Get IT Started Podcast

GISGID EP 29 – Alex Bovee of ConductorOne and Den Jones

In this episode of the Banyan Security Podcast, host Den Jones speaks with Alex Bovee, the co-founder and CEO of ConductorOne, a technology company focused on modern identity governance and access control. They discuss the challenges of building a startup, the importance of customer success, and the future of identity security. Alex emphasizes the need for automation and visibility in managing access and permissions, and highlights ConductorOne’s goal of providing a horizontal end-to-end identity security platform. He also shares advice for aspiring entrepreneurs, encouraging them to bet on themselves and take the leap.

View Transcript

Speaker 1:
Hello and welcome to Get It Started, Get It Done, the Banyan Security Podcast, covering the security industry and beyond. In this episode, our host and Banyan’s chief security officer, Den Jones, speaks with Alex Bovee, the co-founder and CEO of ConductorOne, a technology company focused on modern identity governance and access control. We hope you enjoy Den’s discussion with Alex Bovee.

Den Jones:
Hi everyone. Welcome to another episode of Get It Started, Get it Done. I am your host, Den Jones. This is Banyan’s lame attempt at podcasting. So, for shit at making software, we’re falling back to this gig. Just glad our software is better than my podcasts. And so, every episode I have uniquely talented and gifted guests. And this episode is no different with Alex Bovee, co-founder and CEO of ConductorOne. Alex, welcome to the show and why don’t you introduce yourself?

Alex Bovee:
Thanks, Den. Yeah, I appreciate you having me on the show. So quick introduction to myself. I’ve been living the security life, I guess, for most of my career, for most of my tech career. I ran enterprise products when I was at a company called Lookout Mobile Security. Then, we met when I was at Okta leading up all things Zero Trust and security products there. But as you know, Okta, that mostly meant authentication and sort of authenticating users and devices and I jumped out and started ConductorOne about two and a half, almost coming on three years, I guess, ago. And I’m on the founder journey now full-time, doing all the fun founder things, building a team, building products, getting customers and raising money when necessary and running my own podcast, which hopefully is not going to be the fallback mechanism for making money, because hopefully, it’s going to be ConductorOne.

Den Jones:
I know, right? I just noticed you guys raised, what was it, $27 million in your last ride there?

Alex Bovee:
Yeah, yeah.

Den Jones:
Awesome.

Alex Bovee:
Yeah, no, it’s good. It’s great to have war chest. It was kind of a split round, actually. We raised the first tranche of it mostly from Excel who also participated in our seed round, and then we had this opportunity to raise a kicker we called an A Prime from Felicis Ventures, who is just a phenomenal investor in the security space and just couldn’t turn it down because it was great top up, gave us the ability to run even faster, make some strategic investments in the team and go to market and yeah, excited to have it, to be honest.

Den Jones:
Awesome. Yeah. Yeah. Well, I mean, it’s funny, right? This stage, and you know for me joining Banyan, this is my first startup that I’ve been involved in. So, to see the backend mechanics of fundraising and how you run the business when it’s not the Adobe’s or the Okta’s of the world, right? Well, Okta, 2017, we were doing our Zero Trust stuff in Adobe, partnered with Okta on that stuff. You were highly involved with a lot of the stuff that we were doing together and stuff. It’s funny when you think of the funding model, you have a uniquely different situation at Okta when you do it ConductorOne. What do you think is the biggest difference or learning that you’ve taken away by that kind of going solo on your own and not having the same funds that Okta had?

Alex Bovee:
Yeah, I mean the biggest differences between, I’ve sort of been at all stages of companies with the exception of maybe really large 10,000 plus companies. I’ve never really done that career journey, but I’ve been at all stages of sort of startup from starting truly at zero with ConductorOne, it’s like me and my co-founder of two people. You go to bed, you wake up in the morning, nothing’s different about your business. Literally, like nothing changed.

Den Jones:
Yeah.

Alex Bovee:
It’s kind of a terrifying situation. Being at Okta, which was super hypergrowth, growing customers hand over fist, you’d wake up the next morning, you got 10 more customers, that kind of thing. And I would say that the biggest difference for me is just, it’s this element of when you’re in a hypergrowth company, everything is just working. Your job is a director, a manager, even an IC, just try to catch up, keep up with the boulder that’s rolling down the hill effectively. And so, you’re just building your team and everything’s about scale and just trying to scale out everything as much as possible. But everything fundamentally works.

And I think even on the product side, when I think back on issues that we bumped into, a lot of times its feature requests and sort of incremental things from customers or incremental go lives, but fundamentally everything is just working end to end. It’s just about making it dial in and go faster. The fun thing and the scary thing about a startup is like, nothing works. And so, you’re in this constant journey of trying to figure out what’s most broken at any particular time and really bringing functions up from zero and just going from zero to one. But you got to do that across your whole business.

You got to do that from obviously starting with product and engineering and building something that people care about to then go to market and customer success and technical support and marketing. And so, you’re really in this process of a little bit of a puppeteer trying to bring all parts of your business up to some functional level so that you can get to the point where you’re really scaling things out effectively.

Den Jones:
Yeah, yeah, no, that makes sense now. So, let’s talk a little bit about conductor one. So, what inspired you guys to start it? So maybe, you can share a little bit about you and Paul, how you guys got together, what inspired you to start?

Alex Bovee:
Yeah, so our background, so Paul and I connected, we actually first met when I was at Okta, so I was leading up Zero Trust products. And as a part of thinking about that Zero Trust strategy, obviously, Okta’s very engaged in access management and sort of federating users. And Paul was the co-founder of a company called ScaleFT at the time, which was sort of loosely blessed, if you’re familiar with the Netflix loosely based on this project that Netflix called Netflix Bless, which was kind of this ephemeral certificate issuance. So, you can SSH with short-lived certificates into remote machines effectively. And so, it was like a Zero Trust architecture, but applied to infrastructure access.

And so that was really interesting to my area while I was looking at Okta because anytime you can take a user and then effectively federate a user into some other resource owner, whether that’s a machine or an SSO to an application, that is kind of the business a little bit that Okta was in. So, we actually got connected at Okta via the acquisition of his company. And so, then we ended up just working really closely over the relaunch of that product, which today is called Advanced Server Access. But funny enough, that was also in some ways the early sort of inception of ConductorOne was, we just saw companies struggling with not just the SSO, like the federating a user’s access part, but actually the permission management and the authorization management as well.

And so, companies would always ask, “Well, how do I make sure that users have the right permissions when they’re in these remote machines?” Or, “Hey, we’re not really logging into machines, everything’s in AWS and it’s about secure Session Manager.” And so, really, we’re managing control of our infrastructure via assume role permissions. And so, to me that was just a light bulb, but oh, in the Cloud, it’s about you’re really a single identity and it’s about permission management and escalating and attenuating permissions over the lifecycle of a user. And really doing that well is hard because most companies do it with a confluence document describing how to get access and someone’s submitting Jira tickets.

And so, I think, that was some of the early bells that were going off. But then, broadly, I just took a step back and realized that, and him and I both sort of saw eye to eye on this that really SSO and MFA just wasn’t enough. You’d see these companies out there doing “all the things” that they needed to do to be “secure in the cloud.” They were adopting us, so they were adopting MFA, they were getting their SOC2, but they’d still be breached. And identity is obviously the leading cause of that. So, to me, it’s very clear that identity needed a different security approach.

Den Jones:
Yeah. Now, you’ve heard me say this and anyone that listens to my bullshit has heard me say this, that I’m not a big fan of this whole least privilege access. First of all, the term blows my mind. But just the whole concept, because I think we’re just a security industry, we just keep adding people to shit. We never take anyone away from stuff. So, least privilege my ass. So, why don’t you as the boss of ConductorOne, why don’t you try and bring me back on earth and say, “No, Den, that’s nonsense and here’s why.”

Alex Bovee:
Yeah, I mean, I love it. This is shots fired, man. Yeah, look, I think that least privilege, just like Zero Trust, it’s a destination, it’s not a project. So, that’s the starting line I would say for having this conversation is, it’s not about a thing you can achieve overnight, but it truly is an objective and a goal and there’s a lot of complexity to achieving it. I think to unpack it a little bit, I think there’s, to your point, lots of momentum and practices today that hold companies back. I think one of those practices is birthright access. We just grant too much access day one via birthright. And there’s reasons that people do that, and I think it’s mostly from a productivity perspective, but that can be a little bit of a momentum in the wrong direction.

I think the other reality is there’s just a lot of bad practices around identity management. When someone joins the team, what access do they need? Oh, I don’t know, copy gems. So, that’s a little bit of an anti-pattern, right? Well, the goal of least privilege access really is derived from that Zero Trust concept of getting the right amount of access to do your job for as long as you need it and no longer than you need it for. That’s the core tenant of the Zero Trust access principles. And so, the idea of granting too much permission or copy pasting permissions that don’t really have justifications are all anti-patterns in that.

And I think the real reason that we’ve done that, I think at the end of the day is just productivity. It’s overweight. We have so many apps. We have so many, even in your AWS, you might have tens, hundreds of accounts potentially, and managing access across that is a just brutal. And so, if the way that you’re doing that today is with Jira and is with tickets and its manual processes, yeah, you’re going to cheat code it and you’re going to over permission users, you’re going to grant them too much stuff because you don’t want to deal with the hundred freaking Jira tickets that’s coming down the line for someone to get access to the right amount of things later.

And so, I think the key to all this is automation. I mean, I think that’s just the missing piece is if the effort to grant and provision access is really low and the ability to remove it is also really low, then you can do those cycles a lot faster and a lot more just in time. Then, if granting access takes a week and IT has got to touch it and support has got to touch it, and you got to go get these manual approvals for things and you got to get someone to go provision it, that’s just way too many clicks and calories. And so, people are going to default to over permissioning users. So, that’s my pitch to you.

Den Jones:
Yeah. Right. And by the way, so there’s nothing that you’ve said that I would say disagree with, so that’s positive, I guess.

Alex Bovee:
Whew! Okay.

Den Jones:
I know, right? But there’s a couple of little gems and nuggets you’ve got in there, right? So, one is if you’re a smaller company engineering DevOps, then yeah, you’re playing around with Jira tickets or even sometimes Slack. If you’re in the enterprises like the Adobes and Ciscos, you’re using Zendesk and IT tickets, the Wazuh. And I think the reality is the cost of operation is really the thing that makes people get sloppy because they want to do it quicker, they want to do it cheaper.

And then the third thing you touched on is automation, because one of the things that we were doing in Adobe was automating. We were blessed from the outset. We ended up with about 2,000 apps on Okta and we were starting to use groups for all the important apps. And if you didn’t log into the app, we’ll just take you out the group. So, Core screen authorization, and we automated that based on authentication log data. So, that whole concept of automation, like you say, I think is vitally important. Actually, the fourth thing you said, which I love is Just In Time. JIT, for me, is that concept where I think a lot of companies are talking about just in time now, not a lot of people are doing it effectively well.

Not to say that there aren’t products that do it effectively well, but to say that the adoption of companies buying those products and deploying them to their entirety to get the best out of them, I think that’s the piece where things fall over, mainly because I’ve seen a lot of companies deploy shit and not deploy it completely. So, they don’t really get the full business value out of the money they’ve just spent. And often, that’s a resource thing, usually.

Alex Bovee:
Yeah, I mean there’s so much packed into also what you’re saying. I mean, to touch on the first piece about usage-based coarse-grained revocation or deprovisioning, I think totally a best practice. In fact, we support that in our product and we just view that as one of the many types of workflows that you want to add around access management to help achieve that least privilege goal. Because to your point, it’s like, if you haven’t used an application, you should just remove it or de-elevate their permissions in the role or in the application at a minimum. So, I think that that’s one JIT access is one, self-service user access reviews. These are all just, I hate to say boring tools, but they’re a little bit like these are not…

Den Jones:
Mechanisms.

Alex Bovee:
Yeah, they’re not inventing some amazing business process that didn’t exist before. These are well-known business processes, it’s just that in the absence of being able to really effectively automate those, it’s really hard to get to the outcome. So, I think you got to just focus on automating that full life cycle. And then…

Den Jones:
Now…

Alex Bovee:
Oh, yeah.

Den Jones:
Sorry. Keep going.

Alex Bovee:
No, I was going to say the other interesting point too that I would just like, maybe this is a little bit of my knock on the startup ecosystem and vendors to a degree is your point about deploying a solution but not getting it end to end, to me is, I think also a little bit of a reflection on our myopic innovation strategies sometimes around startups just too narrowly focused on just a single little point solution or a single little point thing. And I think it’s like we’re our own worst enemy sometimes in the valley. I think we’ve been told that the right way to build companies is to just focus on this tiny little thing and just do this tiny little thing.

And the reality is then you get companies that have not rolled out the solution end to end in their company because they’re just solving this tiny little problem over here with your product. So, I think there’s something there too around, like, we got to think bigger. We should have end-to-end identity security solutions. That’s our goal is end-to-end, whether you’re hybrid, on-prem, or you’re all in the cloud, we want to do it all because the little bits and pieces solutions feel frustrating.

Den Jones:
Yeah, it’s funny. There’s the whole idea of I want a big platform or I want best of breed. And I think when you get to best-of-breed, it’s like, yeah, but you can’t just be best-of-breed at solving one niche problem and I end up having more tools than I have staff.

Alex Bovee:
Totally.

Den Jones:
That doesn’t help. And then, the other thing is people’s integrations. They always say they integrate with X, Y, and Z. I used to always have this joke, you just don’t integrate with the shit that I need. Everyone’s like, “Oh, it’s fully integrated.” I’m like, “Is it really because you just don’t integrate with the shit that my team’s asking for, but maybe very unique.” And I always felt that. Okay, so I’ve got two big questions, I guess, right? One, let’s start off with, so one’s going to be about when you sell to people and you explain who you are and why you’re different, the other one’s going to be, where’s the vision, where do you want to be? I always think of my podcast as Get It Started, Get It Done. So, we kind of heard about the origin of why you wanted to start this and the space in the market.

So, let’s talk about the sales pitch. And when you go and speak to executives, who do you find you speak to that gets you the best results from selling, and what’s your pitch to them? Because there’s a lot of vendors in this identity space, so why should people care about ConductorOne?

Alex Bovee:
Yeah, I mean, I’ll start with the first question you asked, which is really how we think about our differentiation. I think for us, it’s a lot of basics, honestly. It’s like we’re really focused on customer success, quick time to value with a beautiful product experience that’s really easy to use and get deployed wall to wall. That’s our goal truly, and I feel a little bad saying this on the heels of your point about integrations, but truly with a product that integrates with all your technology and all the things that you care about. And actually, as a differentiator, we have some really cool technology that we built around integrations that I’m happy to go into later. But effectively, we’ve open sourced the integration layer that lets us kind of connect to any application database to manage identity and audit permissions and orchestrate access changes.

So, a fundamental belief that I’m happy to get into a little bit later if you want. But I think it’s really that, and I just believe at the end of the day, if you really focus on loving your customers and doing everything you can to make them happy and make them successful, just a lot of goodness follows from that. So, that’s a little bit of just a core guiding principle for us is do every single thing you can to make a customer happy and get them live and just really focus on their success. So, I think that’s a big part of it. For us, in terms of who we go to the most on the executive team, it tends to be the CISO. So, usually we’re talking to them about least privilege access or helping to secure identity, really get to that outcome of preventing an identity breach from happening in the first place.

That’s the thing that keeps people up at night, at the end of the day, they’re worried about, we just did a riff and I have no idea if there’s any orphan accounts floating around in there where people still have access to things that they shouldn’t have. We spend way too much time on ticketing and manually provisioning access. I don’t know all the applications in my environment. I don’t know where all the data lies. I don’t know who has access to what from a lease privilege perspective, why do my engineers have access to production infrastructure while they’re asleep? These are the types of problems that we’re really trying to solve for at a high level.

And so, when we come in and have that conversation, I think that really it starts out on the right foot of like, “Hey, we want to be that partner for you to help secure identity.” And obviously we have a really big roadmap around how we want to do that long-term.

Den Jones:
Awesome, awesome. And some of those problems mean, I think of it, we mentioned buzzwords like least privilege and Zero Trust and stuff. Nobody ever got paid to go deploy some Zero Trust. [inaudible 00:21:47] Those are buzzwords that some exec reason, like, who gives a shit monthly magazine? So, the reality is we’re paid to solve problems. And what you were describing there was, “Hey, I got a bunch of questions that executives ask themselves because they don’t know the answer, they don’t know how to get the answer.”

So, I think that’s really phrased excellently well because ultimately those questions are usually problems that people get scared about, the risks that they’re trying to explain to their board. And then, so you talk about the journey you guys are on and stuff, where do you see the future? If you could roll the magic dice five years from now, what do you think done looks like for ConductorOne?

Alex Bovee:
I think it’s about a horizontal end-to-end identity security platform that helps a customer secure identity from visibility. Answering the questions that you can’t answer today. Do I have orphan accounts in my environment? Our people, do they have too many permissions, our people are over permissioned? All the way through to lifecycle management of users, lifecycle management of permissions through to detecting threats and actively remediating them. To me, that is the goal that we really need to be shooting for is being able to secure identity means across all your identities in your environment, whether that’s your workforce users or your machine identities or your service accounts or your contractors.

There’re different places those identities live and different security concerns related to all of them. But I think being able to provide visibility all the way through automation to threat detection, remediation across those different identity types is the goal. That’s probably longer than five-year roadmap, but one project at a time. I mean, to go back actually talking about that executive level discussion from a security perspective, there’s the answering questions, and then, we also see our value in terms of being able to automate and solve the problems as well. And so that’s where we’re anchoring from a project standpoint. And so, I think about our roadmap a little bit in terms of how do we help with more projects over time? What are the additional things that we can solve for customers?

Den Jones:
Awesome. Awesome. And then from a pricing perspective, do you guys license per user, per widget, per month, per year? I guess?

Alex Bovee:
Yeah, it’s kind of a hybrid. We have a platform fee and then we charge per user, per month for the different products that we have and the products snap to those projects. I talked a little bit about Enterprise App Store, Self-Service, user access reviews, Just-in-Time access, those are all sort of projects.

Den Jones:
Yeah. And the other thing you mentioned, which is pretty intriguing, is open sourcing the ability for people to build their own connectors and stuff. Do you want to explain a little bit about how that works?

Alex Bovee:
Yeah, absolutely. So, that project is called Baton. The idea behind that project was when we looked at what it was going to take to secure identity, it was really about understanding the identities in an application, understanding permission levels, being able to orchestrate changes, eventually being able to detect threats and just audit. There’re all sorts of additional sort of layers there around that are identity centric layers that every application needs to be able to provide that interface too. The challenge was that protocol doesn’t exist. So, when the Cloud came about and really got adopted at scale, one of the tailwinds to the cloud adoption was the fact that you had these standards like SAML and eventually OIDC that these cloud providers could adopt that streamlined authenticating into their platform.

So, really, it made it super trivial for you to adopt an IDP then to be able to authenticate your users into those applications. And so, that was great, that standard existed. And then, you’ve got some things like SCIM that are trying to solve the user and group replication problem from a central directory into the application. That’s really a productivity solve. It’s not a security solve. And so, what we saw is there’s no identity security protocol. There’s no protocol out there that lets you say, tell me all the users in this system and what permissions they have and build an authorization graph for the system because I want to inspect it and I need to make sure that we’ve properly off boarded users or I need to make these access changes to it.

So, that was the idea behind Baton is let’s create this interface where it can effectively be the technology layer that sits between your own tooling or the ConductorOne control plane, or we have a command line that bolts on top of it that lets you integrate with effectively any technology, whether it’s a database or LDAP or AD or AWS or HubSpot, it doesn’t matter. There’s a Baton connector for all those systems and tons more, and you can integrate that in your own tooling. ConductorOne uses them behind the scenes, or you can use our CLI to interact with them.

Den Jones:
Awesome, awesome. That’s cool. I mean, yeah, I think of usually the whole marketplace concept where you want to build integrations and you can put them up in the marketplace, they can be sanitized and check, so they’re good and then they’re made available. But this seems like a more streamlined, quicker empowering method. So, that’s cool. Shifting gears a little bit, what do you do when you’re not working? What’s that method for Alex to just chill or relax or get away from the grind of work?

Alex Bovee:
Oh, man. I like running, so that’s always my de-stressor either in the morning or in the afternoon, so I’ll go on a little run. But I picked up playing guitar during the pandemic. I’ve been having a lot of fun with that, playing acoustic guitar. I’m not awesome by any stretch of the imagination, but I can crank out some Avett Brothers and some Lumineers and folky songs. I’m enjoying it. So, a little bit of that. And candidly, with two kids, just running kids around soccer games and stuff like that is all the residual time that I have in the world. So, keep it simple.

Den Jones:
I mean, it’s definitely a juggle. I mean, I don’t think a lot of people before COVID really got the whole work-life balance thing very well, especially not in the valley. I used to talk about this bullshit in 2004, and it was the first time I was leading a team here back in Adobe and stuff. And I would talk to my peers about work-life balance. And I’m just like, my team doesn’t deserve to be, they’re not your bitches that you can call on a Sunday just because you forgot to do something on a Friday. So, I was trying to introduce this then. I was lucky enough at one point I got a new boss and she’s a big believer in this system as well because she was a cancer survivor, so she knew the importance of life.

I think when COVID happened and everyone was all sent home, this concept of actually having a life and you’re not a slave to work, I think became a reality for most people. In most of my friends’ circle when they all went back to the office as COVID was winding down a little bit, their whole attitude towards work and life was very much like, “Hey, I’m here to live. I’m not here to work and work as a means to an end.” And if you’re passionate about your work, that’s brilliant. But I think the upshot or maybe the silver lining on the whole COVID cloud was a lot of people have emerged with this, I’ve got a family life, like your kids, 20 years from now, your kids don’t give a flying monkey. I mean, you could be rich, maybe ConductorOne will be trillion billionaires in end, you’d follow me on your own island, like The Bahamas, right?

Alex Bovee:
Right.

Den Jones:
But unless you hit that high, and even then, I think if you go and ask Jeff Bezos, Elon Musk and Bill Gates, how their relationships are with their family and kids, probably not the best. So, I think there’s a hard balance that people like you really have to struggle with. I mean, you’re [inaudible 00:31:03] in this new company, you’ve got a family, you want to play a little guitar, and the running, I think the running is running around with your kids.

Alex Bovee:
A little bit of that for sure. Yeah, I mean this is, the struggle’s real. I mean, there’s a saying which is, “In 20 years, no one’s going to remember that you worked late, except for your kids.”

Den Jones:
Yeah.

Alex Bovee:
And I think that’s probably pretty true. The challenge is for better or worse, making a startup successful is a huge commitment too. So, I wish I had the work-life balance thing nailed. I certainly don’t. It’s a struggle daily, weekly, monthly to make sure you hit that. I think I do, there’s some startups though that pride themselves like, “I haven’t taken a day of vacation in three years.” It’s like, “No, I take vacation every year,” and I show my team that I do it, and I try not to answer emails and things like that. So, I think part of that’s just setting the example as well, that hey, we’re not trying to hero mode this every single day.

Building a company is a marathon and you really, I’m excited about every single person who’s on the team today, and I want them on the bus two years from now, three years from now, five years from now. You can’t do that if you’re burning everybody out. So, manage your life accordingly. But also, we do have to work hard. So, I don’t know, there’s like…

Den Jones:
And Alex, that’s exactly what I learned and really like, [inaudible 00:32:32], you speak to my ex-wife and she’s maybe an ex-wife for a reason, right? She’ll tell you, “I wasn’t the exact shiny example of work-life balance.” I’d like to think I’ve learned a lot from my life, and I look at it and you hit the nail on the head. Building any company in any team is not a sprint really. It’s a marathon and you have to build a culture. And by the way, I remember talking to Todd about this years and years and years and years ago when I first was getting involved with Okta and we had this conversation, I don’t remember how or where we had it, but we’re just talking about culture and building culture.

I mean, I had a small team at Adobe. It was about 65 people. And even then, the culture that I was trying to build within the team was one of, we really enjoy what we do, but we work really hard. Now, work hard to me is more about working smart and getting results, and it’s not about perfection. So, I was always like, I would rather show a result to the business that’s still a bit janky under the hood, but it still is robust enough that it doesn’t fall over all the time to piss people off, but it delivered quickly so that people can get the experience and the value quickly. And then in the background you can tweak and tinker ideally without them knowing you’re doing that just to improve stability and robustness and resilience and whatever. But the big thing for me was I wanted a team that was innovative, but I also wanted a team that enjoyed what we’d done.

Alex Bovee:
Totally.

Den Jones:
And then, reward the shit out of them. Make sure that we’re doing things like team building events and good training and investing, investing in those people. Because at the end of the day, ConductorOne like Adobe, like Okta, you’re only as good as the people and the team you build, right?

Alex Bovee:
Hundred percent.

Den Jones:
You and Paul can’t do it on your own, right?

Alex Bovee:
Yeah. I was going to say, just a quick one there. There’s a good nugget here to tie that back also to what saying earlier about like, drop in work late, but there’s good work and there’s bad work. And I remember I learned this in business school, the tropes about investment bankers working 80 hours a week and all that stuff, the reason they do that is because someone, some MD sat on some project literally Monday through Thursday and then drop something on someone’s desk like Friday at 5:00. Who then had to work through the weekend to pull in and say, “That’s just dumb. That’s dumb hard work.”

There’s smart hard work, which is you make decisions fast, you don’t have bureaucracy, you focus on the meat of it, you don’t focus on the show of it and that’s very rewarding, hard work. And those hours feel good. I think to your point around culture, those lead to results, they lead to wins. Those are the things that matter.

Den Jones:
And you mentioned bureaucracy. The other one for me, there’s bureaucracy and there’s politics. And there’s also work that’s just like meeting [inaudible 00:35:52], get in meetings for no good reason. And I remember my time at Cisco, Cisco, it’s a funny place. There’s great culture in Cisco in certain areas, and then there’s cancerous culture in other areas. And I think it all comes down to which organization you’re in, which leaders you’ve got, what games are being played, and the politics and the stuff. And I can handle and play all those games too. And I pride myself, I’m kind of good at it and it doesn’t stress me out. But the problem is, when I start spending more hours in a week on nonproductive bullshit than I do on stuff that’s going to make a difference for the business, that’s when I start to question my sanity as whether I give a crap.

And the good thing about what you guys are doing, the things that I love about Banyan is you got these little startup companies where 90% or more of your time is about building something. It’s about building and delivering something, and it’ll never be 100% but you’ve minimized and you’ve squeezed the bullshit out as best you can, right? And I really enjoy being in an environment where you’re working with creative, smart people and you’re delivering something. And you mentioned this before, delight your customers. You want to please your customer, you’re within in a customer delivery business. So, it’s kind of cool. Now, I’m going a couple of wrap up things, but you were about to say something, so let me hear what you had on your mind there.

Alex Bovee:
Oh, I have, I don’t know if it’s wisdom, but philosophy on meetings and sort of how that evolves over time. I’ve just seen at every step of the way, at every kind of change in growth and whatnot in a company, it’s like you just have to be ruthless about really squeezing any sort of unnecessary politics meetings out of the process, because that stuff creeps in. And I think there’s so much goodness in what you said around just how that is driven from the top at some level, right? That culture, how you think about meetings, how you think about building versus politicking is set at some level from the top, so anyways.

Den Jones:
Yeah, and there’s a lot of people out there that love to do a bit of land grab and grow their empire. For me, I like career growth and I’ve always pushed myself in my own career, but I’ve not been about land grab. For me, I’m not going to try and grow my career, the behest of someone else’s career. It’s not my thing. And actually, I learned as I got older, the smaller the team, the better, the more strategic the team, the better. And having a bigger team probably meant I was going to be doing more operations, but I’m like, yeah. So, I quite like having a small, nimble team because I’m probably less likely to be doing a lot of operational bullshit. So, now, as we start to wrap up, a couple of things. One is how do you describe what you do to your friends and family who are not technical?

Alex Bovee:
I rarely do. I mean, if I really get pushed, I’ll usually anchor it on a basic example. Like, “Hey, have you ever at your job needed to get access to some SaaS application or get onboard Salesforce? We automate that process. Did you submit a Jira ticket? We automate that.” So, I’ll usually try to find something that’s a little bit relatable.

Den Jones:
Awesome, awesome. Yeah, I was wondering if you’re almost getting to the whole thing about Facebook or Instagram and you’re trying to get, it’s very hard to tie that one through [inaudible 00:39:47]. But some of those things, I try and get, like the personal stuff that I know my mother probably uses. And I’m like, “Okay, mom. It’s kind of like this.” I used to describe myself as an igloo repairman because I knew in California there’s not many, many igloos. So, when I’m not working, people aren’t going to try and hit me up to help them out with their computers.

Alex Bovee:
Yeah, that’s smart. Otherwise, you get that IT tech support call.

Den Jones:
Oh, yes.

Alex Bovee:
I’m like, debugging the WiFi.

Den Jones:
Honestly, the minute people were like, “Oh, you work in IT. I’ve got a problem with them.” I’m like, “Man, I don’t give a shit.” So, yeah.

Alex Bovee:
Yeah, yeah. It’s brutal.

Den Jones:
Now, okay, as we wrap up, what is one piece of advice you’d give to anyone trying to start their own company, follow your footsteps? What advice have you got for those people?

Alex Bovee:
I mean, if they’re thinking about starting it, I would almost always just say, do it. I think that if you’ve been working for a while, you probably in some ways are too smart for your own shorts. You might see all the pitfalls of it and think it’s really risky and things like that. But the reality is, I think betting on yourself is almost always a good bet. And take the jump, if you feel passionate about something and you’re excited about it. Think about will you regret not doing it 20 years from now? I think rarely is there an opportunity. Rarely is there something that you feel really great about and you’re excited about, where you’re like, “Oh, if I do this, I’m going to regret doing it because I didn’t stay at my insert, boring, big company job.” So, maybe just a little bit of just go for it. Trust yourself, bet on yourself, and go for it.

Den Jones:
Awesome. Awesome. Now, as we close, thank you very much for your time. I want to leave you with where can people learn more about ConductorOne?

Alex Bovee:
Just at our website, conductorone.com. It is probably the best place to go hear more about us.

Den Jones:
Awesome. And we’ll put that link in the show notes so you can trust us with a security company as Alex’s company. So, we would not put a dodgy link in the show notes. You’ll find that out later, I guess. So, Alex, thank you very much for your time. Really appreciate it. Great catching up. And hopefully, sometime we’ll do that in person with some drinks.

Alex Bovee:
Yeah, looking forward to it. I’ll be in San Francisco soon. I’ll give you a buzz. Thanks, Den. It’s good seeing you.

Den Jones:
Awesome. Thank you, sir. Take it easy.

Alex Bovee:
Take care.

Speaker 1:
Thanks for listening. To learn more about Banyan Security and find future episodes of the podcast, please visit us@banyansecurity.io. Special thanks to Urban Punks for providing the music for this episode. You can find their track, Summer Silk, and all their music@urbanpunks.com.

Close Transcript

< Back to Resources

Book Office Hours with Den Jones

If you are interested in chatting with Den Jones in a more informal setting to talk about your challenges, he hosts office hours that you are welcome to schedule with him directly.

Den is a seasoned professional and loves talking about the best ways to get started, how to measure progress and finally how to get things done.

Make an Appointment