Episode 51
Vamshi Sriperumbudur: 0:00
In security, it's the aha moment is about visualization.
Chithra Rajagopalan: 0:03
When you're releasing something that's as fresh as like AI, because there's so much noise, you really need to know what the market poses. Like, do you even have a product market fit? Like you think this is the right thing to build, but how have you validated that?
Vamshi Sriperumbudur: 0:16
AI adoption by companies is skyrocketing, right? But then so is the AI adoption by adversaries. This leaves a gap in security. So you have to adopt AI for security. This is absolutely required, right?
Rajiv Parikh: 0:32
Welcome to the Spark of Ages podcast. In this episode, we're navigating the highest stakes challenge in enterprise technology today, securing the AI agent economy. The promise of AI offers incredible velocity, but it also introduces profound non-human risks that threaten to overwhelm even the most secure organizations. We're bringing together enterprise security leaders in finance and marketing to bridge the critical gap between go-to-market velocity and financial outcomes. Two amazing guests. First is Vamshi Sriperumbudur, who recently was the CMO for Prisma SASE at Palo Alto Network, where he led a complete marketing transformation, doubling their pipeline and driving an impact of $1.3 billion in ARR in 2025, which is up 35% and establishing that group as the platform leader. Chithra Raja gopalan. Chithra is the head of finance at Obsidian Security and former head of finance at Glue, and she's recognized as a leader in scaling businesses. Chithra is also an investor and advisory board member for Campfire, which is an AI finance firm. And she's also serving as president and treasurer of Blossom Projects, which is a wonderful charity for Indian youth. Welcome to the Spark of Ages. Thank you, Rajeeb.
Vamshi Sriperumbudur: 1:56
Thanks, Rajiv. Glad to be here.
Rajiv Parikh: 1:57
Let's talk before we get into it a little bit about how big this security market is. Like everyone every day is using the internet, they're using their computers, they're connecting to all sorts of things. And as that continues to explode, they have to secure it. They have to make sure that you don't, that malactors don't get access to data or your information or your systems. And we hear about it all the time. So just giving you a sense of how big this is, according to Gartner, the total software, services, and hardware business is about $213 billion in 2025. And if you just look at software alone, that's somewhere, depending on who you talk to, between $100 and $120 billion. And it's growing at about 12% a year, which is just a little bit faster than most of the other software fields, reflecting that as you get more and more devices, there's greater and greater risk. Vamshi, your go-to-market teams need velocity to capitalize on AI technology, while Chithra's function requires strict governance to minimize risk. How do you bridge this chasm? What minimum threshold of trust or governance readiness must a new AI-driven security solution meet before go-to-market can push it aggressively to the market and finance is comfortable allocating long-term production budget versus limited pilot funds? Chithra?
Chithra Rajagopalan: 3:16
During RSA, of course, there were announcements from Palo Alto, but there was every other vendor was announcing that they were now a security for AI, right? So there's definitely a lot of noise in the market. So I how I kind of think about it is like at the end of the day, since security solution is very much grounded on trust and governance, right? So we should be able to validate how is the accuracy going, how is the auditability, regulatory alignment. So even before we scale, I would say that's where the focus should be. So just like Vamshi also mentioned, we also did a lot of groundwork looking at what is a customer that is looking for, like even through our cabs, what is the attack surface that folks are seeing, and what is that we can provide as immediate value and build something customizable or even scalable with along with them, because everyone's trying to figure this out as a team together, right? So when there's a newer solution that kind of like takes to the market, of course, you need to like deploy what I would kind of call it as a pilot capital because it's before production, it's before scalability. You really need to do the experimentation at first, whether it's digital or thought leadership or even like framings, right? You really want to see how is a market taking it all in. Of course, it's very uncomfortable for the finance side of things because you want to see ROI like tomorrow, right? So, how do you kind of balance that out is extremely important because you don't want to be that person who pushes back and disrupts hyper growth, especially for a startup like ours? We have to be innovative. We have to go at that pace. So it's really unrealistic to expect ROI and results immediately. So as a CFO, like I would say, like, what is your innovation or a pilot kind of capital? What is that you're able to sit with your execs, understand like what does success look like for us collectively? And then think about okay, what then what production looks like, what does scalability look like? And at the end of the day, how do we prove that trust and balance of that governance and bring success alongside customers? Right. So that's that's how I would look at it, like in a phased approach almost.
Rajiv Parikh: 5:19
Okay. So you're taking it in phases, saying that as you hit, almost like how venture capitalists look at it anyways, they look at things from a milestone perspective. Are you bringing them the financial milestones? So here are the milestones that we should hit before you put more into it. Or are you saying give them room to run and then let's see how it goes? You don't know everything when you're into this, especially from a startup level.
Chithra Rajagopalan: 5:40
100%, right? Because when you're releasing something that's as fresh as like AI, because there's so much noise, you really need to know what the market pulse is. Like, do you even have a product market fit? Like you think this is the right thing to build, but how have you validated that? Like, are people signing up? Are people downloading your content? Are people reading through it? Are people engaging with you, whether it's through the ads or through other thought leadership? So having like really granular approach towards like what does first touch look like? And how does following attributions look like? I think that's extremely critical. Otherwise, there's no real way to kind of measure what the engagement is supposed to be.
Rajiv Parikh: 6:19
That's right. So, Vamshi, when you're thinking about it from that perspective, right? You're in go to market. So you probably are getting a sense of what the market is. So Palo Alto Networks, right? They're one of the largest players there. They have multiple offerings across the entire space, right? So for you folks, AI is something new and emerging to your existing portfolio. Whereas I think for Jithra, that was the business, right? So how are you hearing about things from the market? And then how are you setting up your go-to-market capabilities?
Vamshi Sriperumbudur: 6:49
I think there's a couple of things, right? So organizations like Paul Alter Networks, there are public companies, presumably you're you've got a large install base, you know, in case of Paul Alternateworks, 70,000 plus customers. But it's important to you to kind of acknowledge that AI is actually bringing new customers into the fold, no matter how many customers you already have. So I think there is the notion of, I think to Chithra's point, there's a notion of like thought leadership that needs to be put out that, hey, you know, from a go-to market marketing perspective, or any organizational aspect, whether it's you're a startup or a large organization, definitely behaves you to do that. That you need to put out thought leadership that, hey, you know, AI is creating all this opportunity, increasing productivity, creating efficiencies for your organization, organizations across the world, across verticals. But it's also a potential to, for example, simple, take simple example, right? Chat GPD. And I know we have solved a number of these problems today in terms of technology, not in terms of adoption, customers, enterprises using it, but the following example. Chat GPD. So I'm in marketing, I have a big launch coming up. I'm not obviously going to put something that's, and I'm a public company, you know, put something that's upcoming into Chat GPD. Now it's in the ether, right? Everyone has access to it. So there's aspects around how I can, and that's just for marking. And then you talked about finance, things can be even, I'm I'm sure Chithra can talk about it. But like there are things that are, you know, your proprietary sensitive data that you can put into things like ChatGPD, unless it's provisioned as a Gemini, as uh copilot, et cetera, within your organization. And then the other part is the prompt response, right? If you're a developer, you're using Corium and you're checking in the code that you got and into your GitHub, uh, GitLab repository, code repository. And what if it has some issues, right? It has aspects that could, you know, kind of mess up your application, jeopardize the security of your application. Malicious code could be an example. You know, there's a number of other things. It could draw out your data. So I think these are some of the areas where you know, talk about thought leadership in terms of these possibilities and you want to secure.
Rajiv Parikh: 8:53
So, like you're looking at it from that perspective, Vanshvi, where you know you're looking at it as a platform play, right? As opposed to a single point, right? So you're talking about AI agent security. So, how do you get that message across to folks? Like you have many things you can talk about to a CISO and CFO, or you convince CISOs or CTOs or CIOs, right? And they have so many products in front of them. So, how do you talk about it to them from a platform approach? That this specific threat requires immediate prioritization one versus the other.
Vamshi Sriperumbudur: 9:25
Some of the market data is very important in this. So I'd say, you know, when it comes to Gen AI, right? The single most important advantage you have as a go to market leader in getting your message out, your platform message out to your customers is speed, especially in the context of AI. And this advantage, you know, can be passed on to the enterprises, your customers. So let me explain this, right? AI adoption, we you know, we talk about it is skyrocketing. You know, Mackenzie put out a global survey in AI. 78% of the companies are now using Gen AI in at least one business function. And this is the survey is granted as of June. So things are changing so fast. So the numbers have probably gone up. And this is apps, this is models, this is agents. Virtually every business function and customer segments are using. I do want to quote something very specific here. This is not just attack service growing, it's also adversaries going after you, right? So Microsoft digital defense report that just came out a couple of weeks ago, mid-October 2025. Basically it's saying that threat actors are also using AI to boost their attacks, you know, whether it's social engineering, phishing, et cetera. 80% of the cyber incidents investigated, attackers want to get your data. And once you have the data that is pre-II, personally identifying information, PHI, you know, personal health information, et cetera, patient health. So all of this information, the adversaries you want to use for financial gain. So that's one part. The other part is nation-state adversaries. The issue here is they're getting AI content samples that are you know 4x within just one year, went from 50 samples to 225. You know, you read the report, you get the idea. So there's a couple of issues there: financial loss and then nation-state level, you know, information for even worse purposes or equally worse purposes. AI adoption by companies is skyrocketing, right? But then so is the AI adoption by adversaries. This leaves a gap in security. So you have to adopt AI for security. This is absolutely required, right? So as a CMO leading the launch together with my go to market peers, new AI-driven security solution is important for enterprises. They have to get it really right now to secure their sensitive data, to stop the malicious code check-ins, basically to get ahead of the adversaries and threat actors. I'd say security is the true unlock of AI value in the enterprise. That's the message I would go with my customers and which I have.
Rajiv Parikh: 11:43
Right. So this is the ability to unlock it, right? And that kind of leads to the question I have for Tithra, which is that everyone seems to be adopting, but as that recent MIT report said, a small percentage of these initiatives are actually reaching production. So there's a lot, a lot of experimentation. There's a lot of personal or consumer use, but not necessarily widespread enterprise adoption from a production point of view due to lack of governance, poor integration into workflows, et cetera.
Chithra Rajagopalan: 12:12
Yeah, before I actually jump into that, like few things that we have seen within our customer data, right? Which has been pretty alarming if you think about kind of just AI adoption general. One reality is that there is so much pressure, whether it's from investors, whether it's from the board, that hey, we need to like adopt AI ASAP. So the CEOs are like under so much pressure. Security kind of becomes an aftermath most of the time. So CISOs and CIOs, so they're kind of like stuck in the middle of a rock and a hard place most of the time. So they we have seen that quite a bit. So our own data, what we have seen is like 50% of enterprises have at least one shadow AI. And even 90% of AI agents that we've seen are over provisioned in SaaS applications. Like over 10% of Gen AI prompts actually include sensitive data. Just one single element of that could be catastrophic to a company, right? So people are discovering this as we go.
Rajiv Parikh: 13:07
You're saying that it's not just that folks are inside the corporate firewall, so to speak, inside the company where things are protected. When they're asking general like Chat GPT or general answer engines something, they're putting in sensitive corporate data into it.
Chithra Rajagopalan: 13:24
So just taking a step back, right? Like if you think about your security architecture, and Vamshi can probably talk about this more technically than I can, but just to kind of like think about it broadly, like you have your identity, like Chithrad Obsidiansecurity.com, right? You have your zero trust architecture, or you have your SSOs or MFAs that kind of take care of your IDP or access management per se vendors, right? And then you kind of have you secure your network, you secure your remote employees through CTNA or SASE. But like what happens is none of this is looking at AI agents because once you kind of get into the SaaS application, your AI agents does not require to go through all of this because it's all configured through the SaaS application per se. So what happens is since AI agents are removed from this whole access management, they are over-configured, they are over provisioned because nobody wants to kind of like block them because all of the speed at which these workflows are going is kind of like how productivity is being defined within the company, right? So nobody wants to block those. Now that comes with a lot of issues. Like the AI agent that I'm creating probably has more access to a SaaS application or multiple SaaS application than I should technically have. So that is the real problem that we're dealing with, right? Even if you think about just any third-party application that you have, right? At any point, even Salesforce, take that for example. There are over 700 SaaS applications that are connected to a Salesforce instance at a given point of time. Like think about a large enterprise. And if you remember the Salesforce drift attack that happened in August, that was not because Salesforce were inherently not configured or anything, right? Because it was an integration to drift. That API integration is what got breached and exposed over 1.5 million customer records, over 700 customers, right? And exact same API integration is being used by agents out there. So the attack surface has just got multiplied just by introducing AI agents into this equation, right? So I think that's the situation we're looking at. Multiplication of that attack surface. Now, going back to your question, like how do we think about outlining what is what is the broader goal in here? Like, how do we make sure that kind of like we are maximizing the value at the end of the day?
Rajiv Parikh: 15:41
Before you answer that, would you say that, I mean, if there's hundreds or a whole bunch of prompts hitting Salesforce, would you say that it's not necessarily true that we are actually in production to a greater level than what's being reported?
Chithra Rajagopalan: 15:54
100%. And we have seen this at some of the solutions that we have been trying to solve alongside our customers, right? Like think about an agent that has access to Salesforce and your Gmail and should not have had those access and is able to write a prompt that summons pipeline data or closed one customer data. They can summon whatever they want and send it as an email to your inbox. This is like lack of configuration within that AI agentic workflow. Because as a SaaS application, maybe this person, whoever created this agent, might not have had that access. But then just because your agent was over provisioned, you're able to summon whatever you want. This is what we are seeing because there is a lot more access to sensitive data. And think about your low-code, no code applications like a Glean or an NADN, right? They can write any sorts of agents and workflows and have access to any kinds of data across any SaaS application. Summon whatever you want in nanoseconds. Think about that.
Rajiv Parikh: 16:51
Thinking about NADN, as long as you have the ability to log into something, you can get it, right? I mean, so you're saying that they're over provisioned. So over provisioned means they have more access than they should have.
Chithra Rajagopalan: 17:04
Correct. Correct. And that normalization is not happening today on like, okay, who's this person writing all these agentic workflows? Do they should they even have those accesses? Like, are we taking a step back and looking at the overall surface? So this is why you will see a lot of companies experiment things, abandon it, go back to something else, abandon that. So you'll see a lot of this shift happen. And I feel like it'll take some time to kind of like fall into place. But if you think about how as a security technology or as a security platform, how are you partnering with your customers throughout this journey? I would say just narrow it down to what is the broader goal at the end of the day? What is a CISO looking to report to a board? What are the outcomes you're trying to achieve for them? Because most of the time, since the whole architecture is so noisy, you really need to sit down and discover alongside your customer what is exactly the problem that you're trying to solve for, right? Because everyone's trying to figure out where the vulnerabilities are, just given this new AI agentic, you know, like a curveball that was thrown at us. It's a discovery awareness. So we're starting at like scratch, kind of like from an awareness standpoint. So I think that's where the discovery alongside your customer is going to be extremely important. That's how you'll be able to understand outcomes, which you can then deliver on as a security technology vendor. Then you can kind of like partner with your CISO to be able to help him or her go and press into the board in a certain way. And what does success look like for them, right? Rather than just giving them a box of like, okay, here you go, a solution. It doesn't work that way. Like if you really need to come back and ground zero and look at outcomes that you want to drive as success.
Rajiv Parikh: 18:48
Interesting. Chithra, are you helping them, as in the go-to-market teams, with helping on the risk assessment? Or is that something that's handled by your chief risk officer or your own CISO, you know, chief information security officer, just so everyone knows, is a CISO.
Chithra Rajagopalan: 19:04
Absolutely. So go to market is one, but then let me talk about internal process first, right? So if we think about the GRC committee, where there's representation from legal, representation from finance, right?
Rajiv Parikh: 19:14
GRC Global Risk Committee?
Chithra Rajagopalan: 19:16
Yes. So governance.
Rajiv Parikh: 19:18
Governance risk committee committee, right?
Chithra Rajagopalan: 19:19
So then there is representation from different parts of your company who are able to come in and talk about vulnerabilities. And what is that we need to tighten within the internal process, right? So that is extremely critical because we are a mid-sized company who is going through a hypergrowth, right? So we're not, we don't have like a CISO org. Like the maturity of the CISO org is very different compared to like a F1000 or G2000 company who we serve. But us as a company, we look at security a little differently, right? So, really, depending on the majority, the internal process might look a little different as well. Where you will have to contribute from a CFO standpoint, like what are you seeing? What are the vulnerabilities you're seeing? And how I think about as a finance leader is everything you touch is extremely sensitive. So if you think about the finance org, we have access to all the customer data. We have access to all employee data, we have access to our financial data, right? So there's nothing that we don't touch that is highly sensitive. So, how are we taking responsibility today as a team and working alongside our CIO or CISO to be able to protect our architecture is going to be extremely important, right? So there is a sense of responsibility that comes with that power to access these data. So I think that's extremely important to understand. So that's where I come in from a spokesperson standpoint on why security is important internally. Now, from a go-to-market standpoint, I think it's it's more of a stakeholdership rather than telling them like, okay, this is how the go-to-market strategy should look like. It's more of a how do we message as a financier? How do we message that resonates with the other finance leaders in the community? Because finance CFO, finance leaders are a critical part of a buying committee, if you think about it, right? So are they aware of the problem on why they should buy a security solution? So, how are you making them aware of the problem that should resonate with them technically, right? Like because they have access to all these data at a highly regulated, sensitive kind of uh industry, they should be able to articulate why security products should be structured in a certain way and why they should partner with the CISO org.
Rajiv Parikh: 21:33
So to prevent the churn and implementation debt caused by many AI pilots, some of which are going or reset or whatever, what's your break glass finance mandate that you would set for the go-to-market team to ensure that their AI-first marketing promises are backed by scalable, governed, and production ready product, guaranteeing minimum time to value for the customer?
Chithra Rajagopalan: 21:53
Absolutely. So, us as a company, we have invested quite a bit in our dam organization, technical account management, right? So, how going back to the discovery of pain points, that's where you'll find the outcomes you want to drive. Are you able to identify? Is your team able to sit down, have a good discovery call, and identify what is the pain point that your customer has that we need to check off as part of the implementation? Of course, there is plug and play kind of models, and that should work. But at the same time, if you want to have consistent adoption of your product, you need to be able to deliver it that outcome. And sometimes it's not as simple as putting it into one of the abbreviation, right? Or SSPM or ITDR. Like you really need to know what the pain point is and kind of like provide them guidance on what the solution might look like. We have customers who come to us, oh yeah, we just need posture configuration. But as we talk to them, oh, they're like, oh no, I need threat detection as well. I need browser extension too. I have shadow AI problem and phishing problem. So we kind of end up discovering a lot more, which is extremely critical, right? So then really tying back to the outcomes and really tying back to what a CISO's goal is, what is that they are reporting on? What is important to them is extremely critical to understand. So I would say that is kind of the great class, I would say expectation I would set. Like having that discovery call with the prospect is more precious than anything.
Rajiv Parikh: 23:16
That's awesome. So, Vamji, this leads right to the next one. So, in a market saturated by expensive security platforms, what's the single most counterintuitive element of pricing or packaging? So it could be related to usage, scope, outcome that you would recommend today to compel a buyer to recognize platform value and move beyond the perception of security solely as a necessary cost, Santa?
Vamshi Sriperumbudur: 23:36
I'd say give it away, you know, trial. And by that I mean free trial for a couple of weeks for for a month for a scope of capabilities, freemium free trial. Free trial tends to work really well because they have the full capabilities for a short period of time.
Rajiv Parikh: 23:49
So this is a PLG motion.
Vamshi Sriperumbudur: 23:51
Exactly.
Rajiv Parikh: 23:52
Even further, like my friend Bill Mesaidos, who's been on the show, right? He's like, you have to let people try it first.
Chithra Rajagopalan: 23:57
I mean, even if it's not PLG, it's still like you're giving them early access, a free access, right? We you don't have to have it as a PLG, but you can still have a freemium model where, I mean, even if we think about our own buying behavior, we want to do POVs and freemiums, right? Before we commit to something.
Rajiv Parikh: 24:14
So you would say, Vamchi, go out, let them try it first.
Vamshi Sriperumbudur: 24:17
Yeah, unleash it, right? I think uh when you have, you know, whether you are a best-of-breed technology security provider, startup, or a large organization, call alter networks, etc., right? I think PLG Motion has a lot of power, product-led growth, free trial is definitely an avenue of doing this. And but there are some critical factors, and I'll provide an example as well, Rajiv. So friction-free sign up is absolutely important. When someone's signing up, you know, just take the friction out of the system, make it really easy for them. No credit card, no need for three days for someone, some team in the back end to approve that you actually have the access to the system, etc. Right. So that's number one. And the trial can be defined in a number of ways. It could be a sandbox environment where you're just actually entering in to play with the product with some test information, some demo information, et cetera. It could simply be a product tour in some cases. This is a real product, but set up in an environment with some guardrails.
Rajiv Parikh: 25:15
Right. Because sometimes it's getting into their environment, right? It's not just an overview or not a defense layer. It's actually inside their system. So you can't necessarily give them a free trial without impacting things dramatically.
Vamshi Sriperumbudur: 25:28
Without some checks and balances. So I think the whole notion of free trial or a product-led growth is to get to the aha moment. What is that aha moment? And I'll again provide the example, but in security, it's the aha moment is about visualization. You can quickly show a visual. And it could be different things for different technology products, but in in the context of AI security, visualize what is shadow eye, AI, what is actually provision, so on and so forth. So get to that ASAP, right? So for you to get to that, then you obviously need to make it easy to sign up and then show it on a sandbox data or a demo data. Now, then you can say, hey, you know what? The prospect has experienced the product, click through uh, you know, my storyline that or or walk me demo or click through my actual product with some help on it. Then you have a product qualified lead. At this point, the sales team can pick up the phone and say, Hey, you know, it seems like you had a chance to review our product, its UI, its capability, et cetera. Can we set up some time to walk through a demo? Or, you know, I think as Chithra mentioned, uh, have a proof of value, proof of concept set up. Because for you to do that, you need to get into their environment. And Rajiv, you also mentioned, right? So you need to have their API key, you need to have their cloud environment, whatever other credentials that are needed for this, your AI security product to get into your customer prospects environment and do that scanning and show not a visual of a sandbox information, but the actual information. Of course, once you show the visual, then there is uh, you know, setting up policies, et cetera.
Rajiv Parikh: 26:59
Yeah, so you may have a situation where, on one case, you can let them just completely try a solution, right? And showing the defense and give them a report of how it worked and how it was better than something else. In another case where it's more difficult to change elements in their environment or may not want to touch production data, you have a sandbox of outside data or dummy data. Then maybe the next step you have is where you actually say, Well, let me have a subset of your environment or subset of data, and then they can try it there, right? So you're segmenting it, like you said, like this is your product qualified lead. Knowing you, you've thought of multiple segments of it so that when you go back to the CRO or going back to your, you know, any of the whole team, you're showing them how people are getting through to justify investments.
Vamshi Sriperumbudur: 27:41
Exactly. And it is end of the day, the customers don't care whether you're sales, marketing, finance, what have you. They are like, okay, you're Paul Auto Networks, you're this company, et cetera, right? So they are interfacing with the organization, your brand. So you want to have in the back end, of course, from your go-to-market team perspective, technology, you want to have a seamless handoff from the product and the marketing guys, working obviously with the rest of the go-to-market team, but seamlessly capturing the customer's interest in a product, the product tool, the sandbox environment to a product qualified lead where the BDR, the sales team picks it up and then goes into a POC, et cetera. But it has to be seamless. And they know the journey, the buyer's journey, PLG journey, is seamless from a customer or prospect standpoint. So it does require a tight cycle between product marketing, sales, sometimes additional organizations involved. I think you also mentioned another part where your AHA moment is not a product tour, but the AHA moment could be a report, an audit report. So I'll give you an example. I was a CMR at Qualas. One of the things that we did was so it's about attack surface. We talked about attack surface. So there is a couple of products that we have, portfolios that we have called attack surface management in the category of external attack surface management, internal, et cetera. So we can actually do a little bit of a report on the prospects based on whatever is publicly available and show that report. And that audit report is like an eye-opener. And the two things that I want to mention, and just in the whole context of PNG. One is the person who is reporting, receiving this report from us, the technology vendor, security tech vendor, can actually internally distribute and get an idea. And then the other portion of it is use that to engage in a conversation. Now that conversation can lead to a lot of additional steps, a POC, what have you, right? That is that artifact. In case of purely PLG, also, right? When I am a security engineer, I'm a network engineer, DevSecOps persona, a number of these personas within the buyer group, if you will, for security. When I have played with your product on a sandbox environment, now I want to put in my credentials for you to scan in my environment. It's not my decision alone. Now I need to get on a device. I have a sec ops person. I need to get my security engineer. I need to get my admin. Us we need to discuss and say, okay, let's bring this in and then play. So it's not just a one-person decision when you're playing with it.
Rajiv Parikh: 30:11
It's a buying group decision, right? And Chithra talked about it earlier, right? The CFO is part of the buying group, right? There's a huge buying group decision. So when you're thinking about that buying group and putting it together, are you mapping that out from the beginning? Like here's what it's likely to be, and then experimenting on it. Is that how you think about it?
Vamshi Sriperumbudur: 30:29
Yes, 100%. 100%. Because I think we can talk about buying group in a purely from a demand generation perspective. But here we're talking about mid-funnel to bottom funnel customer touching the product. And you know, you're literally solving the problem or the sampling them on how the problem can be solved. Absolutely important in terms of who you want to be playing with the product.
Rajiv Parikh: 30:51
So maybe you say there's like minimum viable persona segmentation. You've done this for multiple firms as a CMO, right? Multiple security firms. How do you think about that? Right. You're doing it from a go-to-market point of view, and then you're going from an after-implementation point of view because you also want cross-sell upsell. So take me through it, help me understand it.
Vamshi Sriperumbudur: 31:09
Oh gosh. So this is an exciting point.
Rajiv Parikh: 31:11
But not a half an hour discussion.
Vamshi Sriperumbudur: 31:13
Do it in like two minutes. Two minutes. It's ICP, two words, ICP and persona. So again, working with finance and sales, et cetera, right? Go-to-market peers, you know, making sure that I have the right accounts that I'm going after, my team, right? Intent signals from six cents demand base, engagement signals, competitive signals from organizations like edues. I'm talking about enterprise sales motion. Once I have that, then I've got 5,000 prospects that I'm going after. That's my target account list. Because I've done all the filtering, geography, right intent, right engagement, what have you. Then I need to make sure we talk about buyer group. I have the right buyer groups. Because if you think about buyer groups, you've got, I mean, medic methodology. There's so many sales methodologies, and marketing needs to meet them where they are, right? So there is in Challenger, et cetera.
Rajiv Parikh: 31:55
There's a million sales methodologies, but in general, you're looking at stages of how you buy proof points.
Vamshi Sriperumbudur: 32:01
Correct. And then within buyer persona, particularly buyer groups, there is something called an economic buyer. This is the person who's in responsible for signing the check. But then they are not, they don't use the product. A CISO doesn't use the product every day. CIO doesn't use the product every day. Typically, it's used by a practitioner. So these are influencers, the security engineers, et cetera. And then there's some folks who actually are gatekeepers and call them gatekeepers. It's not, it's a harsh word, but you got to make sure that they're happy. The procurement team, the finance team at our customer sides, right? Making sure you're in the Gartner MQ leadership, making sure you're able to price it right, making sure there's a number of other things that they care about. You're in the approved vendor, so on and so forth, right? So these are different personas. So when you qualify a lead in throwing it over the fence to sales, that's not enough. You need to make sure that your minimally two or three of your buyer group of handful of buyer different personas are met so that the sales can now not only set up a meeting, but have advanced conversation to a POC, then to a court, and then getting it further, right? So to me, that is the critical aspect of an enterprise sale. Treat your customer just like you have sales and marketing, treat them as a group and then work through those buying motions that way.
Chithra Rajagopalan: 33:12
And one thing I would call out on that is like think about your practitioner versus your EV, right? If they are not aligned, that's when your product is not adopted. So this is why post-sales also comes into play. But at the same time, the alignment, your sales team along with your marketing team, should be able to make sure, kind of like, how do we get those early signals of that alignment within that core? Because for a large company, like if practitioner or whoever's doing the implementation comes like, I don't have time for this, I don't have resources for this. So then you have a product that's sitting that's not giving any value to the customer. And when it comes to renewal, it's a very difficult conversation, right? This is why understanding your persona at which you're and the buying committee, having a real understanding of who you're selling to and what you're selling is going to be extremely important.
Rajiv Parikh: 33:59
From a financial perspective or just as part of the senior group at the company, are you guys tracking to that to see that, well, when I make that deal, you know, everyone wants to celebrate making the deal, right? But that really the deal is about the satisfaction, cross-sell, upsell growth. Are you looking at those factors too, helping your go-to-markets team with that information?
Chithra Rajagopalan: 34:18
100%. That's where the post-sales metrics and how we are thinking about what are they touching? What in the product are they finding helpful? Like who are the admins that are logging in? Like how much is the usage and adoptability happening? Like the outcomes that we discovered or aligned to during the selling process, are they getting checked off? Is QBR happening? So there is a whole another element and world that needs to function.
Rajiv Parikh: 34:43
Do you have like a general number or rule of thumb?
Chithra Rajagopalan: 34:46
Like if they don't do this, I would say that's very, very business specific, but I would say, like in general, like if you think about like, are the right people logging in? Like how many times are they coming in? And what are they looking at? Are they adopting or are they exploring areas that they said that were important? If you're not, how do we guide them?
Rajiv Parikh: 35:06
That could be your customer at risk, right? So it's a part of the overall assessment. Yeah.
Chithra Rajagopalan: 35:10
Exactly. That's ultimately defining what the health of that customer is, which then gives you early indication of whether there's a churn risk or not. Or maybe at the end of the day, this is where a TAM organization would adds so much value because maybe they discover new things, which becomes an upsell opportunity. So how are they transferring that information back to the sales organization and the reps to be able to kind of have that seamless conversation with the customer?
Rajiv Parikh: 35:33
And you've done some pretty big fundraising rounds. When you do the later stage rounds, do the investors demand that data?
Chithra Rajagopalan: 35:39
Not in that sense, because if you think about your NRR and GRR, ultimately that's what cries the most, right? Like if you're not able to show a NRR percentage going up.
Rajiv Parikh: 35:48
Net retention revenue, gross retention revenue.
Chithra Rajagopalan: 35:51
Yes. So that is a huge indicator. And that married along with the gross margin percentage should be able to tell you in what healthy way you're able to kind of look at the magic number, look at like the retention, look at churn. Like it gives you very early signals of how light your product is, how sticky your product is.
Rajiv Parikh: 36:09
That's what really matters. So now I'm gonna have us jump into opinions about security. So for this segment, we're diving into the turbulent world of security services where the stakes are measured and billions and threats are evolving by the minute. For global enterprises, digital security is no longer a checklist item. It's a core competitive battleground. But how are we spending those massive security budgets? Are we winning the war or just investing in an illusion of safety? So we've compiled some controversial opinions that challenge the industry's biggest sacred cows. So here we go. I'm gonna ask the question and just give me a quick response to it. Okay, so we're gonna talk about zero trust, right? Zero trust is the notion that you are taking everything from the point of view that it has been hacked. Not just could be hacked, it has been hacked. The ideology of zero trust is a fiscally irresponsible fantasy for global enterprises. The cost of implementing and rigorously maintaining universal authentication and micro-segmentation across legacy systems, vast global networks, and a diverse vendor ecosystem will always exceed the economic benefit of minor risk reduction.
Chithra Rajagopalan: 37:11
I think for me, like when I think about zero trust, it's for many organizations, zero trust does make sense if it's done well or phased properly or have like measurable outcomes for kind of like aligning back to the business risk, right? But zero trust, depending on it really depends on the organization size and the complexity of what you're dealing with. So attackers are no longer like breaking in, they're logging in. And once inside, they're blending in, right? So traditional identity tools build on on-prem, like they can't detect like assassinative threats, like token theft or third-party integrations, militia third-party integration, or even like token hijacks or session hijacks. So even zero trust models will fall short when attackers use valid credentials or like bypass MFA. So it's just one part of the solution. Just because you have zero trust, that doesn't mean your entire surface area, kind of like the attack surface area, is now secure. So I would say like it's a just part of the problem, not the entire problem.
Rajiv Parikh: 38:11
Okay, so you're not just saying that zero trust or nothing, it may not even be about zero trust. Yes, exactly.
Vamshi Sriperumbudur: 38:17
Great answer. Bamchi. I think for large enterprises, zero trust is an absolute must framework. Define it right, right? Zero trust. By nature, basically, you don't trust anything, anybody. So you, in case of secure access services, you're not trusting the user who got access to your application today is actually going to have the same access tomorrow, or the act, the amount of access he or she or they have will change over time, right? So you're continuously checking trust. Uh, that's in the access aspect. In terms of uh identity, that's in yet another zero trust, network, zero trust, data, zero trust, access to data. And now I know Chitter talked about this as well, which with agents now there is so much emphasis on zero trust before somebody gets into your network, right? Into your system, into your periphery. But once they are in, there is a lot of lateral movement that's very dangerous, right? So, how do you contain, let's say, if there is a breach? And in the world of agents, agents talking to agents, this is absolutely new world that we are stepping into. And zero trust principle is absolutely important in terms of your agent having access to another agent and that all the integration happening, and these are non-human identities. How do you manage that? So, having a framework of hey, zero trust, then apply to various points of data, network, agents, AI agents, that is absolutely required.
Rajiv Parikh: 39:34
Great. Thank you for that. Next question Mandatory breach disclosure laws are a greater threat to a company's financial stability than the breach itself. These regulations force companies to prematurely reveal vulnerabilities and competitive information to rivals, making the legal and PR fallout the primary motivation for hiding attacks.
Vamshi Sriperumbudur: 39:53
Amshi, you want to take a shot at it? I'm very much in support of breach disclosures. This is absolutely important. It's not about the technology vendor anymore. It's not about the customer of the company that are that has a breach anymore. It's about their customers, it's about their partners, it's about consumers. This is absolutely important to not only report it so that while you, who is a factor, is taking care of what needs to be done, the customers, the partners, the consumers are also doing what they can. This is sharing information absolutely required in my opinion. Chithra, you're willing to take the stock yet?
Chithra Rajagopalan: 40:26
Absolutely. So I think I'm totally aligned with what Bamshi said. There should be an incentivization for improving security investment. So and I'm gonna take it up one more level and challenge that there is also a vendor responsibility aspect to this. So as vendors and consumers, we need to up our standards on what security standards should be, right? So today, if you think about vendors out there, security or not, right? Like the settings and permissions are so different, app to app. Like it's so hard to make it consistent from a risk management standpoint. Even API configurations and access to APIs, right? And that'll worsen the posture, not having proper logs or like not being able to really investigate threat and response. So this is a collective effort. And to Vamshi's point, it's like the customers, it's about the partners, it's about the vendors. So it's about like us coming together. And given the AI situation in this, like the problem area is a lot more amplified. So I think us as an industry, I think we should all come together. Our security leaders should all come together and have an understanding, even with the vendors, to have like a baseline expectation. This will help security vendors like us, like Palalt or Obsidian, really provide maximum value to the customer environment. So I feel like this is a joint responsibility where it's not about the disclosure, it's about how are we taking the information we need to come together and kind of like help elevate our standards.
Rajiv Parikh: 41:50
It's not a competitive thing where you're like celebrating that one of your competitors, you know, got hacked or one of your competitors' products got hacked. It's about this is an industry problem.
Chithra Rajagopalan: 41:59
And shame on us, right? If you're not able to figure it out, because it's not like attackers are gonna go back. They're gonna get more and more intelligent. They're gonna come up with creative things to, you know, like have a breach. So, how are we elevating ourselves is the biggest question.
Rajiv Parikh: 42:14
Great one. Okay. Next one. Global enterprises are overcomplying with redundant country-specific regulations like GDPR, CCPA, CPRA. These excessive regulatory burdens consume so much budget and development time that it stifles true digital innovation and makes the business slower than its less regulated competitors.
Chithra Rajagopalan: 42:37
If you think about like breaches, right, like breaches always follow data and regulations always follow a breach. So technically it's inevitable, detail, that our data exposure will get tricky. So, yes, compliance might be expensive, but it's also forcing us to modernize our data management, right? Or improve transparency, build customer trust. So these are like prerequisites for a long-term investment and innovation. So the goal here is to optimize compliance, not resist it. Like use it to scale your technology landscape, especially like when we deal with our customers who are like from highly regulated industries like finance or healthcare. It's actually a necessity, not a burden. So if you think about non-compliance risk, like fine lawsuit or reputational, it's actually far more risk uh expensive. So treat this compliance efficiency or requirement as a competitive advantage.
Rajiv Parikh: 43:28
You don't see it as a patchwork. One country is this, another region is this, one state is this.
Chithra Rajagopalan: 43:33
Yeah, because because at the end of the day, like this this is an evolving space, right? Like, and how you kind of like go to market is also going to be challenged. And how you're kind of like what kind of data you're dealing with, who's consuming the data, what kind of data are you extracting will be different. But of course, at the same time, you want to have like a standardization of these things. But what I'm trying to say is like as we kind of like evolve in the space, you will see a lot of curveballs being thrown at you, whether it's from a regulatory standpoint. But how are you using that as a competitive advantage is probably the question I would ask. Because at the end of the day, that's how you're building customer trust, whether you like it or not.
Rajiv Parikh: 44:10
So, Vamshi, does this help you make better product?
Vamshi Sriperumbudur: 44:14
So I think it does, because I think end of the day, CISOs at the world's largest organizations, CIOs, right? They want to go above and beyond CCP, GDPR, data sovereignty requirements. There's so much about compliance. Because I think those are table stakes. The moment something becomes a compliance, it's happening everywhere. And you want to, you know, curb that issue in a tech, you know, a particular region, et cetera, right? In a particular industry segment, SOCs and Sarbins, I don't come GLBA, et cetera, right? In financial industry, et cetera. So that's to me, these compliances are table stakes. CISOs and CIOs aim for something higher than that in terms of having security, et cetera. So that is absolutely important.
Rajiv Parikh: 44:51
Then the benefit in yours goes to the companies that have real money, just you know, have significant money to spend, can afford it. What about the startup ecosystem? Like it's no fun getting one of those FedExes from an attorney making up a case about someone that you know you're supposedly stealing information from.
Vamshi Sriperumbudur: 45:08
So it depends, right? To me, it's about who are you serving. You may be a startup, but if you're serving the world's largest organizations, Fortune uh 500, global 2000, what have you. They have offices globally, presumably. Most organizations do, right? Retail, healthcare, or what have you, utilities, financial services, more so. Then you need to comply with what they will comply with. So that's kind of what it comes down to.
Rajiv Parikh: 45:31
Because it's global, you have to nail it.
Chithra Rajagopalan: 45:33
So we are a great example of that, Rajiv, right? Like our core ICP, our bread and butter is F1000, G2000 customers, right? And we are a startup ourselves, but then we are like kind of a mid-sized company, I would say. But we have to be extremely strict about how we think about compliance to be able to serve our customers who are in highly regulated industries. So we don't take that lightly. So for us, that is a pride for us that we are compliant and we are able to give the maximum trusted experience for our customers.
Rajiv Parikh: 46:02
That's great. And I'll say that I was using it to push you guys, but even for a company of my size, we are signing up for all the appropriate certifications, whether it's ISO 27,001 or SOC2 or for the medical industry, HIPAA, because you want to make sure that your clients are whatever we're building for them as well secure. So let me go to the next one. Here's an interesting point internal corporate security teams are structurally incapable of keeping up with global threats. For any enterprise over a billion dollars in revenue, the only viable and responsible model is to fully outsource 90% of detection and response to managed security service providers or MSSPs.
Chithra Rajagopalan: 46:39
Yes, of outsourcing detection response to MSSP. Yeah, financially efficient, operationally pragmatic. But I don't think 90% of outsourcing really seems responsible, in my opinion. I think cybersecurity is a core enterprise risk. It's not an IT function. It's not like, oh, okay, this is my problem. No, it's an entire company problem. So it requires an internal oversight or accountability or governance. So I think the right approach, I would say, is more of a co-sourcing, right? Like if you leverage the MSSPs for like the scale and certain expertise, but retain like that strategic control or the compliance ownership and all the high value incident decision making in-house. I think this is where different security vendors can also be extremely helpful in kind of like scaling that model, which still keeps the core intact.
Vamshi Sriperumbudur: 47:31
Interesting. Bamshi? Yeah, I know. I think look, it security takes a village and you can never have enough because the pace of innovation, AI, we talked about a lot, AI agents and how adversaries are good. So whether you're a security, large security vendor, and you're eating your own dog food, securing your own, you know, network, data, applications, etc., or you're a large organization in a highly regulated industry, it does take a lot of people, process, and technology. Let's put it this way. Your internal teams to be upskilled, your security personnel, all your entire team needs to be upskilled. Would you suggest a mix, or do you think fully or mix? It's a good mix. I wouldn't say what is the right mix because it depends on the company, depends on the vertical geography, et cetera, and size of the company, also, right? But it is something between the CISO and CIO. And let's put it this way CISOs, in some cases, their conversations are board-level topics. And for that reason, this is like overarching. It's not just your employees and your partners, it's about shareholders, everybody, right?
Rajiv Parikh: 48:33
Yeah, and you know, just like anything, like there's always the legal impact, especially for the largest companies. As soon as you know that you are at risk, you are a subject to lawsuits, right? And I'm sure that's a method of selling too for security firms. So this is really helpful. So, folks, welcome to the Spark Tank. Today on the Spark Tank, we are joined by two leaders who excel at maximizing scale, value, and strategic impact. Bamsi, Sri Peram Budur, global CMO for Prisma Sasi at Palo Alto Networks, and Chetra Raja Kopalin, head of finance at Obsidian Security. But for now, we're setting aside enterprise security and financial resilience to explore the wild side of disruption. Hilarious hacks. We're not talking about productivity tips, we're talking about the brilliant, ridiculous, or sometimes just plain absurd things that computer hackers have done, often with a sense of humor. So here's the deal. I'm gonna read you three statements. Two of them are absolutely true and functional. One is a complete fabrication designed to sound just plausible enough to make you doubt your own common sense. So the way the game goes is I'll count down three, two, one, and you both reveal your answers simultaneously. So are you ready to separate genius hack from absolute fluff?
Chithra Rajagopalan: 49:42
Yep. Ready.
Rajiv Parikh: 49:44
All right, good, good. Here's number one. This is the game. We're gonna see who can win this, who can find the lie. Question one. In 2021, students in Cook County, Illinois hacked every classroom projector and public address system to orchestrate a school-wide Rick roll with hundreds of screens playing never gonna give you up in perfect sync. That's number one. Number two, a clever prankster once changed all the road sign traffic alerts in New York City to display the message caution penguins crossing for an entire afternoon during rush hour. And number three, a hacker compromised the printers of 150,000 businesses worldwide, causing them all to print out, for the love of God, please close this port with a little robot cartoon as a warning. All right. So first is the never gonna give you up. Next is the penguins crossing, and third is the printer one. Ready? Three, two, one. All right. Mom she's two, shits three.
Chithra Rajagopalan: 50:46
Yes.
Rajiv Parikh: 50:47
Okay, so this one is two is false. While the road sign hacks have occurred, usually a warning about zombies or raptors, penguins crossing signs weren't reported in New York City.
Chithra Rajagopalan: 51:00
So it's close. I heard about the news about road signs being hacked. It's happened. Not for penguins. Technicality.
Rajiv Parikh: 51:09
Technicality. This is the game.
Vamshi Sriperumbudur: 51:11
Yeah, with the gut, which one has the threat analysis, which one has the most impact?
Chithra Rajagopalan: 51:15
But it has happened. Yeah, I remember reading about this.
Rajiv Parikh: 51:18
It's definitely happened. So number one is true. Four students exploited weak default passwords across the school's tech systems, pranking thousands of classmates and teachers, then responsibly reporting their findings in a 26-page security memo. And number three, a hacker that's also true, sent out custom funny warnings by accessing exposed internet connected printers starting in 2017, reminding owners in a cheeky way about cybersecurity flaws. So these are all off the wall. I don't get them right. So that's why I don't play anymore. So, okay, question number two. Number one, a notorious prank group once locked users out of their computers unless they beat the game Tetris in under one minute. Those that failed had the desktop automatically filled with quote 404 cat videos not found. Number two, in 2011, British cyber agents replaced Al-Qaeda bomb-making manuals online with a recipe for mojito cupcakes in an op called Operation Cupcake. And number three, hackers exposed a flaw in Lenovo's website, redirecting visitors to a prank page full of bored teenagers and high school musical songs to shame the company's bad software. Okay, so one is the Tetris game in one minute. Number two is mojito cupcakes, number three is the Lenovo flaw. Ready? Three, two, one. You both selected two, and it is not the cupcakes. That is true.
Chithra Rajagopalan: 52:51
What?
Rajiv Parikh: 52:52
Okay, what did we what was it? MI6 waged a bake-off against terrorists by swapping bomb instructions for cupcake recipes. Crazy. A playful win for British intelligence.
Vamshi Sriperumbudur: 53:03
Hmm. Interesting.
Rajiv Parikh: 53:04
Crazy can be true. And number three is also true. The Lizard Squad hacked Lenovo's domain to show humorous images and silly music, targeted its controversial ad software, superfish. And number one is false. There's no verified ransomware requiring Tetris speedruns. But you know, a cat video would be funnier than most malware.
Vamshi Sriperumbudur: 53:25
I was thinking maybe it's a possibility because Yeah, exactly.
Chithra Rajagopalan: 53:28
It seems pretty doable thing.
Vamshi Sriperumbudur: 53:30
Yeah, when you lock a computer, how would you play Tetris unless it's a screensaver game? Which I mean, I don't think it's possible.
Rajiv Parikh: 53:37
So I kind of like that one. So maybe somebody will let them down. But it would she would really freak me out. Okay, here's question number three. So far, Vamshi's in the lead by one. And I think this could be the last answer. So what I'm gonna do is whoever gets this one gets two points. So Chithra, if you happen to get this and Vamshi doesn't get it, you have a chance to win it all. So here we are. Number one, a British prankster hacked a smart billboard in London to display free kittens at 2 p.m. every hour, causing dozens of hopeful animal lovers to descend on Piccadilly Circus. Number two, the pizza hacking gang breached Domino's UK servers and replaced all menu photos with real images of pineapple on pizza, sparking outrage that reached parliament. And number three, security researchers implanted a Wi-Fi-enabled USB device called Peg Leg into their own leg so they could literally smuggle data under their skin across national borders. Okay, so it's either the free kittens at two in London, the pizza hacking gang, pineapple on pizza, or number three implanting USB devices into your own leg. Ready? Three, two, one.
Chithra Rajagopalan: 54:57
Three? Uh why? The first two definitely feels doable. Doable? Yeah, no, three seems USB device.
Vamshi Sriperumbudur: 55:08
Yeah, you can like peg leg a USB device. I mean, I haven't seen a USB device.
Chithra Rajagopalan: 55:12
Why a USB device?
Vamshi Sriperumbudur: 55:14
I haven't seen one in ten years.
Chithra Rajagopalan: 55:16
So yeah, exactly.
Rajiv Parikh: 55:17
Well, the answer was the false one was number two. Oh, that's crazy. Oh my god. Pineapple on pizza. Oh no. Pineapple pizza. While menu hacks are real and pineapple pizza is controversial, there's no record of Parliament weighing in on hack dominoes images. So menu hacks are real. The peg leg one. So this is the peg leg implant created by biohackers. They could store Wi-Fi data and was surgically embedded, pushing the boundaries of personal gadget security. And even I asked about it. Was this embedded? Was it on the skin? The biohacker was named Rich Lee, and he aimed to show that data storage and transmission devices could be hidden within the body for privacy, personal security, and a sheer demonstration of what was technologically possible. It sounds crazy and it's true.
Vamshi Sriperumbudur: 56:05
Yeah. Imagine if humans can do that, what can agents do?
Rajiv Parikh: 56:10
Pretty good. So great job, guys. This was a tough game, but I hope you had fun. And Bob She, you can walk away and say you got the win, and I'm sure it's your thrill will make you buy the next drink.
Vamshi Sriperumbudur: 56:20
Let's put it this way if you're in security business, you're winning for your customers. You're winning.
Chithra Rajagopalan: 56:26
Exactly. Our product team is like frantically taking notes right now.
Rajiv Parikh: 56:30
All right, let's talk about some great personal things for both of you. So I'm just gonna go back and forth and ask you just a quick question and come out with just whatever comes off the top of your head. From sheep, what's something you're surprisingly good at that has nothing to do with your career? And how'd you discover this hidden talent?
Vamshi Sriperumbudur: 56:46
Oh wow. So let's say my ability to DVR in a conversation. So sometimes I may have not paid attention and sometimes it helps in a social setting.
Rajiv Parikh: 56:59
That's your hidden talent? Yes. You must spook your wife, right?
Vamshi Sriperumbudur: 57:02
With that, doesn't work 100% of the time, but it gets me out once in a while. Yeah.
Rajiv Parikh: 57:10
That is a hidden talent because I'm totally tuned out when I'm tuned out. Okay, Chithra. If you had to choose a theme song that plays every time you walk into a room, what would it be and what energy are you trying to bring?
Chithra Rajagopalan: 57:20
Okay, so I love songs. I'm from South India. So there is this random rap artist, very like underappreciated, I feel. So he has a song called Tamburadi. It literally means queen. So I totally walk into rooms with that playing in the background.
Rajiv Parikh: 57:35
Oh, I like that. Bamchi, what's a time when someone showed up for you in a way that completely changed how you think about showing up for others?
Vamshi Sriperumbudur: 57:44
I think it's not just someone, it's almost like everybody. So I'll just say this. And Paul Aldener was when I joined. I ask a question and I get a response within two hours, sometimes 20 minutes, sometimes immediately. And I have like very broad-ranging questions. So to me, I think that speed of response was amazing. And I really appreciated it. And I cultivated some of that as well.
Rajiv Parikh: 58:07
That's amazing. Yeah, that's a super fast responsive in a company. It's a great way of showing that you care and showing that it matters. Okay, Chithra, if you could be guaranteed to be really good at one thing that you're currently terrible at, what would you choose?
Chithra Rajagopalan: 58:22
Oh, I love this question. It would be swimming. I'm terrible at it. Yeah, like growing up, the only outdoor activity I did was shopping. So I would love to swim.
Rajiv Parikh: 58:32
Pro shopper, not great swimmer, but want to swim. You know, it's funny. When I go to India, every pool is max depth four and a half feet. Exactly. So you get the point. And then when I go to the beach, if there's any hint of tide, they won't let you go in any any higher than your your ankles. So it's ridiculous. So you're not the only one. Okay, Vamshi, what's a mistake you made that taught you more about yourself than any success you ever had?
Vamshi Sriperumbudur: 59:02
I think early on in my career, you know, in marketing aspect, kind of, you know, the enthusiasm to talk about us and our offerings was a lot versus kind of doing a little bit of, and these are the the conversations at a at an event offline, et cetera, versus talking to the customers, prospects about, and even partners about what do you do. And then that actually gives you the information to bridge versus like, okay, I'm doing this and this is what I do. Like it doesn't matter. So value of a conversation is a lot more when you actually learn about somebody and then be contextual.
Rajiv Parikh: 59:39
Yeah. Flip the script, right? You don't need to give everybody the answer. You need to talk to them first, understand them. Chithrap, if you could give your team, whether it's current, past, or future, one gift that's not money or time off, what would it be?
Chithra Rajagopalan: 59:53
I think it would be gift of being resilient as a human being. It's a very underappreciated skill, I feel. Like we're going through so much, whether it's personally or the world, but being resilient, having a sense of gratitude. I think that's what I would get.
Rajiv Parikh: 1:00:07
I love that. That would be an incredible gift. Thank you both for joining me today. I think we had a really illuminating discussion about security and the unique challenges of building security products and marketing them and getting them to market and thinking about how you measure the metrics around it. So I really thank you both because you both have so much experience in that area and you're hitting it from multiple angles. So I really appreciate it.
Chithra Rajagopalan: 1:00:29
Thank you very much. This was great.
Rajiv Parikh: 1:00:32
Yeah, and it's also great to get to know you guys. Thank you. I have about three takeaways from this. And one is how important security is to what we're doing and how easy it is in this AI world for security and critical corporate information to be breached or used as a way to influence us or to drive actions or harm us. It's surprisingly easier with AI and even more challenging than before. So Wolf, I think, did a great job of talking about that. I think from a go-to-market standpoint, actually made go-to-market to security easier to understand. A lot of times when you hear about ABM, you talk about lots of systems and data and technology. And from their points of view, it's as straightforward as what's my ideal customer profile? What do I need to do to approach them, reach them, drive to them? And how do I present information that they can see and touch? Security in and of itself is hard to see and touch until you get in trouble. And Vamshi and Chithra talked about how they can make that understandable by visualizing the product, showing reports, by securing subsets of their data. They're just straightforward PLG approaches, product-led growth approaches that they talked about. And I think the last part that I took away is that in security and being part of a team that's marking security to companies, it's important for the group to work together. So finance and go to market. Yes, you have to close the deal. Yes, you have to get the pipeline in. But your metrics also are about establishing a relationship that enables your company to your prospects or your customer to succeed. And so when Chithra talks about metrics around it, she cares about more than just the sale, but beyond the sale. And so does Vomsheets. It's really important to be part of that team that works together on it. So I took a lot out of it. And I hope you did as well. They're both really know the field extremely well. And that just shows you how critical it is for our economy and how we, especially in this whole world where we're adding more and more agents. So I hope you enjoyed it. And I hope you enjoyed all their personal notes. They're just really interesting, good people that have found their way and grown up to be executives and emerging in top companies. Thank you for listening. If you enjoyed the pod, please take a moment to rate it and comment. I do actually read all these things and I really care about what you have to say. You can find us on Apple, Spotify, YouTube, and everywhere podcasts can be found. The show is produced by Sindley Parik and Anand Shah, production assistants by Taryn Talley and edited by Laura Ballant. I'm your host, Rajiv Parik from Position Squared. We are a top notch growth marketing company based in Silicon Valley. Come visit us at position2.com. This has been an F Funny production. We'll catch you next time. And remember, folks, be ever curious.
