Mark McLaughlin's been in the tech industry long enough to know that when a company has as much momentum as Palo Alto Networks does, priority one is making sure that momentum doesn't slow.
So it's no surprise that McLaughlin, who became Palo Alto's new president and CEO in August, will push the white-hot network security startup to keep its eye on the ball in 2012, and look at ways to keep its growing legion of excited channel partners happy.
McLaughlin joined Palo Alto Networks following 12 years at VeriSign, which had acquired his former company, Signio, in 1999. He became president and CEO of VeriSign in 2009, and it was there that he first encountered Palo Alto Networks -- and its game-changing firewall technology that manages applications and content by user instead of by IP address or port -- as a customer. Palo Alto has been cash-flow-positive for seven quarters now, McLaughlin said, and is hiring between 100 and 125 new employees every quarter as it moves beyond buzzed-about startup status and becomes the network security segment's most formidable challenger brand.
At Palo Alto's recent Double Down Partner Conference in New Orleans, the low-key but quietly intense McLaughlin joined CRN Senior Editor Chad Berndtson for a discussion of how Palo Alto Networks will approach the new year. Excerpts of the conversation follow:
You've joined Palo Alto as a time when it's growing very fast -- the fastest-growing network security player ever, you told partners. Why did you make the move?
I made a list for myself a while back of what an opportunity would have to look like to be interesting. It had nothing to do with Palo Alto -- I'd just made a list. It had to be really disruptive technology in a large product market, and there had to be a great technical team, a great long-term vision and significant customer traction. I took a look at Palo Alto, and I checked those boxes.
What is your message to channel partners? Palo Alto's made no secret that it needs channel partners and the support of the channel to sustain this type of growth.
We are a partner-driven company -- always have been, always will be. We definitely recognize two key values of working with partners. One is leverage, to grow at the rates we're growing, and the second thing is value-added services. The reality is that customers really look at partners for advance on what they should do technology-wise. They're the experts.
Talk about the types of partners Palo Alto is looking to attract.
We're a quality shop, not a quantity shop. We want the best of the best and we're putting a lot of resources into the company and the technology, so we're expecting the same from them.
From the vantage point of VeriSign, you got to see Palo Alto grow from buzzed-about startup to reaching cash flow positive about seven quarters ago. What is the perception of Palo Alto outside the company walls, and especially in the security space?
I've been jetting around the world the last 60 to 75 days talking to everyone I can and [asking] how are we doing. People will always be very frank, but I've heard nothing [negative]. What I am hearing is that the technology is works as advertised, which is fantastic. It's been a very positive couple of months for me.
How and in what areas will you be investing in the new calendar year?
The focus of the company is on network security, so an important point for us to lead in network security is that we have to stay very focused on what we're trying to do. It's a really large market opportunity, so just keeping our eye on the ball will be important, but you'll see us do continued innovation around App-ID, our bread and butter, and around virtualization, around mobility and around malware, for sure.
Talk about how virtualization is changing the network security market opportunity. We've talked before about how the market is growing so fast directly because of those transitions like virtualization.
It'll be interesting to see how that plays out because virtualziation is a technology that lends itself to security off the device, basically virtualizing network security. That's a trend we're trying to stay very much in front of, and we see it as an opportunity.
What other trends would you point to as fueling the opportunity? You've described Palo Alto Networks as having a lot of headroom.
Well, one is malware, for sure. We recently introduced WildFire [a new firewall capability that allows security teams to detect and remediate unknown and targeted malware], for modern malware in the sandbox environment, and we think that's a good TCO-ROI story for our customers. Second, for sure, is distributed devices and mobility. In order to be a network security player you hav to be able to provide the same level of protection for all distributed devices.
Where is a lot of the security protection for mobile devices falling short?
Everywhere, starting with perhaps the most obvious one, which is bring your own device. You have all these devices out there not sanctioned by corporate, and connecting into networks, and corporations are fighting sort of a losing battle of command and control because of the consumerization of technology. The first and most important thing is to know what's on your network.
NEXT: Will Palo Alto Go IPO?You've been in the security space a long time and had a front row seat to a lot of the consolidation going on, particularly among the vendors but also among many VARs and integrators. Do you see that trend continuing?
I do. I saw a statistic not too long ago that in the year 2000 there were about 1,000 security companies that were funded. A lot of those are still there, but the security evolved so quickly that a lot of companies created things that had features and functionality for a larger solution set, so I think you'll see a lot of those companies get picked up or consolidated into bigger solutions.
Is the long-term plan for Palo Alto Networks an initial public offering?
When I came to the company, obviously that was top of peoples' minds from an outside-in [point of view]. What I told the employees was an IPO is possibly in our future but it's a capital-raising event. That's it at the end of the day, so let's not overstate. But to be public you have to be three things. First, you have to deserve to be public, financially. This company today could be public based on its financials. You have to be ready to go public, and there are a lot of processes and procedures, and we're working diligently on that. The third thing is you have to pick the right time do that. I view an IPO, and I've told the company this, as getting on the field. That's not the end of the game.
But IPO is definitely the plan?
It is a possibility for the company. We don't need to raise any capital. We've been cash-flow-positive for some time, so we have a great deal of flexibility on that. It's one way to raise additional capital.
You said Palo Alto Networks is adding between 100 and 125 employees every quarter? Where are you hiring?
As you can imagine, a lot of sales and marketing as we try to keep up with demand, and in addition to that, a lot of R&D. My direction to the company, first, is innovation. We got to where we are because we're highly innovative, and to stay where we are we need to be highly innovative. Second is a customer focus. Obviously we want to sell more and partners want to sell more and we're very energetic about that, but we also have to have the same level of discipline and focus on quality of what we sell, so we're investing heavily in a customer perspective and backing up R&D from a QA perspective. Everywhere we bring people into the company, the bar is very high. It's difficult to keep a really high bar but that's a challenge for us and something that everyone is laser-focused on.
R&D is very important right now it sounds like, and in talking to the analysts and partners, it appears some of the bigger guys have fallen behind on R&D in this space.
You'll hear me use the word focus all the time, but this is the same concept. If you're a larger company, particularly with lots of business lines, it's difficult to be focused generally and very difficult to be focused specifically on rapidly changing trends, and to be nimble and invest accordingly. We think that's an advantage for us.
I have huge respect for Juniper, Check Point, Cisco, and large companies like that, and the folks there are very talented and smart people. But I've lived and experienced myself running a large company where your ability to react and especially to be proactive is hampered by size. When you're publicly traded, you have to do things on a short-term basis, so we think it's a great advantage for [Palo Alto Networks], this ability to be nimble. One thing to do, when you grow as rapidly as we are, is to try to keep the smaller company culture, particularly from an R&D perspective. We have a very interesting R&D structure. Everybody is in Santa Clara. We don't do any R&D not only outside the United States but outside the building. They're all in the same place, on the same floor. That creates some hiring challenges because we're in such a super-competitive market, but we're doing it intentionally because of the high quality of people we get and the resulting quality of their interaction. We have very little bureaucracy in the company in general.
Which is hugely important for a company at your level.
It is. We don't have meetings about meetings.
NEXT: Where Security Customers Are Investing
When you've talked with enterprise customers and security procurers, what are their priorities heading into the new year? There seems to be a lot of concern about the evolving nature of threats but there aren't bags of money falling from the sky to allow them to spend a lot more, no?
What we've started to see from an industry perspective is not so much new spends, but shifting spends. I've had the opportunity, not only at Palo Alto but as CEO of VeriSign, to talk with lots of large companies and lots of customers and have meetings at very high levels with very large companies. When you're talking to the CEOs of major banks, they're not thinking about the technology, they're thinking about the business output. Topics like compliance and business management are for sure the topics in the boardrooms. It's really about the business solution: the outcome of what the technology enables as you go into the C-suite. So what they're demanding of their security professionals -- and this is a sea change -- is "Just take care of it." Those folks in turn are looking for technologies that are not in the same old, same old, and that's why we're rising to the top of the list.
That's interesting because it seems like it's changing the way channel partners sell to these companies. They're not just selling firewalls to IT managers, they're having business conversations with C-suite executives.
I think so. You know, there has not been a tremendous amount of innovation in this space in the last 20 years, so the security professionals have been selling the best that they have. This is an entirely different way to think about things and attack the problem, and it's the first time I've actually seen folks in this industry get really excited about something. That doesn't happen a lot. They're really jazzed about it because it's really different -- it's very relevant, and it's high visibility.
So no question these investments are a priority for these enterprise organizations?
Oh, I think so. You just have to pick up the newspaper and read about something terrible happening. I don't think you'll see a massive amount of more money spent, but I think you'll see a shifting of spend into things that are visibility-related.