Vitalii Gulenok/istock via Getty

SonicWall CEO talks transformation, security transparency

SonicWall's CEO said that following a string of serious vulnerabilities the company responded to in 2021, product development and quality assurance operations were overhauled.

After a turbulent period for the network security vendor, SonicWall is undergoing a transformation.

Though long-known for its on-premises network security, content control and firewall offerings, the vendor has expanded in recent years to include further investment in cloud, most recently shown through its acquisition of security service edge vendor Banyan Security announced in January. This acquisition marks one of three made in the last few months and the first acquisitions SonicWall has made in over a decade.

This transformation is being overseen by new CEO Bob VanKirk, who was appointed in 2022. A longtime sales and marketing executive, VanKirk was hired to lead the company after spending multiple years as chief revenue officer and senior vice president of commercial sales.

In an interview with TechTarget Editorial, VanKirk said the company was moving further toward an "outside-in" approach, a marketing term that refers to observing the customer's needs and then meeting the customer where they are.

The security side of SonicWall's business has seen changes as well during this transformation. In 2021, SonicWall was forced to respond to a series of serious vulnerabilities, including zero-days, that came under attack. VanKirk addressed these issues directly and detailed how the company has prioritized both product stability and quality as well as security transparency.

"You've got to be transparent with your partners and customers. You've got to communicate, and you've got to communicate from multiple angles. You've got to proactively move from playing defense to offense," he said. " Will there be issues? Yeah. But what's so key is how you address those and trying to stay out ahead to anticipate as much as possible."

How have things changed at SonicWall in the last few years?

Bob VanKirk, CEO, SonicWallBob VanKirk

Bob VanKirk: At SonicWall, especially over the last two years, we've been going through a pretty significant transformation. We have been around for over 30-some years. But recently we have really pivoted significantly across every single functional area, from marketing to engineering, sales, finance -- really focusing on how we can better align and take an outside-in approach.

I learned this early on in my career: Listen more, talk less. Listen to our customers; listen to our partners; understand their needs, pain points, requirements; and then that should drive the roadmap.

Every function has gone through a dramatic transformation, and that has driven our M&A. After not doing any acquisitions for 14 years, we did three within the span of four months. We're seeing key partner growth across our 17,000 partners globally. We're leaning into figuring out how we can support and drive their businesses. It's an exciting time.

What necessitated this transformation?

VanKirk: From my standpoint, I believe it was the right move. There were a number of things underpinning my strategy there. One is ensuring that we are not engineering led but customer and partner led as well as market led. This is not easy to do in our segment. We operate more in the mid-market space.

Whether you have 10 or 17,000 partners, you really have to understand the segments that the different parts of your partner base and customer base make up. The key was ensuring that we were aligned to what their pain points were and making sure the business was aligned, driving toward what their key requirements are.

We moved from support responses within minutes down to responses within seconds. I heard it firsthand when I was in sales, but we didn't have that shared focus across the rest of the organization, which is outside-in. My first objective was to make sure that every given function is going to listen and align to what the market is saying.

You became CEO in 2022. In 2021, SonicWall experienced a stretch of some pretty serious vulnerabilities, including zero days. Did anything change related to this as part of SonicWall's big transformation?

VanKirk: We took an intentional step back relative to our QA and our engineering process, and we really focused on product stability and quality. We brought in a new head of overall product development. And just so you know, 90% of our leadership team is new.

When I was asked to step into the CEO role, the first thing I did -- I didn't spend a lot of time with sales and marketing. I actually spent the first four months digging into product, product management and product development. We brought on a new head of cloud-based product with Peter Burke. I can't say enough great things about Peter. But we have totally been changing our processes. We brought in a new head of QA, as I said, and we've been driving more and more automation there. But a key focus has been product quality and stability and bringing that back for our partners and customers.

Do you feel the transformation has been successful?

VanKirk: I think it's very, very important to recognize that that is a journey and never a destination. All the indicators are very positive. But at the same time, you can never get complacent, and you can never get over your skis.

I'm a big believer in leading indicators. Our transacting partners, after years of decline, are now on the rebound and going up. Our unit volumes are going up. We're driving to double digit growth. And to me, it's not about SonicWall. It's about if our partners are doing well. If, when I talk to our partners, their CEOs, they're saying they're having record years, that makes me happy. If they do well, then in turn, we will do well.

I'm very encouraged based on what we're seeing. I think our mergers and acquisitions have been long overdue. And adding key areas, like managed security services, like MDR for cloud or endpoint or firewalls, is fundamental. Again, it's really important not to become complacent and to keep raising the bar. And we've got to stay in that mindset of constantly raising the bar and doing better.

As a vendor who is focusing more and more on cloud, how are you looking at the conversation around cloud vendors needing to be more transparent with things like vulnerabilities and security issues?

VanKirk: We're coming from being almost entirely 100% on premise to now having a hybrid approach. With our past solutions, we were almost all on-prem. And now we have cloud native capabilities, and our management platform over the course of the last three to four years has been cloud centric.

But first, I'd say regardless of whether it's cloud or on-prem, you have to be transparent. We've implemented a new culture as part of this transformation when I stepped in, and this was bottom-up. It wasn't me saying, 'Okay, here are my priorities. Here are my key beliefs.' This was a bottom-up transformation, and integrity is one of our core values.

I've talked about the importance of playing offense and keeping up and working quickly when a vulnerability is identified. We also want to share workarounds and make sure that we are working with our partners' customers so that they're not at risk. Issues will occur and there will be vulnerabilities. But what is so important is to communicate and make sure there's a path and that we're being responsive and forthright with our partners and customers.

The challenge with on-prem is that, when I was in sales, we must have reached out two dozen times related to some of the vulnerabilities in order to get our partners and customers to patch. But there was a number that, after emailing and calling trying to get them to patch, still didn't patch. The benefit from a cloud standpoint and a hosted app is that we can be much nimbler. We can make the updates; we can patch the app and take care of it there. But cloud opens up configurations, open APIs and hooking in with the broader ecosystem, and that can open up vulnerabilities that we've got to be all over.

Editor's note: This interview was edited for clarity and length.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.

Dig Deeper on Security operations and management