With a storied career in networking already to his name, John T. Chambers is aiming for simplicity these days -- by heading a venture firm and also co-founding a startup in this space. After leading Cisco Systems as CEO through 2015, Chambers founded JC2 Ventures a few years later in 2018. Just last year saw the emergence of Nile, a network-as-a-service (NaaS) startup he co-founded with CEO Pankaj Patel. Though some have painted Nile as a new rival to Cisco in the NaaS niche, Chambers readily professes his continued admiration for the company he previously ran.

Meeting with InformationWeek at last week’s RSA Conference in San Francisco, he spoke about where networking is headed, how he sees Nile fitting in that landscape, and ways detection and response are changing in terms of cybersecurity.

What do you think needs to evolve when it comes to the networking space?

So, first of all, it was an honor to lead Cisco. I love the company. They’re my friends. I try wherever possible not to compete. It’s a great company. I love it.

On trends in the industry, I think one of the biggest trends that you see in all areas of the industry is simplicity and ease of use and taking the operational costs out of the environment. In simple terms, telepresence was the leader in video conferencing.

What Eric [Yuan] did with Zoom was brilliant. I actually did a podcast with him. He said, “John, I just took your playbook and made it simpler and less expensive.” It does speak to how the industry is going to evolve. Simpler in terms of not having complexity in it because when you put complexity in, you’ve got to have people supporting the complexity; you have risk-taking on bugs or problems occurring on it, et cetera. You’ve got to make it zero-trust security from the very beginning. It can’t be an afterthought.

I used an example earlier of the electrical grid -- say, I’m going to make it secure by putting security on top of it. You have to decide from the beginning; would that be deeply embedded?

I just want it, No. 1, to be simple, No. 2, 25% of the cost of the product is the product itself and 75% is support costs. They say, “John, if you cut that support cost in half, we’ll split the profits.” They, of course, want me to pass most of it through, but that is fine.

What the customers were really wanting is simplicity, ease of use, simple purchasing pattern, and for them not to have large support staffs so they could use their staffs where they add value to outcomes.

But how do you take this complexity out? If you understand why the complexity was created, then you understand why you shouldn’t have designed it as you move forward. It’s the ability to think about this from ease of use, simple to use quick implementation. Either with no staff or very limited staff in terms of its approach. The buy-in from the customers has been extremely good. And the buy-in from the channels -- I’m a huge believer in channels -- has been extremely good too.

We had over 50 channels signed up before we even had a dollar of revenue, which speaks to understanding the channel delivery, channel first, customer first-type of mentality.

That’s really what we started off to do. Pankaj is an engineer’s engineer and he managed 28,000 people at Cisco.

What does the future look like from a security, zero-trust architecture-type of place where you’re really focused on eliminating the complexity, eliminating the ongoing services, and just you upgrade the products automatically for your customer -- they don’t have to budget them every three years.

It’s about execution as well as the engineering quality of the product. In terms of the key elements, customers don’t want to be invested in protection and analysis of the equipment; they want to just have it at the current generation. They don’t want to have large overhead staffs. They want to be able to install and focus their resources on getting outcomes. This is right in that sweet spot.

Has that perspective and approach also informed or been part of the flow with JC2, in terms of the way that you’re thinking about the venture side of things in terms of simplicity?

Everything we do is around simplicity. On a scale of one to five, how secure are you? Then within that, how secure is any department in your company, all the way down to the desktop? You gather data from all the other security APIs. Then what I want to know as the CEO, I wanted to know how secure I was. I wanted to know how did I exist versus the norms in the industry? I wanted to know if I had money to spend on a problem. How much should I spend and how much would that improve what I was able to have? And I wanted the human taken out of it.

I had a great security officer, but my board would look at me and they’d say, “Well, John, what do you think?” I said, that’s the best chief security officer, but he’s human and in this environment, you’ve got to make it seamless in terms of the architecture.

What do you think organizations, enterprises particularly, either haven’t been asking about or haven’t opened their eyes to in terms of the way networks as a service is evolving? And what may come next?

The first thing that you’re going to see pretty quickly is CEOs are probably going to have security in his or her compensation within three to five years. That’s a nice way of saying it’s going to become very important to the company. Board of directors will now be responsible for security and that certification that you did a good job as a board member, not only on understanding security, but saying this company is taking reasonable steps to do it. And you’ve got to make it in terms they understand, not dependent upon a great presentation with a whole bunch of detail.

They’ve got to understand if they’re going to make changes, how expensive are those changes? What they have to do that’s different is they have to realize it’s a whole architecture and it doesn’t matter whether it’s a traditional networking player or a traditional grid player, an electric grid or traditional supply chain player.

If you didn’t design that zero trust with the simplicity and from the beginning, you can’t get it by add-ons. Customers want to make it simple to use. They want to automatically be taken care of. I think that’s what the companies have to do a better job of understanding and articulating.

I think this industry is set up for a single or maybe two or three security players who go architecturally across the whole board, whether it’s networking based or whether it’s security software based or whether it’s supply chain based. I think you’re going to see somebody emerge that puts many of these silos together either themselves or through their ecosystem of partners.

Because if you have 50 security vendors and seven network players or things of that type, all the bad guys are going to do is find the weakest spot and enter that way. And when you get up to 40 billion devices today on its way to 500 billion, as we said quite a while ago, there are too many points of exposure.

Where do you think things are going with detection and response platforms? Do they need to further broaden out like with XDR, or are there other ways, other things that are in motion?

We have to have everything in motion. You want to understand where you are versus what’s possible. You want to understand if something suddenly is available, what does it mean to you? And how exposed are you and what do you need to do to correct it, and how much would it cost, so you can make the tradeoff.

You also want to understand the No. 1 reason that security breaches happen is usually human error. The person either left the door open without realizing they did, or they went into an area they shouldn’t have been in. We’ve seen examples of that lately and then you’ve got to tie it back to when it all happens. How do you get it shut down as quickly as you can and how do you recover from the downside? You need to be automated and it needs to be part of an architecture.

What excites you? What are you excited about making happen next? What are the things that get you up in the morning?

It’s probably several things. First is, I want to change the world one more time. I’m a dreamer. We did it with the Internet. We changed entirely how people worked, how they’ve learned, and play. That sounds logical today. And you say, well, of course. It wasn’t that way when I said it in 1993. In fact, even my marketing team hated it.

They said, “John, we move around zeros and ones. We sell to research institutions and defense and stuff.” And I said, no, this will change every aspect of our lives, and mainly for the better. And it, along with education, will be the equalizer in life.

What to Read Next:

Cisco Announces New XDR Service at RSA Conference

Sentra Exec Discusses International Cybersecurity Perspectives

It’s Time for an IT Security Fabric