Cisco Security’s Emma Carpenter: ‘We Haven’t Had This Level Of Focus In the Security Landscape For Many, Many Years’

“We’ve talked a big talk about being serious about security before, but never have we actually put our money where our mouth is to the extent of acquisitions [and] building the right resources into the right places to make sure that we’re really focused on doing what we need to do … I’ll be honest, we’re going to have to get out of our own way to do that,” Cisco Security sales leader Emma Carpenter tells CRN.

Longtime networking market leader Cisco Systems wants to be a cybersecurity leader in the eyes of partners and end customers, too. But the company knows that won’t happen without an overhaul of its security business unit, internal processes and investment plans.

Enter the Cisco Security Cloud platform, the company’s unified, open-standards-based platform for security across hybrid and multi-cloud environments. Cisco has been working on the platform for the last year and incorporating its point security products into the platform while also expanding its security portfolio via acquisitions. At the same time, Cisco is consolidating its security specialist teams to make it easier for partners to work with Cisco and understand the portfolio, especially how security and networking can – and according to Cisco, should, go hand in hand, said Emma Carpenter, global security sales leader for Cisco.

The San Jose, Calif.-based company acknowledges that it hasn’t been in first or even second place in the security arena. This time, the company has a plan for how it plans to win over customers and gain mindshare. Carpenter sat down with CRN to talk about the connection between networking and cybersecurity, the investments Cisco is making in partner programs related to security, and when the work to shift from a platform approach to security will be completed.

Here are excerpts from the conversation.

Tell us about the work Cisco is doing to change its reputation in the cybersecurity space?

I’m super excited to be here at Cisco. I think we’ve got a huge opportunity in front of us. We’ve got an even bigger opportunity with our partners [and] I genuinely believe that [partners] have always been one of Cisco’s really strong points. But in security, honestly, there’s a lot more we could have done in the recent past. And that’s what we’re here to do is put a mark on our partners from a security point of view, to show that we support them, show that we’re willing to do things a little bit differently in this space, that we’re not following those usual network rules. So, it’s been a really big focus for the eight or so months that I’ve been back [at Cisco] now.

If I give you a little bit of a view as to kind of what’s coming next … I often talk about the sphere of what we do as Cisco is far wider than most of our competition. But we’re not known for being number one or number two in the security space. We’ve got really good products. But what we haven’t done is bring the whole piece together. What we’re talking to our partners about is really this idea of our Security Cloud vision and how we’re bringing together all of the different component parts of what we do, and really making it better by the connection points with each and every part of that. Whilst we’re doing that, we are looking to launch a number of different significant efforts that we’ve put a lot of resourcing and money behind to develop the solutions to be best in class in a number of key areas. We are so known for networking that it’s kind of a challenge for us to be really kind of visible in the security space. And what we’ve realized is we need to bring that whole vision together of network and security, leveraging the strength that we have in that network base. [About] 81 percent of the world’s internet traffic goes across a Cisco switch somewhere and the level of data that gives you, in turn, utilize that to make the networks better, to make the security that you provide to partners and customers better, because you’re using that to analyze how you get proactive about that threat landscape in the future, is better than anyone else can do.

We’re also coming out with some incredible offers for our partners because we recognize we need to make them profitable and we need to be simple to do business [with], not just in terms of that management perspective, but that simple to do business in terms of our programs and offers as well … We want to make it more profitable for our partners to help us build this business up as well.

Will Cisco’s expertise in networking help it differentiate as it works to become a leader in the security market?

[That’s] exactly the case. We’ve always loved that traditional revenue that comes from networking, without a doubt. But what we need to do is make sure that we’re meeting our customers where they are and make it simple for them as well as the economy struggle across the globe, [customers] are looking for that one throat to choke that can provide them with an end-to-end solution. And that’s where Cisco can rightfully kind of differentiate in that situation, especially with the level of investment we’re putting into the things that we’re building as we go forward.

What changes has Cisco made internally to further its unified security vision?

It’s a great question because we’re living this real time right now. It’s not been an easy journey. When I when I turned up, there was 12 different specialist teams for security alone. Now, I want to put that into perspective of Cisco terms. There are probably some 400 different product sets that we have within our business and yes, you break that down into individual SKUs, but if we are complicated enough that we’ve got 12 different teams looking at the individual elements of it, can you imagine how difficult that is for our partners and our portfolio sellers out there that are [saying] “Whoa, hang on. I can’t be a specialist in all of this, I actually need to be able to focus.” So, the first thing we did -- and it’s taken the last few months to really drive this forward -- is we simplified down to we have a team in each of our three geos. But we really have simplified down to two other teams: a SaaS team and supporting the [security operations center] SOC team as well. And we’ve done that deliberately just so that as we talk to the field, as we talk to our partners, we bring more of our capabilities to bear.

By the way, we’re doing that from a product perspective as well. We probably have 27-30 different products in the security space, [and] we are looking to basically bring out a suite of solutions that will bring those technologies together, eventually bring it together with the network as well, by the way, so it makes it even more simple and it really leverages our Cisco strength from a network point of view so that we bring those things together to address a customer’s sort of concerns in a given area. More to come on that that; that’s a little teaser because we’re not ready to announce all the details for that. But we recognize that we need to simplify. So, we’re simplifying our sales teams first, we’re simplifying our approach to how we bring a number of these solutions together and we will be continuing to do that as we move forward and as we look to ensure it’s much easier for our customers and partners. And by the way, that’s exactly why you’ll hear us talk about messaging is changing now as we sort of come to the to the market, we’re simplifying that message so that we can explain it to our grandmother and grandfather, they all understand the basics of what we’re talking about.

How will Cisco’s recent security acquisitions help fill gaps in the company’s cybersecurity portfolio?

We’re being really calculative about what we acquire because we know that there’s certain things that we plan to build ourselves. There’s other areas where [things like] Valtix and Lightspin that really help us to take our cloud capability to the next level. Another pillar is very much around how we support cloud security, not only from the perspective of things like Valtix, which allow a user to basically have that firewall capability in any of the different cloud service providers out there, or indeed, in a private data private data center. When you take that technology -- and what we’re what we’re doing with that acquisition is re- skinning so when we get to Cisco Live this year, we’ll be coming out with the suite of network security firewalls, as it were, which are both on-prem[ise] and cloud [and] meet the customer, through the partner, where they need to be. It is absolutely filling out some of those other areas in the cloud that we need. It very much sits alongside some of our existing technology and that’s the beauty -- it allows us to kind of jump a few steps as we make these acquisitions and build out from there. That cloud security piece is going to continue to grow. In the current environment, you do need to be able to work in those hybrid environments. We have [been] strong traditionally in the network side of things where we’re building those data centers for our customers, etc. This just gives us an added angle as customers are putting workloads into the cloud; they often don’t put everything into the cloud, they will often still retain some of that capability on-prem[ise] as well and that’s what we can do that now with these technologies as well. We’ll continue to do that as we look to fill in those gaps as we move forward.

When will the work of moving to a platform approach to security – and Cisco Security Cloud – be completed?

If I think about this fiscal year, we are going to have some major announcements coming out. Not only have we done two acquisitions already in the security space, but as we get through the year and we launch with our [extended detection and response] XDR capability [and security service edge] SSE capability and we launch our platform approach, Security Cloud, [which] brings that all together, that’s pretty unique. We haven’t had that level of focus in the security landscape for many, many years. We’ve talked a big talk about being serious about security before, but never have we actually put our money where our mouth is to the extent of acquisitions [and] building the right resources into the right places to make sure that we’re really focused on doing what we need to do. There’s such a lot of different products in Cisco and we can be very complex, but we’re actually working more and more across the borders of the different business units that we have now as well to bring that technology together. Reference point, that Meraki kind of skin and language we’re using to build out our SSE solution.

The next six months is when our major announcements are all coming with actual delivery of the technology as well, which, is honestly why I’m here. I was here at Cisco for a couple of years before, but I came back to Cisco, because the opportunity that is presented by thinking about how we really can do something different, and look, I’ll be honest, we’re going to have to get out of our own way to do that. That means we’ve got to be laser-focused on what we what we do. I’ve not exactly made a huge amount of friends with the simplification I’ve been doing in the resourcing pool but we’ve done it for a reason because change is necessary to get us to where we need to be. And I’ll tell you, Tom Gillis [senior vice president and general manager of Cisco’s Security Business Group]; we are joined at the hip with Shawn [Yuskaitis, security director, global partner and routes to market for Cisco] and the partner team as to what we need to do to make this a success going forward. And I’m sure there’ll be missteps along the way. But there is laser focus around that delivery, so I’m super excited about that. Because when do you get the opportunity to really make a mark in the marketplace in different area then what Cisco’s traditionally known for? It’s here and now in this next six months.