Andrew Monaghan:
Well, Karl, welcome to the podcast.

Karl van den Burgh:
Great to be here, Andrew. Thanks for inviting me.

Andrew Monaghan:
Yeah, you know, you're probably the only CMO, or at least the only CMO that I know in cyber who has, first of all, studied 3 different subjects, physics, computer science, and humanities at 3 different universities. Trinity College London, Trinity College Dublin, Imperial College London. And then someplace in Florence I can't pronounce as well. And then you start your career in product management, not in marketing or sales or even something else. So I'm kind of, you know, mishmash of experiences there and how those have affected your approach to marketing or your career even.

Karl van den Burgh:
Yeah. Well, yes. So somewhat eclectic background and my career is fairly eclectic too. And I think it's just a theme for me is I'm always curious, always learning, kind of follow what I think I will enjoy doing, what presents a challenge or an opportunity to learn. And so it's been true for my education and it's been true for my career. And so it's taken me to different countries. I've lived in 6 or 7 different countries now, speak multiple languages, studied different things, and worked in a number of different functions. So I'm not your career CMO.

Karl van den Burgh:
And I think the benefit for me is, and I tell this to my kids when it goes to living abroad and learning other languages, and I'd say running other functions, is that it gives you a good broad perspective and an outside-in perspective. And so one of the things that I've come to appreciate and I talk a lot about is that marketing is a challenging function. Being a CMO is a difficult job and it has a lot of complexity and is not still very well understood or appreciated.

Andrew Monaghan:
Yeah. Well, you say you're not a career marketer, but your last 3 roles, you're currently the CMO at Illumio, CMO at Gigamon, CMO at Datastack. So that's over a few years. I'm kind of curious, what is that, in that timeframe, what have you seen be the big change? How has go-to-market changed in cyber?

Karl van den Burgh:
Yeah, I think in general, look, obviously the world is changing at an accelerating pace and that's an understatement. And so I would say broadly, the world is changing faster and faster. Tech in general is leading a lot of that change and is changing, you know, super fast pace. And therefore the go-to-market and how we, you know, run go-to-market for tech companies in the B2B space is changing and has to change. And obviously over the period of these last 3 CMO roles, we've had COVID, We've had things happen in the market geopolitically, and then of course now with AI. And so for cyber specifically, and I think it's probably true for everything, is we're living in a world where we are struggling to know what's real, struggling to know who or what to trust, And so probably the biggest theme for me is that search for authenticity, that search for something real, and that has implications in how you market and how you go to market.

Andrew Monaghan:
Well, I think in these days, so much is not real, right? I think what you're getting at with everyone's got their hands on various flavors of LLM and suddenly they're a content genius, right? They're pumping stuff out left, right, and center. How do you as a marketer think about that? I mean, the temptation must be to use it all, right? And yet you can't use it in a way that people spot it and go, oh my God, everything you just said is totally devalued because I spotted that one thing, that em dash or that phraseology, which I know that Claude uses.

Karl van den Burgh:
Yeah, yeah. Look, it's a new skill that we're all learning, right? Right? And I'm a big proponent, and we at Allumio are really pushing hard on AI and leveraging AI for two things: driving greater efficiency and driving a greater effectiveness. And what I mean by effectiveness is higher conversion in the funnel. And so, I'm a big proponent. At the same time, I think it raises the bar in terms of the humanity with which we operate. I'll say that at a very high level. What that means is making sure there is human in the loop in terms— let's talk about content, obviously— making human in a loop in terms of the content, where we are making sure that the content is quality content. Because there is, to your point, there is the tendency to really increase volume or quantity and to take our eye off quality.

Karl van den Burgh:
And I've always said to the team, I'd much rather a few very high-quality pieces than lots of lower-quality pieces. And I think people respond to that. And so you're much better off doing quality over quantity.

Andrew Monaghan:
What's an example of something you've done recently where you've had to maybe change the line a little bit where that's drawn because you felt like it's not quite in the right spot?

Karl van den Burgh:
Let's see. The, um, what I'm seeing now, even with some agencies that we're using, I'm going through an exercise right now where, um, we want to, um, I'm pushing the team to be bold in how we communicate on a certain thing that we're focused on right now, which will— I think we'll touch upon in the conversation, which is cyber is broken. And I have a perspective on that. Um, and so we're trying to find a way to communicate to that market. I'm finding what's coming back feels like there's been a lot of AI, even that the agency is using that, which they should, of course.

Andrew Monaghan:
So, so I'm—

Karl van den Burgh:
my feedback basically has been we're not there yet. And so, um, the thing about— and this is the thing about AI, and I, you know, maybe I'll hold a different perspective to many others on AI in The March to Superintelligence is that fundamentally, I believe that AI can only be as good as the content that is being fed into it. In other words, AI by definition is a derivative of everything that has existed. So if you want to come up with something really breakthrough, that's not just a, you know, recomposition of existing content or twists on existing content. I believe human creativity has a role to play there. And so what I'm looking for is that element of true human creativity that stands out from just a derivative of what's existed prior.

Andrew Monaghan:
It feels like in the past that true human creativity would stand out against a very small pool of not very good creativity. These days it stands out because it's obviously at a different level, different output than the slop that's out there all around the place right now. It's just a very different positioning, I would imagine.

Karl van den Burgh:
Yeah, and look, people, I mean, certainly AI will get better and better, right? And it may get harder to distinguish, I don't know. But just like if you're sensitive and people are becoming sensitive to what is AI generated versus what is not, just like, I don't know, you'll be sensitive to a handcrafted piece of pottery versus, you know, a factory-made item. Some people have that sensitivity where you can feel kind of that real human creativity went into this piece versus something that was just, you know, mass manufactured. I think the same is true here. And in terms of what AI is going to produce and what true human creativity can produce. So I'm very much on, like, let's leverage AI for what it's good at, which is it's good at repeating, automating, you know, taking the grunt work out. And that's what I'm trying to get it to do for my team so that they can spend more time on the higher order, more creative, and frankly, more enjoyable parts of their job. So that's how we're leveraging AI.

Andrew Monaghan:
Now, you said the phrase, cyber is broken.

Karl van den Burgh:
Yes.

Andrew Monaghan:
Tell me more about that.

Karl van den Burgh:
All right, I'm going to keep it short because this is a topic I'm very passionate about. But the short is that if you look at the data— this is not opinion, this is just based on data— you look at the data of how much we've been spending on cyber for the last 15 years and projected going forward. We're spending right now, last year I think we spent about $250 billion worldwide. And that number is getting bigger every year. Which shouldn't surprise anyone. More and more money is being spent on cyber. The problem we're trying to solve, let's call it cybercrime writ large, is getting worse and worse every year. So according to different sources, there's a difference between $10.5 and $12 trillion last year.

Karl van den Burgh:
Trillion. And that number is, as I said, that cost is getting bigger and bigger every year. So in other words, we are spending more and more every year to try and fix a problem that is getting worse and worse. In other words, doing the same thing, expecting different results, as you know, is the definition of madness. And that's what we're doing. What we're doing is not working. And at a very high level, and I'll oversimplify here, we've moved from a world where, you know, traffic in the cyber world, in the digital world, was largely north-south when it was simple, you know, couple of tier applications with web interface. And let's call it 80% of the traffic was north-south.

Karl van den Burgh:
And now with distributed applications and, you know, the modern way that applications are built, hybrid, multi-cloud, 80% of traffic is east-west. Most of the traffic is east-west, and yet most of the investment in cyber has been protecting the so-called perimeter, like that north-south, and yet most of the traffic is now east-west. And so we've got a huge blind spot, which is lateral movement, and that's what's causing the damage with ransomware and data breaches and all of that. That's where the cost is. And cyber really hasn't focused on that problem to the degree that it needs to, which is why we're seeing this pattern of increased spending every year on a problem that's getting worse and worse.

Andrew Monaghan:
So that's the problem. That's not a new problem, what you're talking about there. Is there something different about how the attackers are approaching it that we're just not responding fast enough?

Karl van den Burgh:
So I think what's happened is because a few things. One is, again, because the scale and complexity of the world that we live in, is making that problem worse and worse. So more and more like attack surface, if you will, or exposure. The second is that AI is, in my— and this is an opinion with some data behind it— AI, we are headed towards an AI event horizon. And I'm borrowing from the cosmological concept of an event horizon, a black hole. Where you, you know, at some point you go beyond and you can't go back. And so we're reaching an event horizon which our ability to keep up with attackers will be forever lost. And that's simply because there's, you know, and there always has been asymmetry in cyber warfare because of the, you know, asymmetry in the incentives for defenders.

Karl van den Burgh:
It's a cost center, it's friction to business. For attackers, obviously it's a profit center. For defenders, you have to, quotes, "defend everything." For an attacker, just find one vulnerability. But now with AI, we also have this asymmetry in terms of resources. So when you look at, and this is the data, when you look at the, again, that growth in cybercrime over the last 10 years and projected a couple years forward, and then you look at the number of cyber professionals worldwide, That has, over that same period, cyber professionals has not even doubled. We have a shortage of about 5 million cyber professionals worldwide currently, and that cybercrime cost has grown 20x over that same period. So we're not keeping up even today, and with AI it's going to get worse and worse. So I think it's the complexity, the speed, and this kind of AI has now made things even worse.

Andrew Monaghan:
When I think about those numbers, you know, 15 years ago there weren't 4,000 vendors. There's probably, I don't know, somewhere between 500 and 1,000. So the number of vendors is 5x'd probably. The number of people in cyber, you say, is doubled, but not 20x'd. So we're throwing tools at the problem a lot, right? And the shiny object syndrome is rife along the way. So what do we have to do then?

Karl van den Burgh:
Yeah, so I think at a strategic level, At a strategic level, it's back to first principles. And first principles in many ways are the zero trust principle of trust nothing. Don't trust nothing. And you've got to explicitly allow. And so, yeah, and to make it manageable, it really is identify what's important. You're not going to be able to protect everything. Identify your core assets. What's your core value? What you want to protect? Or your protect surface to use the Zero Trust principles.

Karl van den Burgh:
And then make sure that that is segmented from the rest of the network. So it's not accessible unless it's an explicit allow rule. And so it's very, in many ways it's going back to these first principles, which have been around for a while. And Zero Trust has grown as a, like I think it's got more and more credence as a valid approach and people recognize it as something important. And so that's really it, because, you know, the way I put it is, in this world, especially with the AI event horizon, we are headed towards chaos. And in many ways, you kind of feel like you're experiencing today, but we're heading towards chaos. If you focus on containing the core kind of principles I said, it doesn't matter what happens outside, you will be immune to the chaos. So I think, and I think what people, you mentioned lots of tools, and there is a shiny object syndrome, which is like this latest newest tool will solve the problem for us.

Karl van den Burgh:
And then you get the problem of integration. You've got too many tools, and then there's gaps between the tools. And then you have to, people learn the tools, deploy them effectively. And so in many ways, and people don't like to hear this, in many ways it's very simple and very basic. But we aren't— there's a whole psychological element to this as well, Andrew, in that we aren't— we love as humans, especially in cyber, we love urgency. Urgency makes us feel important, makes us feel like we're doing something. Well, we aren't as good as the non-urgent but important. Doing those things that take time but fundamentally are going to make a bigger difference.

Andrew Monaghan:
When I hear you say zero trust, right, I get the principles. I've heard all sorts of reactions to it over the years from, you know, it's a philosophy that you'll never get to, to it's snake oil, you know, usual thing in security, right? There's lots of different opinions about what it is and isn't. But it seems like from a marketing standpoint and a marketeer, You're having to almost reeducate the market that this is the way we go back to the basics.

Karl van den Burgh:
Yes.

Andrew Monaghan:
It must be an interesting challenge as you're figuring out how do we do that? How do we reeducate? How do we get people who have the same philosophy on our side or in our boat?

Karl van den Burgh:
Yeah. And this is part of the— I said part of our campaign this year will be to promote kind of this back to basics. We're going to do two things. One is Independent of, you know, what we sell at Lumio, and, you know, we're, we're, we have a breach containment platform, so obviously there's a, there, there's a, you call it self-serving element to this, but it's not one product or one vendor that's going to solve this problem, right? This is, this is an industry-wide problem. We're all kind of complicit to some degree in the state of where we are. So the, the, the thing that we're The way that we're going to raise the awareness of this issue is we're having an open, candid, maybe even controversial, certainly provocative dialogue with the industry. That is, we're engaging different influencers, players across the industry on some hard truths about where we are as an industry, saying these things aren't working, right? As an example, fearmongering. We all use fearmongering, have used it, right? We're all complicit.

Karl van den Burgh:
And unfortunately, it leads to short-term thinking, reactive behavior, which is not good for solving long-term problems or fundamental issues. And so we're having a hard truth discussion on the Cyber Is Broken. An example of that, we have a panel of cyber leaders, the former CIO, CISO of the White House, the CISO of SolarWinds, CISO of Nation— Nationwide Bank and the Deputy CISO at Microsoft at RSAC where we're talking about this topic of Cyber is Broken. And we're engaging online as well. We have influencers. So this is a big push for us this year because I said I'm pretty passionate about it. We obviously, a lot of our personal lives, I've been affected personally by this. I'm sure many people have as well as obviously it's our professional focus.

Karl van den Burgh:
We've got to solve for this because it is not getting better to my earlier points on, you know, where the industry is.

Andrew Monaghan:
How do you pull in that ecosystem then? You mentioned influencers and analysts, things like that. But beyond that, other vendors, integrators, things like that. How do you pull people in to try and share in the concern and also the vision?

Karl van den Burgh:
Well, I think that the, when we talk to our partners, we talk to other vendors in the space. They all see the problem. Certainly the customers see it. And so it actually has been pleasing to see people are quite aware. And yet it's one of those things where it feels like collectively we've got our heads in the sand. We need to pull out of the sand and say, okay, we need to have like an open conversation on this and we need to like collectively address it. So I don't think this is gonna happen overnight. Andrew, but we're, we're starting that process.

Karl van den Burgh:
And, um, as I said, it's been quite, um, encouraging to see the, the reaction. We talked to the analysts about this as well. They very much see the same, the same challenge with, you know, they're covering the industry, they see the same challenge.

Andrew Monaghan:
And as you're thinking about mindset and philosophy and, you know, attaching to these things, the more tactical side of it is lead gen, demand generation, things like that. How do you connect the two? How do you get very practical but also keep the higher-level vision in mind?

Karl van den Burgh:
Yeah, so I mean, for us, it's know your audience. Who is it? We're very data-driven. So we use data models to determine who our ideal customer profile is in terms of type of organization. We typically sell to larger organizations in all verticals, but that's kind of our typical target. And then obviously the personas within that target account that we sell to. And we do tops-down, bottoms-up. Tops-down typically through the CISO and bottoms-up through some security practitioners. And then of course, what is the most pressing use case for each of those? And then integrated campaigns.

Karl van den Burgh:
So building— I'm a big believer in fully integrated where your digital and your in-person efforts are coordinated and aligned around a single message to that audience. So you have compounding effect. And then testing, learning, iterating. So agile kind of marketing at its best. And the good news is, you know, we've got a lot of ways to test and get feedback quickly nowadays and then be able to put that into learnings and then iterate. And AI is making all of this faster and easier and cheaper to do. So that's the benefit again of the AI piece. So those are kind of some of the—

Andrew Monaghan:
that's the framework or the mechanics, you know, happy to go into some specifics, but at a high level, I'm just kind of wondering, for the, for the bottoms up, does that bottom-up person get a similar message as the top-down CISO would get in the same company, or is it very different?

Karl van den Burgh:
No, it would be different. They would obviously ladder up or down to each other. Yeah, the CISO is— we're definitely— they get more of this thought leadership around cyber is broken, go back to basics, zero trust, and then breach containment, which is really focusing on containing that lateral movement. So that's kind of the high-level, uh, CISO. For the practitioner, depending on the practitioner, if they're network security or, um, yeah, network security typically would be one of our bottoms up. That is more about how do you, you know, segment— what's the best way to segment your network? We have a segmentation offering. So it's more practical, more specific to them. And then the tactics are very different.

Karl van den Burgh:
So for CISOs, obviously it's more thought leadership. So it's these panels, executive dinners or forums, it's higher touch, right? Definitely a lot of in-person. That's kind of how we do. And then for the bottoms up, we have a community, we leverage a community, we do in-person and virtual labs. So it's hands on keyboards, right around the globe. So different tactics for the different audiences.

Andrew Monaghan:
And one of the topics that I hear people thinking about a lot right now is building trust as opposed to eroding trust.

Karl van den Burgh:
Yes.

Andrew Monaghan:
How do you think about that as you're doing your campaigns and trying to engage with people?

Karl van den Burgh:
Yeah, so back to what I said earlier, I mean, trust, you know, we live in a world that's devoid of trust, right? And, You know, easy to understand why. And so, the trust element for me is super important, and it starts with how you behave as a vendor. And what I mean by that is, and I'm a big believer, you know, personally, but also then as an organization, to be authentic to who you are. And if you, like at a company level, if you're being authentic, that is you have a point of view Everyone may not like it, but you're expressing your point of view. Obviously, you don't want to be expressing something that's offensive. Assuming that's not the case, be authentic, have a point of view, don't be afraid, and don't try to please everyone because you never will. And I would much rather, again, when it comes to like an ad, and we've done these before, where we'll have something that stands out with a perspective and you'll either love it or not. But I'd much rather that than something that is kind of bland.

Karl van den Burgh:
And so if you are authentic, people will sense that in how you communicate, how you operate. And that's the beginning of trust because they know who you are. You can't trust somebody or something that you're not sure where they stand or what they mean or if you're second-guessing. And so that's the beginning. So be authentic. And then act authentically. And then I think that's, you know, being the first and kind of establishing a trusting relationship. That's how it works, has worked successfully in my mind.

Andrew Monaghan:
Yeah, I think that's two of the pillars I think about is people understand your motives, what you're all about and all the rest of it. They believe you have character and you're not afraid to be your character and what it is.

Karl van den Burgh:
Yes.

Andrew Monaghan:
And then you get into things like this track record. This company do what they say they're going to do.

Karl van den Burgh:
Exactly.

Andrew Monaghan:
Top to bottom. Unfortunately, you just need one person or one team who maybe doesn't have quite the same belief in all this, and you can screw it up for you, I guess.

Karl van den Burgh:
You can. Yeah, it's one of those things that takes a long time to build, and unfortunately it can be lost quickly.

Andrew Monaghan:
Yeah. And then just blame the sales team is what usually happens. Some poor guy in Ohio said the wrong thing at the wrong time.

Karl van den Burgh:
Yeah.

Andrew Monaghan:
And he didn't get it quite right. That's a good question though, to maybe think about just as we wrap up. You know, these are, what we've talked about are quite, I don't know, big arching themes, right? That you're thinking about. If I'm that salesperson, I'm in my basement in Ohio and I've got my $1.2 million quota to hit this year, I'm heads down, I'm networking, generating pipe, trying to close some deals. I can get very focused on what I'm doing and lose track a little bit of what's happening in the company. I'm curious if you got some ideas how to do that.

Karl van den Burgh:
You're saying for the salesperson at Lumio or salespeople in general?

Andrew Monaghan:
Like, oh, salespeople in general. I mean, yeah, I don't want to call out your guy in Ohio.

Karl van den Burgh:
Um, so look, obviously to be a good salesperson, you really need to understand your customer. And to understand your customer, you need to understand their context. And their context is the industry in which they operate, but also their function and obviously being in cyber. So understanding all this, in my view, is really important if you're to be a good salesperson because you can't help the customer on their journey if you don't understand the context in which they're operating. So that would be my advice. Make sure you understand what's going on globally because geopolitics, technical, you know, technology trends, what's happening in the industry, and of course the specific customer's industry, are all going to impact how they think about what they're doing, the problems that they're facing, and what's most pressing for them.

Andrew Monaghan:
I feel like if you're a salesperson and you can operate that level, you're, you're shoulders above the market in general, who are sitting there looking at the data sheets and thinking about features and benefits and how do I, how do I beat those guys in this deal, right?

Karl van den Burgh:
Yeah. And look, sometimes you have to be good at that, right? Sometimes there's a time for that, but the best sellers, in my view, are great listeners. They know how— they really understand, and they let customers do most of the talking, understand, and then know how to map where the customer is to what they can do. And yeah, it's a— it's, it's a— look, it's, it's a, it's a key skill. I'd say the same for marketers, right? If a marketer doesn't understand all of those things, they can't be a great marketer either. Right.

Andrew Monaghan:
Well, Carl, we're recording this at the start of March in 2026. We're 3 weeks away from RSA. It's coming up. You mentioned you got a panel. What else do you have going on?

Karl van den Burgh:
We have a lot. Yeah, we've got a lot of also some great talks with our partners, technology alliances, our channel partners. We're going to be more visible this year than we have been. So we've got some, you know, out-of-home around Moscone, on the buses, inside the conference center. So we think we have a very important message, which is basically focus on breach containment, 'cause the damage, it's not if, it's when it'll happen. And so being prepared for that. And so, you know, we'll be very focused on bringing that message to the market.

Andrew Monaghan:
Are you gonna give us an exclusive about what you've got coming up specifically around messaging or on the buses or on your booth?

Karl van den Burgh:
Well, it's the breach containment. The one that I talked about that I'm still struggling with the agency on is something that we haven't got to yet, but you should see Illumio show up on a billboard or an airport or something later in the year once we figure this one out. I think our time is now as a company. It feels like, you know, we've been around for 10 years and it feels like that overnight success has taken 10 years to happen.

Andrew Monaghan:
It's always that way. Well, listen, Karl, I wish you the best for RSA and for the rest of the year.

Karl van den Burgh:
Thanks, Andrew. Appreciate it. And good talking to you today.

Andrew Monaghan:
Likewise.