Embracing Change in Corporate Security: Strategies for Modernization with Ryan Schonfeld of HiveWatch

00:00

Manish:

Ryan Schonfeld is the founder and CEO of HiveWatch, a security technology company transforming how organizations protect their people and assets. He began his career as a police officer and investigator, later serving as an instructor for the U.S. Department of State’s Anti-Terrorism Assistance Program and leading security technology efforts at a Fortune 500 company. Driven to fix inefficiencies in traditional security models, Ryan launched HiveWatch to deliver smarter, scalable solutions for modern security teams. Please welcome Ryan to Ontic’s Connected Intelligence Podcast. Welcome, Ryan.

Ryan:

Hey, Manish. Good to see you.

Manish:

Good to see you. You’ve been a road warrior. It’s good to see you back in L.A. Welcome home.

Ryan:

I was excited to sleep in my bed last night and was remarking this morning that when I have dinner at home tonight will be the first time I’ve had a non-restaurant meal in three weeks.

Manish:

Oh my goodness. Thank goodness you’re keeping in spectacular shape, which is wonderful.

Ryan:

My body is my temple. What can I say?

1:36

Manish:

I love it. Well, let’s let’s dive in. Let’s talk a little bit about your career. You started as a police officer and an investigator. That’s really fascinating and interesting. And how does that shape what you’ve now experienced in your approach to corporate security?

Ryan:

Yeah, look, I think of my career as a series of stepping stones that got me to where I am so far. I didn’t ever set out to start a software company. It was really just throughout my career finding problems that frustrated me and then figuring out ways to solve them when the options that were available at the time weren’t adequate. And so early on in my law enforcement career, I was a police officer, I was a patrol officer pushing a beat car in a uniform. But something that was always frustrating to me was the criminals beating us with technology. And our lack of ability to leverage technology to fight back to find and like how you use that data to drive prosecutions and went and got a master’s in IT and started getting into computer crimes. And this was the early days of social media and smartphones and this sort of new medium of places to find stuff. Turns out those were not fads and nor was all of the data that those types of systems generate. And using that metadata and operationalizing it was something that kind of drove the rest of my career. And when I started instructing for the state department and I would travel overseas and train some of our allied countries on how to use data to drive their investigations and computer crimes, one got a taste of the private sector and said, Hey, this, this isn’t so bad. And also nobody’s trying to kill me. So that, that piece was cool. And we were starting a family. When we moved to LA, I first worked for a really big gardening company. And it was the beginning of the Affordable Care Act. And so healthcare costs were going up. And as a gardening company, we were saying, okay, how do we leverage technology to better improve our margins and our costs? And this technology thing is here to stay for sure. And really liked solving that problem of tech enabling security, which has been a very sleepy, people-driven industry for a long time. But being new in LA, I said, Hey, Hollywood sounds really cool. And so Fox was where I transitioned, and I managed global investigations. And then I got to run the global security technology group. And that’s really where I got to see for this big global corporation, awesome organization grew in a big way through acquisition. And we would acquire a company and then we had new and disparate systems. But I love the mission of protecting our people. I love the mission of how you protect the brand and sort of everything that goes into an organization’s corporate assets. But it was never lost on me that So much of what we were doing as a corporate security organization was driven by people and manual process. And that’s really kind of what’s driven me to ultimately build HiveWatch and focus on the modernization of the Global Security Operations Center, which really is the central nervous system, if you will, of certainly of the security program. And I think it should be of the organization more broadly.

Manish:

No, I love that background, and thank you for walking us through that narrative. How did you, Ryan, convince your lovely wife to also work at HiveWatch as a big role in the company? How did that come about?

Ryan:

Like a lot of startup things, just sort of happened. Sarah has always been in tech marketing, but not in security, and that’s actually a lot of our hiring at HiveWatch is from outside of the industry, and that’s by design. But when we first started the company, number one, I would talk to Sarah about the things that were going on at HiveWatch, and she’s like, sounds great, I have no idea what the hell you’re talking about, find a friend. But Sarah’s an extremely talented tech marketer who’s always worked in kind of early stage, up through post-IPO companies, helping them build and scale those programs. And so naturally, she was helping me in the evenings early on and really helping to get HiveWatch to where it was. And after our series A, you know, we looked at each other and said, hey, should we do this? We’re basically already doing it together. Should we make it official? We had the natural conversations about like, what if it doesn’t work? And like, I’m not leaving, so you’re gonna have to go find a job. But you know, we’re three and a half years in and it seems to work really, really well for us.

Manish:

Huge shout out to Sarah. I think she’s amazing. I think she’s remarkable at what she does.

Ryan:

I’m biased, but I’m a fan.

6:30

Manish:

A bunch of our listeners also have worked in the public sector, they’ve worked in government, they’ve worked in the private sector as well. What guidance or advice do you have for people who’ve made that transition or are thinking about making that transition, the good, the bad, and the ugly?

Ryan:

Yeah, you know, I think, I spend a lot of time I say a lot of free time, like I have a lot of free time, but the free time that I have, I spend a lot of it working with people that are starting to think about their transition process. And one of the big things I see is that the government, both local and federal, does an exceptionally poor job at preparing people for that transition. And some of it’s as simple as, the translation of your skills and experience from government speak to private speak. It’s not that people aren’t qualified or that they don’t have the right experience. They just don’t know how to talk about it or translate it to corporate speak. I also see a lot of people set the bar a little too high for themselves and that they want to come out of the government and move into this big leadership role running a corporate security program. I couldn’t advise people against that more strongly. Even if you’re in a leadership role on the government side, running a corporate program is not the same. And even if it’s just getting a few years under your belt as a deputy or as a second in command, I really think that that’s advised. One of the steepest learning curves for me coming out of law enforcement was just corporate culture. Um, and how you talk to people and how budgets work, right? Like getting money in the government is very different, um, than getting money in a corporation where like every dollar is real and you have to talk about ROI and you have to prove it and you need metrics and data. And, um, I really think, you know, a few years of experience with that, with like find a great mentor, um, that can take you under their wing. And, um, you know, that, that’s kind of what we spend a lot of time with, with people. Um, The other piece that ties back to culture is really understanding the organizations that you’re applying to. And I’ll have people that show up to talk to me about their resume, and I’m not a hiring manager, I’m just there to help them. And they show up in a tie and a suit, and I ask them, you know, what roles are you applying for? And they’re listing off all these tech companies. And I’m like, well, I really hope you’re not planning to show up at that interview in a suit. You know, that is a very quick indicator that it’s not a good culture fit. And so just little sort of nonverbal things like that and helping them understand what all of that means in the private sector and different segments and things like that.

9:17

Manish:

Corporate security for sure is a fascinating discipline and domain. It also has perhaps some legacy thinking, been there, done that, we’ve tried that, it didn’t work, it didn’t fail. Change management is hard. And then they’ll throw out terms like modernization, they’ll term terms like strategy versus execution. How do you think about that? And for our listeners, how do you help maybe help them reconcile some of that resistance to change as well as big terms like modernization and strategy?

Ryan:

No, I think our industry is generally And this is changing and it’s, it’s changing starting to change pretty rapidly, but I would say like highly non-technical. Um, and that’s a challenge in a world where modernization and AI and all of the terms around the use of, of that advanced technology. um, is becoming so commonplace and expected in the rest of the organization and security is just really far behind. Um, and so I get that it’s nerve wracking for security leaders because it’s a it’s a new domain. It’s something that they may not have experience with. But I also see that the resistance to learning it would actually, is actually a hindrance to career growth and a hindrance to either getting and or maintaining a seat at the table. Um, and that just like really embracing it and learning it and being okay with the fact that you don’t know everything, um, find and surround yourselves with, with young people and with technologists and with people who who do understand that stuff, that it’s okay to have an advisor on your team that’s actually more junior than you. I think good leadership is about surrounding yourself with the right collection of people, and those people don’t necessarily have to be more senior to be a mentor. And I think that that’s something that gets lost a lot with leaders in general, but I see it specifically in security.

11:26

Manish:

There’s clearly a shift in corporate security at the CSO level, at the GSOC leadership level of recognizing they’re gonna be challenged to do more with less. And they have to embrace technology. And they also recognize that at some point, technology might mean they don’t have to scale and they don’t have to hire as many people and they can force multiply. Where do you sit on that spectrum of requiring a human in the loop versus, we don’t have to use the term AI, but just automation and optimization through technology? How do you think about that?

Ryan:

Yeah, so we’ve actually avoided the word AI in most of our product and marketing until recently. And then we made a big AI announcement and have been embracing it, but we’re also very careful about how we talk about it. And I think this question hits it at that. I think automation is a scary. thing for security leaders to think about when in the physical security realm, like, you know, at the end of the day, you’re protecting people and lives and like physical things. And so the idea of having technology take over and have to do things like inference and understanding context and nuance and making decisions and the risk of technology missing something. I think that’s the piece that really scares security leaders away from really embracing some of the new technology. Even if you don’t understand like the deep nuance of how the technology works, you at least understand conceptually what it does or what it’s supposed to do. And so I think that’s one of the big challenges. And I think the industry has done itself a big disservice in overselling and overstating the capabilities of a lot of technology and trying to convince people that you can automate people out of security. And I’m not a believer of that. I think we certainly don’t need the number of people that we have. I think that The vast majority of the function performed in the GSOC today is mundane and repetitive and exactly the type of stuff that’s ripe for technology to take over, but only to a point. And I think that point is the really key part of it. You know, if we deal with access control and video, right? And you look at the vast majority of what people in a GSOC spend their time doing, it’s clearing false alarms at a rate industry average of 99%. That is a very ineffective use of human capital. And so a place where AI can, or automation or technology or even rules, can drive some of that workflow. But there’s places where you’re going to have to say, err on the side of caution. And only when it’s very clear and meets the criteria exactly, do you allow things to be automated. versus escalating to a human for verification. And I think helping the security leadership understand the nuance there. And for us, it’s really tight guardrails around what we allow the AI to do. And what’s really interesting about having those really tight guardrails is we find that security leaders who historically have been resistant to embracing AI and embracing technology in automation and the GSOC, once they let the AI start doing this very finite set of tasks, and they see that it’s doing it very effectively, and I would argue in most cases more effectively than the GSOC operator, then they start asking, well, hey, can it also do this? And what about this thing? And I find that, like, even though you have the technological capability to do that, by limiting it initially, you build a high level of trust with the end user who was historically skeptical, and then they start driving the notion of expanding the capabilities and taking it further versus you trying to convince them to let them do all these things that they’re inherently uncomfortable with.

16:14

Manish:

If you were to make a prediction, pick your time horizon three to five years from now, do you think there’ll be more replace and displace of talent in the GSOC, or do you think it’s a skill set shift for higher order, more sophisticated tasks, or maybe it’s a combination of the two?

Ryan:

I think it’s a combination that will be largely driven by the profile of the organization, right? So you’ve got these large global companies that have built huge GSOCs around the world and that they’re redundant and the number of people that they have today Just inherently won’t be required because of technology unless they’re going to materially change the function of the G sock so we always talk about the notion of more with less and more with the same and either one of those are applicable so you’ve got organizations that are in growth mode. And they’re looking at okay for us to keep up with the organization or take on these things we’re going to have to incrementally add x number of heads and so if you use the cost avoidance model and say leveraging technology you’ll be able to take on. X percent more x several x what you can do with the people that you currently have. That’s the cost savings that may resonate for some of those folks and for other folks they may say. I don’t need 20 to 30 operators per shift around the clock. I only want to work with five around the clock. And that may sound arbitrary, but like, in that case, you could use technology to reduce that number. But it’s really about the specific organization, what they’re trying to accomplish. And you know, there’s a whole conversation we could have around what the term GSOC actually means. But the answer to that question would also help define the number of people and like what you can automate.

Manish:

And I don’t know the answer to this question. I wonder if you have thoughts. There are a number of organizations that have outsourced their teams, their talent, et cetera. Now here comes modernization of technology. It’d be interesting to see how that impacts that part of the industry. Both from skill, talent, embrace, how they embrace or reject modern technology. I don’t know if you have any quick thoughts on that.

Ryan:

I’m seeing trends go both ways on that. So what I’m seeing is some organizations that are really large who historically would not have considered outsourcing and wanted the sort of control of it being in-house. Are more open to outsourcing because the technology is enabling them to have more visibility and control of it and a lot more. It’s very hands-on, even though it’s a third party that’s actually doing the delivery. I’m also seeing organizations who have historically outsourced to third parties saying, hey, the reason we outsourced it was there’s so much inefficiency here that the number of FTEs required to deal with this was just untenable, but now through technology, we’re finding enough efficiency that I don’t need 15 full-time heads, I need two, and that’s a much easier pitch to leadership. Again, it depends, but those are kind of the two trends I’m seeing.

19:33

Manish:

Let’s talk a little bit about technology stacks, and we can start with hardware, and then we can move to software. Obviously, lots and lots of devices, lots of systems, CSOs have to reconcile. Do they modernize? Do they stick with some of their legacy systems? How would you think about it, both from a HiveWatch perspective, but just your take on the industry and where that industry is headed, that part of it anyway?

Ryan:

So one of the founding principles of HiveWatch was not requiring organizations to rip and replace. And this was one of the things that I learned as an end user and a security consultant as we acquired companies, as the organization scaled. You either had to throw more bodies at it, or you had to rip and replace so that you could get the sort of single pane of glass that every GSOC is chasing for their operators. Rip and replace is a hugely expensive value prop, especially if you’re a company that’s growing quickly or does any substantial amount of mergers and acquisitions. Now there’s an interesting wrinkle in this that is kind of recent with tariffs. And a lot of organizations that were pursuing rip and replace now have paused those projects because they’re seeing this exponential increase in cost around components and parts and everything that goes into those projects. And so it’s new enough that I can’t give you a definitive answer on where that’s going to shake out. If anybody knows the answer to that, I’d love to hear it. But that’s been a really interesting shift that we’ve seen just in the last month or so as all of that’s starting to unfold.

Manish:

And you can pick the device. We can start with cameras, but you could pick any type of device. I would imagine a number of those companies are leaning into wanting to be their own single pane of glass, that they’re going to invest in software, that they’re going to look to modernize, that they’re going to anomaly detect, and so on. How do you think about that argument that those companies might make to a CSO versus using some other third-party software to aggregate it all?

Ryan:

Yeah, we talk about this a lot. And this is something I spend a lot of time with the venture community talking to them about as they think about HiveWatch as well. You know, I think computer vision in particular has really become something that’s commoditized in the market. And so we’re seeing more and more camera companies layer AI on top of their core products and really brilliant technology, natural language search, and alerting. How we think about it though is, for an organization to truly drive automation and feel comfortable with removing people from at least certain part of the equation, video context by itself isn’t enough to make that decision. Similar to the way that Ontic correlates data across all of these different data streams, we feel the exact same way about the access control and video and guard data and incident data that you really need all of those pieces together to drive a effective decision-making process. I think where we sit in the stack is something that’s really important to us because we have an incredible amount of normalized data across these other systems and disciplines, and I think that that’s a pretty big differentiator for us.

Manish:

Is there a trend you’re seeing in, and let’s just stick with GSOC, but it could be in corporate security broadly, it could be in and around operations that you’re, I wouldn’t say you’d love to see an end to, but you’d love to see a shift. So is there something that’s, either it’s a legacy mindset, it’s an approach that part of the industry’s taking, is there anything out there that you believe kind of heading in the wrong direction?

Ryan:

One doubling down on on prem, you know, as a former end user, I think one of the you think total cost of ownership, right? And trying to scale a program. And when I see people still trying to manage tons of infrastructure and servers, and you look at the rest of their organization, and there’s only one division of the company that’s doubling down on like physical infrastructure. So like, why is that security? Why are we not racing to the cloud as fast as we can and leveraging all this new great technology that can be deployed that the, you know, I got a, I got a recall notice for my car this morning. And I was like, Oh, shit, I’m gonna have to take my car to the dealership. And then I read the recall notice. And it said, Hey, we’re gonna push the recall update to your car over the air, unless you proactively opt out. Like, why can’t security be that way? Why do I have to have somebody come out and update every single panel across my infrastructure? So that’s the part that blows my mind.

Manish:

It’s a great point. I had an interesting conversation with the CIO of a large bank, FinServ, and their response was, hey, we’re getting pressured by the board, a CIO is, of here comes the AI tsunami, and third-party vendors that are all in the cloud might do something with our data. that then exposes it into the wild. So we’re going to put more of it on-prem or we’re going to go back, you know, a few generations. I don’t know if that’s what’s driving it, but there is, to your point, there is a trend back to on-prem.

Ryan:

Well, and there’s certainly, you know, an ongoing OpEx versus CapEx conversation in cloud. I think, you know, we, We took the approach of single tenancy with our customers and building as close to on-prem as you can from a data segmentation, segregation standpoint. So even though we’re cloud native in what we do, that concern that customers rightfully have about commingling of their data and what the organization’s doing with it, that’s a very real concern. I still think total cost of ownership and scalability and things like that, cloud’s gonna win. But I think it’s also interesting, you know, as we think about security leadership, where historically we’ve seen our heads of security, like reporting structure wise, going to facilities, finance, HR, maybe illegal, more and more seeing heads of security reporting up to CIO, CTO, CISO, or having this like chief security officer concept that’s over both. And I think that’s a really interesting trend shift that’s happening in our industry as well.

26:57

Manish:

A couple more questions. Ryan, again, thank you for your time today. Let’s talk about advice and what advice would you give? And it could be at varying levels. It doesn’t have to be a CSO level. It could be at the operator level. It could be at a leadership level. But how would you guide people to think about technology and this domain of physical security? Any advice of all of the tech that’s out there that they have to start to think through and reconcile and the change management? There’s a lot these individuals are thinking through. Any guidance or advice or touchstones for them?

Ryan:

So one of the cool and complicated things about the HiveWatch sales process is that we get to talk to people at all levels of the organization, right? I talk to CSOs, I talk to directors, I talk to GSOC operators, I talk to guards. And everybody has a, and they’re all users of the system. And so everybody’s got a different perspective on what’s important to them. for an operator and guards which have extraordinarily high turnover, long training rates, they’re interested in what makes their life easier, their day-to-day, how do I make my job and the tasks that I do more enjoyable and less mundane, and from a leadership standpoint, they want that because it helps with retention. From a director standpoint, and a VP CSO standpoint, data’s gold. And I think one of the big challenges that they have is how do they actually measure their program? And I think there’s this legacy mindset of just using risk as a way to do that. And if we have this risk and if we don’t do this and this thing potentially happens, like this is the potential impact to the organization. And that’s not incorrect, but it just doesn’t resonate with your CFO. It doesn’t resonate. It’s not a good business leadership way to approach security. And so I think really having data around ROI and not fake ROI, but actual metrics of where you can save and how you can global security market is massive. I hot take here. I don’t think a lot of organizations need more budget. I just think they need to spend their budget smarter. And data is the thing that is really going to help them do that. The last piece is for the tech buyers. I think this is where a lot of stuff goes off the rails. And it’s really fun to go to trade shows and you see everything working perfectly in the trade show environment, canned data and off network. But the reality is like, how is this going to work in our environment? And really spending the time to architect out What our network looks like, what our corporate facilities are versus remote sales offices versus streaming cameras across networks is not nothing. And where you’re going to process that data, are you going to do it at the edge or are you going to do it in the cloud? Can security support this deployment? Or who are my IT partners that I need to get involved in making sure that all of those folks are at the table early on? Otherwise, I find these projects are doomed for failure or exceptionally long implementation timelines.

30:23

Manish:

Very well said. Two final questions for you, Ryan. A lot has been written about cyber-physical convergence, especially over the last five years. Legend or fact?

Ryan:

Fact. Um, I wish it was a fact quicker. Um, but I think, you know, to, to my earlier point about reporting structures, I think that’s going to drive, uh, and force a lot of that convergence to happen quicker. Um, I think, you know, one of the big questions we get is, can you take the data from physical security and push it to the seam or the monitoring products that the cyber teams using? Um, that’s a very standard question. Um, and so I think, you know, back to data being gold, I think that’s one of the number one things that, um, physical security is going to be pushed more to provide, provide good data to the cyber security team. but also to inherently make physical security products cyber secure. And I think that that’s something that’s been very glaringly missing from our industry for a long time.

31:31

Manish:

Ryan, thank you again for joining our podcast. One last question to you. What does Connected Intelligence mean to you?

Ryan:

This is data, and I go back to the earliest days of my career and how to find data in different places and operationalize it. And so, to me, connecting the dots and figuring out the right ways to use data and information to drive optimization, that’s what it is for me.

Manish:

Love it. My guest today, Ryan Schonfeld, CEO and founder of HiveWatch. Ryan, thank you again for joining us on the Ontic Connected Intelligence Podcast.

Ryan:

Thanks for having me, Manish.