Juli 20, 2023

EP 32 – Building Trust and Collaboration in Identity Security w/ CyberArk CEO Matt Cohen

In this episode of Trust Issues, host David Puner talks with CyberArk CEO Matt Cohen, who shares his distinct take on leadership – emphasizing the importance of leading without fanfare. Cohen talks about his transition into the CEO role, insights on identity security and the current threat landscape. He also touches on the significance of company culture, professional development – and his admiration for a particular Boston Red Sox manager’s leadership style. The discussion delves into CyberArk’s mission to secure the world against cyber threats by securing identities, and empower organizations to move forward, fearlessly to unlock growth, innovation and progress. 
 
 Three key takeaways from this episode are: 
 1) The significance of authenticity and humility in leadership.
 2) The criticality of identity security in today’s evolving threat landscape.
 3) The value of customer-centricity and trust-building in successful business relationships.

[00:00:00.090] – David Puner
You’re listening to the Trust Issues podcast. I’m David Puner, a senior editorial manager at CyberArk, the global leader in Identity Security.

[00:00:23.470] – David Puner
Today’s guest has a distinct take on leadership, leading without necessarily doing it from out front or with fanfare. Our guest is CyberArk CEO Matt Cohen. He’s a few months into his new role and we’re excited to speak with him about his transition into the job, his thoughts on Identity Security and innovation, the current threat landscape, and his perspectives on leadership, professional development and company culture.

[00:00:51.910] – David Puner
Matt also talks a bit about his Boston Red Sox, not only as a fan, but as an admirer of a distinct style of managerial leadership from an era of team excellence, a particular field manager characterized by, among other attributes, authenticity.

[00:01:09.370] – David Puner
In the Identity Security field, we have a roster of identities that keeps growing in number and importance. Today’s attackers are compromising identities through the likes of credential theft, impersonation, and account takeover. It’s critical to secure these identities. So maybe it’s all about being able to discern between who and what is authentic and what’s not. Here’s my conversation with the authentic Matt Cohen.

[00:01:40.430] – David Puner
Welcome, Matt Cohen. Thanks for coming on to the podcast.

[00:01:43.820] – Matt Cohen
Thanks, David. It’s good to be here with you and looking forward to talking this morning.

[00:01:47.990] – David Puner
Thanks so much. You’re about three months into your new role as CyberArk’s CEO. How are things going?

[00:01:54.830] – Matt Cohen
It’s a lot of fun. Whenever you’re making a change like this, you’re always anticipating what is it going to be like. Is it going to be dramatically different? Am I going to be miserable in the new role or am I going to be having fun? I think CyberArk makes everything a lot of fun because we have such great people, such a great opportunity ahead of us and I’m enjoying myself in the new role.

[00:02:16.220] – David Puner
Has there been anything particularly surprising to you since you’ve become CEO, maybe something that you didn’t expect?

[00:02:21.890] – Matt Cohen
Well, from a day to day perspective, I would say the biggest surprise is the lack of surprise. It’s been a very consistent experience from my earlier roles. Udi, executive chair and founder, former CEO, has done such an amazing job handing off to me and preparing me for the role that I would say the surprises haven’t really come all that fast and furious.

[00:02:47.060] – Matt Cohen
What maybe has been a bit of a surprise is that in this macroeconomic environment, in this world where we see uncertainty all around, how persistent the certainty has been around the need for cybersecurity and for Identity Security and what we do here at CyberArk. That’s been the most pleasantly surprising element of coming into the new role is our ability to be able to meet real market demand with real solutions that deliver value.

[00:03:17.090] – David Puner
I am wondering, you are based out of our Newton, Massachusetts, office. Did you get like a new parking space or anything like that? Does something change dramatically when you become CEO?

[00:03:28.190] – Matt Cohen
No, actually. No new parking spaces, no new laptop setup. We’re what we like to consider a humble culture. We’re bold in the market, but we’re humble at work. I think that kind of carries through. So no new parking spot. But I will say that I get a little bit more attention in the hallways when I’m walking through.

[00:03:50.510] – David Puner
You did mention Udi and how he prepared you pretty well for taking on the new role. Was there any particular piece of pointed or poignant advice that he gave you when you entered the role that you’re kept front and center?

[00:04:04.940] – Matt Cohen
The benefit I have is being here for several years and learning this along the way. Again, it wasn’t a dramatic shift, but there were two things that always are top of mind for Udi, and he translated over to me to be top of mind.

[00:04:17.570] – Matt Cohen
One is that CyberArk is special because of the people that we have and the culture that we’ve built, and make sure that we take care of those people and take care and nurture the culture to be able to continue CyberArk for the long run as a built-to-last company.

[00:04:32.600] – Matt Cohen
The second thing is we have a mission here at CyberArk that’s meaningful. We’re out there securing our customers, securing the world, if you will, against cyber threats. That’s a purpose driven mission for all of us. It’s something that we need to wake up in the morning thinking about and go to bed at night thinking about. So it really is the juxtaposition of a dedication to our customers and their ability to defend themselves, and our employees and partners here at CyberArk, and our ability to be able to create and nurture a unique culture.

[00:05:07.130] – Matt Cohen
Those two things are what he believes fundamentally has made CyberArk the company it is. Luckily, it’s also what I believe makes CyberArk what we are, and it will carry us forward for the years to come as we build the next phase of CyberArk’s growth and success.

[00:05:23.150] – David Puner
Did he potentially give you any advice about sleeping? If you’re thinking about this going to bed and when you wake up? Because I’ve got to imagine there’s a lot running through your mind.

[00:05:31.430] – Matt Cohen
I’m not sure Udi slept all that much. I’m not sure I sleep all that much. I think we’re dedicated people who live the job, live the work. I think we both have a unique tendency to be able to, while we are sleeping, process through things and get to solutions on the other side and wake up with the aha moments. So that’s a nice ability to have when when we’re only sleeping for a couple of hours each night.

[00:05:55.610] – David Puner
Well, I thought I had sleep debt but that’s pretty remarkable. In the way of background, before you became our CEO, you were CyberArk’s Chief Revenue Officer and then Chief Operating Officer. How did those roles prepare you to take on the CEO role, and what’s new for you in the CEO role and what’s familiar?

[00:06:13.430] – Matt Cohen
I think in the CRO role, which was how I came in to CyberArk, it allowed me to get very close to our customers and very close to our partners. That was a great learning ground for me to be able to develop my understanding of the cybersecurity market and the unique ability that CyberArk had to meet that market and, as I said earlier, deliver value.

[00:06:35.570] – Matt Cohen
The CRO role really helped me. It was a great, great entrance spot into the overall market and into the overall company. As I moved into the COO role, I got exposure into the other parts of the business, the operating side, the customer success side, even the planning and financial side of the business, and that helped prepare me much more for the broader role that is the CEO role.

[00:07:00.980] – Matt Cohen
Now as I’ve transitioned into the CEO role, the newer area for me is really the product strategy and the product side. We have some great talent out of our Israeli headquarters. They’re really focused in on driving the next innovation of the product and I’ve been able to interact with them in a new capacity and new format.

[00:07:19.910] – Matt Cohen
So it’s been a nice path, an evolution for me as an individual as I’ve come through the role to learn more about what’s going on here, not only from a market perspective, but internally here at CyberArk, and hopefully prepare me very well for the job ahead.

[00:07:34.970] – David Puner
Day one as CEO, you were in Israel at our headquarters. Was there any particular reason for that or was it happenstance?

[00:07:44.210] – Matt Cohen
We believe that core to being a technology company, and being the leader in Identity Security, is our innovation, is our ability to be able to push the boundaries of where security is going. So much of that comes out of our product organization, which is a huge component of what we have over in our Israeli headquarters. We’ve got an investment in a CyberArk Labs that does the latest research.

[00:08:13.100] – Matt Cohen
We also have other corporate functions there like HR and finance and support in other areas. It was a great opportunity for me, on my first day, to be where our center of gravity is. We are a truly global company.

[00:08:28.160] – Matt Cohen
I happen to sit over here outside of Boston, Massachusetts, but we’re in over 40 countries around the world, and we like to think of that as an innovation hub, a center of gravity in Israel that extends out throughout the world, and helps us be able to understand what’s really going on with our customers and the markets anywhere we go.

[00:08:49.190] – Matt Cohen
But for me, day one, I wanted to be where we started. I wanted to be where we were founded and where so much of our talent sits and actually be able to feel the pulse of what was going on there at the moment so that I can better translate that into our global strategy and help drive the future of CyberArk.

[00:09:06.290] – David Puner
Do you find yourself in Israel much?

[00:09:08.780] – Matt Cohen
I’m on the road a lot. That might be part of the sleep situation. We’re constantly out there in the market with the customers. I try to get to Israel at least once a quarter, at the bare minimum, so that I can connect with the members of my leadership team that actually sit there. Half the leadership team is over in Israel.

[00:09:27.950] – Matt Cohen
Then also to be able to connect with those great employee populations that I was just describing. I love traveling over there. It’s a wonderful opportunity not only to experience the cyber culture, but the Israeli culture itself, and and the food. I happen to be somebody who enjoys warmth and sun. In the dead of winter here in Boston, it’s always good to jump on a plane and go be confronted with a nice sunny day.

[00:09:51.320] – David Puner
Next winter, I will hitch a ride with you, if you don’t mind. I’ll make that happen.

[00:09:55.190] – Matt Cohen
Absolutely. More the merrier.

[00:09:57.650] – David Puner
Are you a lifelong New Englander? Are you an East Coast guy?

[00:10:02.330] – Matt Cohen
I grew up here on the East Coast, bearing the brunt of all the things we have on the East Coast. The storms, the cold, the snow, the roughly two months that it becomes nice and then it becomes too hot and then it’s cold again. I grew up thinking I went to school out here on the East Coast as well, thinking this is where it’s all at.

[00:10:21.920] – Matt Cohen
Then after I got married, we moved out to Southern California for what was going to be a year of experience, and we ended up staying there for about eight years and then moved back here for family and for work as well, and realized that us New Englanders are a little bit of fooling ourselves in thinking that we’re tough. We just don’t really realize what it’s like to not care about cold and not care about weather. So I enjoyed my time but have experienced both the East and the West Coasts of this great country of ours.

[00:10:51.050] – David Puner
Up here in Boston. I’m originally from New York. I’ve been up here a little more than 15 years, and that’s 200 miles south of here. Up here, at least, you get two more weeks of winter on either end. As far as I can tell.

[00:11:05.900] – Matt Cohen
I think that’s true. As a lifelong Boston sports fan, I promise not to hold it against you from New York.

[00:11:11.960] – David Puner
Well, when I first came up here, I worked for Dunkin‘ Brands, which is a venerable New England institution. After some time, I was deemed to be a reasonable Yankees fan.

[00:11:24.050] – Matt Cohen
That’s good. I’m not sure who branded you a reasonable Yankees fan. I’m not sure if that’s not an oxymoron. I’m not sure those two words can go together. But that being said, I’ve grown in my maturity to be able to appreciate anybody from anywhere.

[00:11:38.060] – David Puner
All right. Well, thank you for that. Let’s go. Back to your resume for a moment. Based on your resume and educational background, some may say that you’ve traveled to the CEO position in a nontraditional manner. How has that served you well throughout your career and into today?

[00:11:52.860] – Matt Cohen
For those who don’t know my background, I got my degree in psychology, really with a focus on organizational development and helping in human relations, and actually went into learning and development in OD, organizational development.

[00:12:06.060] – Matt Cohen
That’s where I started my career with the idea that if we could help individuals and organizations grow, develop, change, then we could ultimately make them more productive, make them more efficient, make them easier and better scaling functions and contribute more value to the overall businesses that they are part of.

[00:12:27.450] – Matt Cohen
So I did start in that space, in this L&D space. I then went into education and training, went up into services, which was another big path change, and ultimately found myself in the customer success space right when it was burgeoning and kind of coming to the forefront of how tech companies were driving value with organizations.

[00:12:48.480] – Matt Cohen
I think there’s two elements of that background that I pull from all the time. One is from an L&D perspective, or a learning and growth perspective, it’s a fundamental tenet of mine that we either grow or we die.

[00:12:59.130] – Matt Cohen
So as individuals, as organizations, as companies, we’ve got to be focused on a growth strategy, how we change, how we develop, or we will ultimately start to denigrate down and start to die. So that factors into how I lead an organization, how I lead a company.

[00:13:17.040] – Matt Cohen
The second one is customer success. You can’t live in the field of customer success without understanding that customer centricity, and customer value, and customer experience are first and foremost of what any company has to appreciate if they want to grow and develop and scale.

[00:13:36.180] – Matt Cohen
I think that idea of customer experience, customer centricity, learning and development, learning and growth, are the very foundational pillars of my leadership style of what we, as a company, need to continue to dedicate ourselves to, and leads me to maybe a unique perspective on the CEO seat that I sit in right now.

[00:13:55.650] – David Puner
You’ve been in a lot of different sets of shoes, as it were, and was there a point where maybe you were in your fourth set of shoes when you thought, „Okay, I’m seeing all these different perspectives here and I’m understanding all these different aspects of businesses.“ Could this potentially be leading to ultimately the kind of role that you’re in now?

[00:14:15.570] – Matt Cohen
As I moved into other roles, I always was trying to understand what do I need to do more to broaden my skill set and broaden my experience, to be able to keep growing. You can grow within a function or a role, or you can grow by being able to take on more functions and more roles and ultimately end up in a role like a CEO role.

[00:14:36.780] – Matt Cohen
I think from my vantage point, it’s always just about challenging myself to do more. It was never with a, „It must equal a CEO job at the end.“ Definitely not. It was more of, „Let’s keep finding ways to challenge myself,“ and hopefully apply my leadership, philosophy and leadership capabilities to be able to help organizations or companies become more in and of themselves.

[00:15:01.620] – David Puner
From the customer service standpoint, is there any nuance to the old statement, „The customer’s always right.“?

[00:15:09.600] – Matt Cohen
There’s always a nuance to it because the customer can only always be right if the customer always knows what’s right. Sometimes the customer is doing things that are actually not in their best interest. I’ll take us out of CyberArk. I’ll take us earlier in my career.

[00:15:23.040] – Matt Cohen
Maybe you had software products that could be easily customized and be created to do anything. Well, now the customer is creating a one-off deployment that can’t ever be upgraded, that can’t ever be moved to the latest and greatest technology stack that opens up vulnerabilities. That customer isn’t always right.

[00:15:44.940] – Matt Cohen
They might be doing what they think is beneficial, but they’re not always right. Part of your job as an organization is to have honest conversations with your customer and explain to them why choices they’ve made maybe aren’t the right choices for them for now or for the future.

[00:15:59.520] – Matt Cohen
Actually, customer centricity and customer experience is about being able to enter into the perspective of the customer, to be able to understand what they value and what’s important to them, and then to be able to have a point of view of how you guide them there in the right way for not just the present but for the future.

[00:16:20.310] – Matt Cohen
Sometimes that means taking a strong point of view with customers. You need to do it differently. Sometimes it is just listening and understanding how we need to do something differently. But a real good customer relationship is like any relationship that you or I have. It’s about creating space for the customer inside yourself so you can hear them.

[00:16:41.730] – Matt Cohen
They see that you’re creating space for them. You understand who they are and what they want. They then create space for you. Then through that process of openness and connection, you move forward together to a better environment, to a better future. Every relationship I’ve ever had, you have, I’m sure it comes down to building that level of trust, that level of collaboration, that level of connection. Customer centricity is no different. Customer experience is no different.

[00:17:11.130] – David Puner
Welcome to Trust Issues. Thank you for that. Moving on to Identity Security at our recent IMPACT Identity Security Conference in Boston, you mapped out three driving forces behind today’s challenging Identity Security landscape. I’d love to go into those three principles or forces or themes, whatever we want to call them.

[00:17:32.510] – Matt Cohen
Yeah, absolutely. I think they form the foundation of our entire company strategies. They’re a great way to understand what CyberArk is all about.

[00:17:41.240] – David Puner
The first is new identities. Why are new identities so important right now? What are some key considerations when it comes to human and non-human access?

[00:17:51.660] – Matt Cohen
It starts with the idea that years ago, the only identities really that were the biggest risk from an attack vector perspective was the most privileged account. It was the the the super admin, if you will, in the IT organization that had credentials to be able to do anything they want.

[00:18:09.000] – Matt Cohen
The bad actors out there were trying to get access to that account, that credential so that they could steal data information systems from an organization. They could breach and shut down a company or organization. What’s happened over the past two decades, and what’s accelerated over the last several years, is the very nature of what is privileged identity has changed.

[00:18:32.460] – Matt Cohen
From a human aspect, we have this idea that any one of us can be privileged at any given time based upon the types of applications, types of data that we’re accessing. So a CFO or someone in the finance department that’s not traditionally in IT, but they’re accessing or logging into the company ERP system, is definitely privileged when they’re accessing the financial data that’s core to an institution.

[00:18:59.640] – Matt Cohen
An HR admin is a privileged identity when it’s accessing the HRIS system and has access to all of our private data. So the very nature of even human identity and what is privileged has changed dramatically as SaaS applications to come on board as the idea of the different systems and data we’re interacting with on a daily basis has changed.

[00:19:20.430] – Matt Cohen
That then proliferates even further with this idea of non-human identity or access. We have bots, we have applications, we have all these modern development projects, and those applications need to access data, information, and systems. In order to do that, they get credentials. If those credentials are hard coded in, they become an incredible threat vector for an organization that increases risk.

[00:19:44.370] – Matt Cohen
So as our organizations just change, the types of applications change, the very nature of our jobs change just by the notion of going and working from home, working from a coffee shop, the perimeter disappears. This identity landscape changes.

[00:20:00.270] – Matt Cohen
That’s why we start there and we say… If the number of identities of proliferating the type of identities are changing, we have 45 machine identities for every human identity. We have people working from home. This needs to be protected, defended in a different way. That’s where Identity Security starts. That’s where CyberArk starts. That’s where our strategy as a company begins.

[00:20:25.170] – David Puner
So that is the new identity is then the next theme or principle is the new environments. What are the biggest challenges customers still face as they continue their transition to the cloud but maintain hybrid environments?

[00:20:40.310] – Matt Cohen
Exactly as you describe. Most of our customers started with a data center, most of them. The four walls of a data center were a certain protection strategy with a certain number of users or types of users who are accessing it. They’re now moving to a hybrid environment. The hybrid is really important because they’re not totally getting rid of their on-prem data centers. They’re lifting and shifting certain applications into the cloud.

[00:21:03.440] – Matt Cohen
Then they’re doing what’s called digital native development of new applications that were never on-prem ever to begin with. That creates this incredibly complex environment architecture for any enterprise, for any organization. We have all of those identities that I talked about a couple of minutes ago accessing all of those richly complex environments.

[00:21:25.340] – Matt Cohen
For organizations that have spent 20 years mapping out how an individual or an identity should be accessing or what roles and permissions they should have for a on-prem environment, they now need to figure out, „Wait, what does permissions look like when it’s developers who are accessing cloud environments, when it’s traditionally IT professionals that now have to access lift and shift environments?“

[00:21:52.310] – Matt Cohen
What is the right access rights? What is the right entitlements? By the way, what’s the right methodology for how we should enable access? Is it standing access or just-in-time access? Should we have privileges that are always on or should we have zero privileges, zero standing privileges?

[00:22:10.040] – Matt Cohen
This opens up a complexity I could go on for, as you can tell, minutes and hours. The idea here is how do we actually figure out how to seamlessly secure access for all those new identities while applying the right level of intelligent privilege controls, orchestrate the lifecycle, and make sure that we can take care of, we can protect not only on-prem, but hybrid and pure cloud environments. That is, at its core, Identity Security. That’s what gets, as you can tell, me excited about what CyberArk is off doing.

[00:22:43.880] – David Puner
So much of this involves transformation, adaptation, innovation. It’s obviously can’t just be reactive to get where we are. How important is adaptation and transformation? How do we approach that.

[00:22:59.090] – Matt Cohen
When we’re talking about this core Identity Security problem, there’s another core principle, which is the third area, which is the attacker innovation that’s happening out there. The reality is as attackers, as bad actors, organized crime, nation states, they’re not sitting with the attack methods they had from five years ago, ten years ago. They’re not even sitting with the attack methods they had from five months ago. They’re innovating, changing, scaling at a rapid pace.

[00:23:29.030] – Matt Cohen
If those you’re trying to protect against are innovating, you must innovate. You must match innovation with innovation. You must match new attack methods with new defense methods. That’s the whole concept of attack and defend. We at CyberArk, it’s core to our DNA, believe that you must assume breach as an organization. You’re not going to keep everybody out. So then how do you innovate in what you do once somebody is in? How do you bring the attacker into the conversation when we’re innovating ourselves?

[00:24:04.040] – Matt Cohen
Let’s not innovate in a black box. Let’s innovate with the attacker in the room and make sure that we’re truly protecting the organizations, the governments around the world. I think when we think about this attacker landscape, it brings up the third thing I keep talking about, new identities, new environments and new attack methods.

[00:24:22.850] – Matt Cohen
When we think about innovation out there, it’s sometimes a little scary how fast the attackers are moving from session, hijacking, and new methods to be able to go do that. From the use of not just supply chain attacks and the software supply chain, but even being more mature and evolving into cascading supply chain attacks, the ability to move laterally and then vertically within a software supply chain.

[00:24:48.620] – Matt Cohen
Then the the buzzword of the day, which is AI, an artificial intelligence and using that in the attack method. All of that creates this constantly escalating battle or arms war, if you will, between bad actors and defensive strategies, and that’s our job to to do that each and every day.

[00:25:07.070] – David Puner
Would you say that generative AI seismically shifts the the attack landscape? Is it as big a deal as everybody seems to be making out to be, or do we just not know yet?

[00:25:17.780] – Matt Cohen
I think we can anticipate the impact and I think the impact comes in two flavors. It will eventually come in new attack methods or strategies that have never been tried before. I think we’re too early to predict what those are really going to look like, how innovative, how exponential that can happen.

[00:25:39.320] – Matt Cohen
But what we see today already is that the attack methods that are out there that have been used for the last months and years can become so much more effective with the use of AI. If we think internally how we all are excited about AI, because fundamentally it’s going to increase our productivity, there’s a good statement out there that says AI isn’t going to replace people, but it’s going to replace people who don’t use AI.

[00:26:07.070] – Matt Cohen
Ultimately, it’s going to make a developer a better developer or a lawyer a better lawyer, a salesperson a better salesperson. Well, that’s what I’m talking about of the present reality. It makes a hacker a better hacker. It makes phishing techniques more effective. It makes the idea of how we create malware more productive, more effective, more efficient.

[00:26:28.910] – Matt Cohen
It actually can drive the idea of how do we actually have to prepare ourselves and our organizations for the attacks that have been so present over the last years just to be more effective? That’s what we’re worried about right now. Over time, though, it will be exponential change, I think in the newer methods that get created out of this amazing but somewhat scary technology.

[00:26:54.230] – David Puner
We talked about IMPACT in Boston earlier on, our big annual conference. Since that time, you’ve been on the IMPACT World Tour. Where have you been and what are organizations most focused on or concerned about these days? Is there any trend you’ve noticed about what people are talking about right now?

[00:27:13.010] – Matt Cohen
The Boston event was an amazing event. We had thousands of people join both in person and remotely. I was in Europe a couple of weeks ago in London and our Amsterdam event. I will be over in APJ with our Singapore event. We’re then back on the road here in the US with more events.

[00:27:31.700] – Matt Cohen
So it’s a great opportunity independent of all the great things we have to share just to meet with our customers, hear what’s on their mind and as you said, take their pulse. I would tell you that increasingly where they’re focused is one on this idea that they know identity attacks will happen.

[00:27:49.160] – Matt Cohen
We did a recent threat landscape that showed that 99%, which might as well be in be 100%, of all respondents came back with, „We know that we will have an identity attack in the next year.“ There was more than 60% that talked about having a ransomware attack in the prior year. This is front and center on every CISO’s mind, on every CIO’s mind, and ultimately on the boards of these companies‘ minds that the threat landscape is proliferating at such a rate that it’s very hard to stay safe.

[00:28:21.140] – Matt Cohen
One theme is just help us. Help us figure out where the biggest risk is and help us make sure we map our Identity Security strategy because we know those attacks are coming and they’re coming for our identities. Everybody understands that. Ultimately, bad actors are trying to get accounts, credentials to be able to navigate within an organization laterally and vertically to steal the most critical information. So that’s one thing that’s on their mind.

[00:28:46.220] – Matt Cohen
I’d say another thing that’s really on their mind, though, is how they map into this hybrid complex world. They all have either cloud-first or cloud-push, and they’re trying to understand that difficult mapping exercise of how to create a cyber and Identity Security story strategy for these new hybrid complex worlds.

[00:29:08.510] – Matt Cohen
So that’s on their mind as well and they’re saying, „Let’s partner together, CyberArk.“ With not just understanding that reality, but how do we actually create a blueprint for approaching that in a measured, productive way? Because one of the things that’s on their minds is we must be secure.

[00:29:25.940] – Matt Cohen
But the reason why we go to the cloud is for innovation, for productivity, for speed. So don’t slow us down. So help us figure out the roadmap that will allow us to be more secure, but also continue to be productive. That’s very much on their mind.

[00:29:39.380] – Matt Cohen
Then I think they’re also just having some fun getting back in person. This post-COVID world we enjoy actually getting in a room, shaking some hands, having a drink and talking about what’s going on in our work environments, but also our personal environment and having some fun together.

[00:29:54.290] – David Puner
CyberArk did happen to make a very big announcement at IMPACT. This announcement had to do with our forthcoming secure browser release, which allows cookieless browsing. What is the CyberArk secure browser? How does it allow cookieless browsing and why is it such a big deal?

[00:30:11.480] – Matt Cohen
I’ll talk about the product in the context of the problem. The idea here is we have spent all of us, organizations around the world, millions of dollars, millions of men and women hours around the world, making sure that we can attack security of applications of the cloud of data centers.

[00:30:33.410] – Matt Cohen
Then we’ve left running on everybody’s desktop, everybody’s laptop, the most used application, which is the browser. We’re still using a browser that was designed for the consumer in an enterprise space. It’s a wonderful browser. Whether you’re using Chromium or Chrome, whether you’re using Microsoft Edge, which is built on Chromium, whatever. It is a very easy, intuitive to use, way of navigating applications, the Internet, getting to information.

[00:31:04.070] – David Puner
It is a Chromium-based browser, right?

[00:31:06.470] – Matt Cohen
Right. We’ve built our secure browser based upon Chromium with the notion of making sure we can do three things. We can make things more secure, we can make things more private and protect people’s privacy, and we can still keep the level of productivity that people expect. We want to do it in such a way that not every organization needs to adopt the secure browser for every user.

[00:31:31.520] – Matt Cohen
We want to give the flexibility of the security teams to apply the secure browser for the right users or the right applications that need a little bit of extra protection. We do that by actually substantiating a browsing technique that allows for cookieless browsing.

[00:31:48.950] – Matt Cohen
What that means is we actually take the cookies, we still feed them into the session so that you don’t lose the productivity. If any one of you have actually navigated without cookies, it’s not a very good experience. So we take the cookies and we store them on a central server. We allow for cookieless browsing with all the functionality as if cookies were there.

[00:32:07.730] – Matt Cohen
We allow for obfuscation of passwords into one-time keys. We lock down extensions to make sure that people can’t install all those potentially really malicious extensions that steal our data and populate it up into the cloud.

[00:32:23.630] – Matt Cohen
So it’s a whole new way of providing a browsing experience that ultimately becomes a front end into our Identity Security platform, but also into everything that’s sitting out there within a user’s ecosystem and making it all easy to use. Not that much change process required. It’s a fun solution to talk about because it’s going to be the last mile, if you will, of security, locking down the browser for organizations around the world.

[00:32:52.820] – David Puner
I should point out that if folks want to learn more about why cookieless browsing is so important and needed, you can check out a back episode of Trust Issues with our Andy Thompson and Shay Nahari. That was a few months back. The secure browser will be rolling out the end of this year.

[00:33:10.850] – Matt Cohen
That’s right. It’ll be a service of our data security platform and we’re really excited to get it out in front of customers and let them play with it.

[00:33:18.470] – David Puner
Segueing back to your career, has there been a defining moment in your career and how does it influence you today?

[00:33:25.250] – Matt Cohen
It is a great question. It’s very hard, I think, for all of us to always find these big defining moments. I look back on my career and I see two things. One was I was learning and development professional helping with development of internal employees at my prior company.

[00:33:43.730] – Matt Cohen
I had an idea for we could actually launch this as a paid service for our customers. I built a business plan. I built an overall investment thesis, went to the CEO at the time and the rest of the executive team and got some money and sponsorship to be able to build out my first little business within the overall business.

[00:34:04.070] – Matt Cohen
For me that was the learning ground, if you will, for all the elements that go into building a business from strategy to sales to product development. So for me, that was a big milestone. It also got me out of learning and development as a career path and into business management.

[00:34:20.300] – Matt Cohen
The second big one, though, and it’s not self-serving to say, is the decision to leave my prior company after 17 years and join CyberArk. Best decision I’ve ever made from a career perspective. Defining moment for me because I got into a market in cyber and a company in CyberArk that I’ll be with for the long run from here on out, because it’s such a special place, it’s such a special market to sell something that’s needed that actually is fundamental to how organizations will either navigate the future or not. It’s special to be part of a company like CyberArk with its rich culture, its amazing people and its bright future, the CyberArk family that we talk so much about.

[00:35:03.080] – David Puner
You’ve mentioned learning quite a few times over the course of this conversation. How do you foster leadership, and career development and learning, and create a winning team?

[00:35:13.250] – Matt Cohen
One of the things that I learned early in my career and became a core philosophy of mine is one, everybody’s a leader and two, leadership is everything. When you start to then bring that juxtaposition together, you need to be thinking about leadership all the time and sometimes people are surprised when I pull in people down in the organization and I talk to them about their role as a leader.

[00:35:36.710] – Matt Cohen
What is their leadership framework? How do they want to approach their development as a leader within the organization? But if you create a company of leaders, people who understand… Sometimes I think people mistake leadership for being out in front always and having an opinion always and making sure you control everything. That’s not leadership, that’s actually just being dominant.

[00:36:00.290] – Matt Cohen
Leadership is actually the ability to be able to control and lead yourself in any moment. How can you actually understand what you’re experiencing, how you’re behaving? Can you pause and can you reflect on what’s happening to you intellectually, emotionally, even physically?

[00:36:18.860] – Matt Cohen
Leadership is about that leading of self. Leadership is about leading others. It’s the ability to be able to connect with others, to be able to, as I talked about earlier, make space for others, make people feel heard and understood. So together you can actually provide a solution to merge and go forward with new ideas. It’s leading others in addition to leading self.

[00:36:40.910] – Matt Cohen
Then it’s about leading organizations or teams or companies, and it’s about how well we can create communications, make sure that we’re programmatic in our approach, how we’re approaching the ability to be able to identify opportunities and threats, and apply people and process against those identities and threats.

[00:36:59.510] – Matt Cohen
I can go on for a while here. But the idea becomes if we are actually going to achieve as an organization, as a company, if we’re going to actually have impact around us within the company, and then more importantly, with our customers, with our partners, then everybody has to embrace the mantle of being a leader, understanding what that means, and actually driving and growing and learning to be a better leader whatever their particular job function might be within a company. I think that that sets the stage then for a special culture, a special place for us as we move forward.

[00:37:36.590] – David Puner
In your opinion, has there been a Red Sox manager that reflects leadership as you’ve just mapped it out?

[00:37:43.310] – Matt Cohen
I’m a pretty harsh critic of my Red Sox and I’m a pretty harsh critic of the leadership we’ve seen there. It’s not been a good couple of years. I go back to Terry Francona when he was managing and there definitely was some principles that I liked and how he was leading that clubhouse and allowing the clubhouse to also be themselves, be their own culture and also lead from within.

[00:38:06.080] – Matt Cohen
He didn’t need to be the dominant personality in every conversation that was happening. I think that’s part of what we need to do, always in our environments, is how do we serve the people around us? How do we lead sometimes from behind versus out front? From time to time, he did that well. It’s hard in baseball. You burn out pretty quickly.

[00:38:23.900] – David Puner
Matt, this has been great. Really appreciate it. So fun to talk with you.

[00:38:27.470] – Matt Cohen
Thanks for having me here. I’ve always enjoyed your podcast. Those of you who are out there, if you liked what you heard here. Yeah, go listen to some of the other ones. They’re really thought-provoking and help drive the discussion so thanks for that service, David.

[00:38:40.040] – David Puner
Thank you for the plug. That’s the best one we’ve ever gotten. Thanks so much.

[00:38:53.380] – David Puner
Thanks for listening to Trust Issues. If you like this episode, please check out our back catalog for more conversations with cyber defenders and protectors.

[00:39:02.500] – David Puner
Don’t miss new episodes. Make sure you’re following us wherever you get your podcasts. Let’s see. Oh yeah, drop us a line if you feel so inclined. Questions, comments, suggestions, which, come to think of it, are like comments. Our e-mail address is trustissues, all one word, @cyberark.com. See you next time.