business. Yes, we
(27:36):
must be concerned about introducing vulnerabilities, but not to the
extent that we talk ourselves out of trying new things.
Join us for more episodes of The Restless Ones this season,
as we talk with more forward thinkers and pioneers. Until
next time, I'm Jonathan Strickland, ZAP
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com