Q1. Could you start by giving us a brief overview of your professional background, particularly focusing on your expertise in the industry?

I’ve been working in IT sales for over 20 years, covering roles throughout the value chain from vendor to distribution, channel partner to consultancy. During that time, I’ve delivered various technologies from data center to end user compute, and for the last 10 years, I’ve been focusing on cyber-security, positioning solutions from leading vendors into enterprise-scale clients across a variety of market segments.  

My broad experience in the industry and appetite for learning have provided me with a good understanding of organisational buying behaviours, the trends that are driving the market for cybersecurity solutions, and the solution providers that are vying for market dominance. I’m also a certified member of the cyber industry body, ISC2, and a Prince2 qualified project manager.

Q2. How is enterprise adoption of Microsoft Entra shaping the future of IAM—and where do you see the biggest space for innovation within that ecosystem?

Microsoft is in a strong position to influence the market for IAM, partly due to the prevalence of Active Directory as a foundational element of most enterprise identity solutions.  The trend identified by analysts is away from point solutions and towards consolidation of identity functionality into an ‘identity fabric’, and that chimes with the approach Microsoft is taking with the expanded Entra platform, so you could say they are shaping the market in that way.  

The biggest areas of innovation moving forward are likely to be around the integration of network security and identity functionality, automation of anomaly detection/remediation, and, of course, the integration of agentic AI.

Q3. From your experience, which vendors or service providers are building a strong foothold in industrial IAM or OT security—and how are they differentiating?

Industrial cyber-security remains somewhat of a niche, and it requires a strong focus on the network because operational technology is incredibly difficult to secure from a host perspective.  

With that in mind, vendors like Fortinet and Palo-Alto are in a strong position because they can offer an integrated secure network spanning OT/IT & Cloud as well as access management, which supports the move towards convergence of IT and OT functions.

From a service provider perspective, Fujitsu is a strong contender due to their industry experience and expertise as a system integrator and telco provider.

And from the IAM perspective, PING Identity has a strong offering for IoT devices, which helps automate the discovery, registration, and onboarding of new device identities.

Q4. Which cybersecurity use cases in IAM or endpoint protection are currently undervalued by the market—but show strong growth potential based on enterprise demand trends?

From an IAM perspective, Identity Governance is a critical function that is potentially undervalued.  Managing the cycle of Joiner-Mover-Leaver is really important, and that can apply to both human and non-human identities.  

Being able to quickly onboard people or machine identities can provide a significant step-up in productivity, while effectively managing privileges and automatically removing lapsed accounts is crucial from a security perspective.  

The proliferation of non-human identities and the increasing demand for Just-In-Time workforce solutions mean that managing identities on your network could be a significant problem if not governed effectively.

Q5. Which use cases are showing real ROI from convergence, and could these become categories that justify platform-level consolidation?

The convergence of identity with secure service edge has the potential to not only improve security but also reduce administrative overheads and improve user experiences, which is already leading to significant ROI for early adopters.  

In practice, this means that access to any resource is dynamically configured based on the context of the session and the user identity.  It’s the next step in the application of a zero-trust model. The unification of identity and network access policies provides operational benefit but requires a very tight integration, which lends itself to platform-level consolidation.  A different use case is the issue of security logging.  

The importance of context within proactive security has given rise to XDR, where security logs from various sources are used to augment endpoint data for threat hunting & investigation.  XDR products are now evolving to the point where they can offer similar log storage and compliance functionality to traditional SIEM solutions.  This convergence offers the opportunity for consolidation, and I believe this is especially relevant for the SME market, where they may have traditionally struggled to realise value from a SIEM platform.

Q6. How are IAM and endpoint security buying decisions evolving—are CISOs still driving them, or are business units and compliance teams becoming more influential?

This depends a lot on the size and structure of the organisation.  From an endpoint security perspective, I would say the CISO will be the key decision-maker and most likely the budget holder 99% of the time.  However, IAM is a little different because it has traditionally not been viewed solely as a security issue and is often part of a broader digital transformation initiative.  

Many larger organisations have a dedicated IAM business unit, with an executive leader who drives buying decisions and has budget autonomy, often in conjunction with a CISO or transformation lead.

Q7. If you were an investor looking at companies within the space, what critical question would you pose to their senior management?

The market for cybersecurity solutions is now highly competitive and fairly crowded. There are a lot of new entrants touting themselves as the next big thing alongside established providers fighting to remain relevant.  As an investor, I’d be focusing on differentiation and go-to-market strategy. 

Does the company genuinely have a marketable point of difference?  

And how will they convert that into revenue?  

What evidence do they have to support their self-belief?  

Being unique is not enough; you need to know that there’s a proven market demand and a detailed multi-threaded plan of how to reach the market.