Inside the mind of the CTO

Three security experts pull back the curtain during Cisco Live

Recently, we hosted a theater session at Cisco Live 2019 that brought together three senior security leaders: Bret Hartman (VP and CTO Security Business Group, Cisco), Charaka Goonatilake (CTO, Panaseer), and Jon Oberheide (Co-founder and CTO, Cisco Duo Security). 


The role of the CTO

During the spirited discussion, everyone agreed: Today’s CTO is challenged by the complexity, the number of technologies, and the shifts that are roiling the landscape — especially the transition to a software-defined, hybrid infrastructure. 

Security is a massive $100B category, fragmented across 30 to 40 subsectors, and each sector is characterized by best-of-breed point solutions. 

Five years back, CTOs and CISOs were biased towards adopting best-of-breed solutions. However, this led to a massive problem: vendor sprawl. Very quickly, security teams realized SOCs were getting overwhelmed. 

As Panaseer’s CTO Charaka Goonatilake said, “We see organizations can’t manage so many devices with so many alerts, even if they are best of breed. We need a single pane-of-glass solution that prioritizes the 10 or 12 actions I need to take across my infrastructure — both on-prem and in the cloud.”

cto mind body - Inside the mind of the CTO

At the Cisco Investments Village, (l to r) Panaseer CTO Charaka Goonatilake, Cisco Vice President and CTO Security Business Group Bret Hartman, Duo Security Co-Founder and CTO Jon Oberheide, Cisco Investments Head of Security Investments and M&A


The reality of a unified security architecture

As cloud adoption drives massive fragmentation, our panel of CTOs shared the view that CTOs are looking to simplify. They’re looking for a unified security architecture that provides a full horizontal view across all applications and workloads. 

Though many dream of a unified architecture, experienced leaders like Duo Security’s CTO Jon Oberheide understand the reality is fuzzier. “The cloud is a double-edged sword,” Oberheide said. “We’re in a world where the developer has virtually unlimited resources and potential scale. All you need is a credit card, right? But you can skip a lot of steps when it comes to security.”

As we shift from a best-of-breed, multi-point paradigm to a unified architecture, CTO’s concerns will continue to be: Am I secure? How do I convey that to the board? What are the right metrics? How much control do I need? How do I get more visibility? We’re always searching for better solutions, paying attention to current trends, and seeking relevant innovations.


Final thoughts

Cisco VP and CTO of Security Bret Hartman is a 40-year veteran of the security business. He’s worked at the NSA. He was the CTO at RSA Security. He has seen it all. 

Bret captured what’s going on in the mind of a CTO best when he said, “We’re always looking for that white space. Where do we go next? What should Cisco Security look like in two-to-four years that might disrupt what we have now? My primary method for answering these questions is spending massive amounts of time in the field with customers. I talk to many CTOs every week, and I learn from them because odds are those leading-edge customers are what the world is going to look like in a few years. I listen, I learn, and I get lots of advice. And sometimes the patterns are pretty obvious. It’s remarkable, for example, to witness the acceleration and adoption of enterprises running workloads in the cloud. Just a few years ago, CISOs were very reluctant. Now they’re leading the transition, and they’re looking for better security.”

Until next time, I look forward to hearing from you at



About the author: Prasad Parthasarathi joined Cisco Investments in 2015 and is currently responsible for all acquisitions, investments and inorganic strategy in the Security space. 

Contact Us