Palo Alto Networks CEO Nikesh Arora: ‘Disrupt Ourselves,’ Transform The Industry
CRN’s No.1 Most Influential Executive, Palo Alto Networks’ Nikesh Arora, is transforming the company into a complete unified platform for modern cybersecurity.
Having finished interviewing for the CEO role at Palo Alto Networks, Nikesh Arora got word from the company’s board that he was, in fact, going to be offered the job.
Arora’s own interview process wasn’t done yet, though. While he knew the business side of his resume was stellar—he’d previously been the No. 4 executive at Google and was later the No. 2 executive at investment giant SoftBank—Arora was also self-aware about what he lacked for the top role at a major cybersecurity vendor.
Namely, any sort of background in cybersecurity.
And so before moving forward in the hiring process, Arora asked to talk with two more people: the company’s founder, Nir Zuk, and chief product officer, Lee Klarich.
In those conversations, Arora had two potentially uncomfortable agenda items to discuss. Not only would he need a lot of their help in getting him up to speed, but as soon as he was, he had no interest in maintaining the status quo at the company, which was then largely focused on firewalls.
“I said to them, ‘Listen, I’m coming in and I don’t understand a lot about security, so I’m going to rely on you, No. 1,’” Arora recalled during an interview with CRN in July. “‘And No. 2, I might have some disruptive, nonconventional ideas—so you should understand what you’re signing up for.’”
The response couldn’t have been more supportive: Both Zuk and Klarich “wholeheartedly embraced the idea that we were going to be disruptive and do something different,” Arora said. And over the ensuing five years, Palo Alto Networks has gone on to expand from a network security vendor into a platform covering most of today’s essential cybersecurity capabilities—from protection for cloud and applications, to secure remote access and zero trust, to AI-powered threat detection and security operations.
While looking to reinvent an entire industry and create a new paradigm in cybersecurity, Arora said embracing a “constant desire to disrupt ourselves” has been the key.
Arora’s success in transforming Palo Alto Networks into a comprehensive, unified platform for modern cybersecurity has earned him recognition as the No. 1 Most Influential Executive on CRN’s 2023 Top 100 Executives list.
From overhauling the company’s product portfolio to doubling down on partners—including a pledge to spend 70 percent of his time on go-to-market and the channel in coming years—Arora brings a curiosity and openness to new ideas paired with a tenacity to execute on the vision, according to those who know him.
“He gets super excited when he sees something that could help clients become more secure,” said Rex Thexton, a senior managing director at Accenture, No. 1 on the 2023 CRN Solution Provider 500, who has worked closely with Arora over the course of a five-year strategic partnership between the companies. “When he gets in a room, he lights it up,” he said.
Part of Arora’s openness to different ideas and directions clearly comes from the fact that he was something of an outsider comng into the CEO role at the company, said Lee Waskevich, vice president of security at Herndon, Va.-based ePlus Technology, No. 28 on the 2023 CRN Solution Provider 500.
“I think coming in, not having cut his teeth across the cyber space, has allowed him some freedom and flexibility to try new things that maybe others weren’t willing to do,” Waskevich said. “I think that’s paying off.”
Driven To Succeed
As Chicago-based Accenture and Palo Alto Networks have worked to ramp up their strategic partnership in recent years, Arora has brought a level of commitment to making the partnership successful that’s unusual for a high-powered executive, according to Accenture’s Thexton.
During quarterly meetings about the progress of the partnership, for instance, “there were times when either side was not meeting those goals and objectives” that everyone had agreed to, Thexton said.
After hearing others describe the barriers to meeting the goals, Arora “would break them down, and he would just say, ‘OK, we can do this to take care of that issue. We can solve this issue by doing this,’” Thexton recalled. “And he just systematically would break it down and push it through, where a lot of [CEOs] would just say, ‘Just do it.’”
As a core part of its growth strategy, Palo Alto Networks has been broadening its work with channel partners, which are involved in generating more than 95 percent of its revenue. For solution providers of all sizes, from the giants like Accenture down to MSSPs with a few dozen employees, the company has increasingly become a go-to security vendor, according to solution provider executives.
The partner opportunities are being driven in part by greater demand for a variety of services, both professional and managed. Such services, according to Arora, are crucial to help customers get the full benefit of technologies such as secure access service edge, a cloud-delivered architecture aimed at providing secure access for distributed workforces.
Likewise, when it comes to other newer areas such as cloud security and Security Operations Center automation, Palo Alto Networks partners are playing a pivotal role in enabling customer adoption, Arora said. “If you look at the first two quarters of this fiscal year for us, the proportion of business we do through some of the key partners who are building services capability has increased,” he said. “Whether it’s our traditional partners’ services teams or transformation teams or cloud adoption teams—or whether it’s MSSPs with network transformation skills, or systems integrators with cloud security skills or SOC transformation skills—you are seeing a clear trend toward more solution orientation [by partners] for the customers,” Arora said.
A central part of what Arora-led Palo Alto Networks has done differently from the rest of the industry is the focus on building out a true cybersecurity platform, solution provider executives said. Importantly, the company’s approach has emphasized being able to still offer security capabilities that are “best of breed” even while offering seamless integration between the tools, executives said. Arora and Palo Alto Networks set out on the platform journey at a time when many still thought buying best-of-breed point products, and stitching them together, was the only way to get optimal security outcomes.
“We had our fair share of naysayers early on,” Arora said. “Hopefully we’re on our way to proving them inaccurate.”
To assemble its platform, the Santa Clara, Calif.-based company spent years acquiring leading technologies—there have been 14 acquisitions under Arora to date—and then tightly integrating them together. The deals have largely proven successful and have totaled more than $3 billion, according to Shaul Eyal, managing director for equity research at investment bank TD Cowen.
“Nobody initially expected that he’s going to embark on that sizable acquisition phase,” Eyal said. “I think his ability to come in with an unbiased view of the market and then understand the benefits and challenges ahead, strategize and execute accordingly, and then bring everybody around him toward that same goal—that has all coalesced into the success we’ve seen in recent quarters.” The bottom line, he said, is that “we’re beginning to see Palo Alto [Networks] leading the pack.”
As customers look to reduce the number of security vendors they work with, Palo Alto Networks is “in the right place at the right time because of all the execution they’ve done over these years to put them in that pole position,” said Mark Jones, founder and CEO of Austin, Texas-based BlackLake Security, No. 282 on the 2023 CRN Solution Provider 500.
Arora has never been “chasing the ball,” Jones added. “He’s well ahead of it.”
For Optiv, No. 24 on the 2023 CRN Solution Provider 500, Arora’s strong vision and “clear focus on platform” have helped to drive major growth opportunities with customers, said Alan Mayer, senior vice president of partners, alliances and ecosystems at the Denver-based company.
“The solutions that we can provide, and the platform and the breadth of the portfolio that Palo [Alto Networks] can provide—that all culminates in better outcomes to help our shared customers be successful,” Mayer said.
Looking ahead, Palo Alto Networks’ investment over the years into AI/ML capabilities is looking to pay off as well, with the arrival of generative AI creating huge interest from customers in using it to improve security, solution provider executives said.
With Arora and Palo Alto Networks, “there has definitely been clarity that this is an area they’re investing in and prioritizing,” Mayer said. “Just like the other areas that they’ve focused on, they’ve demonstrated leadership capabilities [in AI].”
Palo Alto Networks expects to capitalize on the technology through utilizing generative AI in forthcoming security products, including tools to prevent threats that are, ironically, assisted by apps like OpenAI’s ChatGPT, Arora said.
Ultimately, with a market capitalization of nearly $74 billion as of this writing, Palo Alto Networks is easily the top-valued publicly traded cybersecurity vendor and getting closer to reaching Arora’s goal of becoming the first to reach a $100 billion valuation.
That doesn’t mean Arora thinks he has it all figured out, though. Far from it: Even five years in, “I still don’t know enough,” he said.
And as much as ever, when he doesn’t understand something, “I’m very open about not knowing it,” Arora said. He noted that his next two phone calls that day were going to be on technical aspects of security—“because I have a few questions.”