Leading at AI Speed: Building Fearless Teams & Beating Complexity in Cybersecurity

speaker-0: Flip the switch. Hit connect. Turn it up.

speaker-1: Hi, I'm Yitzy Tennenbaum.

speaker-2: And I'm David Leishner and this is Heart in Te-

speaker-1: Conversations with people shaping what's next. we go. Welcome to the Hotend Tech podcast. Today we have a great episode for you. Today we have Anad Aswale, who is an executive vice president of network security at Palo Alto networks. Anad there leads the global team of product managers, engineers, researchers, delivering enterprise security platforms that protect users. applications and infrastructure from evolving cyber threats. An innovation-driven technology leader with more than 100 U.S. patents, Anand leads the AI transformation of the network security business, including platforms and services spanning Prisma Air, Strata, cloud-delivered security services, secure access service edge known as SASE, next-generation firewalls, and zero Trust Solutions. Before joining Palo Alto Networks, Anand was a senior vice president of engineering for Cisco's intent-based networking group, where he led the development of enterprise networking platforms across routing, switching, wireless, IoT, and cloud services. He joined Cisco through the acquisition of Starrent Networks and previously held leadership roles at Sierra Systems, Sun Microsystems, and Erickson. Anand holds a bachelor degree in telecommunications from the College of Engineering in Pune and a master's degree in computer networking from the University of Southern California. Anand, welcome to the podcast.

speaker-0: Thank you for having me.

speaker-2: I've done a lot. Yeah, it's a really great pleasure to have you here and you ⁓ you've done so much and you've worked on large scale platform teams across networking and security companies like Cisco and Palo Alto Networks and and you know, all of the others that you just mentioned. It's really incredible. So, you know, as you've grown into the executive position, You know, what leadership principles became most important as technology systems and organizations scale. And maybe you can also throw in a little bit about how you even got into cybersecurity to begin with.

speaker-0: Yeah. So David, thanks for having me. Look, I think when you grow in leadership roles, ⁓ one of the important aspects of leadership is that it's less about you, it's more about the team. Right? You're only as good as your team is. And sort of principles that we really follow, I follow really is that how do you bring, build strong and passionate teams? How do you hire the best of the best that you can get? Because when you hire the best people, you don't tell them what to do, they tell you what to do. You debate with them and you decide, right? ⁓ How do you ensure that you give them the right levels of autonomy? But also how do you ensure that you give them the right air cover when they need? How do you ensure that you're as candid, I would say radical candor in terms of how you are approaching everything that you do, fully transparent, building in trust for them? And think one of the most important things that I feel in management is around How do you communicate? And what I mean by that is not just communication on things that happen day to day, but how do you communicate the strategy? As teams get larger, it gets harder and harder for you to talk to each person individually. In a small company startup, it's easier, right? And if it's a global distributed team, it's even harder. How do you ensure that when we say we want to be the CyberSec department of choice, as an example, how do you ensure that that Uber mission statement relates to an engineer who's riding a device driver on the firewall or a cloud service for SASE or some services on cybersecurity. And how do you bridge that gap? How do you ensure that the work he or she does is tied to the vision step by step to the teams and to the larger mission the company sets? But I believe that when you're able to explain how the work of an individual ties to the bigger vision, you have a high empowered fast running team. You don't need that's that's motivational enough for them because they understand that the work that they're doing translates to company success. And that comes with a lot of messaging, a lot of communication, time and connecting those dots. And that's very important.

speaker-1: Right, so you want every employee to not only know what their job is, but how does their specific job, even if you have thousands of employees, how what they're doing is making the company better, selling more, and building better products.

speaker-0: Think about YETZI, like everybody wants to come to make an impact in their job. I believe that nobody comes to work thinking, I'm going to screw it up. Right? Nobody comes. I hope not. Right? We all come because we have, we have, we want to make a difference. We want to create a positive impact. Now we need to be aligned, of course, and we need to be motivated and we need to work hard. Now those things happen when you understand that the work that you're doing is important. and connected with what the company or the group or the team is driving at the highest level and show how that connection happens step by step. Then you're super motivated. You understand the larger reason of what you're doing. You understand the importance of it and you're going to put in the effort to make it happen. Like, you know, that is very important for us to be able to connect the dots, if I may call it.

speaker-2: So you have a lot of competition for recruiting people. I don't know if you'd be willing to share maybe a tip or trick or two of how you, what is it that you put in front of the people who are you, to get them to come interview with you to begin with and then maybe how do you convince them to come work with you?

speaker-0: Very good question. Look, I think most of the hiring that I'm involved in usually is leadership roles, sometimes a very high caliber individual talent, et cetera, of course, but generally is that. And I look at two things. First is that there is a table stakes. If you're going to run a large team of engineers, product managers, designers, go to market strategy, et cetera, there's certain expectation of what you need to do on a day-to-day basis. I call that everything to do with aptitude of getting the job done. That's table stakes that like, know, ⁓ it's important that if you are head of engineering or director of engineering, VP of engineering, that you know how engine works, your technical, you can drive teams, cetera, to be that stable stakes. Right. Then what differentiates that individual from the others becomes the attitude. So you have aptitude and your attitude. Both are important. Like you take a lot of times, ⁓ we may, ⁓ take the aptitude part. as stable stakes because it's important. You want to hire the best people from that capability. But you also want to be able to differentiate when you have multiple candidates with aptitude that you think are the same ballpark with the attitude of that employee that you're going to hire. Is it a right culture fit? Do they understand how to get things done? Do they have the hunger, the urgency, the desire to always be there to win? Right? I think those things become, I would say more important. to differentiate you versus the rest of the others if you have those capabilities. And those I feel in many ways it is what it is. In a sense like you can increase your aptitude. If I don't know a given technology or a given area, like if you are smart, you'll figure out, you'll learn it. But it's very hard to teach somebody ⁓ how do you be hardworking? How do you have hunger and desire to win? Right? Those are things that generally are, I mean, I'm not saying they can't be adapted, they can be. But they are going to be things that differentiate you and especially in this newer market when there's a lot of competition for the right talent.

speaker-2: And it's built in, mean, that's something, personal traits that people either they have it or they don't have it. It's hard to teach that to someone. You can maybe motivate them, but it's hard to teach that. just back to a question I snuck in, if it's okay, how did you get into cybersecurity to begin with?

speaker-0: Look, I think when I was in networking, course, there's always security intertwined with networking. Not as deep as what, of course, we do today in my stint at Palo Alto Networks, but security has always been adjacent to networking in many aspects of what I do, whether it is through things that we do on the routers, through firewalls, et cetera. when I was looking to ⁓ leave Cisco, I was looking for a place where I can really feel that it's an inflection point of where the industry is. And Power World 2 Network was the perfect choice. joined roughly six years ago and it's been an amazing journey. it ⁓ continues to stay very relevant. And I think there's never a dull day in cybersecurity, as you know it, David. There's always something happening. I tell people, the bad actors don't take a night or a weekend off.

speaker-2: That's 100 % true.

speaker-0: Cyber security is a very mission driven industry. it feels that ⁓ it's very satisfying the work that we do because the work is not easy. Like in some sense, ⁓ I don't want to do related to anything else that you're experiencing right now, but we have to be right every single time. But the cyber security attacker has to write one time to make sure that they can infiltrate data, ⁓ compromise your brand and so on and so forth. And so there's always things that are changing because the attackers continue to get more and more sophisticated. There's more scale, there's more speed, there's AI which is disrupting all of these things in parallel. So it's very important that we continue to innovate and invest in technologies that are always ahead of what we think an attacker will do. Because the attacker also has access in many cases to the same tools and technology that we have.

speaker-2: Absolutely. by the way, just an anecdote, I also started my career in network ⁓ operations when I was offered out of university either to become a junior programmer of Cobol or to go into the network operations and security ⁓ department of a big bank in New York. And so that's where I started as well. yeah, and in networking, I mean, that was the beginning of cyber really before it

speaker-0: I mean, if think about, if you think about network security or cyber security in general, it's roughly an industry which is two and a half, also decades old, right? Maybe three decades at max. Like the first versions of network security were basically routers that had access control lists. We decided based on IP addresses or ports what to allow and deny. And then when everything became on port 80 or HTTP, people said, look, I can't just block the port 80. I need to go granular. So I need layer seven controls. And that became the genesis of the next-generation firewall in many ways. And then, course, it drove consolidation. You said, your applications are in the cloud. What do I do there? And now I have remote work for them. need SASE, and I have AI. But it started. That's a journey. And that's what we've been driving over the last couple of years. Absolutely.

speaker-1: If you continue down that journey, ⁓ at HAD and Tech, we try to look to the future. I'm curious to know, ⁓ where do you think cybersecurity will go in the age of AI and how is it evolving? Because I'm sure even at Palo Alto Networks, where you started and where you are today is completely different. I'm kind of curious to how you see the future.

speaker-0: Think of it this way, What is the number one ⁓ reason if you look at any breach report, somebody gets breached, I've seen tons of reports that give a postmortem of what happened to the organization. It always has a section which says that if you did A, B and C, this could have been avoided. Which begs the question, then why didn't you do it? And the reason you didn't do it is because of complexity. Complexity that teams are facing every single day and ever increasing attack surface Increase need for data with rise of AI Like you know a plethora of different point products and solutions that team is trying to stitch together and That's just not going to cut it out, right? I mean, so what we've been on this journey is that look you need to have a platform centric approach It's hard enough to get expertise on one two three tools and try to get it on 20 tools Right? And then you have newer things keep coming in. I call it new projects. Like, know, what do do to enable BYOD in your enterprise? How do you get a secure browser? What do you do for AI applications? What do you do for quantum? What do you do for your certificate expiry? For every of these new things that you need to do, if you have yet another point product, yet another tool, yet another UI to manage it, to configure it, to maintain it, it's going to get more and more complex. So you want to maybe have a platform centric approach and in network security we say that any user on any device accessing any application, any data or any network we want to secure it consistently with best in class network security a consistent experience for the administrator but also without compromising the user experience because as users now we have low tolerance for anything if you are on a network and it's not loading next We don't want to compromise that experience we have. So I think it's important to think about that holistically and solve the key thing that the customers want. But sometimes they may not know exactly what they want, but they know the problem they're facing. They're not able to move fast, they're not able to roll out things faster. They need a more simpler solution, they need a more unified solution. And that's what we've been driving for the last couple of years.

speaker-2: It's very interesting what you just said, because ⁓ I'm personally facing something now and I see it also with colleagues that with the advent of AI, you know, people are starting to use their own tools because they're getting a little bit frustrated that the CISOs of the companies haven't yet figured out how to give them enterprise access with being secure enough for the companies. And on the other hand, they have the CEO and they did the board and maybe, you know, their management saying, Hey, Why aren't you using AI? This will help us to have more efficiencies and do your work better and quicker and you can innovate better. So what you just said about, you know, with the network loading time, I see this also with AI as well, that it's not moving quickly enough.

speaker-0: Everything. Right? mean, think about this way. Every, I would say every, maybe the exact same, majority or most employees and organizations today are using AI power tools. They want to get their job done. They want to be more efficient. They want to like, you know, impress their managers by getting it done faster. Right? They want to embrace the new change. Right? The problem is that in many cases, whether IT allows it or not, they're going to use it because they're like, you know, I want to get it done. So you have the shadow AI problem, like the shadow IT problem. Right? So you need to provide again, within the constraints of what you have as a platform, ability to have visibility, control, protection, data governance, et cetera. So if you're an enabler, IT needs to be enabling them. Otherwise, if it's going to obstruct them, they're going to find another way, or you're going to be left behind. You're going to move slowly, going to have no agility, and you're going to have competition move faster.

speaker-2: which puts even more pressure on the security teams.

speaker-1: And the interesting thing that you said that I really liked is just make it simpler. Because I think cybersecurity as opposed to other industries is so fragmented and you have so many tools, which you don't see in other industries, In CRM tools or ERP.

speaker-0: Yes, and that's why this whole notion of bringing in best of individual products, putting it together as part of an integrated platform solution, that you can have a common manageability, a common UI, a common monitoring from everything from day minus one to day end. That's very important.

speaker-2: So on that note, so you hold over 100 US patents and you lead highly technical teams. How do you foster innovation while still maintaining the reliability and trust that enterprise customers depend?

speaker-0: Yeah, I think it's a very good question. think like, I feel that basically innovation comes in different ways. One is innovating a complete new idea, new product, new innovation. That's great. You get those opportunities sometimes and not everybody gets that. But I think you can be innovative in everything that you do. It could be things that you do differently from a day to day basis. It could be innovation that you're driving in terms of process and making things more efficient. It could be innovations in our workflow and optimizing how teams are working. And actually even now, in this whole world of AI and agents that we are seeing really transform rapidly in the last ⁓ few years. I think it will be even more important to basically empower these teams to be able to drive ⁓ the level of creativity and innovation that they're seeing across all aspects of what they do in their life. Like we are seeing this phenomenon, which is once a lifetime with AI and agents where everybody is more efficient, everybody can move much more faster. How do you make sure that that that translates to broadly what the larger organization can do to really push every organization, every teams to be more efficient and more innovative. So innovation is in multiple facets. Of course, you can be innovative in a new product, a new solution, a new idea. It could be a new feature. It could be a process innovation. It's how you get things done. But that all starts with the whole culture of the organization, right? Where you will be able to make Like if you think about what is the culture? People always say what is culture? I tell people that in very simple words, culture is the behavior when no one is watching you. Right? And it may sound very simplistic but that means that I'm not doing something just because somebody is telling me to do it or somebody is monitoring me. It's ingrained into how I do things. And innovation needs to be done that way. We're not doing innovation because like you know I have a few hours every day or a budget carved out to do innovation like... I mean, my view doesn't really operate that way. You ought to have it as a culture where you are able to be okay if things fail. Drive a culture where you can experiment, fail fast and have that thing where it's okay. Sometimes celebrate those, right? Because we often celebrate successes. We don't celebrate things that didn't succeed, but it was still a good effort that motivates people to try more. It's just like, it's important to get those things done. Those are our variety of different things that we do, whether it is ⁓ quick POCs, quick idea generation, ⁓ encouraging people to try these things, ⁓ if ideas are innovative, making sure it gets funded or taken to completion all the way, all that is part of how we are to drive culture innovation in the organization.

speaker-1: back to what you said in the beginning of hiring leaders based on culture fit.

speaker-0: Yeah, very important. Definitely.

speaker-2: You know, it's funny, I was just going to bring an anecdote from a completely different area of life. I married a Brit and ⁓ she taught me about Premier football. And I never understood in the beginning when somebody took a shot on goal and he missed and everybody clapped, like the whole place stood up and gave him a standing ovation for missing, you know? And this goes back to what you said about trying hard, taking responsibility, being accountable for what you do. And yeah, you're not going to make it, you're not going to hit a goal every single time. but you're going to try and then you will have those goals and people will, you know, applaud you also for trying and also for winning.

speaker-0: And also it's it's also a balance you also need to recognize as a team as a leader that something Has reached a point where it is not going to go anywhere by trying more Right, so you need to find a way to say, you know what? Okay, I tried this is not going to work because if the idea is great But the market's not ready or the idea is not working or nobody wants it like whatever could be the reason right? But you have to make that call and that also requires a lot of you know thinking because very few people sometimes want to admit that what they're working on is not working. Like this human way we think about it. to say that look, this didn't work out. I'm going to fail fast. I'm going to move on and I'm to do the next thing. That's also very important.

speaker-2: All right, I have a question for you on the innovation side. ⁓ You know, there are lot of established companies today that are treating AI one way or another. They understand they need to implement and they understand they need to bring it in-house. But if we take, for example, some industries, even like medical device industry or defense industry, where the defense industry is very, very wary about bringing AI inside, So they might have localized LLMs or however they're to be doing it. But then you have these startups who are coming on the side. They have no worries. They're not big established companies. And they can do whatever they want. And how much do you think they might blindside some of these bigger organizations with innovation that they can do really quickly?

speaker-0: Look, I think with AI, it's very interesting. First is that it allows you now to create something in a very short timeframe. An idea you have can be bought to fruition, I would say, with less people, less time, less effort in general, because there are a of things available to it. But it's also, I would say, if you rewind the clock back, I'll tell you a simple story. When I graduated from USC, I interviewed a bunch of companies, high tech companies, is the late 90s, the booming time, et cetera. And almost every organization I interviewed with asked me one question, which was generally the question among the many questions that they asked me. How do you insert a node in a sorted linked list? Right? And standard, I knew it, beginning of the list, ending of the list, empty list, all the use cases. And then I started my first job, I called insert node and I felt like shit. I to write my library. So that was a library I called. It was like, know, something gave me a thing to just call. And then in 2000s, I spent a lot of time in my initial days optimizing code with even assembly language to look up on four byte addresses to have line rate performance. Right. And then came along faster processors and open source software that didn't require me to write the protocols I wrote from scratch in the past. Right. And of course, The way with AI is at a different level, but you can relate to what's happening, right? Now, in all of those things, even when I used the Linux kernel to build a stack for a router or a protocol that open source, I need to understand the system. When things go wrong, I need to understand how to fix it, understand what works, instrument the problem, et cetera. I think even with all of these things happening with AI, the people who will be differentiated, in my view, will be the people who are the best system thinkers who understand how things work end to end because yes, a lot of code is being generated by AI, but how you bring all this together, how the system works, how do you tune it if you need to work, etc. And those are going to be more important or more valuable than just the pure coding aspect of your job.

speaker-2: And if it's in business, it will be the people who have the domain expertise and not just the people who can throw together systems because they put it into one of the, you know, the AI engine.

speaker-0: I mean, domain expert is important, but also I think I'm not sure if it will matter if you have 10 years of domain expertise or 20 years. That thing is shrinking.

speaker-2: Yeah, that's true.

speaker-1: So on that note, maybe ⁓ there's a question, Anad, we ask all our guests at Hot in Tech, we ask, what do you think will be Hot in Tech in the upcoming year? We spoke a lot about it, but not necessarily cybersecurity, just a broader space. Where do you see the space going?

speaker-0: If I have to just say, think that the biggest revolution happening right now is on everything with AI. And this year, you're going to see a lot of things happening with AI agents. And in all aspects, you think about AI agents today, you have agents on your desktop. Like you have your white coding agents, you have agents in the browser that you're accessing, you have agents on your SaaS platforms, you have agents built on AWS Bedrock or Crew AI or any of those platforms. All of these agents are going to significantly enhance productivity of an organization at scale. Right? But along with that comes increased risk in terms of cybersecurity. Do agents have the right permission? Are you protecting, are you scanning the agents for, just like you scan code and models? Are you able to do red teaming of agents? As these agents are doing things, are they doing things with malicious activity that you can block at runtime? So all of these aspects, whether it is scanning the artifact, the red teaming, the runtime, the identity, the controls, the non-security controls, the security controls, I think needs to be solved because otherwise it'll be hard for at least enterprises to use agents at scale. We've seen many examples where, look, I mean, if you can imagine agents by nature will have memory because agents will be personalized to what you are or your organization is. It'll have short-term and long-term memory. We are seeing research from our own team which say that attackers are looking to poison that memory to alter the behavior of that agents. Agents will have to prevent against excessive permissions. Because now you can build an agent by white-coding it in three hours. But have you thought about the controls? So think those are all important aspects that you need to make sure are deployed by thinking of security from the get-go. versus an after fact. Absolutely, they'll bring tremendous amount of agility and speed. And you're seeing the same thing with agents in the browser or agentic browsers. They can do a variety of different things for you in the browser, but are they secure or not? Are you thinking about security upfront? Are your crown jewels protected, et cetera? think that will be, agents in general will be, I think, a big theme for the year. And how do you secure them is going to paramount to ensure that agents are successful in the organizations.

speaker-2: So I was talking the other day in my street with somebody who's actually a neighbor. He's the person who put the ⁓ lunar module into orbit and ⁓ it didn't land exactly as he wanted it to, but ⁓ it got pretty far. It landed on the moon. He said to me, think about this, that in 10, 15 years, there are going to be flying devices, whether they're planes or cars or whatever, in the sky and those are going to be built on AI code. And the question is, did the AI code do also do the quality control of the AI code that these things are running on? And it's a little bit of an interesting thing to think about, from a safety point of view also.

speaker-0: I will tell you one thing is that, and it may sound something that is, I would say, a different. This is the worst situation you can ever be in. It's only going to get better. So if you believe that your AI systems, your AI tools are giving you information which is 70-80 % good, that's the worst it will be. It's going to get better next year, next month, next quarter, all the time things you do. And I think it's important to be able to embrace that. Because if you don't start using them now, you have the risk of being left behind.

speaker-2: Absolutely. Do remember when people said who's going to put a credit card on the internet?

speaker-0: Yes. Or we are going to find you online. Yeah, I'm just saying all of those are things that we grappled with as you know in our lives.

speaker-2: It's a lot of it's psychology that people have to get over things. Well, so we're at our last question for you. And this is actually a question for the community. Today with the growing influence of AI and all of the changes that are taking place so quickly in the market, I'd actually like it to be a two-part question or facing two different audiences within the community. What advice would you give to technologists who are just starting out? Because, you know, they're coming out maybe with degrees in, I don't know, coding. They know Python, they know C-shark, they know Java. ⁓ So what advice would you give to them on one side? And what advice would you give to those people that are already in the system who want to follow in your footsteps and achieve, you know, leadership roles and become important in their organizations at the executive level.

speaker-0: Yeah. Look, I think for the people who are early in their career, graduating now or just starting their job, my input to them is always that like, look, just embrace all the AI tools and coverage, use it, become an expert. Because if you don't, if you don't start using them, you will be left behind. At the same time, try to gain as much domain knowledge, you talked about it before as you can and whatever you're working in. So that's going to be relevant as well. If you think about with AI, you're going to be able to get a lot of normalization of knowledge and information and intelligence, if I may call it that way. But what differentiates will be other aspects of how deep you have domain knowledge and of course your, your attitude, et cetera. That's one. For, for people who are already in the organizations and want to grow and scale, like, look, my views are again, embrace this completely. I see a lot of hesitation from, you know, from people who have been in the industry for long time saying that, look, I can do better coding than the AI tools. Maybe you can do it today, but will you be able to do better than in a year, two years, three years? Right? I'm just saying this is moving so fast that I don't think it's that even today, it's like it's the speed, the scale and the controls that you have. You have to embrace that. Right. And I think it's also be open. Right. Sometimes it's like, you know, we all have done work in a given way for many years that made us successful, but what got us here will not get us there. So it's okay to say some things change completely. and some adapt or something is completely new. But be open to that change because change is the only constant. If you will be rigid in the approach, is going to be hard to keep up with the trend and you will be obsolete sooner than you know.

speaker-2: And from the leadership point of view, any tips for people, you know, how to climb the ladder? should, you know, is it just a matter of showing that they are taking, you know, responsibility and accountability and, you know, anything else you would maybe just add?

speaker-0: ⁓ Growth in leadership roles really comes from ⁓ readiness of the person to take on bigger responsibility and also based on scope that can be created for that person. First is generally in control of the employee, second is in not total control, right? To give you more scope is not completely you control it. What you control is the work that you do, the outcomes you deliver and the leadership you demonstrate. And usually I feel that if those are done, good things happen. But it's important to show consistency. It's important to show hunger and desire to do more and initiative. Like a lot of times you grow when you do things by taking initiatives that that other people didn't take. I always tell people that if you're given a task, raise your hand, then figure out after that how to get it done.

speaker-2: I agree with that 100%. Then I said, I actually I've seen that in my own career as well. And, uh, and I, and I always, um, tell the people in my teams that they should always be striving for more. And so I, yeah, I, I think you're a hundred percent right. Well, um, and I want to thank you very much for being with us on the show and, it's been great. And yeah, you have such an amazing history and experience and you know, where you started and what you've achieved. And your insights are, I really believe they're head on. And ⁓ I'm sure our listeners will really enjoy hearing this episode.

speaker-0: you

speaker-1: If you enjoyed this episode, make sure to subscribe so you don't miss future conversations with the people building, breaking, and reshaping technology.

speaker-2: And this podcast is proudly sponsored by C2A Security, the only context-based product security orchestration platform. Stay tuned for lots more hot in tech.

speaker-0: Skip the spin, we dive straight in. Future in your ears this time. Hot in tech. Turn it up. What's coming next? From the labs to your desk. Yeah, we're breaking all the specs. Hot in tech. Big ideas, bold bets. Plug in, you're set. Hot in tech. drops another wild start a change in how we move how we pay your hand on your wrist tomorrow starts here today

speaker-2: in Tech.

speaker-0: What's new? What's now? What's next? We're alive. Big brains, big dreams, on the edge of the line. Hit play, let your mind connect.

speaker-2: Leave a comment at 3 words

speaker-0: One trick, hard in tech. you