Interview: PAM Product Q&A with Richard Wang
It takes a village to develop Delinea’s industry-leading Privileged Access Management solutions. I spoke with Richard Wang, Senior Director of Product Management at Delinea to discuss what it’s like to lead the product team, how we develop our product roadmap, and advice for those starting and continuing along their PAM journey.
Sara: Hi Richard, thank you so much for taking the time to join me. Let’s start by introducing you to our readers. What is your role at Delinea?
Richard: Happy to! I’m the Senior Director of Product Management—I lead the Product Management group at Delinea which consists of teams of Product Managers, UI and UX Designers, and Technical Writers. Product Managers are a bit of a jack of all trades. But the core function of the Product Manager’s role is to truly understand the intersection of our customers and the product.
We work to find the needs of our customers and anticipate what those needs will be in the future—that guides our roadmap. Then, once we have that built out, we work with Product Marketing and Marketing teams to position the products and share the benefits with customers and potential customers alike. We demonstrate how we are providing solutions to these important problems and that we’re here to help.
We want to understand what identity security issues customers are facing as a whole
Sara: Anticipating future needs—can you expand a bit more on that and how you develop the roadmap?
Richard: Absolutely. We take input from a variety of sources. A lot of it consists of talking to existing customers to better understand their pain points, what problems they’re trying to solve, and what environments they’re working in.
Rather than focusing solely on PAM problems, we want to understand what identity security issues they’re facing as a whole. This means not only focusing on what we need to do but where the gaps are in other products and how to better fold those into our solutions.
We also look at trends in the security market and general product trends and industry research. For example, we see more customers moving their infrastructure to the cloud and more services moving to the cloud. There are different levels of control between on-premise infrastructure and a cloud-hosted infrastructure.
Sara: You mentioned the need to move to the cloud – how has this evolved and how does it relate to other shifts in the industry?
Richard: The move to the cloud has been probably one of the biggest shifts we’ve seen. There is a major difference in how our customers access things in the cloud—through a web UI—vs an on-premise solution. Not only are the set of controls different, but the set of tools you use to access those controls are different. And that means needing to monitor privileged access to these new tools and controls. Customers want PAM vendors to solve these problems for them.
We also see, along with the move to the cloud, that the very nature of privileged data and privileged access is evolving. It’s not reserved solely for the IT department anymore. All users are privileged users.
Sara: With the shift to remote, what is your favorite thing in your home office?
Richard: I couldn’t live without my electric kettle. It’s quite often that I find myself, between one meeting and the next, where I run over to put the kettle on and have a hot drink to sip on during my next call. In fact, since the shift to remote work, I’ve already worn out one electric kettle and am on to the next one.
Sara: What are some considerations for our readers that are starting their PAM journey? Or possibly for those that find themselves stuck along their journey?
You don’t have to do everything all at once. We call it a journey for a reason
Richard: I think the advice for a PAM journey is similar to the advice for many cybersecurity journeys.
The first piece of advice is that you don’t have to do everything all at once. We call it a journey for a reason. There are many steps along the way and it is okay to improve your security posture a little bit at a time.
So, if you have no PAM controls in place at all and your first step is to get the credentials you’re using and put them into a secure vault—even if you’re not implementing a regular password rotation or recording sessions for your auditors—it’s a step in the right direction. It’s by no means the end of your journey, but it’s a step in the right direction. Maybe the next step is to add recording and monitoring or to tackle endpoint privilege.
A little bit at a time is better than doing nothing at all or spending a long, long time developing the perfect plan and prolonging your kickoff. There isn’t a single journey that works for everyone. Identify your security gaps and start with your “why”—understand what you are working to achieve.
Sara: With so much going on and all the hats that you wear, what do you look forward to every day?
Richard: What do I look forward to doing every day? Hmmm, well, two parts.
There’s a “good guys” and “bad guys” side of the fence, and I know which side we’re sitting on
I love to learn. I have conversations with different organizations where I’m able to learn more about the problems they face—from enterprise to federal, from small businesses to Fortune 100. I get to feed that back to a creative team of Engineers and Product Managers to solve those problems.
We take this information and feed it back into our team of engineers and product managers and work together to solve the puzzle.
And that’s the second part—I love working with a smart team that is committed to making the world a little bit better. We’re not saving the planet by managing privileged access, but there’s definitely a “good guys” and “bad guys” side of the fence, and I know which side we’re sitting on.