Teen Hacker to Founder, Building an Open Source Security Company | Bobby DeSimone, CEO of Pomerium
Sep 12, 2024
auto_awesome
Bobby DeSimone, the Founder and CEO of Pomerium, shares his insights on access control and security. He discusses the staggering impact of the biggest corporate hack and a breach caused by an unsecure air conditioner. Bobby reveals how Pomerium leverages an open-source approach for secure user access without a VPN. He highlights the failures of traditional security methods and the importance of a Zero Trust model. The conversation also touches on his journey as a technical founder and the pivotal lessons learned in enterprise sales and funding.
Access control must evolve from traditional VPN reliance to context-aware systems, prioritizing user identity and device status for enhanced security.
AI integration can significantly bolster access control by analyzing user behavior patterns to detect anomalies and improve threat detection.
Authenticity and customer-focused problem solving are essential for sales success, fostering positive relationships and refining product offerings through feedback.
Deep dives
The Significance of Access Control
Access control is essential in ensuring that individuals only access resources they are authorized to use. It encompasses two primary components: authentication, which verifies identity, and authorization, which determines access rights. In daily life, this concept is evident not only in digital experiences, such as banking or online shopping, but also in physical interactions, like entering a secured building. Understanding the implications of access control is crucial, as historical breaches, such as the Target credit card breach, spotlight the vulnerabilities associated with inadequate access management.
The Transition from Perimeter Security
Historically, access control relied heavily on physical location, with users being granted access based on their connection to the corporate network, typically via VPNs. This model has become increasingly problematic as breaches exploit these predictable parameters, demonstrating that being inside the network does not guarantee security. A noteworthy shift in this paradigm is exemplified by Google's BeyondCorp model, which assesses access based on multiple factors, such as user identity and device status, rather than solely on physical location. Organizations are now encouraged to adopt a more holistic view of access control that incorporates contextual elements.
The Open Source Approach of Pomerium
Pomerium is designed to enhance access control through an open-source, context-aware identity proxy that focuses on who should have access rather than where they are located. This approach enables organizations to continually evaluate and authorize requests based on user identity, device posture, and operational context, thereby improving security. By streamlining access through the browser rather than requiring complex client systems, Pomerium aims to make security both more effective and user-friendly. This shift aligns with modern trends that prioritize usability and secure access to corporate resources.
AI's Role in Enhancing Security
Artificial intelligence is positioned to significantly improve access control by aiding in the identification of user behavior patterns and anomalies. By analyzing vast amounts of data, AI can help detect suspicious activities and generate real-time alerts without significantly impacting system performance. The integration of machine learning in security protocols not only enhances threat detection but also streamlines the procedural aspects of implementing systems like Pomerium. As organizations recognize the importance of protecting sensitive data, AI will play a pivotal role in adapting and refining security measures.
Transforming Sales and Company Culture
Effective sales strategies are often rooted in a founder's authenticity and passion for their product, especially in the tech industry. Approaching sales as a means to solve customers' problems instead of merely pushing products fosters a positive relationship between the company and its clients. Founders are encouraged to maintain open communication with potential customers and continuously seek feedback to refine their offerings. Emphasizing a culture of understanding within the organization not only drives sales but also fosters a cohesive team dedicated to the company's mission.
Bobby DeSimone is the Founder and CEO of Pomerium, the best way to authenticate, authorize, monitor, and secure user access to any application without a VPN.
Bobby explains why access control is so important, how it led to the biggest corporate hack ever, how its related to the day CrowdStrike took down the global economy, and how AI will change security.
Pomerium has a unique open source approach, and Bobby takes us inside the early days of building the product, how he got the first customers, lessons learning enterprise sales as a technical founder, and inside his funding rounds, including a recent Series A led by Eric Vishria at Benchmark.
Timestamps (00:00) Intro (02:02) Access Control: a sneaky large problem (07:22) How an unsecure air conditioner led to the biggest credit card breach in history (10:23) Google’s internal security software inspiring Pomerium (16:41) Making his first money online selling a WoW bot (19:24) How CrowdStrike took down the global economy in July, 2024 (22:29) Deep dive on access control and security (29:39) How access controls impacted Google vs Uber’s self-driving lawsuit (30:52) Why Zero Trust security is marketing bullshit (32:09) Advice for building access control (34:39) How open source built early trust with customers (41:39) Missing a 7-figure deal because he didn’t use LinkedIn (44:52) Everything he’s learned about sales as a technical founder (50:06) Inside Pomerium’s Series A (51:41) Advice on evaluating potential investors (56:06) How AI will change security (01:01:15) Getting in trouble at the first Pomerium board meeting (01:02:15) How to hire good engineers (01:04:00) When to scale back IC work as a founder (01:06:56) Favorite new AI tools (01:11:09) Why Meta’s open sourcing its AI models (01:12:32) Life lessons from Charlie Munger Referenced Check out Pomerium: https://www.pomerium.com/ Crowdstrike outage post-mortem: https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ Pomerium on GitHub: https://github.com/pomerium/pomerium Follow Bobby Twitter: https://x.com/bdd_io LinkedIn: https://www.linkedin.com/in/bobby-desimone/ Follow Turner Twitter: https://twitter.com/TurnerNovak LinkedIn: https://www.linkedin.com/in/turnernovak Newsletter: https://www.thespl.it/
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
