Ep 227 - Satyam Patel 

Hello everyone and welcome to SecureTalk. I'm your host Justin Beals. 

 

Today we are talking with a Chief Information Security Officer at a cybersecurity company. Not only is the role responsible for protecting the organization from digital threats, but the business is building the security tools that other companies depend on to stay safe. It's like being a locksmith who has to secure both the locksmith shop and create the most secure locks in the world.

 

Except the burglars are getting smarter every day and they seem to never sleep. The dual responsibility creates a fascinating dynamic that most security leaders never experience. You're simultaneously the customer and the creator, the protector and the product builder. Every security decision you make internally becomes a real world test case for the solutions your company sells to thousands of other organizations. 

 

Today's cybersecurity landscape is more complex than ever before. We're living through what many consider a revolution in endpoint management and device security. 

 

The traditional perimeter, those firewalls and secure office networks we once relied on, has essentially vanished. Your employees are working from coffee shops in Barcelona or co-working spaces in Denver, the kitchen table in a suburban home or deep in the studio like me. Each device has its own fortress that must defend itself in hostile territory. 

 

At the same time, artificial intelligence is transforming how we detect threats, analyze incidents, and respond to attacks. Security operations centers that once required teams of analysts working around the clock are being augmented, and in some cases replaced, by AI systems that can process thousands of alerts simultaneously and predict threats before they materialize. 

 

Of course, the stakes have never been higher.

 

A single unpatched server, one compromised device, or a successful social engineering attack can bring down entire organizations. We've seen this repeatedly, from major cloud outages that affect millions to sophisticated supply chain attacks that compromise critical infrastructure. 

 

What makes this conversation particularly compelling is that we're talking with someone who operates at both the strategic and the tactical level of modern cybersecurity, someone who understands not just the theory of zero trust architecture and AI powered threat detection, but the daily reality of implementing these technologies while building products that tens of thousands of other organizations depend on for their own security. 

 

Kandji, where our guest serves as both the CIO and the CISO, has become a major player in the Apple device management space, helping organizations secure and manage Mac, iPhone, iPad deployments at scale. They've built what many consider one of the most intuitive and powerful mobile device management platforms available today, creating that crucial harmony between IT operations and security that so many organizations struggle to achieve. 

 

So today we're diving deep into the mind of a security leader who lives and breathes the intersection of product development and enterprise security. We'll explore how AI is reshaping the cybersecurity industry, why mobile device management has become the new security perimeter, and what keeps a paranoid CISO awake at 2 a.m. sending security questions to his team. Please join me in welcoming Satyam Patel, who is a distinguished cybersecurity leader with over 25 years of experience safeguarding organizations from evolving digital threats.

 

Currently serving as the CIO and CISO at Kanji since February of 2025, Patel previously held the CISO position at 247.ai for four years, where he spearheaded enterprise cybersecurity initiatives that significantly reduced security breaches and data leaks. His impressive career includes leadership roles at CSA Group, TD Bank, Spin Master, and several other prominent organizations where he consistently implemented innovative security frameworks, and achieved successful compliance metrics. 

 

Please join me in welcoming Satchem to the podcast today.

 

—---

Justin Beals: Satyam, thanks for joining us today on SecureTalk. We really appreciate it.

 

Satyam Patel: Thanks so much, Justin. Looking forward to be here.

 

Justin Beals: Excellent. You are a CISO at Kandji, and I find this a really interesting role because not only are you providing security for your business, but your business is security as a company as well. And this kind of intersection is always really interesting to me. Have you worked in both security products? Like, did you have experience in this?

 

Satyam Patel: Absolutely.

 

Justin Beals: We're excited or is this a little bit of a difference in working at Kandji to have both feet?

 

Satyam Patel: I have previous experience with security products before, but Kandji is obviously is very new and it's an exciting place to be right now, given the fact that we're creating harmony between IT and security together. Making executives better decisions on providing security as well. So it's a very different landscape.

 

Justin Beals:You know, it's just in that phrase, you point out something that I think is interesting about your philosophy, making IT and security work better together means that they've been separated on some level. Yeah, you must see this both as a see-so and thinking about the product space as well.

 

Satyam Patel: Oh, absolutely. Yeah. I had the opportunity to be a CIO before as well as CISO in the past. And currently, I serve in the role of CISO and CIO for Kandji. So I get the opportunity to work with both sides of the team, and given my industry, past, and experience, always been a contention between IT and security, right? So Kandji is kind of taking a very conscious approach. You know what, how do we make sure it created a better harmony to make sure that we protect the access, protect the secure, protect the infrastructure, best we can.

 

And having these two organizations work together is very important.

 

Justin Beals: So you've been at Kandji now about four to six months, I think. You're still in the honeymoon phase a little bit. Is that right? Yeah. And what attracted you to the opportunity in working with the team?

 

Satyam Patel: That's correct, yes. Yeah, that's correct.

 

Yeah, I Adam our CEO has done a fantastic job building this company from ground up and he's made this company more collaborative and cohesive I went through a bunch of interview processes for and just the fact that I was a Kandji customer before this too so having the experience with Kandji products and tools and customer service and it would just be fantastic and having experience with different products in the past as well you can see that they're kind of step ahead of everybody else.

 

And then Adam convinced us to be on site and showed the entire location, and having these beautiful collaborative sites put together so that we can walk up to somebody and help them work together has been kind of out there, ice breaker to be on board. Honeymoon phase is, I think it's going to go on forever, it seems like, because the culture is absolutely fantastic to be here.

 

Justin Beals:  Great. Yeah, it is a fairly new company, 2018, is that right? Yeah, I mean, and of course, endpoint management, device management has been around for a long time. I'm a little curious if you feel comfortable expressing, kind of, what the strategic differentiation or the problem opportunity space was for Kandi..

Satyam Patel: Yeah, I'm still new to the roles. I'm still learning exactly what was facing Kandji in the past. But what I see so far is that the customer feedback has been fantastic when it comes to comparative to other tools, other vendors out there. 

 

The fact that Kandji has taken a very strong approach of, like I mentioned, creating a strong harmony between IT and security together. One dashboard, one single source of truth has probably has resonated really well with the customers, CIOs, CISOs across the board, and they see the value. So you know what, hey, we just see one source, make a decision that's easier for us, and let's just patch, let's make sure our asset is protected.

 

Justin Beals: Yeah. Joining as a new CISO in an organization, I think, you know, there's always this challenge of how much to change and how much to keep. And of course it's based upon kind of the environment you're coming into. How were you thinking of the opportunity or how do you get into that rhythm of understanding where growth should be and where there already is good success and you're happy maintaining it?

 

Satyam Patel:  Yeah, that's a great question, Justin. 

When I first came on board, obviously right before that, there was lot of anxiety, anticipation. You know what? Hey, what am I going to change? What am I going to look across and see any holes or gaps I can find, just trying to see what I can do and remediate. Coming on board, obviously, we do some exercise, some assessment on board and realize the fact that Kandji has done a really great job protecting infrastructure, building products and infrastructure by design and by default.

 

So everything from ground up has security mindset built into it. So it made my life much easier. It made convincing the CEO much easier. Let's say we are protected in a lot of ways and we have kind of implemented a zero trust methodology across the board. So everything gets device trust, everything gets authenticated, everything gets verified two times before it gets access to anything as well. 

 

So I would say I got less heartburn starting right away and was able to kind of accept the fact that, hey, we are kind of business as usual, but obviously we're always trying to be a step ahead of threat actors, right? So we're also gonna make sure, what else can we do to make sure that that 1 % chance of us being, I would say, breached, we wanna make sure we don't get there. 

 

So it's always work ahead of us too.

 

Justin Beals: Yeah, you know, it's I think what you're expressing here is that Kandji already had a good culture of security, you know, from top to bottom, a little bit. That's something you is huge as a CISO instead of having to come in and rebuild that culture.

 

Satyam Patel:  Oh, absolutely. think that's a great thing you mentioned because one of the things we realized in past, in past experience, is fact that you almost have to convince the senior management team that this is what we need implement. This is a budget we need to, our tools we can implement, our compliance we have to follow, and then kind of go out and ask for budgeting. But our senior management team has been very, very understanding and very open to the idea of, hey, let's do whatever is necessary to protect the company. 

 

As a matter of fact, I'm meeting Adam, our last CEO last week, and he made it clear it's not a request, it's a mandate to protect our company at any cost. Yeah.

 

Justin Beals: Yeah, that's huge. So it's interesting, because I was just talking with another colleague recently about getting the budget approved or people to understand what it is that security does or why it's valuable. One of the common cudgels in these discussions is compliance, where you're like, well, we don't do this security, then we won't get that contract. And is that a tool in your tool?

 

Satyam Patel: Yeah.

 

Justin Beals (07:11.822)Get there, Satcho. Yeah. Yeah.

 

Satyam Patel: I do use that once in a while. So right now we're looking at additional frameworks and compliance of our compliance strategy. So I do use that as, say, listen, we got to do additional compliance programs just to make sure that we are actually, just to make sure we're actually talking to other verticals of the market industries that we're compliant with, you know, other frameworks out there. 

 

So yes, I do use that, but I don't use compliance as a security measuring stick anymore. I haven't for the last few years. I find compliance is more of a soft check now compared to security actors because threat actors are not looking, hey, this company is soft to compliance, so they're safe. They don't see that. They just look for anything to kind of get access to environment.

 

Justin Beals: Sounds like a lot of your expertise, and you think that, you know, if you have a good base where your focus is in the threat vector, you know, what threats are coming at us and that we should be aware of, yeah.

 

Satyam Patel: Yeah, absolutely. My motto always been in security is always like, it's 99 % safe, it's still 100 % vulnerable. It's that 1%, right? Any companies you see out there who may have good security programs, but they have got breached and passed because of 1%. They left a one server unpatched or one privilege access open, and be able to get access to that. Threat Doctor is very smart. They know how to travel laterally once they access the environment.

 

Justin Beals: Yeah. Do you think that your ability to focus on threat as a vector has a little bit to do with having some of those base elements of security in place like culture or effective process? Like it would be harder to focus on a threat focus, you know, go forward activity if you didn't have some of those foundational elements in place.

 

Satyam Patel: Absolutely. 100%. Absolutely. You need a strong baseline, strong foundation for other discipline to be involved just before you can focus on third factors. But also, by default, I'm a paranoid person. So that also helps me to make sure we're more secure as well.

 

Justin Beals:  What keeps you up at night? What's your big paranoia lately?

 

Satyam Patel: Everything, everything. It's a 1 % every day. It's a 1 % of what can happen, right? And anybody in my team will ask, I'll ask because I get the sign-fill moments at two o'clock in the morning and start to ask and send to them all the time. So, are we secure? Have we done this? Have we made sure the privilege access or have we made sure the service account has multi-factor authentication turned on, right? So it's always that paranoia. 

 

And I feel that's whyI'm in the right position for a company as a CISO because paranoia really helps for you to think ahead because in cybersecurity, always felt that comfort is the worst addiction. You can never get too comfortable. You get too comfortable, then you're just, you're looking for something that potentially can happen.

 

Justin Beals: Yeah. So I'm a little curious about your perspective of certainly the cybersecurity product market around endpoint protection. You both work at a mobile device management company and you're a buyer, I'm sure, of security tools around endpoint management and things like that. So how do you line up some of these both purchasing decisions for your org and

informing some of the product roadmap that you want.

 

Satyam Patel: Yeah, I work very closely with the product teams, you know, given the fact that I have experience in past with other EDR and endpoint management tools and the fact that we're also, you know, developing products for ourselves, always that gives a good competitive edge, you know, be able to give a product team kind of feedback as well in the end. We're also customer zero. So we're also practice what we preach, right? Any product we put out there, we also deploy within our environment as well.

 

And to see how it was reacting, how it was performing as well. So I was like, know, I figured the commercial back in 90s, you know, members say like, I'm not only a client, but also a customer. have the hair restoration commercial, something like that. I like it's that, right? it's, EDR and endpoint and identity, I think is probably the new perimeter, right? Having a strong MDM, a strong EDR product.

 

Justin Beals: That's right, yeah.

 

Satyam Patel: You you could put your asset anywhere in jungle or in dark web. It will protect you. That's what you want to get to. We can't get to the point where's the end point or asset needs to be behind a firewall to protect it. We want to give flexibility to our employees or flexibility to our customers that this should be anywhere in world and feel comfortable that it protected. could be in Starbucks or could be anywhere else in public wifi. They know they're protected.

 

Justin Beals: Yeah, you know, it's interesting to think longitudinally about how these devices have changed. You know, I have been in the computer science space for quite a while. There were thicker clients, you know, and then we went very thinner with terminal work and they get a little thicker and, you know, it's a constantly flexing issue of the threats. It's just such a porous vector. Yeah.

 

Satyam Patel: That's right. Yeah. Absolutely. think, I mean, my background has been infrastructure for years. So I was a big firewall guy, a load balancer guy, know, and infrastructure security, things of that, right. But been in the end point space and being the ER space and being a seasonal for last five, six years, I realized the fact that the flexibility of employees also important user experience was important.

 

We can't force employees to VPN in an environment to get protected. We got to make sure that employees or a team or customers could be anywhere in world. And they should feel comfortable that they're protected. And MDM and ED helps us get there.

 

Justin Beals: Yeah, know, Apple, think has been a good leader along with Microsoft in some ways in the securitization. I remember back when they first started operating, including the BSD subsystem in their operating systems. And I was like, I really appreciate that there's some Linux under there and I can get to a good terminal.

 

Satyam Patel: Wow. Yeah 

Justin Beals: How do you see the Apple ecosystem then? Is it a very strong ecosystem, tools like Kandji, helping reinforce that privacy that Apple starts with?

 

Satyam Patel  Absolutely. I know Apple had a big stance on privacy for years and years at a time, but I think their Apple is, and I think along with Kandji's support and other vendors out there, Apple has kind of opened the doors of protecting, right? It almost like it's a balance between data privacy versus data security, you know? 

 

And I find there's a little bit data security, little bit edge over data privacy because the consequences of you losing your potential social security number or PIA information and consequences a lot more higher. So I feel that people are so focused on privacy, you know, it is a little bit softer compared to security. Because if I lose my identity, I lose my social security number, it just, it takes months and years to kind of get back to par again. So I think Apple understood that and realizes that. So now they're actually really emphasizing on security quite a bit, even for like, if your iCloud account.

 

I mean, you multi-factor authentication turned on. You need device trust turned on before they even allow you to change your password even.

 

Justin Beals: 

Yeah. You know, I think that's an important point in a lot of these perimeter tools that one of those perimeters is the human being operating that computer. How do you think about the handoff between what technology can provide from a security perspective and what you want the operator to provide?

 

Satyam Patel:  Sorry. So you say it's more AI based or more like, is it's a, that's okay. Yeah. Human beings are prone to more errors. So they'll, so they'll, they'll have some sort of errors out there. And if it's a computer machine doing it, it's, it's rinse and repeat order again. One time we do it right. It's over again. Same thing. Right. And human beings, know, there's also play of either fatigue, tiredness, making mistakes, right. So play a stronger role in that.

 

Justin Beals:  The human being, you know, yeah.

 

Satyam Patel:I find, you know, having a computer or any kind of automation makes a bigger difference when it comes to protecting the company's security. And even like on the expanding on the security side specifically, like security incidents, advantage management tools, and SOC analysts and things like that as well, next five years is the entire concept of, hey, let's automate as much as we can, right? And they will, cause they want to get that human intervention out of player art right now, completely.

 

Justin Beals:  Yeah, they do, don't they? And it's going to impact all of our industries. I think we're all just tapping into translating that. You know, how do you, we're right on the precipice. You must be looking at some AI tools as a part of your cybersecurity suite. How do you balance, you know, trust in that system with humans? Are you doing double duty a little bit at first? Yeah.

Satyam Patel:  Absolutely. Yeah. Like I said, paranoid plays first priority, right? So absolutely. want to double check and triple check that the AI rules or the automation is working as designed, right? So before even allow it to make decisions on its own. So yeah, in our ecosystem, cybersecurity, we are leveraging a of AI tools right now, specifically for security.

 

Justin Beals Yeah.

 

Satyam Patel: But then when you bring AI play in there, then you got to worry about AI adoption, secure AI governance. Is there any open source tools behind it? Third party reviews come play as well, a stronger role in it. But I'll shout out to last two years, AI tools and cybersecurity has taken a giant leap when it comes to just security specifically. For example, we had a very healthy debate with my team, potentially

 

What is more safer? Do you want to have a SOC team, a security operations center team built in-house with people, analysts looking at the dashboard all day and deciding triaging alerts, or do you want to have an AI SOC analyst that's basically correlating rules for you and deciding which rules based on impact and probability automatically triage for you, right? So it was a very strong, healthy debate and teams are to agree the fact that, AI SOC analysts, is probably an end goal.

 

But we want to get to where we want to get the comfort effect that the AI stock analyst is making the right decision for us. Because we don't want to miss a potential serious incident if it is happening or some sort of anomaly that we should be looking at. So I think perfectly said it is a mix between human and AI right now.

 

Justin Beals: Yeah.

Right in the transition point, right? Like, yeah, I see this levers like where we're like, run, it's running alongside of us and where we're saying, do we see similar results to what I see with my own eyes? Then we're human in the loop. It's raising things at a bar that I set, you know, that could be greedy and that I'm getting a lot of, you know, false, positive, false negatives. then

 

Satyam Patel : That's the reason. Exactly.

 

Justin Beals: Then you start to trust it and you start to turn it on. Do you see a future where, I mean, I think there's a lot of thought that companies that used to take a lot of people can shrink the number of people dramatically over the next five years. Yeah.

 

Satyam Patel: Yeah. I a hundred percent. I definitely see it. I see anywhere was mundane IT and security tasks. I see AI coming in and taking that, especially like in call center business where agents are taking calls. Agenting AIs are already replacing that. I had a call with the CISOs about two months ago or something. He worked for a huge BPO company and he's telling me that they're testing AI agent right now that can take 10,000 calls a day. That is like different compared to one agent, a human taking a call and two minutes of call. It's just complete replacement and they can order a process for you as well. So in cybersecurity, same thing is coming down as well. I'm pretty very, very sure.

 

Justin Beals:  Do you think that the best innovation from an, you know, as a CISO adopting tools has been more in the analyst side with the AI tools for security, like being able to run those analytics on an event or incident? Or are there other vectors of, you know, or styles of product in the cybersecurity space that you're seeing make big leaps with AI?

 

Satyam Patel: I think it's across the board everywhere. I think across board within cybersecurity is everywhere. Anywhere we feel that the tools are becoming too noisy, AI has been very strong, supportive of people reducing the white noise, reducing alerts, any kind of just thousands of alerts coming in and AI is able to kind of parse through all of them and tell us one or two alerts could be real, rest of them are just white noise, right? So it's been fantastic. We're constantly looking at more tools out there.

 

Even within Kandji, we're also looking to build more tools as we go as well, right? So it's always that. So I know how to make sure that we stay ahead of, in my mindset, I think I feel like that's why I of felt I clicked really well with the executive team here. Cause I feel like the Kandji's point where, Hey, we want to stay step ahead of third actors. You know, let's not get too comfortable. Let's not be too reactive. Let's make sure our proactive are we. and on, on top of that, think the AI is going to help us where, where the humans can't help us is a predictive analysis part.

You know, I think this is where the cybersecurity industry is going to take on. like I remember that movie Minority Report with Tom Cruise. It's like predicting the threat before it happens. And I feel like the AI is going to help us get there in cybersecurity.

 

Justin Beals: That would be very powerful. think we've talked a lot recently about AI may not be as accurate sometimes as a human being, but it can take in a breadth of information that really a human being can't store in their head anymore. And so like to your point where I need a breadth of information, you know, all of things that are happening in an ecosystem, it can, you know, synthesize that to a prediction. Right or wrong? Yeah.

 

Satyam Patel: Absolutely, exactly. And the effective decision-making as well, right? It's like the human mind will always try to question before making a decision of something. AI just knows it's either robotics, black or white. Is there a threat or not? Or is this something else? Is it the decision based on a rule we put together?

 

Justin Beals:  Yeah. One thing I was curious about, we love asking CISOs about this, is just kind of how they organize both inside the organization and internally. So, you for example, as a CISO, you certainly have security responsibility for the organization, but what about things like software development lifecycle or other aspects? How do you think about your purview inside the org?

 

Satyam Patel: Yeah, it's everything from design. we are, and as I mentioned before, Kandji has always been very security culture oriented. So I'm also in charge of also work with the developers on the CI CD pipeline, soft development life cycle pipeline. So we are going, we go as left as possible. So when we product or the edition is coming on, my team's heavily involved from the, from a get-go from designing the product from security mindset. So as we designing, as we iterating, as we go,

 

There's a gating process put between it. So we're not wasting too many cycles for developers as well. And making sure we do thread modeling between. We're making sure we do pen testing of all tools as well. So it is from the get-go. The product is secure from a design perspective.

 

Justin Beals: Yeah, it sounds like a lot of like process decisions like we saw it in here in the cycle and that type of work as well. Yeah.

 

Satyam Patel: Exactly, and we don't want to be we want to we don't we don't want to get to the point where development development cycles at 90 % complete and then we get involved and then if we find something that we have to go back and restart over again so we're more involved from the beginning saying hey there's a gating process every time there's iteration coming on so we're only wasting small amount of time if there's a fix to be done.

 

Justin Beals: Yeah. you know, you have to, I've often told people that I think you could say security and operations are almost the same thing. Like they really interleave together.

 

Satyam Patel: Absolutely. I'm not sure. I'm sure you heard the concept of SecOps, right? Security operations. So that's exactly what we're driving towards. So we built basically a SecOps operation across the entire company. So everybody thinks security from a get-go. Right? It is that. So in conversation we have like, I mean, when I first came on board, that was a culture shock for me when I first came on board because my previous organization has always been, I have to go find and I have to go do a road show, say this is what we do in security side. But in this, in Kandji, people come to me,

 

Justin Beals: Yeah.

 

Satyam Patel: Say, hey, we're doing this. What does security think of this? So it's been very, very different approach. And I'm very appreciative of that, to be honest. They're coming to us for feedback.

 

Justin Beals: Yeah. There are points at which you need to tell someone that they have a responsibility to contribute to security. How do you like to formulate their understanding? Do you use like, this is your control? Is there a model to how you map and track that?

 

Satyam Patel: Oh yeah, compliance. We have a strong GRC program. So we're not only doing compliance only, but also governance risk program as well. So compliance really kind of gets a certificate for us. We have controls that we measure against, map against. But a governance risk is where we have accountability and we have a measuring stick. So everybody's held accountable for that as well, right? So we have a strong discipline process put together of risk remediation or SLAs. You know, how are we actually...

 

Everybody had any any risk has identified the teams extensive team has to acknowledge remediation or at least within a certain time frame based on criticality and they have to risk they have to also remediate also within our SLA time frame as well. If they don't then that report goes to the CEO directly as well. So it's been like I said it's been very strong culture is adopted and accountability is across the board everywhere.

 

Justin Beals: Yeah, that's really, I think that's, you know, you're interleaving that operational characteristic, what the compliance outcome is, and then the security practice broadly. Maybe I'll ask then like, what is the compliance landscape looking like for Kandji maybe from past and how you think about the future? And I think a lot of this is tied to business strategy, like where you want to sell and what their sensitivities are. Yeah.

 

Satyam Patel: Exactly. Yeah, absolutely. Yeah. So Kandji has done a really good job when it comes to compliance strategy and actually adopting a bunch of SOC 2s, ISO frameworks. So we're SOC 2s to our type 2 certifier. We're also ISO 27001 as well as 42001. So we're probably one of the few companies in US right now are AI governance certified right now as well. But we do have a stronger roadmap across to hit the different verticals too. So that's going to probably cover a lot of different things.

 

Justin Beals:  Yeah.

 

Satyam Patel: I think you said it perfectly. It has to align with the business strategy and how we want to sell as well. So, but I also try to take a step above that because I try to go on a zero trust, say forget compliance. I just want to make sure I don't trust anybody. I don't trust my own employees or outside people. So anybody tries to access any Kandji data internally, externally has to be verified twice before the login in the application. Right? Yeah. And we've gone above and beyond. Like for example, we also device trust in our applications too now. So

 

Justin Beals: Yeah.

 

Satyam Patel: They have to have a Kandji device before they get accepted application usable.

 

Justin Beals: I think the double identification is an interesting just flat out rule set, right? You know, we can hold that as a given commandment one.

 

Satyam Patel: Yeah.Exactly. Exactly. I don't want anybody from bad neighbors of internet try to log into our applications at all, right? They don't have much trust, they can't log in. Simple. Yeah.

 

Justin Beals: Yeah, that's really good. You know, you go beyond compliance. think that's great. I think everyone should. And some people are, of course, just starting out and working for that first outcome. I'm curious, you know, just your take on the future of compliance. We see a proliferation of more and more frameworks coming out and requirements hitting organizations. Yeah.

 

It feels like one of those got to be a technology solution type of problems in the space. You agree?

 

Satyam Patel: Yeah, absolutely. 100 % I agree. Yeah, I mean, if you just look at any kind of GRC tools out there, I know you have GRC tools you own as well. It's almost like you have so many different compliance. But if you look at the rules that underneath the controls underneath of it, I would say 50, 60 % are probably similar. Then just small delta on top of that. Like, for example, if you look at high trust, high trust compliance probably covers GDPR and HIPAA by default automatically. And then maybe some most of the SOC too, most of ISO as well.

 

Yes, different countries, different regulations are coming different requirements and we have to kind of apply ourselves to those. But the fundamentals, I feel still the same.

 

Justin Beals: Yeah, I mean, of course, this is the area where we do a lot of work, but it is interesting to me that it's, think I like this model where there's an operational characteristic, like a control, and that's ours, like Kandji owns that, StrikeGraph owns that, know, the organization owns that's what we're going to operate. It's not the framework that defines security. I think of it as a measuring tool. Yeah.

 

Satyam Patel: I agree, absolutely. It's accountability in the end, right? Who owns what and how are they measuring themselves against it too? I agree.

 

Justin Beals: Yeah. What do you, other than staying on top of the worst vulnerabilities and kind of the changing landscape of IT infrastructure, where do you think the future of some of this endpoint management is going? Like, what are you paranoid about protecting endpoints from, you know, coming up? Yeah.

 

Satyam Patel: Yeah,  I mean, the idea of protecting laptops sitting by firewalls, I think it's kind of less and less and People are more mobile. People are more remote. People are using the phone, iPads, surface devices to protect the infrastructure. I mean, to do more work to be more productive. So I feel that we're just probably at the crossroads on MDM and, you know, and remote devices and protecting devices.

 

I feel like MDM might be the one that's going to really kind of combine a lot of security and also enable the customers and clients to be anywhere, anywhere in the world and feel comfortable, feel confident that they're protected. So I feel MDM industry or MDM tools specifically will probably expand further, you know, and have this, and that's why I like Conjure is in a right marketing place where MDM is the beginning, now EDR, now world management. else coming together is where I have one single source of truth. So when if a client is looking at the Kandji dashboard or any of the other exactly that device is protected.

 

Justin Beals:  Yeah, yeah, it's such an intriguing, like when I think about the mobile space, and I've done some software development projects in the mobile space, I'm not a deep expert, it is the most complicated, fractured areas of like operating systems and form factors and networks and yeah, yeah. I know, right, yeah.

 

Satyam Patel: Yeah. That's right. And then open source applications you put on top of that, right?

 

Justin Beals:  And then regulatory issues, they're pulling things apart like a store or a marketplace in which you can buy software and yeah, yeah.

 

Satyam Patel: That's right. And the third party risk in top of that, the software you buy, how do know that developer is not coming from bad neighborhoods of internet as well, right? And if I design product that could protect ex-filtering data. And that's why I feel like mobile security is going to big in doubt. It's just getting bigger and bigger. And if you think about it, like even like I've seen so many stories in the past where, you know, building intelligence on people doing their mobile devices is getting much like somebody who I saw some story the other day.

 

where some girl graduated from university. So she's posting a degree online. And then two years before that, she posted driver license online. Say I got a driver's license, right? So now the social engineers out there actually building an identity based on, she's from graduate from XYZ University. Her driver license from this state is this address because zoomed into it, right? Now they're building intelligence on it. And now they can potentially find a way to call a phone company that she could be working or she could have phone device from.

 

And they can easily say, hey, I'm person XYZ. I can do SIM swap, right? And do SIM swap and automatically get access to entire phone and then can wipe the entire phone or bank account. Everything is well part of that. So I feel mobile security is a future in the end. Because if you look at anywhere in trains, buses, planes, people on phones all the time. And they're chatting all day. They're doing banking. They're doing work. They're also doing lots of money. And perfect example is Signal. Like what happened with the Department of Defense and sharing data on the signal, right? know, it's security is very paramount. MDM is going to play very strong role.

 

Justin Beals:  That was, the signal thing is certainly frustrating. know, I think that I would agree that I don't know that I would trust, you know, that app with especially nation state secrets. Yeah, I think there's a, I'm choosing my words. There's a lack of awareness.

 

Satyam Patel: Exactly. Yeah. And I think you said it perfectly. It is that. It's the awareness and education. Right? And I hope that people, just not professionals, but also personal people who using phones, are starting to get educated on mobile security and just what's out there. mean, people can easily just use Instagram and get compromised by using a password and they get locked out completely. Right? So it's very, very important, I think. And there's one thing we do within Conjuring anywhere else as well, the fact that the employees or the clients and end users are the weakest link in Cyber Chain. So educating them is very important.

 

Justin Beals: Yeah. To your point about the SIM swapping vulnerability, Like that's a social engineering attack up front can lead to massive data breaches through a simple device. Yeah.

 

Satyam Patel: That's right. Exactly. Absolutely. Yeah. I educate, like I said, my paranoia kicks in. my kids, my wife don't use PIN code. We have alphanumeric on our phones. As a password, because nobody can stand behind me, solar sheriff, and get my PIN code and try to get access to my phone as well. Right. So I'm very, very strict on that when comes to that.

Justin Beals: That's really good. yeah, it is. And then the EDR side, so much data passes in and out of these devices. You have to get pretty low to the metal to be listening in of the actual device. That puts both the products you adopt, Kandji, your own product, as well as your customers in kind of a very privileged relationship with you guys.

 

Satyam Patel: Right.Absolutely. Absolutely. There has to be a strong trust between us and our customers as well, right? They know that fact that we are an extension of them, right? That we're protecting their device to their endpoint in the end. So we take our research very seriously. We take everything else very super seriously when it comes to making sure the fact that our product is locked down, that is doing the jobs they hired for us to do, is to make sure that because we do have barebone access to device, we protect it best we can.

 

Justin Beals: Yeah, that SDLC is critical. I mean, just the risk goes through the roof when you're that close on the device. We've seen some, the CrowdStrike issue was the perfect example of how important picking a good vendor with a good SDLC is.

 

Satyam Patel:  Yeah. Exactly. Absolutely. Exactly. We, like I said, we're very, very, very, very, research and security culture oriented. And then like I mentioned before that people come to me ask questions. So if I didn't think of something, they come to me, ask me questions. So that kind of helps me at least, you know, be involved in every aspect of it. Like right now we're heavily involved in product security as well right now. So as we do design products or in-rate products, we're making sure from a get-go that we're heavily engaged with them. So

 

It's not something that they, because especially developers are, and a lot of developers just say, I know what I'm doing and I'm going to continue doing that. But working closely with the security teams and pro security teams, it really helps them kind of create awareness education moving forward as well.

 

Justin Beals: Yeah, okay, one last future question that comes up. I'm sure you'll say I'm terrified of it, Justin, but just kind of the wearables marketplace. It feels like it grew a little bit and now it's static, but I was just looking at new glasses things and listening to Sergey Brin talk about the Google glasses and restarting that. That's another exposure area right at that MDM.

Satyam Patel: Absolutely. Anything that's remote or flexible, is scary, but it is, can't stop it. So you've to find to adapt to it and just make sure that securely adapt to it the best I can, basically put it. I'm all over by Skynet.

 

Justin Beals: Yeah, I think that's good. Yeah, but I mean, that's a different kind of philosophy to say like, we as people that build these products, whether a CISO or a software engineer have a responsibility to build it with security by design upfront. Yeah.

 

Satyam Patel: Yeah, I I hope they all do. I hope they all do, right? But sometimes they're so focused on product and launches and margins, you know, maybe they haven't employed the best security practice as well. So as, you know, anybody as a consumer or as a a client, sometimes you always want to do some research and make a short effect that product has been secure or kind of data the product has access to is also important.

 

Justin Beals: Yeah. Well, Satyam, I want to thank you for joining us today. You've given us a little peek into the CISO office at an amazing company and also given us kind of a perspective of, you know, right in this phase of getting the project started and starting to integrate well and how to analyze it. So thanks for joining SecureTalk.

 

Satyam Patel: I appreciate it. Thanks again, Justin. It's a pleasure to be here.

 

Justin Beals: Wonderful.