A

You're listening to the Cyberwire Network, powered by N2K.

B

Welcome to Threat Vector, the Palo Alto Networks podcast, where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends. I'm your host, David Moulton, senior director of thought leadership for unit 42.

A

You start seeing signs early and then you look around, you don't see enough impact. You say, okay, maybe this is going to be just about, but you don't realize that over time, this thing's getting more and more momentum. It's getting bigger and bigger. It's going to be more impactful. I feel the same way about AI. Like, there's a $4 trillion company called Nvidia. They're selling chips. We're just buying more and more chips. And there's like hundreds of billions of dollars of infrastructure that seems to be have to be built in the next few years, or there are people looking at nuclear energy or fixing the electricity grid, looking for alternate sources of power. So there's a big spend happening on building AI.

B

Today is a special episode. This is episode 100 of the show. And to market, I'm joined by our CEO, Nikesh Arora. When people talk about cybersecurity, they usually focus on tools, threats, or the breach of the week. But the forces that actually shape this industry start earlier than that. They start with judgment, with leadership, with decisions made under pressure, with incomplete information, and with consequences that extend far beyond technology. My guest today has spent decades operating at that level. Nikesh has led at the highest levels of business, shaping global platforms to guiding one of the most influential cybersecurity companies in the world. He's seen technology cycles rise and fall. He's made decisions when the path forward wasn't obvious, and he's had to think about not just what comes next, but what will last. Nikesh, welcome to Threat Vector.

A

Thank you. David, nice to see you.

B

It's nice to see you, too. We're going to start out with a little bit of a rapid fire today.

A

All right.

B

Something that's a little bit different. So what's the coolest thing about working at Palo Alto Networks?

A

Well, it's different today than it was seven and a half years ago when I started. Today, I think it's cool that we are the largest cybersecurity company in the world, which is kind of cool. You lead your sector. I think it's also cool that every day we're making thousands of customers safe from bad actors so they can go ahead and do what they need to do. So we're kind of mission driven. We're not selling social media, we're not selling advertising like I did when I was at Google. We're actually solving real problems for our customers and our companies, which is kind of great. And it's also great that we all get to work with cool people at Palo Alto.

B

How about your favorite memory of working here at Palo Alto Networks?

A

There are so many to pick from. You know, I think in no particular order, we have these employee events. People bring their kids, you get to talk to them, they talk to their families. You get to see what actually makes them wake up every morning and try and come to their best. Because you'd be surprised how many children want to see their parents succeed, how motivated parents are in front of the children to put their best foot forward. So that's kind of inspiring in a way. It brings it back to humans. And as we talk, you'll see a lot of this will come down to people on a constant basis. I think it's interesting, I remember what we did in the first year I was here, we did in a quarter two years ago. That's kind of an interesting milestone saying, well, what we did for 12 months now happens in three months. So it's just things like that or germinating an idea like xim and we sat here and said, oh my God, our mean time to or median time to detect and remediate cybersecurity is four days. And I think, oh my God, I fell from my chair when I heard that the first day somebody told me. And now that we are able to bring it down to one minute, it's kind of like stuff you say, my God, you set a North Star, you go grind towards it, you go achieve it and you go turn that into a product in the market and becomes hugely successful. So all these things just are like amazing things that have happened in the last seven, seven half years that I've been here.

B

It's gotta be cool to witness that arc and then to set those goals, to say, where can you go next if you're not here? Where's your favorite place to be when you're not working?

A

Home with my kids, my family, clearly, because we all work and this is kind of like where we spend 60, 70 hours a week. You actually get less time waking time with your family. So if I wasn't here, I spend more time with them maybe for a bit and maybe I want to go something else because spending too much time at home is also not that exciting. But no, I'd probably be home, spending more time with my kids. My kids are young. Watching them grow up. Cool.

B

That's awesome. Favorite sports team.

A

This is a tough one, right? Because I had this theory that I grew up playing cricket. So for me, that's what I did when I was a kid. You wake up, like, my son's 10 years old. He's obsessed with basketball. He wakes up, he watches the warriors. He plays his NBA games, which have basketball players. He's like, he's trading them. He's doing all kinds of stuff. So this is what he grew up with. Imagine that same thing happening when you're living in India. And Graham got cricket, so that still gets me excited. I can still, like, literally feel the passion when I watch a cricket game. So towards that end, today, the Indian cricket team would be my favorite sports team. Now, in the context of where we are, it'd be the Warriors.

B

Yeah. So here in the States, a little basketball, but your heart's with cricket still.

A

I think my son's got me more into the basketball part. Yes. Yeah.

B

It's fun to share that memory with your or those experience with your kid. What's your New Year's resolution?

A

You know, the good news is it's pretty consistent every year. I want to be healthy, so I started off the year really well. In fact, actually, I started off the end of the year really well. I went into, like, literally after I went to Israel as part of meeting the people at Cyberark and Palo Alto Networks, and I hadn't done for a few years. That's amazing. I spent four amazing days there, and then I took a week off quietly. I went off to a health detox. That was great. It was great to start that before the holiday.

B

What's a health detox?

A

A health detox is a place where you basically are devoid of any devices.

B

Okay.

A

You eat healthy, you don't drink, you work out, you sleep on time. My whoop went crazy. I was really happy. You eat a very measured diet to make sure there are no toxins in your body, and you go through a whole series of treatments to try and eliminate toxins in your body. So I came out feeling like a million bucks. Love it. And what that helped me do is amazing, is that I didn't feel compelled to partake in any festivities of Christmas or New Year. So basically, what people try and do on January 5th, I started on December 15th. Now Tom's like, I'm feeling the urge to go. It's been a while. But I did that. That was amazing. Yeah. So My resolution continues to be lead a healthier life.

B

What do you wish poor leaders were willing to say out loud?

A

Like, we have a philosophy at Palo Alto which is, you call a spade a spade. You actually look at everything and see if it's achievable. You're going to get it done or not. I think the best way to get stuff done is to confront the issue, figure out what the resolution is and solve the issue. I think a lot more stuff gets solved much faster. Leaders just spend the time understanding that not everything is perfect because it never is. In our personal lives, our professional lives, there's always something that needs to be done better or fixed. I think part of our job as leaders is to fix that or at least create the culture where we can fix that so we run into less issues. I think part of our job is also is look around corners to see where the next big thing's coming towards us so that we can prepare the business in that direction.

B

Favorite podcast.

A

You know, it still has to be all in. Yeah, because I spent a lot of time with those guys personally and I just enjoy their banner and I think they've been around for a while. It's part of it comes habit. You listen to it, you. You get related to some of the stuff they're talking about.

B

You get those authentic conversations.

A

Something like that.

B

Nikesh, you've had this front row seat to technology shifts as you look forward to 20, 26 and beyond. Do you think that people still misunderstand cybersecurity and where it's actually heading?

A

I think part of what is important to understand is that most technologists think about technology, not about cybersecurity. Cybersecurity is kind of like insurance. Let's go make great things happen and let's make sure on the way we purchase insurance or we make sure that we're not going to do it the wrong way. Cybersecurity usually ends up being an afterthought as opposed to the primary thought. I mean, I just talked to a CIO this morning. He's busy trying to figure out how to deploy AI as part of the AI deployment. He's more concerned about how is that going to impact customers. Can they actually build a viable product? Can they actually train their AI to be able to solve real problems? He didn't mention even once that I'm worried that this thing's not going to be secure. See, security is when you think something's going to work amazingly well and then you worry that people are going to break into it. If you're still going through the notion, trying to understand, can I actually make this thing work? You don't worry about security, so what if it doesn't work? Designer worry about security?

B

Yeah, don't need it.

A

As much as we like to say secure by design, which is what we should do is like design in such a way that can't be breached. Very often when new technologies arrive, people spend a lot of time trying to just deploy and make it work. So I think we're in that phase as it relates to AI. And AI has become the biggest inflection point, as you know, in current technology. So I think we're going to see behaviors where people are too busy deploying and security has become an afterthought. And it's our job as Palo Alto and our industry to make sure as they go build these experimental ideas into real production capability, that we're staying in lockstep with them and say, oh, by the way, here's something that can secure what you just built in a way that is not going to get into trouble. Funnily enough, this CIO said, oh, we worked on some stuff ourselves and we're just jerry rigged some things to make sure this happens securely. I'm like, jerry, rig production and security don't work together as three terms.

B

I started my career in design and used to build a lot of things and then got into security and realized I really made people's lives hard. I wanted to build delight. And I think you're right about this idea of I want to figure out if I can build a thing and we'll deal with the security later. What about that gap that seems to persist worries you the most?

A

It's. Look, worry is a big word. I don't think it worries me as much because I understand the psychology behind it. Like, think on in our normal lives, right? When you go to the airport, what do you have to do? You have to go to a scanner, you have to take your belt off, you got to take your liquids out, you got to take your laptop out. All that is overhead, right? You wish your experience was more seamless where you wouldn't have to do all these things. There was times when you could do that. So by definition, security causes some degree of latency or overhead. There's no way to avoid it. It's very hard to do security in a seamless, frictionless manner. So I know where I understand why the gap is. People don't want to create friction when they're trying to create delight and look for acceptance. They believe the goodness of mankind. So, oh, my God, I'm going to design this. People can use it the right way.

B

Yeah.

A

But then you figure out as it starts to scale, it starts to become more omnipresent, that there are bad actors who can get access to it and do bad things with it. So at some point in time is the right time to think about security. Now, if you're really good, you design security right off the bat in the beginning, so that when it comes time, you can go put it together. And it works beautifully at scale. And I think that's the aspiration, not quite the reality. As you said, when you do design, you actually don't think about. You think about functionality, you think about usability, you think about value, you don't think about security.

B

So you've talked about inflection points when things quietly change before anyone notices. What signals are you paying attention to right now that you think the next shift is already underway?

A

It's funny, I was on the phone, I was a few minutes late, and I was talking to somebody because, look, there's stuff going on out there. But it hasn't impacted our lives in a more aggressive fashion. It hasn't impacted our customers life that much more aggressively. I read somewhere a few months ago where people talked about in the context of technology, you start seeing signs early, and then you look around, you don't see enough impact. You say, okay, maybe this is gonna be just a passing shower. But you don't realize that over time, this thing's getting more and more, getting more and more momentum. It's getting bigger and bigger. It's going to be more impactful. I feel the same way about AI. Like, there's a $4 trillion company called Nvidia. They're selling chips, they're running out of fashion. Like, they're not running out of fashion. People just buying more and more chips. And there's like hundreds of billions of dollars of infrastructure that seems to be have to be built in the next few years. Or there are people looking at nuclear energy or fixing the electricity grid, looking for alternate sources of power. I was with a guy, big Thanksgiving. He's got a methane gas company. All this capacity was bought out by one of the cloud providers. I'm like, oh, my God, these guys are really going out there. So there's a big spend happening on buildings. The AI compute. I notice individual behavior. And I used to never talk to ChatGPT or Gemini. Now I'm doing 10 or 15 conversations a day with these AI chatbots about anything. And Everything, right? How does this thing work? How do I do this or should I do this? So I was in Tokyo, literally. Gemini was my best friend. Because I don't speak Japanese, I can't go scour Japanese websites to find things. And boom, I was asking, I want to take my kids to a sumo wrestling show, where should I go? I ranked them all. Great. That's better than me trying to go read 14 websites and figure out basically. So you can see that there's a rising consumer trend. You can see there's a rising trend in enterprise from coding, et cetera. You can see there's a large spend coming. So this thing is going to change our lives fundamentally. But we're not seeing it at scale in our customers just yet. That doesn't mean we can sit back and wait. It means we have to get ready for this future. How do we do that? Which means a lot of uncertainties. Well, if you don't see scale, how do you create scale and security? So you got to figure out, you got to have make a bet. You can say, so where do we think this is going to go? This is where we're going to lay our bed. This is going to go prepare so that when our customers get to a point where they actually see the need or there is a solution, anticipating that.

B

They'Re going to be hungry for security at that point. Mukesh, you've seen industry evolve through multiple cycles. Where do you think we are right now in the hype between AI automation and geopolitics versus the reality of AI automation and geopolitics?

A

I think what you're seeing is a rapid adoption of the consumer use case. Right. I think in the next 12, 24 months it'll become impossible. People will be talking to their chat bots about everything, whether it's how to deal with personal things or how to deal with whatever the topic. You pick your topic. And I think things will get more and more specialized over time. Or you have your favorite kind of happened in search. I used to work at Google. There's a time there's one big search box and then maps became a thing and then Google Local became a thing. So you start seeing more and more training is going to happen in very specific categories you think it's going to get good at. For example, today there's a different model that creates videos for you and there's a whole automation around how to create videos. A different model that has a textual conversation with you. So I think you'll see some degree of specialization and these Models are going to get more and more powerful. That's going to happen I think as it relates to automation. Automation's always been around. You know, we used to do process automation, workflow automation, robotic process automation. Process automation has already been around. I think on AI, first you're going to see we're going to get more and more hungry for more data because the more data you have, the more you can train AI to solve harder problems. We'll discover that in the enterprise context. Today, any enterprise probably collects 20% data. They need to run it more efficiently. We're going to actually have to three to five times our consumption of data in every enterprise to get better outcome. Why should 3,000 salespeople, Paul Alto, have to go discover the problem every time and try and solve it themselves? Why? If you had collected all the data, how this guy solved it two years ago, we should have a beautiful chatbot. When you go on to the next customer, it says, boom, here's all the learning I have from the 300 interactions I've been tracking. Add your interaction, here's the best strategy I can give you to execute the problem. So we're going to become very hungry on data consumption, which is why they're spending so much money and creating all these large infrastructure that is needed to be able to train these models, train the use cases, train the applications. I think on the automation front, eventually people will want AI to execute on their behalf, which is like an instead of if you're so smart AI, you can tell me, why can't you do it now? Do it requires automation and connection to control systems. I mean, think about or waymo. There's no human being in the car. Somehow the model's figured out from more machine learning than generative AI. Machine learning's figure out what the right solution, what the right response to that scenario is. And actually it's connected to your brake, your accelerator, your turning signals. Everything's connected to this effective brain in your car where you've given the autonomy to that brain to execute. Imagine that having to be applied to everything in life, right? You're, you're, you know, digger. If you're in construction or something that you know, favors your, your, your stuff that you use in agriculture, all these things could over time be trained to execute on their own behalf. But it still needs a lot more training to get there. So I think that's what's going to happen in automation and AI. I think geopolitics is a different one, I think because of the humongous amounts of Data involved a lot of countries. We are very nervous about their data leaving their country. We've seen that in the Internet scenario. I think you're just going to see this at scale where people say, wait a minute, that's too much information about my employees or my citizens, and I don't want this data to leave the country. So you're going to see a lot more rigor around data sovereignty, people wanting their data in their own countries, wanting models to be built in their own countries, which I think is kind of a false argument, because this happened again 15, 20 years ago when search came around to Google and people in every country running their own search engine. But you don't realize that you don't have the scale and the capability and the competence to go build this 150 times across the world. So we'll still see large global companies solving these problems, but we'll have to figure out ways that these become acceptable to nation states. And I think there's gotta be a whole set of social challenges in if AI gets too good too soon. Foreign.

B

So let's zoom out for a minute. I want to ask you about how organizations should respond to this moment and what happens to separate those who, you know, succeed and those who fall behind.

A

Well, look, anytime there's an inflection point, there's tremendous amounts of uncertainty, right? You know what is going to become obsolete, but you don't quite know what is going to become trendy. Now you can sit there and say, well, I'm just going to wait till I figure out what becomes cool, and I'm just going to move from where I am to there. The problem is it's not that easy, right? You have to not just anticipate where the trend is going. You have to prepare your organization and the resources to get there. Otherwise, the risk is that Silicon Valley will go fund those people who are thinking old purely about the new world. And there are 10 different people who are trying 10 different ideas in your space, and one of them's gonna hit. And then you'll be two years behind with no organization, no resources deployed against it, and you'll be behind the eight ball. So part of our job is to sit there, especially in times of inflection, and look around corners and say, hey, where do you think this could be going? Where should we take our bets? But maintain the agility and flexibility of turning on a dime if things don't go in the right direction. So some mistakes will be made. Hopefully you can make less mistakes and get more things. And our Brains move faster than reality sometimes, so you usually have some window, but you have to be ready. I think part of what we are doing at Palo Alto, what leaders have to do around the world, is get their organizations to be ready, start embracing new technology, understanding people who are getting good at it, people who need to be trained, or people need to go out and learn again and get good at it. Because I think this has the property of fundamentally transforming almost everything we do.

B

So you've talked about building with intention rather than reacting to the noise. And I think that you're talking about that a little bit when you're saying you don't want to wait, you don't want to overreact and go for the wrong things, sort of find that balance. How does that psychology and that philosophy show up here at Palo Alto Networks when you're thinking about the future of security and where to drive this company?

A

Well, like, if you go back and it's easier to go back in hindsight and show you what happened. Like, when I came here, we were a firewall company at that point in time, I kind of like my plastics moment, or I wrote cloud and AI on a piece of paper and I talked to Nir and Lee and founder Nir and Lee, who's our chief product officer and our board member. Now. I said, look, I don't know how you guys did security, but I will tell you, the two biggest technological changes in our life are going to be cloud and AI, at least in our lifetimes. At that point, cloud was just sort of taking off. It wasn't fully developed, People were still experimenting or just doing early deployments. It's obviously done phenomenally well in the last seven years. But what it did was it fundamentally changed everything. It changed the network architectures, it changed how services are delivered, and just that insight allowed us to move and transform all of our on prem services to the cloud, allows us to build firewalls for the cloud, allowed us to build a SASE business for network infrastructure. So I think you have to have the right insight. And then we, you know, at that point in time, that's like I said, there was a thousand flowers bloom. There were so many people trying to invest in so many different businesses and we literally say, eh, eh, eh. Don't think those are going to work. Have you seen that? You see, like, you, you know, you see the debris of startups in the cloud security space. You see debris of startups which try to go out to sase. So I think it becomes, you could get caught up in noise oh my God, look at all these 10 different companies, they're doing this. We should do the same thing. Well, same thing happened. For example, in our SIM example, we sat down and said, hey, it takes us four days to solve problems. Our soc. I said, we need to get to be real time. And literally everybody around me is like, what are you talking about? What do you mean real time? You gotta be able to analyze it and be able to do real time. But to the credit of our team in Israel, they said they got the idea and said we understand, which means we have to start analyzing data as we get it, not wait when the problem happens. So traditionally sox would analyze the problem when the problem appeared. They're like, forget it, we're going to analyze everything to see if there's a problem. That architecture fundamentally transformed what we do in the SIM compared to everybody else in the market. So today we have the most radically different architecture which allows us to aspire towards getting our customers to one minute. Most existing SoC solutions can't get there because they don't do that part of analyzing data up front. They still wait to do some of the risk correlation UEBA at the back, which get you closer, gets you faster, but doesn't get you real time.

B

Exactly. No, I look at the whole thing and it's like no bank would allow for four days after they've been robbed to go, I think we've been robbed, we should probably call it. Yeah, nobody would accept that, but we accepted that as a norm as we've grown into this tremendous problem. Okay, how do you decide where to lead and where to follow when you've got a thousand blooms in front of you and you could chase or you could hold.

A

Look, in the end it boils down to impact and prioritization. Right. And a little bit of survival. What I mean by that is if you look at the landscape and say, where can I have the biggest impact and where do we need to get this right? If you don't get the network transformation right, 80% of our business will falter. You got to get that right.

B

Yeah.

A

If you don't get two features in cloud security, right. Okay. It has less impact. So the question is, you got to sit down and prioritize. Where is the maximum impact today, tomorrow and three years from now? If you can identify those and say, those are the nuts I'm going to chase, or those are the things I'm going to go pay attention to, focus on, that becomes sort of a self driven prioritization mechanism. At the same time, you look at the other end and say, where do I get in trouble if something breaks? Right? Because your risk is not just that you didn't capture the upside, your risk is also that the risk of downside. So you can say, if our customer support system crashed, then we would never be able to support our customers. That'd be a bad thing. Or if somebody got breached, that'd be a problem because that would destroy reputation for us and we wouldn't be able to achieve our targets. You actually look at both ends of this from Barbell and say, where's my biggest opportunities from? Capture more market share or more business? And then where's my biggest risks of where if these things don't work, we'd be in fundamentally bad place. And then there's a third piece. It's like, what am I doing different? Where is my bet? If I'm doing, if I'm doing everything everybody else is the same thing as everybody else is doing, then I'm just going to be better executed. Where's my radical bet like Xim? Where's my radical bet like buying 30 companies and trying to integrate them to Palo Alto? Where's my radical bet which if you get right, is going to fundamentally transform who we are? Now we've done it once, we're going to do it again, right? We did it seven years ago saying how do we become the largest CyberSecurity company for $18 billion? Now we're with Cyber Arc, we 150 plus. The question is how do we take 150 to 500? And that requires a whole different thinking in terms of what do we prioritize and what are the big nuts that we got to chase and what are the things we got, Risks, et cetera.

B

Do you have a set of principles that you use to guide those decisions?

A

There are. Part of it is situation dependent. But when I came to Palo Alto the first few weeks I would say things and people look at me strange like what's he talking about? Why did he think about this stuff this way? I realized, oh my God, I don't work at Google anymore. I work at a different company. These guys and me don't speak the same language. So I actually wrote down my business principles over weekend and brought them into my staff meeting so I can debate this. This is why I do things the way I do it. Over the last seven years it's become an 11 page document and pretty much most senior people who come to Palo Alto is required reading. You got to understand how we think about things. So it kind of creates the same language.

B

So the threat landscape has evolved. How do you think about balancing innovation with responsibility, especially when the stakes from a security standpoint are so high.

A

The threat landscape by its definition has to evolve. Right. Because if you plug the holes, the bad guy's got to look for different ways to come.

B

It would be a seriously boring industry to be in.

A

Exactly. Well, it wouldn't be an industry, Right. If the bad guy said, oh thank you, you've stopped everything, I'll go off and do something else. So by definition, the threat landscape constantly evolves. I think part of what we have to do is to make sure like security goes in certain droves. Like I always say, how secure you are depends on how big a hammer they come with. Right. If you come with a really big hammer or it's a nation state attacking you, then your chances are that you'd have to have a lot of security. If it's some guys that are looking for stolen credentials that trying to get into systems, a different problem. So I think it all depends on how, how big the hammer on the other side is. So you gotta get your hygiene right. You gotta make sure that stuff that everybody gets right should be done right. So from a question of, you know, how do you balance innovation and I'm guessing this is from a customer lens or our lens.

B

Which one sprung to mind for you?

A

Look from a customer and their constant. We talked about. Yeah, they're constantly trying to figure out how to deploy this so cool that they can look good for their customers, et cetera. So they don't spend much time thinking about security. So we have to make sure we think on their behalf on how to innovate now to make sure they they stay secure as they try and get the benefits of the de inflection part technology. Similarly, we are also a company. Our job is also the same to ourselves. Right. You have to eat your own dog food. So we've got to make sure that we are innovating as well without getting bogged down by a lot of requirements. At the same time, we have to be doubly sure because we get breached or we're in trouble. Then we don't risk the reputation risk of our customers wondering what are we doing with this stuff. So I think the standard for us is slightly higher when we do these things versus our customers. Yeah.

B

So Nikesh, you've talked about judgment and leadership and earlier you talked about seeing around corners. But there's always a human no matter how bulletproof your decisions look like when we go in Hindsight. And I want to spend a moment. There's a. And talk to you a little bit about.

A

You. Oh, okay.

B

How has your relationship with pressure changed over the course of your career?

A

It's gotten better. Because if you think about it, my job is to sit down and cogitate over the strategy of the company, where we should be going in consultation with the leadership team and other smart people in the company, which we do a lot. A lot, a lot, a lot. Once we do that, then the next question is an assessment of, well, we've got these plans or how do we execute them? Do we have the right resources? Do you have the right people? Can we afford it? So it's kind of like funding the plan. And then third thing is I'm sort of troubleshooting, saying, oh, let's make sure we tweak this a bit and sort of keeping track of it. That's kind of the three jobs that leader has define the strategy. Resources, right, as in manage people, put the people in place, capital, whatever you need. And third is to make sure you monitor the progress. That's what every leader should do, pretty much, because that's the rest of the workers are my people. Now, in that context, I always joke, we have 16,000 people with cyber, 20,000 people. I think all the easy problems get solved before they come to me. But it's an obvious answer. People go execute. So only hard problems keep getting escalated. The hardest problems come to me. So by definition, I don't get a call from somebody saying, hey, Nikesh, just want to let you know we had a great meeting with the customer. They're buying everything, everything's working great, and the customer says, your team was great. Thank you for your business and thank you for letting me do business with you. That'd be the best phone call in the world, right? I don't get those as many times. I do get them sometimes quite nice to people, but very often it's somebody who's got a problem that needs resolution and is clearly a complex problem because people in the rest of the organization have not been able to solve it. Keeps getting escalated. So I joke, like my job, if I took pressure every time, everything is pressure. It's kind of like working in er. If every. Everything is life or death, matter of life or death, that it becomes normalized. So over time, I think the pressure is normalized. I get into fixed mode as opposed to stress mode. Okay, I get it. This is a problem. There are three logical ways to solve the problem. There's none of these ways that makes everyone happy. So we're going to make choices. Well, what choices do we have to make that stick, to make that, ensure that we don't impact our long term aspirations and it doesn't change our principles, makes it a lot easier.

B

And when things do get heavy, do you have something that you go to to reset?

A

Well, look, first and foremost, when things get heavy, there are some trusted people who want to bring this conversation, share the word. Right? The only reason that yes, sure, I'm the CEO doesn't mean I can't talk to people and ask their opinion. So I'll call red director, I'll call some of my people and my team, we'll chat about it and we'll cogitate what the best options are. So it allows me to at least run things by people over time and get them involved and then make a decision. And if that requires you go for a long walk by yourself or around the neighborhood and come back and say, guess what I'm going to do, that's what you do. And look, part of what you need to do as leaders is to eliminate uncertainty and create clarity. Now that's why those hard problems come to you, because your job is to sift through them, find the solution so people can go on and get shit done. So that's part of the course.

B

Sounds a lot like parenting at times.

A

Oh, that's harder shifting through it. Remember, parenting has another human being on the other side. So it doesn't matter what you think. It matters how they interpret what you think. That's a whole different problem. That's a whole different episode of your podcast.

B

What's something about you that doesn't show up on your resume but shapes how you lead?

A

I find solace in first principle thinking. Otherwise you can get caught up in how things are done. I think that my pet peeve is somebody said, well, this is how we've traditionally done it. Well, use the word traditional and use the historical context saying, yeah, sure, they used to go dig fields with picks and shovels and now they use tractors. So that doesn't mean that the fact you did it one way applies in the future. So part of it is you have to go back and rethink the problem under the current circumstances, such as, see, could this problem be solved differently? And if it was solved differently, would it create a great outcome? And I think that's the job of every leader. Every leader should be looking at things to see how could we do this differently? How would this be better? Differently? How would we add value more if we did this fundamentally in a different.

B

Way, is that something that you grew up with, your parents and your family taught you, or that you picked up when you started your career? Did you come to it kind of organically?

A

I guess subliminality is always there. I think it comes from a deep laziness.

B

A deep laziness?

A

Yes.

B

Okay.

A

When you're lazy, you're always trying to find a better, faster way to do it. How do I get this done? Better, faster, without putting in as much effort as everybody else is putting in?

B

Okay, so you strip away the titles and the expectations and the noise of this moment and you look back on it. What do you want people to remember about your leadership and our place in cybersecurity?

A

Here at Palo Alto Networks, we want to do the right thing for our customers. We want to be the mission driven company that is always looking to solve the problem in cybersecurity where it exists now seven and a half years, we operate in a certain sliver of the industry. Today, I'd say we have coverage for 80 plus percent of the industry, which is great. Which means our customers can come talk to us about a myriad of problems and we can actually cross correlate across all the different things we do to see how well we can solve the problem. So I think from that perspective, the fact that we are trying to simplify cybersecurity and solve the problems should be something that people hopefully remember. Palo Alto was the first company to go from industry tracks towards a platform approach that was delivered to customer. I think outside of that, I think personally going back to what I said, I think people need to understand we're looking for constant, continuous improvement. Right. We're always trying to do better. It's impossible to be perfect in a professional context. Everybody has things. We have 16,000 people. So in 20,000 people, somebody is going to slip up somewhere. Our job is to make sure that customers understand our intent. As long as they believe our intent is right, that we want to do the right thing, they will excuse anything that didn't work out the way it needed to work out. As long as we showed up the next day and say, I'm here, I'm going to fix it, I'm going to keep at it until I solve the problem. So I think intent becomes important. Intent is a cultural thing. Not just me, it's the whole company. We all have to have the intent that our intent is to make sure we solve your problem with you, stand by you all the time. That's why we say the words cybersecurity partner of choice for that reason. Right?

B

Yeah.

A

And lastly, personally I'd like to be seen as somebody who tried to do the right thing and was fair and that's about it.

B

Nikesh, thanks for coming on 100th episode of threat Vector. I really appreciate you giving us a bit of your time today, sharing your thoughts, your philosophy and your insights.

A

Well, thank you. Congratulations on your 100th episode.

B

Well, thanks. That's it for today. If you like what you heard, please subscribe wherever you listen and leave us a review on Apple Podcasts or Spotify. Your reviews and feedback really do help me understand what you want to hear about. I want to thank our executive producer Michael Heller, our content and production teams, which include Kenny Miller, Joe Benecourt and Virginia Tran. Mix and original music by Eloy Peltzman. We'll be back next week. Until then, stay secure, stay vigilant. Goodbye for.