Rene Bonvanie, a longtime cybersecurity industry executive and an executive-in-residence at Battery Ventures, has just been appointed executive chairman of Ordr, the cybersecurity platform company.
We recently spoke about his leadership career, his experience as an executive-in-residence, and the challenges in IoT that attracted him to Ordr.
This interview has been edited and condensed for clarity.
We had similar home runs early in our careers – in your case, you were the founding CMO at Palo Alto Networks.
I joined Palo Alto Networks when it was 40 people or so and had zero revenue. And I left when it was almost $4 billion in revenue, by that time we had become an iconic company. I also worked for a long time at Oracle.
I love being in tech. But also, the more boring it is, the more interesting I find it because the most boring stuff is frequently the most needed. It’s the boring stuff that keeps everything working.
You’re currently an executive-in-residence at Battery Ventures. How did you become an executive-in-residence, and what is it you do?
I’ve been an operator for almost 40 years. I’ve been a board member at a variety of companies and an advisor to several. Not because I didn’t know what to do with my time, but to learn. I wanted to learn from different industries, and I could bring those experiences back to my operational roles. I’m curious by nature.
After I retired from the operational role, I wasn’t ready to sit in the yard or on my couch for the rest of my life. I wanted to continue to learn, but not in an environment that would demand 90 hours a week again in an active job.
I had been on several boards with a Battery partner, Dharmesh Thakker, and heintroduced me to the Battery team. When I looked at their portfolio, a few things came to the forefront. They have a solid thesis on infrastructure technology and also a significant view on security but not much operational experience. I immediately knew that I could be helpful to them.
Battery also has an outstanding reputation and works collaboratively.
I decided with the partners that I would be an executive-in-residence, advising multiple portfolio organizations. This role also keeps the door open to either becoming an operating partner or potentially taking a role in a portfolio company in the future.
I especially love your use of the word curious because it speaks volumes about why people in tech are successful. You chose to take on an additional role as executive chairman at Ordr. Why did you choose that out of all the possibilities?
Ordr is an early-stage startup in the IoT security space, and this is a space in which I had done a lot of work before joining Battery. The company was embarking on several projects that needed oversight from an experienced external perspective.
I also had introduced new technologies to organizations that frequently aren’t that security-minded. They understand the consequences of not having good protection, but they don’t know what to do to be in a better position.
I guess the executive chairman role, in general, is one where you are first and foremost an advisor to the CEO and his or her management team. We defined the role as shepherding the management team through these crucial pivots in the industry. I’m triggering them to become better at what they do. We’ve walked through choices and strategies, but at the end of the day, they make the decision. It’s great to see them become better at what they do without having to push them to do it or tell them what to do.
Can you tell me about the Ordr platform and how today’s cybersecurity challenges are different or more complex than those you faced at Palo Alto Networks?
IoT security is not a new term. Traditionally, the focus of that industry has been on the kinds of things that people first think of, like cameras and televisions. But many businesses face threats that come in from their networks.
Let’s take an example from the healthcare industry. Organizations are introducing numerous new technologies for remote medical observation. Doctors use many of these technologies that rely on telemetry, moving information from patients to servers, and from servers to machines. That infrastructure was built first and foremost for the accuracy of the medical purpose. For example, the device wouldn’t show that somebody needs medication if they don’t.
That device is part of the network but generally seen as low risk. It wasn’t built with the idea that somebody could hack it and then, through that infrastructure, find their way into a hospital system or a lab.
But that happened. Now there have been attacks that have compromised the medical infrastructure.
That introduced the phenomenon of ransomware in healthcare. As bad as that is, it’s only the tip of the iceberg – there are other use cases where data gets manipulated. And if you think that ransomware is terrible, it is much worse when hackers manipulate medical data. Because then we don’t understand who our patients are. We don’t understand their blood groups.
What was set up for convenience and accuracy has become an attack surface. With standard IoT issues, if a camera is compromised by a threat, that’s too bad, but the impact is that the camera is shut off and doesn’t work for a while.
You don’t have that luxury in medical IoT. You must be entirely accurate about the assessment of whether or not that device or machine is compromised. You cannot guess. You must be 100 percent certain before you shut it off. And you must provide ways to remediate that.
So you need both high accuracy and completeness. Ordr was the first company that showed that to me, and I became very curious to see how far this can go. Can they do this at scale? Because doing this for a clinic with 100 beds is different than doing this for huge statewide or nationwide organizations. What they’ve shown to me – and our clients – over the last year is they can do this, and I observed the same results from them in industrial environments.
So, the Ordr platform allows the security operators to get a complete and truthful inventory of all the devices on their infrastructure, both on the IT and OT sides. OT is, for example, the computers, printers, insulin pumps and machines.
Sometimes hackers use the OT environment to jump into the medical IT environment. And then, maybe, attack the billing system and manipulate patient information and so forth, or hack the other way around.
We cannot rely on the device builders to make this problem disappear, or on the IT security companies. We need specialists, and Ordr is one of those specialists.
That accuracy mentality translates very well to other industries, but we must solve it in the medical arena first.
What a fascinating area in which to lead! As you think about your career trajectory, was there a moment when you knew that your career was moving up into the right?
For me, the pivotal moment was when I started to understand that the only way that I could know if I was successful was not to look at the stock price of the company or my pay statement or anything else internal. It was to see how our customers became successful with what we did and to see the twinkle in their eye when we talked about our technology and our company. Seeing their appreciation, I knew that I was doing the right thing.