William McCormick
Rob Lalumondier, vice president of Federal Business with Sophos, recently spoke with ExecutiveBiz regarding his appointment to the new role back in March as well as the biggest improvements that he’s seen in artificial intelligence and 5G capabilities that are influencing the current federal market.
In addition, Lalumondier also discussed the impact that zero-trust implementation is having on federal agencies and organizations as well as the core values that drive the company culture at Sophos and its success in such a competitive market during the latest Executive Spotlight interview.
“It’s not every day that a company with the history, size and rich security products of Sophos decides to start focusing its energies on what is, let’s remember, one of the largest security customers in the world. It’s endlessly exciting to be a part of leading the charge on getting our federal government agencies to more easily utilize Sophos tools to protect themselves.”
You can read the full interview with Rob Lalumondier below:
ExecutiveBiz: What are your strategic goals for the coming year? What do you hope to accomplish and are there any new markets you’re keeping an eye on in the federal sector?
Rob Lalumondier: “Sophos has a long history of developing, innovative cybersecurity solutions. I’m excited to help lead the charge on how we’re expanding the presence and availability of those solutions in the U.S. federal market this year.
My biggest strategic goal and hope for this year is to hone our profile as a provider of federal security service solutions. That’s my focus for 2022 – to make Sophos’ name synonymous with cybersecurity for our federal customers.
This is particularly important given the mass shortages of cybersecurity professionals across the country, including within the U.S. government. Federal agencies are facing endless challenges from cyber and foreign adversaries even on a good day.
Our goal as a company has to be making it clear that Sophos’ security solutions and services can help agencies shore up their staffing shortages with easy, cutting-edge strategies for tackling security problems.”
ExecutiveBiz: What are the core values that are important to your company’s culture? How has your team developed its workflow and ability to drive success in such a competitive market?
Rob Lalumondier: “Sophos has five core values that speak to how we cultivate our government-industry partnerships, how we aim to bring new innovation to the federal market and how we operate as a company. Those values are: simplicity, empowerment, passion, innovation and authenticity.
For example, simplicity has to be reflected in the security products we bring to market. These tools must work, and it can’t be complicated to make them work. Overly complex solutions only handicap the people who are supposed to be using them.
As a company, we strive to embrace good design principles and automation as key elements of how we think about and engineer our solutions. In a cybersecurity landscape getting more complex by the day, efficiency and efficacy are paramount. It’s tempting for vendors to just keep plugging new tools and features into existing products, but it can overwhelm the operators using and maintaining those tools.
Another example of how we live out a core value is passion. Security is at the forefront of what the federal government does: keeping national interests secure. If that’s your work, you have to really care about what you’re doing.
Otherwise, you’re not just wasting your time, you’re also creating a climate that tolerates sloppy work or inattentiveness. And that climate breeds mistakes that cybersecurity can’t afford, especially when we’re talking about government security. Sophos brings a lot of passion to the work we do, and it’s hard not to be passionate about an area as exciting as federal cybersecurity.
One more value I want to talk about here is authenticity. Being successful in such a competitive, rapidly changing industry depends so heavily on encouraging our teams to be comfortable speaking up and conducting themselves in a genuine, honest and transparent way.”
ExecutiveBiz: What can you tell us about the implementation of recent acquisitions you’ve made and how they’ve benefitted your portfolio, technical capabilities and driven value for your company and customers?
Rob Lalumondier: “Our industry has been experiencing a major inflection point of mergers, acquisitions and divestments over the past two years, and 2022 will not be much different on this front. All these M&As and spin-offs are creating a ton of capital flow in the cybersecurity industry, and that reflects both the level of innovation we can expect to see and the stiff competition that’s driving that innovation. And all of it redounds to the benefit of our federal government customers and partners.
Sophos has capitalized on this movement to make a few recent acquisitions of our own, to bolster our expansion into the federal market. We recently acquired Capsule8, a market leader in visibility and detection and response for Linux machines and containers.
Linux is deeply ingrained in the federal government; Linux server workloads are practically the backbone of cloud growth in the federal space. So Capsule8 is a significant complement to how our managed threat detection and response capabilities can serve federal customers.
Another exciting recent acquisition was Refactr, now called Sophos Factory. Sophos Factory is helping bridge the gap between DevOps and SecOps, partnering security teams with scalable, consistent and faster response teams – all key to serving our federal customers.”
ExecutiveBiz: Congrats on recently joining Sophos! Why did you want to join the company and what were the attributes of its mission that attracted you to the role? What do you hope to accomplish with the company?
Rob Lalumondier: “Sophos has a long history of happy customers. The name was no stranger to me; I’ve talked to a lot of those happy customers in other jobs over the years. They have a strong reputation for developing best-in-class cybersecurity solutions. That alone is appealing.
But what really drew me in was their determination to build a more focused effort on U.S. federal government agencies. The federal government is in serious need of more innovative solutions for combating cyber adversaries around the world. It’s a market that is both very exciting to participate in, and also deeply serious and important to get right. Who wouldn’t want to join in on that?
It’s not every day that a company with the history, size and rich security products of Sophos decides to start focusing its energies on what is, let’s remember, one of the largest security customers in the world. It’s endlessly exciting to be a part of leading the charge on getting our federal government agencies to more easily utilize Sophos tools to protect themselves.”
ExecutiveBiz: How does your company ensure long-term success for your workplace to drive value for your employees, as you continue to face the uphill challenge to recruit and retain the best talent in the federal marketplace?
Rob Lalumondier: “The recruiting and retention challenge is also a matter of company values.
The cybersecurity landscape is very tumultuous right now, with companies merging, divesting and spinning off from each other en masse. That kind of frequent disruption makes it very difficult to create a consistent work culture for employees, and it contributes to this trend where, across the board, very few cybersecurity professionals will stay with any given company for more than a few years.
But that hasn’t been the case at Sophos, and I believe our company values are a major reason why. Sophos believes in a very high sense of employee empowerment – giving people the tools, the training, the access, and the resources they need so they’re set up for success right out of the gate.
That level of empowerment and leeway is critical to both attracting top-notch talent, and keeping them for the long run. It isn’t just a matter of throwing more money or benefits at people; cybersecurity pros want to do work that really matters.
And Sophos has been able to provide a mission that really matters, especially in the federal space, but also a culture of empowerment predicated on trusting, respecting, supporting, and building up our employees.
ExecutiveBiz: With federal agencies working to implement the latest trends in technology, such as AI, 5G, cloud and many others, what are your thoughts on the success and challenges that government agencies are dealing with to stay ahead of innovation to establish the U.S. as the global leader?
Rob Lalumondier: Looking at AI, 5G or cloud, our country has a very vibrant ecosystem for developing these technologies. Our federal government does a great job developing new ways of getting this tech into the hands of customers – whether it’s through DOD contracts, FedRAMP certifications, CISA initiatives, or similar opportunities.
There’s a perception of the federal government as this slow, lumbering bureaucracy. But I think what some perceive as ‘slowness’ is a process that actually serves them really well. If the system was too flexible and fast-moving, federal leaders would chase every new ‘innovative’ thing that came to market, racking up a ton of technical debt and wasting a lot of taxpayer dollars in the process.
The more deliberate and methodical pace of government, while sometimes frustrating, helps prevent the system from overcorrecting too far in the wrong direction. This pace also ensures that technology has matured properly and is able to meet certain compliance standards, before being integrated into government infrastructure.
While that may frustrate some who want to adopt new tech like AI or 5G faster than they’re able, it also ensures that when the government does take on these new technologies, there’s a level of compliance and reliability baked into them – and that immature, underdeveloped technology isn’t being woven into our national security system.”
ExecutiveBiz: With zero-trust technology becoming a major focal point moving forward, what can you tell us about the difficulties of implementing zero-trust architectures and focusing on data security?
Rob Lalumondier: “I do think it’s important that the federal government takes the initiative on zero trust, and I was glad to see the administration announce a plan for it last year. It’s a very bold plan, and to be honest, I think their timeline for adopting government-wide zero trust by 2024 is more aggressive than it is totally realistic.
But it’s good to be aggressive; it means they’re taking it seriously. And from what I’ve heard in conversations with some federal agencies, the people there are really whole-heartedly embracing zero trust as a philosophy – figuring out what their angle on it is going to be, what zero trust means to them and the tools they’ll need to support a zero-trust approach in their area of the government.
But for now, it is still an aspirational philosophy. The greatest challenge – which is really a series of thousands of smaller challenges – will be determining how to efficiently, and at scale, assign specific access permissions across an agency’s network to the over 2 million people who work within the government, plus the thousands of additional contractors who do business with our federal agencies.
There are literally thousands upon thousands of moving parts to account for. The major macro challenge of implementing zero trust in the federal government is how you provide everyone with the access they need without simultaneously opening up vulnerabilities for intruders to exploit. The scale of the challenge is massive but necessary to properly safeguard our national security networks against cyber adversaries.”
ExecutiveBiz: With artificial intelligence and machine learning impacting most industries and the U.S. military dramatically as we move forward, what has impressed you the most about the technology’s capabilities to improve decision-making across the federal sector and all areas?
Rob Lalumondier: “AI and machine learning (ML) are very exciting and rich areas to mine for cybersecurity purposes. Sophos has very robust AI and ML capabilities across all of our tools, and in our conversations with federal agency decision-makers, we’ve heard a lot of interest in and eagerness toward adopting this tech for government purposes.
From a national security point of view, there’s also the obvious adversarial element: cyber adversaries are surely going to begin adopting more AI and automation into their attack playbooks over time.
They’re not there yet, but it’s a matter of when, not if. And while AI in security isn’t exactly a ‘fight fire with fire’ scenario, it’s also a race that the government can’t afford to be behind in. Staying ahead means creating implementations of AI across the government.
For example, creating a baseline of AI and ML capabilities that can automate various tedious processes and daily tasks – like creating and sending basic reports – to not just make government workers’ jobs easier, but ensure that knowledge workers like security specialists are better concentrating their time and efforts on the work that most require their input.”
ExecutiveBiz: In recent years, what are some of the biggest improvements you’ve seen in the way we talk and think about innovation across the federal sector since the rise of cybersecurity, AI/ML, 5G and other emerging technologies?
Rob Lalumondier: “The ‘people factor’ here is huge and very encouraging. When you go to industry conferences and hear ‘AI and 5G’ thrown around as often as they are, it can sometimes feel like a regurgitation of buzzwords.
But it’s not just marketing talk; these concepts and technologies are really being internalized and put into practice, including with the government. There are many civil servants whose whole careers are focused on government infrastructure, and how to leverage emerging technologies as part of that.
We’re really just seeing the tip of the iceberg right now, and have a long way to go with how this tech is integrated into security products, utilized by federal agencies in real-world applications and so on.
But the big sea change right now is just how seriously the government is grappling with these concepts as part of their cybersecurity strategies. And, as part of that, how cybersecurity itself is being discussed and thought of in Washington. It’s not just seen as ‘someone else’s problem,’ where it’s delegated to IT to clean up.
Now the cybersecurity vernacular is being adopted by everyone across the board, including by folks who don’t specialize in IT or security, because now everyone recognizes the part they have to play and why it’s important for everyone, not just specific teams.”
