The Future of BizTech Podcast

Epi 28: Innovative Security for SAP Enterprise Products – Mark Testoni, CEO of SAP NS2

Learn more about SAP NS2 at: 

Find Mark Testoni on LinkedIn here:

JC: Welcome everybody to another episode of the Future of BizTech. I am your host JC Granger, I have with me here, Mark Testoni, the CEO of SAP National Security Services, also known as SAP NS2. Mark, thank you so much for being on the show. Why don’t you introduce yourself and tell me and the audience a little bit about you, who you are and what it is that your company does?

Mark: JC, it’s a pleasure to be with you today. Thank you so much for having me on. You know, SAP, I think a lot of your listeners may have heard of SAP. It’s a global software company that really pioneered what we now call ERP, or really how you run the back office of software commercially. But that was kind of our mother’s SAP and where it began. 

SAP is now very much a global software, currently, very much folks like all of us are on information. SAPN is too, or national security services. We’re actually an independent company of SAP whose original charter was to do national security work in the US environment. SAP is a German company, so they, they had to set up a special arrangement to do this kind of work as far as down, but really much more as we’ve watched national security evolve over the last few years, it’s far beyond what we would traditionally say, defense and government kinds of things more than a critical infrastructure.

So we allow to work, we support SAP customers across a full panoply of things like financial services, utilities, and other. A lot of it’s really focused now on the information aspects. How do we help companies use information to their advantage.

JC: Very cool. You’ll have to forgive me. I’m a tech guy. I was born and raised in the Bay area. You know, I was hacking AOL when I was 12. Like I was that kid, right? You know, and I’ll admit right now, I do not know what SAP stands for. I don’t, and I know that it’s a German company, but is that a German name? And, you know, when someone asks me, I’m like, uhhh.

Mark: Well that makes two of us actually. Seriously, SAP is originally an abbreviation or an acronym for a German language that means application programming effectively, right? Because that’s really what the core of the company was, was around application programming and where it started. And if you think about what it does today, most of the fortune 500 companies and many, many tens of thousands of companies around the world run their platforms to do the business of finance and logistics, supply chain, human capital.

But we obviously now, because we’ve seen through social media and many other thing is information is really the key. These systems generate a lot of information. So how do we capture all of that and combine it with other information to really leverage it into something that’s usable for an at speed of thought for end-user companies?

JC: So let’s backtrack a little bit here. SAP is the platform, we know that. Is your company a platform also, or is it a service that attaches? Do you guys have your own platform that hooks into it? What do you do to help companies specifically? What does that look like when they engage you guys?

Mark: Really good question JC. So we are in a sense, we are a deliver of SAP capabilities for a certain market space, but we’ve also evolved over time. That’s where we started. So we actually have platforms of our own and intellectual property of our own that we render in combination often with SAP solutions to deliver something for our customer.  Security is in our name. So many of our customers, whether they’re government or in utilities or financial services are looking for a different layer of security than the typical commercial because of the nature of what they do. And not that the normal security is bad, but there are government standards and NIST and others they’ve promulgated.

So what we’ve done is we’ve taken SAP solutions and some other company’s solutions now, and we’ve wrapped them in what our IP really is, which is a security and management and infrastructure plane that allows customers to get these capabilities in little more secure environment through the cloud, because as we’ve all heard in the last decade or so, the cloud is really the primary delivery agent or one of the primary and doing emergent delivery agents of capability.

We’ve lived with it for the last, since the birth of the iPhone tremendously or in the Android in our personal lives – everything we do. Businesses is more and more moving in that same direction. 

JC: So let me ask you a question then. What types of companies specifically, do you guys target for your services?  You know, for the audience listening, you know, what can we, a lot of tech people, you know, business professionals, CEOs, um, CTOs. So who listening would be like, hey, we should reach out to NS2  to see. You know, what’s going on. Like, I mean, how big is the company? What does it specialize in?

Mark: You know, we are, we’re nearly a thousand people now. We have replicated basically a software company like SAP in some ways and even bigger. It’s not bigger than SAP, but we’ve replicated a software company like that. So we have traditional customers, like for example, the intelligence community and the department of defense and other parts and organs of government.

And we do the full panoply of services for them. But then we work with. Other customers that might be SAP’s where they may, they have a longstanding relationship with SAP, say a utility, but they want because of the nature of what they do, they want a higher level of government standard security wrapped around a cloud solution for human capital or a financial services company, or a state and local government, or health care providers. We have some of those, we have pharma companies. So these are companies that tend to be more in the regulated space.

JC: Okay. Got it.

Mark: That either much more scrutiny from than say perhaps a retailer might be

JC: Sure. These are going to be, these are going to be the larger companies like, like you said, healthcare, maybe companies like maybe Equifax or someone who has a lot of personal data here.

Mark: That’s a financial company that a customer of ours, that, to my knowledge right now, but they could be an I, I reticent to name customer names. Cause I haven’t talked to them.

JC: Yeah. That’s okay.

Mark: But it’s given you some ideas and these are companies of all sizes. We work with some of the very biggest aerospace and defense contractors, for instance. Which are huge companies and then we have smaller companies as well or smaller state local government, because they’re looking to protect their, have more risk app, reduce the risk aperture around the cyber threat and that’s largely we exist to do is deliver those kinds of things. 

JC: So really, it sounds like they need to meet two requirements. They have to be an SAP, you know, user, you know, a company and they need a higher level of security than come standard, essentially. 

Mark: Well, one is probably the most, we started to March off with some we’re working with a couple of companies now, other companies, third, what we call third parties that we’re bringing them. We’ve built this great intellectual property, this great cloud, infrastructure that manages all this for a customer. So we can render this more secure cloud solution. We’re starting to bring on third-party products onto this platform to work with us so they’re not just all SAPs and that’s really where our business is beginning to expand. We still do a lot and we’ll continue to grow in the SAP ecosystem as a value-added deliver. But I view the third-party products that we’re working with. One of the companies I can mention by name, it goes Secure – they’re in cyberspace. They ride on our platform. They are the first ones. We have a stack of six or eight other small to mid-sized tech companies that are looking because they can’t make this big investment to create the security infrastructure, to operate, say, in these spaces so they’re looking to leverage us and we come up with a business arrangement to do that.

And then the last piece of it is we’re building some of our own product capability out. And that’s probably the most exciting part. And one of those products that we were building out is something called cloud mixer, which helps a customer manage its interactions with the cloud.

JC: So it’s more of a user-friendly, you know, ground-level interface basically, so that they can pass off to directors or managers and they can get in there and actually, instead of it being like this really big clunky, you know, top-level thing, is that kind of what you’re trying to build out? 

Mark: Well what we’re trying to build when it comes to cloud mixer is there are many customers or many companies out there that are parked in the cloud and they have to manage those, the cloud infrastructure. It’s not, so here are my keys and let me go run. If you’re running on one of these cloud providers, if you manage it properly, you’re going to generate a tremendous amount of cost because you’ll have users or administrators spinning up instances and buying services, and you don’t have any visibility control and all of a sudden your IT bill.

Could get very substantial. So piece of this is how do I manage if I’m working with an AWS or Azure or Google, or one of the elements, this tool we use it internally is to help manage the infrastructure. So we know how much we’re using, how those resources are being applied, how much they cost, their buying decisions related to how long a commitment we want to make is the price points.

So there’s things like that that are really important. And then there’s a whole set of compliance things. I mentioned the things that we do, uh, on the government and mi standards, things called fed ramp and the federal government and others. We have all these things that help manage the compliance to make sure inside cloud mixer so it’s really a tool to manage the resources, the cloud, and make sure you get the best bang for your buck.

JC: And now that the cloud mix, or does that allow smaller companies to have an inside track on what you guys do? So they don’t have to be giant healthcare company, like is a kind of bringing a little more to main street with a cloud mixer?

Mark: That’s very much true as well. You don’t have to be one of our customers to leverage cloud mixer. We can actually render it to you against your own environment, through the cloud, which is the beauty of the cloud. So let’s say you’re a small company and you’re, you’re an AWS customer, or you’re an Azure customer and you started to do these things and you want to leverage this tool. We’re out, we’ll be out marketing it, or we’ll get making, showing people how to do it. And one of the ways we’re going to show them as our current customers, we’re actually using it to manage their stuff. So it makes it very easy then to show them later how they can, you know, we can extend that into their environment for other things that they were doing because my customers don’t just operate, say on our cloud, they can creating on 365 doing this, or they could be on another company’s cloud doing that. And we can help them manage all these resources this way.

JC: Well, that’s cool. And again, I really like when a company like yours, who typically, you know, helps, you know, the big enterprise level finds a way to take something that they do to get it more down to that, you know, main street kind of, you know, smaller business and that’s really cool.

And I mean, that’s probably gonna work out for you more long term also, that kind of volume at that level. And then as those companies get bigger, they can be, they graduate into those higher tiers I imagine.

Mark: JC, you make a really good point because we can help companies of all sizes through this and it’s not just customers that needs say a financial system, or they need a human capital system.

The reason we’re hosting other company’s products now as providers of software. They can’t afford to build out. In many cases, all these smaller companies can’t afford to build out all the security apparatus. So not only a small and smaller companies that our users want to likely come to us to use things like cloud mixer, but companies that have great software solutions, but can’t afford to put them in through government rigor.

JC: Uh hmm

Mark: To meet all these alphabet soups of..

JC: Yeah

Mark: And many of them as you’ve probably made either the names even will make your head spin. We help on both sides of that, whether it’s cloud mix or just providing our infrastructure, but mixer itself will help users of the cloud manage their cloud. Either with us or their own separate instances, better, that’s our goal. We think there’s a real market need because not only is it handle resourcing, it’s financial and it’s also compliance. So we’ve brought all these things together in one capability.. 

JC: Well I like the compliant part, because I’ve had clients in regulated industries and it’s such a massive part of what they do. So that sounds like it’s really helpful. Let’s switch gears. I’m gonna go to a personal question for you. What did you want to be when you were a kid? Right like when, when you grew up, so to speak, when you were a kid, what did you want to be when you grew up? And then how did that life path take you to start this company?

Right so I’m more curious, just kind of what, what little Mark wanted to be and then what made you want to start this company specifically?

Mark: You know JC, that’s a good question because I’m still trying to figure out what I want to do when I grow up.

JC: Are you still growing up? Is that the…

Mark: I’m still growing up and I’ve been around a long time. It’s funny. When I was a kid, I think we all had our aspirational dreams to be whatever we thought we were going to be great at a professional athlete or whatever. None of those things ever come true. I was a little bit aimless when I was younger.

I didn’t have a lot of confidence in myself. And it was just one of those things, you know, I had dreams, but I’m not sure they were ever realistic. And like many of my generation kind of trudged through high school, which I did without a whole lot of grandeur and then off to college. But I dropped out a few times and kind of got lost.

So I went into the military and it really helped me find my path. I had a little detour prior to that. I was a janitor and a high school. My dad found me a job while I was transitioning. And. So I started off kind of at the, literally…

Mark: That’s the literal bottom line, but I learned how to show up for work on time. I learned how to push a broom. I learned how to do whatever soul and I was successful at it and it helped start to build confidence in need. So then when I got off, I got into college, finally, real. I said, you know, I like financial, I like business and financial management. I was in the military and, and I saw I ultimately took an accounting path and became a CPA and some other things thoroughly do much for me in the military, but always loved working with people. And it’s kind of evolved over time. And although the people look younger than they did back then, I’ve had a measure of success because I’ve been able to connect, I think with people of all ages and generations and backgrounds to do great things and together we’ve done great things kind of led me down this path somehow.

But I would say, tell your younger listeners or viewers is, you always want to have some kind of a plan, but never let the plan become a constricture to you. Cause I’ve had to make some decisions during my life where I took the off beaten path and it actually was good for me because my gut told me to do it so, you know, I don’t know how I got here, but like I said, life Isn’t a destination – iIt’s a journey. And I’m still on a journey somewhere.

JC: Yeah I like that answer. All right. We’re going to switch over now back to the company. Well, actually one is going to be like kind of an opinion question.

So you know, the podcast is called the future of BizTech. So I like to ask things about what’s coming. So there’s a two-part question here. The first part of the question is where do you see your industry? So your company and other companies that, you know, work either off the SAP platform or with, or do services for those companies that use it or work in the, you know, the defense arena for security, where do you see that industry going in the next, you know, 5, 10 years, you know, do you see like AI playing a big part or you know, regulations getting tighter or looser, like where do you the industry as a whole going? And then the second part of the question is where is NS2  going, right? Where are you guys going to be? And is there anything coming out soon that, you know, our audience could get a quick little preview? Uh, so yeah, so where’s the industry going and where are you guys going?

Mark: So again, great question. So the industry, when you look at industry in general, I’ll kind of break it into two parts tech and the defense space. I think what we’re going to see, and you’ve heard this signal that I’m being this pumped for more than a decade, or maybe for 20 or 30 years. Nobody listened, but I think we’re going to see this actually, and you’re starting to see a commodity administration.

You saw some of the last government and commercial and what I’m talking about – commercial industry, the tech industry have got to become more collaborative, both to develop and meet the threats. And what I mean, the threats, the global threats here – our peer competitors, the Chinese, particularly in others, we have to work together better to do that. For too long, the government has kind of largely controlled and built its own capabilities. Whether it’s in cyber, in IT, they built their own, and then there’s not, and there’s always been this kind of rough relationship we have got to make that relationship better. It is imperative for us to meet the cyber threat that we face today;  and I cannot say that strong. And I think it’s going to begin to happen where some of the words that have come out of everywhere from the office director of national intelligence to the President himself leads me to believe it’s a process, not an event we’re going to get there. We see in been feeling it over the last few years that there is more opportunity.

There are… AI is central to so many things. I mean, it’s in our lives already. It’s so central that it’s going to be hugely central to conflict in the future and conflict in the future may not be kinetics like the wars of the fast. It’s more about control of the information flow and who has the insights and the information.

And that’s what we’re really battling some of our peers for right now. And they have very specific plans. So I sense that kind of the defense industry is headed for more collaboration, and I’m talking about with the tech industry, not just the traditional providers around the department of defense, that’s going to be. Secondly, on technology itself, I think in the next 15 years, what you and I saw from 2007, say when the smartphone came about to now, we’re going to see double the change with 5G and what’s going to be around us.

JC: Yeah 5G is going to be here. How do you see 5g integrating into the industry or your company?

Mark: So, first of all, it’s just going to be critical to everything. When you think about it from pure defense, I mean, we’re going to have robotics. We already have robotics even operating today inside. You know, companies factories even for a long time, but I mean, we’re actually going to have robotics potentially on the battlefield there, they’re already doing all these things right to the extent that they would ever be needed. But beyond that, we’re just going to have the concept of distributed tech. Again, when you think about the last 30 years of the internet, what have we done? We’ve consolidated a lot of information and systems, right? 5G, What does it do beyond some cool things for smartphone and speed? – the speed it’s gonna allow us to redistribute the internet again. There’s a good opportunity for security around that. There are any threats around that, but all this stuff that’s going to be operating, whether it’s autonomous vehicles or you know, potentially, you know, distant surgical procedures are a thousand other use cases that you’ve probably talked about in your program.

All is going to require an ability to manage and secure all that back those local to national networks, to be able to handle that. That excites me. I think it’s going to change our lives much like the smartphone has. The second piece of that is I think we’re going to see what we’ve gotten as individuals, the cool things we can do every day to order and operate our lives.

It’s going to transcend from not just the personal lives into our business lives right today in business, we still do a lot of things, kind of a clunky way, right. That’s going to change. So I see those two things, whereas NS2 and all of us, I go back to the idea of security providing platforms to enable great applications to happen, whether they’re SAP applications or third party, other company applications for our own in NS2, great opportunity for us and we’re going to be there trying to figure out where that puck’s going to be so we can deliver those G-enabled solutions and be part of that calculation. 

JC: Well, and you know what that 5G, I kind of get this analogy, my head of, you know, cars got faster. They had to put airbags, right? You know, they have seatbelts and they’d like, as speed increases, you have to compensate with safety, security, things like that, because that the consequence of speed gone awry is just greater than if it’s slower, right? You know, so if something, you know, 5G can have that two-sided coin, right. You know, if somebody infiltrates a network, they can get to other places and do damage a hundred times faster on a 5G network, than they could somewhere else. I guess what you’re saying, I like the fact that you guys are trying to create those airbags, I guess, you..

Mark: We are, we’re trying to help break those problems and here’s the thing that’s interesting about speed. 5G is about speed and pipe widths and all these. And again, because we’re thinking of what we’re doing in the cell network, it also allows for like the redistribution right? Which the speed and moving it back and forth is often a nib to savor, but speed like well, we need to change and process much like the phone, the smartphone led to change in the way we do things.

It’s not just that, that’s what the second and third order effects of speed will allow us to do. And like I said, in 2007, could you, and I really imagined doing kind of this interactive discussion today or getting on our phone and ordering something.

JC: Yeah.

Mark: ..that we do or the information we can get, I don’t think so, right?  And so that to me is going to be, how does the world.. social media was nothing back in.. Facebook and Myspace.

JC: I mean, infrastructure has changed period, right? I mean, it has, it’s not, and it’s going to change again, like we said, with 5g, so you guys have to be there for it. So let me ask you another question here. So you guys have been around a while, when you, when you found what was the, what date in our, what was the year..

Mark: Kind of the core of it started in 04 very small organization, but it was accelerated when, uh, with, SAP’s acquisition of Sybase back in 2010, 11, That’s what we became, what we are today.

JC: So how have you grown over time and more recently too, like.  So I’m a marketing guy by trade, right? So I have an agency, we do B2B tech stuff. So this always makes me my tail wags and my ears perk up when I get to talk a little bit of marketing. So how are you guys getting the word out other than obviously doing podcasts like this that’s one way or that that’s a PR angle obviously.

But well, what else are you guys doing internally? So that the right types of people, whether it be government agencies, you know, local municipalities, big pharma or something like that, what are you guys doing so that they know that you even exist to get your services?

Mark: It’s an important question to what we do. So there’s, there’s probably, it’s a, it’s a multi-channel question. So we’re doing everything from educating say the people inside of it. The bigger SAP who often have customers that need our services.

JC: Yeah they have a preferred vendor network that I know too.

Mark: And we’re kind of one of.. well, and we are largely because we offer you know, their direct capabilities in a different environment. So they have customers in those industries that need this and they can position security and sometimes it helps them competitively. So that’s one track we’re doing it, we’re trying we’re upscaling what we do in the digital arena.

I do an awful lot out, trying to get, you know podcasts like this, but work in the press. We have the traditional kind of traditional more direct marketing kinds of things. So we would try to create a lot of buzz and awareness, but because security is becoming such an important thing, we’re really attaching to that message because we think we have a lot to offer there.

So we spend a lot of time working that we have lots of events, but ultimately it comes down to a couple of things too – your employees are your best ambassadors often so make sure they have a great place to work where people have the opportunity to develop and we think we’re building that because of the growth we’ve had.

And, you know, we want our customers to feel good about what they’re getting from us because often the word of mouth or the association with, with the customer base will often help. So the things that you would be aware of we’re, we’re attempting to do all of them. Some of them, we don’t, we do better than others, but as you know, marketing has changed so dramatically in the last five years, it’s kind of shocking.

JC: Oh yeah.

Mark: The traditional players are not really the impact and as we.. We see, and we use the social media channel an awful lot now, too, which I, you know, gosh, I wonder how are we going to market what we do tremendously? 

JC: Yeah. I joke around with people. I say, if I took six months off, I might as well retire. Cause I wouldn’t know anything about that.

Mark: You wouldn’t even know anymore. 

JC: That’s how fast it changes. You know, I just I’d be in the dark at that point. One last question here for you then. What is the best piece of advice either that you were ever given or that you can give the audience from your own wisdom and from you know, experience and what you’ve done all these years?

Mark: So I’ll offer a couple of things. The first thing that I think has served me well, and I think it served a lot of people well is to be curious, never lose your interest in asking the next question. And then the second piece would be, be bold. Don’t ever miss an opportunity. To do something. And I mean, I think the combination of those two things, sometimes we’re afraid or we, we sense, oh maybe, you know, change is hard, but sometimes we just have to take risks and be bold.

And sometimes they pan out, but even if they don’t pan out, we often learn from them. Then they’ll help us later. Things have served me particularly well over the years they really have. So hopefully it will be helpful to somebody else. And I guess the other thing I would say to young folks – do what you say, you’re going to do the right thing.

Those things sound so easy, but they are very hard practice. 

JC: They’re hard. Easy to say. Mark, thank you again so much for being on the show here. How can people find you? SAP NS2, how can they reach out to you personally, if they wanted to? What kind of info can you give the audience?

Mark: The URL is,  you can Google SAP NS2 and you’ll find there’s some other things you’ll find, find us for sure. It’s We also have a nonprofit that we support that trains veterans.

JC: Wow

Mark: We take hard to employ veterans and train them in the IT business often without a college degree that’s called NS2 Serves and that’s at

If you want to connect to me through the website or on Twitter or LinkedIn I’m easily find-able there if you search Mark Testoni

JC: Awesome. Again, Mark thank you so much..

Mark: There’s not many of us named Mark Testoni

JC: I imagine and we got video here so people can look at the face and remember, 

Mark: Oh, is that bald guy again, 

JC: Mark thanks again for being on the show. I look forward to talking to you again soon.

Mark: JC, thank you so much.

JC: Bye

Mark: Bye



LATEST Episodes

Subscribe now for Podcast Updates

  • This field is for validation purposes and should be left unchanged.