“How did they do that? How did they get there?” Companies succeed because of the people who build them - operating leaders who grow businesses to new heights and make decisions every day that can impact entire industries. Our Operator Spotlight gives you the inside track from one of our incredible Operator LPs (Limited Partners) who are changing the game – building and scaling some of the world’s most successful companies. Read on for lessons learned and mistakes made, perspectives from the top, practical advice, and ideas on what’s next. 

‍

This month, we chatted with Aarti Borkar, Corporate Vice President, Customer Success and Incident Response (DART), Microsoft Security. Aarti currently leads Customer Success for Microsoft’s $20B+ security business, and is responsible for professional services strategy and execution as part of the Microsoft Security Senior Leadership team. With more than 20 years of experience, she manages worldwide revenue targets, CXO relationships with strategic customers, and a growing team of over 1,000 people across the globe. 

‍

Tell us a bit about your career evolution from engineering to product management to now running customer success in a senior leadership role? 

Aarti: I started my career as an engineer with an interesting background in advanced networks and complex database architectures. It sounds like a well thought plan today, but honestly I just went after the two areas I loved the most. After a few years in the core database teams, I realized I wanted to know more about why our customers used our tech and what they wanted. That led to a journey into product management, which was the best decision. Being a very technical leader with depth in the business allowed for more comprehensive conversations both with customers and engineering teams. I had the opportunity to start businesses from scratch, and to grow businesses that were over a few billion dollars already - and everything in between.

As I managed larger and more complex businesses, I also expanded my role to GTM strategies and building out partner ecosystems. I’ve had a long held belief that businesses should not build new tech until they understand if their company has the ability to support a go to market motion for the intended target market. So when I got the opportunity to build the customer success organization for a business that was billions of dollars large, I jumped at the opportunity. Growing this organization to its current size and coverage of thousands of customers has been possible because of the journey I’ve had through engineering, product management, GTM strategy planning, partner ecosystems and more.

‍

You joined Microsoft a few years ago after over 2 decades at IBM, what were some of your motivations to make the move? 

Aarti: Honestly, my approach to my career has been about two things: learning new skills and solving harder problems. I’ve embraced this to help me build new muscles, which was evident during my long tenure at IBM. I started working on a range of technology spaces, led various acquisitions and the divestiture of billion+ dollar businesses, and built out large businesses. Microsoft offered me the opportunity to build and grow the customer success organization for the security business, a technology space I had spent years in on the product side at IBM. It was the opportunity to make a deep impact on the Cybersecurity market while expanding my skill set. It was the right next step in my career journey.

‍

What surprised you most about how enterprise customers actually derive value from security products? How have these insights influenced your approach to customer success?

Aarti: Security is very personal to every person and similarly Cybersecurity is very unique to every company. Their risk threshold, past experience, and composition of their leadership team combined with the industry, geography and maturity of the company shapes their perspective. So my approach is always to listen and make sure they see the full picture of the risk and the opportunity to safeguard their environment. This is how we ensure innovation and business can continue without fear. I also know everyone isn’t going to understand that in the first conversation - so patience, the art of listening, and slowly but surely ensuring the customers don’t skimp on the needed security–nor do they go to the extremes that negatively impact innovation–is the day job for customer success teams.

‍

You've seen the security landscape evolve significantly over the last 20+ years. How is AI reshaping customer expectations around security products? What enterprise opportunities and challenges should security founders be preparing for?

Aarti: This is a long discussion honestly, but will stick with two core points. First is for the technologies and companies that exist today, AI will change the way we hunt, observe, investigate and more. My advice both to technology teams in larger companies as well as founders is to see if their tech is still protecting customers adequately given the advent of this AI generation. Is the tech going to be obsolete?

In the Security Operations Center, it's always been a game of cat and mouse - and for the first time we have the ability to change that. The security community has tried to find ways to predict how attacks take place and prevent them for decades. Thinking with a data centric approach, using the power all types of AI provide–and realizing that no individual company can do this alone–can lead us to tip the scale for the defenders vs the attackers. If startups start with that approach and see how they fit in the ecosystem, making that ecosystem smarter could lead to some amazing outcomes both for the market and the company.  

The other side to this is a fundamental change in how we protect data. I grew up in this space and saw a select few people in any company care about proactively protecting data. The large opportunity here is the precision with which we can help customers protect their data – both from attackers and misuse and exposure through oversight in the use of data in various AI models. Data governance and security goes from being the vitamins that only some people in a company cared about to sustenance that everyone, at least in the technology teams, should care about. Simplifying this for the market will continue to be an opportunity for security vendors.

‍

How do you balance the need for rapid response to immediate threats versus long-term strategic planning?

Aarti: Security strategies have to live in both those time frames every day. Prevention while hunting and defending is just the basic premise of a security architecture. Especially in today’s world, the importance of a comprehensive security posture plan and exposure management strategy is unbelievably important. A clear and comprehensive plan will ensure that there are fewer compromises and that when they happen, they are swiftly dealt with. I tend to recommend customers get an external IR team to do compromise assessments to just get a second opinion and help in deciding where effort should be spent.

‍

You have deep experience in acquisitions, having managed more than a dozen from under $100M to multi-billion. What are a few key insights you can share about what makes a successful post-acquisition integration?  

Aarti: Three key things:

1. The basic cultural transition should be at the right pace both for the engineering and go to market teams. A drastic change causes the loss of the elements that the acquisition was done for. Not doing it results in the company never becoming an organic part of the organization and positively impacting it.
2. A lot of people tend to put all their focus on the technology acquired. But the interaction of the company to their customers is through the GTM teams, so the GTM strategy has to start early in the acquisition process and then continue through the post acquisition stage. Unfortunately this is a big part of why M&As fail.
3. A very strong and senior team leading the post-merger integration that solves disconnects and issues with speed and precision is important. Prolonged resolutions and antibodies that prevent the new company from succeeding have to be avoided swiftly.

‍

You have a key position managing CXO relationships with strategic customers - what's changed in how enterprises evaluate and buy security solutions? What advice would you give founders about enterprise sales motions in today's environment?

Aarti: Security has gone from a wide set of small piecemeal solutions to, rightfully, a place where customers expect clear and connected outcomes that make it easier to protect their environments while continuing to innovate. So customers are going to be far more tuned into what it takes to get the new tech they are buying into their environment without needing a lot of admin overhead. It has to be integrated into their entire security architecture while improving their security posture. Time to value and integration into existing platforms will continue to be an expectation from customers, so being able to show that in a sales cycle will be important.

‍

You’re an executive sponsor of MSFT’s Women in Cybersecurity Leadership Board - what are some of the biggest challenges you have observed for women leaders in cybersecurity, and how are you working to empower the next generation? 

Aarti: There has been and continues to be a perception that security is not a place for women and breaking that perception and ensuring more young women realizing this is rewarding career for them is my core focus with sponsoring this group. The diversity of thought and perspectives is unbelievably important in security as it is always a game of the weakest link or a missed detail that gets exploited by bad actors. Men and women can think differently when it comes to defending their important assets both in the physical and digital world and we need all of those perspectives as we build comprehensive cyber security solutions and architectures.

Ensuring everyone involved in the business realizes the importance of a cognitively diverse security team is key, as is ensuring women feel welcome and that they belong in the cyber security domain.

‍

What’s a piece of advice you would give to yourself 10 years ago, if you had the opportunity?

Aarti: I have always told myself to make decisions that would lead to the least amount of regret. Try a new thing, take on a challenge no one else would, and choose the roles that will teach me something new. Early on when I chose the harder path and people advised me against it, I would let it worry me, and I would overthink. I don’t remember stopping myself from doing what I wanted - but I would have saved a lot of time if I had not worried about those opinions as much.  I would surely tell myself from 10 years ago to work less and take even more roads less walked upon.