Check out the Israel Data Stack: the ultimate resource for Israeli data companies.

Hetz Presents: Protecting your identity, with Okta’s Bhawna Singh

“Your identity is special - control it.” 
Liz Cohen
March 4, 2024
“Your identity is special - control it.” 

On this episode of Hetz Presents: we spoke to Bhawna Singh, CTO of Customer Identity Product Unit at Okta, who shared her perspective on leading engineering teams, operating in a security culture, internet identity myths and the biggest mistakes she sees startup founders make when seeking to work with big corporate players.

Below is a lightly edited transcript of parts of our conversation. Watch the full interview here.

What advice would you give someone building their first engineering team today?

Many of us lean into our own experience to see what we should be doing and how we should be doing it. But many times we forget, and I see some leaders saying, Oh, I've done this before. So I'm going to do it again or apply it the same way. But every team, every technology, every industry, is different.

What you apply needs to be current-situation based. Keep your listening ears open as you make those changes or bring those decisions in order to make sure that you are also bringing the feedback loop aspect so that you can really apply it for the current situation, even when you're leaning in to your past experiences.

That is such an important aspect, and I can tell you quite a few times when I talk to some of my peers, and they say, Oh, I've done it before in this way and it worked great and I've done it twice and it will work again, - but then it didn't.

It's a very important lesson. I would say that I myself have learned it and certainly keep it in mind: The fact that humans are different, and no matter what we have to kind of calibrate who we're dealing with, is universal. Software engineers who we were hiring 10 years back are not the same software engineers with the same expectations today. So how you did it 10 years back might not be exactly or work exactly the same today. 

I'm not saying it will not work, but, keeping that listening ear, taking the feedback, reaching out to individuals, leaders and managers to see how it is going, that you're resonating with that feedback, and making sure you're taking action as well, not only listening to feedback.

How do you foster an innovation culture within your engineering teams?

Very important question, actually. And you know, something that I very deeply resonate with as well, because through experience, innovation is so key to having a very healthy engineering organization and making sure that you are retaining your best talent.

You can drive the aspects of maintenance and improvements and all of that, but innovating and making shifts is super key for you and your organization to really move the needle and not just ‘we are delivering’. When you have to move the needle, innovation is part of that journey.

And when I think of innovation, it starts with all aspects. Many people call tech debt - not innovation - maintenance. There's so much that you can do with tech debt in an innovative way. How you solve it could be innovative. How you collectively address that in a solution can be innovative.

And even performance. We do a lot of scaling because we are growing. So we need to scale our platform and systems a lot. How are we scaling and how we approach the scale can and should be innovative. So innovation needs to be baked in and all aspects of the roadmap.

Many companies also do hackathons. That's another way of innovation, which is also something that we do, encouraging bringing up some big problems, big challenges and giving it to a group to say, okay, let's figure this out, rather than a top down way.

Brainstorming, figuring out solutions, creating that space are equally important. So the way I think of innovation is there is no one track or two tracks. There needs to be so many multiple tracks for innovation. 

And certainly innovation cannot happen without recognition. So you need recognition on the other end too. People say, ‘oh, we do some kind of appreciation’ or, some Slack channel callout, which is all great, but I think recognition also needs many approaches. We do all of that with OktaAppreciate and our Slack Channel and company-level recognition, but also team level recognition. We give our leaders some swag to say, if someone did a good job, in the moment, send them a link so they can grab some swag. That's one very quick way and event instant, depending on the work. 

I also hold a higher bar on the aspect - let's call it an engineering-exclusive swag. We have a very limited-edition swag. And when you do a great job on your own, you have all ranges of recognition so that you're not missing out. Or you're not only recognizing the heroes while not recognizing, let's say, people who are helping you get better, so you want to kind of create that range, and this year at Octane we created space for all of these folks who got this exclusive swag award. We're always thinking about how we can recognize and make them feel special because they are working hard to create this culture of change, and move the needle in a meaningful way. 

So as leaders, our job is to make them feel special and know that we see them. We recognize them, we value them, and keep at it.

Dispel a myth about identity on the internet.

Let me say that this is what I say to my kids as well: 

This assumption that if they are keeping their content in a certain category online, even with private settings, once you put that data out you expect it to be private. But is it really private? Is it really meeting all your criteria of what privacy is? If you look at the consumer space, the big part of it that I want to call out is: identity is key, to all aspects of you as a person, and many of us just create an account and share all the information and when it says accept all cookies, we just press accept and move on.

So you have been given a lot of rights and for us to engage with those rights is important, but many of the users treat it like, “I'll give all the information and I'll move on,” which is fine, but I'm saying that identity is very special. It's yours. Control it. Make sure it's used in the right way. 

I would add another myth. One which is a mistake I have myself made: when I think of identity, authentication, authorization, all the access as an engineering leader, we all make buy-versus-build decisions. I have learned how complex these decisions get very quickly. “Oh, it's just a username, password, and maybe a magic bank and maybe a social login and you're done,” so build it in-house. I cannot tell you how many protocols are behind it. How many ways it can be hacked and all of that. So building identity is not easy. It has lots of complexity and making the right decision there as a technology leader is super key.

That's a behind-the-scenes side of identity that many people miss out on.

What’s a technical solution on your wishlist that is missing from the market? 

If it's not in the identity space, I don't think I can build it or I want to build it. But I feel like ‘security’ as we have been talking about for many years is still evolving and certainly AI has put more strain on security posture and how we are identifying the attackers and how we are addressing those attacks and all of that.

So this is absolutely a very evolving space. We ourselves are adding some research here and some innovation -  my team in machine learning presented a couple of our papers recently, in a very important and a good forum. So the industry is actively working in this space, but this is evolving.

That is certainly something that I would call out. And I myself are looking at, what more should we be doing? So we always want to stay ahead of it, especially with AI as a new add. 

The other thing I would call out is in the operations space, I still feel that machine, there's a lot of AI in the product, in the productivity, in the features development space, but operational intelligence is still in its early phase. There's this understanding of like. Operational might be very key to one company versus some other company, but there's a lot of generic aspects of it. So operational intelligence is another category I would say, some people can call it infrastructure, but it's the operation aspect. How are you managing your operations? You're very spread out cloud installments - how are you supporting fast reactions to issues on resiliency, trust, security, all of that.

So I feel like operations are still in the works, and not quite there. My team has to build a lot of orchestration and tuning and our own ML setup, and I don't see much out there solutioning. There's some coming now with the AI adoption.

What is the biggest mistake - or the best thing - a startup founder could do when trying to partner with you or pitch you on their solution?

So as a receiver who sometimes hears from founders, “we want your advice, we want your feedback, your suggestion,” many of those conversations I enter because I'm happy to help, I believe in technology leaders, as well as founders who are trying to solve problems in the technology space.

And I want to help from my experience, but very quickly the conversation goes into “So, what do you think about buying it for Okta?” A lot of times as advisors, we are not against bringing any strong, good technology in-house. But I will know when to, and I will broach that conversation. It's okay to say, what will it take to bring it to Okta? And I'm happy to answer those questions, but the assumption in the first call itself makes me hesitate to take on other calls of connection and advice, because it's not that I want to, I understand the enthusiasm of the founders. I want to hope I also understand that they're looking for design partners and all, and it breaks my heart to say, no, you're not ready every single time or too many times. 

So if you could make it easier for advisors, not just me, others too - if you truly need advice, you say that, you take the advice, you take the feedback. If you're looking for a design partner, please make that clear up front so that I can say, this is not the area of my priority

I'll give you a very, very key example. Just because I said operational intelligence [earlier], doesn't mean that if you have an operational intelligence solution tomorrow that I can engage with you - because I have a road map. I have a priority. I have a team that's focused. I can't just shift. But that conversation helps because now maybe six months later, a year later, we can engage and talk about it. And maybe then you're at a certain stage. So understand that aspect and be comfortable or come with that transparency.

Watch the full interview with Bhawna Singh here.

𝐇𝐞𝐭𝐳 𝐏𝐫𝐞𝐬𝐞𝐧𝐭𝐬: is a series featuring tech leaders and execs from around the world, exploring how they arrived at their professional milestones, how they approach management and leadership, and what comes next in their industries. Watch the full series on Hetz Ventures' Youtube channel.