In this episode of Beyond Consulting, sponsored by ECA Partners, we welcome Bryan Lares, a former Strategy& consultant, and current VP of Product at ExtraHop. Bryan joins us to discuss his career progression from management consulting to corporate strategy, and now to cybersecurity.
The Beyond Consulting Podcast is hosted by Ken Kanara and co-hosted by Steven Haug. Steven leads this week’s episode.
Steven Haug: Welcome to Beyond Consulting, I’m your host, Stephen Haug. Today we have the pleasure of speaking with Bryan Lares, VP of Product at ExtraHop, and former management consultant from Strategy&.
Before we dive into Bryan’s story, I want to take a moment to thank our sponsor, ECA Partners. ECA is a project staffing and executive search firm that focuses on private equity and former consultants. If you’re looking to grow your leadership team, check them out by visiting their website at eca-partners.com.
Bryan, welcome to Beyond Consulting.
Bryan Lares: Hey, Steven, great to meet you. Thanks for having me. I’m excited to come in and tell a story.
Steven Haug: Good. We’re really excited to have you here. Bryan, I would love to hear a bit about what you’re up to these days before we rewind and hear about your consulting work.
Bryan Lares: Absolutely. I am at ExtraHop Networks which is a network security company focused on using machine learning to provide network visibility, network detection, and investigation response capabilities for cyber security use cases. It’s basically for security operations teams and primarily focused on the enterprise. Within my role, I run global product strategy, the global product road map, I have product management capabilities under my purview as well, and a couple of other functions under my purview. I joined in February and it’s been a fantastic ride.
Steven Haug: Well that sounds like an exciting venture over there. How large is ExtraHop?
Bryan Lares: We’re about 600 people right now, with around 150 million ARR and growing every single quarter.
Steven Haug: Wow. How long has the company been around?
Bryan Lares: The company has had a great journey actually. The company has been around a little over ten years. It was co-founded by two really sharp folks, Jesse Rothstein and Raja, who met together at F5 and were really some of the thought leaders in the network visibility space. They came to create ExtraHop as a network visibility tool. Then they made the pivot to security about four years ago and saw an opportunity in the market where there was a classic transition where their customers that were on network teams started using the product for more security use cases. When users start using the product for new things and you start identifying market adjacencies, then they pivoted the company to security use cases.
The company was actually purchased by Bain Capital and Crosspoint Capital Partners last year and that’s been a big change taking it from a privately-owned, venture-backed to now private equity-backed company over the last year. Now it’s all focused on growing the company and growing the platform over the next five years.
Steven Haug: That sounds like a very exciting journey with lots of exciting runway ahead of you. Tell me a more about what the product looks like for a cyber security company.
Bryan Lares: Great question. We are a SaaS, cloud-based platform. We provide, as I mentioned, network visibility for both network performance use cases as well as what’s called network detection response use cases in the cybersecurity context. Our users and our customers are both the network operations team and the security operations team and it’s basically used to gain visibility across all the assets and the communications going on across your network, your campus, your data center, or in the cloud, as well as using machine learning to do detection capabilities–behavioral detection–on the communications of all those assets, and provide investigation like alert triage investigation and response capabilities for the security analysts. It’s really a tool to provide what we call like to call “post-intrusion” and “pre-detection.” Sixty percent of companies every year are breached in some way, shape, or form. Almost 100% of companies have multiple intrusions a year and it’s really about finding and detecting that intrusion before it actually becomes a breach, and that’s what we do.
Steven Haug: Okay, good. Thanks for that rundown. I want to rewind a bit to learn about how you got to where you are today. Do you mind taking this back to the beginning?
Bryan Lares: Sure. I did undergrad at Purdue University. After undergrad, I spent some time very technically-focused, doing data engineering for business intelligence platforms, basically building and eventually managing teams that implemented BI suites and BI tools for large Fortune 500 companies in energy and healthcare. I was a consultant, but a very technology-focused consultant. I went to business school at the University of Texas at Austin, at the McCombs School of Business. I ended up interning for Booz Allen Hamilton, the management consulting practice within Booz Allen Hamilton, which actually during my first year, became Booz & Co. We’re talking about this right before we started recording, and now I believe it’s called Strategy&, which that name change happened after I left the firm. I worked at Booz for five years out of the Dallas office in a classic, post-MBA role. I worked across a number of different industries. My platform was primarily data analytics and helping companies grow through data analytics, so I did a lot of work with organizations that were data-driven organizations looking to either optimize operations or grow revenue through data businesses. I did a lot of work in healthcare, did some work on the operation side in financial services and in energy. I actually worked across the world on some really interesting projects across industries. Then, as I became a case leader, or a senior associate as we called it at Booz, I started managing teams and really focused on a lot of healthcare use cases, both on the payer side and on the provider side. Again, all were primarily focused on either digital transformation or data analytics-driven strategic cases.
Steven Haug: Good. So you spent about five years there, is that right?
Bryan Lares: That’s right. I spent five years at Booz and then, had a classic scenario of, after about five years, my son was born. We were living in Dallas at the time and my wife and I had the classic consultant talk of, “Hey, I know you’ve enjoyed this, but it’s time to get off the road and maybe not travel four to five days a week, every week.” So I did what a lot of reformed consultants do and I moved to corporate strategy at Dell, and moved back to Austin from Dallas.
I’ve always been very tech-focused and I wanted to remain in tech. I had some former colleagues that were in the corporate strategy group there so that was a fairly seamless transition. I’d say corporate strategy is always a great transitionary period for management consultants because you’re usually working with a lot of former management consultants doing a lot of really interesting and high impact work, and you also get a good purview over a lot of the different parts of the different businesses at that company, as well as the different operational roles within the company, so you can decide whether you want to remain on the strategy track and move up the ladder from a corporate strategy perspective, or whether you want to move into operations and have an operating role, which is what I transitioned into.
Steven Haug: Good. The move from a consulting firm, a top-tier consulting firm, into a corporate strategy team in a large company, a lot of the folks that we talk with here at ECA that are current consultants and are thinking about that trajectory, their impression is that the corporate strategy role will be quite similar to their consulting work, but the advantage is, or the perk, is that you’ll be able to see the results of your labor. Is that the main difference that you recognized?
Bryan Lares: For sure. I think about it as a long-term engagement with one client. When I was doing management consulting I certainly had a couple of clients that I worked on a number of projects for and so it’s very similar to that really consultative relationship there, where you end up being assigned, typically, to a business or a part of a business. For me, that was actually my transition into cyber security and software. I fell into being the Strategy Lead for Dell’s end point security business. They had a couple of different businesses in the security space and I became the strategy lead for that, which made an easy transition into cybersecurity after I moved on from doing strategy work. To your point, it’s a great transition point because one, you are doing, as I mentioned, very high-impact work, with usually a lot former consultants that do a lot of great work, too and have a lot of fantastic experience, and you get to form this consultative role with a particular business or a couple of businesses where you are helping them and working with them on a year-to-year basis and usually working with the leaders of those businesses to do annual planning, to do strategy projects, and to help bring in, usually management consultants that are still at the firms, to help with specific projects. You get to one, build relationships with those leaders and really understand some of the challenges they’re thinking about and trying to help them with those challenges. Two, you also get to, not only do the analysis and the strategy, but also help with the transformation work that leads out from the strategy. It’s a really interesting role and I think it’s a great transition. I’d highly recommend it for any management consultant that is making that transition to industry.
Steven Haug: Good. Thinking through that transition specifically, were there any gaps in your toolkit that quickly became apparent when you moved into a corporate strategy role?
Bryan Lares: I would say the biggest learning curve is that deep industry and market expertise in that market, and it depends on the consultant. As I mentioned, I worked across a number of different industries, but ended up doing a lot of healthcare and a lot of health tech, then I moved to a more enterprise tech-focused company at Dell. My biggest learning curve was having to understand the enterprise software business, the selling motions, the processes, what all the different roles of all the different functions did in this very massive, matrix organization, how those different functions worked together, and as well as the ecosystem of different players within the markets and all of sub markets. I think the frameworks and the approach that you use, the hypothesis-driven approach that we use in management consulting, that is a tried and true approach that you can use to gain leverage through your entire career, but just learning, catching up on the industry and catching up on the intricacies of how to operate within a large organization is definitely part of the learning curve.
Steven Haug: Good. You mentioned that the move into Dell was your first stab at working on cybersecurity projects, is that right?
Bryan Lares: That’s right.
Steven Haug: Was that your first role that was product-focused, as well?
Bryan Lares: Great question. As you go into corporate strategy, as I mentioned, I got assigned to a business unit within Dell and mine was focused on endpoint security. I ended up finding the market industry fascinating for a number of reasons. One is that it’s a really important problem space that’s growing very quickly. The market is about $150 billion market right now in enterprise cybersecurity and it’s growing 12 to 15% every year, depending on which one you look at. There’s a ton of money going into that from the VC space, the PE space, and obviously a lot of very successful public firms, as well. So it’s an area that is growing very quickly and, by the way, also an industry that doesn’t have a lot of people with that management consulting skillset. It’s a highly technical industry with a lot of jargon and a pretty steep learning curve from just learning the ecosystem, the technology, and intricacies of how cyber operations work. You end up with not a lot of people with that balance of technology and business. I thought it was a great industry that could use someone with my background, my experience, and thought it was a great opportunity for me to continue to grow in a growing industry.
Steven Haug: Good. Five years at Dell, about, is that right?
Bryan Lares: That’s right.
Steven Haug: Good. Tell us what you did after that.
Bryan Lares: You asked about the transition, which is a classic story is when I was strategy lead for the security business. We were building that business through a bunch of internal IP partnerships and some acquisitions, and I ended up being the strategy lead on a billion dollar acquisition that Dell did of a company called Wise Technology, which was in the desktop virtualization space, which is a way to securely deliver desktops from the cloud or from the data center to highly secure endpoints. I was the strategy lead, helped with due diligence, helped on selecting the target, and was there all the way through the negotiation and eventually the deal closing period. I also ended up being the strategy lead for the integration efforts, which comes after the acquisition close. Then, as is typical when a really big company purchases a smaller company, some of the leadership team left after a year, including the product lead. I raised my hand and became one of the product leads for that business, which was a fun transition into product management. I think product management is also a great landing spot for management consultants, especially those that have a technical background maybe prior to management consulting, because it’s really important, especially as you continue to climb that leadership curve in product, to have both a technical understanding, to have a market context and to understand the market and the ecosystem, and to understand the business side and selling because a lot of your job is about enabling cooperation and collaboration with all the other functions like marketing and sales. You really have to be able to understand those roles, as well, to be able to grow the overall product line. I think it’s a really important role to have high business acumen, to have some of those problem solving skills that you’ve learned in management consulting, and then combine that with maybe a technical background that you gained maybe prior to management consulting.
Steven Haug: I think that’s a great point to dive into a bit more deeply because the move from consulting into corporate strategy is fairly seamless. I expected the move from consulting maybe straight into product management might be a little bit more of a gap there. Is there anything that you would recommend current management consultants think about to see whether or not it would be something they could be excited about or successful in?
Bryan Lares: Yes, fantastic question. Obviously, the move to corporate strategy was the step I took, and I think it’s a logical step, but I would definitely encourage those folks, people that are in management consulting right now, especially ones that are in maybe a consultant role or associate role prior to the managing teams type role, I think you could definitely make that transition into product management. In fact, I’ve got a gentleman on my team that came over from, not directly from Bain, but with the Bain background, and he’s really excelling. He brings a fantastic skillset to the team that, by the way, not a lot of other product managers bring.
Product management is a career where you come from a lot of different backgrounds. You have some folks that come from the sales engineering side, you have some folks that come from the engineering side, you have some folks from the marketing side, and then I think I’ve taken a fairly atypical role of coming from the strategy side, but I think those are all the different parts of your job when you’re in product management. I think when you’re building a team, you want to have a good diversity of skillsets. I think bringing some of those skill sets of a former management consultant into a product management organization is a fantastic breakdown. I would say, if that’s something you’re interested in, absolutely stay in contact with some of the folks that you worked with at the firm, reach out to alumni networks, and I think there are quite a few PM leaders that value that skill set. I’d say, particularly in a private equity context, because in private equity you want to be very data-driven and there you do a lot of ROI analysis, you’re asked to talk about, not only your strategy, but how you’re identifying new markets, new growth opportunities, what kind of ROI analysis you’re doing on your road map, how you’re looking at your user data…It’s very quantitative in nature. I think that lends itself very well to the quantitative nature of most management consultants.
Steven Haug: Good. That’s certainly encouraging news for consultants looking to move closer to the product side of a business. So far we’ve been talking about your moves in your career: getting hired into new positions, transitioning to new companies…at this point, though, you’re a leader in the product space, as well as in the cybersecurity space at a growing company and you’re building teams now. You mentioned that you do have at least one former management consultant on your team. When you’re hiring, is that a profile that you’re looking for?
Bryan Lares: Absolutely. Like I said, when I’m building teams, from PM perspective, there’s a lot of different roles within a PM team and you need different skill sets for those teams. For example, as I mentioned, we’re a ML behavioral analytics platform, so I have some PM roles that are very data science heavy. I’m looking for someone, and they work with the data science teams and through our research teams to build our detectors, so in those PM’s, I’m looking for more of a data science background, as well as a heavy cybersecurity background. I’m looking for someone that has previously a threat researcher, or worked in a SOCK, or was an analyst, some folks from the NSA, for example, or other places where they have deep knowledge of the threat landscape and how to do threat modeling.
But, there are other roles that are much more, I’d say, business-focused, where they have to understand the industry, understand the technology, be able to talk to customers and our users, which are very technical security analysts, but also can understand how to identify and how to quantify new market opportunities, have someone that can do that ROI analysis on your road map, someone that can do growth metrics and can both create, analyze and synthesize how the platform is growing and bring insights to the table for what strategic decisions we should make. I think a role like that is great for a former management consultant. We call it Product Line Managers at ExtraHop, and they have that same role in places like Palo Alto and other places. Sometimes the role is called Growth Product Managers, but those are great roles for both the business acumen and the quantitative mindset that management consultants bring to the table.
Steven Haug: Great. I’m sure that our audience will really appreciate that, Bryan. That’s a lot of helpful advice. Looking back at your career, lots of great positions you’ve held, and I’m curious, if you had to do it all over again, is there anything differently that you would do?
Bryan Lares: I think the only thing I would do differently is, maybe, I had a fantastic experience in product management, a fantastic experience in corporate strategy…I think the earlier you can decide, you know as I mentioned ,like a lot of management consultants, I was fairly broad across a lot of different industries, but I think the earlier you can decide in your consulting career what industry you’re going to focus on and start one, building your business acumen in that industry and what the value chain is within that industry, but two, also building your network within that industry, I think that’s fantastic. I came into cybersecurity after my management consulting career. I think if I had it to do differently, or I had to optimize my career, looking backwards, the only thing I would do differently is maybe try to get into cybersecurity earlier. Maybe, ideally when you’re a management consultant. Then, you could actually build that out and there are, if you’re interested in cybersecurity, I know there are some practices within Bain and couple of other places that focus on doing strategy work for cybersecurity companies. If that’s something you’re interested in, I would definitely reach out to some of the folks that head up those practices and head up those platforms.
Steven Haug: Bryan, thanks so much for talking us through your career, here. I think that the tips you shared are extremely valuable and it’s great to hear your story. Thanks so much for joining us on Beyond Consulting.
Connect with Bryan on LinkedIn and visit www.extrahop.com for more information.