Doug Dooley of Data Theorem talks about the intersection of financial institutions and high-tech services offered with the help of DevOps and automation.
Doug is the Chief Operating Officer of Data Theorem. He heads up product strategy, marketing, sales, and customer success teams. Before joining Data Theorem, Dooley worked in venture capital leading investments of cloud-centric security, machine-learning, and infrastructure startups for Venrock. While at Venrock, Dooley served on the boards of Evident.io (Palo Alto Networks), Niara (HPE), and VeloCloud (VMware).
1. Tell us how you came to be the COO at Data Theorem.
Almost three years ago I joined Data Theorem after running Venture Capital investments for Venrock in their security, cloud and data-centric software areas. The opportunity that Data Theorem was working on, building next-generation Application Security solutions, was extremely exciting and innovative. I feel honored to be a part of this journey we’re on.
2. What are some of the unique lessons you have learnt from your customers being COO at the Data Theorem?
Some of the unique lessons that I have learned from our customers is that defending a business from a data breach is extremely important and difficult. The vast majority of our customers have to deal with adversaries that have the advantage of “asymmetric warfare,” where our customers have to be right all the time and their attackers have to be right only once. This puts a great deal of pressure on our customers and ourselves. Being in the business of information security is not for the faint of heart.
3. What are some of the industries that Data Theorem caters to?
Our technology can be used by any business that builds applications. However, our strongest relationships tend to be with companies which create a business advantage with their data. As a result, they recognize the power of their data and invest in security systems that do a great job of protecting that data. The top industries that tend to work closely with Data Theorem are Financial Services, Government, Healthcare, Retail, and Technology.
4. What approach does Data Theorem have for the customers that differentiate you from your competitors?
Our customers and partners tell us that our technology and product innovation improves at a rate much faster than most others we are compared to. Our capabilities in API and Mobile application security appear to be well ahead of the market, and our newest product Web Secure is winning awards for breaking new ground in areas such as Single Page Applications (SPAs) and GraphQL API security discovery, inspection and remediation.
5. What are your suggestions for financial lending institutions and P2P lenders to secure their mobile apps to evoke trust in customers?
FinTech companies are some of the best to work with when highlighting innovative application security protections. Some FinTech companies look at application security as a competitive advantage and as a result build proactive security measures/features that defend against network and social engineering attacks. Any application may be vulnerable to some level of security exploit through its lifecycle, but how fast a business can discover and fix those vulnerabilities is an important measure. Further, the companies which put in “security protection” as new features in the roadmap are the ones who tend to create more trust over time with customers.
6. Why do you think financial institutions are wary of adopting automated security? What would be your 30-second pitch to them in terms of ROI, efficiency and enhanced customer trust?
Automation has been something synonymous with DevOps teams building cloud-native applications.
It is the reason why companies such as Netflix have been able to disrupt and even dominate segments of the Entertainment industry. However, traditional IT Security has often been reluctant to embrace automation for fear of a “false positive” alert automatically leading to an unintended block of a business transaction that creates downtime, loss of revenue, or loss of their own job and position at the company. What we’ve learned from our best customers is that security teams that embrace automation and become respected members of the DevOps or DevSecOps team will make their business more resilient and more responsive to the needs of their customers. When security embraces automation, they are often viewed as enablers of growth, revenue and increased customer satisfaction.
7. To what extent has the pandemic prompted businesses to be more proactive in signing up for AppSec, DevSecOps and other security services compared to earlier times?
Businesses of all types have to stay better connected to their customers. One of the most interactive ways of doing that is creating better mobile and modern web applications that create more engagement, deliver more insights, and facilitate more services back to their customers. As those applications get released and updated more frequently, they can often become more vulnerable to attack if not closely monitored and inspected. This reality of application development has created a larger need for continuous security across the entire application full stack.
8. Data Theorem was recently in the news for partnering with Macnica Networks to accelerate adoption of leading application security solutions in Japan. Can you elaborate?
Yes, Data Theorem has been growing its business internationally with specific efforts in Asia. Macnica has been a great partner in Japan where we have won some marquee customers together. We plan to expand in other countries as we look into 2021 and beyond with other partnerships.
9. Can you give us a sneak peek into some of the upcoming product upgrades that your customers can look forward to?
The Web Secure product launch in 2020 has been extremely successful for our business. Customers have told us consistently that they need a Full Stack Application Security solution that enables CI/CD integration and DevSecOps automation. This is at the center of Data Theorem’s heritage and technology approach with our Analyzer Engine, API Secure, Mobile Secure, and Web Secure product suite. We have another product coming out next year that will fit nicely into the current suite and help strengthen this full stack approach customers have grown to expect from us.
10. How do you think technology is upgrading in the financial sector?
Financial services companies continue a long tradition of using technology to get a competitive edge and to reach their respective customers in unique ways. Right now, the financial sector appears to be deploying many more Cloud native applications and API-driven microservices to power new data-centric products. The number of new application stacks born in the public cloud is accelerating in usage, and we believe this is a trend that will continue for the foreseeable future.
11. What is the one area that tech marketers must currently upskill themselves in?
Anyone in the business of marketing technology to customers must always stay fluent with the impact of new innovation while never getting stuck in the past. Our industry changes quickly and often reinvents similar technologies as they transition from proprietary to open source and then back again to a commercial service. Virtual containers is a classic example of this reinvention cycle I just described. Containers were a technology first introduced by Unix systems such as BSD and Sun Solaris, then popularized more broadly with the open source Docker on Linux, and back again as an underpinning technology for many Amazon, Azure and Google Cloud services. Staying aware of these cycles of innovation is crucial to seeing where the next generation of improvement is coming from and how it will benefit customers.
12. Which is the one Cyber Security breakthrough particularly in the financial sector you will be on the lookout for in the upcoming year?
Serverless technologies such as Amazon Lambda, Azure Functions and Google Cloud Functions continue to make huge impacts on application velocity and large-scale infrastructure scalability. Whenever new technology makes development dramatically cheaper and easier for innovators of all sizes to bring their ideas to market sooner, those technologies have large-scale breakthrough potential. Whether a small startup or a large Fortune 500 Enterprise, I believe cyber security innovators are benefiting a great deal from serverless technologies already. In contrast, I think the hype around machine learning and artificial intelligence within the security industry has died down a great deal. It does not mean ML nor AI won’t have its day to shine in the security industry, but it appears both the number of use cases and the number of large data sets to apply remains fairly limited for the next few years.
13. How do you keep up with the rapidly growing tech space?
First off, living and working in the heart of Silicon Valley helps a great deal. Our daily conversations often revolve around new technology. Some places talk about local sports, local art, local cuisine… we talk tech and startups here in Silicon Valley. Also, being neighbors and coworkers with some of the best engineers, developers, and technology researchers in the world helps a great deal to stay current. I don’t think there’s one way to stay up to date with so many changes. It has to be in your blood to love technology… successes and failures. Both can be great teachers.
14. What is that one quote that has stayed with you throughout your professional life?
There are two quotes that have an enduring effect in my professional life. The first is about striving for the best and most elegant solution when faced with chaotic complexity: “With all things being equal, the simplest solution tends to be the best one.” — Ockham’s razor
The second quote has to do with being well prepared yet adaptable to change in the face of adversity and opportunity: “Planning is everything. The Plan is nothing.” — Dwight Eisenhower