Root Causes 207: Former Gartner Analyst David Mahdi Jumps on the Playing Field

Episode Transcript

Lightly edited for flow and brevity.

• 

  Tim Callan

  We have a guest. Very exciting. I love to have guests. Our guest today is David Mahdi. David recently actually came to Sectigo from Gartner as an analyst - I think for quite a bit of time at Gartner. Welcome, David. So how long were you at Gartner?

• 

  David Mahdi

  It was just over six years. But, I think the amount of work that we do, sometimes it feels like it went by really fast and sometimes you look back and you go, wow, that feels like it was 12 years.

• 

  Tim Callan

  And if you look at the transformation that's gone on in the digital identity space, six years is like an entire lifetime. I mean, if you imagine where we were six years ago, and where we were today, it's night and day?

• 

  David Mahdi

  Absolutely. I would say that in my nearly 20 years of experience, the last five, right – so I was there six - the last five were just absolutely bananas. But I say that in a good way. I am a listener of the Root Causes podcasts, and, we would think that many of this is esoteric, right? Cryptography, digital identity, digital trust, automation, all this stuff, but in the last five years with everything being digital, like I mean, all this stuff now you're getting all kinds of clients coming out of the woodwork in different industries, saying, David, tell me about digital trust, tell me about cryptography and all this stuff. It's really, really, it's really been transformational.

• 

  Tim Callan

  Well, even in the last three, right? Since you and I started this podcast, Jason, we weren't really talking, we weren't using words like passwordless. Right? These things have really emerged. Even if they were ideas back then, they weren't popular ideas the way they are now.

• 

  Jason Soroko

  I definitely think that with some of the things that have happened is marketing buzz terms have come into this. Some people have taken that pretty negatively. Zero trust being one that has lost a bit of sheen, but still it's very good underlying ideas. I think that's what people need to keep in mind is that sometimes these terms that marketing sometimes takes it too far, really do underlie some good trends, and some, some good thinking. Sometimes it's just an amalgamation of what was good ideas that were esoteric and bringing them to the forefront because of the fact that technology has come forward. And I know I've read a lot of Dave's research and over the years and a lot of other research as well that's helped to try to explain that. I think that's part of the importance of the analyst community is to help to make sense for us about all this, that's a way at least a little bit arm's length from the vendors. But anyway, Dave, really, thanks for coming onto this podcast and talking about your orientation now in the marketplace. A lot of people know your name. A lot of people, a lot of people know you and have talked to you and respect your opinions. I think the world needs more Dave Mahdi, and I can't wait to see, Dave, the kinds of communications you're gonna have as well. Obviously, you're a big, big communicator. I can't wait to be looking at your output over the next while as well. I'm hoping for you, your own podcast, your own writing that we're going to be able to read so, because I've always enjoyed that over the years.

• 

  David Mahdi

  Thank you, Jason. No, and I mean, absolutely. I'm fanatical about this space. I've always been kind of a geek. I was early running my own BBS back in the ‘90s and it was on IRC pretty early, and just kind of got into this field. And as we said, I mean Jason, you and I go back where we worked together almost a decade ago in this space. I think organizations that saw the areas where they can use cryptography, PKI, digital identity there were some early use cases. But now, especially as we go into this next decade, it is absolutely going to be transformational. I mean with COVID, I think Deloitte, McKinsey and others say we've leapt forward five to seven years digitally over COVID because, well, hey, if stores are shut down, I still need to get stuff so maybe there's curbside pickup. So that acceleration in the digital realm has really caused organizations to say, hold on, let's just pause for a moment. We can't just put all of our valuable information online. We've got to protect it. We've got to authenticate. So, we're starting to see all of this and security, the view on it, I think in the past people saw it as like the brakes. It just gets in the way and now I think organizations realize that there needs to be a better balance and we need to kind of weave it in as a fabric across our hybrid multi-cloud environments.

  So I mean, again, just as Tim, you were saying, the last three years, absolutely. I mean, I found myself as a Gartner analyst I was on the phone, five to six hours a day with clients. Amazing conversations, but it was really tough. I found that I didn't have much time for myself or to think because so many clients are going through transformation projects, and they have questions about PKI, authentication, document signing, digital trust, and all these things. So, for me, I felt like as an analyst, I was like a spectator. Kind of maybe, Jason, is what you're alluding to before. I’ll do it in two ways, right? The Superbowl was last night. So for North Americans, when we talk about football, right, I would say the vendors and the clients, right, CISOs, CIOs, security practitioners, identity leaders, you folks are on the field playing the game, right? And the bad actors are on the field, too, right? Doing the bad things, and you're all trying to block and tackle. But if I also just say the European example, because my family comes from Manchester actually, so when we say football, we mean soccer in the North American vernacular, but I was sitting there as a spectator watching the game going on on the field, right, advised countless clients and tech providers on their roadmaps, go to market, even in some cases, capital raising definitely got involved with these organizations when they're going to investors and helping them with their value proposition, and so, it ramped up significantly - and that's an understatement - in the last three years, and I thought I don't really want to be a spectator. While Jason, I absolutely am going to continue to do the thought leadership piece and continue to CISO advisory, I wanted to get on the field with many of you to say can I make a dent here? Can I do something to help move the industry forward? And I know, deep down, I was doing that as an advisor as a Gartner analyst, but I wanted a different challenge here.

• 

  Tim Callan

  I think in all fairness, maybe rather than a spectator, you were color commentary for what it's worth.

• 

  David Mahdi

  I didn't think of it that way.

• 

  Tim Callan

  There's value add there. That's a good thing to have. So, why now?

• 

  David Mahdi

  That's a great question. I mean, I think, again, when you think about just the excitement in the space, look, I'll be honest, , COVID has changed everything for many folks. I have a young family and my wife is in a busy job where she was kind of one of the COVID responders as well. So, a lot happened in the last two years. Again, I just was looking at things thinking about where I'm at, and where I wanted to be, but also seeing my friends and colleagues and others, again, on the field doing these exciting things. So, part of me kind of misses having a product. I mean, as a Gartner analyst, you have your research, you have your coverage areas, my little babies might be my research notes. But you have a love-hate relationship with them, too. I was living vicariously through many of the clients I was advising, whether it was a CISO and they were deploying certificate lifecycle management and key management products, or authentication products, or vendors such as Sectigo where I would coach many of you on the roadmap, where to go, things that you need to think about, pitfalls, and all that stuff. And I just thought I want to get involved and I want to really roll up my sleeves, work with the team across the organization, whether it's finance, developers, engineering, you name it, but also continue to evangelize all of the things that need to be done with digital trust.

  So, one of the things - I don’t want to get too far ahead, but I'll just say this really quick. One of the things that I'm quite obsessed about right now especially because I'm really into blockchain and all this kind of stuff, is interoperability and openness. I look around in my office, and I have all different kinds of operating systems and devices and one of the things that's always drove me crazy, especially when I go back to the ‘90s is how many drivers you have to manage, how many bits of software you have to manage and deploy and update in order to get your devices to work. And when I look at this industry there's a lot I could do as an analyst, but coming on the playing field, I really want to help drive forward, the openness and interoperability, number one, of certainly organizations in our space, making sure that sure, while there might be some competitors out there, we have to work together, because if you don't, then do you really truly care about the customer? Because at the end of the day, the CISOs that I've advised, I mean they're dealing with 50+ security products, and they know not all of them are set up properly and they know that every quarter, every year, they're having to add on new products of the day to handle the new threat of the day. That's just not sustainable anymore. And the only way we can get these things to work better together is that vendors, including Sectigo, leverage open standards, offer open capabilities so that developers and other vendors can start to leverage our tech and vice versa. I can go on and on, but I'll stop there.

• 

  Tim Callan

  Well, one of the things that we mention occasionally on this program is that without ubiquitous support, fundamentally PKI can't do its job, right? And one of the strengths of PKI as a strategy, as an architecture, is that the support is just so complete. Like it's, you're gonna be hard pressed to make a long list of technologies that are universally used everywhere, and digital certificates are, and the digital certificates with the standards that we rely on are and that's one of the reasons that it can do what it can do. And it's what you said, it's that openness. It's that interoperability.

• 

  David Mahdi

  Absolutely. I always just say, for an analogy for some that might not be as deep into PKI and these types of things, it’s like Bluetooth. Imagine a world without Bluetooth. I mean, how are you going to, what are you going to go in your car and install six drivers to get your phone and headphones and headsets and all kinds of peripherals to work? Or think about your PC, right? Same thing. I know, it's not a perfect landscape. But certainly, Bluetooth has gone a long way to at least make part of our digital lives better. And as we forge ahead into what many are calling Web3 the metaverse a more digital future, which there's no question in my mind, it's just gonna go even more digital than we are today, we need that interoperability and openness. We can't have these walled gardens where someone wants you to use proprietary software. Well, what's gonna happen if that organization gets acquired, or they get acquired by a bigger organization, which splits them up? What's the roadmap of that particular driver you've been relying on all these years? That is a major problem that I think for many organizations, they are relying on proprietary software, that it could be a ticking time bomb for them.

• 

  Jason Soroko

  Now Dave, I got to ask, the types of relationships now that you're on the on the field - I love your analogy, getting on the field with the vendors – obviously, we don't work in a vacuum. A big chunk of my job is understanding right down to the nth level, what the customers are really needing. The types of technologies that we're talking about are very deep infrastructure. It's not like buying jellybeans or milk. It's something that you really need to plan ahead. And so, when I'm thinking about certain people, internally, people that I work with within the company, I now identify you as a key person who will be dealing at the customer level. Somebody who is helping to manage the customer relationship and helping the customer to understand what value that a vendor can bring to them. I’d just like to hear some of your comments about that.

• Absolutely. So, my virtual door, Jason, is always open to you and the team and for many externally as well. I've certainly built up a good network of friends and colleagues that are CISOs, investors, and you name it and obviously want to continue that. And former analysts, too. There's a tightknit community there. But no, I mean, I see myself as continuing the trend of being able to just listen to the market, listen to the challenges.

  One example of a major challenge that I alluded to earlier is that CISOs and security teams are dealing with too many security products, too many silos and many of these products don't work well together. I'm not coming in and presenting a solution, I just want to listen to the problems. Put the problems on the table and then these are the types of things that Jason, I would bring to someone like yourself, or product management team or development team and say, I'm not going to inject in any of my opinions, at least not yet, but let's put all these on the board and it's our job to innovate on behalf of our customers. How can we make this easier for them? How can we make this better for them? This is a very, very tough job where they're trying to fight off bad actors from breaching an organization, but then at the same time, they don't want to be barriers internally to their own digital businesses. So, it's a very, very tough game right now. I mean, I think you saw one of my presentations the other day. I'll let the audience know a little bit. It was distilling down on some of the challenges that CISOs are facing, and it was, again, I'm not coming in with trying to provide solutions, it's just let's try to get in their shoes and understand why it's a stressful job, understand why many of them don't last passed 20 months, or they need to change after 20 months. It's very stressful and it's a tough game where a lot of this stuff is rigged against you.

  So, my job is to, as I've always done as an analyst, put my ear to the ground, listen to the market, and then, yes, of course, also come up with predictions and figure out where this might go and where it might lead based on what we're seeing now in the field. So, absolutely. These are the things that I want to be talking about. I will be putting presentations together talking externally, internally and doing all of that effectively.

• 

  Tim Callan

  Dave, I think there are probably a lot of things that we will want to talk about, and I hope we get you back here. I don't think we could possibly cover it all today.

• I don't think so. I like to talk.

• 

  Tim Callan

  We're all talkers on this podcast. So, are there any closing thoughts for us today?

• I just want to say I'm really excited to start this new phase in my career and if I just distill it down, I mean, number one, I think the market is in a place now, this esoteric area that is underpinned by cryptography, digital trust is what I call it, you're gonna see me on Twitter, on LinkedIn, on other channels. I'm going to be talking a lot about digital trust, because whether it's things like NFT's, Web3, blockchain, PKI, or even zero trust, we need digital trust. And so, these are the things I'm going to be preaching and talking about. The market is here now where I think the appetite is there. I think people's ears are now open to hear these messages and start looking at what they need to do to enable this digital trust to carry their business forward. I'm excited with the team. I mean, I think Tim, Jason, and many others in the Sectigo team are really pioneers in the PKI and cryptography space. So, I know I can geek out with you guys and you're excited about that.

  Then just a couple more things before we wrap up. But I mean, just the impressive growth and the transformation that I've seen Sectigo go through. Again, as an advisor, I saw that over the past few years and kudos to you and the team for really having that tremendous growth, which I believe you're going to be talking about on other podcasts.

  But finally, and my final word is I think, Jason, you kind of said it there, and I just want to let the audience know, Sectigo really does have a big commitment to customers. I saw that as an analyst when I was looking at the roadmaps, and even just looking at the questions that they would ask me going years back. I really like the fact that this team here is committed to customers, partners, and really the market as a whole and Sectigo is not shy to expand into other areas, if it will help the mission of CISOs and the target audience. That's the last thing I'll say, but I'm very excited to be here and definitely, definitely excited to come back and talk more on this podcast.

• 

  Tim Callan

  I certainly hope we can have you back soon because I think we can do a deep dive on a lot of topics, some of which we mentioned today, and some of, many of which we didn't even get to mention today. And so, let's let's make a point of doing that.