Next-Gen PartnerOps Video Podcasts

Next Frontier of OT/IoT Ecosystem: AI & Cybersecurity

In this crucial discussion, Sugata Sanyal, Founder & CEO of ZINFI, sits down with Barry Mainz, CEO of Forescout Technologies, to dissect the Next Frontier of OT/IoT Ecosystem: AI & Cybersecurity. Barry Mainz highlights how the threat landscape has dramatically shifted, noting that the exposure of Critical Infrastructure Protection is growing exponentially due to legacy vulnerabilities in OT devices. The conversation introduces how Forescout is adapting its Forescout Security platform and evolving its Channel Partner Strategy to meet the new demands in sectors such as manufacturing and oil & gas. Mainz also offers deep insights into shifting C-level priorities, where Cybersecurity Metrics like ARR and GDR now dominate. The discussion concludes with insights on the ROI of AI and the next major threats: Quantum Computing and Agentic AI. This is a must-listen for understanding the intersection of digital transformation and physical world security.

Video Podcast: Next Frontier of OT/IoT Ecosystem: AI & Cybersecurity

Chapter 1: Cultural Blueprint and Critical Shift to OT/IoT Security

Barry Mainz outlines the Forescout Security culture, defining it not as an amorphous concept but as the company’s blueprint for problem-solving and establishing core routines. Forescout's ethos is straightforward: one must constantly improve, as "there's no staying the same" in the dynamic world of cybersecurity. A foundational routine involves executive engagement at the point of sale, or "where the money changes hands," to gain the customer's perspective. This unique focus on customer friction and ease of doing business drives cultural evolution and helps the organization refine its culture over time. This cultural commitment is crucial given the company’s 25-year history in a complex, global, and nation-state-involved space. The discussion shifts to the OT/IoT Ecosystem, highlighting the massive change driven by connected devices that extends beyond traditional IT. Mainz, leveraging his experience with embedded operating systems, notes that non-traditional devices, such as industrial controls (IOT/OT and medical OT), now have vulnerability issues (CDEs) exceeding those of standard IT operating systems. These critical infrastructure devices—from power grids to industrial robots—were not built for patching, creating significant, hard-to-remediate risk. Forescout recognized this shift early, transitioning from a core NAC company to a broad Forescout Security platform focused on network operations security for the world’s largest public and private companies.

This evolution into Critical Infrastructure Protection is accelerating due to the increasing frequency of severe breaches and regulatory pressure. The US Disclosure Act, for instance, has made CFOs and CEOs personally liable for non-disclosure of breaches affecting OT/IoT devices. This regulatory push is forcing mature organizations, which often deal with outdated, decades-old systems, to rethink their approach to security. Conversely, emerging markets (like META and India) frequently exhibit less ego and legacy lock-in, making them more open to modern, flexible solutions, which has led to them becoming Forescout's fastest-growing regions. The complexity of the OT/IoT Ecosystem demands this cultural fluidity.

Chapter 2: Channel Partner Strategy and Evolving Cybersecurity Metrics

Forescout operates on a 100% partner-based go-to-market model. The ecosystem comprises distributors (essential for hardware logistics and export compliance), resellers, and strategic alliance partners, such as Siemens or Yokogawa. The channel is segmented by a combination of vertical alignment (e.g., dedicated reps for healthcare, federal government) and horizontal motion for down-market strategics. This network extends to strategic alliances for deep, technical integrations, often resulting in ODM or OEM relationships. The Channel Partner Strategy includes sell-with (integration) and sell-through motions, covering 700 alliance partners and 25 OEM/ODM relationships worldwide. Distribution partners have moved far beyond their traditional roles. Today, they are critical value-add partners, providing specialized professional services, Tier 0/1 support in local regions, and acting as thought partners to guide the proper go-to-market motions, especially in emerging territories.

The shift to a subscription-first business model (90% software) has fundamentally changed the financial metrics tracked by the board. Key metrics now include Annual Recurring Revenue (ARR) and Gross Dollar Retention (GDR), along with contract length, which have superseded TCV and non-recurring revenue. While traditional hardware metrics, such as RMAs, are still tracked, they are less central to running the business. Other critical metrics include CSAT/NPS scores, pipeline coverage, and sales productivity indicators. Forescout’s product is ambidextrous, offering both cloud and on-prem deployment options, a flexibility that is proving critical as large enterprise customers begin to experience cloud repatriation—moving workloads back to cost-effective co-location due to CapEx/OpEx trade-offs on hyperscale platforms.

Chapter 3: AI Investment, Talent, and the Next Big Security Bets

Measuring the ROI of AI investment is a challenge. Forescout's investment strategy is two-fold: Internal Productivity (e.g., advanced translation, co-pilot functions) and Product Feature Enhancement. In the product, AI is utilized as a tool to generate audit reports and prioritize events for the Security Operations Center (SOC). However, due to concerns over hallucinations and reliability, Forescout still doesn't permit AI agents to execute direct network control (like blocking). A new element in the sales cycle is a customer checklist to ensure vendors are utilizing AI, indicating a shift in customer procurement requirements. The board-level dialogue has matured from hype to pragmatism, asking for "real facts" on AI’s impact.

The shortage of AI/ML talent is a significant struggle, reminiscent of past industry transitions. The challenge lies in the lack of maturity in the AI space—specifically, the need to change language models, system choices, and the understanding of correct application—making it challenging to hire and train the proper personnel. This talent gap must be addressed to leverage AI within the OT/IoT ecosystem successfully. Finally, Mainz reveals his subsequent big bets for the cybersecurity industry. The first is Quantum Computing, which is seen as a near-term existential threat due to its potential to allow "bad actors" to unencrypt vast amounts of data in seconds—a post-quantum encryption problem that demands industry attention. The second is Agentic AI. He also dispels the myth that "IOT and OT don't matter" on campus.

Frequently Asked Questions

Why is OT/IoT security the critical new frontier?

The threat landscape has shifted decisively toward operational technology and connected devices, where exposure is growing exponentially because legacy OT equipment was never designed to be networked or defended. Critical-infrastructure sectors such as manufacturing and oil and gas are especially at risk, since a compromise there affects the physical world, not just data. Securing these environments now depends on asset visibility, risk profiling, and control mechanisms purpose-built for OT and IoT rather than borrowed from IT.

What does a 100% partner-based go-to-market look like in cybersecurity?

In a fully partner-led model, the ecosystem includes distributors that handle hardware logistics and export compliance, resellers, and strategic alliance partners such as major industrial vendors like Siemens or Yokogawa. The channel is segmented by vertical alignment — dedicated coverage for healthcare or federal government — alongside a horizontal motion for the down-market, and it spans hundreds of alliance partners and dozens of OEM/ODM relationships worldwide. Distributors have moved well beyond logistics into value-add roles, delivering professional services, local Tier 0/1 support, and acting as thought partners.

How is AI being used — and deliberately limited — in OT/IoT security?

AI investment tends to split two ways: internal productivity (translation, co-pilot functions) and product enhancement, where AI generates audit reports and prioritizes events for the security operations center. But direct network control — actions like automatically blocking traffic — is often kept out of AI's hands because of concerns about hallucinations and reliability in environments where a wrong move is costly. Notably, customer procurement checklists increasingly ask whether vendors use AI, and board-level conversation has matured from hype toward asking for real, measurable facts.

What are the next major cybersecurity threats to prepare for?

Two bets stand out. Quantum computing is treated as a near-term existential threat because it could let bad actors decrypt vast amounts of data in seconds, which makes post-quantum encryption an urgent industry priority. The second is agentic AI, which expands both capability and attack surface. Underlying both is a persistent shortage of AI and machine-learning talent, which makes hiring and training the right people a strategic constraint in its own right.

How does ZINFI support a partner-led cybersecurity go-to-market?

A 100% partner model with distributors, resellers, alliances, and OEM/ODM relationships only scales when onboarding, enablement, co-sell, and incentives operate on shared infrastructure across every partner type. ZINFI's Unified Partner Management platform provides that operational backbone with the governance and security expected in regulated, critical-infrastructure sectors. ZINFI is rated 97/100 on G2, the highest customer satisfaction score in the Partner Relationship Management category, and serves cybersecurity vendors managing MSP and MSSP ecosystems.