In Good Company with Nicolai Tangen - HIGHLIGHTS: Nikesh Arora - CEO of Palo Alto Networks
Episode Date: April 11, 2025We've curated a special 10-minute version of the podcast for those in a hurry. Here you can listen to the full episode: https://podcasts.apple.com/us/podcast/nikesh-arora-ceo-of-palo-...alto-networks/id1614211565?i=1000702795367In our increasingly digital world, how do we protect ourselves from growing cyber threats? In this episode of In Good Company, Nicolai Tangen welcomes Nikesh Arora, CEO of Palo Alto Networks, to explore the fast-changing world of cybersecurity. As our homes, cars, and cities become increasingly connected, the opportunities for hackers grow—from targeting individuals to attacking critical infrastructure. They discuss who the "bad actors" really are, how AI is transforming both attacks and defenses, and why future conflicts will likely play out in both digital and physical battlefields. Nikesh also shares his journey from Google and SoftBank to leading a cybersecurity giant, and his approach to spotting tech trends early. Tune in!In Good Company is hosted by Nicolai Tangen, CEO of Norges Bank Investment Management. New full episodes every Wednesday, and don't miss our Highlight episodes every Friday.The production team for this episode includes Isabelle Karlsson and PLAN-B's Niklas Figenschau Johansen, Sebastian Langvik-Hansen and Pål Huuse. Background research was conducted by Kristian Haga.Watch the episode on YouTube: Norges Bank Investment Management - YouTubeWant to learn more about the fund? The fund | Norges Bank Investment Management (nbim.no)Follow Nicolai Tangen on LinkedIn: Nicolai Tangen | LinkedInFollow NBIM on LinkedIn: Norges Bank Investment Management: Administrator for bedriftsside | LinkedInFollow NBIM on Instagram: Explore Norges Bank Investment Management on Instagram Hosted on Acast. See acast.com/privacy for more information.
Transcript
Discussion (0)
Hi, everybody. Tune into this short version of the podcast, which we do every Friday.
For the long version, tune in on Wednesdays.
Hi, everyone. I'm Nicolai Tangen, the CEO of the Norwegian Sobren wealth fund. And today,
I'm in really good company with Nikes Arora, the CEO of Palo Alto Networks. Palo Alto Networks
is the world leader within cybersecurity, which has never been more important than today. We own 1.2% of the company, translating into more than $1 billion.
Thank you so much, Nikesh, for taking the time.
Thank you, Nikhla.
Lovely to see you again.
Now, let's start off with the basics.
What do you guys do?
That's a good question.
Look, as the world has digitized, as we've all adopted technology, whether it's on our
smartphones or as companies make applications available to everyone, the possibilities of
bad actors getting into company systems or our personal systems goes up.
Our job is to protect that technology infrastructure from bad actors.
We are in the business of cybersecurity,
which is to protect our enterprise customers,
governments and individuals from being hacked or attacked
or coerced by bad actors.
Now the thing is that everything is digital these days, right?
Yes.
Your car, you know, streetlights.
So what's kind of happening with the whole attack surface?
Well, it's a great, great comment Nikolai, because you said it right.
We call this the attack surface and the attack surface is expanding and I think we're not done.
And as you said, if you drive around in San Francisco in a Waymo, that's your car,
but the car is now fully connected to some central nervous system. And if a bad actor could get their
hands on that control systems to your car,
they can control your car.
So as we create more and more technology,
more and more interconnectivity,
we are creating the opportunity for bad actors
to get involved and start to interfere
or start to take over this attack surface.
So yes, the attack surface is fundamentally exploding,
will continue to explode,
which makes it more and more important
for us to make sure that we are able to protect those situations faster and faster and faster
in more real time as we can.
What's the most difficult part of what you do?
The most difficult part is the tables are unfairly stacked.
The bad actor has to be right once and we have to be right 100% of the time.
That's hard to do. How do you do it? More and more technology. We all talk about AI and I'm sure
we'll talk about it, but we have to be able to identify things as they're happening.
We have to be able to look for the needle in the haystack.
And today, with the amount of data that's floating around in the world, the amount of
connectivity as we talked about that is going on, the only way to do it efficiently, effectively,
and in real time is to use the same technology to protect ourselves against cyber threats
that we are using to make our lives convenient.
How has AI changed the way you work? Well, I think AI is going to
change everything. It's almost as we, you know, you're beginning to see every week
there's a net new incarnation of AI and you can see it keeps getting smarter. And
the way I sort of correlate this is like, AI is like having a really
smart person that you can have work for you. This person doesn't forget anything,
this person knows everything that's ever happened in the world. This person knows how to
recognize patterns. And what's happening is that that person is over time going to become smarter
than the average employee and be able to either assist current employees in the task and possibly
take over their tasks. Now that also applies to cybersecurity, right? If you can have somebody
has infinite memory, infinite pattern recognition, then the question
is, can I train it with my information to make be more effective and helpful for me?
I think that's just phase one.
You are the bad guys.
Where is the dark side?
The dark side is interesting.
It's been an evolution.
I think 15 years ago, it was people who sat playing games in their parents' basements
and who were great at technology.
And hacking somebody or proving a point was like getting a trophy.
It's like, look, look at me, I'm so smart, I can hack into the system X, the system Y.
And look, I showed that I can do it.
But very quickly, as the world became more and more interconnected, it started getting
any sort of economic legs.
People said, wait, if I do that, I can actually find a way to monetize it and find a way of
getting money for it, whether from the companies or individuals.
And we're seeing a lot of that.
There's a lot of ransomware activity, a lot of activity where people are scared into sharing
economics with bad actors.
I think we're past that too. I think nation states
have started building that capability in a robust way because I think the future wars will be fought
both in the digital war sort of battlefield as well as the physical battlefield. The digital
battlefield is a lot less expensive from a situation where, from a casualty perspective.
from a situation where, from a casualty perspective. So, if you were a bit more specific about the countries.
Well, I don't think it's a state secret that there are countries which have tremendous offensive capability.
Even the US has great offensive capability, but there are people out there who spend more time building offensive capability than defensive capability,
because they feel that that capability would be extremely well leveraged in an adversarial situation.
We have bad actors.
We have seen groups in North Korea.
We've seen groups in China.
We've seen groups in Russia, various parts of Eastern Europe, some parts of Middle East.
You have groups of people now.
That doesn't mean the whole country is bad.
If you had my job, what would you be the most worried about?
Look, in your business, there's event risk, right?
Although everything goes down the path, you have wonderful models that try and tell you
how things are going to happen.
From an event risk perspective, it's very hard to model it.
It's very hard to be afraid of it because event risk is event risk.
If something's going to happen to one of your portfolio companies, it's going to happen. If something's going to happen that impacts a certain sector of your portfolio, it's very hard to be afraid of it because of interest because of interest, if something's gonna happen to one of your portfolio companies is gonna happen,
if something's gonna happen that impacts a certain sector
of your portfolio is gonna happen.
I think on the flip side, what you can look for is,
let's say basic hygiene, typically cyber security
is like water, it follows the path of least resistance.
So the companies that are most vulnerable
will be the ones which will have the most problems. So demanding a certain level of quality, a certain level of cybersecurity hygiene
becomes important. And you see that there are various executive orders, edicts from governments
where they demand that a certain level of hygiene be maintained by critical infrastructure because
that can impact nation-state stability. Are you worried about the whole financial system plumbing, like stock exchanges, that kind of thing?
Look, I can scare myself every day if I want to. So I believe in the goodness of humanity.
If you look around, we haven't seen those things. And I think the flip side is resilience as well.
Look at, we powered through a pandemic, which is one of the biggest crises that civilization
has seen in modern times.
So can we overcome some plumbing breakdown?
Sure, we can.
Will it be choppy?
Possibly.
It all depends on the extent and the extent of the impact and the scale of the impact.
But I'm not worried. There's enough segmentation,
there's enough circuit breakers in the systems where I think today we say, look, when you think
about cybersecurity, think about cyber resilience, because the possibility that you can get attacked,
hacked, or brought down to your knees is reasonably high. If somebody shows up with
tremendous amounts of force and compute, they can find a way into breaking into that one chink in your armor and destabilize you. The
question is, how resilient are you? If somebody does destabilize you, how quickly can you
come back up? How quickly can you bring your infrastructure back up and you can resume
operations? That's where the focus has been the last few years amongst large companies,
enterprises, critical systems.
And that's a good thing because I think that's the right way to think about it.
I am slightly confident by the fact that you still believe in the goodness of humankind because I
hadn't really expected that to be the case.
As you say, hope for the best and prepare for the worst.
That's what we do every day.
What's the Indian leadership style like? What are the
commonalities? Look, remember, we all grew up with scarcity. I think so being resourceful has to come
naturally to us because if I look at some of my friends and peers in the industry, I know the
backgrounds of many of them and we all share similar backgrounds. We all went to some sort of engineering school in India.
We all came from lower middle class or middle class families, if you look across the board.
And I'm just thinking of eight or 10 of the people I know in our sector who are legendary
CEOs right now, they all have similar backgrounds. So we all have some degree of resourcefulness,
some degree of scrappiness perhaps that comes with it.
It comes with a very strong work ethic because you can't survive in a country with one plus
billion people at that point in time if you don't have the ability to put your head down
and work hard.
When I went to engineering school, I think 100,000 people took the exam and chose 2,000
people to go to those five schools that we wanted to go to.
So there's a 2% chance that you get in.
So to get there, it was not just going to be pure luck.
It was going to be a lot of hard work and dedication.
I think every one of us went through that.
So there's a work ethic.
There's a resourcefulness aspect.
I think there's a constant learning aspect to it.
None of us grew up with AI, like you said.
None of us grew up with the cloud, but somehow we've all managed to learn it.
I didn't grow up with cybersecurity we've all managed to learn it. I didn't grow up with cybersecurity.
We all managed to learn it.
So there is some degree of a constant learning
sort of algorithm in there.
Hopefully there's a dose of ample humility across the board
because we're all blessed and privileged
to be able to work in this environment
and be part of a larger sort of, you know,
cosmos in the United States
to be able to sort of make our dreams come true.
And then the rest is chance.
How do you stay humble with all that success?
Oh, go home to the family.
They'll set you right in a heartbeat.
It doesn't matter how successful you get at work.
You're still part of a family unit.
And I think it's consistent.
And I know some of these people I said and their spouses and
you know they keep us grounded, they keep us focused on the right things and I was chatting
with somebody last night. I still hang out with my friends I knew in high school. It doesn't matter
what I do for a living and they don't really care what I do for a living for the most part so
just go back, stay with your family and your friends and they'll keep you grounded.