Bobby DeSimone, the Founder and CEO of Pomerium, shares his insights on access control and security. He discusses the staggering impact of the biggest corporate hack and a breach caused by an unsecure air conditioner. Bobby reveals how Pomerium leverages an open-source approach for secure user access without a VPN. He highlights the failures of traditional security methods and the importance of a Zero Trust model. The conversation also touches on his journey as a technical founder and the pivotal lessons learned in enterprise sales and funding.
01:15:07
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
insights INSIGHT
Access Control Explained
Access control comprises authentication (asserting identity) and authorization (granting permissions).
It governs who accesses what and under what conditions, impacting daily digital and physical interactions.
question_answer ANECDOTE
Target Breach
The Target data breach, one of the largest ever, stemmed from a hacker accessing the internal network through an HVAC unit.
This highlights the vulnerability of perimeter-based security if the internal network is compromised.
insights INSIGHT
Pomerium's Approach
Pomerium, an open-source platform, shifts from perimeter-based security to an identity and context-aware model.
It prioritizes user identity, device status, and intended actions to determine access, mimicking Google's BeyondCorp.
Get the Snipd Podcast app to discover more snips from this episode
Bobby DeSimone is the Founder and CEO of Pomerium, the best way to authenticate, authorize, monitor, and secure user access to any application without a VPN.
Bobby explains why access control is so important, how it led to the biggest corporate hack ever, how its related to the day CrowdStrike took down the global economy, and how AI will change security.
Pomerium has a unique open source approach, and Bobby takes us inside the early days of building the product, how he got the first customers, lessons learning enterprise sales as a technical founder, and inside his funding rounds, including a recent Series A led by Eric Vishria at Benchmark.
Timestamps (00:00) Intro (02:02) Access Control: a sneaky large problem (07:22) How an unsecure air conditioner led to the biggest credit card breach in history (10:23) Google’s internal security software inspiring Pomerium (16:41) Making his first money online selling a WoW bot (19:24) How CrowdStrike took down the global economy in July, 2024 (22:29) Deep dive on access control and security (29:39) How access controls impacted Google vs Uber’s self-driving lawsuit (30:52) Why Zero Trust security is marketing bullshit (32:09) Advice for building access control (34:39) How open source built early trust with customers (41:39) Missing a 7-figure deal because he didn’t use LinkedIn (44:52) Everything he’s learned about sales as a technical founder (50:06) Inside Pomerium’s Series A (51:41) Advice on evaluating potential investors (56:06) How AI will change security (01:01:15) Getting in trouble at the first Pomerium board meeting (01:02:15) How to hire good engineers (01:04:00) When to scale back IC work as a founder (01:06:56) Favorite new AI tools (01:11:09) Why Meta’s open sourcing its AI models (01:12:32) Life lessons from Charlie Munger Referenced Check out Pomerium: https://www.pomerium.com/ Crowdstrike outage post-mortem: https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ Pomerium on GitHub: https://github.com/pomerium/pomerium Follow Bobby Twitter: https://x.com/bdd_io LinkedIn: https://www.linkedin.com/in/bobby-desimone/ Follow Turner Twitter: https://twitter.com/TurnerNovak LinkedIn: https://www.linkedin.com/in/turnernovak Newsletter: https://www.thespl.it/
The Peel with Turner Novak