Application security

Interview: Jason Dover, Director of Product Line Management at KEMP Technologies

April 24, 2015 by Infosec

JD_headshotJason Dover is Director of Product Line Management at KEMP Technologies, a Microsoft MCP, VMware VTSP and VMware VSP. He’s a subject matter expert on messaging technologies and application delivery with a background in the design and implementation of Enterprise Unified Communication and Directory Solutions. 

Prior to joining KEMP, Dover worked in the Finance industry and provided consultative Messaging and Directory transition and migration services to NYSE Euronext and Deutsche Bank as well as served as Technical Lead for the Global Directory and Messaging Operations team at AllianceBernstein.

You recently began a new position at KEMP Technologies. What does your new role entail?

In my role as Director of Product Line Management I have a multi-faceted set of responsibilities. Leading a stellar global team of Product Marketing and Product Line Managers, my primary focus is on taking KEMPs product strategy forward, making sure that our roadmap is competitive and executing on the executive vision. This entails studying the application delivery and security market and finding new ways to expand our TAM and gain competitive advantages while continuing to service our existing customer base. My organization also works closely with Corporate Marketing as well as the PR and analyst community to ensure that the right messaging and value proposition is delivered to the right audiences at the right time.

Looking at your background, it appears that there’s a clear correlation between training you received and the roles you served in. What training has been instrumental in preparing you for your sales engineering and marketing roles at KEMP?

To be a good sales engineer you have to understand technology and the problems that are faced in the enterprise from the customer’s seat. Several years of real world administration and engineering experience in the high-paced world of Finance IT enabled me to get a deep understanding of what it takes from a technology perspective, to support the needs of demanding business units. With that background, when I walk into a customer meeting with heads of IT divisions I understand exactly the pressure they’re under and what their looking for from the vendor that they choose to partner with. This is equally true when it comes to being an effective marketing and product leader. If you don’t understand what your customers actually need or what speaks to them, you will miss a lot of opportunities. Internally, in product management, you serve as your customers advocate and having this type of background allows you to see things from their point of view. This gives you the unique advantage of being passionate enough to get needed buy-in from stakeholders when you’re representing their interests.

For someone who isn’t familiar with KEMP Technologies, could you give us an overview of the types of products and services that KEMP offers?

KEMP’s core business centers on application delivery and security technology. Our flagship LoadMaster is an application delivery controller that provides L4-7 load balancing, content switching, IPS, and authentication services. All of these features help customers to efficiently and securely deploy and scale business applications. We’ve also been active in the SDN arena and are the first ADC vendor that’s cracked the code on bridging the gap between the network-centric focus of most SDN frameworks and the application centric focus of L4-7 solutions such as ours with our embedded SDN Adaptive load balancing capabilities. Additionally, web application firewalling, support for native operation in Azure, AWS and vCloud Air and IPsec VPN capabilities for public cloud enable customers to securely move their existing applications to a hybrid model.

For an IT professional who is evaluating load balancing products, what are the security-related issues which must be taken into consideration?

A load balancer is typically going to be deployed in such a way that all client requests and server responses have to traverse it. In this critical path of ingress and egress it’s important that it’s configured properly to mitigate risks. In some cases, load balancers are deployed in the DMZ just behind an external facing firewall for the publishing of applications. Fortunately, since a load balancer is a reverse proxy and terminates TCP, its natural behavior is to add another dimension of security to an application infrastructure. To add to this, most modern load balancing products include services such as intrusion prevention, DDoS mitigation capabilities, web application firewalling and identity management. Since TLS is often terminated at the load balancer it’s important to make sure that the solution used is setup in such a way that insecure and legacy methods can be restricted by policy.

KEMP currently has a couple of different positions posted for support engineers. What type of training and experience do you typically seek for roles like these?

Our technology sits in the network and interoperates with other network functions so a strong networking background is important. Experience with networking in the context of actual enterprise applications is also valuable since the network’s primary purpose is to interconnect and serve applications.

It appears that KEMP’s development team is based out of EMEA, in Ireland and Germany, along with a number of other roles. What do you think this says about the global supply and demand of IT professionals?

There’s a lot of talent in these regions and that is one reason why KEMP continues to expand parts of the global team in these territories. The demand for IT professionals with the right skillset has been on the rise and because of having our EMEA headquarters in Limerick and development leadership based in Munich, we’ve been able to take advantage of bringing in a number high quality and talented individuals in these parts of the world.

There have been a variety of IT security issues that have come up in the past year (such as the FREAK security flaw) that weren’t on anyone’s radar a couple of years ago. What are some issues that are just showing up on the radar that companies need to be preparing for?

The past year has definitely seen a number of news making security vulnerabilities. This just highlights the fact that any environment is really only as secure as threats that are known which means that they are always susceptible to those that are unknown by the industry in general, their security team or the providers of security solutions being leveraged. While spend on security has been on the rise, the number and severity of breaches has also been increasing and there doesn’t seem to be an end in sight. This reflects the need for organizations to adopt newer security architectures. The ones that work most effectively against today’s sophisticated threats are those that are flexible as opposed to rigid and can provide fast, automatic response to real time threats instead of kicking off a litany of workflows and alarm bells that still require manual intervention to “pull the trigger” on actions. The key to this is to build networks that enable transparent visibility and a holistic understanding of how the applications, which are often the threat targets, are behaving and interoperating with the network. A diversion from the norm can be a first indicator of developing issues.

Looking ahead, for an IT professional who would like to differentiate himself or herself from the rest of the crowd, is there any specific experience or training that you’d recommend?

Get real world experience as soon as possible. Fresh out of school, new entrants to the tech market often have little or have no actual experience. The ones that stand out are those that have both the education and some hands-on chops. Even though it takes some extra discipline and work go for that summer job, internship or participate in a startup project, doing this can give you the edge come interview time. Also, learn to communicate and not just in terms of using proper grammar. What’s important is learning to distill complex ideas down to their essence and articulate that and using speech to motivate, pitch and sell. Slick PowerPoint presentations are great but without the ability to convey the message effectively without the slides your coming from the wrong direction.

Posted: April 24, 2015
View Profile