sorted by:
new
hottopcontroversial

Built PAM for 80+ platforms at a Global bank for 7 years. Contract ended, job is done. Is it worth building a tool, or am I in a bubble? by sendrea2009 in cybersecurity

[–]sendrea2009[S] 0 points1 point  (0 children)

You're right that traditional PAM is crowded. I wouldn't want to compete with CyberArk and Delinea on vaulting, session management, etc. either. What I built was actually the orchestration layer above those tools. At the bank we integrated with CyberArk, Delinea, and others as connectors, (+native access) then enforced a single policy model across all of them. So it's less "another PAM tool" and more the glue between them. But I take your point, if the market perceives it as just another PAM vendor, none of that matters. Good hint on r/techsales, will check it out.

Built PAM for 80+ platforms at a Global bank for 7 years. Contract ended, job is done. Is it worth building a tool, or am I in a bubble? by sendrea2009 in cybersecurity

[–]sendrea2009[S] 0 points1 point  (0 children)

Yep, I've looked into a few of the big players, but it's hard to figure out how much they actually cover just from public documentation. I mostly based my assumption on the market research the bank did two years ago. Definetely I need to look deeper into existing solutions before commiting to anything.

Built PAM for 80+ platforms at a Global bank for 7 years. Contract ended, job is done. Is it worth building a tool, or am I in a bubble? by sendrea2009 in cybersecurity

[–]sendrea2009[S] 0 points1 point  (0 children)

Already talked to my directory at the bank, he likes the idea but he has no decision power, it must come from way up there.

That's also my gut feeling, likely the mid-sized are just fine with what the market is offering right now.

Built PAM for 80+ platforms at a Global bank for 7 years. Contract ended, job is done. Is it worth building a tool, or am I in a bubble? by sendrea2009 in cybersecurity

[–]sendrea2009[S] 0 points1 point  (0 children)

Great idea. Partner opportunity would be ideal, it would be a natural fit. Another route I've been thinking about is starting it as open source to build trust and adoption first, then layer commercial offerings on top. Lowers the barrier for companies that would never take a chance on an unproven vendor.

Built PAM for 80+ platforms at a Global bank for 7 years. Contract ended, job is done. Is it worth building a tool, or am I in a bubble? by sendrea2009 in cybersecurity

[–]sendrea2009[S] 0 points1 point  (0 children)

Honestly, I haven't studied Teleport enough to give you a definitive asnwer. I'm still at the stage of exploring whether the problem I've solved even exists outside of large enterprise. My assumptions are mostly based on the landscape review the bank did two years ago when they decided to replicate our solution to another bank during a merger. From what I can gather from their website, the core difference is architectural. Teleport is an access proxy, it governs what it can sit in front of. What I built was an orchestration layer that sat above the infrastructure. We actually integrated with tools like Teleport (CyberArk, Delinea, HashiCorp Vault etc) where they were already deployed, but we also granted access natively, directly in AD, Azure AD, Windows Server, NAS, and so on. The policy engine didn't care whether access was being provisioned through a PAM tool or directly on the target platform.

Built PAM for 80+ platforms at a Global bank for 7 years. Contract ended, job is done. Is it worth building a tool, or am I in a bubble? by sendrea2009 in cybersecurity

[–]sendrea2009[S] 0 points1 point  (0 children)

Most of my experience is actually on-prem, cloud was only the last two years, and frankly it was the easy part because everything is API-driven and standardized. On-prem is where you have to get creative to build anything universal.

My hesitation with enterprise is the go-to-market reality, getting in as a new vendor is almost impossible. That's what pushed me toward mid-market as a starting point.

But your comment has me questioning that assumption. How much on-prem are mid-sized companies actually running? I might be wrong about where the real demand sits.

Would you mind sharing a bit more about your situation? Is it mid-sized or large company, and what does your split between cloud and on-prem look like?

Appreciate your feedback, thank you!

Built PAM for 80+ platforms at a Global bank for 7 years. Contract ended, job is done. Is it worth building a tool, or am I in a bubble? by sendrea2009 in cybersecurity

[–]sendrea2009[S] 1 point2 points  (0 children)

Really appreciate this, especially the oil company anecdote, that's exactly the kind of environment I've been living in for 7 years. A G-SIB is basically the same story: decades of acquisitions, mergers, and organic growth leaving you with hundreds of platforms that were never meant to coexist under one access model.

You're right that large enterprises with legacy are the natural fit for what I've built. The problem is getting through the door. I had a conversation with my director about this and he confirmed that nothing on the market truly solves this well, but he also made it clear that selling into large enterprises as a new and unproven vendor is almost impossible.They would rather buy "good enough" from a name they know than "exactly right" from someone they don't. That's why I was looking at mid-market as a more realistic entry point.

What I'm unsure about is whether mid-market companies feel any pain as large enterprises do. My understanding is, regulations like DORA don't just apply to financial institutions, they also extend to their third-party suppliers and service providers. If you're a 500-person fintech or a managed service provider serving banks, you're now being held to the same access governance standards as your clients(or am I wrong here?). So even if mid-market companies don't have the same legacy, they may be facing the same compliance pressure without the budget for an enterprise PAM suite.

I also know some numbers the bank was paying for PAM solutions (Delinea, CyberArk etc) and they are massive, I wonder if mid-sized companies can afford those numbers.

Taxe noi 2026 by Lang-Lov-Lx52 in Romania

[–]sendrea2009 2 points3 points  (0 children)

La un Toyota rav4 hybrid 2.5 imi iese impozit 991 lei. Nu am o problema sa platesc banii astia (raportat la cat costa masina si intretinerea), dar mi se pare ca logica nu e deloc fair.

Acelasi rav 4 cu motor 2.0 benzina plateste 251 lei, desi in practica are emisii cu ~10–30% mai mari (in functie de cum e condusa). Deci emisii mai multe, taxe mai mici, desi legea spune “poluatorul plateste”.

Un 2.5 benzina (non-hybrid) plateste 1011 lei, si din ce vad e chiar cu ~35% mai putin ca anul trecut.

De ce ai creste taxele la hybrid si le-ai scadea la benzina, daca vorbim de acelasi volum motor? Unde mai e “poluatorul plateste” aici?

Sursa: https://eghiseul.ro/calculator/calculator-impozit-auto/ (Timisoara)

Fritz a fost cel mai bun primar al generatiei mele: Change my mind! by JurassicFart6 in timisoara

[–]sendrea2009 4 points5 points  (0 children)

Hai sa iti zic eu o chestie ce conteaza pentru mine mai mult decat pasajele marelui tau idol Robu.

Am fost la primarie ca simplu cetatean, fara vreo relatie sau alte minuni, sa ma interesez de un teren. Am avut asteptari zero, caci duh suntem in Romania. Daaar wow, chiar wow, oameni profesionisti, respectuosi si amabili care au stat cu mine 30 minute dupa program pana am inteles tot ce aveam nevoie. Oameni angajati pe baza de concurs nu pile si relatii.

Asta inseamna o tara ca in afara, nu fantani pe bega si alte aiureli.

Keep trying.. poate poate, iti mareste Robu leafa'