AwinguruTalks is a podcast and video blog in which we talk to technology thought leaders, experts and decision-makers. In it, we explore a wide variety of topics – including the current state and future of enterprise technology, IT security and remote working.
In this episode, Awingu’s chief marketing officer Arnaud Marliere talks to Brian Foster, who is a successful Silicon Valley product guru, with high-end roles at the likes of Symantec, Damballa, McAffee and MobileIron. Earlier in 2021, he joined the Awingu Advisory Board where he will use his insights in the sector to help us steer Awingu’s product approach forward.
Episode 4 - Brian Foster
Hello, Brian, and welcome to AwinguruTalks! A pleasure to have you with us today.We announced that you joined Awingu as a strategic advisor, and obviously, we’re super excited about that. We’re excited because you come with a lot of insight into our market, business, and network.
You’ve been Chief Product at MobileIron for the last two years until they got acquired by Ivanti. Before that, you’ve had many other roles in Silicon Valley, to name the last ones: Senior VP Product at McAffee, VP Product at Symantec, CTO at Damballa, co-founded Element Networks, and you’ve managed the Information Services Business unit at Neustar. Brian, that’s a very impressive resume. But at the end of the day, what drives you to do the things you do?
You know, it’s changed. You did an excellent job in giving the top of the waves of my background. I started my career as a software engineer at Symantec, worked 21 years there. And what drove me there was building software that people used. And that was what motivated me to work at Symantec. Of course, this was in the nineties and the 2000s. And it was building consumer software, but also enterprise software. And that was the exciting part that woke me up in the morning.
As my career developed, in the later years at Symantec and McAffee, that transitioned from building software that people like to build teams and working with teams that build software that people liked. Right now, I’m probably at the junction of building software that people like, that still gets me up in the morning and still is exciting to me, and working with teams that do that. You know, sharing that experience and that joy I get of building software with others.
Brian, if I’m not mistaken, you have a background in development. You can code. We’ll get to those questions later on, but how important is it that you have that hands-on experience that has done the jobs that you’ve done as Chief Product Management?
I think that for successful software development in security, consumer software, and enterprise software, the devil’s in the details. And I think that having a basis in software, at least for me, allows me to go deep on challenging problems and solutions to those challenging problems. I don’t think you can build successful software without the ability to go deep and get into the details. So my software development background is what allowed me to do that.
Now, it’s been a long time since I’ve written any code – probably thankfully – but the ability to have that comfort and confidence to understand the technical challenges that the engineers and developers have and weigh those challenges into the decision making process for what we build – and why, and where – is critical.
You like to work with software that people like and that people want to use. And by extension, if I look at your background, you’ve worked in cybersecurity, endpoint security, UEM, MDM, so all markets that are very much intertwined with, at the end of the day, how people get their work done from their IT workspace, from the digital workplace. So if you look at the past 20 years, what are the most critical evolutions and insights for you?
Whew, 20 years. I guess there are a couple. I think one of the first evolutions occurred kind of in the late 2000s. And this is really when the BYOD phenomenon started being talked about pretty frequently. Like 2008, 2009 – it happened shortly after I went to McAfee; you started seeing this dynamic of people’s work experience or computing experience at home started to outpace their experience in the enterprise. They’d be home, and they’d get their first iPhone. They’d be super productive from a consumer perspective and doing emails, connecting with people. Then they enter the enterprise and feel like they’re time-warped – they’re going back in time and feeling less productive and more hamstrung in that desktop environment.
In the late 2000s, this notion of ‘how do we start giving people the same end-user computing experiences they had from a consumer perspective in the enterprise?’ And in the enterprise, of course, you had to layer in security. You had to layer in compliance. That’s how all these things I’ve worked on have intertwined. Because all of these things started mattering, together with ‘how do I replicate that consumer experience in the enterprise?’ So that was probably the biggest and first in the last 20 years that I can think of.
I believe that as you move on, part of the promise of that ‘bring your own device’ in the enterprise had a great story, but I think the implementation left people wanting more. Because what it ended up being is this: you can have your consumer desktop with all that great stuff, but all of your work is going to be done in this virtual machine that looks just like that 10-year old Windows image that’s similarly locked down. So it’s not quite what you were hoping, but hey – you’ve still got your consumer device. So that, we can talk more about.
But I think then, the next big thing that occurred was the switch from on-premise apps, on-premise applications to applications in the cloud. And people say: ‘hey, instead of building big data centers and all the CapEx that’s involved in that, I’d rather start running these things in my private version of a cloud running on Amazon or Azure, or Google or Oracle, IBM or whatever.’ So that was another significant phenomenon. And that, of course, had a giant shift in terms of enterprise IT.
And a third one I’ll pick on, which is a continued evolution of that, is that now that your applications are more and more in the cloud. You started dealing with a younger generation of workers; you started wanting to enable them to work where they are. So that’s probably the biggest dynamic we’ve seen, and COVID has amplified this and accelerated it. I mean, it was happening before – this ‘work anywhere, any time, any place’ – it has been going on for 20 years, but COVID just accelerated it massively. So the first one was, ‘hey, I want to bring in consumer experiences to the enterprise users, so they’re more productive and are happier. The second was the shift to the cloud, and the third is: ‘okay, now your apps are more in the cloud, and you’ve got users that are distributed, Let’s allow people to work from home, work from anywhere. Those are probably the biggest three.
Same question, but instead of looking back looking forward, and that’s obviously a very difficult one, but you know, seeing those trends: any device, consumerization cloud adoption, work anywhere. Any ideas what the future has in store for us in the next 10-20 to ish years?
I guess I can be a little controversial. I see a shift towards a couple of things. One of them is the privacy debate and privacy concerns, especially with Awingu being based in Europe. Because privacy has always been one of the trade-offs that enterprises have been able to make in terms of an enterprise desktop and an enterprise device. You’re accessing enterprise data on it; they have rights to that data and to protect that data and on what you do with that data on the device.
As you think about this “work from anywhere, on any device” future – one of the trade-offs is always going to be: what about the privacy of the user and the data on the device? And you’ve seen phones do this very well, where you just have secure enclaves on the phone. ‘Here’s our enterprise data, and it’s wholly separate from your work data and your personal data.’ So Android does this today with the way Android Enterprise works: a completely separate instance that the enterprise can manage. They have no visibility on what’s going on on the consumer side of the device, etc. So you start seeing a little bit of that separation. I think you’re going to see that more on PCs and devices.
If you look at the way management is going and security is going for PCs, you’re going to see that effect. It’s one where you can bring a device that has a section that you can have your private enclave of what you’re doing from a consumer perspective separate. I know that the drivers are there at a nation-state level. At a personal level, this privacy versus security versus availability discussion that every enterprise will have to deal with.
In Europe, GDPR still has immense aftershocks in the industry. In California, where I live, we’ve enacted our data privacy laws: they’re not ubiquitous across the states, but you can see there’s something at a national level or even more states picking it up. So privacy is is something that is going to impact end-user computing. And the intersection of security, availability, all the things you mentioned. So that’s one.
Gartner uses a term: the ‘everywhere enterprise’ and I’m a big fan of it because that dynamic is just going to continue, and we’re going to come out of COVID here, hopefully; at some point, business gets back to some kind of a new normal where we can all travel, but there’s going to be more people working wherever because IT had to embrace that to work over the last year.
As that ‘everywhere enterprise’ continues, the way that access is done is being rethought and re-implemented. You know, you’re no longer using things like VPNs. So VPNs, I think, are going away, and they’re replaced by other types of access solutions that verify who the carbon-based being is, the human, but also the device and other pieces of context. Speaking of IT security in the enterprise, if all your users aren’t getting on a network, spending most of your security budget on network security, it doesn’t make sense anymore, and you think about that differently. And I think more of your security probably moves to the cloud and probably moves to the device as well. Those are some of the things, and hopefully, that’s kind of things you were looking for and on-topic, but that’s kind of how I see things changing over the next ten years.
Going back to big trends in the last 20 years and BYOD and consumerization, if I take a step back, then Steve jobs and the iPhone introduction has been really instrumental in driving this. Had the iPhone not been there, we might have had a very, very different future. Not just in the way that we use smartphones, but on a much broader scale. What’s your feeling about that?
No, I agree. I think the iPhone is what brought in the consumerization of the enterprise and the consumerization of IT trends. Because before that, everybody had their BlackBerry – in this drawer over here, I still have a couple of my old BlackBerries – and I love my BlackBerries, but that was a very different experience than what you had once that iPhone was introduced.
The last company I worked for – you mentioned it, MobileIron – MobileIron existed before the iPhone, but what caused MobileIron to take off was as soon as the iPhone came out, the founders of MobileIron embraced ‘hey, the C-suite in enterprises are going to want to use their iPhone.’ There was no manageability built into the iPhone. “Let’s build that ourselves and go sell that on top of it.” And they did that successfully and built a good business on top of it, on top of being able to bring consumerization into the enterprise. So I think Apple should get a lot of credit for starting the whole phenomenon and driving it.
If we think about the entire cloud movement, there’s Office365, Salesforce, AWS for the infrastructure-as-a-service; you probably can’t pinpoint it to one single thing; it’s just that the industry evolved towards it. And ‘work anywhere’ is very much triggered by COVID. So privacy is something that is already going on.
Do you think that we already have the one compelling event that will trigger our future? Just like the iPhone did 15 years ago? Or ten years ago?
I think yes and no. Let’s take COVID as an example. Before COVID, there was an effort in the industry to replace your VPN with more modern ways of doing access. Using things called software-defined perimeters, Zero Trust network access, secure access, secure edge, I mean – pick your analyst, they’ve got their way of talking about it. But it was a way of saying, “Hey, instead of creating a secure tunnel from your device over the internet, back into the enterprise, to go back out to the cloud to access your cloud applications, why not just set the policy and the encryption at the device and in the cloud, so you don’t have to backhaul it to the enterprise?” Right? Because this dynamic of not everybody attaching to the enterprise network was already happening. And so, when COVID hit, it caused a lot more people to kick the tires for that approach.
Still, the other dynamic that COVID hit where it caused people to deploy more of their VPNs was “Hey, I’m not going to… Because I don’t have people going to the office…”. If you remember, a year ago in March, when people started going home, it wasn’t like, “Hey, let’s rethink IT, quick, and do this over the next weeks.” People were more like: “Oh, we already have a remote access solution, it’s these legacy VPN concentrators that we’ve got in a closet over here; we’re just going to have to go double the number of them because we’ve got twice as many people working from home.” And that’s what they did.
So you saw, when COVID hit, thinking about it in terms of ‘is COVID a big event that’s going to accelerate this change?’ At its inception, it wasn’t. Take MobileIron as an example. We had more of our customers using our on-premise software and a smaller percentage using our cloud software. When COVID hit, the people in the cloud were the best off because they had to dramatically increase the number of devices they were managing through MobileIron, but they didn’t have to do a thing because they were in our cloud. We scaled our cloud up automatically for them. Whereas our on-premise customers – the lion’s share – had to manually install more of our software in their environment while everybody was being told to work from home. You know, we had one customer that still used physical appliances; they had to procure physical appliances and go physically install in their data center all during COVID. That was their answer
These on-premises customers would love to move to the cloud in the near term – they could, because of COVID. So the near term was more of the old but what it did do, was reinforce to all these customers that hadn’t moved to the cloud yet: “Wow, I wish I was in the cloud when this happened.” So coming out of COVID, you see the amount of tire-kicking and interest from a sales perspective of moving. So this is a long answer to say: I think COVID is a compelling event to get customers to move to replace their VPN, thinking about remote access to their applications, to their working environment in a way that’s far less friction, far easier for them to support and to scale up and down That’s going to happen. So I do think that’s happening. But, at least for the first year, you also saw the uses for VPN vendors go through the roof or off the charts, I should say. I don’t know if that makes sense, but that was one of my observations at MobileIron.
Cloud was a game-changer in the last 10-15 years, really the last ten years. And it will continue to be so. But what do you think about the whole legacy and on-prem versus cloud discussion? Is legacy and on-prem disappearing?
I think, in the long run, yes, if the long run is 30-40 years. Maybe 20-30 years. The fact is that at least – once again, just going off of my last job at MobileIron – with large enterprises and managing their mobile devices; everybody is going to be hybrid for a long time. They’re going to have a mixture of cloud applications. They’re going to have some on-premise applications still, and some of their on-premise applications will move to private clouds, so they’re not in their data center. However, they’re still private versions of their software that they manage and use, and I think that dynamic will be around. I don’t see that stopping.
I think it’d be great to say everybody’s going to go wholly cloud-native, but I never saw that cloud-native customer. Honestly, when I talk to enterprise, I think the furthest leaning in towards cloud enterprise I found was like 60 or 70 percent of their apps were in the cloud, they still had And it’s a combination of “don’t fix it if it ain’t broke” type of mentality. There are cloud initiatives to figure out how to move these things to the cloud, but some of them are just old applications that they can’t even find engineers to redo, and it’s just a big effort, and it’s a combination of those things. So I think legacy apps that are on-premise are going to be around for a long time. And, as I said, I never found an enterprise customer at MobileIron that was 100% cloud-only. There’s always some mixture of something hosted privately, either on-premise or in their private cloud.
Also, and that’s my perspective, the cloud is not the objective as such. The aim is to have an agile solution that is functional and evolving as you need it. Cloud is maybe one of the best ways to get there, but it’s not the objective as such. The whole evolution to cloud and consumerization of IT and the changes in how we work: it’s many devices, different form factors, different locations, … all of this has a significant impact on the way that organizations or IT departments within businesses look at IT security. Do you see any changes there?
I mean, we’ve already touched on BYOD in the early 2000s, but broader than that. You know, I started my career at Symantec on Norton Antivirus – it became Symantec Antivirus, then Symantec Enterprise endpoint protection, so very endpoint-focused. In the late 2000s, security was – I don’t want to say it moved from the endpoint to the network. Still, undoubtedly, when you looked at the budgets in the enterprise, they were starting to spend more and more of their budgets on network security than on endpoint security.
So you saw this shift. And why? “Let’s make these networks safe places to work.” There was a focus on prevention at the network, so you started seeing IPSs in addition to your firewalls, certain types of content control, web filtering, you know, stuff that is your egress points in your enterprise. You just saw the network security market grow, and that was all around: ‘hey, your network becomes this safe place.’ network access control is another one of these big, big things that were part of that effort but then, what happened, I think, in the last ten years, is that the endpoint started to matter more. And you certainly see that today.
I was just looking at some research that showed that today’s number one investment area is the endpoint security market in the enterprise, which makes sense if you think about it. So if my employees aren’t getting on the network anymore, all that network security is helping me ensure the security and compliance and availability and integrity and confidence, the CIA of my enterprise. I’m going to have to put something on the endpoint that does that. And so whereas ten years ago you might say ‘hey all the investment needs to go towards the network’ – but if I’m thinking about it from a ‘what you build’ perspective, that was the place to be. Palo Alto Networks, which is still killing it, don’t get me wrong – but ten years ago you would like to have owned a part of them because that’s where all the investment and the growth was happening.
In the last ten years, last 5 to 6 years especially; enterprises have realized that ‘hey, I’m not going to get to where I need to be from a security perspective if I don’t have something that’s ensuring the confidentiality, integrity, and availability of my endpoints.’ So endpoint security has become more critical, and you’ve seen new vendors in this space, Crowdstrike being the poster child, but Sentinel One, Cylance, you know, the Symantecs, which doesn’t exist anymore, the McAfee Enterprise, which is soon not going to exist anymore, they all have also come out with kind of next-generation endpoints. So the endpoint matters more again.
And it goes back to this concept which I’ve hit on a couple of times, which is if you’re not on the network, but you still need to make sure the device is secure, You’ve got to have something on the endpoint to do that. That’s why, by the way, companies like Zscaler, another company that’s killing it right now, has historically been that sitting at the egress, the web filtering they’ve got this massive infrastructure out on the internet to do all these web filtering capabilities. Still, in this new world, they have to have something on the device to see the traffic to do something with it. So Zscaler has an endpoint product that they need on every device. So this is a long way of saying that over the last 20 years, the first 10 was a move to the network, the previous ten have been a move to the endpoint again, so it’s almost like it’s come full cycle.
As I think about the future, I see the need for security in two places. I think endpoint remains a requirement. If they’re not on your network and you don’t own the network that they’re on, you’ve got to have something that tells you that that device is safe and secure. So the enterprise-owned devices aren’t going to go away. They’re going to be out there, but even if it’s not an enterprise-owned device, you’ve got to have something that ensures the confidentiality, integrity, availability of that transaction, if you will.
So that’s one part of it. The other part of it, of course, is the cloud and cloud security. That’s where your applications are going to sit. That’s where access control is going to need to be done. So the cloud is probably in the next ten years, so endpoint and cloud will be huge. You could say that cloud is the next generation of network security because all cloud is servers sitting in somebody else’s closet instead of yours. All cloud security is network security principles applied either in your cloud or on your applications on somebody else’s cloud.
So we’ve spoken about the past trends and your perspective on the future, and some of the challenges that we see in IT security. How does Awingu, for you, fit into that picture? So I mentioned that you have to do something on endpoints, and you have to do something in the cloud. Awingu is a part of that solution.
I guess there are probably two aspects to this that I see Awingu being very critical in. One of those is I have a device that I either can determine the context for I can’t determine the context of the device. So if I unwind a little bit of what I said a couple of minutes ago, you’re going to need to have something on the endpoint, and that’s only – I think – partially true. I think what you need to be able to do is understand the context of the endpoint so you can determine what’s the most secure way as well as user experience friendly way that I can have access from that device to an application that’s either in the cloud or on-premises.
The context of the device becomes critical, and that context becomes important, and that context is, by the way, what helps a Zscaler is, you know, something that a Crowdstrike provides. They tell you what’s going on on that device. The nice thing about Awingu is that in situations where either the context isn’t what you want it to be, or you can’t determine the context, you can provide secure access from that device to an application to allow an end-user to do their job and accomplish whatever their job is. So Awingu provides a security and compliance perspective to provide access from a user to an application that’s either in the cloud or on-premise when you don’t have perfect information about the device.
That’s useful and interesting because, once again, if you go talk to a security professional today, they’re spending a lot of their time trying to figure out the context of the devices and how they provide secure access based on it and if you can give them a way to do that such that the context can either trigger to use Awingu or the lack of context can that solves a big problem for them. So I think that’s part one. Part two is you end up from an IT infrastructure perspective and an access perspective.
As I said earlier, we’re going to be in a hybrid world where you’ve got new cloud applications, you may have apps that sit on a private cloud that you manage, and then you may have some on-premise apps you end up having to make trade-offs in your architecture because of those legacy applications. You want to provide access to them, and this comes down to the protocols for access, and it comes down to how that physical access is managed. The beauty of Awingu is that it gives you away, without having to install infrastructure and VPN concentrators, to install a gateway that gives your users access to these legacy servers as if they were on the enterprise network even if they’re not in a secure and compliant way.
So that one solves the ‘I’m going to have legacy apps for a long time, I don’t want to have to completely change what my IT architecture looks like to provide that access.” Awingu gives you a way to do that in a modern, secure and compliant way. That’s probably the other use-case that I think where Awingu kind of fits into that model for the next ten years. Everybody’s going to need some ability to go to legacy applications in a seamless, secure, compliant way that has a great end-user experience, so Awingu, and then everybody also is going to have a way of, depending on the context of the device be able to provide remote desktop access, remote application access from a device. Those are two, I think, big scenarios Awingu solves.
I fully agree with that. I’ve never explained it myself like this; I like it. If I try to play devil’s advocate, why am I not using VPN to achieve this?
First, I’ll tell you: have you ever run across somebody that says, “Man, I love my VPN!”? Just from an end-user perspective? Now, once again, the beauty is – well, that’s not a beauty – end-users don’t decide what IT does in terms of access. But at least from an end-user experience perspective, we’re not in the driver’s seat. Now, that said, there are all sorts of IT organizations that want to say yes. They want to enable that consumerization of IT and the end-user experience on other devices, and they measure themselves on that because they believe it all leads to better productivity.
Because at the end of the day, that’s what IT is for, it’s enabling the enterprise to do whatever makes that enterprise successful and happy productive end-users is part of it, so I do think that that’s an element to it, but the other element comes down to ‘I may have 50% of my applications on-premise, but I’ve got 50% on the cloud and those cloud applications, I don’t necessarily need a VPN back into my enterprise to go back out to them.” Some of the more sophisticated enterprises are going to split-tunnel their VPN. They’re going to say: “If you’re going to a cloud application, you can go straight to it, but if you’re going to these domains or IP addresses, you’re going to tunnel through the enterprise.” So they can solve that, but it’s still clunky.
You’re dealt with and left with lower latency and throughput, and it’s just the inefficiency of having to go through the internet to your enterprise, back out to the internet, to your applications. That inefficiency just doesn’t make sense. And then you’ve got this cost in the enterprise of maintaining these VPN concentrators that, ultimately, you don’t need. So from a user experience and then from an efficiency and a cost perspective, in the enterprise, where they’re already trying to get things out of the data center and into the cloud, the VPNs can go away.
I fully agree with you there, Brian. If I look at the VPN landscape, I don’t even need to pick on one because I think all of them have had serious breaches in the last couple of years. The DNA of the technology goes back to, what is it, 95 or 96? So it’s time for a change there.
One of the biggest problems in enterprises has been lateral movement in the enterprise. Which is: an attacker finds a way to get into the network, and then once in the network, they move laterally to more high-profile, highly valuable targets. One of the ways they get in is by doing some type of social engineering attack on an end-user that gives them access, and one of the biggest vulnerabilities that VPNs brought was that it brought a user that’s physically not in the complete enterprise access to the enterprise as if they were physically in the enterprise.
So it ended up becoming a target-rich environment for social engineering attacks and these ways of getting into the enterprise. Once you can get their credentials to log into an enterprise, you can then find an application or something else that might have more valuable data in it. So one of the parts to replacing VPNs and how you segment your network is micro-segmentation. This is better done with software than done with just a split-tunneling approach. It’s almost like split-tunneling on steroids, but it’s every application gets its own tunnel, its own segment, which, once again, once you start doing that, it looks very much like, “I’m getting a secure connection for this application from this device, and if that application’s in the cloud, it’s just straight to that application.”
There’s no reason to create a big tunnel that goes back to the enterprise. So solving the lateral movement of attackers means that a remote user only has access to what they’re supposed to have access to, which is like what the software-defined perimeter that the Cloud Security Alliance specified is all about. It’s something like what Awingu provides. You get very specific on what people can access and what they can’t limit the ability for an attacker to allow and move inside an enterprise. That’s another huge vulnerability of VPNs: they were always the easiest way in, and then once you’re in, it’s like you’re on the network, and you can see everything on it.
You have a huge amount of experience in product management and product management organizations. So I’m not going to ask which company had the best product management team; that would not be a fair question. But for you, what makes a good product manager or what makes a good product management organization?
This is easy: it’s something I call the “customer nervous system.” One of the things you learn as a product manager is that your opinion is interesting, but it doesn’t count. You know, the product managers don’t buy the software. Don’t get me wrong: you come across product managers that have a good, intuitive sense of what to build and what customers want, but in the enterprise space, especially – because that almost works in consumer, right, because we’re all consumers and a product manager can build something for themselves – but I learned early on at Symantec and Norton that I am not the typical user and if I want to build something that’s commercially successful, I’ve got to find what the typical users are. So you’ve got to find the typical user, and you’ve got to go out there.
You have to build a nervous system – just like in our body, where you get continuous inputs on how our bodies are doing – you need continual input from customers, and prospective customers, and even partners on what they’re doing and how they’re using your software, what’s working, what’s not. So, great product management organizations have built into their DNA this “customer nervous system” where they’re getting inputs and feedback from customers at every step of their process. And that, to me, that’s easy for me: the best product managers, that’s what they do. If they don’t have that, they’re not going to succeed at a commercially successful product. I can add to that.
If I was to say: “how do you build the customer nervous systems if you’re a product management team?” It starts early, when you’re building the software. Suppose you’re building a 1.0, which, quite honestly, I’m usually building the next versions of software in my career. I have built 1.0’s, and in 1.0, it’s important to have a design partner. You have to have a customer in mind that you’re building this for because, once again, your opinion doesn’t matter: you’re not going to buy it yourself. You’ve got to have somebody you’re designing it for. If you’ve done that, then you need to. You need to continue that.
You build a group of customers that are using the software and, by the way, these are typically the people that are “hands-on-keyboard” using it, not the purchase decision people because those are typically someone else, you do need to make sure that you’re talking to them. You’re helping the people who are using its feedback on the ROI, the value, and all that sort of thing, but you got to have this nervous system of customer feedback that’s helping you build this. And, you know, at MobileIron, that was true. MobileIron had thousands of customers. We had thousands of customer feedback requesting us to do these things.
Typically, if you have a really good customer nervous system, you have far more customer input than you can handle, and then it becomes prioritization. There are fun exercises that product management teams can do with customers. One is the “100 dollar exercise”, where you take a small group of customers and say “here’s the 15 things that I want to build or let’s say 10” and you’ve got 100 dollars, euros or pounds, how would you spend the And if you do that over 20 customers, you’ll start noticing trends. And this is where you start – because one of the things that, as a product manager, you want to hit on this is you want to try to offset your bias. This is how you do that. You say: “Hey, per day, spend a hundred dollars and tell us how you’ve spent it” But those are all examples of how you build this customer nervous system and have it start helping you make better decisions and better products.