What does it take to lead the world's largest cybersecurity company through the AI revolution—without breaking things?
Nikesh Arora, Chairman and CEO of Palo Alto Networks, doesn't sugarcoat it: security always becomes an afterthought during innovation cycles. In this special 100th episode of Threat Vector, Nikesh sits down with host David Moulton to share how he transformed Palo Alto Networks from a $2.7B firewall company into the world's largest cybersecurity platform—and why the AI inflection point requires a completely different playbook.
You'll learn:
- Why security inevitably lags innovation (and the psychology behind "Jerry-rigging production")
- The three-part strategic framework that separates winners from losers during inflection points
- How "deep laziness" drives first-principles thinking and better decision-making
- Why enterprises will need 3-5x more data consumption to properly train AI
- How Palo Alto Networks reduced mean time to detect from 4 days to 1 minute through architectural reinvention
- What 11 pages of written business principles look like in practice
Before Palo Alto Networks, Nikesh served as President and COO at SoftBank and spent nearly a decade at Google as Chief Business Officer. He's seen consumer tech explosions, enterprise transformations, and now leads cybersecurity's response to AI—giving him a rare vantage point on how companies actually navigate technological shifts.
The conversation ranges from rapid-fire questions about cricket and family time to deep strategic thinking about looking around corners, normalizing pressure, and the radical bets required to transform a company. Nikesh shares how intent matters more than perfection, why automation will eventually require AI to execute on our behalf, and what he wants his legacy to be.
This episode is essential listening if you're: navigating AI adoption without clear playbooks, leading teams through uncertainty, trying to balance innovation velocity with security discipline, or building long-term strategy when the ground keeps shifting beneath you.
Related Episodes:
- Why Security Platformization Is the Future of Cyber Resilience
- Securing the AI Frontier
- Transform Your SOC and Get Ahead of the Threats
#Leadership #AI
Protect yourself from the evolving threat landscape – more episodes of Threat Vector are a click away
Transcript
[ Music ]
David Moulton: Welcome to Threat Vector, the Palo Alto Networks podcast where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends. I'm your host, David Moulton, Senior Director of Thought Leadership for Unit 42.
Nikesh Arora: You start seeing signs early and then you look around and you don't see enough impact, you say, "Okay, maybe this is going to be just a passing shower," but you don't realize that over time this thing's gaining more and more momentum, it's becoming bigger and bigger, it's going to be more impactful. I feel the same way about AI. Like, there's a $4 trillion company called "Nvidia." They're selling chips. They're just buying more and more chips. There's like hundreds of billions of dollars of infrastructure that seems to be have to be built in the next few years. There are people looking at nuclear energy or fixing the electricity grid, looking for alternate sources of power. So there's a big spend happening on building AI compute. [ Music ]
David Moulton: Today is a special episode. This is Episode 100 of the show, and to mark it, I'm joined by our CEO Nikesh Arora. When people talk about cybersecurity, they usually focus on tools, threats, or the breach of the week, but the forces that actually shape this industry start earlier than that. They start with judgment, with leadership, with decisions made under pressure, with incomplete information, and with consequences that extend far beyond technology. My guest today has spent decades operating at that level. Nikesh has led at the highest levels of business, shaping global platforms to guiding one of the most influential cybersecurity companies in the world. He's seen technology cycles rise and fall. He's made decisions when the path forward wasn't obvious. And he's had to think about not just what comes next, but what will last. [ Music ] Nikesh, welcome to Threat Vector.
Nikesh Arora: Thank you. David, nice to see you.
David Moulton: It's nice to see you, too. We're going to start out with a little bit of a rapid fire today.
Nikesh Arora: All right.
David Moulton: Something that's a little bit different. So what's the coolest thing about working at Palo Alto Networks?
Nikesh Arora: Well, it's different today than it was seven and a half years ago when I started. Today, I think it's cool that we are the largest cybersecurity company in the world, which is kind of cool. You lead your sector. I think it's also cool that every day we're making thousands of customers safe from bad actors so they can go ahead and do what they need to do. So we're kind of mission-driven. We're not selling social media. We're not selling advertising, like I did when I was at Google. We're actually solving real problems for our customers and our companies, which is kind of great. And it's also great that I get to -- we all get to work with cool people at Palo Alto.
David Moulton: How about your favorite memory of working here at Palo Alto Networks?
Nikesh Arora: There are so many to pick from. You know, I think, in no particular order, we have these employee events. People bring their kids. You get to talk to them, talk to their families. You get to see what actually makes them wake up every morning and try and come do their best, because you'd be surprised how many children want to see their parents succeed, how motivated parents are for the children to put their best foot forward. So it's kind of inspiring in a way.
David Moulton: Yeah.
Nikesh Arora: It brings it back to humans. And as we talk, you'll see a lot of this will come down to people on a constant basis. I think it's interesting. I remember what we did in the first year I was here. We did a quarter two years ago. That's kind of an interesting milestone, saying, well, what we did for 12 months now happens in three months. So it's just things like that, or the germinating an idea like XIM, when we sat here and said, "Oh, my God, our mean time to -- or median time to detect and remediate cybersecurity is four days," and I'm like, oh, my God, I fell from my chair when I heard that the first day somebody told me. And now that we're able to bring it down to one minute, it's kind of like, stuff you say, my God, you set a north star, you go grind towards it, you go achieve it, and you go turn that into a product in the market and it becomes hugely successful. So all these things, just sort of like amazing things that have happened in the last seven, seven and a half years that I've been here.
David Moulton: It's got to be cool to witness that arc and then to set those goals to say where can you go next. If you're not here, where's your favorite place to be when you're not working?
Nikesh Arora: Home with my kids, my family, clearly, because we all work and this is kind of like where we spend 60, 70 hours a week. You actually get less time, waking time with your family. So if I wasn't here, I'd spend more time with them maybe for a bit, and maybe I want to do something else because spending too much time at home is also not that exciting. But no, I'd probably be home spending more time with my kids. My kids are young. I watch them grow up.
David Moulton: Cool. That's awesome. Favorite sports team.
Nikesh Arora: This is a tough one, right? Because I have this theory that -- I grew up playing cricket. So for me, that's what I did when I was a kid. You wake up -- like, my son's 10 years old. He's obsessed with basketball. He wakes up, he watches the Warriors. He plays his NBA games which have basketball players. He's like, he's trading them. He's doing all kinds of stuff. So this is what he grew up with. Imagine that same thing happening when you're living in India and growing up with cricket. So that still gets me excited, right? I can still, like, literally feel the passion when I watch a cricket game. So towards that end, today, the Indian cricket team would be my favorite sports team. Now, in the context of where we are, it'd be the Warriors.
David Moulton: Yeah. So here in the States, a little basketball, but your heart's with cricket still.
Nikesh Arora: I think my son's got me more into the basketball part, yes.
David Moulton: Yeah. It's fun to share that memory with your -- or those experience with your kid. What's your New Year's resolution?
Nikesh Arora: [laughs] You know, the good news is it's pretty consistent. Every year, I want to be healthy, so I started off the year really well. In fact, actually, I started off the end of the year really well. I went into, like, literally after I went to Israel as part of meeting the people at CyberArk and Palo Alto Networks, which I hadn't done it for a few years, it was amazing. I spent four amazing days there, and then I took a week off, quietly. I went off to a health detox. That was great. It was great to start that before the holiday.
David Moulton: What's a health detox?
Nikesh Arora: A health detox is a place where you basically are devoid of any devices.
David Moulton: Okay.
Nikesh Arora: You eat healthy, you don't drink, you work out, you sleep on time. My [inaudible 00:06:20] went crazy, was really happy. You eat a very measured diet to make sure there are no toxins in your body, and you go through a whole series of treatments to try and eliminate toxins in your body. So I came out feeling like a million bucks.
David Moulton: Love it.
Nikesh Arora: And what they helped me do is amazing, is that I didn't feel compelled to partake in any festivities of Christmas or New Year, so I basically, what people try and do on January 5th, I started on December 15th. I was feeling the urge to go, well, it's been a while, so --
David Moulton: Right.
Nikesh Arora: But I did that. That was amazing. Yeah, so my resolution continues to be lead a healthier life.
David Moulton: What do you wish more leaders were willing to say out loud?
Nikesh Arora: Like, we have a philosophy at Palo Alto, which is you call a spade a spade. You actually look at everything and see if it's achievable, if you're going to get it done or not. I think the best way to get stuff done is to confront the issue, figure out what the resolution is, and solve the issue. I think a lot more stuff gets solved much faster. You could just spend the time understanding that not everything is perfect, because it never is. In our personal lives, our professional lives, there's always something that needs to be done better or fixed, and I think part of our jobs as leaders is to fix that or at least create the culture where we can fix that so we run into less issues. I think part of our job is also is look around corners to see where the next big thing's coming towards us so that we can prepare the business in that direction.
David Moulton: Favorite podcast.
Nikesh Arora: You know, it still has to be All-In. I spend a lot of time with those guys personally and I just enjoy their banter, and I think they've been around for a while, and so part of it becomes habit. You listen to it, you get related to some of the stuff they're talking about.
David Moulton: You get those authentic conversations.
Nikesh Arora: Something like that.
David Moulton: Nikesh, you've had this front-row seat to technology shifts. As you look forward to 2026 and beyond, do you think that people still misunderstand cybersecurity and where it's actually heading?
Nikesh Arora: I think part of what is important to understand is that most technologists think about technology, not about cybersecurity. Cybersecurity is kind of like insurance. Like, you know, let's go make great things happen and let's make sure, on the way, we purchase insurance, or we make sure that we're not going to do it the wrong way. Cybersecurity usually ends up being an afterthought as opposed to the primary thought. I mean, I just talked to a CIO this morning. He's busy trying to figure out how to deploy AI. As part of the AI deployment, he's more concerned about how is that going to impact customers. Can they actually build a viable product? Can they actually train their AI to be able to solve real problems? He didn't mention even once that "I'm worried that this thing's not going to be secure." See, security is when you think something's going to work amazingly well and then you're worried that people are going to break into it. If you're still going through the motion, trying to understand, can I actually make this thing work, you're not worried about security. So what if it doesn't work? Then you don't have to worry about security.
David Moulton: Yeah, don't need it.
Nikesh Arora: It's kind of like -- as much as we like to say "secure by design," which is what we should do, is, like, design it in such a way that it can't be breached. Very often when new technologies arrive, people spend a lot of time trying to just deploy and make it work. So I think we're in that phase as it relates to AI, and AI has become the biggest inflection point, as you know, in current technology. So I think we're going to see behaviors where people are too busy deploying and security becomes an afterthought. And it's our job as Palo Alto, and our industry, to make sure as they go build these experimental ideas into real production capability, that we're staying in lockstep with them and say, "Oh, by the way, here's something that can secure what you just built in a way that is not going to get into trouble." Funnily enough, the CIO said, "Oh, we worked on some stuff ourselves, and we're just jerry-rigging some things to make sure this happens securely." I'm like, jerry-rig, production, and security don't work together as three terms.
David Moulton: I started my career in design and used to build a lot of things and then got into security and realized I really made people's lives hard. I wanted to build delight. And I think you're right about this idea of "I want to figure out if I can build a thing and we'll deal with the security later." What about that gap that seems to persist worries you the most?
Nikesh Arora: It's -- look, "worry" is a big word. I don't think it worries me as much because I understand the psychology behind it. Like, think in our normal lives, right? When you go to the airport, what do you have to do? You have to go through a scanner, you have to take your belt off, you got to take your liquids out, you got to take your laptop out. All that is overhead, right? You wish your experience was more seamless, where you wouldn't have to do all these things, and there was times when you could do that. So by definition, security causes some degree of latency or overhead. There's no way to avoid it. It's very hard to do security in a seamless, frictionless manner.
David Moulton: Yeah.
Nikesh Arora: So I understand why the gap is. People don't want to create friction when they're trying to create delight and look for acceptance. They believe the goodness of mankind. So, "Oh, my God, I'm going to design this. People will use it the right way."
David Moulton: Yeah.
Nikesh Arora: But then you figure out as it starts to scale, it starts to become more omnipresent, that there are bad actors who can get access to it and do bad things with it. So at some point in time is the right time to think about security. Now, if you're really good, you design security right off the bat in the beginning so that, when it comes time, you can go put it together and it works beautifully at scale. I think that's the aspiration, not quite the reality. As you said, when you do design, you actually don't think about use. You think about functionality, you think about usability, you think about value. You don't think about security.
David Moulton: So you've talked about inflection points, when things quietly change before anyone notices. What signals are you paying attention to right now that you think the next shift is already underway?
Nikesh Arora: It's funny, I was on the phone, I was a few minutes late, and I was talking to somebody, because, look, there's stuff going on out there, but it hasn't impacted our lives in a more aggressive fashion. It hasn't impacted our customers' lives that much more aggressively. I read somewhere a few months ago where people talked about in the context of technology you start seeing signs early and then you look around and you don't see enough impact, you say, okay, maybe this is going to be just a passing shower. But you don't realize that over time, this thing's getting more and more -- gaining more and more momentum. It's getting bigger and bigger. It's going to be more impactful. I feel the same way about AI. Like, there's a $4 trillion company called "Nvidia." They're selling chips that are running out of fashion. Like, they're not really out of fashion. They're just buying more and more chips. And there's like hundreds of billions of dollars of infrastructure that seems to be have to be built in the next few years, or there are people looking at nuclear energy or fixing the electricity grid, looking for alternate sources of power. I was with a guy, big Thanksgiving, he's got a methane gas company. All this capacity was bought out by one of the cloud providers. I'm like, oh, my God, these guys are really going out there. So there's a big spend happening on building the AI compute. I notice individual behavior. And I used to never talk to ChatGPT or Gemini. Now I'm doing 10 or 15 conversations a day with these AI chatbots about anything and everything, right? How does this thing work? How do I do this? What should I do there? So I was in Tokyo, literally, Gemini was my best friend because I don't speak Japanese. I can't go scour Japanese websites to find things. And boom, I was asking, "I want to take my kids to a sumo wrestling show, where should I go? And rank them all." Great. That's better than me trying to go see 14 websites and figure out. So you can see that there's a rising consumer trend. You can see there's a rising trend in enterprise from coding, etc. You can see there's a large spend coming. So this thing is going to change our lives fundamentally. But we're not seeing it at scale in our customers just yet. That doesn't mean we can sit back and wait. It means we have to get ready for this future. How do we do that? Which means a lot of uncertainties. Well, if you don't see scale, how do you create scale and security? So you got to figure out, you got to make a bet. You can say, "So where do we think this is going to go? This is where we're going to lay our bet. So we're going to go prepare so that when our customers get to a point where they actually see the need or there is a solution."
David Moulton: Anticipating that they're going to be hungry for security at that point. Nikesh, you've seen industry evolve through multiple cycles. Where do you think we are right now in the hype between AI, automation, and geopolitics versus the reality of AI, automation, and geopolitics?
Nikesh Arora: I think what you're seeing is a rapid adoption of the consumer use case, right? I think in the next 12 to 24 months it will become impossible. People will be talking to their chatbots about everything, whether it's how to deal with personal things or how to deal with whatever the topic. You pick your topic, and I think things will get more and more specialized over time, or you have your favorite -- kind of happened in search. I used to work at Google. There was a time there was one big search box, and then Maps became a thing, and then Google Local became a thing. So you start seeing more and more training is going to happen in very specific categories where things are going to get good at. For example, today there's a different model that creates videos for you and there's a whole automation around how to create videos, a different model that has a textual conversation with you. So yeah, I think you'll see some degree of specialization, and these models are going to get more and more powerful. That's going to happen. I think as it relates to automation, automation has always been around. You know, we used to do process automation, workflow automation, robotic process automation. Process automation has already been around. I think on AI first, you're going to see we're going to get more and more hungry for more data, because the more data you have, the more we can train AI to solve harder problems. We'll discover that in the enterprise context. Today, any enterprise probably collects 20% of the data they need to run it more efficiently. So we're going to actually have to three to five times our consumption of data in every enterprise to get better outcomes. Why should 3,000 salespeople at Palo Alto have to go discover the problem every time and try and solve it themselves? Why, if you had collected all the data how this guy solved it two years ago, we should have a beautiful chatbot. When you go on to the next customer, it says, boom, here's all the learning I have from the 300 interactions I've been tracking. Add your interaction. Here's the best strategy I can give you to execute the problem. So we're going to become very hungry on data consumption, which is why they're spending so much money in creating all these large infrastructures that is needed to be able to train these models, train the use cases, train the applications. I think on the automation front, eventually people will want AI to execute on their behalf, which is like sort of, if you're so smart AI, you can tell me, why can't you do it? Now, do it requires automation and connection to control systems. I mean, think about, you know, Waymo. There's no human being in the car. Somehow the model's figured out, from more machine learning than generative AI, machine learning's figured out what the right solution, what the right response to that scenario is, and actually, it's connected to your brake, your accelerator, your turning signals. Everything's connected to this effective brain in your car where you've given the autonomy to that brain to execute. Imagine that having to be applied to everything in life, right? You're, you know, a digger, or if you're in construction or something that, you know, favors your stuff that you use in agriculture, all these things could, over time, be trained to execute on their own behalf, but it still needs a lot more training to get there. That's what's going to happen in automation and AI. I think geopolitics is a different one. I think because of the humongous amounts of data involved, a lot of countries are very nervous about their data leaving their country. We've seen that in the Internet scenario. I think just going to see this at scale, where people say, "Wait a minute, that's too much information about my employees or my citizens and I don't want this data to leave the country." So you're going to see a lot more rigor around data sovereignty, people wanting to do it in their own countries, wanting models to be built in their own countries, which I think is kind of a false argument, because this happened, again, 15, 20 years ago when search came around to Google and people in every country wanted their own search engine, but you don't realize that you don't have the scale and the capability and the competence to go build this 150 times across the world.
David Moulton: Right.
Nikesh Arora: So we'll still see large global companies solving these problems, but we'll have to figure out ways that these become acceptable to nation states. And I think there's going to be a whole set of social challenges in -- if AI gets too good too soon. [ Music ]
David Moulton: So let's zoom out for a minute. I want to ask you about how organizations should respond to this moment and what happens to separate those who, you know, succeed and those who fall behind.
Nikesh Arora: Well, look, anytime there's an inflection point, there's tremendous amounts of uncertainty, right? You know what is going to become obsolete, but you don't quite know what is going to become trendy, right? So you can sit there and say, "Well, I'm just going to wait till I figure out what becomes cool and I'm just going to move from where I am to there." The problem is, it's not that easy, right? You have to not just anticipate where the trend is going. You have to prepare your organization and the resources to get there. Otherwise, the risk is that Silicon Valley will go fund those people who are thinking purely about the new world, and there are 10 different people who are trying 10 different ideas in your space, and one of them is going to hit. And then you'll be two years behind with no organization, no resources deployed against it, and you'll be behind the eight ball. So part of our job is to sit there, especially in times of inflection, and look around corners and say, hey, where do you think this could be going? Where should we take our bets? But maintain the agility and flexibility of turning on a dime if things don't go in the right direction. So some mistakes will be made. Hopefully, you can make fewer mistakes and get more things right, and, you know, our brains move faster than reality sometimes, so you usually have some window, but you have to be ready. I think part of what we are doing at Palo Alto, what leaders have to do around the world is get their organization to be ready, start embracing new technology, understanding people who are getting good at it, people who need to be trained, or people who need to go out and learn again and get good at it, because I think this has the property of fundamentally transforming almost everything we do.
David Moulton: So you've talked about building with intention rather than reacting to the noise, and I think that you're talking about that a little bit when you're saying, you know, you don't want to wait, you don't want to overreact and go for the wrong things, sort of find that balance. How does that psychology and that philosophy show up here at Palo Alto Networks when you're thinking about the future of security and where to drive this company?
Nikesh Arora: Well, look, if you go back, and it's easier to go back in hindsight and show you what happened, like, when I came here, we were a firewall company. At that point in time, I, kind of like my plastics moment, where I wrote "cloud and AI" on a piece of paper and I talked to Nir and Lee, our founder Nir and Lee, who's our Chief Product Officer and our board member now. I said, "Look, I don't know how you guys did security, but I will tell you, the two biggest technological changes in our life are going to be cloud and AI, at least in our lifetimes." At that point in time, cloud was just sort of taking off. It wasn't fully developed. People were still experimenting or just doing early deployments. It's obviously done phenomenally well in the last several years. But what it did was it fundamentally changed everything. It changed the network architectures, it changed how services are delivered. And just that insight allowed us to move and transform all of our on-prem services to the cloud, allowed us to build firewalls for the cloud, allowed us to build a SASE business for network infrastructure. So I think you have to have the right insight. And then we, you know, at that point in time, just like I said, there was a thousand flowers bloom, there were so many people trying to invest in so many different businesses, and we just looked at, say, yeah, yeah, yeah, don't think it's going to work. Have you seen that? You see, like, you know, you see the debris of startups in the cloud security space. You see debris of startups which tried to go out and do SASE. So I think it becomes, you could get caught up in the noise. Oh, my God, look at all these 10 different companies. They're doing this. We should do the same thing. Well, same thing happened, for example, in our SIEM example. We sat down and said, "Hey, it takes us four days to solve problems in our SOC." I said, "We need to get to be real time." And literally everybody around me was like, "What are you talking about? What do you mean real time?" It's like you got to be able to analyze it and be able to do real time. But to the, you know, to the credit of our team in Israel, they got the idea and said, "We understand," which means we have to start analyzing data as we get it, not wait when the problem happens. So traditionally, SOCs would analyze the problem when the problem appeared. Like, forget it, we're going to analyze everything to see if there's a problem. That architecture fundamentally transformed what we do in the SIEM compared to everybody else in the market. So today we have the most radically different architecture which allows us to aspire towards getting our customers to one minute. Most existing SOC solutions can't get there because they don't do that part of analyzing data upfront. They still wait to do some of the risk correlation, UEBA at the back, which gets you closer, gets you faster, but doesn't get you real time.
David Moulton: Exactly. No, I look at the whole thing and it's like, no bank would allow for four days after they've been robbed to go "I think we've been robbed, we should probably call the cops."
Nikesh Arora: Actually, maybe shut down.
David Moulton: Yeah, nobody would accept that, but we accepted that as a norm as we've grown into this tremendous problem. Okay, how do you decide where to lead and where to follow when you've got a thousand blooms in front of you and you could chase or you could hold?
Nikesh Arora: Look, in the end, it boils down to impact and prioritization, right? And a little bit of survival. What I mean by that is we look at the landscape and say, where can I have the biggest impact and where do we need to get this right? Right? If you don't get the network transformation right, 80% of our business will falter. You got to get that right. If you don't get two features in cloud security right, okay, it has less impact. So the question is, you've got to sit down and prioritize. Where is the maximum impact today, tomorrow, and three years from now? If you can identify those and say, "Those are the nuts I'm going to chase," or "Those are the things I want to go pay attention to, focus on," that becomes sort of a self-driven prioritization mechanism. At the same time, you look at the other end and say, where do I get in trouble if something breaks, right? Because your risk is not just that you didn't capture the upside. Your risk is also that -- the risk of downside. So you can say, if our customer support system crashed, then we would never be able to support our customers. That'd be a bad thing. Or if somebody got breached, that'd be a problem because that would destroy reputation for us and we wouldn't be able to achieve our targets. You actually look at both ends of [inaudible 00:25:15] and say, where's my biggest opportunities from capture more market share or more business? And then where's my biggest risks of where, if these things don't work, we'd be in a fundamentally bad place? And then there's a third piece to say, what am I doing different? Where's my bet? If I'm doing everything everybody else is -- the same thing that everybody else is doing, then I'm just going to be better executed. Where's my radical bet? Like XIM. Where's my radical bet, like buying 30 companies and trying to integrate them to Palo Alto? Where's my radical bet which, if we get right, is going to fundamentally transform who we are? Now, we've done it once, we're going to do it again, right? We did it seven years ago, saying how do we become the largest cybersecurity company for $18 billion? Now we're, you know, with CyberArk, be $150 plus. The question is how do we take $150 to $500, and that requires a whole different thinking in terms of what do we prioritize and where are the big nuts that we got to chase or what are the things we got -- risks, etc.
David Moulton: Do you have a set of principles that you use to guide those decisions?
Nikesh Arora: There are. Part of it is situation-dependent. But when I came to Palo Alto, the first few weeks I would say things and people would look at me strange, saying, "What's he talking about? Why does he think about this stuff this way?" I realized, oh, my God, I don't work at Google anymore. I work at a different company. These guys and me don't speak the same language. So I actually wrote down my business principles over a weekend and brought them into my staff meeting so I could debate this. This is how, why I do things the way I do it. Over the last seven years, it's become an 11-page document, and pretty much most senior people who come to Palo Alto, it's required reading. You've got to understand how we think about things. So it kind of creates the same language.
David Moulton: So the threat landscape has evolved. How do you think about balancing innovation with responsibility, especially when the stakes from a security standpoint are so high?
Nikesh Arora: Look, the threat landscape, by its definition, has to evolve, right? Because if you plug the holes, the bad guys got to look for different ways to come --
David Moulton: It would be a seriously boring industry to be in.
Nikesh Arora: Exactly. Well, it wouldn't be an industry, right, if the bad guys, "Oh, thank you, you've solved everything. I'll go off and do something else." So by definition, the threat landscape constantly evolves. I think part of what we have to do is to make sure -- like security goes in certain drills. Like I always say, how secure you are depends on how big a hammer they come with, right? If you come with a really big hammer or if a nation state attacking you, then your chances are that, you know, you have to have a lot of security. If it's some guys looking for stolen credentials, they're trying to get into your system, it's a different problem. So I think it all depends on how big the hammer on the other side is. So you got to get your hygiene right. You got to make sure that stuff that everybody gets right should be done right. So from a question of, you know, how do you balance innovation, and I'm guessing this is more customer lens or our lens.
David Moulton: Which one sprung to mind for you?
Nikesh Arora: Look, from a customer, and they're constantly, we talked about, AI, they're constantly trying to figure out how to deploy this so cool that they can look good for their customers, etc., so they don't spend much time thinking about security. So we have to make sure we think on their behalf on how to innovate now to make sure they stay secure as they try and get the benefits of the inflection part of technology. Similarly, we are also a company. Our job is also the same to ourselves, right? You have to eat your own dog food. So we got to make sure that we are innovating as well without getting bogged down by a lot of requirements. At the same time, we have to be doubly sure, because if we get breached or we're in trouble, then we risk the reputation risk of our customers wondering, what are we doing with this stuff? So I think the standard for us is slightly higher when we do these things versus our customers.
David Moulton: Yeah. So Nikesh, you've talked about judgment and leadership, and earlier you talked about seeing around corners, but there's always a human, you know, no matter how bulletproof your decisions look like when we go in hindsight, and I want to spend a moment there and talk to you a little bit about you.
Nikesh Arora: Oh, okay.
David Moulton: How has your relationship with pressure changed over the course of your career?
Nikesh Arora: It's gotten better, because if you think about it, my job is to sit down and cogitate over the strategy of the company, where we should be going, in consultation with the leadership team and other smart people in the company, which we do a lot, a lot, a lot. Once we do that, then the next question is an assessment of, well, we've got these plans, so how do we execute them? Do we have the right resources? Do we have the right people? Can we afford it? So it's kind of like funding the plan. And then the third thing is, I'm sort of troubleshooting, saying, "Oh, let's make sure we tweak this a bit" and sort of keeping track of. That's kind of the three jobs that a leader has. Define the strategy, resources right, as in manage people, put the people in place, capital, whatever you need, and third is to make sure you monitor the progress. That's what every leader should do pretty much because the rest of the work is on my people. Now, in that context, I always joke we have 16,000 people, with CyberArk around 20,000 people. I think all the easy problems get solved before they come to me. If it's an obvious answer, people go execute. So only hard problems keep getting escalated. The hardest problems come to me. So by definition, I don't get a call from somebody saying, "Hey, Nikesh, just want to let you know we had a great meeting with the customer. They're buying everything, everything's working great." And the customer says, "Your team was great, thank you for your business, and thank you for letting me do business with you." That'd be the best phone call in the world, right? I don't get those as many times. I do get them sometimes, quite nice of people, but very often it's somebody who's got a problem that needs resolution, and it's clearly a complex problem because people in the rest of the organization have not been able to solve it. It keeps getting escalated. So I joke, like, my job, if I took pressure every time, everything is pressure. It's kind of like working in ER. If everything is life or death, a matter of life and death, then it becomes normalized. So over time, I think the pressure is normalized. I get into fix mode as opposed to stress mode. Okay, I get it. This is a problem. There are three logical ways to solve the problem. There's none of these ways that makes everyone happy. So we're going to make choices. Well, what choices do we have to make that stick to make -- that ensure that we don't impact our long-term aspirations and it doesn't change our principles. It makes it a lot easier.
David Moulton: And when things do get heavy, do you have something that you go to, to reset?
Nikesh Arora: Yeah. Well, look, first and foremost, when things get heavy, there are some trusted people who want to bring this conversation, share the word, right? There's one reason that -- and, yeah, sure, I'm the CEO, doesn't mean I can't talk to people and ask their opinion. So I'll call the director, I call some of my people on my team, we'll chat about it, and we'll cogitate over the best options are. So it allows me to at least kind of run things by people over time and get them involved and then make a decision. And if that requires you to go for a long walk by yourself or around the neighborhood and come back, that's what I'm going to do. That's what you do. And look, part of what you need to do as leaders is to eliminate uncertainty and create clarity. Now, that's why those hard problems come to you, because your job is to sift through them, find the solutions so people can go on and get shit done. So that's fine. It's par for the course.
David Moulton: Sounds a lot like parenting at times.
Nikesh Arora: Oh, that's harder. [laughter]. Remember, parenting has another human being on the other side.
David Moulton: I know.
Nikesh Arora: So it doesn't matter what you think. It matters what -- how they interpret what you think. That's a whole different problem. That's a whole different episode of your podcast.
David Moulton: What's something about you that doesn't show up on your resume but shapes how you lead?
Nikesh Arora: I find solace in first-principle thinking. Otherwise, you can get caught up in how things are done. I think that -- my pet peeve is when somebody says, "Well, this is how we've traditionally done it." Well, use the word "traditional" I use the historical context saying, yeah, sure, you know, they used to go dig fields with picks and shovels and now they use tractors, so that doesn't mean that the fact that it is one way applies in the future. So part of it is you have to go back and rethink the problem under the current circumstances to see could this problem be solved differently, and if it was solved differently, would it create a great outcome? And I think that's the job of every leader. Every leader should be looking at things to see, how could we do this differently? How would this be better differently? How would we add value more if we did it fundamentally in a different way?
David Moulton: Is that something that you grew up with, your parents and your family taught you, or that you picked up when you started your career? Did you come to it kind of organically?
Nikesh Arora: I guess subliminally it is always there. I think it comes from a deep laziness.
David Moulton: A deep laziness?
Nikesh Arora: Yes.
David Moulton: Okay.
Nikesh Arora: When you're lazy, you're always trying to find a better, faster way to do it. How do I get this done better, faster, without putting in as much effort as everybody else is putting in?
David Moulton: Okay, so you strip away the titles and the expectations and the noise of this moment and you look back on it. What do you want people to remember about your leadership and our place in cybersecurity here at Palo Alto Networks?
Nikesh Arora: We want to do the right thing for our customers. We want to be the mission-driven company that is always looking to solve the problem in cybersecurity where it exists. Now, seven and a half years, we operated in a certain sliver of the industry. Today, I'd say we have coverage for 80-plus percent of the industry, which is great, which means our customers can come talk to us about a myriad of problems and we can actually cross-correlate across all the different things we do to see how well we can solve the problem. So I think from that perspective, the fact that we are trying to simplify cybersecurity and solve the problem should be something that people hopefully remember. Palo Alto was the first company to go from industry tracks towards a platform approach that was delivered to the customer. I think outside of that, I think personally, going back to what I said, I think people need to understand we're looking for constant, continuous improvement, right? We're always trying to do better. It's impossible to be perfect in a professional context. Everybody has things. We have 16,000 people, some 20,000 people, somebody's going to slip up somewhere. Our job is to make sure that our customers understand our intent. As long as they believe our intent is right, that we want to do the right thing, they will excuse anything that didn't work out the way it needed to work out as long as we showed up the next day and say, "I'm here, I'm going to fix it and I'm going to keep at it until I solve the problem." So I think intent becomes important. Intent is a cultural thing. Not just me, it's the whole company. We all have to have the intent that our intent is to make sure we solve your problem with you, stand by you all the time. That's why we say the words "cybersecurity partner of choice" for that reason, right?
David Moulton: Yeah.
Nikesh Arora: And lastly, personally, I'd like to be seen as somebody who tried to do the right thing and was fair, and that's about it. [ Music ]
David Moulton: Nikesh, thanks for coming on the 100th episode of Threat Vector. I really appreciate you giving us a bit of your time today, sharing your thoughts, your philosophy, and your insights.
Nikesh Arora: Well, thank you. Congratulations on your 100th episode.
David Moulton: Well, thanks. That's it for today. If you like what you heard, please subscribe wherever you listen, and leave us a review on Apple Podcasts or Spotify. Your reviews and feedback really do help me understand what you want to hear about. I want to thank our Executive Producer, Michael Heller, our content and production teams, which include Kenne Miller, Joe Bettencourt, and Virginia Tran. Mix and original music by Elliott Peltzman. We'll be back next week. Until then, stay secure, stay vigilant. Goodbye for now. [ Music ]
