My View from the Cybersecurity Frontlines
Ryan Olson, Vice President, Threat Intelligence (Unit 42), R&D
When I was a kid watching Star Trek, I used to imagine that someday in the future, life would be like that: People walking around with small computers, instant communication devices, on their chests that would give them access to any information they needed. I think a lot of us did. We’d fantasize about having devices that could obey our every command and, at any time, we could just ask them to give us any information we wanted. But in those episodes, there were few moments in which security threats arose — where the communication channels those devices used to retrieve that information were threatened. No one ever asked about the system’s firewall. We just took for granted that it was all secure. That might not have made exciting TV back then, but none of us would want to be on the Enterprise under a cyber attack.
My colleagues and I who work in Threat Intelligence for Palo Alto Networks are often thinking about the technology of the future, and we still get excited imagining all that’s possible. But it’s our job to understand that as we move closer to that space-age future of our imaginations, we also become more vulnerable to cyber threats. We are constantly working to anticipate the threats to come, understand how they operate, and share what we know with the cybersecurity community in order to make the digital world safer.
My Journey to Threat Intelligence
I wouldn’t say I was predestined to work in cybersecurity. I had been interested in technology and planned to begin a career in programming while I was in college. But in 2003, the National Security Administration established the National Centers of Academic Excellence in Cyber Defense to address the (correctly) anticipated shortfall of cybersecurity professionals that could present a serious global threat. Each of the designated schools offered a scholarship for service (SFS) program: If you agreed to work for the government for two years, the NSA would pay for two years of schooling to train you in cyber defense. At the time I was considering earning a master’s degree, and although for personal reasons I didn’t end up participating in that SFS program, I got excited about a career defending computer networks, so I eventually enrolled in a master’s degree program in security informatics at Johns Hopkins University.
When it was time for me to do my summer internship between the two years of the program, I was fortunate to find a great opportunity with a security intelligence company. I spent an entire summer learning malware analysis, which led me to my current career.
The Knowledge Leaders
Unit 42 was started in 2014 by Palo Alto Networks’ Chief Security Officer at the time, Rick Howard, and myself. Rick is one of the smartest people I know, but his greatest talent is his ability to boil complex ideas down into simple, understandable terms. The idea for Unit 42 was to take all of the data we were collecting from our platform, in particular the WildFire malware analysis system and use it to not just create new prevention controls for our customers, but to better understand how adversaries are targeting them. With a stronger understanding of the adversary, we can build better products but also expose threat actors in the public and educate the world about their tactics. Our team consists of malware and threat intelligence analysts who look at our collective data to understand how adversaries launch their attacks, what tools do they use and how do they change over time. Then we share this information through our blog, white papers and other channels. In some instances we can go from uncovering a threat to publishing information about it in less than 24 hours. We move as quickly as possible to capture the critical details of the threat and share them with those who can use it to defend themselves.
This runs counter to the way many companies do business, which is to hoard information so that competitors can’t get hold of it. For us, there’s obvious value in sharing this information because our primary goal is to make it harder for the bad guys to win. If a bad guy has been launching attacks for three years, he’s doing the same things repeatedly because it keeps working. But if we write a report about it and publish it for the entire world to see, it stops the cycle of the attack, making the world safer for all of us.
As part of our global efforts, we founded the Cyber Threat Alliance (CTA) several years ago. This consortium of 25 cybersecurity vendors operates under the idea that a rising tide floats all boats. We share important threat intelligence with each other explicitly so we can all translate it into protection controls in our various products. What I love most about my work is the astounding amount of cooperation that I get from other organizations. When we need help or we need to alert customers to a problem of some kind, everybody immediately jumps in because they want to go and help. We all realize that we’re on the same team, fighting the same fight.
But there’s additional value for Palo Alto Networks in publishing this information: It demonstrates to the world that we are knowledge leaders in cybersecurity, at the forefront of the industry. Unit 42 is one aspect of the careers available in our industry, and sharing information is a crucial part of our work. Although people may not immediately know our company name the way they do others in the technology space, we are the biggest enterprise security company in the world, with 60,000 customers globally. So I think it’s important to point out to anyone who is considering a career in technology that working for Palo Alto Networks really enables us to have an enormous impact on worldwide security, and that is incredibly rewarding.
Welcome for a Working Mom
As someone who is results-oriented and prefers a fast-paced environment, I know that coming to work for Palo Alto Networks in April 2019 was the right choice for me. Nonetheless, it was a bit of a transition. I have a degree in marketing and began my career in market research before transitioning into product management, first in the payments realm and then in human resources technology. My background was heavily focused not only on bringing global products to market but also on improving the customer experience. I stepped away from the workforce for a couple years after my sons were born, and then I went back to work in product management for a cybersecurity company.
All of my experience has included an emphasis on privacy and data security, so in that respect, working in cybersecurity at the enterprise level made sense to me. But unlike my colleagues, many of whom have considerable technical expertise, my expertise is in the customer experience and the application of human behavior enabled by technology.
When I first came on board with Palo Alto Networks, it was intimidating for me — aside from being in a department dominated by men, I was also surrounded by these highly technical minds and lacked that knowledge myself. I was nervous. But over the last 13 years of my career, I’ve developed the ability to quickly comprehend the customer’s perspective and where it ought to be, and I soon realized that this is a valuable perspective that I could contribute, and before long that feeling of intimidation went away. That’s one of the things I appreciate here — that the environment encourages people from a variety of backgrounds, with a wide array of skill sets to join the team. It’s because they realize that diversity is what ultimately adds value to what we can offer our customers.
A Human Touch
Focusing on the customer experience isn’t typically where the priority is in cybersecurity. There’s a perception that customer experience discussions are “fluffy,” that it’s too touchy-feely with its focus on how customers feel and what they want. But what a lot of people don’t know is that it’s a science that involves collecting and analyzing quantitative and qualitative feedback. And it’s also an art, knowing how to talk to customers to arrive at the root of what problems they need and want solved. Sometimes they don’t know it themselves, so you have to know how to get it out of them, which isn’t easy.
But Palo Alto is different and transitioning to make customer experience a priority. And we know, from industry trends, that companies are no longer just competing on technological features and functionality; they’re competing on experience.
As consumers, we all gravitate toward the apps that are easy to use, right? We engage with those apps that connect with us and speak to us emotionally. That’s the level of engagement we want for enterprise products, and that’s what I’m working on. So I get to be on the forefront of this transition to a more customer-centric focus, which is really exciting. I get to influence the ways in which we can improve the customers’ experience, get into their minds, understand their needs and motivations, and translate those things into features and functions that we haven’t even thought of yet. We are working to anticipate their needs and design a delightful experience for them, which is encouraging and empowering.
Diverse and Included
There are a lot of other companies that say, “We promote diversity and inclusion,” but they don’t really practice it. I never really felt the concept of inclusion until I came to Palo Alto Networks. Not only was I given an opportunity to join the company without an extensive network security background, but bringing a woman into this male-dominated field brings a different perspective, and this company saw the value in that. My manager has been a huge advocate of diversity and inclusion, and he has demonstrated this repeatedly. For example, many women have the experience of being talked over in meetings, but here, my manager is sensitive to that; there have been times where someone began to talk over me, and he stepped in and said, “Okay, I hear what you’re saying, but hold that thought please and let Debbie finish sharing her ideas.” I really appreciate a leader consciously thinking about these things.
In my fourth week with Palo Alto Networks, I volunteered to lead a customer journey mapping workshop, to share some of what I knew about this concept with the more technology-focused members of the team. As a new member on the team who clearly didn’t have the technical expertise that they had, I was nervous about leading , although I felt it was important to talk about this idea of looking at things from a more customer-based perspective. As I said before, this isn’t often a top priority for everyone, and it seemed clear that I didn’t have everyone’s full attention or buy-in. But my manager addressed it right away. He announced that this was an important subject, but that if these team members didn’t plan to participate, they were welcome to leave. The fact that he was willing to do that for me told me he had my back, that he saw value in what I had to say, and it gave me a wonderful sense of inclusion, empowerment, and support.
In my time with this company, I’ve seen a real desire to add to the diversity of the team, which includes encouraging more women and moms to apply. Cybersecurity can be an intimidating industry for women to enter, but it really is a great thing for us to have them because it provides a much-needed perspective. As we launch products and think of new ways to solve customers’ problems, we need to have those insights into the needs and values of ALL our customers, so the more perspectives the better.
It’s also important to say that I appreciate being given a chance to share what I knew here, even though I wasn’t the obvious candidate. At Palo Alto Networks, the managers here are willing to provide the training and resources we need to feel comfortable in our positions. There are boot camps, white papers, textbooks, and a wealth of people willing to share their expertise and help you to be successful.
So for women, my advice is not to be scared of a challenge. Instead, face it head on, like a bull! Women, especially us moms, prioritize relentlessly. We are master multitaskers. We have the ability to go broad and deep, that’s just how we’re wired. For example, when I’m planning to take my boys on a trip to a museum, I’m thinking, “Okay, what do I pack for snacks? Should I pack backup clothes? What time should we leave? Should we eat before we leave? What else do I need?” Our minds are always thinking that way so we can ensure we have a successful trip to the museum. It’s a lot of planning and prioritization. And each of those choices can make a big difference — like if we don’t have snacks, they’ll be grouchy later and it will ruin the trip.
Translate that to the technology world. If you want to ship this product, you need to get all the stakeholders aligned with it, because if we don’t, the customer will call us later with issues. If it’s not effective, they’ve paid millions for it and now we have a major problem. So what happens to our brand, and to their loyalty? And what happens to our company’s longevity? So thinking about all those pieces is truly valuable. This is the value a woman, a mom, can bring! So leverage those skills and bring them into the technology world, because it’s very much needed.
Not Just a Job – Journey of Growth and Opportunity
JoAnne Lucero, Associate IT Project Manager
Growth, innovation, support. If I was told to pick three words that accurately describe my journey at Palo Alto Networks thus far, those would be it. I started my journey with Palo Alto Networks a little over three years ago and I am grateful for my decision more each day.
Growth
I first joined as an Executive Assistant. At that time, I was a fly on the wall to the inner workings of IT. I observed how each domain operated, how projects added value to the day to day activities of Palo Alto Network employees. I saw the momentum, the growth, and the innovative direction IT was heading and knew I wanted more involvement. I spoke with my manager about expanding my role without compromising my responsibilities and the support I received was nothing short of amazing. I started by refining my professional development plan and starting a trial stretch role as a Scrum Master. It was difficult to juggle the tasks from two different roles, but I was excited for the opportunity to see where this job could take my career.
As a Scrum Master, I was the facilitator of projects and worked to remove any roadblocks that stood in the way of the team’s progress. At the end of the stretch role trial, I was offered the chance to move into the Scrum Master position full time, which was exactly the direction I wanted to go in my career. It was a great opportunity to step into a role and move forward. That step has led to my current position as a Project Manager for the Infrastructure team.
Innovation
I have been involved with high visibility projects in my new position that have a real impact on our employees and productivity. I have worked with teams to build out the technology infrastructure for new buildings and improve on existing spaces. We made sure there was wifi when you are outside at HQ. We want employees to be able to walk from building to building without losing service and have the option to work outside. We also made sure there was always service in the elevators. How annoying is it when an important call is dropped right as you go to get on an elevator? We knew there would be a lot of people moving around through the buildings while taking phone calls for business and we made sure to address that. What excites me the most is that I am directly involved in projects that will grow and transform our business.
To keep with the pace at which Palo Alto Networks is growing, IT needs to be quintessential at enabling employee productivity, not blocking it. As a potential employee, think of all the ways you could positively contribute to that? Employees see the day to day pain points in a company, and our IT program sets us up and supports us in solving those problems, which in turn helps the entire company. We are constantly working with different groups to improve on work locations and always thinking about the next steps.
Support
We all have our daily work rituals and tasks, but what I love about IT is employees are given opportunities to do more outside of their company assigned tasks. Through programs like The Shark Tank where they can present a personal idea to be funded by the company and Hack-a-Thons where they work on a program for a 24 hour period as part of a larger group, employees are encouraged to work on passion projects and turn ideas into working applications. Brown Baglunch gatherings provide employees with a casual setting to discuss what they are working on to other employees in the company, including our CIO. . Within our IT department specifically, employees can shadow one another or do rotation assignments to expand their knowledge outside of their own work and test potential future directions in their career.
I look back at the past three plus years and think about how the opportunity to make game-changing and innovative contributions as well as the opportunity for professional growth and the amazing support of colleagues, all sums up why I love being a part of Palo Alto Networks.
Outside the (Job Description) Box
When a friend of mine first approached me about joining him at Palo Alto Networks, my initial response was no, I was happy with the company I was working at. But he repeatedly suggested it to me and expressed his passion for this company, and although I said no several times, I was intrigued about this company and decided to learn more.
I agreed to do an interview with a member of the executive team, but it wasn’t like any interview I’d ever done before. Mostly, it was just an enjoyable conversation where this person talked about the organization — where it’s been and where it’s going — and then shared his thoughts on how my skill set was valuable to where they were headed. It was less about my doing any specific job and much more about the culture, people, and future of Palo Alto Networks, about what we’re going to become, and ultimately, that’s what hooked me.
I have had a career in technology, marketing both hardware and software, data management as well as cybersecurity. This opportunity intrigued me because of what’s at stake, this is about something personal that affects all of us, every day — the protection of our personal information. I take our mission very seriously, for myself and for my kids. It’s not just a job, it’s a critical aspect of safety in our lives, so it’s not just important to me on behalf of the company; it’s important for my family’s future. In this position, I have the privilege of being able to spread that important message and contribute to people’s digital safety, and I’m really proud of that.
Outside the Job-Description Box
Since I joined Palo Alto Networks, I went from having no direct reports to leading a team of 15, and we’re constantly growing. The company and our individual careers are growing at a rocket-ship pace, and I’ve learned a ton.
My primary focus in this position is on partner and services marketing. I’m working with all kinds of people every day, each of whom has a different amount of understanding about cybersecurity and our products, so it’s important for me to communicate well with people on any level, whether they’re laypeople or technology experts, and get them excited about what our organization does. My day-to-day work involves writing that effective messaging, working one-on-one to present our products and enable people to use them, and generally sharing the importance of how working collaboratively will change the future of the industry.
When I first started here, my responsibilities were much narrower in scope, but the company has grown so fast that the scope of my work has grown with it. In fact, “scope of work” isn’t really a term we use around here. This is not a linear company, and people don’t do linear jobs. We’re very fluid, and things are always changing.
The people who thrive at Palo Alto Networks are those who can embrace and even chase that change. We don’t like to just stick with what we know. Instead, we just go for it, we try new things, we make things happen. Our philosophy is that we fail fast and learn faster. We’re encouraged to make mistakes because that means we tried something new, pushed ourselves, rose to meet a challenge, and we learned something from it. I’ve been pushed more at this company in my three years here than I ever have before.
One of my favorite parts of this job is being involved in the interview process and giving people a peek, during our 45 minutes together, into just how unique and special this company is, and how it’s like no place I’ve worked.
A Career in the Support Arena
I have worked in the technology field for over twenty years. Starting my career as a field engineer in the communications sector around 1997. From engineering I moved into program management and then into a people management role. During my career, I have covered a broad variety of fields within technology and whether it was working with contact centers, customer relationship management platforms, or software to web portal technologies, my entire career has been focused within the support arena.
Presently, I am the manager of a global customer support business systems team. We help our company mission of protecting our way of life in the digital age by providing behind the scenes support of mission critical applications used by our organization. In gathering our stakeholders business requirements, analyzing complex problems, we deliver solutions used by our organization to address our end customer’s support needs. It’s a constantly changing, challenging, and evolving ecosystem – but one that I am always glad to work on every day in a field that I am proud to be a part of.
Why cybersecurity?
When you hear the term mission driven company, typically you think of a not for profit company. Most for-profit companies’ goals are to increase value to the shareholders and to sell something, typically that people don’t need. I didn’t want to be associated with that. I wanted to be in a job that really had something of value to offer and something I would feel good about aligning myself with. Today, in my role, I support the equivalent of technology first responders, who are on the forefront, servicing our customers in successfully thwarting cyber attacks against their networks. That is mission-driven and I don’t see a lot of opportunities in the tech sector where you can say that you are really doing something that is a positive in the industry and for the betterment of society as a whole, that is not just seeking a profit.
For me, I am connected to technology in ways most are not. I literally depend on technology to keep me alive. I have an implanted cardiac device that is remote controllable via a network. Understanding that, I want to make sure there isn’t a hacker out there who can access my pacemaker. So you can say, I have a very personal motivation to ensuring networks are protected. I also have a passion for making sure that the world is as safe as possible because everything is becoming more and more intrinsically dependent on networks and data.
When I look at technology and how everything is increasingly becoming more linked, whether it’s an appliance in a home or a car, there is some level of technology behind it that is being routed over a network and having that network secure is extremely important. That’s the mission. As such, I am a part of something that is protecting our digital way of life and that means that I’m not only coming to work to add value to a specific function, but in a way, I’m part of something that is important and is making a difference to the world we live in as a whole.
Why Palo Alto Networks?
The types of companies I’m drawn to have always seen support as a differentiator in the industry. That is important. My team comes to work knowing what they are doing is valued and matters. A lot of companies say that for support, you just should be on par with the rest of the industry. Who wants to go into a place where they are told that mediocrity is ok. Really? Are we are ok with that? Similarly, who wants to be told your job is important but doesn’t bring a lot of value to the mission of the company? I joined Palo Alto Networks because they believed in legendary support.
Working in a Fast-Paced Industry
I think we all know and hear that things move fast, but I don’t think you get a full sense of how fast things move until you are here. Things move extremely fast at Palo Alto Networks and you need to be nimble and agile. It’s important to be passionate and invested in your project but it is also important that when priorities change that you don’t take it personal if you need to drop a project and switch gears. The value you bring in a role comes not only in your ability to deliver, but also how quickly you adapt, when priorities change.
The People
The caliber of individual that is drawn to Palo Alto Networks is truly unique. In my career I’ve had strong relationships with peers outside of work who were coworkers that became friends, but my current team often does things as a group, that is completely voluntary and not company sponsored and usually you’ll see 100% participation. We spend a lot of time together at work, and they will still make the choice to come and spend even more time together outside of work. I believe in connecting at a human level, because we are more than the sum of the projects we deliver and having time to recoup and bond outside of work, to connect on a personal level, provides a personal reward, camaraderie and friendship that I really appreciate. The team’s closeness and how they build on those relationships is amazing to be a part of. It feels more like family than coworkers, and that’s something I’ve never had before in my twenty plus years of working in the technology field.
My Experience in Tech
I have always been drawn to science, as a child I loved astronomy and the idea of space exploration. I knew from growing up as a kid in the late 70s and 80s that there was the concept of spin in technology, that by the time you produce something, and it goes to market, it’s already obsolete. I understood that. However what I see today in the evolution of technology, is just how accelerated that change has become. Advancements come at an exponential rate. The amount of physical space that a chip takes now versus when I started in my career is amazes me. I never thought we would cross the barriers of understanding that we have. As machine learning and AI become more present in our everyday life, we will have to determine what the ethical responsibilities of that are. I feel as if the generation coming to the market today will be able to achieve more in terms of technological advancement than the founders of Apple and Microsoft did and do it in one fifth the time and the center of it all, is AI. We stand at the precipice and I feel that is if I’m part of that history that is about to unfold. As a society we are on the tip of the next great evolution and I’m excited to be involved in it.
I think we live in an amazing time and I believe in what we are doing as a whole in terms of technology. But as with all things, where there is something meant for good, it has the potential to be turned or exploited for the bad and so at the center of it all, you will always need cybersecurity.
My advice for Jumping into Cybersecurity
First and foremost, believe in yourself. Don’t let someone else define or dictate what you can do. I have physical limitations, I’m legally blind, and I remember being told at a young age that I would never amount to anything because of it. That I would never be a productive member of society. That is when I learned to not let someone define who you are. So you must first believe you can do it. Then you go get the skills that you need to succeed. Attitude in everything. Anyone can learn a skill and it doesn’t always have to be through conventional channels, but not everyone has a good attitude. I think that’s what sets Palo Alto Networks apart from other companies. We look at the attitude, not just the aptitude of the individual. Maybe a candidate doesn’t necessarily have all the relevant background, but they have something similar. We ask can they achieve this job, and do they have the right attitude, and we weigh that against a set of qualifications.
Lastly, you must continue to keep an open mind and be coachable. If you are willing to learn and willing to grow, you will find a lot of doors open for you in your career path. You can’t allow yourself to get to the point where you think you know everything. Never lose that zest to learn and keep an open mind.