Thought Leaders in Cyber Security: Thycotic James Legg CEO and Jonathan Cogley (Part 2)

Sramana Mitra: What was that product that was the beginning of your transition from services to a product company?

Jonathan Cogley: The product’s name is called Secret Server. The simplest way to think about it is, if you think as an individual, all the passwords that you have are so many. They’re difficult to manage. There are some that don’t directly matter to you. We call them non-human passwords. You even have a few examples as a consumer.

If you think about the WiFi router at home, it doesn’t really belong to you but you need to know it and you need to keep it secure. If you think about that router, you need to know the admin password if you want to go in and change the specific settings for your home network. You need to know those credentials. If you roll that out to the IT department in an enterprise, they have those passwords except they are thousands of them.

It’s an infrastructure that they’re managing. It’s typically a team of maybe 20 people or in larger companies, maybe 200 people that have to have access to manage and control passwords. The use case is it’s messy and difficult to manage. The problem gets even worse from a security perspective. If you’re not managing those passwords effectively and changing them, then those are exactly what the attackers are going to take advantage of to be able to traverse the network.

Sramana Mitra: This was the product that you were selling online, and all over the world, people were buying it?

Jonathan Cogley: Absolutely. It was a password vault for managing and controlling different passwords for IT folks.

Sramana Mitra: Who were buying it? Large companies, small companies, or consumers?

Jonathan Cogley: We’ve always really been business to business. In the early days, it was actually a mix. There were small teams within large enterprises that would buy it as well. You’d get the team within a large multi-billion dollar construction company and team of 15 people who would buy our product. They might only be paying a couple of thousand dollars back then but it was a much simpler tool. We’ve upgraded the capabilities so much that the same team is able to do so much more with their security around passwords.

Sramana Mitra: It sounds like that’s the beginning of the shift to a product company. Can you summarize the evolution of where you went from there to now in terms of your product strategy?

Jonathan Cogley: The product strategy for Thycotic is an interesting one. It’s quite different from our competitors. A lot of the companies in the space get VC money early on and they focus on one specific thing. Their product grows and is determined by that. Because we were forced to self-fund everything with our consulting revenue, it meant that we couldn’t burn money. We always had to be conservative with our expenses.

We didn’t have the resources and infrastructure to provide a lot of professional services on-site in Australia. It meant that the product had to just work. They downloaded it from our website, deployed it, and started using it right away. The philosophy for the product has shaped the marketplace a little bit for us.

When we go into competitive situations, our product is so much easier to use. The evolution has been steadily improving the sophistication of the tool from SMB requirements, which might just be managing passwords for 20 IT administrators, through to large enterprises where it might be couple of thousand IT administrators managing Unix, Cisco, Windows, and all the different environments.

This segment is part 2 in the series : Thought Leaders in Cyber Security: Thycotic James Legg CEO and Jonathan Cogley
1 2