Have you ever been surprised to learn about the stuff your co-workers do outside of work? Maybe you know somebody that’s in a cover band or hikes 14ers or brews beer in their basement. Well, when I’m not at my day job as the CISO here at Ping Identity, I’m a podcaster, who gets to meet some really cool people.

As the co-host of the Colorado = Security podcast, my partner in crime (Alex Wood) and I have the privilege of interviewing a different Colorado security leader each week. As the first Colorado podcast for security professionals by security professionals, we showcase the thought leaders who make Colorado a center of excellence for information security. As just one of the ways we support the local security community, the Colorado = Security podcast supports our bigger vision to solidify Colorado as the premier location for security companies and talent in the world. 

For our 59th episode, Alex interviewed my boss and the CEO here at Ping, Andre Durand. Having recently received the Bob Newman Lifetime Achievement Award from the Colorado Technology Association, Andre shared details of his more than 30-year history as a Colorado tech entrepreneur and his vision for the future of identity security. To follow here are some highlights from that interview.

The Surprising Birthplace of Ping Identity

Ping has been headquartered in Denver since its inception in 2002. At that point in time, Andre had been in Colorado since 1998, when he moved to Denver following the sale of his first company. But the revelation that would eventually become Ping Identity came to Andre in a much different place.

It was 2001, and fresh from having incubated his second company, the instant messaging platform Jabber (later sold to Cisco), Andre took a three-month sabbatical to join a childhood friend in the Caribbean. While aboard his friend's boat, he started blogging, mostly sharing his observations on trends in computing and networking. 

Just a few days into his writing, he had his ‘aha’ moment. He’d stumbled upon what felt like the missing link in the Internet at the time -- identity. He saw the problem with Internet users being largely anonymous by default and asserted that we needed a better notion of both users and things that touched the network.

He shared his idea with his friend and quickly fleshed out the concept for an identity server. It was January 2002, just a few weeks into his sabbatical, but he headed back home to Denver to write the business plan for his next professional adventure.

Literally starting from square one—with just a desk and an empty inbox—Andre searched online for “digital identity.” He found only a single result: a doctoral thesis written in another language. He knew he was on to something, but at that moment, he also realized that he was incredibly early.

Among his first steps were buying the Digital ID World domain, then calling Phil Becker (his first investor) and saying, “Phil we have a problem. I think we just started a company in an industry that does not exist. But don’t worry, I’ve reserved Digital ID World and if you invest $5k, I’ll do the same and together we’ll start the industry conference.” Sixteen years later, Andre still runs the identity industry conference. It’s gone through two name changes as it’s grown, and is today known as Identiverse (taking place in June in Boston this year).

It was about this same time that open standards around SSO were just coming into play. Getting involved with a group called The Liberty Alliance, Andre jumped on this effort, drawing upon his Jabber experience and the XMPP standard for XML-based instant messaging and presence management.  

Ping Identity became the first to develop an open source toolkit for the Liberty Alliance specification for SSO, which eventually evolved to become SAML. Because the company was focused on standards-based single sign-on, it was a slow go at first. The first few years were spent solving the federation issues of maintaining session and user identities between two separate domains. 

Two major milestones in Ping’s history were the introduction of SaaS—when applications moved beyond the firewall—and the rise of the smartphone—when users did, too. As the traditional perimeter crumbled, exciting new opportunities were building for Ping. It released its first commercial product, PingFederate, the identity server Andre had originally conceived on his friend’s boat in the Caribbean. It quickly became the first choice for large enterprises and the gold standard for federated SSO. The product, having now generated well over half a billion lifetime to date, is well on its way to becoming Ping’s first billion dollar product.

From SSO Startup to Identity Security Pioneer

While Ping Identity has been in business for years, Andre likes to run the company with the flexibility and speed of a startup, and cultivate a culture that’s always pushing, growing and changing. No surprise there. If you know Andre, you know that one of his favorite mottos is “if you’re not growing, you’re dying.” 

But he also shared that he sees Ping today as a pioneer more than a startup. The company is still growing and changing—and always will be—but it’s in a different way now. It’s moving into new business models all of the time. 

Similarly, Andre’s vision has grown, too. He’s on a mission to bring identity and security together. He explains, “Identity and security represent two sides of the same coin. While the approach and methodology may be different, the goals and end results we’re trying to achieve are the same. How do we keep the things we‘re looking to protect secure? And how do we enable appropriate access at the right time?”

When asked if he’s gotten Ping where he wants it to be, Andre paused. He shared that he recently found his business plan from April 2002, and the company today is largely what he envisioned then. But there were plenty of other things he didn’t know—and could never have anticipated—about how you give the right people access to the right things.

To get the rest of the story—and discover Andre’s perspectives on the future of identity security, plus why Denver remains the home base for this multinational company—listen to the entire interview.

And if you like what you hear, please follow us on iTunes, Google Play or Soundcloud at Colorado = Security podcast. Your support would mean a lot to us!