Centrify’s Tim Steinkopf On How To Think Like A Cybersecurity CEO
Tim Steinkopf is CEO at Centrify, where he leads the management, strategic direction, and execution of the company’s vision. Tim initially joined Centrify as Chief Financial Officer in October 2011 and took over as CEO in January 2019. Before Centrify, he held CFO positions at Secure Computing Corporation (acquired by McAfee), SumTotal Systems, Purfresh, and Silicon Entertainment. Tim has also held executive and management positions with Watt/Peterson and Ernst & Young.
Under Tim’s leadership, Centrify is only one of five cybersecurity companies with six or more years on Inc.’s annual list of America’s 5000 fastest-growing private companies. Centrify’s many honors include being awarded Gartner Peer Insights Customer’s Choice 2019 award earlier this year.
Tim is also a member of the Forbes Tech Council, and his latest article, Five Skills Necessary To Transition From CFO to CEO, shares how the lessons he learned from serving as a CFO for over two decades prepared him for the role of CEO. He says the one clear key attribute of CFOs is the ability to apply a metrics-driven approach to all facets of a business. The ability to orchestrate initiatives, programs, and strategies across the many departments of a company and have them all contribute to the metrics that define organizational success is vital and provides CFOs invaluable training in their progression to leading a company.
I had the opportunity to sit down with Tim recently for an executive Q&A to learn how Centrify is separating itself from the pack in crowded cybersecurity space, under his leadership and in partnership with private equity investor Thoma Bravo:
Louis: Centrify is only one of five cybersecurity companies with six or more years on Inc.’s annual list of America’s 5000 fastest-growing private companies. What are the most effective growth strategies that also deliver strong profitability today that keep Centrify growing?
Tim: I’m going to break this into two pieces because I think there’s a difference between growth versus profitability.
On the growth side, you can only attain the Inc. 5000 ranking by looking at a cumulative period of time. So, it isn’t that we’ve just grown for six years, it’s that we’ve had the ability to sustain growth over a rolling four-year period. To maintain placement on that list, we’ve had to excel at the details of how we serve our customers. It is quite an accomplishment and congratulations to all the current and former Centrify employees who were involved in that.
The real driver is our history of innovation. Centrify has always been an innovator, and we’ve always paid attention to our market, our drivers, and what our customers are saying. We’re trying to be a step or two ahead of our customers. If you’re able to do that, and you’re able to continue to innovate, then you can drive additional adoption of your solution set, and continue to drive growth.
Profitability does go hand in hand, but it’s slightly different because now you’re talking about effective, efficient growth. As CFO, I always had an eye on ROI and how to put capital, resources, and additional headcount to use, such that we could drive growth. Then you often ask yourself if you are driving it as efficiently as possible. And that’s where making the right kind of bets in technology for running and growing the business make a difference. It’s also about deploying into the correct markets so that you can land and then sustain growth.
Louis: In a previous interview, you mentioned the need for balanced metrics and change management strategies. Would you like to comment on those aspects of being a CEO?
Tim: It all comes down to the role of the CEO, leading a company to accomplish its goals. CEOs report to the board of directors, who ultimately set the goals for any company. And when you’re a CEO, you want to do everything possible to get to those goals. Knowing how the different parts of the company run and knowing where and how to allocate resources and change management all contributes to achieving the company’s goals.
Louis: How has Thoma Bravo, after becoming the majority investor in Centrify, helped your company pursue new partner, product, and service initiatives?
Tim: TB is known for placing winning bests, and investing in Centrify is a real feather in our cap. It’s seen by partners, prospects, and customers as a vote of confidence. We’ve been in business for over 15 years, are perennially in the Gartner Magic Quadrant, a leader in the Forrester Wave, and a leader in the channel as recognized by Computer Reseller news. We’ve got our own pedigree, and that’s great. Then you add on the fact that TB is a majority investor, and our reputation is even stronger.
Regarding product and service initiatives, TB spends a lot of time and effort on each investment, and they have a great track record, specifically in InfoSec and cybersecurity. They came in and said, “Hey, our investment thesis is to take Centrify and split it into two companies, where each will have a better ability to focus and compete, and that will drive more efficient resource allocation, and growth opportunities.” Centrify current iteration formed as a result of the investment thesis being implemented, and we’re excelling in our chosen market.
Louis: Gartner Peer Insights awarded Centrify with the 2019 Customer’s Choice recognition recently. What do you attribute your customers’ success to, and their willingness to share their stories online on forums include Gartner’s Peer Insights and others? They’re so critical to sale cycles right now.
Tim: Customer references are so important, and this is where we have to give credit to the greater Centrify organization. We have a customer-centric attitude, and that is why our customers are willing to speak up, which gives us the opportunity to compete and win awards, including Customer’s Choice 2019 and others.
Behind the scenes, it includes building and delivering a solid solution set combined with services. Once our solution is installed, we work quickly and in close collaboration with our customers to make sure it’s working and meeting their requirements. We view every customer relationship as a partnership, and how we implement our identity-centric PAM solutions for them is essential to a successful journey for them. We measure our success by our customers’ results, and if they are achieving their goals.
Louis: Privileged Access Management (PAM) shows potential in 2020 as a growth market. What are Centrify’s plans to capitalize on this market momentum?
Tim: That’s absolutely the market we’re in and serving customers with solutions for today. Going back 10 to 15 years, legacy approaches to PAM were thought of only in terms of password vaulting. We’ve strived to stay in step with our customers, as they’ve shown us that deploying a vault-only approach to PAM is not enough. They need to move beyond the vault and move to an identity-centric approach.
When organizations deploy a vault-only solution, they’re enabling login with shared admin or root accounts, and so that is a generic approach that is not identity-centric. Centrify’s solution helps organizations to centralize authentication and have their employees request access to specific resources with specific privilege elevation rights while also tracking all activity for audits, compliance, forensics, and regulatory purposes. Our customers place a high value on all of these aspects of our solution as it provides non-repudiation across their environments and better protects resources against cyberthreats.
The real potential for growth are the drivers moving PAM beyond the vault. It’s becoming more identity-centric, with a least privilege access approach. That message is resonating across the industry, and people get it. The biggest driver is the fact that 80% of the breaches are occurring because privileged credentials are getting compromised. Since they’re not identity-centric, too much privilege exists, which means the attack surface is greater, and it continues to get breached.
Louis: What are the most challenging aspects of being CEO of a fast-growing cyber security company today?
Tim: The most challenging aspects of being a CEO are the most exciting. One of the most energizing is competing in a very dynamic market. That’s what motivates me and why I’ve been in tech a long time.
Advances in technology drive the market, and it motivates companies, customers, and investors to take advantage of those advances and drive their business forward. At Centrify, our core focus is to capitalize on technology gains to help our customers achieve their goals by bringing new products to market. These include cloud, Infrastructure-as-a-Service (IaaS), machine learning, and other key strategic technologies. We’re always interested in utilizing new technologies, as the bad actors are also doing their own development of new ways to compromise our customers and their systems. They are looking for the weakest link.
We are completely committed to what we’re doing to stay ahead of those bad actors. Since technology continues to evolve and change, it makes the industry/market very dynamic.
Louis: When you visit with Centrify customers, what’s the most interesting feedback you’re hearing from them?
Tim: Our customer is normally the infrastructure and/or security people and teams. Who we primarily interact with is determined by the structure of a given customer’s organization. The people deploying, running, and supporting the networks and IT environments, who are responsible for those areas, are who we primarily work with.
The one common theme we hear from them is that they’re just trying to keep up. They look to us for help doing that, specifically how they can make privileged access management more efficient and effective across their organizations. Our customers look to Centrify so they can capitalize on our decades of expertise and complete commitment to providing privileged access management solutions that scale with their business.
They all know that it only takes one compromised, privileged credential to ruin their day, affecting millions of customers and costing hundreds of thousands (or millions) of dollars. One of our challenges in helping our customers is to help them face the challenge of educating upwards in their organizations as to the importance of having the proper tools for cybersecurity.
Louis: When you get invited into a prospect’s bake-off to compare PAM vendors, why does Centrify win? And how do you proceed into a Proof of Concept following winning a bake-off?
Tim: The number one reason we win is because we have a strong vision around identity-centric privileged access management. In addition, many organizations are undergoing digital transformations, and the majority of organizations have a hybrid IT and cloud environment. This includes on-premises, hybrid cloud and multi-cloud environments, and ephemeral environments. The ability to manage all of those different aspects with a central approach to identity is much more efficient and effective in the long run.
We see customers looking to make this their ongoing infrastructure deployment strategy, which will set them up for the future. That, and having a more encompassing solution set that addresses their greatest security risks are how we are differentiating today.
Louis: Your customer base appears to have a robust multi-cloud strategy, combining AWS, Microsoft Azure, and Google Cloud Platform. What’s a major challenge many are facing when migrating to cloud, and what does the future look like in terms of securing their identity and privileged access?
Tim: Multi-cloud didn’t really shape our strategy because we are based on a central repository for identity. Implicit in that approach is having everybody log in as themselves while providing them the freedom to do their jobs. And when it comes to least privileged access, we focus on allowing just enough access to every member to get their work done, while tracking every login to ensure compliance.
We’ve always supported that vision with an architecture that would span on-premises and cloud systems because nobody is going to completely do multi-cloud overnight. It’s a journey that begins by recognizing the business need for a hybrid IT environment that includes multi-cloud integration and platforms.
Our architecture is based on a cloud-based privileged access service that connects to wherever our customer’s identity store is. Through the use of cloud connectors, we can provide centralized identity and privileged access into your workloads running within a Virtual Private Cloud (VPC). We find most customers have multiple VPCs and their architected to be generic, which reflects the fact our customers end up with more than one infrastructure as a service platform provider. We’re able to handle that and provide privileged access management across all those environments.
It’s the strength of our privileged access service and our cloud connectors give our customers the option of selecting a thin client that deploys on their workloads within different VPCs, and then comes back to the service and communicates with various connected identity stores. It’s designed to be a very efficient architecture, and it plays well in ephemeral, quickly-changing elastic environments to support the requirements and scale needs of the business. Our architecture flexes and provides identity and privileged access management across their unique cloud and on-premise system configurations.