
Loading summary
A
Everybody thought we were crazy. Nobody would use the cloud for cybersecurity, nobody would send cybersecurity related data to be inspected in the cloud, and so on. And when I hear something like that, I say, of course I'm going to do it, you know, because it's the right thing. And if everybody believes it's not, it shouldn't be done, or it cannot be done, or nobody would want it, then, you know, it's a good reason to do it.
B
Welcome to Crucible Moments, a podcast about the decisions and inflection points that define some of the most consequential companies of our time. I'm your host, Roloff Botha. In the 1990s, as businesses rushed online, a new cybersecurity industry emerged to protect the networks powering the Internet boom. Among the industry's early builders was an Israeli engineer who helped shape several of those companies until he grew frustrated with their overly cautious cultures that stifled innovation. So he decided to strike out on his own. Along with a small team of experts near Zuk built something that would change the industry. The next generation firewall. Unlike traditional firewalls, it didn't just block threats. It unified multiple layers of protection into one intelligent platform. By blending on premise security with early cloud based capabilities, Zook's vision redefined what modern cybersecurity could be and set the standard the industry still follows today. In this episode, we'll explore the Crucible moments that turned Palo Alto Networks from a bold startup into a global leader in cybersecurity. From bringing their disruptive product to market to scaling into a public company and ultimately outpacing the industry again in the cloud era. This is the story of Palo Alto Networks and the people who refuse to play by the old rules.
A
I'm Nir Zouk, Founder and Chief Technology Officer at Palo Alto Networks. I was born in Israel in 1971, and as a teenager in the mid-80s, one of my hobbies was to develop viruses. Some of the early computer viruses in the world, which landed me a job with Israeli Intelligence as part of my military service. And There, at Unit 8200, is where I met two of the three founders of Checkpoint. I joined them at building a Check Point Software in late 94.
B
At check point, Nir worked on some of the first firewall technologies, network security systems that could monitor and control traffic between private networks and the outside world.
A
The biggest challenge I faced at Check Point was that very early on, Check Point has decided, number one, that they're just going to be a firewall vpn company, meaning they don't want to do other things that customers required as part of their cybersecurity strategy and second, that they want to optimize for very high operating margins. Check Point has always run close to 60% net operating margins, which is very high, but it also means that there is no money to invest specifically in research and development. So for me, as someone that likes to build technology, likes to build products, like to take things forward, it was a challenge not being able to invest in R and D and not being able to build things beyond basic firewall vpn.
B
Near transferred to Check Point's California team, hoping it would offer an opportunity to work outside of the company's VPN only strategy. But when the team was Shut down in 1999, Nir decided to leave Check Point altogether and forge his own path in the cybersecurity space. He wasn't shy about the fact that his former employer was now his biggest competition.
A
I had a custom California license plate made. The license plate was CHKP klr, which reads Checkpoint Killer. So I was driving around the Bay Area with that car.
C
I had met with him and walked him out to his car and had spotted the plates. It was an example of a chip on the shoulder that near had developed in his time at Checkpoint. My name is Jim Goetz, partner at Sequoia Capital.
B
Setting out to compete with Check Point, Nir founded his first company, OneSecure, which was quickly acquired by Netscreen, which was then sold to Juniper in 2004.
A
The first day, literally the first day after the acquisition closed in April 2004, my new boss, the CTO and founder of Juniper, told me that they were not interested in the products and they wanted to rebuild them into their own products, which I thought was a disaster. So I left. Many other people left and I left to start Palo Alto Networks. I called a really good friend of mine called Ashim Chandna, who is a VC at Greylock, and told him I was going to start something and he immediately brought Jim Goetz as well into the picture. I knew from the beginning, they agreed from the beginning that we're going to build something that's going to change the cybersecurity industry. And the three of us sat down and try to figure out what it is.
D
I remember when the company started, part of the design goal was Beat Netscreen, who was an incumbent vendor at the time on performance, beat Checkpoint Software, another primary incumbent on manageability, and then beat Fortinet and Cisco in their all in one architecture. I'm Ashim Chandna I'm a partner at Greylock. So Kurvan built a system where you had, you know, you would beat checkpoint software and manageability, Netscreen on performance and, you know, Cisco and Fortinet in terms of the all in one capability. And then the question was really, how do you insert into that?
A
Greylock and Sequoia were very rigor in making sure that I have the right plan to be able to conquer the market. So that was a, I guess, nine months project where we went through different insertion plans, different ways of getting into the market with whatever it is that I'm going to end up building.
C
He had several ideas, but none were refined. There was energy from near as you can expect to do a frontal attack on the firewall market. And both Ashim and I felt like a market entry tactic that may not be frontal in nature, but would embrace a more subtle approach to the market was important. And so much of the investigative work was around product definition and market entry tactics.
B
The team continued to brainstorm around this early crucible moment. What do you build that will set you apart in a space crowded with competitors, and how do you take that product to market?
A
The original plan was to be based on an asic, a custom silicone that we were going to build that's going to make everything really cheap and really fast. And we scrapped that as not being enough. And then after one or two more iterations, we figured out that one of the features in the product which was around being able to secure not just web browsing and email, which were the only protocols or only applications that enterprises were using at the time, but rather also secure other applications which were considered consumer applications at the time, like ICQ and NetMeeting, if you remember, and Skype and Facebook was emerging at the time and so on. The assumption was that these were going to become also enterprise applications. So the decision was to take something that was relatively smaller in terms of being able to secure all these applications and making it the cornerstone of what it is that Palo Alto Networks was going to do in the early days. Build network security that can secure everything, not just web browsing and email, and making that the go to market the insertion plan, what we sell to customers.
C
At the time, there were dozens of appliances doing various functions that were not being done in the firewall. And Near's ambition was to create a single pass architecture that would allow us to integrate that into a single system.
D
Customers really had what was called appliance fatigue. They had, you know, many appliances for different discrete functions around security. And so part of the vision around the company was to collapse all these functions into a single architecture and into a single system, but yet provide customers with scalability and manageability and performance, in.
B
Addition to a single fully integrated platform that could serve all areas of an enterprise's security needs. The team decided to take a gamble on the way the platform was deployed.
A
When I joined Sequoia and Greylock in 2005, the cybersecurity market was 100% on premise, meaning everything you would buy, whether it's network security or endpoint security or data security.
Identity and access management and so on, was on premise. Which means that projects were expensive, they took very long, took three years to implement whatever it is that you bought. By the time you finish implementing it, you have to go back and re implement it because technology has changed. We used to equate it to painting the Golden Gate Bridge, where when they finish painting the bridge, they have to go back and start painting it again because the paint is already corroded. One of the things that we decided to do at Palo Alto Networks is to do more and more in the cloud. Well, there was no cloud at that time, so we did it in our own data centers, but delivered as SaaS. So the idea was to take some cybersecurity functions and rather than trying to deliver them on premise within the hardware that we were building and later the software, we would deliver those as cloud, delivered security services from our data centers. Everybody thought we were crazy. Nobody would use the cloud for cybersecurity, nobody would send cybersecurity related data to be inspected in the cloud, and so on. And when I hear something like that, I say, of course I'm going to do it, you know, because it's the right thing. And if everybody believes it's not, it shouldn't be done or it cannot be done or nobody would want it, then, you know, it's a good reason to do it.
B
With an ambitious plan for their novel security platform in place, the team set about bringing on talent, including an experienced head of engineering. Meeting with Neil was interesting. Obviously he knew the security very well and very sharp, very analytical, and I felt that he was trying to do too much or basically too confident. I'm Rajiv Batra, I'm the co founder of Palo Alto Networks. But then we had the second meeting and we basically tried talking about the kind of company we wanted to create. And our vision about the company was very, very similar. He was telling all the things, I knew what went wrong in previous companies and what went right. And our vision was Very, very aligned. And that got me excited.
A
We decided that it's important for us to be proud of everything we do. Everybody will tell you they want to be proud of everything they do. In reality, in the cybersecurity market, because it is so difficult for customers to check whether something actually works or not, more than 95% of the vendors in the industry are selling snake oil. They're selling products that look pretty but don't really do anything. So it was very important for us that whatever it is that we do, we can be proud of. Actually does something, actually secures customers. It is much more expensive to do it, to develop it. Yet we believe that if we do the right things for the customer and we don't cut corners and we make sure that we actually secure them despite not having to, we would be successful.
E
We really listened to customers from when I joined. When we shipped the first version of the product, we actually hired a salesperson whose entire job was a set of meetings for me. We had nothing to sell and their entire job was set up customer meetings for me so I could go tell them what we were doing so I could get their feedback. Hi, I'm Lee Clarisch, Chief Product Officer, Palatine Networks. I talked to close to 100 companies in the first year when we didn't have a product. It was to get that feedback of is there anything that we're missing so that we would have the conviction such that when we launched the product, we didn't get yanked and pulled in all these different directions.
A
The only controversial thing, or the thing we had to debate in the early days of Palo Alto Networks is how do we call the product? The debate was whether we call whatever it is that we build a firewall or next generation firewall, or whether we hide the fact that it's a firewall and we call it multi cybersecurity function, gateway or whatever, some other name that doesn't have firewall in it. And the reason for that is that when you call it a firewall, you make it very hard for you as a young company to sell the product. Because if you call it the next generation firewall or anything that has the firewall name in it, and you go to customers and you try to sell it, the first thing they say is, we already have a firewall. And then even if you are able to show them the value and you tell them no, it's okay, it's an extra firewall, you don't have to replace your firewall. You can deploy it behind your firewall and then One day, if you want, you can replace it or you don't have to, which was the way we sold it. In some cases. You hear, no, we already have a firewall. It's a political issue. The firewall belongs to another department. We cannot put something that's called a firewall behind that firewall. Go away.
E
It was hard, like telling your customers you're a startup and you have a firewall. Customers are like, I'm not deploying a version 1.0 firewall on my network. Like, if it fails, my network goes down and then I get fired. And so the temptation was to say it was not a firewall, that it was a application visibility and control tool, or it was one time they wanted me to create a data sheet for and call it a next gen ips. I would show up at customer meetings being told by the salesperson, whatever you do, don't tell them it's a firewall. And so the first words out of my mouth at every meeting like that was, hi, my name is Lee Clarich and I represent PAL Networks and we have an amazing firewall for you. And the sales teams would kick me under the table. I was paranoid that if we allowed ourselves to be positioned as anything other than a next gen firewall, which included the firewall piece, that we would never be able to capture it again. We would get relegated to being a firewall helper as opposed to being a firewall.
A
The decision eventually was, yeah, we're going to call it a firewall, a next generation firewall. And the reason is that this is where we want to be. We want to be a firewall. We want to be the firewall of the organization. And even if in the beginning we have to work harder in order to sell, would pay off later.
E
I used to joke with the sales teams, I said, you have to use the F word. They're like, have to use the F word. I said, yes, firewall. We have to be true to what we built. I am 100% convinced that if we had been relegated to something other than a firewall in the early days, even if customer didn't deploy us that way, we would have never been able to get that position.
B
Back in 2007, Palo Alto Networks launched its next generation firewall, a product that could stop sophisticated cybersecurity threats at the application level using built in intrusion prevention, malware detection and other advanced defense systems. With this groundbreaking solution, Nir and his team burst into the cybersecurity arena.
A
When we were selling against Checkpoint, against Juniper, against Cisco, against Fortinet it was pretty easy, actually. What we told customers is, hey, today you are blind to anything that comes in, not via web browsing and email. Put our box on the network for a week. We had a mode in the box where you didn't even have to put it in the network. You just tapped into the network through a switch or through an optical network tap. Give us a week and let us show you what you're missing. And in most cases, customers said fine because it was so easy to deploy. We put a box there, we show them that their existing products are completely blind to anything that's not basic web browsing and email. They go back to their vendors, they ask for a fix, the vendors have no fix, and then they bought our product. So it was pretty easy. We knew from the beginning that if we get a poc, a proof of concept with a customer, our chances of selling the product were in the 90s. So 90% or more near positioned Palo.
B
Alto Networks as the clearly superior alternative to the industry incumbents. His credibility, built from years of experience at those firms, helped fuel word of mouth among enterprise IT teams. Frustrated with legacy firewalls, Palo Alto Networks grew rapidly, generating $5 million in its first year alone. The company began attracting larger clients, including a $10 million deal with Citibank, a clear sign it was disrupting the cybersecurity industry. As Palo Alto Networks next generation firewall gained traction, rivals took notice, opening the company up to potential vulnerabilities.
A
When you change the market, the biggest worry you have is that one of your competitors will wake up too early and deliver the same as interesting in.
E
Terms of how competitors reacted to us. I remember Juniper actually tried to preempt us coming out of stealth mode and to say that they had sort of done what we did, which of course they hadn't technically, so it didn't matter too much. But it's just interesting to see them trying to position it that way. Check Point initially, who we sort of viewed as our biggest competitor. Their initial response was to say that we didn't know what we were talking about. We were wrong.
About two years later, they changed from we are wrong to actually it turns out you need a next gen firewall and Check Point invented it. In retrospect, by 2010, 2011 timeframe, the market space was largely. Everyone was saying they had a next gen firewall.
B
Nir and his team faced a crucible moment. They realized that if they wanted to beat out competitors and become the true industry leader, they would need to scale and scale fast.
A
We felt the pressure to scale the company fast. From the early days, we knew that there is a market out there, that we have a disruptive product, that we have to get to as many customers as possible. We were doing a few hundreds of millions of dollars a year in sales and we needed to go to a few billion. And that always requires a change.
Every time you.
Multiply your sales 10x things have to change. They have to change in the way you market your product. You have to change the way you sell the product, you approach the market and so on. You have to change the way you support the product. You have to change many different things in the organization.
B
The company's first change was to seek out new leadership.
A
When you grow really, really, really fast, very quickly, you get to a point that whoever it is that you hired is running the biggest thing that they've ever did. Sometimes they're able to grow with it, and sometimes they're not. If you're a founder and you find yourself in a company that's doing a few million dollars in ARR or tens of millions of dollars in ARR or hundreds of millions, good for you. And you need to scale it to the next level, 10x so from few millions to few tens of millions, from few tens of millions to hundreds of millions, or from hundreds of millions to billions. If you've never done it yourself, which you probably haven't, don't be a hero, don't try to do it yourself. Your chances are relatively low. Bring someone that's done it before and let them do it for you.
B
So we were looking for basically the person who could take it to the next level, who already had an experience being in the public markets, the scale we need to do and how to basically make it happen. And we were looking for a great leader at that point. To me, that was very, very crucial.
F
Actually an unusual situation in that I was offered the CEO job twice. The first time in 2008. And for personal reasons, family reasons, I was unable to take it at that time. So I declined, knowing that I would professionally regret that probably for the rest of my life. And then, lo and behold, got the opportunity again in 2011. Things had changed at home and I was able to say yes that time and ended up being the best, you know, professional decision ever made. I'm Mark McLaughlin. I had the privilege of being the CEO and chairman of Palo Alto Networks from 2011 till 2018 and on the board until 2022. The company's doing very well, clearly selling, well established. The next gen firewall is an Important thing in the market and so let's go scale it. The expectation was when I joined, I mean literally, not the expectation was pretty, pretty explicit, was okay, you're here, we're going to go public in six months.
B
Palo Alto Networks leadership and board believed the best way to scale and to cement its category dominance was through an ipo. Going public would send a powerful signal and give the company additional resources to grow. But upon his arrival, Mark pushed back on the idea of an imminent ipo. He wanted the team to think critically about the company's direction and, and ensure it was on strong footing before making this leap.
F
What's the vision for Palo Alto Networks? It's very easy for a company to scale itself to death. And there's lots in that statement of examples you go down which would be we have one product, the product is great, everybody loves it and you're just late on the next one or the next one and then you just kind of, you know, you just peter off, right? The next one is hire, hire, hire as fast as you can because you know we're growing so fast and you dilute or destroy the culture of the company simply by just layering in because you relax, you know your filters right on who's going to join the company or just have too many people. There's a lot of ways to scale yourself down very quickly. But it's all folks today is if you're fortunate enough to be in a hyper growth company and P Networks is a hyper growth company, not growth, not super growth, hyper growth. In a hypergrowth company, it's like trying to stand on a marble. It's very, very difficult to maintain balance or even get it ever.
E
The reality is if you want to go public, yeah, your product, technology and that stuff really matters. But if you don't have just as much emphasis on how you're going to build and possibly innovate and scale a go to market machine, you're going to get creamed in the public markets. Public markets every quarter. They don't ask you if you launched a product, they ask you if you met your numbers. Mark joined and the first thing was to slow that down to make sure that we were going to be ready not to go public like that was the end state. But that was going to be the start of the rest of the company of being a public company, what it takes to be a successful public company. And we better get our stuff together.
And be ready for that.
C
I think Mark wanted time to recruit a world class team and build out the culture and make sure that we had the right talent in Europe and in Asia, but also key areas that had been, I think, underinvested early on, whether it be support or sales enablement, finance. And Mark rightfully pushed back on the board and suggested that we were financially ready to go public, but we were criminally understaffed and needed to hire a handful of leaders. And I think quickly the board recognized that Mark was correct, and we all got comfortable with giving him that time.
B
Mark convinced leadership to slow the sprint to an ipo. Meanwhile, he went about expanding sales support and finance teams while carefully preserving and building on the company culture Nir and Rajeev had worked so hard to cultivate.
D
What Mark really did was came to a company where the basic product market fit had been established and the product had begun to kind of grow in the market. But he really kind of, you know, went out and recruited a world class executive team, worked closely with the founders, and built an executive team at the company that could really take advantage of the business opportunity that had been created and help materialize that.
B
In July 2012, with a firm roadmap for expansion and the proper systems and leadership in place, Palo Alto Networks went public at a market cap of around $4 billion, one of the largest tech IPOs of the year.
F
The IPO gave us the money to set up the tents and buy the food at basecamp.
That's where we are. A lot of people never make it to base camp, right, but that's where we are, and we've got the resources to actually start to climb the mountain. Now. That was probably the most important thing in my mind to go. Okay, let's get people thinking about 10 years.
B
In the years that followed, under Mark's leadership, revenue soared tenfold, from a run rate of just over $200 million in 2012 to $3 billion in 2018. The team grew just as dramatically, from around 700 employees to over 5,000. And along the way, the company definitively cornered the firewall market.
D
Palo Alto Networks grew its business at a rapid pace. And a day arrived when Palo Alto passed checkpoint and revenue size. When that day came, Nir changed his license plate to Chkp KLD killed. The Chkp killer became Chkp KLD.
A
In 2013 or 14, we became the largest network security vendor in the world by surpassing Check Point and Cisco and Fortinet. Juniper disappeared by that time. It was yet another milestone, certainly something that we always wanted to be, always wanted to be the biggest one. It was also the cue for us that it's time to move beyond network security and start implementing the bigger master plan to consolidate not just the network security market, but the entire cybersecurity market into a single platform.
B
By 2018, Palo Alto Networks was the incumbent network security company. But Nir's ambitions stretched towards capturing every corner of the cybersecurity industry. And his first target was Endpoint Security.
A
It was very clear that what I was set to do in 2005, which is turn the network security market into a you buy one thing and everything else is delivered on top of it, has worked and we've changed the market and network security is done. There are only going to be a few large vendors and we wanted to start seeing that happening in the larger cybersecurity market, which includes other things, for example, Endpoint Security. We wanted Endpoint Security to be part of a bigger thing, part of Ubuy Network and Endpoint Security together, which makes a lot of sense. But it was a struggle. It was very difficult to do that. It was not growing as fast as we wanted it to. We were still mostly a network security company.
B
While Palo Alto Networks was focused on building out capabilities for Endpoint Security, a new era of technology was emerging. The cloud. With its rise came a wave of cloud first cybersecurity companies, ones that threatened to leave Palo Alto Networks behind.
D
The company really began in the on premise era and the company began where cloud had not still happened. Right. And so the company really grew in the on prem firewall market. On prem network security market. And then cloud kind of began to grow. Right. And so at some point the company was at risk of basically being in a market that was an important market, the on prem security market, but missing the new growth market. Right. Which could become a primary market.
E
It was very clear by this point very, very obvious that the cloud was going to have a huge impact. How do we go from being a next gen firewall company like that is our DNA, that is what we do, that is 95 plus percent of our business to being something more. And I remember looking and saying, okay, well there must be some other company that has done this before. What's the blueprint? Let's go look at other companies that have gone from being the best at one thing to the best at multiple things. And in cybersecurity it didn't exist. There was no blueprints, there was no companies that had done this before. There was no guidebook for this. But we had to sort of trailblaze this, this expansion into being a multi platform company. There's all these New cloud security, things that had nothing to do with network security, next gen firewalls, how do we go be the absolute best at those.
B
Palo Alto networks risked falling behind in the emerging cloud security category. They faced a crossroads. How should they adapt to seize the opportunity? One of the first things that became clear was that the company's strategy of building technology in house was unsustainable.
F
I would say in the leg of the journeys, you know, for Palatine Networks. And here I'll pick up in 2010, right up to call 2018. We built everything ourselves. We didn't buy anything, right? But that wasn't an arrogance move, like we're the best at everything. It was a move that was structural in nature, which is if you don't build it yourself, these capabilities at the network level, you can't have the seamlessness of what we're promising as next gen firewall. And that worked very, very well. Okay, right. It worked technically well and it translated into business success as well. Okay, Fast forward to 2017, 2018, and with the cloud being a major structural change on how people are actually going to do compute, right? The problem with that of the mindset is we make everything ourselves so it all works together. Really didn't work then. From a cloud perspective, this is on me. I mean, as a CEO, the buck stops with the CEO, right? I think we were late to the cloud and by 2017, definitely 2018, realized it. And part of the catch up of like, okay, hey, we can be the best at this, but we have to think like as if we were born in the cloud, right? Like not do at least try to insert ourselves. Here's our firewall. It runs in the cloud, right? Like if you were born in the cloud, how would you do a firewall?
G
Right?
B
As Palo Alto Networks grappled with strategy around cloud security, leadership received startling news.
A
In a shocking move, Marc took Lee Clarich and I to lunch and told us that he wants to retire.
F
I said, hey, Etzer, it's time for me to actually spend some time at home. And a lot of people say that, but in my case it's like, no, really, you know, right. I went home to homeschool. I went home to homeschool. My youngest child, right? So with that in mind, very thoughtful discussions with the board, like, okay, this is going to happen. So now we're going to, you know, figure out who's next, right?
A
Being a shock for us. Okay, it took us 24 hours. We recovered. What do we need to do? Let's go hire a new CEO.
G
I was kind of the black sheep candidate. They had a whole roster of people who had done CyberSecurity, were sitting CEOs of cybersecurity companies and had a long history in cybersecurity. And I was one of the people who had no idea about cybersecurity. I thought there were two different words, cyber and security. My name is Nikesh Arora. I'm chairman and CEO of Palo Alto Networks.
C
Nikesh was a controversial hire.
I mean Nikesh is an extraordinary talent, creative, a outside in thinker, gifted as a leader. He is arguably one of the best recruiters on the planet and capable of motivating all aspects of an organization. But he didn't have cybersecurity experience and lacked enterprise experience. And so we were taking two levels of risk. But it also became clear from the reference work that we did that he was an extraordinary leader and he was going to be an exceptional CEO. The references from Google, from Eric Schmidt, from the board were just overwhelming. And although many of the board members were uncomfortable with his lack of expertise in cyber and enterprise, we decided we needed to take the risk.
G
I approached, I'd say the first three to six months with a very strong mindset on learning and not disrupting too much around me. Part of my job was to not look stupid and that required me to go spend an hour every morning, give or take, with Lee Claridge, understanding how our product universe is structured. An hour with near somewhere towards the end of the day or vice versa, saying hey, how does the world operate?
A
If you're trying to build something new and there is already a team out there, a good team out there, a team that fits your culture, that has been building it for the last several years and they already have market traction, then the right thing to do is probably to go and buy that company instead of trying to do it yourself.
B
Nikesh spearheaded an aggressive acquisition strategy, acquiring three companies in his first year on the job. He'd go on to acquire 12 in his first three years.
G
Challenge we ran into was we didn't quite understand cloud security really well. We didn't know how to talk cloud security, we didn't know how to sell cloud security because we didn't have a product in that category. So part of our opportunity was to see how do we bring companies into our fold who understand cloud security. That's why we made an acquisition of the space. We used those leaders to actually bootstrap our leadership team at that point in time, build a whole go to market motion and capability around them. We actually pioneered the notion of speedboats, where we said every one of these things are speedboats because we have a large destroyer or perhaps whichever is the more benign version of a naval vessel. But the idea of the speedboat was that we have to make sure that we don't constrain them. We let them run faster, we let them build an entire motion around them as opposed to bifurcate that motion functionally and suddenly have firewall people telling salespeople how to sell cloud. So we actually built a whole cohesive team around that capability. That allowed us to gain muscle over time to understand these new swim lanes and be able to be at scale.
B
This strategy, however, came with risk.
C
I would say the vast majority of public market acquisitions fail. It's one of the challenges with a public company quarterly reporting. When you acquire these young companies, they're often not generating meaningful revenue. There's an OPEX hit. And so all of that was absorbed into the existing operating plan that we had offered to the Street. So we did not frame a new set of guidelines for financials based on these acquisitions. And so we had absorbed the OPEX of each of these acquisitions and the dilution of the equity within our existing envelope that we had in terms of guidance for the Street. And that was at times viewed as a risky strategy. But the execution on the go to market front was so extraordinary that we were able to absorb it and that became Nikesh's Go to Mode. Rather than resetting expectations with the Street.
G
I've also been around the tech industry to watch that majority of M and A transactions fail because of execution issues post M and A, then some of the key learnings from the failures are, you know, a company tolls away in a category, doesn't make it goes and acquires somebody, and the same people who were toiling away in the category and failed end up managing the new acquisition. So we don't do that at Palo Alto. Rule number one, you know, the acquired company or the partner that we've acquired actually beat us in the market with less resources, more focus and better execution. So maybe those people should be part of Palo Alto driving that strategy, not people who've been trying and failed at Palo Alto. So the first thing we do is an acquisition is we make the new leaders responsible for our strategy and put them in our leadership team to drive the new area. Two, when the acquisitions happen, a lot less time is spent on aligning the product strategy before you make the acquisition, you try and adjust it afterwards. So pretty much for the most of our acquisitions, we spend a Lot of time. I'd say the diligence period is less about understanding your financials, which we do. Of course, there's a team that does that really well. Or aligning corporate structures, aligning organizations. We spend an inordinate amount of time debating on product strategy and what the product strategy needs to be for the next two to three years because it's a lot easier to work with people who are fully aligned. From product strategy perspective, we've done that before the acquisition than afterwards. So we always joke like once we buy the house, we get to choose what color we painted, but we spend a lot of time consulting with the people who live in it to make sure that we both agree. So that's kind of unique to our approach. It's aligning product strategy prior to acquisition. So our combination of both organic product development, where we accelerate and added resources, and acquisition drove that up.
B
Each acquisition was a strategic play to absorb the talent and expertise driving those companies, even at the expense of the company's bottom line.
G
Not all those products are fully ready and were not being sold. So you end up putting the cost on your balance sheet, but you're not fully getting the benefits of the revenue because you're still in development phase. And we did take our operating margins down as a company for the first two or three years, and we were operating in the high teens and low 20s for the first two years because we were investing in building capability in multiple categories which we didn't exist in.
B
Before the strategy proved correct. Under Nikesh's leadership, Palo Alto Networks has acquired over 25 companies and released products such as Prisma Cloud and Cortex Cloud Comprehensive Cloud Native application protection platforms designed to secure applications and data across multi cloud environments. These innovations give Palo Alto Networks a strategic edge that transformed the company into a comprehensive cybersecurity platform and a leader in the cloud.
G
2018, in hindsight, ended up being a crucible moment for Palo Alto Networks because we could have gone down the steady path of continuing to excel in network security and possibly ended up as a large network security companies. And at that point in time, we competed with two or three of the biggest players in network security who are still around. Or the option for us was to see if we can expand to being a much larger player in cybersecurity with the ambition of being the first evergreen cybersecurity company. And I think we chose the path that set us on track to be, I hope, which is the first at scale evergreen cybersecurity company in the world. And had we not taken that fork in the road, you know, we'd be fine, we wouldn't be done poorly. That those companies have done well, they've succeeded in their space, but they have not been able to move into other swim lanes and be successful in other swim lanes because that was not their stated ambition. So sometimes they say if you don't declare an ambition, it's hard to get to it because you actually don't know you're headed there. So it was a crucible moment for us and in hindsight, it was a bet we made and it worked out.
B
As of October 2025, Palo Alto Networks market cap is nearly $150 billion and it employs 16,000 people globally. As cybersecurity moves into the AI era, the company continues to stay nimble in an ever changing industry.
G
Cybersecurity industry is the most innovative industry in the world because the bad guys are always trying to innovate on how to attack our customers, which means we cannot rest on our laurels. We can't live in a world where we're not constantly trying to out innovate the bad actors. Today we talk about how to secure with AI, how to deploy browsers around the world, how to build a common data lake for security and be innovative in the future. So I think we are getting at the seat at the table now with our customers to define and help them think through the future cybersecurity architecture.
E
The way I approach Palo Alto Networks today is really thinking about it and always trying to sort of maintain an evergreen philosophy in terms of how we approach product, technology, but even go to market and everything else the company does. You can't assume that what got us to our success five years ago is what's going to make us successful today, or what we're doing today is going to make us successful three or four years from now. And so that evergreen philosophy and always being willing to disrupt ourselves before someone else does is a lot of what I think about every day when I think about the future of health networks.
A
If I look at Palo Alto Networks today, and by the way, I recently announced that I'm going to retire from Palo Alto Networks. And the reason for that is that I think that Palo Alto Networks has finally achieved the vision that I set 20 years ago. Meaning recently we announced the 25 or so billion dollar acquisition of a company called Cyberark, which is in the identity space. They're doing many different things in identity identity and access management, privilege access management and other things. And that to me completes the platform, meaning we now provide all the major components of a cybersecurity infrastructure Network security Endpoint security Security Operations center Automation and control and cloud security, Identity and access management. We went into AI security, which is a new space, into email security, which is a traditional space. We went into vulnerability assessment and vulnerability management in traditional space. We have all the major components at Palo Alto Networks that an organization would need in order to achieve their cybersecurity goals, which is what I set to do 20 years ago. And now I can retire from Palo Alto Networks with peace, knowing that I'm leaving a company with all the products and all the technology that it needs, with a great management team led by Nikesh and the company in a great financial state and the company can go and continue to be successful even without me. My advice to startups that are being disrupted or or companies that are being disrupted by either another company doing the same thing, just in a much better way in a different way, or you're being disrupted by a shift in market dynamics like the cloud, like AI and so on. My advice to you is embrace the disruption. If you don't embrace the disruption, you will end up like companies that didn't embrace the disruption. So for example, in our case you end up like Checkpoint. In the case of cell phones you end up like Nokia that was disrupted by Apple and later Google. You will get killed by a disruption. So always embrace a disruption despite that disruption or you embracing it hurting your business for the short term. If you do it right, you will get out of it on the other side much stronger than you would if you hadn't embraced the disruption.
B
This has been Crucible Moments, a podcast from Sequoia Capital. Crucible Moments is produced by the Epic Stories and Vox Creative podcast teams along with Sequoia Capital. Special thanks to Nir Zook, Ashim Chandra, Jim Goetz, Rajeev Batra, Lee Clarich, Mark McLaughlin and Nikesh Arora for sharing their stories.
Podcast: Crucible Moments by Sequoia Capital
Episode: Palo Alto Networks ft. Nir Zuk & Nikesh Arora
Date: December 4, 2025
Host: Roelof Botha
This episode examines the pivotal decisions—the “crucible moments”—that transformed Palo Alto Networks from a bold upstart founded on competitive frustration into a $150 billion leader in global cybersecurity. Featuring candid reflections from founder Nir Zuk, current CEO Nikesh Arora, and key board and executive members, the discussion chronicles the company’s disruptive entry into the firewall market, its scaling and reinvention for the cloud era, and how a persistent “chip on the shoulder” fueled innovation and industry leadership.
Addressing "Appliance Fatigue" and Technical Gaps ([05:29–09:04])
Innovating Deployment: Cloud-Delivered Security ([09:04–10:54])
Need for Outside Leadership
Going Public as a New Beginning ([25:53–26:18])
Nikesh Arora’s Controversial Appointment ([33:23–34:42])
Aggressive Acquisition as Reinvention
Cultural and Executional Learnings ([37:42–39:39])
Platform Completion & Market Dominance
Evergreen Philosophy and Embracing Disruption
“Everybody thought we were crazy…And when I hear something like that, I say, of course I’m going to do it, because it’s the right thing.”
“You have to use the F word. Firewall. We have to be true to what we built.”
“The IPO gave us the money to set up the tents and buy the food at basecamp.”
“I thought there were two different words, cyber and security.”
“I can retire...with peace, knowing that I’m leaving a company with all the products and all the technology that it needs, with a great management team…”
“Always embrace a disruption despite…hurting your business for the short term. If you do it right, you will get out of it on the other side much stronger…”
The episode combines technical candor, competitive fire, and humor (from Nir’s taunting license plates to Lee’s “F word” joke), with reflective insights on leadership and change management. The speakers are unafraid to discuss their failures, anxieties, and learnings, maintaining a direct, sometimes irreverent, but always forward-thinking Silicon Valley tone.
This episode tells the classic, but ever-timely, story of how embracing industry disruption, listening to customers, and having the courage to constantly reinvent can take a company from rebellious underdog to platform leader. For tech founders and product leaders, it’s a masterclass in competitive edge, self-reinvention, and the crucial power of “the chip on your shoulder.”