Information Security Strategy with Ntirety’s Josh Henderson

Author: Scott Kinka

On this episode of The Bridge, I’m joined by Josh Henderson, Chief Technology Officer at Ntirety. We’re talking about information security strategy and so much more.

Managing security and compliance is a strategic, economic imperative directly impacting business outcomes. Ntirety is the only company that embeds compliant security throughout their clients’ IT and company culture. With over 25 years of experience and deep security expertise, their 24x7x365 security operations centers (SOCs) simplify risk management programs with a comprehensive protection, recovery, and assurance suite of services.

During our conversation, we discussed information security strategy and its significance for Ntirety, the evolution of security, industry changes, and technology solutions’ complexity, how the pandemic accelerated the attention on security due to increased hacker activity, and other topics.

Topics covered in this episode:

  • An overview of Ntirety’s history, formed from companies like Hosting.com and Hostway.
  • The importance of experienced people in the company who contribute to comprehensive solutions.
  • The interconnectedness of security, infrastructure, and data protection.
  • The challenges posed by the disappearance of traditional workplace boundaries due to factors like remote work and COVID-19.
  • The significance of security’s prominence in IT leaders’ minds due to the pandemic.
  • Why the traditional focus on the number of office locations for security conversations has evolved.
  • The focus now shifts to end users and their locations for security discussions.
  • The challenge of combining various security products and services.
  • The importance of APIs and consistent data transfer for a comprehensive security solution.
  • The challenges and complexity of compliance and security.
  • The layout of security products in the industry and the need for a comprehensive approach.
  • Challenges faced by businesses in implementing a complete defense strategy and the percentage of businesses lacking in certain areas.
  • Importance of integrating security products and correlating alarms for effective threat detection and utilizing both human expertise and AI for threat detection and analysis.
  • The expansion of security footprint due to IoT devices and the challenge of managing their security.
  • Predictions for the next 18 to 24 months involving AI becoming more prevalent in various areas.

The Bridge Podcast with Scott Kinka Josh-Henderson-270x344-bwABOUT JOSH HENDERSON

Josh Henderson, Ntirety’s CTO, joined the company in 2021 with over 20 years of experience in large-scale cloud and hosted Infrastructure, managed IT services, network, software development and consulting.

Prior to joining Ntirety, he served as CTO and COO for McLane Intelligent Solutions, CTO of Colo and Cloud at Zayo Group, and CTO for Clearview International. His experience across these roles includes high level IT strategy, technology lifecycle management, P&L management, operations, sales and full product life-cycle management in businesses ranging from startup to $2B+ in revenue.

Josh is an Alumni of Baylor University and today he resides in Austin, Texas.

CONTACT JOSH

LinkedIn

Web.

 

SUBSCRIBE ON YOUR FAVORITE PLATFORM

          

 

Scott Kinka:

Hi and welcome to The Bridge. My guest today is Josh Henderson. He’s the CTO and COO of Ntirety. Welcome to the show, Josh.

 

Josh Henderson:

Hey, thanks so much.

 

Scott Kinka:

I can call you Josh, right?

 

Josh Henderson:

Absolutely, absolutely.

 

Scott Kinka:

Okay, I wanted to make sure. For those who are fans of the show, we’ve had Ntirety on the show in the past, Emil Sayegh was on the show. He’s the CEO and someone who I assume Josh works very closely with on a day-to-day basis. Super interesting guy, told us a little bit about the trajectory of the company. And I think we chatted a bit in our pre-show about what’s occurred over the last year. So that’ll be really interesting. But Josh, you’re the CTO and COO of Ntirety, and we’re really looking forward to hearing from you today. Get a little bit of your perspective.

 

Josh Henderson:

Love it. Yeah, thanks for having me, I’m excited to be here.

 

Scott Kinka:

Awesome. So let’s just jump right into it before we get into Ntirety, which for the people that didn’t see the original episode, we’ll do a little bit on the company just to kind of set a background. But first tell us about you. Where are you? Where are we chatting from?

 

Josh Henderson:

Yeah, absolutely. I’m based here in Austin, Texas, which is the headquarters for Ntirety.

 

Scott Kinka:

Fantastic, and always been in Austin?

 

Josh Henderson:

Yeah, Ntirety has been. I’ve kind of bounced around. I’m a Texas native, born and bred here in Texas. I took a five-year hiatus up to Boulder to work at ZEO for a few years, but have been back for a few years here, and back home.

 

Scott Kinka:

All right, is it true what they say about Austin being weird compared to the rest of Texas?

 

Josh Henderson:

It is weird, it is weird and we have to own it.

 

Scott Kinka:

So you’re proud of it?

 

Josh Henderson:

Why not? Yeah, absolutely.

 

Scott Kinka:

When I was at EvolveIP, we had an office in downtown Austin, we were on Eighth and Brazos. So we were really close to the weirdness. We were in the heart of the weird. The tough part is I had to climb over 15 bikes to get in the front door, cause there was no parking. The best part, however, about it, is you could literally leave the office and it was seven seconds to a Margarita from Eighth and Brazos to Sixth. It was pretty awesome.

 

Josh Henderson:

Right, right. Good for you.

 

Ntirety Puts Security at the Forefront of the Conversation

 

Scott Kinka:

All right. So you mentioned ZEO. Give me the rest of the career trajectory. What else? How’d you arrive here?

 

Josh Henderson:

So I spent about four years at ZEO as CTO of Colo and Cloud there. Prior to that, I had some smaller boutique Colo and Cloud providers. And then prior to that, I did 12 years, founded and exited a few startups. Over the course of 12 years, just kind of spent in that startup space. I’ve been pretty fortunate to get to see the infrastructure and cloud stacks as well as management strategy across all sizes of businesses. So it’s pretty fortunate there.

 

Scott Kinka:

That’s amazing. How about you personally? What’s interesting? What do you do in weird Austin?

 

Josh Henderson:

Yeah, so I live, luckily or not luckily, outside of Austin a little bit. I get away from the crazy every day, which is good. But I would say I’ve definitely fit the nomenclature. I’m definitely a geek to the fullest, right? So a lot of side projects at the house around power and batteries and home automation are definitely the way I spend some time with the kids and getting them into that kind of stuff. I’m blessed with two awesome kids, as well as get to work at a pretty awesome company here at Ntirety.

 

Scott Kinka:

Totally cool. I don’t think most people realize the extent of tech that’s in the Austin area. I mean, the locals call it Silicon Hills, as opposed to Silicon Valley, right?

 

Josh Henderson:

Yes, absolutely. And it’s a great place to be, a lot of good brainstorming around here with folks also in the industry. It’s good to get together and talk and shop. So there are a lot of opportunities here.

 

Scott Kinka:

So talk and shop then let’s do it. We got the commercial last year, perhaps we’ll talk about it a little bit. At least how you guys talk about the business may have changed a little bit, but give me the marketing departments listening to the CTO here. Give us the pitch, tell us about Ntirety.

 

Josh Henderson:

Absolutely, yeah. So Ntirety has been around for a long time. We’ve been in the space for over 20 years. I’m sure as you and Emile talked about, we’re kind of the culmination of several companies that kind of formed. The two big ones being Hosting.com and Hostway with some smaller pickups along the way. Ntirety, the namesake being one of those. So we really focused on four core areas of business. Infrastructure, which has been core to the business forever. Database and data management. Security. We own and operate our own SOC, and SIEM that sits on top of that, and then compliance, right? So we really feel infrastructure and data is at the center of everything. And then we try our best to make sure we have comprehensive solutions to both secure that and then make sure you’re compliant as well.

 

Scott Kinka:

So obviously that goes from infrastructure to the surrounding security and the policies that you build around it. But if I ask the question in a slightly different way, what’s your superpower?

 

Josh Henderson:

Yeah I would say two things. Our people, and that might be a little cliche to say, but we’ve got a great tenure in Ntirety, I have folks on my team that have been here 15 to 20 years, the entire lifespan of the company, that have grown from a help desk engineer all the way up to now leading other engineers or leading help desk or whatever it might be. We have SMEs both from the perspective of the technologies that we offer, which we offer a pretty wide portfolio of technologies, but also in the way that Ntirety does it, right? Which, as you know, there’s so many point solutions out there and products. One of the things we do really well is we vet a lot of those. And I think we’ve done a really good job of blueprinting what works. What are the point solutions that come up with, ultimately a very comprehensive solution, and not just poke more holes that we have to go and fix from a security compliance perspective. So that’s our superpower. We look at a lot of technology on the daily. You know, we’re putting those together in different ways. We’ve found what works well with different verticals in different industries. And then our people know how to work those overall solutions and what has worked for the last 20 years very well.

 

Scott Kinka:

And we’ll get into that a little bit. I mean, we talked in the pre-show kind of about the current state of security being a mishmash of point vendors and then being very difficult to be able to buy across and sort of understand that. So I won’t spill the popcorn before I walk into the theater on that topic. We’ll get to that in a minute. But let me ask that question slightly different, what’s your superpower as a CTO?

 

Josh Henderson:

Oh, good question. I’ve been very fortunate to see a lot of what works and a lot of different sized businesses and industries over the years. So I’ve had the opportunity to work with small mom and pop shops and see what the pain points are there. Worked at a very large enterprise scale and a very different set of problems and a very different set of opportunities in both. And then you have this interesting blend of how you kind of bring some of these enterprise solutions down to mid market and SMB and what makes sense there. And so I would say my superpower is, I’ve been very fortunate to see a lot and I’ve got a pretty good skill set of kind of putting the right things in place to kind of form these solutions. And I think I’m pretty good at putting the puzzle pieces together wherever a company might be, coming up with the best solution for them for that time.

 

Scott Kinka:

Super cool. I love that. When I talked to Emile last year, he gave the story, you shared a little bit of it now. You guys have a legacy of, frankly, bringing together some names that were pretty well known from a hosting perspective. And ultimately that really became sort of an infrastructure centric business. I mean, when we stopped selling hosting plans, they became server plans and then server plans became cloud plans, and you get the idea. So that’s the infrastructure business, which you mentioned as one of the pillars. But when I talked to Emile last year, he was really beginning to sort of coalesce the story around security not being a new thing that you did. It was always a thing you had to buy with your infrastructure, but kind of it became more the dog than the tail and the way that you talk about the business, and then as I was prepping for the show I just wanted to see the evolution and I did a search on Ntirety. I don’t mind just sharing the story with our listeners, and the descriptor that came up was the data security and compliance leader. So I guess my first, kind of the heading question on this is that, is indeed the dog versus the tail, now security over infrastructure, the assumption is that they’re going to buy infrastructure from you, but the security conversation is the first. Is that the lead now?

 

Josh Henderson:

I think it can be. I think every customer is different in their evolution and where they’re coming from and different mandates from the business as well. So I think what’s changed, and you said this in the pre-show as well, is the way we buy has evolved, and kind of all of these things coming at us constantly, it’s more complicated than it’s ever been. I think we can safely say that, both from the vastness of the landscape and point technology solutions, as well as just what we’re focusing on. Historically, we focused on the four walls and had a nice moat around that and we secured the perimeter and we were good. That’s changed and as we know with COVID and work from home and those four walls are gone. So I think depending on where a customer is, it changes what the lead-in is. And I think for us the conversation has to be, it’s not one of these things, it’s all of these things, right? And they all very much tie together. And so telling that story is one I can’t. I can’t sell you security and you just be good. We need to understand what the infrastructure is, what the data is that we’re trying to protect. And so that’s where I think you’ve kind of seen us continue to evolve with the market, is making sure that hopefully we’re telling the story well, that it is all of these things. They’re critically important to your business.

 

Security in the Modern Era: Navigating Challenges, Compliance, and Integration

 

Scott Kinka:

Got it. Do you think that we, I’m saying this in a different way, do you think that security would be the phrase that’s on every IT leader’s mind the way that it is today, were it not for the pandemic?

 

Josh Henderson:

Good question. Maybe not to the extent that it is, right? I mean, it led to a lot of things that we had never seen. It led to hackers and bad actors maybe being bored and maybe more gung ho at maybe doing things that they wouldn’t have done previously, right? So, I mean, the uptick that we saw in that was drastic. I think the level of additional exposure we had is that we sent people home to home based networks and things like that drove the conversation drastically. So I think that we would have ended up at a point like this regardless. I think it was an accelerator, certainly.

 

Scott Kinka:

Agreed. Yeah. I mean, it’s interesting, as you know, in Bridgepoint, strategists run the gamut from obviously infrastructure and security to network transformation and communications and collaboration and data center. And when you go across all those things, we always considered kind of the base unit of measure and benchmarking a customer. Like the first thing you would say to determine the size of a potential customer is how many locations did they have? Because that’s logical, right? It’s logical to think about your four walls and your moat and you know, in the whole nine yards, security was a perimeter conversation. Access was a location-based discussion. And the same thing generally speaking, the number of locations was also a measure of how many employees you had to some extent. I mean, do we even care about that number anymore in a lot of ways? Or is it really, we just start with how many people you got.

 

Josh Henderson:

Yeah, we start with how many people you got. You know, we start with, it really has changed quite drastically. I mean, if we’re not talking about security, then it’s back to the tradition of what does network access look like? You know, sassy perspective, office locations, obviously matter, but man-end users and where they’re sitting today is definitely the basis for the conversation.

 

Scott Kinka:

When I look at your website and you’ve got a lot of security products and offerings listed there, and I like what you said, like it’s not one conversation. It’s all of the conversations you have to have. But you know, let’s say that the services that are listed are software packages that you buy from other names and you turn into a service and you know, there’s a long litany of various security products on there. Why should someone work with a company like Ntirety to do that, versus try and go and acquire on their own the individual product?

 

Josh Henderson:

You know, the build buy conversation is always one that every company is having internally. And even us on the corporate side, how do we protect ourselves? I mean, we treat ourselves as just another customer. And so as we’re developing these solutions, the same thing I’ve worried about at every other company, every company you’ve probably been at you’ve done the same thing, how do we protect ourselves? And what does that look like? We talked about superpowers earlier and our people being one and kind of the way Ntirety does it being the other. And one of the things Ntirety does as we look at these solutions is we have a couple of requirements. I have a couple of requirements as new technologies get proposed to the business. And one of those is does it have an API that we can make consistent with the rest of our technology stack? And the reason for that is we want to bring all of these solutions together. And if that doesn’t work, then we’re potentially just causing more problems, right? And that’s one of the concerns we have as we talk to customers about, let’s not just focus on email security and whether that’s MIMECAST versus Proofpoint versus whatever else might be out there today. Let’s talk about how that dovetails into the rest of the solutions. And so for us, that is maybe why someone comes and talks to Ntirety, if we have vetted these technologies, how they work together and then how that forms kind of this blueprint for a solution that we’re going to be able to put and make sure all that information is coming into the SIEM appropriately so we can find the needle in a haystack from a security incident perspective, but also work with the core infrastructure. Also work with their strategy on how they treat end users and where they’re going to be. And so that’s the difference, we have the skill sets in-house and we’ve taken the effort to really kind of vet these technologies and how they interplay and how they form a comprehensive solution via APIs, data transfer, data aggregation, and really enabling us to tell a comprehensive story.

 

Scott Kinka:

You know, I think,  at the end of the day, we talked a bit about compliance on the pre-call as well. And that it’s painful to say it’s still mystical when you talk to the customer, like there’s voodoo magic that goes into figuring out what’s going on. But when I advise customers, I’m gonna say, listen, at the end of the day, most compliance is pretty straightforward. Have a plan, document a plan, show that you work the plan, have the plan end with some story around recovery. You know what I mean? And then just do the things that you need to do across the pantheon of security. In a lot of ways, that’s really a good demonstration of what you’re talking about. Is that because when you do need to address something, there’s not one single product that will give you the answer? Certainly not. From front to back and all the security products that the customer might acquire. I guess that to your point, that’s why it’s important that logging is consistent and you’ve got it in your platform so that you can trace from product to product or point to point, really across the overall security strategy, which is kind of a fair statement for me to make.

 

Josh Henderson:

I think it’s a great way to say it. I mean, any compliance is a set of controls. And to your point, these controls are going to require certain things to accomplish. And it truly is about the flow of information throughout the organization, throughout the people. And then I love the way you phrase it. It’s documentation of what we’re going to do. It’s proof that we do what we say we’re going to do and it’s the outcome of those results. And so, yeah, regardless of what the compliance is, these products working together and being able to, again, kind of report up the same way, is critically important we feel, to kind of tell that compliance story. Certainly makes it easier for us, and it makes it easier for our customers as we wrap our compliance around what they need and their existing business controls.

 

Addressing Modern Information Security Strategy Complexities

 

Scott Kinka:

Makes sense. I’m going to put you on the spot if you don’t mind. There’s obviously a lot of products and I see slides out there like, here’s the ecosystem of security products. And it always blows my mind that they’re just sort of smattered around the slide as opposed to front to back. The phrase defense in depth has been around for 15 years at the end of the day. And usually when you consider that it either goes from the edge to the endpoint or the endpoint to the edge, depending on which way you look at it. But you know, from the way you think about it, the way Ntirety thinks about it, and you as the CTO of Ntirety thinks about it, can you just sort of walk us through kind of the main categories of security solutions? Start at the edge or start at the end point and arrive at the other one. Whatever way you guys think about it, just sort of walk me through the principal tenants that you would discuss with a customer if you were meeting with them and they said, we’re starting over, or you were just trying to assess to make sure the level of completeness they had, you know. What would be all the items you’d hit?

 

Josh Henderson:

Yeah, absolutely. That’s a great question. Well, I’m an old infrastructure guy, so we’ll start at the server level and then go out to the users. The things we know and love, right? So starting at the firewall and kind of what that protects. Obviously core firewall logging is extremely important. Typically with firewalls, we also are looking at things like threats coming inbound. So URL protection, we’re looking at IDS, IPS type solutions there as well, kind of the edge point, bandwidth coming in as a clean, those kinds of things. And then we move down into the server level. And this is the first point we really start looking at, kind of XDR, MDR, right? So logs coming out of the server, security events happening. This is also the first place we typically are looking for user access, right? So user access control, who’s touching the servers? Are we logging that? What did they do while they’re in the servers? Who has access to do certain things and continually auditing, right? I would say that’s one of the consistent things across all of this stuff. It’s never done. It’s continual auditing of every single thing that’s happening in almost real time these days in order for us to do what we need to do. So at that point, we’re looking at things like user access control. We’re looking at things like data protection and data security and data coming in and out of the systems, who’s removing stuff from it. And again, all of this stuff being constantly logged and pushed out to the SIEM. As we go down, and we’ll stay a little bit high level here, but as we go down to the next level, end users are where, again, we’ve seen the most complexity start to really evolve since the pandemic. So the things we’ve always done. User access, who has access to what, when and how, but that’s very much evolved, right? So we used to say, does user X have access into this system? Now we’re having to solve problems like user X usually logs in from Austin from 8 a.m. to 5 p.m. All of a sudden we’re seeing users login from Iowa at 3 in the morning as an example, right? That looks weird. So we need to be able to kind of be able to tell when users are accessing from a CASB, from a SASE perspective, that has changed the world. How they’re accessing apps, how they’re accessing internal resources and being able to report that. At the human level, still very much, awareness training is critical. Email security is critical, right? Phishing and phishing awareness training on top of that are also critical. So we’re covering all of those as we talk to users as well. And then obviously XDR, MDR, getting into the end user devices as well these days. And then the last thing I would maybe tie off on is, users accessing environments, we’re looking at the evolution of kind of VPNs, so no surprise there. And that’s changed just simply because, users traditionally come back to a single point VPN or a group of VPNs. And we’re evolving that more to be much more application-centric, right? So not what environment do they need to log into, but what application did they need to log into? So that’s it in a nutshell. There are dovetails and individual and business, very specific things that they have to solve for. But that’s what we look at from a comprehensive perspective is firewall down to the server infrastructure, down to the user, and then down out from.

 

Scott Kinka:

When you meet with a new customer, I’m curious, I was going to give you a number, but now I’m not. If you were considering all the things that you would expect that they would do, and let’s forget about collection and correlation for a minute, just talk about the points in the defense in-depth strategy. You know, what percentage of the various points do most businesses that you meet with have at least something in place for?

 

Josh Henderson:

Yeah, I would say it’s lower than anyone would want. It’s sub 50%, right?

 

Scott Kinka:

Yeah, I was going to say something around there too, I was going to say, do you think the number is okay? So I get that as usually a matter of Hey, you’ve got stuff, but there are these holes and those holes become the really big holes because they’re the only holes that are being watched. For those who don’t really understand that kind of correlation, I just want to take a step back. You mentioned data being reported into the SEM. Every one of these solutions is throwing alarms and creating logs and doing things all day long. And the overwhelming majority of them are frankly false positives without the context of the other things. How important is it really to ultimately be able to assess what’s going on? That you have these products knitted well together. You know, one, that they’re logging and correlating alarms from multiple disparate platforms that are being bought independently, and then two, that you’ve got a human checking the work consistently of what those systems were throwing off. Talk about that a little bit.

 

Josh Henderson:

Yeah, I think it’s both humans as well as automated and AI, which we’re all moving more and more too, right? So AI is a tool enabling those humans, but yeah, the reason we’ve chosen the path we did instead of let’s just be an MDR, let’s be alert on the alarms. We see something weird, we send it out. We think that it’s a lot more than that. When that’s happening, figuring out the trail of an attack or a pathway of data or a bad actor through an environment is a pretty complicated thing to do, right? So usually what we see is before something actually happens in an environment. If you look at the big cases that have happened, these bad actors have been inside of that environment for months, typically before something happens. That time period where they’re in there and we’re seeing these little specks of weirdness. If you don’t have the comprehensiveness of the little things, right? So why all of a sudden did we have that login from Iowa at 5 a.m. in the morning? Joe doesn’t work there, right? Joe’s in Austin. He works nine to five. That is a way for us to tell really early, right? When we start to see things start to happen. And so the goal for us, is to not to mitigate it after it happens and try to make it as less bad for the businesses we can, but it’s truly about can we start to find these things earlier and really reduce the risk along the way? And unfortunately a lot of businesses that aren’t quite at that level, they don’t see it early enough, right? And then they have a really bad outcome. So that is why it’s truly important. That’s the only way for us to see the clues to a compromise and a clue to something bad happening in the environment before something actually really truly happens. The more points of data we have coming in, the better we’re able to do that. This is a place where we’ve focused really hard on the tools, our expertise and kind of saying, look, let’s find the needle in a haystack. This is what looks weird. Taking automated actions and then to your point, rolling that up to a human to quickly investigate those. And so all of those things together, it’s definitely a very, very full-time job that never stops. So critically important.

 

Scott Kinka:

I think the key is that security largely isn’t a full-time job for the IT person and the customer, right? Which makes it really hard for them to be good at all this stuff that you’re talking about.

 

Josh Henderson:

Yeah, I mean, we all have day jobs as well, right? I mean, if that was put on my shoulders alone, there’s no way we could do it. It is a big and complicated and ongoing effort, absolutely.

 

Scott Kinka:

I call those also jobs for it. Like it’s not in the job. It’s not squarely in the job description. Maybe it is. But, it’s one of the things that you don’t do all day, every day. And you can’t be good at it, in a lot of ways. You talked about the spreading out of the footprint, which makes a lot of sense. It used to dig them out of the location base. You had 20% of your workers who might be able to log into a VPN, but the reality of it is all you were doing is using the VPN to drag them in behind the same perimeter at the end of the day, and then today they’re out, they’re dispersed. It makes no sense to drag them back to the office only to push them back out to applications. So it becomes about SASE and application access control and all the other pieces that are going on with that. One thing we didn’t talk about is the proliferation of non-human devices in the network. Also a thing that’s complicated, I suppose, is just spreading out the points of potential failure or potential at risk inside the business.

 

Josh Henderson:

Yeah, for sure. And I think that started with, maybe it didn’t start with a pandemic, but you know, the whole concept of us allowing folks to bring their own devices into the environment, early on. And then yet to your point, all the other stuff now that’s getting brought in, critically important as much as I would like to say, everyone’s treating that right. And we have isolated networks, and that is internet access only for those IOT devices and they can’t touch anything else. It’s just not the reality of most of the situations. And so being able to, again, protect those as well and add that data into the data set to your point is very, very important. And also making sure that when people do attach things to the devices or to the network, they’re meeting our requirements, our patch level is up to date, our anti-virus where it needs to be. Those kinds of things are also important, whether that’s a laptop that’s at home and we still have to patch it, we still have to make sure that’s meeting requirements for compliance, or an IoT device that’s coming into the environment or attached to the network.

 

Scott Kinka:

Just one last question. You know, it occurred to me a lot in the pandemic that we gave out a lot of free passes, right? Because everybody was in the same boat and many of us were, it became the dawn of video and collaboration. For the UCAS providers and communications and see cause, and then for the most part, we were able to make the phone ring and see people pretty quickly. But I think one of the challenges that we did see, a lot of customers were like, I can get make the phone a ring, but I don’t know how to get them access to the application that they needed to be successful to do their job, because it was an application that required some additional level of security. Maybe they were in banking or they were in mortgages or they were in healthcare or things of that nature. So it was great to be able to say, hey, hop on teams on your kids school laptop, but I’m not exactly sure how to get you access to this critical information. One, do you feel was that a thing that you experienced as well? And then two, how were you solving those problems for customers when they were talking about sort of critical application access?

 

Josh Henderson:

Yeah, I think it was a time where we started enabling some of the stuff that we had already for the most compliant infrastructure, things like fashion hose, jump hose that we were using internally for critical infrastructure, and kind of extending those out to end users right at first. And I think what we’re seeing now, potentially because of the pandemic, is as things like CASB and SASE start to mature and we’re seeing those really come into focus, that is becoming a more elegant solution for customers to truly implement. And I would say it’s still coming into focus, right? Different providers have their concept of what SASE truly is. If you go to Palo Alto, right, it’s a very network-centric approach. You had an application provider, very application-centric approach. But I think it’s also evolved from the perspective of how we’re doing authentication down the chain. So things like password lists coming into play, short-lived tokens and short-lived authentication, those are things that we’ve also started having conversations with customers about as they’re enabling this level of access, right? So I think the whole concept of short-lived access is becoming critically important. Zero Trust obviously dives into that a lot more as we get into those conversations. So yeah, those are the conversations that we’re having, but it truly is a maturation, I would say, of what we were doing internally, as we had remote administrators and remote engineers logging into some of our most critical infrastructure over the last years.

 

Scott Kinka:

Yeah. So, one last question and then we’ll get to some fun. This has been an interesting conversation and maybe this is the bridge to the fun, cause I’m not sure where this is going to go. But you’ve been a CTO for most of your career in network companies and security companies and infrastructure companies. But it’s been that experience that is very pertinent to them. An IT leader inside of a business. You experienced the same problems and frankly solved the same problems for customers that they’re dealing with every day. Given the current state of security, if you had one piece of advice that you’d give, maybe this becomes the hot take in the video here for the marketing department, but if you had one piece of advice that you’d give to an IT leader who’s just like, I’m struggling with everything that’s going on now, what do I have to do? What would be the piece of advice that you’d give them?

 

Josh Henderson:

Yeah, I think all the marketing departments would love this, right? You bring in an us and let’s have a conversation. It truly is about you know, I would say it’s okay not to know everything right and it’s okay to lean on trusted advisors and folks that have been through the fire and I would say it’s okay to have partners that you know are going to be there for you when something does happen because you know, unfortunately for most of us, we are going to experience something at some point in our careers that we’re gonna need some help with. So what I’ve found is I’ve always had trusted vendors, I’ve always had trusted partners, even those I’ve taken from company to company with me. And these are the folks that over 20 years I’ve learned to trust and I’ve learned that they have expertise where maybe my team has gaps and it’s okay to subsidize and fill that and bolster your team, and give them someone to lean on when it’s needed.

 

Exploring the Future: AI’s Impact, Dystopian Scenarios, and Recommended Reads

 

Scott Kinka:

I love that. All right, so three quick questions, and then I’m gonna let you get out of here. The first one is, I’m gonna ask you to put on your prognosticator hat, Nostradamus, for me. Give me something in the next 18 to 24 months. It could be in tech, it could be in sports, it could be in politics, you name it, but give me something in 18 to 24 months that we can look back on and maybe laugh about in a couple of years.

 

Josh Henderson:

I mean, I don’t think it’s too far-fetched. I’m a huge nerd. And AI is something that, man, it is my entire pastime, both from a business as well as a personal perspective. I mean, it’s permeating what we’re doing. The first time I let my kids start to play with GPT and Claude and the ones that are out there now, it’s amazing to watch kids kind of interact with that. Where my kids specifically would have issues with Google assistant or or Siri, they really picked up on this conversational way to talk to technology that actually works. AI everywhere is my prediction, and I think from the business applications we use every single day. Apple announced that every single component in the Apple ecosystem is getting an AI touch and work inside of Apple. It’s going to be amazing to kind of watch where that goes, both for good or for bad. I’m in the camp that AI is absolutely a tool that we should absolutely be using, and not something to be scared of, but that takes a lot of control and a lot of other discussions. We didn’t even get into AI with regards to what that means for the business and releasing our data to it and how we control that. But that’s what I’ll be watching closely.

 

Scott Kinka:

That’s gonna be a follow on conversation for you and I at some point, I’m sure. Is the singularity near, Josh?

 

Josh Henderson:

We can hope, right?

 

Scott Kinka:

Okay, so you want it. You’re ready. You’re ready for sentient robots. I think it’s one of those things where, again, not something to be scared of let’s figure it out. Let’s harness it. I think it’s up to humans using it the right way. I guess I’ll say it. So I get that. So, another fun question. Let’s assume whatever, I have no idea what’s going to happen next. It was the pandemic, maybe the robots do take over the world. Maybe it’s the zombie apocalypse. I’m not sure what it is, but the next big dystopian future event occurs and there’s only one application still functioning on your phone. What would it be?

 

Josh Henderson:

You know, it would probably be like Reddit for me, right? The information place, right?

 

Scott Kinka:

Okay.

 

Josh Henderson:

That is definitely a guilty pleasure of mine.

 

Scott Kinka:

Yeah. And it’d be pretty useful when you’re like how do you wire this up to that to get power because you know, things are breaking down. Okay, Reddit. I like Reddit. That’s a really good choice. Last one, maybe not as fun, but super interesting given your background. Any recommended reading that you’d share right now? What’s on your end table?

 

Josh Henderson:

Well, I just finished again, we talked about past times, I finished a book on battery engineering. So again, getting ready for the end of the world probably, but as an ops guy, right? I’m a huge fan of The Phoenix Projects, Unicorn project.

 

Scott Kinka:

Love the Phoenix project.

 

Josh Henderson:

Yeah, that’s one I would always recommend to anyone in operations.

 

Scott Kinka:

Yeah, I would agree. We did a Phoenix project book club a couple of years ago, because we just felt like we needed to. You know how you go through these spurts where kind of your mid-level managers need to become some of your seniors, but they need a little, like you gotta give them a similar context. So we decided, we had done a little bit of reorganization of our development and engineering teams, and we decided that we were gonna do it. We had somebody who we were sort of challenging to step up where she was from a leadership perspective. And we gave her the project and we said we want to have some discussion around just operational context, you know what I mean? It’s not like, if you haven’t had the Phoenix project, you wouldn’t know, so I won’t get too deep, but I highly recommend it as well. But we did use that as she decided to use that as a tool. She’s like, I’m going to do a Phoenix project book club. And I’m like, that is a fantastic idea. So we went out and bought 60 copies. And next thing you know, they were like, tattered and wrinkled with markers and post-it notes on everybody’s desks. And I’m like, this is making my heart war. Because everybody was calling out to each other on being different, like a project slowing archetypal people that are in the book. And so I agree, we will put a link in the show notes here on this, but I highly recommend that as well, I could run off camera and probably grab a copy and show you my tattered version of it over here in my bookshelf. I love that. Well, Josh, this has been a really, really fun conversation. I’d love to follow up on it again. I hope to see it obviously at one of our events coming up and we’ll maybe do this on stage in front of some of our people and we’ll chat about that. But it was really good to get your perspective after getting some really good perspective from Emile last year. But you know, a company to follow. We really are huge fans of Ntirety. If the listeners want to find out a little bit more about the Ntirety, I’m assuming you’d recommend they just hit the website and you are on LinkedIn if they want to get ahold of you.

 

Josh Henderson:

Yes, sir.

 

Scott Kinka:

Okay. Well, I appreciate that. Thank you so much, Josh, for your time. I really appreciate it and enjoy what I’m sure is warm Austin today.

 

Josh Henderson:

Yes, yes. Thanks so much for having me. I appreciate it.

TAGS

Share:

Experience the Bridgepointe Way

Start today with a no-obligation consultation with one of our experts.

Table of Contents

Related Blog Posts