Sulohita Vaddadi [00:00:00]:
Hey, there’s a difference between a partner and a vendor. Partner is basically trying to make sure they grow and you grow and we give feedback and say this is not working for us. And the vendor adapts to it and improves their solution and at the same time they are transparent with us on this is where it would work. And no, don’t do that. Right, get something else, but don’t do that. It saves ton of a trouble for both of us and it helps develop the trust.
Mark Callahan [00:00:36]:
On this episode of the Identity Heroes videocast, we had a great time talking with Sulohita Vaddadi. She’s the CISO at GE Corporate and she shared some advice for vendors on how they might make their products easier to deploy and easier to use with corporations of that size. She also had been a vendor herself and she took some of the learnings about communicating the value and business need for identity and how she was able to communicate that better at GE as a result. And finally, she shared a very pointed example of a particular failure of a project that actually turned into a really important business learning for her and when she was able to know that she needed to walk away and reach French. And so I think it would be a great opportunity for you to join in and listen to us. Now let’s hear what Sulohita has to share. Hey everyone. Welcome to the latest episode of the Identity Heroes video cast.
Mark Callahan [00:01:27]:
I’m your host Mark Callahan and I’m joined by my co host Aldo Pietropaolo. And today we have a special guest in Sulohita Vaddadi who is joining us to share her journey as an Identity Hero in the industry that we all spend so much time and energy in. And that’s the greatest part about what we’re doing is we have individuals like you, Sulita, who are really bringing your story to us to tell others how they can get to where you are today. Perhaps follow your example and even some tidbits you might have for us. So thank you for joining us.
Sulohita Vaddadi [00:01:58]:
Absolutely. I mean, definitely being an identity has become my passion and identity and cybersecurity are coalescing as zero trust and identity as a perimeter. It’s a great time to be in identity.
Mark Callahan [00:02:13]:
Well, thank you for joining us, Aldo. Thank you for joining as well as co host today. And so from a structure perspective, as we do in most of our episodes for the Identity Heroes webcast, is that we are actually going through the different sort of story arcs of your, your journey. Sulohita, this is all about you and we want to just hear kind of, you know, as we Think about heroes. We often think about the origin story, where did we come from? And was it a radioactive spider or something that helped you become who you are today? But nevertheless, one thing that I like to do that’s kind of fun is you provided with me with your resume ahead of time. So I know all the job titles that you’ve held since college and I’d love to just sort of read those back. And then Aldo’s and Sulohita, as we think about this, an audience, you as well. Is this a linear path or did we see a little bit of bouncing around and get your take on it? So do you mind if I share that with our audience? Sulohita?
Sulohita Vaddadi [00:03:06]:
Absolutely not, Go ahead.
Mark Callahan [00:03:07]:
Lovely. Well, I know that you actually began studying you were doing. You had a master’s in medical bioengineering, is that correct?
Sulohita Vaddadi [00:03:16]:
Yep, Biomedical engineering.
Mark Callahan [00:03:18]:
So we started there and that’s where we began. And as I read through your cv, the titles and roles that you’ve had since were an IAM Security Professional, a Security Integration Lead, a Delivery Manager, Director of IAM Operations, Director of Service Leader for Authentication, VP for Cybersecurity and iam, and now a ciso. Now I would have to say this one’s actually a little bit more linear with the caveat of the biomedical engineering that took us into this path. What took you that direction towards cybersecurity and identity?
Sulohita Vaddadi [00:03:53]:
I can say it’s a pure accident. I was a master’s student in Florida International University when IBM came for the regular internship fairs and I just was talking to them about their genetic engineering program. But for some reason the Tivoli Security Architecture Manager said you should just come and try a stint with us. Like I like your energy and you’re doing medical image processing. Why don’t you come and explore this? Right? And I did a six month internship and I had the amazing privilege to actually work with now CTO of IBM Sridharmapathi and did these different internship programs and work done on their Tivoli products and Federated Identity Manager. And I felt like every single thing I heard was like my mind blowing. I just love the world of identity, how relevant it was to the world outside and rest. I felt is history linear? Until I got to a place where I felt like we were talking about identity so much as technology, but I could see the broader cyber implications.
Sulohita Vaddadi [00:05:01]:
Every time I go I’m like, I’m a cybersecurity professional, everything is identity, literally. So I stopped wanting to talk about identity as I am only. But really, how do you Enable cyber program. Right. Especially with zero trust as a foundational principle, with Identity as a perimeter. And I was looking for a way to use all my experience in working with different domains to get into a broader space. And I think GE definitely. And that I would say a little nonlinear because when GE started on its separation journey and we needed a CISO for the shared infrastructure that supports the separation for all three companies and launches them into their own independent businesses.
Sulohita Vaddadi [00:05:46]:
Think about, there is no pitch or catcher. We had to create the catching environment, pitching environment, establish the trusts and everything is identity. So my identity experience and the ability to connect to all the different domains really helped me get this as a role here. And man, like I tell everybody, having a strong foundation in identity makes my role so easy because you can go deep and wide and talk about the connectivity, talk about network security or endpoint security. Everything is identity. So I do feel that part is nonlinear and the biomedical engineering part is nonlinear. But my love and passion for identity stays true. I continue to stay up to date on it and continue to see how we can transform cybersecurity strategy being using human and non human identity paths.
Sulohita Vaddadi [00:06:37]:
Right.
Mark Callahan [00:06:37]:
That’s awesome.
Aldo Pietropaolo [00:06:38]:
I remember Tim Tam in my days. I’ve implemented those products before. They were. They’re pretty good, I gotta say.
Mark Callahan [00:06:44]:
Yeah. Sulohita, you know, you and I had a chance to talk beforehand and I know you did some of your graduate work was in imaging. Did you ever perhaps see yourself being a CISO at that time? Was that even a thought on the horizon that you’d be leading information security for such a huge organization?
Sulohita Vaddadi [00:06:59]:
Not at all. I honestly, even when I was in Identity and I went from IBM to Xerox to do Medicaid management information systems, so we were selling products, I always thought I would be an architect. I saw myself as a technologist, period. Right. Solution architecture. I get so passionate talking about solutions that people immediately saw me as a technologist. But when GE and truly a recruiter reached out to me and said we have a director for so operations in ge, I had to step back and say do I want to do this? But then the brand of GE and the scale, right. The impact GE has on world made me think.
Sulohita Vaddadi [00:07:40]:
And my husband really said you should take this role and try it out. If not, architecture is always waiting for you. And I went into GE and I have to say being in operations is like litmus test. I think everybody who is in Identity or any leadership position should live through the pain of running operations, SSO operations, especially all the late night calls it makes it so real for you, the friction, the customer pain that identity has a potential to cause. And now I’m very humbled and lucky to say, whenever I raised my hand and I said there’s a problem, they said, go solve it. Then I became an SSO engineering leader, then I became the identity leader. So it was kind of every time I see saw these issues I was like, here, this is not right, we need to do something. And I was able to get that support from General Electric.
Sulohita Vaddadi [00:08:32]:
And the separation journey has just added something else. So I never saw myself here as such. But I had constant thirst, if you will Mark, to make things better and easier.
Mark Callahan [00:08:43]:
I love it. I love it. Although curious, your background, we’ve talked for many times, not to put you on the spot, but when you were in college, did you see where you are today as a field CTO at a company? Did you see that horizon for yourself, just out of curiosity?
Aldo Pietropaolo [00:08:56]:
No, definitely not. No. I did see an entrepreneurial feature for myself which ended up happening at some point and to some level that’s kind of where I’m mostly involved in. So if you think now with Strata taking this new innovative approach of the identity fabric and the application orchestration and so forth, that’s kind of where I’ve been most of my career is at the cutting edge of technology or kind of like that next stage where it started with web access management, then identity management, then identity governance, administration, federation, going into orchestration and fine grain authorization, all those things that Suluhita was talking about providing solutions around and living in under the operational world is absolutely critical. I completely agree.
Mark Callahan [00:09:45]:
Right, Sulohita, I mean you hit that for your. I mean again, I was just sorry, wanting to get that other angle there. But you know, as a solutions person, you’ve just been really trying to solve those, those paths, Sulohita, and to see you as the, as a ciso, now that you’ve got to look back and say, boy, in undergrad and masters, like if you’d only known that you were going to be leading GE’s efforts in this way, it’s really impressive. It’s so cool. Now let me send this back to you, Sulohita. So we joked a little bit beforehand about that there’s not really a college degree for identity. So looking back in the way that I was just sort of framing this again, how might you structure like an ideal degree for identity if there actually was one? And what sort of other things might need to be considered that aren’t purely technology related now, especially as you’re A ciso, definitely.
Sulohita Vaddadi [00:10:32]:
I’ll take some things from my personal experience and some that I see from hard learnings. Right. One thing I think that enabled me to to become a better identity professional is have a solid understanding of all cybersecurity domains. Now I went and did my cissp, that was around the time I joined ge. But that truly rounded up just my language, my ability to connect the dots across all cyber domains and be more of a holistic solution provider, that was one big thing. So I would say anybody coming into Identity think about cybersecurity first. Right? You are an integral part to it. Look at the domains and then the other piece is understanding the regulations, frameworks and standards.
Sulohita Vaddadi [00:11:14]:
How many days and weeks do identity professionals spend on compliance? Depending on the industry you are, you could be spending 60% of your time on soft compliance or CMMC compliance. So understanding the why of it, right? So that you actually design products with regulation insight. I always say we said security for strategy design, security and compliance design in my head so you don’t lose sight of it. So that’s another big piece so that people are not surprised. Why am I being asked all these questions? Because identity is the front and center for a lot of compliance and knowing the regulatory oversight and the requirements across the world and different regions is really helpful.
Mark Callahan [00:11:59]:
So there’s a little bit of polscci. I’m going to put a little bit of like global operations polscci. We have the cybersecurity, the computer science.
Sulohita Vaddadi [00:12:07]:
And then I would say like an interesting skill I found is project management. It’s because identity is never a single product. It is like a ton of products within itself that they have to talk and then they have ability to disrupt or touch everything else. So if you have strong program and project management skills, you’re able to build that dependency and impact statements. It automatically makes you a better identity professional. I feel like the forgotten skill a lot of times and that helps you bring the voice of the customer, understand different Personas, use cases. All that falls under project management umbrella.
Aldo Pietropaolo [00:12:45]:
Totally. I second that. Huge, huge. That’s exactly what I would say. Right. Cissp. When I went to RCA Security, that’s where I got my cissp. Then after that I figured there was a big gap in my knowledge around project and program management.
Aldo Pietropaolo [00:13:00]:
So I took executive courses at Stanford to kind of get that into, into the mix. And then just operations is key, like actually supporting customers in a real life. As I say, it’s not a proof of concept. This is like real stuff where you get a phone call at 2:00am saying, Aldo, this agent on this server is not responding. It’s frozen. We need to restart it. It’s not connecting to whatever policy server. The policies are amiss.
Aldo Pietropaolo [00:13:25]:
They’re not working, et cetera, et cetera. So it’s, it’s real stuff. You know, we’re either losing money or we’re at risk. And there’s a cybersecurity risk that we have to mitigate here or. Sulahita mentioned a lot of compliance work. A lot. A lot of work goes. Goes in a lot of pain too, to be honest.
Aldo Pietropaolo [00:13:42]:
I mean, I used to run large IAM programs for state and large enterprises. And yeah, it gets pretty interesting. I have some, as you know, as you know, we could probably share stories about.
Mark Callahan [00:13:55]:
I want to get into some of these stories.
Aldo Pietropaolo [00:13:56]:
There’s stressful times. There’s times where there’s team dynamics, there’s program management dynamics, there’s funding dynamics, there’s just human dynamics involved. And it causes contention sometimes. And then there’s vendor dynamics. I do represent the vendor. I mean, I work for a vendor, but I understand that vendors sometimes make it worse depending on the type of technologies involved and that competition and there’s politicking involved.
Mark Callahan [00:14:23]:
I would love to actually dig in. So he done on the politicking. I say just even the communication side too, to dig in just a little bit. So for our audience, I’m not going to ask you to say how do you sell to the CISO at a major corporation? That’s not what I want to ask. But I am curious because you went from like vendor side. So you were doing the work on the IBM and the Xerox side to client side. As a practitioner at Georgia, communicating the program, you weren’t always the ciso. You’ve worked your way up.
Mark Callahan [00:14:48]:
What sort of communication things did you learn across departments and teams to sell the value of identity worked well for you. Is there anything that comes to mind, Sulohita, on that side, I mean, different.
Sulohita Vaddadi [00:14:58]:
On depending upon different Personas. Right. My first thing with identity was always when you put in a large project or program. Like, I’ll say this tech is easy. People are complex. Like, right on that. Right. Understanding that is a big deal.
Sulohita Vaddadi [00:15:14]:
Because a lot of times, I mean, it’s forget about identity anywhere in industry. It’s about what is in it for me. What is the shared goal and objective. Right. Yay. Great. That’s your project. You want to get it live, want to roll out MFA for everybody.
Sulohita Vaddadi [00:15:29]:
Awesome. I understand why, but why? How does it make me better and secure. Some are easier and some are not easier. But it’s explaining that that why, if you will, the carrot of it. Right? Many a times I want to tell a story about, hey, we are going to make you adopt your cyber controls, your IAM controls. You check all the boxes on common controls. You don’t even have to think about soft compliance. Like we make it easy for you or you adopt this particular integration, we make it easy to sell your product.
Sulohita Vaddadi [00:16:00]:
Right. That’s what we did in FMIS products, for example, not in ge. But we said, hey, we can make sure that all your providers and members authenticate seamlessly and all you have to do is xxx. So defining that value proposition and connecting to what that person’s shared goal is is the most important thing in my head. If not, it becomes, hey, I want you to do this. And they’re like, well, it comes last in my body. Why do I need to care about it?
Mark Callahan [00:16:25]:
Until you’re the ciso and then you can say, do this and then people do the thing. But I can’t. I don’t know that even then I.
Sulohita Vaddadi [00:16:31]:
Always found engendering a shared common goal, galvanizing people around there is much more successful than being a no person. Right. We are truly saying that cybersecurity should be an enabler. It should be a business value proponent, not you got to do this because we said so. Right. I think identity and cybersecurity is evolving to be an office of enablement, not don’t know. And we take that pretty seriously. Right.
Sulohita Vaddadi [00:17:00]:
Defining the value proposition.
Aldo Pietropaolo [00:17:01]:
That’s right. Does that sound familiar, Mark? Some conversations we’ve had about solving problems and adding real value. Right?
Mark Callahan [00:17:07]:
Absolutely. And as a business enabler too, is really great to hear you say that. I don’t have the quite the experience that the two of you all do on the identity side, but I certainly have been here long enough to know that IAMT comes knocking. And oftentimes the app teams are just kind of just like, again, oh gosh, what do you expect of me now? And it’s like when you’re able to shift that entire conversation with them and they’re like, wow, you can actually help me do what I’m doing. Better or better yet, the board of directors and the CEO realized that you’re bringing business value and pushing the company forward. That’s exciting that that elevates us all.
Sulohita Vaddadi [00:17:38]:
And the good news is cybersecurity and identity and access management. I mean, especially after Covid, like, remember, all of us would have Done it like pushing VPN access to thousands of people and loving secure remote access for everybody.
Mark Callahan [00:17:52]:
In 24 hours, right? Yes, yes.
Sulohita Vaddadi [00:17:54]:
Literally in 24 hours. Like I still remember living through like teaching my kindergarten at home and trying to remote access to the thousands of users we had. And that brought it to the front and center that there are no brick and mortar accesses. Right. Offices where you flash a car, the seamlessness of it and the flexibility of it, like everybody got used to it. And identity powers it up. Right. How do we do it securely? I think some are easier to sell than others.
Sulohita Vaddadi [00:18:23]:
In my head, authentication is a lot more forefront now. People hear about these breaches. But privileged access management and highly privileged credentials, especially when people move to cloud, that whole cloud security and identity access management, that’s still evolving. There’s more work to do now. Human identities are understandable. Non human. I feel there’s, there’s a lot more work to be done there. Which identity has a huge role to play and we need to get better at defining the value in simplistic tasks.
Sulohita Vaddadi [00:18:54]:
I mean, that’s what I would say. How simple can you get with this messaging? Because you’re not going to go to a board and say, well, we are going to do all of these fancy protocols. You’re going to say, this is how I’m going to reduce my attack surface and protect my company and this is how we compare it to everybody else and this is the ecosystem we’re building.
Mark Callahan [00:19:14]:
So, yeah, your strategy, well, that feels like a perfect conversation around challenges. I’m going to bring us back, I want to keep going, but I just want to bring us back to a little bit of the structure of the hero’s journey, which was we now figured out how you’ve gotten to where you are along the way. I’m sure you had some challenges, the gauntlets, the different battles that you had to fight, but everyone loves a really good plot twist. Also, is there anything that was an extraordinary challenge, or even perhaps a failure, but became such an incredible learning experience for you that it was a really pivotal moment for you in your career? Just out of curiosity, I mean, there.
Sulohita Vaddadi [00:19:47]:
Are many, so I’ll have to pick one because I’m sure everybody gets burned through this journey. But I’ll probably touch back onto the same concepts I had before because the learnings, I was sharing these through those barriers, we tried to put in a cool piece of technology to protect a big attack surface. Right. And we built such resilient infrastructure around it. We had CICD, we had high availability we had Dr. Like, everything was perfect. What we didn’t do very well is understanding all the dependencies for it to actually work in our environment. We do all of this and then we went to the stakeholders and said, well, we need all of this data.
Sulohita Vaddadi [00:20:24]:
And they’re like, what do you mean? To even get you that data, we will have to do 10 upgrades and change all of this network architecture and it’s not going to happen. It was such a big aha for me and it was a tough one, right? I had to go back and honesty is the best policy. I would not waste one more dollar of my company’s money if it is an unattainable goal for the short term. So I had to go back and say, listen, right vision, we need it. We absolutely need it. But we need the company, the entire company’s infrastructure and shared goal to be established and get that business process into a way where this can be supported. We need to bench the project. Luckily we found a way to salvage it and move the people around and all of it.
Sulohita Vaddadi [00:21:12]:
But that was a tough decision for me, right? Whether I was like, should I continue to play this game and say I’m working it, we’ll figure this out, or should I take a hard look at it and say I failed. I didn’t think about this, right? Let’s go back. But take the bitter pill and basically say I didn’t look at all the dependencies. That was a big, big learning for me around aligning with the right stakeholders, understanding who are impacted, slash whose engagement you need. Getting leadership alignment is easy because that I think we get good at. We need funding. We have great pitches to make sure we get the funding. We know what risk to mitigate.
Sulohita Vaddadi [00:21:52]:
But then operationalizing it and understanding strong dependencies, that’s the one that taught me to make sure I don’t call any project successful until it’s actually operationalized and delivering the business value, right? It was like an aha moment for me.
Mark Callahan [00:22:07]:
I don’t know about you, although I’m feeling the project management like also a communication side to this, right? Like just an incredible communication angle. I mean, you’re very eloquent speaker and so I could imagine it’s very easy to tell the story solely to leadership. How do you get to people who have all their own agendas and little individual fiefdoms elsewhere? And it’s like, how do I do that? And that’s amazing to have learned from that. And yet, as you said, you salvaged the project. You didn’t lose your job, you were able to make the decision that was, that needed to be made at the time.
Sulohita Vaddadi [00:22:33]:
Exactly. I mean, you learned from it. You figured out now how to bring a bigger story together. Not just your tiny little ask, but say, here is the broader ask. And really more than people having agendas, I think people lack awareness. Right. You’re absolutely right. It’s the communication.
Sulohita Vaddadi [00:22:48]:
But communication in a way that helps them understand. Right. Like a network leader will need to understand what does this project mean for them from a network perspective. Whereas a change management leader may need, hey, we’re going to have an earnings call the next day. You’re not going to make that change. So all the different Personas, it comes with experience. Nobody learns that. But having the humility to know, you will never know anything.
Sulohita Vaddadi [00:23:12]:
And being open enough, I think to say, I need help. Some of the times that you learn when you’re younger, professional, you want to do it all, you want to prove yourself. I found so much more power in saying I want to do the right thing. I don’t know, it all help me. And it’s amazing how many people open up, right. Instead of being, oh, why should I? Right. Like it’s my domain. So it’s just that humility of it too.
Aldo Pietropaolo [00:23:35]:
Totally. Sulayita, I’ve been in this business for over 23 years and I say that I’ve been failing for over 23 years. So fail, learn, improve, fail, learn, improve. And there’s truth to that, right? Because I mean if you’re going to be always constantly trying to solve these new challenges in new and innovative ways and trying to kind of determine where the identity stack should go or should not go or kind of. That’s also nerve wracking a little bit. And it’s kind of, it’s kind of, you have to rack your brain through and think through how do I first operationalize all this stuff? Knowing what I know about upwards of 100 deployments in enterprises, you know, and knowing what our customers go through and empathizing with our customers, how do we really make something smarter, faster, simpler? To your point, just simplify these things. And so I think as we move forward in the identity landscape, it’s going to get better. I see certain things that are starting to move, but yeah, kind of wanted your opinion on that.
Aldo Pietropaolo [00:24:35]:
On, aside from the challenges, are there any type of approaches, framework solutions that you are seeing now that are kind of is showing that glimmer of light at the end of the tunnel?
Sulohita Vaddadi [00:24:47]:
I mean, I mean, look at how far authentication has come across Right. Just thinking from that SAML days to now, YBC and SAML becoming a very foundational protocol as aligning on those standards and products. A lot of stakeholders aligning on it. Right. Big vendor companies opening it. I’ve seen some movement and provisioning in there too. As these big cloud hosting providers develop their own identity and access management journeys. There is more alignment on making sure there’s less disruptiveness in changing technologies and other things.
Sulohita Vaddadi [00:25:19]:
I do think the newer challenges that are coming in with AI and identity is going to make it very interesting. We’re still talking about authentication so much. There’s so much to do with authorization. I cannot tell you about the boundary discussion around authentication authorization and how sometimes we as leaders say we are providing authentication application owns authorization. How do you make that more simpler? How can you integrate that in one click button and not make well it’s you, it’s me kind of discussion. How do you unify it? I think we still have more ways to go there. Like I said, privileged access management. We’re still seeing a lot of features outside with a cloud account being exposed or a tool being installed with the default admin credential.
Sulohita Vaddadi [00:26:07]:
Like we got admins. Right. So that those foundational things. In some cases I feel like vendors need to make it in a way where default credentials must be changed. We won’t even let you get it without changing it. Like how do you start making it more intrinsic and alder you hit upon it.
Aldo Pietropaolo [00:26:29]:
Right.
Sulohita Vaddadi [00:26:29]:
How do we not make this like a yet another step that somebody else has to take, but just life cycle of deploying the product because it feels like I need to install, then harden, then secure or why can’t it be one single step? Install it securely.
Aldo Pietropaolo [00:26:44]:
I’m with you totally.
Mark Callahan [00:26:46]:
I love the direction of that. Well, actually you’d mentioned just a little bit of like how you were seeing the outcomes and like seeing the effectiveness. You’re actually one of the first CISOs that we’ve actually had on the show and so I would love to know how you measure success. There was probably measurements that you had like when you were a department lead and other points in your career. I think of myself in marketing. I know my individual outcomes. But as a ciso, how do you measure identity success of your programs? Like what are the OKRs and measure criteria?
Sulohita Vaddadi [00:27:13]:
Yeah, and that’s a great question because if you asked me 10 years before, I would have said my project is successful, like it never fails, it’s reliable, it’s secure, it’s highly available. I’m Done. Why is everybody complaining? Right. But now I would say really, it isn’t giving you the strategic outcome before you implement any project you start out with. Why am I doing this? It’s because I’m trying to mature or solve for this big gap I have. And I would align it to a metric, a consumption adoption metric, a metric that ties to my incidence. Right. I always say I try to map my implementations to the NIST CSF framework.
Sulohita Vaddadi [00:27:55]:
Identify, protect, detect, respond, recover. Because you cannot implement a protect capability. Identity false. Primarily in protect without having the right detections on SecOps, without having the right identity threat detections. Right. Your active directory threat detections or so much data in identity. So as long as you connect all of the dots, have right metrics to say, yes, I’ve been using incidents. Yes, yes.
Sulohita Vaddadi [00:28:20]:
I’m actually having the consumption at a layer where it is effective. MFA again is an example. You could roll out MFA technology and no application is using it. You are as secure as you were yesterday. So adoption metrics, you’re tied back to your cybersecurity effectiveness. To say, am I limiting my attack surface? Am I protecting my company better? Are my incidents going down? Am I able to detect and am I able to use the data coming out of this identity product or technology I’ve implemented? Well, that’s where I missed earlier. But data intelligence with the treasure trove of the data that identity provides is one of my pet peeves. Like we gotta get better at using that to protect the company more and stitch the context signals better.
Mark Callahan [00:29:08]:
Sounds like a vendor’s opportunity. If you’re listening out there, those are the things that we need done. And also I think a vendor lesson and really? Yeah, change that password as soon as you install that one. Click install. That’s just. Yes. Goes without saying. So well, next part of the Identity Heroes videocast we typically like to ask a little bit about.
Mark Callahan [00:29:25]:
Again, we had a chance to talk beforehand and you’re just so humble about how you got to where you are and the team that you did it with. Sulohita. It’s just like as you think about working across departments and really selling that business value of identity. I know we talked briefly about understanding the Persona and what’s driving other folks. Were there any lessons that you took from being on the vendor side into the client side that helped you sell the value of identity better?
Sulohita Vaddadi [00:29:48]:
Yeah, I mean, that’s a great question. And part of it is really being clear on what you’re good at and what you may not be good at because many a times when we bring a product into an ecosystem. Right. Especially identity. One product doesn’t solve for it all and one product doesn’t do it all well. So understanding where does it fit and understanding your customers environment. Right. And the ecosystem of tools and being really transparent about what works and what doesn’t work is what like I took for me.
Sulohita Vaddadi [00:30:21]:
Right. That the and I you can call it authenticity, transparency. But being a partner more than a vendor. Right. Every time we say a vendor I’m like hey, there’s a difference between a partner and a vendor. Partner is basically trying to make sure they grow and you grow and we give feedback and say this is not working for us. And the vendor adapts to it and improves their solution and at the same time they are transparent with us on this is where it would work and not don’t do that. Get something else but don’t do that.
Sulohita Vaddadi [00:30:50]:
It saves ton of a trouble for both of us and it helps develop the trust. It’s all the human element of it. Right. Trust transparency around what you’re good at. You’re absolutely good at some things. Right. And where you have more work to do. That’s a big one for me and I bring that into my everyday life of leadership in general.
Sulohita Vaddadi [00:31:11]:
Right. Be more transparent and authentic as much as possible. Build your brand and trust. It’s the same thing for vendors do build your brand and trust. Be a partner.
Aldo Pietropaolo [00:31:20]:
I love that. That’s the only way I roll. Yes. And Mark knows that I’m very transparent.
Mark Callahan [00:31:26]:
Although we’re having a similar conversation this morning and I love hearing that because so many times I think you talk with a vendor and and they want to get the sale so they’re going to tell you all the things that they think it could do. And you know what if I put some extra bubble gum and tape on it this way I can make it do that other thing. Sure too. But it starts stretching out at the edges and all of a sudden it just isn’t doing any of those things. Right. And you’re going to suffer. But they. It doesn’t make a good relationship either way.
Mark Callahan [00:31:50]:
But that. So having a vendor that would actually tell you so they did like I know it does this really well the thing you asked it could but you know I’m going to say it doesn’t. That’s the honesty you would love to hear.
Sulohita Vaddadi [00:32:01]:
Absolutely. And built in your roadmap. Right. Like there could be a short term and a long term strategy around it. But just knowing that will help us protect our companies better and have Good roadmaps for ourselves too. I’m always building three to five year roadmap and I would love to know your roadmap and align to it. Right. If we’re partners.
Aldo Pietropaolo [00:32:18]:
So yeah, that’s so key. I mean, that is really key what Sulliva is saying. That is what defines a true service provider. Because you’re doing a good, wholesome service for your partner. And that’s how I’ve always operated. Right. And Strata operates that way. That’s key.
Aldo Pietropaolo [00:32:37]:
So that’s why, I mean, with our team, field engineering team, Sulohita, in our case, that’s the way we’ve kind of inculcated the culture to be. It’s full transparency, openness, empathy, and right off the bat say, hey, look, the product does this very well. Here’s where it doesn’t do very well, but here’s the roadmap. And it may or may not align. But we would love to partner with you to solve this core problem and this other problem. Maybe you should look at this other solution or that other solution. And there’s cases where I go into advisory mode, not even talking about product and just leveraging my time in the industry and say, well, how about this? How about that? And there’s cases where there’s product not even involved in the conversation. So I agree with you.
Aldo Pietropaolo [00:33:19]:
And that’s a big difference. And that has to transcend all the way through the, in my opinion, all the way through the economics with the customer as well.
Sulohita Vaddadi [00:33:28]:
Because it’s business at the end of the day. Right. Having transparency in that model. Right. And building that together. Absolutely agree.
Mark Callahan [00:33:36]:
And no one wants to be oversold. I mean, it’s one thing to be oversold. If you’re buying a car and you’re told it can do all these things and you actually buy it and it turns out it can’t quite. But when it comes to the industry that we’re in, identity and security products, to oversell and overstate the capabilities of something isn’t just a poor relationship building, it’s downright dangerous for the clients as well. Right. When it’s that really thin edge of making something trying to shoehorn in a solution when it doesn’t belong. And so I’m sure vendors take note that we need to make sure that that doesn’t happen because that’s just.
Aldo Pietropaolo [00:34:06]:
Yeah, take big note.
Mark Callahan [00:34:08]:
There’s not a space for that. There’s not a space for that.
Aldo Pietropaolo [00:34:10]:
In fact, we should do an episode just on that.
Mark Callahan [00:34:12]:
Oh, yes, we absolutely could. We could, we could. With ideas Though, no, do not worry. Everyone not getting political, just the economy on a whole is getting a very interesting place right now, especially in the United States. And as we’re thinking about ways to save money last year there was always this push for do more with what you have, you know, really what can you do to really extend what you already have in place? And I have a hunch, you know, as we’re all watching the world right now, it’s becoming even more so. You know, if there’s any kind of economic headwinds we’re facing right now. Sulohita, as you’re leading the team, are there ways that you think about the ability to do more with the team and the expertise and the vendors you have? Are there any examples that you might be able to share to find those efficiencies?
Sulohita Vaddadi [00:34:54]:
Yeah, no, absolutely. I think the first big thing is you cannot do it all. Pick your priorities, know your business strategy, your highest level business outcomes. Have three to five priorities that you have to do to ensure that your business can actually deliver. Because if you overstretch and try to do it all, you’re going to be moderate, mediocre at everything. That’s one thing. Prioritization and having standard work and standard offerings like know what you can do and what you can do. Clearly communicate that you don’t want to leave your customers hanging saying hey, right, I want this, can I do it or not? Have it clear, right? Automation, Automation.
Sulohita Vaddadi [00:35:31]:
Depending upon where you have your identity infrastructure, if you’re self hosted you need to go all in that automation because identity as infrastructure gets extremely hard to maintain. We have huge footprint so choose how you manage that footprint. Cloud, hosted, right? There are a lot more better SaaS offerings now compared to before, right? There is a lot more SaaS based solutions that you could look at depending upon your industry and then self service, make that adoption frictionless. Don’t try to put yours, don’t try to have a customer create 20 tickets to get one integration done. If you can figure that design patterns and put self service in, that’s a huge one. And lastly, good training and education materials. We had created videos, a lot of different fun ways to say why you should do this or what is the easy way to do it. So for me all of this comes together in maintaining lean teams which we will always be pressed upon.
Sulohita Vaddadi [00:36:28]:
Nobody is ever going to say here’s.
Mark Callahan [00:36:29]:
No right, we don’t sit around with excess capacity just like what do we do with all these people and all these hours. No, it’s not that I agree Never that, but yeah, I love that. Well, so as we’re thinking forward and I want to just be careful of time and, you know, we’ve just got, you know, about five minutes left in our episode today is. I’d love to just think a little bit about. The three of us often travel and do presentations and get to attend industry events. But not everybody has the benefit of being able to do that. They have the budget or the wherewithal or the approvals from their teams to travel. Are there certain ways that you continue to grow and educate yourself, Aleta, that our audience might be able to groups that you’re a part of or places that you go to learn more about identity? You mentioned asking questions.
Mark Callahan [00:37:12]:
Who do you ask questions of today?
Sulohita Vaddadi [00:37:14]:
I mean, I have so many mentors inside and outside the organization. GE allows for a broad team. For example, recently I was talking to the need for a United Airlines about like, hey, can you give me some advice? I have a lot of leaders that I maintain connectivity with the people that I’ve worked with. But I also go to local CISO and identity events. I’m an active participant in that. A lot of podcasts. Identity at the center is one. The CISO series is another one.
Sulohita Vaddadi [00:37:42]:
I always keep looking for different content and I read recently I finished reading Co Intelligence book and on artificial intelligence and I think that was amazing. I’m an avid sci fi fiction fan, just so you know. So anything that comes with my fantasy and AI totally does it for me. It’s like, yay, finally we are in the world. And the books that I’ve read, Neuromance or anybody, but that’s like my thing and I read a lot different ways. Stay connected right in person podcast. But this, right. I’ve learned from Al J so much before this call on all the things you’ve done.
Sulohita Vaddadi [00:38:16]:
It’s just. It’s great when we have these kind of discussions, I think, and share perspectives.
Aldo Pietropaolo [00:38:21]:
Yeah, we gotta talk to each other more. That’s a good point.
Mark Callahan [00:38:24]:
We do have to talk to. Isn’t that the best part about what we’re doing right now? I think for a while there was a place where we were so insular and competitive and can’t let anyone know the secrets of what we’re doing. And yet now we are. We’re peer learning across the industry and.
Sulohita Vaddadi [00:38:37]:
That’S a big one. You are absolutely right. I think there is an awareness that this is not like a secret that you have to keep in. You’ve got to share more and you got to Build trust. And we are doing that a lot more, for sure.
Mark Callahan [00:38:48]:
That’s it. Yes. It’s not a recipe kitchen where we’ve got the secret 11 spices and herbs, and we can’t let anybody know what it is because they’re going to get the secret. This is things we’re all going to learn from, and it just makes us all better because of it. And the mentorship, it’s a huge part of what I do. And everyone knows who watches the episode. I talk like crazy. I love to ask questions like crazy.
Mark Callahan [00:39:07]:
But as you think about mentors, especially, you know, being a woman in identity, I’m sure that’s been something where it’s been really interesting for you just to ask the questions. And I mean, it’s just so awesome to see all that you’ve accomplished. And we talked with Eve Mailer a while back, and she also talked about how much she just loves to mentor now. People who sometimes are intimidated to talk to her, and she’s like, please talk to me. I love to talk and share my knowledge.
Sulohita Vaddadi [00:39:32]:
Absolutely. I mean, we have a great mentorship program within GE in itself, but I always have people who refer somebody from their organization just to talk to me because I’m a woman inside the security, and they’re like, hey, I think you can resonate with her better. And I’ve had those examples. And I’m an extrovert, like you see. But I do reach out again to different. I have a woman leader. My cio, Sharon Martin, is an amazing example, too. It’s just the different perspectives you get from a CIO versus CEO.
Sulohita Vaddadi [00:40:04]:
Right. Patrick Friedy, who is my aerospace ciso. All of them. I have to say, the amazing support I get. If you ask for help, people will help. I think the first step is just stepping up and saying, could you. Can I reach out to you? I don’t think anybody would say no. I would never say no.
Mark Callahan [00:40:22]:
I love that. If there’s one thing to take away from that, I love that. That’s perfect. It’s so many times, especially people junior in their career often are intimidated by leaders, and they just think that that person’s not going to give them the time of day. Here you are, Sulohita, you’re a ciso, and you’re saying yes, if someone asks, I will gladly share information. That’s what people need to hear.
Sulohita Vaddadi [00:40:40]:
I mean, that’s what makes our industry better. Right. I have two girls, right. And I continuously teach them, ask for help. It’s not bad to ask for help.
Mark Callahan [00:40:48]:
That’s It, I mean the worst that’s going to happen is somebody’s going to say no. The best is all of a sudden you have this mentor relationship and they’ve just elevated you so much in your, your own career.
Sulohita Vaddadi [00:40:56]:
Absolutely.
Mark Callahan [00:40:57]:
That’s great.
Aldo Pietropaolo [00:40:58]:
We are short on time but I would love to speak to Sulohita about AI and how that’s impacting your program. So maybe for another episode or a different conversation, I was going to say.
Sulohita Vaddadi [00:41:08]:
Where is that word? Like we didn’t say AI. Well, maybe we say it once.
Aldo Pietropaolo [00:41:12]:
Yeah. I’ve personally been doing a lot of skunk work. So the way that I learn is through actually doing it, through implementing the technology and to your point Sal, operationalizing it, trying and hitting my head against the wall on these major challenges and saying, oh boy, I got a problem here and I need help to your point. And reach out to my network, my peers, hey listen, I’m testing this model. I’ll give an example. I created a virtual advisor that based on my 20 years of experience, I fed the data to the model and you ask it a question and it’s like talking to like a consultant.
Sulohita Vaddadi [00:41:48]:
Amazing.
Aldo Pietropaolo [00:41:49]:
It’s weird. I can show you that if you’re interested at some point but because I asked the questions, hey look, here’s what I have. Here’s my environment, looks like this and my projects are funded this way and that way and here’s my team structure. What would you recommend? And it just based on that, it like picked out IAM capabilities from access management, from Federation, from session management, from single sign on, from iga and it put everything together and I said, well can you put a roadmap together and project plan? And it did it. I was like, what?
Sulohita Vaddadi [00:42:17]:
You know, you’re like how am I going to make sure that it has patented.
Mark Callahan [00:42:21]:
Yes, yes, yes, yes. Who actually owns this result is the answer.
Aldo Pietropaolo [00:42:24]:
I was thinking of just opening it and just getting feedback on it, but that’s just a little tip of the iceberg. But I think, I think there’s so much to AI and you know, of course making things happen through agents. So agentic AI playing different roles is now something that I’m thinking about as well as securing them. Making sure that data is kept confidential and that is not leaked, making sure the agents behave because they may misbehave. It’s getting pretty interesting. So at some point, I mean Mark, maybe we can schedule different follow up episodes if you’re open to that Salahida.
Sulohita Vaddadi [00:43:01]:
And we can have a chat after this.
Mark Callahan [00:43:03]:
Yeah.
Aldo Pietropaolo [00:43:03]:
And we can have a chat.
Sulohita Vaddadi [00:43:04]:
You’re going to geek out on agent AI and AI and all the applications.
Aldo Pietropaolo [00:43:08]:
Totally. So we can geek out. I’ve been working with like The Google models vs llama vs chatgpt which is kind of expensive a little bit because I’ve been hitting, hitting the APIs. I mean you’re talking like hundreds of thousands of API requests so it can be pretty pricey for skunk works. But yeah, I would love to chat.
Sulohita Vaddadi [00:43:25]:
With you if you’re driving of a great be doing it all and trying to figure out how to protect enable exciting times. That’s all I could say.
Aldo Pietropaolo [00:43:33]:
Yeah, yeah, definitely. So yeah, you and I have to chat on that because I got some ideas. But anyways, go ahead, Mark.
Mark Callahan [00:43:39]:
Well, certainly as a sci fi fan I think that you know what you’re we’re talking about with AI side like I mean that’s, that’s going to be writing its own novels pretty soon here and we’re going to be able to have whatever we want. So before that happens, I definitely want to get your reading list. So I’d love to share, take a look at that for your sci fi books, you know, afterward. But nevertheless, we always end every episode asking our heroes who we’ve invited to think about someone that maybe they would also nominate and think make a good guest on the show with us. Do you have anyone that you might recommend?
Sulohita Vaddadi [00:44:05]:
Top of my head. I would say Pamela Dindall. She is the entre ID Microsoft.
Aldo Pietropaolo [00:44:10]:
Absolutely.
Sulohita Vaddadi [00:44:11]:
And she and I had so many different chats. Right. I love chatting with her and we used her as a mentor when I was growing in the career and a very gracious lady.
Mark Callahan [00:44:21]:
Excellent recommendation and I’m sure we’ll have an amazing standards conversation with her as well.
Sulohita Vaddadi [00:44:26]:
Exactly. She’s all into making Identity World better like little by little. In fact, she works for Microsoft which has a huge footprint and had an advantage there.
Mark Callahan [00:44:37]:
I love it. Well, Sulohita, thank you so much for joining. Aldo, thank you for joining and hosting with me. It was a pleasure having you today. We want to thank our audience for joining us as well. And Sulohita, it was really great and it’s so fun to hear your story about where you came from. I mean again, back from the imaging to being a CISO today. It’s just, it’s awe inspiring.
Mark Callahan [00:44:56]:
It’s really great.
Sulohita Vaddadi [00:44:56]:
Pleasure is all mine. Thank you so much for having me. I mean I did not imagine we’d have so much fun on this.
Mark Callahan [00:45:01]:
Oh, it’s great. This is great. We have a blast thank you.
Sulohita Vaddadi [00:45:04]:
This is a time of two friends. Honestly.
Mark Callahan [00:45:07]:
Wonderful. We’ll see everyone next time. And we can. Take care.
Aldo Pietropaolo [00:45:14]:
Sam.
Media kit 
