Transcript

Rohit:  Constantly, we talk about like, we can't really celebrate our successes for good reason. We can't really, kind of unwell our security posture, for pragmatic reasons. So, the overall narrative of the industry is one which is very constrained and which doesn't really help with  the psychology of the human actors that are fighting the good fight on the good side. So I realized that what changes the world right at the end of the day is stories, right? If you think about a startup, you think about any major endeavor, the story must come first. And then it drives the, kind of vitalizes and catalyzes the imagination of people. And that's how you change the world. 

INTRO

 Ankur: Hello everyone. Welcome to another episode of ZeroToExit. This is Ankur and Neelima. In today's show, we're excited to have with us Rohit Ghai, CEO of RSA, a leader in cybersecurity and risk management, also known for the “RSA Conference” , the biggest security conference in the world. Previously Rohit served as the president of Dell EMC's Enterprise Content Division(ECD), where he was responsible for all aspects of the ECD business, including product development, go to market finance and others. He also held leadership roles at Symantec, Computer associates, and various other enterprise security companies.

In today's show. We're going to talk about the cybersecurity landscape in the world of cloud and AI. If you have aspirations to become a CEO, we'll also try to get ready to share his secrets to land the top job. Hey, Rohit, welcome to the show.  

Rohit: Ankur, Thanks for having me excited to be here and hello Neelima! I am looking forward to our chat.

Ankur: We are looking forward to it as well. Thank you so much for taking the time. So first of all, congratulations on getting RSA off the ground and scheduled in May  better late than never. So, we're all excited and I've been going to RSA for the last decade and this was all timely. It looks like this year's theme appropriately is resilience.

The question I have for you is : Is there any chance people are going to be able to get to attend it in person, or is it going to be all virtual? How about for people who can show up with their vaccine passports?

ABOUT THE WORLD’S BIGGEST SECURITY CONFERENCE

Rohit: Great question. Look, this year, we were hoping to have an in-person conference, but we'll have to settle for a virtual one but  if you remember, from last year Ankur, we squeaked the conference right before, or depending on if it's really hit and out of abundance of caution, we, this time we wanted to make sure that we have a safe event for all.

So, it's a hundred percent virtual event but, I can promise you this, that we will garner some of all the same excitement, all the same bigger across the different tracks that we have, key speakers from the public sector, exciting speakers from the private firm as well. And then, one of my favorite events, the innovation sandbox, All the startup activity around the cybersecurity industry as well. So it will be 100% virtual, but all the same goodness that people have come to expect from the conference.

Ankur: Love it. yeah, I was at the conference last year and some of my colleagues were like, dude, like, why are you going there? Like you can miss it because it was still early days. Was that ever a point in the midst of the conference where you felt like you may have to shut the whole thing down?

Rohit: Absolutely. I have to say the conference last year was so stressful, right? It goes from as pretty much the whole week, Monday, sort of the kickoff day and I'm stressing over, Hey, is this, are we going to actually, I'm on the phone with CDC, I'm talking to mayor London, breed of San Francisco who's kind of pondering, whether we can, you know, say if they accommodate all the attendees, et cetera. So, there were definitely moments when we had to, we might've had to pull the plug and we were worried if you would actually get as many attendees as we were hoping. So, it turned out great in hindsight, but on Thursday, actually London Breed did declare a state of emergency and so it was a tailend of the conference. So, it barely squeaked through, but it was very stressful for sure.

Ankur: Yeah. And what do you think is like the future holds for conferences like these? I mean, you know, is this going to be like a force multiplier because now you've cracked, you're going to crack the code on how to do it virtual. And you're gonna add in physical and you typically get what, like 40- 50,000 people.

I mean, are you going to see like 100k people physically and virtually in 2022.

Rohit: Great question. And much like, I guess our lives are work and play and learning. The conference is going to have a hybrid manifestation going forward, like in notary. Right? So in addition to. So, there are two mega changes that we are going to bring, sort of, as we imagine RSA for the post COVID era,  one is, it'll be sort of a hybrid physical plus and virtual. And the second concept would be instead of sort of a model of like, Hey, if you think about a sports analogy and sort of adding a grand slam once a year, we'll think of it as a season, right. An entire season or an entire, so it'll be, not be a one-time event. It'll be a continuous year long, sort of, community of learning and then yes, we would have the two sort of, mark two bookends are the events where everybody comes together and we enjoy the in-person collaboration, but Hybrid plus, continuous to get around is kind of the future of the conference, which is going to be exciting to your point.

 You know, there are 3 million plus professionals in the security and risk industry. And we got our, as you noted about 50,000 attendees, there is no reason why this couldn't be, you know, a hundred thousand 500,000,  in the future. So we definitely want to scale it along, those two axes, sort of, reimagining it.

Neelima: Are we really doing something special this time to kind of drive more engagement because it's going to be remote?

Rohit: Yes Actually, the, one of the things we were trying to do is, have more of a, sort of people, just speaking to the audience, what we want to do is we want to have sort of a curated experience where there is, moderation and, if you've seen recent events like Microsoft ignite as an example, right.

There are sort of anchors, and moderators who are kind of, biding the pride and connecting the dots between the different tracks and  in the conference and kind of, in some ways it's, a media model, sort of, engagement rather than a conference model that we've traditionally enjoyed. So we'll try to make that pivot this year. I'm sure we'll get some things right. And some things are not, but we'll certainly learn from it for sure.

Ankur: Yeah. Looking forward to it. And, you talked about enjoying the conference. Yeah. I mean, I can't wait to go to the Rapid7 and Qualys after parties. I mean, I'm sure there's going to be one next year. They're all going to go on cheap this year, but we're going to get them well, next year, when you have one physical.

Rohit: You have to make everybody, kind of make sure whatever they say this year. They'll need to make the party grander and bigger.

Neelima:I will definitely miss the parties. Definitely. I agree. So, the theme for the RSA conference last year was the human element. In one of your interviews, you talked about Sapiens and said that what makes us humans are stories, but you also said that as an industry, we are losing the narrative and we need to take that back. Can you elaborate on this some more?

LIGHTS ON “WHAT MAKES US HUMANS?”

Rohit: Absolutely. Think about it. Human dimension of this industry has so many implications, right? One as a force in terms of the humans being targeted, right. In terms of, you think about social engineering or phishing, or you know typically so many of the cyber incidents sort of are on the back of sort of, exploiting, like hacking our minds, frankly then hacking the, acting the technology, right? The technology part is an adjunct, but the psychology of the human and the role that the human plays in terms of cybersecurity is so paramount. And then there are some recent prides around. Things like, the psychology of Aceso(7:52) and burnout and you think about the psychology of the defender. Like nobody wants to be losing all the time and the overall narrative and the industry is a pretty negative one, right?

Constantly. We talk about things like, we can't really celebrate our successes for good reason. We can't really, kind of unwell our security posture for pragmatic reasons. So the overall narrative and the industry is one which is very constrained and which doesn't really help with the psychology of the human actors that are fighting the good fight on the good side. So, I made that, what changes the world right at the end of the day is stories, right? If you think about a startup, you think about any major endeavor, the story must come first, and then it vitalizes and catalyzes the imagination of people. And that's how you change the world. 

So, if you have any shot at changing our industry, we have to take control of the narrative, we have to change the narrative. We have to celebrate our successes, which is hard to do, but it is possible. It is, you know, an example I cited in, my keynote last year was, if you think about the city of Atlanta and while they did not pay ransomware to the hackers, that was a little Lambert, who's win(8:57). Right. And we do celebrate every win and little by little change the narrative in terms of how we are, what we're doing better, what we're getting better at.

 As well as frankly, in terms of the narrative, the other big aspect of the narrative is, you know, inclusiveness. We have to make sure that we have a narrative, which invites. We have a big talent gap, as you guys know, right. We have the most negative underemployment in   this industry compared to any technology sector. So, if you want to invite people to join this industry, we have to make it a positive feeling around joining this industry.

So I am very passionate about doing this. My last three themes for the event have been, you know, I talked about cybersecurity, silver linings three years ago. Then I talked about the trust landscape, not the threat landscape to celebrate the positive aspects. And last year it was of course about humans and taking control of the story of cybersecurity.

Ankur: Yeah, very well said. Double clicking on the optimistic part of it. I couldn't agree more, right. Like, we don't get to celebrate the wins because nobody's going to say that well, because what the industry has done, you know, I was able to save whatever only what you hear is like all these negative press around,  whether it's SolarWind or the Exchange hack. But look, there is something to be said about an industry, we continue to grow and spend more money than probably 80% of the countries combined. And yet we remain vulnerable. I guess the question I have for you is that, as an industry, what do we need to do to kind of stay ahead of the curve?

AI : A NEW FRONTIER

Rohit: Yeah, I think, AI is a new frontier as it pertains to cyber security. Why? Because. It'll both be, tool in our toolbox, for the good guys to use contrary AI and all that. And, think about deep fake and the, you would have heard about the incident where, it wasn't a video deep fake, but, uh, mimicked audio of a CEO, to perpetrate a fishing, sort of a voice based phishing attack perpetrate fraud of throwing hundreds of thousands of hours. So deep fake, and AI in that ilk is definitely at play. So we will need to bring counter AI measures to make sure we can validate the authenticity of the actors on the network, using AI technology.

Right? So, AI is sort of good at that, right? If you think about AI, it has. It can discern patterns and it can discern, and can also learn, you know, in an unsupervised way. And we can combine the human actors with the AI actors in the security operations teams to compliment each other.

So there is definitely a big play for AI in the security operations area, to act alongside the human actors. In addition, if you think about AI, it is also a big target. AI Increasingly we'll be making a lot of decisions on our behalf on behalf of humanity. And if you think about that I guess as a new type of software stack that we are going to be building, let's not make the same mistake we made in the software stack of the past. And by that, I mean, if you think about the software stack of the past, we have done a less than stellar job of removing vulnerabilities.

I used the example of “Typhoid Mary” in my talk last year where I said, look, there was this incident in the past where a lot of people felt sick with typhoid and there was, they were trying to figure out. The root cause of it turned out to be that, there was this cook or Mary, who was it, visiting all these affluent families. So, it was counter-intuitive that all these African families were falling sick. And the reason was because they had a common cook who was not washing hands. Right. So, the net of it is an example. The parallel in the software stack is. Look, we have to hold the software makers accountable for the hygiene, right?

The people who are cooking the food need to wash their hands, right? Otherwise so that they don't make other people sick. So in the era of AI, let's make sure whoever is creating AI based solutions, we hold a very high bar to make sure AI is not vulnerable, right? That there are actual intrinsic checks in the sort of decision making.

So AI is in some ways, itself resilient AI, where it knows it has checks and balances to make sure that it's not being tampered with or has not been compromised. That should be designed into the fabric of the AI engine rather than as an afterthought. Right. And so I think of AI as a target. we'll have a hard time addressing it if we simply do it as a reactive security measure. It has to be proactive, hardwired into the fabric of the AI stack, if you will. And I think it'll take a couple of big, nasty incidents to really kind of draw attention to that, unfortunately, as it always does, but that's my thoughts around AI. It's a great tool, but it's also, ominous target that we must worry about.

Ankur: And do you see the government playing a role in this, or at least in terms of ethical AI, if you will. Or does the industry need to solve it right now? Like, are we at a stage whereby we are still more in the insights stage before we start getting into the oversight? like what's your perspective on this?

GOVERNMENT’S ROLE IN TERMS OF ETHICAL AI

Rohit: So,I think there is a balance there. Look, I think there is, the role of the regulator, even if you think about it like the data privacy case, right? So there have been some marquee regulatory reactivity, or like GDPR and CCPA here in California. The question is, is that draconian and does it stifle innovation?

I think in terms of the cycle of where AI is, I feel like too draconian of a regulatory kind of set of activities right now might be too stifling. Uh, what is needed though is for the government to play a role, not as the regulator. But as an active participant in the, sort of the think tanks of the world, and then kind of, make sure that investing their energy in, driving, I guess, innovation on out of this resilient AI concept.

So I think it's not a regulatory set of actions that the government needs to think about. I think it's more, how do you support innovation in the right way and actually investing in that right. Government as an investor in that. And I think I've seen some good measures. Recently we had the secretary of the department of Homeland security, who presented at the RSA conference, event about their vision for the resilience of the nation. And one of the things that they talk about is again, the role of CISA, which has been an agency if you remember Chris Krebs from you know, helped us shepherd a good election for the year. So, something along those lines where, you know, just like it was a mandate for CISA to ensure that we have safe, and reliable elections. Also the government agencies need to play a role in making sure we have safe and reliable AI technology, not by enforcing regulation, but by playing a role themselves in that regard. So I think there's a big role for the government in this area.

Ankur:  Got it. Well, wasn't the, I could be wrong, but wasn't, he was fired by the Trump admin because he did his job. I mean, again, we promise not to discuss politics here, but I was just curious.

Rohit: Yeah. The way I found out Ankur is, he presented at RSA conference 2020 last year, where he talked about how he would keep the election safe. He did a great job at doing that, but then he got fired for doing a good job. The good thing is he did what is right. He stood up  and his actions were perceived pretty positively within the cyber community and people kind of looked up to him for that.

Ankur: Yeah, he's a celebrity now. Last question on the topic and then, I'll stop holding on to the microphone and giving Neelima a chance as well. Which is that, one of the things you talked about in AI is sort of supervised learning. Like, do you think, like the security industry is fundamentally sort of handicapped by the sample data set because you know, if somebody gets hacked, nobody's going to share it with the industry. So, like, it wouldn't be inherently at a disadvantage compared to the rest of the industries. We're just making ginormous progress in AI when it comes to security i.e UEBA which has lots and lots of FPs. Is there a path for us to get better in this area because when we're gonna to get the dataset that we need to learn?

SOME HACKS TO PREVENT HACKS

Rohit: You're hitting on a very important point. The thing that hampers this industry, frankly, is the practice sense(17:42) to share data and there's good reasons for it. Right? One is a kind of shame factor that is like “I don’t wanna admit”. The other is actually  EIR and PSI information that is actually, you know, so there are data privacy reasons.

There's many good reasons why data sharing is hampered. Having said that, I'm a technology optimist. I'm going to make a sort of a statement. I don't know how, but I think that we'll figure out technical solutions eventually where we can share the fight, and care for  the needs of an organization in terms of maintaining what they need private while sharing.

And the example I use is homomorphic encryption. I don't know if you guys have heard of this term encryption, one of the issues with encryption is, “Hey, how do I make sure that like, if, you know, if I want to ensure data privacy. If I want to encrypt my data for the purpose of privacy but I want to share information. How can I do that?”

So, homomorphic encryption is actually solving this by making sure you can kind of keep the things that you need veiled well while sharing some of that quote unquote, the essence of the data, so it can be used for, and can get the utility that you need from the data, right. So using something along those lines, know, again, I don't know exactly what the technical solution would be, but I feel eventually there will be solutions that'll come to play that address this issue of share-ability of data, because at the end of the day, cyber security is a data problem.

Right. And we need to raise it over vast volumes of data to figure out what's anomalous and what's normal. And, you were able to agreed(19:20) on, or sort of pan industry data, as opposed to Penn customer data, it'll make us all better. And, I think that there will be a technical solution eventually again, that's some of the tech optimists in my mind.

Ankur: Yeah. Couldn't agree more. I think it's going to be less tech, more our willingness and desire to work with each other because data is gold. So the idea that, for example, Palo Alto, sharing their network data anonymized or encrypted as they may be with the rest of the crew, I can see it, but I'm sure we'll figure it out.Like you said, you know, We just need to tell better stories so that all of these companies can cooperate and ultimately, build a viable solution.

Rohit: And I'm putting a hit on one point, which is, I think you have to kinda make sure it's, it's to create a safe environment for people to open up and, and all that. If there is a breach, if you get hacked or breached typically, I think the industry has been much better now kind of supporting and having each other's back, something bad happens, even SolarWinds, you know, the CEO is going to speak in a couple of weeks about what happened? and why? and so people are getting more comfortable with Okay, this is the reality of life. There was no stigma to it. Anybody can get a hack, even a cybersecurity company like FireEye and, and all that. So I think we're gradually getting over that stigma element, “the willingness to share”.

Neelima: Yeah. So double clicking on that a little bit more with, we talked about data sharing, but do you think, Key players in our industry, you know, there's flung(20:43), there's Palo Alto networks. There used to be McAfee, Symantec, and RSA. Can we cooperate more together as defenders, to do something specifically about it, maybe come up with standards for data sharing or other concepts like that.

It's like the big five, big seven. Why can't we just work together and do something about the standards so that we can share more information as defenders, even if we don't expect our customers to share everything with us?

Rohit: This was the foundational thesis in terms of the founding of what was called the cyber threat Alliance, right. Where everybody got together and said, okay, you are going to start sharing threat intelligence data. So if I'm seeing a threat out there, play out. I'm going to contribute that to the community and then everybody benefits from it.

And the reason not to do that by the way is, “Hey, competition”, if you have that right, that adds value to having that information ahead of everybody else. The thesis was about look, the trends intelligence is not going to be your competitive differentiator.

What is going to be your differentiator is what you do with it. and apply that. Right. So, that has been the founding thesis. I think there has been some sharing. It's better than it used to be a few years ago, but it's still that competitive dynamic that comes up into play and where everybody wants to take advantage of what they know first and use that first mover advantage if you will, to their benefit.

So there's good business rationale on why that is happening. Having said that, I think the only way to beat the bad guys is if we do a better job of sharing, actually the bad guys, I would say are doing a better job of sharing, right?  If you think about it, if you go to the dark web, you'll find the hacker industrial complex, where you can buy tools or, open trading, all kinds of attacks. And they're sharing that they have a nice kind of underground economy where they've figured out. So I'm sure if the bank has figured out the economic aspect of sharing, even if we want to somehow monetize the first movement advantage and not contribute that,let's monetize that and there's gotta be an economic solution to make sure that we find a way to collaborate and just like the bad guys are. So, I think it's a real impediment to your point, Neelima. I think it's something that holds us back and we need to do a better job of sharing between the good guys, because the bad guys are all teaming up. So if we don't, we'll always be behind.

 Neelima: And the worst thing is the cards are out, right? The attackers know that the defenders are not sharing, right? So your cards are on the table and it's easier to attack.

PRIME IMPORTANCE OF DATA SHARING FOR DEFENDERS

Ankur: And it's funny, you should talk about the dark web and,look, I'm relatively a newbie compared to both you and Neelima in security. I mean, I've been around for a decade, but a couple of years ago there was a conference I believe. I was in Miami and they had this FBI guy behind like a black curtain or something, whatever. And then he was like doing a demo of the whole thing. I had no idea that there is a big economy out there, like Oh, by social security number. Oh, unverified five bucks verified and(23:50) dollars. I mean, there's a whole entire caller set up(23:54) bank account, address and the average consumer doesn't know about it. But they're all sharing this information.

Rohit: Exactly and by the way, that is also another angle to think about for us on the good side, some of the motivation on the bad side is of course, there's nation state, threat actors, and all that. We are going for power or disruption and sedition(24:20). But then there are also economic motives on the other side, a lot of times the hackers think that they have a better shot at economic advantage by being on the dark side. But little do they know that, on the good side, that is a negative underemployment. And being able to like it,I cited the example of Marcus Hutchinson, who's sort of a grey hacker who used to be on the dark side. And then he helped, he's one of the guys who's clamped up to save the internet. You know, when the mirror I bought, not a tax played out(24:48), he was the one who figured out kind of the kill switch in that and actually helped. So he's an example of a gray hacker. So, the more black hackers we turned to gray hackers. Because a lot of them are actually just doing that for economic reasons and they can make good money on cybersecurity with all that they know and all that they're capable of. These are really smart people. So we need to kind of somehow get them over the good side as well.

 Neelima: That's a great idea. We should start something on that. Absolutely. Rohit! great conversation so far, I want to transition into your journey a little bit.  Over the years you grew through the ranks and set yourself to take on the CEO role. What's often talked about in Silicon Valley is founder CEOs but there's no playbook on how to grow within the organization and land a big job. Can you tell us about your evolution as a leader and learnings along the way, as you landed the top job at RSA?

EVOLUTION OF ROHIT GHAI TILL HIS CURRENT TOP JOB

Rohit: Of course, I want to start with a motive. Right. I was in college, most of my friends who knew me from college would think of me more. They know nobody would have predicted I would have converted to the dark side.

And by that, I mean, sort of management or leadership and a leader. They thought I would be a techie through and through, but somewhere along the way, the motivation I had was look, if I want to, like, “I'm enjoying the technology aspect, but if I want to really, influence strategy and outcomes”, I really have to kind of convert to the management side and kinda, you know, take on a broader leadership role that was the motivation and to do that, there was an I, by the way I started my career. It took a very long time for me to get to the Bay area and Silicon Valley, I wasn't in New York until 2005. The startup ecosystem was not as vibrant on that coast at that point in time.

So, I didn't have that by one for me, but what I was convicted of was that I wanted to get to a leadership role and eventually run a company and all that. So, if I kind of net out my kind of learning, of how I pursued that outcome, I would say first and foremost, it was intentionality. I pivoted in my career to not follow the linear. It's the same, like risk appetite and risk taking just like a founder CEO takes the risk. There is no avoiding risks. If you want to chart a course to the CEO, right. And the kind of risk I had to take was pivoting across different functions. Right. And do jobs that I had no clue how to do, and actually think of a career, not as a ladder, but as a lattice and sometimes move sideways and you would take a step down to actually do learn stuff. Right. the examples I think of, I took a role. I pivoted  domain and so I started in and so the first job was installed. I'd start off. I got to acquire at CA and then at CA I said, Hey, should I leave CA but. I saw it was a very acquisitive company. So I said, Hey, I can learn about MNA here. No better place to learn MNA than in an acquisitive company. So I switched jobs to join the cyber security division there to incubate a division through acquisitions.Right!

 And I took a lesser role to do that. And so that was one pivot. I went to take a stint in India. So India became a sort of a product centric organization. This is 1999, 2000 ,that timeframe. I went to India to learn how to scale talent globally. Right. And learn about that then I pivoted to content management. so I've pivoted across domains. I've pivoted to learn about go-to-market. So, the net essence of my story is, you have to take risks. You have to pivot to learn, and there is no secondhand learning, especially for  many more like me who have grown up through the product ranks and technology ranks.

You cannot learn, go to market through your peripheral vision. You have to jump into the core water(28:53), run, marketing, run sales. And that's the only way you'll learn about the black art of sales compensation or how salespeople think and all that. Right. That's what I had to do. I took roles that were sort of not as glamorous or not as intense.

I took some sacrifice somewhere to learn about other functions which is the core essence. And that's how I got the opportunity. But one thing I will always acknowledge is that, look, you know your ability, whether that be your hard work or your intellect, all of that is very important. Your risk appetite, like I said, is very important, but is the third element, which is luck and a sponsor, somebody who notes, you, somebody who mentors you, who picks you out, I had the great fortune of working for Rick Devin who was Microsoft, who had ECD(29:27) whoI recognized my hunger for the job and my the student in me and all that. And he kind of bet on me and topped me for succession. And so you need that element as well, right? The luck and the sponsorship and somebody who gives you that opportunity. So I've been grateful for having had those ingredients and that's how I got here.

Ankur: Yeah, that is pretty incredible. I mean, there's just so much to unpack, within this, just couldn't agree more obviously having seen your trajectory and a lot of guests on the show, we asked this question like, “Hey, what's the one advice you'd give your 18 year old self”. They all say risk taking, you know, like you gotta, you gotta take risks to do it  and it's obviously a continuum, and you said like the way to sort of learn a new skill is just, you got to go deep. Are there any sort of learning hacks that you figured out in the first 30 days? Like, I mean, running engineering versus running sales, I mean, just these two things couldn't be any different. Like how do you even set yourself up for success there? Like, Is it asking for a lot of feedback from your reports, your peers? Like how do you even get there.

Rohit: Yeah, my sense is I think you have to shadow Greg, you identify people who are good at it. And, I think one of the things to look at, frankly, one of the foundational scaling techniques is delegation, not just delegation, but spotting talent, knowing what good looks like.Right. If you don't know what good looks like, you know, you can't scale. So, If you want to learn, go to market, you have to kind of sense what good looks like on the go-to-market side, shadow those people for a little bit, engage them and learn from them. And then, frankly, have an opportunity to run and the typical failure mode where people come from the tech side to the go-to-market side is we are, we are a little bit too pedantic or too analytical. The sales engine runs from the heart and we from the brain and we have to kind of temper our natural tendency to explain, it's not about education. It's about inspiration with sales. You have to inspire sales, you have to distill it. You will simplify. And frankly obfuscate the complexity and then. Don't try to teach them everything. You don't tell them about the “why” not the “How” and all that. Right. So you have to kind of, so the net of it is there is, your watch. You have to shadow and learn from other  great people who do it well.

And then you have to jump into cold  land and you'll make mistakes and you'll get feedback. And you need to have people who kind of put up with your initial mistakes and let you let you run with it. So.

Neelima:  One of the things that you mentioned also is which kind of, something new is if you want to learn something new, you should be ready to take on lesser roles, as you are going across functions because probably, you are a learner in that and the expectation is not that high. Is that a fair statement?

A FAIR STATEMENT

Rohit: That's a fair statement, lesser role, or a role, maybe, you sacrifice on the area of domain or something that you're not comfortable with. Or, in my story, I'm working at Veritas. When I moved to the Bay Area, I worked at Veritas. And man! The level of caliber in that company was off the charts. I worked with Chris Haberman, Rob(32:38) sort of like, these are people who knew go-to-market core were like, stellar intellect, stellar leadership, and all of that.

And then I took a role at EMC. I could've gone into it(32:46). EMC was a storage powerhouse. I could have gone into my comfort zone to store it. I've done storage for years. I went into this dinky little kinda division within EMC, which was in content management, which was treated as a stepchild, was a software organization within a hardware company and everybody said, what are you doing?

Like, you know, you'll leak out of the core and all that. The reason I did that is because I had a shot at sitting alongside Rick who is running the division and watching them to End Business process and have a shot at beating the presidency of that division eventually. Right? So, you pivot, you take risks, you get out of your comfort zone and there is no risk taking sacrifice. Both of those are essential sometimes to get what you want.

Neelima: Excellent. So, with the risk and the top job, comes extremely demanding pressure. How has your passion for playing flute helped you with the everyday demands of the job?

WHAT HELPS TO UNWIND AMIDST BUSY SCHEDULES OF DEMANDING JOBS?

Rohit: Oh, no. Great question, Neelima! I think to maintain balance, it's all about balance, you have to kind of be grounded. You have to kind of have perspective, to cope with the pressures and all the demands of that job. So you need mindfulness. You need to kind of find a way to unwind. And for me, flute and music are a great way. And I think of it as a meditation, little literally, you know, I suck at it, but I do it because it's a matter of passion, not competency and it helps me unwind and it helps me kinda just, disconnect and enjoy something that is totally different from the intellectual pursuits, plus I think art and art or sports or music, you know, these things also have many other benefits in today's technology landscape as well, because I think you need to have a creative side today, not just an analytic side, to be successful in the tech industry.

Neelima: So have you been doing this for some time, right? Or did you take it specifically when you moved to the Bay area?

Rohit: You know, I picked it up, back in college to do when I'm doing a bachelor's and that, the choice of instrument was very simple, the instrument was affordable, you know, I didn't have any money. They're so affordable, portable, I picked it up back then and I've kind of dabbled with it, off and on and stuck with it.

Ankur: One more question. So,you know, you touched upon several important things, intentionality, et cetera. How about navigating organizational dynamics, right?Like, So, Founder-CEO. You just said, I'm the CEO, suck it up, but you organically go and become a CEO. I mean, there's, you know, you're trying to manage a lot of dynamics and Bob Iger and Jack Wells talked about in they're both biographies, right?  Every step of the way there was a decision. You know, are they going to land the next big one, et cetera? What advice would you have for people who just sort of get confused? Like, Hey, should I focus more on managing down and sideways versus managing up? How do I get more visibility at my, like two layers up? Because otherwise I'm not going to get there. Like at the end of the day, right? Like getting visibility at the top highest level is what's going to help you. But then you've got a whole bunch of people, hundreds of people to manage, get them to like you, et cetera. Like how do you, how do you manage all those organization dynamics as you're trying to make your way or rather like you said, I love that peeling the onion versus climbing the ladder, kind of situation. Yeah.

Rohit: Yep. I think you're the focus on the impact? I think undeniability of impact is something that powers carriers and, and all that, as much as we talk about the relationships and all that, they definitely help in terms of a foot in the door, but in terms of, I think relationships, we are an industry, in technology where to your point, some pivotal decisions, can really have a massive, massive impact. And it's really, the impact is a summation of several critical decisions that you make along the way. And I think you have to Keep your eyes on making that business impact. And it'll shine through. Yes, you need to invest in the relationships and have that EQ element, right? Unless you have a fatal flaw being too selfish or not going to share it graciously, et cetera. I'm assuming that you figure that out. But I think as long as you focus on the impact,  take some risk. You'll be fine. That's kind of how I would say.

Neelima: That's great insight.

Ankur: Well said. Yeah. Great insight. I think Keith Rabois, one of the PayPal mafia talks about sort of the battles and ammunition analogy and, sort of the, being in the impactful role, he gives the battle analogy, right? Like just set yourself up to be in a position where you're always landing that impactful job. Yeah. And I think it just makes things simpler. Right? People often complicate things everyday. How should I behave sideways now? Just work on interesting projects, do a good job. And I think the universe will take care of things. 

Rohit: Bingo.

Ankur: Yeah, well said. So, switching onto the last question really, before we move on to the rapid fire, which is : Around a year ago, Dell sold RSA to a private equity symphony and then obviously Clear Lake recently made an investment. So two questions really? First is your take on sort of the outsize influence that PE firms are starting to have in tech number one and then obviously now that you are sort of independent, love to get your vision on RSA, now you can really truly, paint your vision and get the teams to execute on that. So I really love to get your perspective on both.

Rohit: Right. Absolutely. So, on point 1, I think the private equity model, as I've come to learn it over the last year or so, and kind of how it works, basically the thesis is very simple. The reason they're having an out-sized impact and the reason they're forced now in the industry is because there is, if you think about the problem of scaling, right? Success requires scaling and as companies try to scale along the way, what happens is there are some missteps that can occur in those areas and assets get under-managed right. And what private equity has done a great job of it’s saying, look, there there's so much wasted value in these under-managed assets that are just a misfit in their current context, or they are, sort of either some missing ingredient in terms of either there's a great product that is missing in Go-To-Market engine.

So, the net of it is I think of this industry as a turnaround industry, which basically says, Hey, what are the things that are impediments or an asset? And there are some assets that are definitely like, you know, they're, they're past their time and we're not, but most of the time there are a lot of assets that are under-managed and undervalued.

And hybrid equity figures out the missing link and does that. And in the RSA example, that's  the story of the RSA group through a lot of acquisitions over many years in order to scale. Now I, as that was done, I think there wasn't enough cohesion in the different parts of auto say (40:07) there were different buying centers. And so that was not sensible scaling. Right? One of the principles of scaling is you must have resonance in the different assets, right? One plus one must be greater than two in order, you just can't collect assets. And unless there is resonance between them or synergy, the opportunity for RSA in this independent configuration is to have the flexibility to scale sensibly or in fact, the scale and kind of detached assets and kind of think about assets that don't fundamentally belong together. So, there are many principles in business scaling around,the right owner, like an asset can have different value depending on its owner or an asset can have different values depending on which jigsaw puzzle is a part. All right. So I think the opportunity for RSA is this reconfiguration and the independent setting to find synergistic assets and sensibly scale them and detach the ones that don't kind of fit together, right. And that opportunity you don't have inside of a dial or an EMC where this kind of, you know, strategic surgery may not be as easy to do, or you may not have that flexibility.

So that's sort of what's happening. I think the private equity ecosystem is a great place to do stuff like this. And that's why this industry has grown many fold over the last several decades.

Ankur: The PE firms get a lot of negative rep. But I've had several friends who went through that journey and they said they learn more in one year about business than they did in Silicon Valley in the last decade. We're really good at the tech side of the house in innovation. But when it comes to the hardcore business aspects of it, how to think about businesses, I think we have a lot to learn. So, this is perfect. Best wishes for you for the next three, four years, paint your vision for the company.

Rohit: Absolutely. Thank you. And yeah, it's an exciting time for the company and by the way, Recently, we got Clearlake to invest in the company as well, which is a good validation of the progress we made in the last six months. And yeah, looking forward to it.

RAPID FIRE SESSION

Neelima: Great. So this takes us to the final segment of the show, the Rapid Fire round. Are you ready?

Rohit:  Let’s Do it.

Neelima: Cool. Tell us one thing about the RSA conference that most people won't know.

Rohit: First RSA conference was attended by all of 50 people.

[ALL OF THEM LAUGHS]

Neelima: Explain public key cryptography to a 10 year old.

Rohit: To 10 year old. Okay. I'm going to give you a box and there are two keys that I'll have a key that can open it and you'll have a key but the two keys will not look alike. And we need both our keys in order to open the box.

Neelima: Oh, my God. Great. 

Ankur: Love it. Ellison Bob is still well and alive. 

Neelima: A book that has had the most influence in your life.

Rohit: Oh, that would be Jonathan Livingston Seagull, by Richard Bach. Yeah, this is sort of, you know, many years ago. I read a book and it had a huge influence on me.

Ankur: Yeah, we'll be sure to put on the show notes. What is the name of the book again?

Rohit: Okay. It was Jonathan Livingston Seagull. Richard Bach is the author.

Neelima: Yeah, it's a ten one as well. It's not deep.

Rohit: That's right. Nice and small and yeah, exactly.

Neelima: If you had to interview one person, past or present, who would that be?

Rohit: I would say “Albert Einstein”. 

Neelima: Okay. And last question. Do warriors make it to the playoffs this year?

Rohit: They do make it to the playoffs. Absolutely.

Ankur: Oh man. Not after the 60 point, did you even see the game yesterday nor over the 60 points shellacking that we took yesterday? Oh, it was embarrassing.

Neelima: looking at, I was looking at this one, and I was like, I wanted to know the answer of this one of all the things.

Ankur: Hey, I mean, Rohit really is an optimist. I think it comes, it's part of the job description, eternal optimism.

Rohit: True. That's really it. Yeah. This year has been a true task(44:24).

Neelima: Great. That wraps up this episode of ZeroToExit Rohit. It's been a pleasure to have you on the pod. We appreciate you taking the time. Good luck with the conference and what's ahead of you and RSA.

Rohit: Thank you. Thanks for having me. It was a fun conversation and, hopefully by God’s will, we'll have an opportunity to meet in person soon. 

Neelima: Yeah, looking forward to it.

Ankur: Thank you so much. Really appreciate it.

Rohit: Have a great day.