Product success centred on people

20.08.2020



This interview was part of the Ergon Magazine SMART insights 2020. Order your free copy now ->


Tactful enthusiasts are required for an idea to cut through and be heard. For it to be established as a product, it will need its champions. To make sure it remains a success, you need people who think outside the box – and the right environment.

The issue of security has been part of your professional life for 20 years now. Where did it all begin?

When I started at Ergon in 1997, I was directly involved in working on the internet banking project. Security was an issue there, of course, even if very little was known about the risks back then. There was no established methodology and security elements were simply reproduced in the application code. We went on to base the idea for the Airlock Web Application Firewall (WAF) on the platform we built back then.

A spin-off firm was founded to develop and market Airlock, with Ergon ultimately buying the product back at a later date. What were your personal experiences of this journey?

It was exciting; stimulating; a real rollercoaster ride. But. in particular, we learnt so much from it. Having the opportunity to develop the WAF issue in a spin-off was excellent. My colleagues and I were convinced that the notion of upstream security was a good solution with a promising future.

While you were developing the WAF, a matching authentication solution was being built at Ergon – the current Airlock IAM. Back at Ergon, the aim was to marry the two as a complete solution. Was this a simple task?

It was certainly not simple but we had no doubt it was the right thing to do. The mindsets of the two teams, which could not have been more diametrically opposed, were a challenge. One side was a product development team and the other was project focused. These two sets of people have different approaches that both work fine on their own terms but combining them meant that the IAM team also had to turn into a product team. This was not an easy journey, yet it was doable. We involved all the staff, always canvassed individual opinions and reconciled different interests. Consensus was required but also compromise and, above all, plenty of patience, perseverance and an instinct for people. And I’m proud that we worked collectively to navigate this path and are still successfully travelling it together to this day.

And everything is practically running itself now?

That would be nice but it’s not that simple, of course. You have to put the hours in to remain successful. We discovered the Kaizen principle a few years ago, for example. This is a philosophy centred around striving for continuous and eternal improvement. In concrete terms, for our day-to-day work, this means we have meetings every fortnight to reflect on and re-evaluate our work. We also try things out in the awareness that things can go wrong. In the worst-case scenario, we will still have learnt something from it. This is how we try not to stand still.

What sort of environment do you think is required for thinking outside the box?

A respectful one, above all, in which there is tolerance of mistakes. Team leaders and department heads have to stand by you and back you up, giving a sense of security, so that others can muster the courage to think unconventionally as well. I find giving feedback is important, too, and that includes the management. In an ideal scenario, we create a space where everyone can bring their skills to bear and constantly refine them.

Looking back, what did you enjoy most?

The first thing that occurs to me is collaborating with the team – in particular, having opportunities to try something new together and use it to expand our skillset. “Thinking round corners” is also something I have always enjoyed. This is especially important when writing filters for the WAF, for example. You have to be able to get into the attacker’s mindset and understand their approach. Then you have to switch back into the “defender” role and consider how you can ward off their attacks. And staying up-to-date is important, of course, as the security landscape is constantly evolving. Learning new attack techniques, comparing notes in our communities – there’s never a dull moment.