My View from the Cybersecurity Frontlines
Ryan Olson, Vice President, Threat Intelligence (Unit 42), R&D
When I was a kid watching Star Trek, I used to imagine that someday in the future, life would be like that: People walking around with small computers, instant communication devices, on their chests that would give them access to any information they needed. I think a lot of us did. We’d fantasize about having devices that could obey our every command and, at any time, we could just ask them to give us any information we wanted. But in those episodes, there were few moments in which security threats arose — where the communication channels those devices used to retrieve that information were threatened. No one ever asked about the system’s firewall. We just took for granted that it was all secure. That might not have made exciting TV back then, but none of us would want to be on the Enterprise under a cyber attack.
My colleagues and I who work in Threat Intelligence for Palo Alto Networks are often thinking about the technology of the future, and we still get excited imagining all that’s possible. But it’s our job to understand that as we move closer to that space-age future of our imaginations, we also become more vulnerable to cyber threats. We are constantly working to anticipate the threats to come, understand how they operate, and share what we know with the cybersecurity community in order to make the digital world safer.
My Journey to Threat Intelligence
I wouldn’t say I was predestined to work in cybersecurity. I had been interested in technology and planned to begin a career in programming while I was in college. But in 2003, the National Security Administration established the National Centers of Academic Excellence in Cyber Defense to address the (correctly) anticipated shortfall of cybersecurity professionals that could present a serious global threat. Each of the designated schools offered a scholarship for service (SFS) program: If you agreed to work for the government for two years, the NSA would pay for two years of schooling to train you in cyber defense. At the time I was considering earning a master’s degree, and although for personal reasons I didn’t end up participating in that SFS program, I got excited about a career defending computer networks, so I eventually enrolled in a master’s degree program in security informatics at Johns Hopkins University.
When it was time for me to do my summer internship between the two years of the program, I was fortunate to find a great opportunity with a security intelligence company. I spent an entire summer learning malware analysis, which led me to my current career.
The Knowledge Leaders
Unit 42 was started in 2014 by Palo Alto Networks’ Chief Security Officer at the time, Rick Howard, and myself. Rick is one of the smartest people I know, but his greatest talent is his ability to boil complex ideas down into simple, understandable terms. The idea for Unit 42 was to take all of the data we were collecting from our platform, in particular the WildFire malware analysis system and use it to not just create new prevention controls for our customers, but to better understand how adversaries are targeting them. With a stronger understanding of the adversary, we can build better products but also expose threat actors in the public and educate the world about their tactics. Our team consists of malware and threat intelligence analysts who look at our collective data to understand how adversaries launch their attacks, what tools do they use and how do they change over time. Then we share this information through our blog, white papers and other channels. In some instances we can go from uncovering a threat to publishing information about it in less than 24 hours. We move as quickly as possible to capture the critical details of the threat and share them with those who can use it to defend themselves.
This runs counter to the way many companies do business, which is to hoard information so that competitors can’t get hold of it. For us, there’s obvious value in sharing this information because our primary goal is to make it harder for the bad guys to win. If a bad guy has been launching attacks for three years, he’s doing the same things repeatedly because it keeps working. But if we write a report about it and publish it for the entire world to see, it stops the cycle of the attack, making the world safer for all of us.
As part of our global efforts, we founded the Cyber Threat Alliance (CTA) several years ago. This consortium of 25 cybersecurity vendors operates under the idea that a rising tide floats all boats. We share important threat intelligence with each other explicitly so we can all translate it into protection controls in our various products. What I love most about my work is the astounding amount of cooperation that I get from other organizations. When we need help or we need to alert customers to a problem of some kind, everybody immediately jumps in because they want to go and help. We all realize that we’re on the same team, fighting the same fight.
But there’s additional value for Palo Alto Networks in publishing this information: It demonstrates to the world that we are knowledge leaders in cybersecurity, at the forefront of the industry. Unit 42 is one aspect of the careers available in our industry, and sharing information is a crucial part of our work. Although people may not immediately know our company name the way they do others in the technology space, we are the biggest enterprise security company in the world, with 60,000 customers globally. So I think it’s important to point out to anyone who is considering a career in technology that working for Palo Alto Networks really enables us to have an enormous impact on worldwide security, and that is incredibly rewarding.
Welcome for a Working Mom
As someone who is results-oriented and prefers a fast-paced environment, I know that coming to work for Palo Alto Networks in April 2019 was the right choice for me. Nonetheless, it was a bit of a transition. I have a degree in marketing and began my career in market research before transitioning into product management, first in the payments realm and then in human resources technology. My background was heavily focused not only on bringing global products to market but also on improving the customer experience. I stepped away from the workforce for a couple years after my sons were born, and then I went back to work in product management for a cybersecurity company.
All of my experience has included an emphasis on privacy and data security, so in that respect, working in cybersecurity at the enterprise level made sense to me. But unlike my colleagues, many of whom have considerable technical expertise, my expertise is in the customer experience and the application of human behavior enabled by technology.
When I first came on board with Palo Alto Networks, it was intimidating for me — aside from being in a department dominated by men, I was also surrounded by these highly technical minds and lacked that knowledge myself. I was nervous. But over the last 13 years of my career, I’ve developed the ability to quickly comprehend the customer’s perspective and where it ought to be, and I soon realized that this is a valuable perspective that I could contribute, and before long that feeling of intimidation went away. That’s one of the things I appreciate here — that the environment encourages people from a variety of backgrounds, with a wide array of skill sets to join the team. It’s because they realize that diversity is what ultimately adds value to what we can offer our customers.
A Human Touch
Focusing on the customer experience isn’t typically where the priority is in cybersecurity. There’s a perception that customer experience discussions are “fluffy,” that it’s too touchy-feely with its focus on how customers feel and what they want. But what a lot of people don’t know is that it’s a science that involves collecting and analyzing quantitative and qualitative feedback. And it’s also an art, knowing how to talk to customers to arrive at the root of what problems they need and want solved. Sometimes they don’t know it themselves, so you have to know how to get it out of them, which isn’t easy.
But Palo Alto is different and transitioning to make customer experience a priority. And we know, from industry trends, that companies are no longer just competing on technological features and functionality; they’re competing on experience.
As consumers, we all gravitate toward the apps that are easy to use, right? We engage with those apps that connect with us and speak to us emotionally. That’s the level of engagement we want for enterprise products, and that’s what I’m working on. So I get to be on the forefront of this transition to a more customer-centric focus, which is really exciting. I get to influence the ways in which we can improve the customers’ experience, get into their minds, understand their needs and motivations, and translate those things into features and functions that we haven’t even thought of yet. We are working to anticipate their needs and design a delightful experience for them, which is encouraging and empowering.
Diverse and Included
There are a lot of other companies that say, “We promote diversity and inclusion,” but they don’t really practice it. I never really felt the concept of inclusion until I came to Palo Alto Networks. Not only was I given an opportunity to join the company without an extensive network security background, but bringing a woman into this male-dominated field brings a different perspective, and this company saw the value in that. My manager has been a huge advocate of diversity and inclusion, and he has demonstrated this repeatedly. For example, many women have the experience of being talked over in meetings, but here, my manager is sensitive to that; there have been times where someone began to talk over me, and he stepped in and said, “Okay, I hear what you’re saying, but hold that thought please and let Debbie finish sharing her ideas.” I really appreciate a leader consciously thinking about these things.
In my fourth week with Palo Alto Networks, I volunteered to lead a customer journey mapping workshop, to share some of what I knew about this concept with the more technology-focused members of the team. As a new member on the team who clearly didn’t have the technical expertise that they had, I was nervous about leading , although I felt it was important to talk about this idea of looking at things from a more customer-based perspective. As I said before, this isn’t often a top priority for everyone, and it seemed clear that I didn’t have everyone’s full attention or buy-in. But my manager addressed it right away. He announced that this was an important subject, but that if these team members didn’t plan to participate, they were welcome to leave. The fact that he was willing to do that for me told me he had my back, that he saw value in what I had to say, and it gave me a wonderful sense of inclusion, empowerment, and support.
In my time with this company, I’ve seen a real desire to add to the diversity of the team, which includes encouraging more women and moms to apply. Cybersecurity can be an intimidating industry for women to enter, but it really is a great thing for us to have them because it provides a much-needed perspective. As we launch products and think of new ways to solve customers’ problems, we need to have those insights into the needs and values of ALL our customers, so the more perspectives the better.
It’s also important to say that I appreciate being given a chance to share what I knew here, even though I wasn’t the obvious candidate. At Palo Alto Networks, the managers here are willing to provide the training and resources we need to feel comfortable in our positions. There are boot camps, white papers, textbooks, and a wealth of people willing to share their expertise and help you to be successful.
So for women, my advice is not to be scared of a challenge. Instead, face it head on, like a bull! Women, especially us moms, prioritize relentlessly. We are master multitaskers. We have the ability to go broad and deep, that’s just how we’re wired. For example, when I’m planning to take my boys on a trip to a museum, I’m thinking, “Okay, what do I pack for snacks? Should I pack backup clothes? What time should we leave? Should we eat before we leave? What else do I need?” Our minds are always thinking that way so we can ensure we have a successful trip to the museum. It’s a lot of planning and prioritization. And each of those choices can make a big difference — like if we don’t have snacks, they’ll be grouchy later and it will ruin the trip.
Translate that to the technology world. If you want to ship this product, you need to get all the stakeholders aligned with it, because if we don’t, the customer will call us later with issues. If it’s not effective, they’ve paid millions for it and now we have a major problem. So what happens to our brand, and to their loyalty? And what happens to our company’s longevity? So thinking about all those pieces is truly valuable. This is the value a woman, a mom, can bring! So leverage those skills and bring them into the technology world, because it’s very much needed.
Focusing on Customer Success in Cybersecurity
Gilad Shriki, Senior Director, Customer Success, Demisto
One of my favorite things about working in cybersecurity is that it’s the battle of good versus evil. It’s not something you always have within other technology-based businesses. But working in cybersecurity, there’s a strong sense of purpose and knowledge that I’m fighting for good.
Leading Customer Success
I started my cybersecurity career in the Israeli Defense Forces, where I led a team of developers. I moved into systems engineering and product management for a telecommunications firm, followed by about four years doing database security before coming to work for Demisto, as the Director of Customer Success. Soon after joining, Palo Alto Networks acquired Demisto, giving me the opportunity to expand my role and develop new technologies.
Customer Success helps with all customers’ activities after they’ve purchased our products — from onboarding to integration, technical support, ongoing engagement with our team, and even program management. Within the Customer Success team, it’s our goal to ensure that customers continue using our products as successfully as possible, ultimately keeping their environments protected and up to date.
Dynamic Days, Dynamic Company
Cybersecurity is an ever-changing ecosystem, and I think it’s one of the most interesting and dynamic fields out there. It challenges you to constantly learn, staying ahead of the newest threats and technological evolutions.
If you want to work in this industry, you have to be someone who questions what we often take for granted. You need to be thinking about how someone could maliciously use data. I don’t believe there is such a thing as too much defense or protection, and it’s something we take to heart in this industry.
As part of working with a vendor like Palo Alto Networks, it’s our job to constantly be innovating. Our job isn’t one of maintenance, it’s improving the products to serve our customers, and challenging the status quo. It means it takes someone who doesn’t like to sit still, seeks new challenges before they arise, and think critically, and quickly, to shape the future of our products.
When people ask me what my average workday looks like, I tell them that there isn’t one. It’s so dynamic that every day brings something different and new. I’m leading a large team of people, all of whom bring unique attributes to their work. I’m always thinking about what services we can offer to customers, growing the team, and planning what we want to do in the future. I also enjoy a high level of interaction with customers, and every interaction is different. I never know how my day is going to look; it’s always changing, but that’s what makes this job amazing.
In my newest role as senior director, I try to be the kind of leader who empowers the team, someone who trusts and gives support to those I work with. I think a good manager needs to identify people’s strengths and weaknesses and assign them responsibilities accordingly. You never want to put people in the position of constantly struggling to perform tasks that don’t suit their strengths — that just sets them up to fail. I try to make sure we identify those weaknesses in order to either help the person develop that as a strength or move into areas where they excel. I don’t like to micromanage. In the military, I learned that a good boss never needs to put his foot down on a decision. Instead, I give the team a lot of space to lead or follow as they see fit, and I am there to offer guidance.
I love that Palo Alto Networks offers its employees the freedom to learn and grow. It’s a very casual, approachable environment that encourages innovation across the board. It’s truly a company that understands that people are the most important assets it has.
Connecting Communities Through Cybersecurity
It’s always been in my nature to help the underdog. Whether it’s supporting others while growing up as a military brat, taking work on US government contracts where missions were time critical and affected many, or becoming a volunteer EMT to help save people in my community and overseas, I enjoy helping and connecting people. Coming to work for Palo Alto Networks has allowed me to extend that to a larger, global community.
My Story
I was a government contractor in the DC area for over twenty years before starting with Palo Alto Networks. With a background in software development, management, and technical training, I found my new home with Palo Alto Networks Unit 42. We’re the team that detects new threats, details them, identifies the risk, and shares that with the industry to better protect all digital environments.
When I came on board, the first task I was handed was our efforts around the Cyber Threat Alliance. The CTA was our answer to how to disseminate information throughout an industry trying to address new threats emerging every day. It is an organization with the perspective that unless we share our information, share the threats we are facing, we will fail. It’s this organization that enables us to work with other companies that are coming together for the common good. We are collaborating, and this gives us more access to data than we would ever be able to compile on our own. We are sharing our data, our perspectives to find better solutions together. It’s been amazing to get on phone calls with competitors and have intelligent, collaborative conversations because we know we are all in this fight together.
This isn’t just the CTA but the industry as a whole that expects this kind of behavior. I’ve learned so much from working with other companies and government agencies. They, in turn, learn from us. I’ve seen us move forward on solutions that protect our customers and our digital way of life. I’m proud to work for a company that centers its work on humility – the humility to ask for help, work together to identify solutions, and find them, together.
Staying Innovative in a Changing Industry
Part of the evolution of our industry is evolving not just the way we detect the threats but who is involved in detecting them. I’m excited and inspired by the programs I have been able to participate in while working here. I helped with the creation of the initial cybersecurity badges for the Girl Scouts. I presented to Black Girls CODE in California. I’ve attended and represented the company as a speaker at several conferences, most recently RSA. It’s no secret that there is a shortage of women in the industry, so it’s nice to have the opportunity and support from the company to be involved in programs and events that are driving a positive change.
The industry is constantly changing, and we have to improve, develop new products, and work with different organizations to avoid getting stuck in a rut as well as ensure we stay innovative. I’ve never seen a company grow and expand as successfully as we have before in my career. It’s challenging but I love to be challenged – I love how fast-paced my work can be, and I love that things are always shifting and changing. I’m never bored. Teaching young ladies in Girl Scouts how to stay safe in the digital age; helping my mom remotely when she has computer problems; and working on a team that discovers, analyzes, and reports on the latest threats are the reasons I get out of bed every day and proudly wear my Palo Alto Networks gear.
This article first appeared as “Life at Palo Alto: Connecting Communities” by Kathi Whitbey.
Intern to Employee
I started at Palo Alto Networks as an intern in early 2017. I was a mathematical engineering major at the time, and the study program included some basic networking courses (CCNA/CCNP). While taking these courses I started becoming interested in cybersecurity and realized that there was a big gap of cybersecurity professionals in the market, so there are always job opportunities in this field. Cybersecurity has also become more relevant in the past few years as we can see frequent breaches in the news, and a lot of companies have been undervaluing security in the past and need to catch up to recent security standards.
My internship was based around modeling the staffing requirements of our technical support engineers to meet our future customer’s technical support needs in accordance with our service level agreements. It was rewarding and fulfilling to work on a project as an intern that had an impact on the company. My project helped determine how we are going to hire employees in the future worldwide.
After my internship completed, I transitioned to work as a technical support engineer. I had some basic skills before I was hired and I worked with a technical trainer at Palo Alto Networks to determine what skills I was missing. Together, we built a training program and assigned a personal mentor who helped guide me through programs and certifications I would need to complete for my job. There are a multitude of topics that need to be covered in order to be able to work in this field, like TCP/IP, ARP, SSL, TLS/PKI, IPSec, routing protocols (OSPF/BGP), and NAT. These are just some of the basics, which will eventually have to be learned in-depth.
Transitioning to full time from any internship can be a difficult process. Getting your first career out of college or certification/trainings, can also be difficult. For me, I was thankful to have the support and assistance of my organization, but I have some advice to those who are seeking their first career out of college or internship.
When you are planning your professional career development, look at job descriptions in the field you are hoping to enter. One of the first steps is to make sure you earn a degree relevant to the technology field. Job descriptions are a great place to start – they provide context to what companies are looking for, the background, certifications, and degrees a company is expecting. But a degree usually isn’t enough. After you’ve started to pursue your degree, I suggest that you seek out introductory education into the cybersecurity field. This means seeking supplementary education to the skills a company is seeking. Often, this will be outside of the university environment, and offered by third parties like Palo Alto Networks, or online learning systems. Palo Alto Networks offers their certified cyber security associate program (PCCSA) (www.paloaltonetworks.com/services/education/certification). It’s an entry level certification that will help educate you on the most recent technology for managing the cybersecurity threats of tomorrow. It’s a great resource for anyone looking to transition into the cybersecurity field.
Becoming qualified once isn’t enough, however. You’ll want to keep tabs on the industry while pursuing your degree. Certifications are changing as quickly as the industry changes to address the most critical cybersecurity needs. As Palo Alto Networks transitions to support cloud, we are seeking more cloud experience. If you are seeking a degree in any kind of technical industry, you have to stay on top of these trends – that means subscribing to technical blogs, reading technical support books, and researching common qualifications and responsibilities of the kinds of roles you are hoping to secure upon your graduation.
Looking for a career should be more than skillsets and technical aptitude. You should be seeking a career with an organization that aligns with your values and priorities. I was impressed from the beginning how open everyone here at Palo Alto Networks was. I didn’t have that same experience at my previous job and the difference in the environments is incredible. Everyone was so willing to help me learn and accomplish my goals, and I really felt supported by the team. This is unique to Palo Alto Networks, from my experience, and something that helped me accomplish my professional goals quickly after starting. When you’re seeking your next career move, make sure that you are identifying an organization that aligns with your expectations, but also matches your work style.
For instance, I learned quickly to make sure to vocalize my requests for help. It takes less time to ask for assistance than spend two hours trying to find information. Asking questions is an important skill here if you want to learn and grow into any position at Palo Alto Networks. You can’t feel like it’s a weakness to ask questions. It’s a strength which will help solidify yourself in the team dynamic.
Palo Alto Networks has been a great place to work. Our motto here in the EMEA office is one team, one goal, one destiny. We bond over our different experiences, cultures, and backgrounds. We have become one team, one family. I’ve never experienced that dynamic in other companies. Everyone here has such a mutual respect for our different backgrounds here. It’s a great environment to be a part of and one that is always growing.
If you are interested in learning more about joining our team, please reach out to me for more information at bhageloh@paloaltonetworks.com.