Product Management in Cybersecurity by AWS Sr PM, Sharanya Ramakrishnan

"Good companies manage Engineering. Great companies manage Product." Thomas Schranz

Cyber security teams in organizations today work with one key goal - to prevent hacking.
Therefore, businesses are constantly working on how they can protect their customers' information and at the same time adopt a very proactive approach to cybersecurity.

Enterprise Security Landscape

Product managers play a very important role in building scalable, reliable, and truly versatile products that can keep up with hackers.

Key challenges

  • Volatile Cybersecurity landscape

  • Proliferation of home-grown products

  • Underutilized vendor product capabilities

  • Unaddressed tech debt

  • Return on Investment

Product managers are by default the voice of the customer. They establish a feedback loop between the customer and the engineering teams. When it comes to cybersecurity, this is even more important because the demands in this space are very ambiguous. In most cases, they are constantly changing because the landscape itself is very dynamic.

Product Management – Benefits

Product managers come with a long-term strategy and vision. Not only do they set or figure out what products to build and when, but they also see how they align with the company's long-term vision or goals. With this mindset, the proliferation of custom products that are built and then not used is minimized because product managers are constantly asking the question "why are we building something?" "how will it benefit the customer?". They also wonder how this aligns with the long-term vision. With this mindset, we can really solve the problem of creating special products.

So failing quickly and learning from failure and then quickly repeating is what product management offers. With this mindset, cybersecurity teams can test and innovate very quickly, and it really adds value to the table.
Companies buy different products, but in fact, not all opportunities are fully exploited. When product managers are involved, they spend a lot of time trying to figure out what problems the customer is having and then matching it to the right products, whether they're bought or built in-house. Thus, a complete understanding of the problem statement helps to avoid situations where there are several products to solve one problem or the capabilities of existing products are underused.

Product Management – Process

Now all the basic principles that apply to product management certainly apply here. And by default, we always start with the client. It is very important to understand what the ultimate goal of the client is or what he is trying to achieve. And in this process, we find out what the client's path to achieving this ultimate goal looks like. As we travel, we identify friction points that translate into feature requirements.

Once you can prioritize and narrow it down to something you can repeat and complete quickly, you move on to the execution stage or iterative development stage. Break it down into smaller user epics and then plan it into sprints. Run fast every sprint you interact with the client. You get their feedback on what if it works. Help counter the methods hackers use today and incorporate those testimonials into your product.

Once you determine that you want to buy a product, you determine what different products are available on the market to solve that particular problem. You do vendor analysis, compare what features the products have to offer, and when you settle on one solution, you end up doing a proof of concept. If the proof of concept shows positive results, then you proceed with budget approval, legal approval, and whatever else is necessary in terms of process to purchase this product for your company. After that, an integration process and probably a lot of tweaking is required. And this can also be planned for sprints. It's about implementing a tool so that analysts, or whoever the customer is, can use the product effectively.

Key Roles in Cybersecurity

Enterprises rely on home-grown products and vendor solutions to achieve their security goals.

Product managers drive product vision and development while Program managers track product deployment, and Engineering drives the execution/

Collaboration between the three functions is critical for success!

Cyber ​​security teams are heavily investing in product management functions. To really understand what the customer's problem is, better understand the problem and then develop a solution or purchase a solution. This means that product managers often work hand in hand with program managers, who primarily track product deployments and ensure that product deployments meet the goals and metrics set by management. And work hand in hand with the engineers who manage the execution or iterative development about the product itself.

Key Takeaways:

  • Security landscape is very volatile

  • Presents unique challenges

  • Product-centric approach helps address these challenges

  • Product framework expanded for cybersecurity

  • Internal vs. external product managers.

Sharanya Ramakrishnan, AWS Sr PM