This Week in Startups - Palo Alto Networks CEO Nikesh Arora on cybersecurity in the age of AI | E1806

Episode Date: September 11, 2023

This Week in Startups is brought to you by… OpenPhone. Create business phone numbers for you and your team that work through an app on your smartphone or desktop. TWiST listeners can get an extra 20...% off any plan for your first 6 months at openphone.com/twist. Embroker. The Embroker Startup Insurance Program helps startups secure the most important types of insurance at a lower cost and with less hassle. Save up to 20% off of traditional insurance today at Embroker.com/twist. While you’re there, get an extra 10% off using offer code TWIST. LinkSquares. Life for in-house legal just got a whole lot easier. From contract creation to execution and more, LinkSquares is the go-to for all your legal needs. Learn more at linksquares.com/twist. * Today’s show: Palo Alto Networks CEO Nikesh Arora joins Jason to discuss his time as head of Google Europe (2:26), strategies learned from Larry Page (15:23), precision AI’s role in cybersecurity (43:14), and much more! * Time stamps: (0:00) Palo Alto Networks CEO Nikesh Arora joins Jason (2:26) Becoming head of Google Europe and meeting Eric Schmidt, Larry Page and Sergey Brin (10:15) OpenPhone - Get 20% off your first six months at https://openphone.com/twist (11:46) Maintaining Google’s culture in Europe and the hiring process (15:23) Applying strategies learned from Larry Page to Palo Alto Networks (17:59) Sub-categories of EQ manifested in the workplace (22:12) Embroker - Use code TWIST to get an extra 10% off insurance at https://Embroker.com/twist (23:41) What led Nikesh to be CEO of one of the top Cybersecurity firms (30:24) Cybersecurity against artificial intelligence (35:31) The SEC’s mandate on breach reporting (38:35) LinkSquares - The go-to for all your legal needs, learn more at https://linksquares.com/twist (39:51) The SEC’s mandate on breach reporting continued (45:54) Gains from AI and what it means for organizations (43:14) Precision AI’s role in security (53:14) The future of AI technology and the battle of the chatbots (57:41) Nikesh’s time at SoftBank working directly with Masayoshi Son * FOLLOW Nikesh: https://twitter.com/nikesharora * Read LAUNCH Fund 4 Deal Memo: https://www.launch.co/four Apply for Funding: https://www.launch.co/apply Buy ANGEL: https://www.angelthebook.com Great recent interviews: Steve Huffman, Brian Chesky, Aaron Levie, Sophia Amoruso, Reid Hoffman, Frank Slootman, Billy McFarland, PrayingForExits, Jenny Lefcourt Check out Jason’s suite of newsletters: https://substack.com/@calacanis * Follow Jason: Twitter: https://twitter.com/jason Instagram: https://www.instagram.com/jason LinkedIn: https://www.linkedin.com/in/jasoncalacanis * Follow TWiST: Substack: https://twistartups.substack.com Twitter: https://twitter.com/TWiStartups YouTube: https://www.youtube.com/thisweekin * Subscribe to the Founder University Podcast: https://www.founder.university/podcast

Transcript
Discussion (0)
Starting point is 00:00:00 I came to California and Eric and I went for a walk around the Mountain View campus. And he spent an hour walking around. He said, you have 10 more interviews after this. And he says, well, I really like you. But, you know, this is a job which requires you to sell advertising in Europe. And you've never sold advertising before. I'm like, so should that, does that mean? I should just pack my suitcase and go back or take my bag and go back to London because
Starting point is 00:00:23 this is not my job for me. And he's like, yeah. And he was very, very sort of thoughtful. He said, listen, the business model of Google is going to. evolve multiple times in the future. So I'm not sure we need to go find ourselves the best ad sales executive. We need to find ourselves a good executive who can roll with the punches and adapt. This weekend startups is brought to you by OpenFone brings your team's business calls, texts, and contacts into one delightful app that works anywhere. Get 20% off your first six months
Starting point is 00:00:53 at openphone.com slash twist. In Broker's startup insurance program helps start a up secure the most important types of insurance at a lower cost and with less hassle. Save up to 20% off of traditional insurance today atmbroker.com slash twist. While you're there, get an extra 10% off using offer code twist. And link squares. Life for in-house legal just got a whole lot easier. From contract creation to execution and more, link squares is the go-to for all your legal needs. Learn more at link squares.com slash twist. All right, everybody, welcome back to this weekend
Starting point is 00:01:36 startups. It's all-star summer. We're getting all the amazing entrepreneurs, CEOs, investors in the industry because it's the summer. They got a little bit of time. I might be able to get them on the schedule and then you get the benefit today. No different. I'm super excited to have Nikesh Aurora on the program. It's the CEO of Palo Alto Networks, but before that, you know him because he was the president of SoftBank and was going to be the heir apparent to Masayoshi Sam will get into that. And before that, he was one of the earliest Google executives and was part of that early Google cadre that included Cheryl Sandberg and Tim Armstrong and Marissa and just all those incredible executives who went on to do great things. So, Akash, welcome to the program. Thank you, Jason.
Starting point is 00:02:25 Thank you for having me. Yeah, yeah. So I wanted to start with, you know, Google because what an amazing time to go to Google. And how did you wind up getting the job at Google? How did you become aware of Google? I know you immigrated to the United States. We had talked about that at some point and you came here with nothing. So I'm kind of curious how you got here with nothing and then wound up at Google.
Starting point is 00:02:53 It feels like the American dream. Yeah, there was a bunch of things. just stops before that, Jason. So I actually went to school in Boston, went to business school, did a little bit of the by-side investment thing, which didn't quite work out for me.
Starting point is 00:03:07 Well, I liked, I did fine. I just didn't want to sit in a room. When you say you went to school in Boston, that means you went to Harvard, yeah? No, I went to Northeastern. Oh, okay. See, usually people who go to Harvard and were like, I don't want to say
Starting point is 00:03:20 it went to Harvard because people are going to just hate me. Well, I can't say I went to Harvard because I didn't go there. Yeah, exactly. I did go to school in Boston, I went to Northeastern, I'm in to Boston College. But you immigrated, yeah.
Starting point is 00:03:32 Yes, I did. And I worked at Fidelity and I worked at Putnam and then I decided to move to London slash Germany and I worked at T-Mobile at that point in time. What time is this?
Starting point is 00:03:43 This is 1999 to 2004. This is when T-Mobile bought T-Mobile USA. It used to be called VoiceStream. Yeah. I was part of the team at T-Mobile. We did that. And this is right as the dot-com
Starting point is 00:03:56 market fell apart. So you got to witness that. And then the down market of those 2002 to 2006. I wrote a sell note in 1999, which I still have, which I said, I cannot understand how the value stocks anymore. It's November 99. And I sold everything and I quit my job as a by side analyst. Did you do the same thing in 2021 by chance?
Starting point is 00:04:20 I wasn't an investor in 2021. You weren't an investor. A lot of, yes. So that takes a lot of courage and fortitude to be in the middle of a roaring party and saying, you know what, this party's not sustainable. It makes no sense. The cops are going to be here any minute and they're going to bust this party and it's going to be over and the lights are coming on. What gave you the fortitude to kind of write the memo?
Starting point is 00:04:47 I'm curious. It must have been unpopular at the time. In hindsight, it's wonderful. I was just enjoying the party. I had a good buzz going and I said, I've had enough. let me go out and go home. I didn't see the cops getting there. So now it looks like I was so smart.
Starting point is 00:05:00 The cough showed up right after I left. This is a key thing. I have this discussion with my wife all the time. I'm like, you know, it would be a great time to leave this party right now? And she's like, this party's amazing. I'm like, exactly. That's right. This is the peak.
Starting point is 00:05:12 And knowing the peak of the party and when it might be a good time to get some rest, to get some sleep before it kind of gets dark is a key part of doing this. So I was there. Yes. And then I was at T-Mobile in Germany, and I did that for four or five years, and I was 34 years old, and I had this moment where I said, wait. So I'm flying every week from London to Germany. I'm working with people who are 10 to 15 years and average older than me. I'm doing marketing in Germany, there's got to be something else I should be doing. So I decided to leave that job, and I was having lunch with a friend of mine who says, listen, this headhunter called
Starting point is 00:05:49 me about this tech company from the U.S. was looking for somebody to run Europe. My job's big, maybe you might be something, this might be something you were interested in. Yeah. So, I'm like, and that company was, of course, Google. And I said, okay, I'll take a phone call or I'll take an interview and I did that. And it was October 2004, right about in Google and public. They had not hired a single senior person ever from the outside. All the 12 vice presidents were internally promoted.
Starting point is 00:06:22 And I think, Larry and Sergey were probably on their second trip to Europe ever in the history of Google. They happened to be passing through London. So, and one thing led to another, I ended up getting an interview with Sergey walking through the British Museum. Wow. Then we walked around. What was that like? What was Sergey like at that time in 2004?
Starting point is 00:06:44 I mean, it just gone public. No different than he is today. It's bubbly, curious, running around. Larry was busy touring the museum. with his part of his family and Sergey was the chosen one to make to the interview and we walked around we talked about, we walked into the
Starting point is 00:07:02 Rosetta Stone and and I just spent five minutes in a museum shop before that. I'm not a museum gore but lo and behold, they have too many Rosetta Stones there so I'd read a little bit about it so I started telling about it. He said, oh, what do you think about translation? Do you think Google translation translates is going to work?
Starting point is 00:07:18 So you're talking about that and that led to me coming to Mountain you, spending two days there and long story short I ended up as head of Google Europe. What was this pitch to you as to the ambition of Google and where it was going? Because it obviously has become a much bigger enterprise than the enterprise that you joined 19 years ago. So what was his pitch to you of what they were going to do? I think his very simplistic pitch. He just basically said, listen, the world is getting more, more connected.
Starting point is 00:07:50 There's more information around us. It's going to be hard to parse through it without any sort of something helping you out. And the thing that's going to help you out is Google. And you didn't have to be a genius to figure out that even in that short period of time, what is it like? 4 million people are connected to the internet in 1998 and 2004, probably tens of millions. It wasn't hard to believe that over time, and this number could keep rising. None of us was smart enough to say that three and a half billion people will be connected, but it's going to be more than that.
Starting point is 00:08:19 And don't forget, I was out of a job. Right. And you were a marketing executive, and they had a very unique idea around advertising and connecting marketers with customers. So what was your first gig there? Was it working with the ad networks? So, you know, I came to California, and Eric and I went for a walk around the Montgomery campus. And we spent an hour walking around. He said, you have 10 more interviews after this.
Starting point is 00:08:45 And he says, well, I'd really like you. But, you know, this is a job which requires you to sell advertising in Europe. and you've never sold advertising before. I'm like, so should that, does that mean? I should just pack my suitcase and go back or take my bag and go back to London because this is not my job for me. He's like, yeah.
Starting point is 00:09:03 He was very, very sort of thoughtful. He said, listen, the business model of Google is going to evolve multiple times in the future. So I'm not sure we need to go find ourselves the best ad sales executive. We need to find ourselves a good executive who can roll of the punches and adapt. Awesome.
Starting point is 00:09:19 Very insightful by Eric. Eric's very infleateful for the most part. Strategic, yeah. And then I ended up, my first gig was to run Europe. And yes, it was primarily selling ads, but we had like nine offices and one real office, eight Regis offices. And in five years, I opened 26 physical locations for Google. We hired 4,000 people. And we went from, I think, 800 million in revenue, four billion.
Starting point is 00:09:50 wild what a run yeah and you see your joke he's saying regis office you mean like the pre we work they had regis office shares which where you could rent an office with a lock on the door with old corporate furniture in it like really the most dismal offices
Starting point is 00:10:06 you could ever be in a serviced office which traded at 140th evaluation of possibly we work yes are you still using your personal phone number for your startup it's 2023 it's time to stop it is a huge mistake that founders make. Why? You're just getting started with your company, and you don't think
Starting point is 00:10:26 about phone numbers as being an important part of the IP collection of your startup. With open phone, you can totally solve this problem. They've rethought everything about a modern business phone and how it should work. It's super easy. You just download the app on your phone or your desktop, and you pick a number, and you're done. And you do it for just such a low price. It's so affordable. And think about it. If you have your sales team using their personal phone numbers, a salesperson leaves and goes to a competitor, you don't have any insight into what phone calls occurred, what people's phone numbers are. That's your company's database. And if you allow the sales team to run them up or the customer support team, it's just unprofessional. Be professional.
Starting point is 00:11:07 Use open phone. And we use it for things like event communication. So we get one phone number, but it can go to multiple people, like around Robin. Then we have a shared phone number. do that for customer support. And Open Phone is rated number one. On G2 for customer satisfaction. And I trust G2's ratings. Open phone, it's ready, it's affordable. Starts at just 13 bucks a month.
Starting point is 00:11:27 Twist listeners can get 20% off any plan for the first six months at openphone.com slash twist. And if you have existing numbers with another service, no problem, easy, peasy lemon, squeeze, open phone, we'll port them over at no cost. Head to openphone.com. Switch to start your free trial and get 20% off. You were responsible in some ways for maintaining Google's very unique culture in Europe,
Starting point is 00:11:51 or did they say create another culture? Because this idea of like hiring really smart people, letting them loose, and, you know, interviewing 10, 20 people. I mean, it's a very unique culture, especially coming out of corporate German culture that you were in. So maybe you can contrast the cultures. Well, I don't know if I fully got into the corporate German culture at all, but I'd say it was definitely. unique even for a Western culture for somebody to interview, you know, tens of people for one job. And then eventually, you had to wait with bated breath for about a week because all these
Starting point is 00:12:26 packages went to Larry and Larry would read through them. I think I'm pretty sure I moved to the U.S. in 2009. I know in 2008, I went petitioned Larry and said, Larry, I've been keeping track of all the recommendations we send you to people to hire and the ones you reject. And I have a 90 plus percent correlation with the ones you're going to reject. so can I please have authority to move and hire them? And he let me have the authority to hire people. With the caveat that he would have the right to reject an employee,
Starting point is 00:12:54 even if I hired hired him or her, if he chose to do so. He never exercised that, but there was always that hanging over one's head saying Larry could decide, he doesn't like this person and that didn't follow his hiring process. But I think that I honestly think that that was one of the amazing things that, one of the many amazing things that Google did, is to maintain this constant debate and dialogue and making sure we're hiring good people. You deconstructed his algorithm and you got to 90% correlation. What was his algorithm?
Starting point is 00:13:23 What did you figure out he was doing? Was it as simple as just hiring very smart people? Was he hiring people with chips on their shoulder? Was hiring smart people with chips on their shoulder? What was he looking for? I think he had the point of view that, listen, there's lots of people we could be hiring. A lot of people want to work at Google. He just has to make sure that we don't end up hiring false positives.
Starting point is 00:13:44 What did it mean? Well, you know, you want to make sure that there's a set of people who've looked at it from every angle. Like, you know, there were simple things like you just can't say this person is smart. He'd say, okay, tell me the three questions you asked them. And what is their answers to tell me that they were smart? So it took away all the biases. It took away friends, you know, people you know from a different job area of perception. They're really good there.
Starting point is 00:14:07 We can hire them here. He'd say, write down everything you talk to them about within reason. And that way I can make my own judgment, whether this person qualifies. it doesn't qualify. So it just took out, take out a lot of the reasons why people sometimes make mistakes and hiring. And Larry always held the view, which I fully subscribe to that.
Starting point is 00:14:24 If you get a bad leader, it can have a multiplicative negative impact to the rest of your organization. So you're going to be very careful when you hire up senior people because they can, they can drag a whole team down. Yes. Because of their position in the company, they're going to have an outsized impact.
Starting point is 00:14:42 And so false positive being, hey, this person interviewed really well. They seem smart. They seem like a leader. They seem like somebody who could, you know, motivate people to do great work here or draw in other talent. But it was a show. It was performative maybe.
Starting point is 00:14:58 Or somebody maybe hired them because they're friends and they went to college together. But also, he also was more to make sure that we didn't get under the pressure that we have to fill this job quickly. And you end up hiring somebody who's 70% of what you need. But now you're there. They're there for the next two, three years. And now they're performing it 70%. and now you've basically taken what could have been a great performance of part of the organization and impacted it because you were rushing to solve a short-term problem.
Starting point is 00:15:22 So how many people work at Palo Alto networks? About 14,000. Okay. So now you've got 14,000 people of Palo Alto networks. Yes. And what did you take from Larry's algorithm and then what's in your algorithm, Nikash? You must have evolved it and you must have a way of which you like to run a company. And also we'll get into like inheriting people because that's also challenging, I assume.
Starting point is 00:15:48 Yeah, so look, we did inherit, I did inherit 5,000 people and some of them have moved on because we've been transforming the company. We have hired possibly north of 14,000 people in the last five years. I think the part which you take from Larry is, yes, you know, you have to have a series of filters about good people. You have to make sure there's an organizational conversation about hiring those people. It just can't be. Four people interviewed them for half an hour each. with two hours of data, of which probably half of that was spent in pleasantries,
Starting point is 00:16:18 you've decided that you're going to spend hundreds of thousand dollars, if not more, to have somebody do that role. So I think there needs to be that process, that conversation, and a series of checks. I think the only adaptation one has had to do is that it's both the IQ and the EQ.
Starting point is 00:16:33 Okay. And I'd say the Google bias might have been more an IQ bias because of the strong engineering culture and the fact you have to create products. and in a way, ad sales was more evangelical, like you were going to tell people because it's quite funny
Starting point is 00:16:48 to joke about this. Like, when you go to sell ads at Google, well, actually, what do you sell? So, well, how many can I buy? Well, I don't know. Depends on how many people are going to search today. What's the price? Well, I don't know.
Starting point is 00:16:59 It depends on what other people are bidding for it. Other than that, yes, I'd like you to buy some ads. It's great. So do I give you a blank piece of paper saying, buy me ads? You can set a price.
Starting point is 00:17:08 You can say, I won't pay more than a dollar a click. Yeah. So it was kind of here, here we sell to our customers. We have to make sure the people we hire have relationships, have the ability to sell, have competence and domain knowledge-specific sort of knowledge. So we adapted the Google algorithm,
Starting point is 00:17:27 but I'd still say that the guts are still significantly influenced by how we did things at Google. And if you're selling something brand new and all sales has a trust component to it, unless you're selling widgets, even then, you know, people have to get their widgets on time and they have to be a certain quality. So there's such a big trust component. You need the most trust in widget.
Starting point is 00:17:46 You need the most trust in widget because there's no differentiation. Yeah. They're going to come on time and they're not going to be Fugazi. But when you're selling something that nobody even understands, like, yeah, it's like really take a leap of faith. So talk a little bit more about the EQ piece and why that's important to you and your algorithm. And how do you quantify EQ? and what are the subcategories of EQ that you see manifested in an actual work environment? Well, like, out of the 14,000 people we have here, I think 5,000 to 6,000 are in direct customer-facing roles, right?
Starting point is 00:18:21 You're constantly dealing with customers who are sort of CIOs, CISO, chief security officers, or who are working in the technical parts of our customer organization. So, you know, somebody has to come across as empathetic, as somebody who understands a problem, they have to be trustworthy, like you said. There's a significant competitive trust. We're in the security business. Customers have to believe we solve their problem. They have to believe our products are going to work.
Starting point is 00:18:45 And most importantly, the customer has to believe when the shit hits the fan will be there for them. Because for the most part, our products are working, you're fine, you're not in a breach, you're not in a situation where you've been attacked. The moment something bad happens, they want you there yesterday. They want you there to help solve the problem standing next to them. They want to make sure it wasn't your product that caused the problem. So from that perspective, all those things are as important as the technical competence when you're selling the product to them, right?
Starting point is 00:19:12 You have to be there for them, trustworthy, consistent, available, all these things become important. And part of that shows in your personality, part of that shows in your track record. Have you been doing this for a while? You've been doing it for the right companies. And it's pretty easy to unearth with a few reference phone calls. Ah, yeah, if you're talking to the people who've worked with them before. And that, especially, I just never thought about it in terms of security, which is a business you're in. things are just steady state, everything's working fine, the attack happens, it's very scary,
Starting point is 00:19:41 and now you find out about loyalty, reliability, you know, is this a stand-up person who's going to fight with you to solve this problem? I think it doesn't stop at the person, right? It goes all the way to the organization. So, for example, you know, we have a very simple set of policies. If you have a problem, we will open up the floodgates, we will turn on all your licenses, we will turn on products that to protect you that you even possibly haven't paid for. we will send people there without saying sign this order and we'll say just sign this NDA so we're not in contravention but we're not going to come and say you got to buy this will return on.
Starting point is 00:20:14 We will throw everything in the kitchen sink at trying to protect you at that point in time because we want to be there for the customer, especially in their time of need. Oh, so that speaks volumes. You're not like the sharp elbowed. Hey, you don't pay for that product. We told you to buy it. You didn't buy it. Now you're suffering. Now you need to turn it on.
Starting point is 00:20:35 We'll send you a purchase order. It's, hey, we're going to just, we're going to help you get out of the situation. And then afterwards, we can have a debrief. And if any of these products help, you should use them. Well, Jason, we've got a customer. We closed it to you recently. They had it running for four months. We spent four months getting them back up and running until they were up and running and
Starting point is 00:20:54 secure. And half of them were not even our products, right? We're supporting them with other people's products. It took us three to four months to get them up and running. Then we had a conversation about, you know, do you want us to leave this stuff there? and have it running and configure it for you. And of course, they want you to. But we don't show up the first day and say sign disorder or we don't say, you know,
Starting point is 00:21:12 we want to get them back and healthy first. So in terms of responsibility, which is a lot of what IT is about, I'm security is about who's responsible, who do you get to blame? You just take the approach. It's, you know, we're responsible no matter what the situation is. We're just going to come in there and do as much good as possible. I don't even know that reputation. I don't even know if it boils down to responsibility, right?
Starting point is 00:21:35 As you can imagine, if you're thinking about a, you know, as uncool it may sound or cool it may sound, in a cybersecurity situation, this thing can happen for a variety of reasons. It could be somebody's credential was stolen, somebody logged in as you, somebody hacked your password. So it could be a simple thing, social engineering that causes your credentials to be lost. But then once you're inside, you start moving around and collecting data, extracting data, you know, locking down desktops and creating ransomware events. So that's not the time to figure out who to blame. That's the time to figure out how you go sort of throw a blanket over and protect the customer.
Starting point is 00:22:09 And we'll figure out and analyze it afterward. All right, listen, we work with super early stage companies at my investment firm. It's called launch. I'm talking pre-series A, right? We're talking seed stage, friends and family. And you know what? At that stage, maybe they don't have insurance yet. In fact, just recently, we have an amazing startup.
Starting point is 00:22:26 They didn't have D&O insurance. if you don't know what D and O means that basically protects your directors and officers, directors, board of directors, officers, the people who run the company, your management team. So what do we do? We send them right over to Embroker. Inbroker is business insurance built specifically for startups. Inbroker's single application helps startups get four quotes for four lines of coverage in 15 minutes. They connect you with one of their expert brokers for unmatched service, and that goes beyond your policy.
Starting point is 00:22:58 We use this at all of our companies. It's easy, peasy, lemon squeezy. And if you're not getting insurance, you know, at some point you're going to have to get it. So let's make that point today. Right now, this weekend, tonight, just go to Embroker today with the code Twist. And you'll get 10% off their startup package. How do you get the startup package inbroker.com slash twist? That's E-M-B-R-O-K-E-R.com slash twist.
Starting point is 00:23:23 Make sure you use that code twist for 10% off. That also more importantly than getting the 10% off. that shows them that you're listening to this week in startups. So we love in Broker. They've been amazing in terms of supporting our founders for years. And of course, this very podcast. Great job in Broker. How does one not coming from a security background wind up being the CEO of one of the most,
Starting point is 00:23:48 if not the most important cybersecurity company in the world? How? I mean, I'm sure you must have gotten this. Like, hey, what are your bona fides here? like, have you worked in security for us? No, I did add sense and I worked on Google and then I worked with Masayoshi San investing and
Starting point is 00:24:04 now we want you to run a security thing. How did they recruit you for a job that you didn't come from a security background? And versus also having somebody come up the ranks there in hiring, like Google did, you know, everybody who was in senior positions like you said, they typically moved
Starting point is 00:24:20 up the ranks. How did you get the gig? You know, it's funny, I got a phone call from a headowner saying, listen, a lot of networks would love to talk to you about possibly joining the board or maybe something else. So I show up and I talk to the board and we spend some time. Again,
Starting point is 00:24:36 one more time, I'm not working. I'm hanging out at home. This is Post SoftBank. And we end up having the conversation and they end up saying, we'd like you to consider becoming the CEO. And I'm like, listen, I don't understand cyber security. My only perception of security is like, you know,
Starting point is 00:24:55 consumer security. or like antivirus my laptop. I don't understand how cybersecurity works. I said, don't worry, you've got 5,000 people who understand cybersecurity. We need somebody to come help, put this together, and run the company. Now, that could have been interesting, and I think this is a good conversation for the board because they went and did this. I can only imagine in hindsight, you know, if it had all gone wrong, the board should have
Starting point is 00:25:16 been in so much trouble saying, wait, you hired a guy who didn't understand cybersecurity. He'd never been a public company CEO. He'd never done enterprise sales before. I mean, honestly, how desperate were you? for options that you had to go find this guy. And I was joking when I took the job. I still remember my first meeting with a CEO of a very large tech company now. He used to be a CEO, a different company, not hard to figure out.
Starting point is 00:25:40 I would have to see him like two weeks in a job. Like he sits to me down and says, okay, so tell me, why do they hire you to be the CEO of Politel Networks? Like, I had an interview after getting my job with a customer. He's like, I don't get it. Yeah. Why do you have this job? Explain to me why you. Yes.
Starting point is 00:25:55 And what was your answer? What is it that you know and that that board knew that would lead to you having an amazing run so far at this company without having the cyber security background? I guess the conversation which I had with the board, Jason, at that point in time, where I said, listen, I'm not a cybersecurity guy, but I am a technology guy. I do have an electrical engineering degree. I can understand how this stuff works. But more interestingly, I am a business person. I said, if you think about the technology industry, which is about a $3 trillion, industry here, give or take.
Starting point is 00:26:28 And cybersecurity is about $200 billion of that, give or take. It is the most fragmented industry in technology. The largest player had 1.5% market share at that point in time. So the opposite of smartphones, the opposite of Google ads versus Facebook ads. The opposite of CRM, the opposite of HR systems, the opposite of you pick your enterprise platform. No duopoly. Nothing.
Starting point is 00:26:53 Nothing. Yeah. It's 100 opally, right? So crazy if that is the word. And I sat there and said, this has to be something structural in it. What is the structural problems this industry has? Where every company taps out at 1, 1, 1.5% market share.
Starting point is 00:27:08 And I said, the problem is that every cybersecurity companies that comes out, they get there because they innovated versus legacy, and they stay there because they stop innovating. They find some really cool trick. They go figure out how to go sell it to tens of thousands of customers. And here's the funny part.
Starting point is 00:27:25 The moment you solve the last problem, the bad guys are moved on to the next one. So it's the most innovative adversary in the world. They're always looking for the way to come after you while you've stopped innovating because you're busy selling what you had. In a way, it's all tactics, right? Like it's a tactical warfare. Countermeasures, new ideas, and it never ends. So then what was your approach to get out of tactics and build a platform to have a strategy
Starting point is 00:27:51 here that was more long-term relationship building? How did you conceive of changing the business? So what I sat down and said, listen, I cannot undo, so I went and talked to 75 different CIOs and discovered that everybody had 30 or 40 cybersecurity vendors in their infrastructure and they didn't feel any much more secure.
Starting point is 00:28:09 And the bad guys were getting to it faster and faster. So I sat down with the founder and the chief product officer and I spent about two hours a day with them for the first year, one hour in the morning, hour in the evening, and I just bang at them with all these things I'd learned and ideas. And I'd say, listen, if you think about this, we can't undo what's broken.
Starting point is 00:28:27 What are the big technology trends of the future? How are they going to impact security? So our plastics moment was cloud. So I said, I spent 10 years at Google. I used to sell Google Cloud. This cloud thing is going to change everything. Sure. And so we sat down and mapped out.
Starting point is 00:28:41 What does it do? Well, it fundamentally changes networks because people have to be able to access it from wherever they are, and then the pandemic helped that. It fundamentally changes how you do application development, because now you're writing code using open source widgets
Starting point is 00:28:52 and putting it on GCP or AWS or Azure out there or whatever else you want to choose from. And the second moment was because, again, because having spent the time at Google and Google was chomping at the bit about AI even then in 2014 when I left. So I said, if cloud and AI are the two biggest trends, how does it change security?
Starting point is 00:29:12 So in five years, we said first, you said, second, we used to spend 12% of our revenue you and R&D. I said, that's not enough. That's the amount of money that you spend if you're sort of milking your last cash cow. So we bought 17 companies all in cloud security and AI in the last five years. We focused our business on the future.
Starting point is 00:29:36 We now play in three out of the four biggest swim lanes in cybersecurity. We have 19 products that are in an enterprise. There's a thing called a magic quadrant where you have to be, you know, people buy you if you're good. We're the third company in tech ever after IBM and Microsoft, we have been in so many magic coordinates ever. So we turned the whole company around into what I call a cybersecurity innovation engine, and we've convinced our customers are going to be evergreen.
Starting point is 00:30:03 And then we did that by effectively building three cybersecurity platforms, which are sort of in the early stages. And I think our best one is still ahead of us because we're able to build an AI-based cybersecurity platform, which suddenly with all the conversation around generative AI and AI, has suddenly become center stage for us. So I'm giving you the clip notes version of this. No, no, I mean, I totally get it. And there's so many jumping off points here.
Starting point is 00:30:27 I want to just, I want to get to be a IPs because that's fascinating to me. We had a really interesting conversation a year ago when, you know, chat JPT came out on All In. We were just kind of talking about what are the possibilities here? And I was like, you know, this is completely dangerous because you could fire up fishing attacks and just have an agent running incessantly trying different things. and iterating on them, and it can go at a speed that, you know,
Starting point is 00:30:54 right now is throttled by human ingenuity. Is that actually happening in the field right now? You're 100% right. Now, the slight saving grace right now, Jason, and I don't think it's for long, is you can have an agent running incessantly, and the only difference is right now, the agent doesn't know why it got blocked.
Starting point is 00:31:15 Right? Now, what we have done in our, quote, unquote, lab, We actually tell the agent this is how we blocked you. So we've got agents that have broken through our defenses after 30 plus tries. Because we keep telling it how it got blocked. So it's got a reinforcement learning. Oh, wow. Are you doing that in the lab right now?
Starting point is 00:31:33 So you're training it how to be the greatest black hat so that you can now be two steps ahead of the hackers using this. So we're giving them the counter measures in addition to the measures they're trying. Yes. So what we do is we do this. We're training it now, and we've been able to jailbreak most of these public models out there. It's not hard to get around their guardrails in terms of getting them to generate malware. Fascinating. Well, think about it, there's 1,000 plus models out there in open source, right?
Starting point is 00:32:05 So you can get Google to be responsible. You can get Open AI to be responsible, long out of be responsible. How are you going to take care of the long tail? How are you sure that any of that long tail model that's going to sit on an NVIDIA box somewhere running in some basement is going to have the guardrails you want it to. So we've been able to jailbreak them, we've been able to get them to write malware
Starting point is 00:32:26 or write attack vectors, which then we run against our own products in the lab and we keep telling them how we block it. So we see how many tries it takes eventually gets through. Then we build antidotes to those and then we put them in our products. Fantastic. So it's no longer reacting to what happens that customer A to protect the next 99 customers.
Starting point is 00:32:46 this is, you know, you've got patient zero here. Yes. And you are doing experiments on them and you're seeing if they're inoculated or not. And it's all happening in a virtual environment. So there's, you know, no harm is coming to it. Yeah, but I think we're going to have to work hard with the industry to do that in a grand scale. Because, you know, we're not, I've not held the belief that Baloato is going to solve every problem. The good news is we are aligned with everybody in the cybersecurity space.
Starting point is 00:33:12 We're all trying to make sure the bad actors don't get ahead of us. So I have no problem taking these. malware antidotes and sharing them in the industry. I want to make sure that every product inoculates against them, not just mine. Right. Why? Why would you take that approach? I mean, why not give it only to your customers and let them benefit from it?
Starting point is 00:33:31 So you get the revenues and then you can reinvest it and secure your customers. Why are you giving them out to other competitors? Well, look, I have other ways of creating a moat and other ways of creating economic advantage. What I don't want to do is to hold the cure as ransom, no pun, intended for the rest of the world have to buy my products. Right. You could take another approach like licensing it or, you know. Yeah, but I also want the benefit of their research and intelligence, right?
Starting point is 00:33:58 I don't believe this is a singular problem. I want to make sure that Microsoft does it or CrowdStrike does it or Google does it that we all share in this common goal. Is it collaborative? Did you find it was collaborative when people find exploits solve for them? Do they quickly tell their cohorts and their compatriots, hey, you know, we figured this out, there's an attack vector, or do people kind of hold it slow, you know, when people go for the check and they slowly go get their wallet?
Starting point is 00:34:23 Do they kind of slow roll it before they tell you so they can get the max advantage of having it? Well, there's two different scenarios, right? Jason, one scenario is that I've discovered a vulnerability in somebody's product, right? Or my own product. Now, of course, there is a bilateral connoisseational we tell them, listen, we found this,
Starting point is 00:34:40 you want to fix it before we tell the world, right? Because you really don't want to, you know. You have to, right? And that's what happens in most, even public-private partnerships. There are certain nation-states that won't tell you, because for them, that is a future exploitable opportunity. But in most cases, let's just say 99% of the case, that communication happens with some nuance, but people tell each other.
Starting point is 00:35:01 I think the other scenario is that there is a certain attack factor. Somebody's figured out how to break into something. I think it's fair to say there's probably 10 or 15 high-quality research labs around the world, which are both private and public. and there is a very strong collaboration something called the cyber threat lines where people go and provide their solutions to everyone as quickly as they can
Starting point is 00:35:21 because if there's an attack vector out there, you want to make sure that everybody's products are inoculated against that attack vector. How much of the impact? Yeah. Well, no, I get the alignment piece. Yeah. And so how much impact has the SECs,
Starting point is 00:35:34 you know, now kind of coming down on companies and saying, listen, they're kind of intervening, right? They gave a mandate. You have to, like, report this stuff, and there's consequences I know from some of the companies I've invested in, there were people who didn't report, there were CSOs who didn't report things, maybe they had egg on their face,
Starting point is 00:35:52 they slow rolled it, they tried to solve it before it came out. And now it seems like we got a lot of three-letter agencies who are now monitoring this. So what is the state of our government intervening, whether it's the SEC or others, and saying, when you have an exploit,
Starting point is 00:36:07 we need to know about it. Because the incentive as a CSO or the person on the security team who messed up, if they in fact screwed up, if they have to go report it, self-report it, they lose their job or they could get fired. I mean, it's just, yeah.
Starting point is 00:36:25 So like, like, I think, let me, let me give you a little bit background on this. I think I still believe security is still broken, right? So what happens is in 30 or 40% of the case, I know a bad thing, I stop it. If I'm in your enterprise infrastructure, I see a bad URL you're clicking on, I see malware.
Starting point is 00:36:40 I know it's bad. I stop it. But I don't know, it's bad, I just find it suspicious. What I do is I give you the tools to save, and if it's suspicious, I'll send you an alert. Now, the problem is, I got organizations with 70, 80,000 alerts a week.
Starting point is 00:36:53 They don't know what to do with them. That's the current state of affairs as most organizations get between 30 to 80,000, even 100,000 alerts from security events across their infrastructure, which is like just noise. And that's a function of the fact that the attackers can do very large-scale attacks from banks of computers,
Starting point is 00:37:11 or there's just a large number of them. No, it's just a function of, let's just say that, you know, an organization in the Apollo says, listen, downloading one gigabyte of data is bad from our network. But don't stop that download because it could be legit. Just send me an alert. I got it. So the rules.
Starting point is 00:37:26 The rule. So it's 80,000 alerts flipping around. And I don't know if it was right or wrong. Somebody has to investigate it. That was cool 20 years ago when you had 20 of these. Now you got 80,000. So, and the reason I bring that up is what we've done is we basically said, we're going to watch every bit floating through your day.
Starting point is 00:37:43 infrastructure, and we'll tell you if it's good or bad. So we collect 75 terabytes to data a day at a day at Palo Alto. We analyze that, we take those 80,000 alerts, make them 200 events if they're real. So we basically flipped it to an AI problem. The reason I say that is, I sorry, sorry we gave me a longer answer, but
Starting point is 00:37:58 in the industry, there's something called mean time to remediate. How long does it take you to fix a security event? How long does that take on average? The average United States is four to six days. Four to six days? Yes. The mean time to Xfilms. trade data today is 11 hours.
Starting point is 00:38:16 The hackers come in and steal it. Too late. That's like me reporting my house got robbed like a week later. In San Francisco, they won't care. They won't care anyway. Don't bother. You could wait. You can hang on to that one.
Starting point is 00:38:28 It's funny because it's true. Yes, it is. That's why both jokes are funny. Life for your in-house legal team can be so hard chasing down signatures, pouring over contracts, toggling between all the different tools, the back and forth with the sales team, it's brutal.
Starting point is 00:38:45 And legal stuff, oh my God, bane of my existence, right? It's just so much. It's a deluge. But it doesn't need to be that way. All you have to do is use link squares. It's the first AI-powered end-to-end contract management solution. What does it do? It gives your legal and your revenue teams the tools they need to help sales close deals
Starting point is 00:39:05 faster while delivering a seamless experience for your customers. So you can create, review, approve, and execute. your contracts easily in one place while prioritizing tasks and integrating with the tools your team already knows and loves. Link Squares is where all your legal needs come full circle. Start streamlining your contract management process today and make life for those in-house legal people so much easier with just a few clicks. Learn more at linksquares.com slash twist. That's linksquares.com slash twist to start streamlining your contract management process today. And if you're not doing your contracts right, it's going to cause all kinds of downstream
Starting point is 00:39:45 problems. Do it right, link squares.com slash twist. Back to the SEC. The SEC has put out a mandate that they must report in four days. Oh. Which I think, yeah. So I think that puts the pressure on a lot of organizations because you really don't want to report. You are breached if you haven't fixed it. Talk to me about this. tension of the people who are responsible for reporting it are also responsible for causing the problem in some case or not defending against it.
Starting point is 00:40:20 How does that tension get resolved in the industry? Are there groups of people who are responsible reporting and then groups of people responsible for defending and they don't talk to each other? So if something blows up, they're not covering stuff up. What's the best practice there? I'm curious. Look, this rule is about two weeks old. I think what the SEC has put a gun to the head of boards and management.
Starting point is 00:40:44 It's like, I don't care, CEO, CFO, you are not following the rules if you haven't reported this. I think that that's like no longer a debate because I think it's pretty clear to most organizations when they've been breached that they've been breached. This is not, it doesn't happen on the slide. You don't get an email saying we've locked down 10,000 your desktops. You have ransomware attack going on. You owe us millions of dollars. You know what that happens. and you know how to count four days from there.
Starting point is 00:41:10 So I think the reporting is not the issue. I think the bigger challenge is most CEOs, most boards don't know how long does it take for them to reliably block, stop, clean out a cybersecurity event. So I think there's going to be a lot more pressure and focus and trying to get that done sooner than later, which is good for all of it. It's such an after though security, right?
Starting point is 00:41:30 People worry about it after they've been compromised, not before. And so they're reactive. So generally, the whole. ecosystem has to get an education from boards on down. And take it more seriously? Yes. And that's where I said, you know, five years ago when I joined Palo Alto, we were an $18 billion company.
Starting point is 00:41:49 We were in one swim lane. Today, like you said, we're now a $70 plus billion dollar company. We play in three swim lanes. And our big underpinning and our big pivot five years ago was to focus on collecting good data across the enterprise and applying AI. So at any point in time, we have about a thousand plus machine learning models that run underlying our AI product to solve the problem.
Starting point is 00:42:10 And I think we're going to talk about AI, but we did a big analyst here on Friday, and we tried to distinguish or try to figure out if this term will hold. I call it precision AI versus generative AI. So if you're in your Tesla, you don't want it to hallucinate. I thought that was a good turn.
Starting point is 00:42:30 That's kind of like lifetime anyway. I'm on somebody's lawn. I'm on Zucks lawn. That's right. If you're lucky. Yeah. You're probably plenty of room
Starting point is 00:42:37 to slow down. You're wrapped around a wrap around electricity pole is a bigger problem than Zucks long. But for sure. That's notwithstanding.
Starting point is 00:42:44 So even in security, you need precision AI. I need to be able to block an attack. I need to know it's a real attack. I can't start blocking legitimate things in enterprise while hell will break loose.
Starting point is 00:42:52 So there's this notion of precision AI where you cannot afford to be wrong. Then there's this notion of generative AI where there are many right answers or many possible answers. I don't have a right.
Starting point is 00:43:03 Like, you know, show me a blue. a blue bird on a black background. Well, there's probably 200 different variants from grade to horrible, which are all perfectly legitimate answers. Yes. Our business is a business of precision AI. It's not a business of generative AI.
Starting point is 00:43:17 Is precision AI possible today? Because generative AI, like you're saying, I ask it for five ideas for a blog post. Three of them are terrible. Two are pretty good. Then I ask it to take those two, refine them, give me some bullet points, give me some sections. And then I polish the last.
Starting point is 00:43:34 20% and oh, wow, I got two great blog posts out for my corporate blog in 10% of the time. Okay, great, that was a fine process. That's not the process of precision AI. It's not the process of making a left turn or a right turn into an intersection nor is it blocking. It's great. So is precision AI here?
Starting point is 00:43:50 And I guess that's very verticalized, right? You have to narrow the scope in order to get to precision AI. Well, yes. I mean, look, at the end of the day, the precision AI, as you rightfully articulate, like, it boils down to first and foremost owning data collection and and making sure first-party data belongs to you.
Starting point is 00:44:08 Elon's not going to rely on you and me sending him a data feed. Here's the data feed for all the traffic information that you can have like, no, I'm going to have every car that's out there, assess it every second, and go to feed into large AI system, process it locally, and give it the response time that it needs so that you can sit there and feel safe. So, yeah, it'll be there, but it'll be very domain-specific. You'll have to own the first-party data. You'll have to have full control.
Starting point is 00:44:31 You'll have to make sure the models run the way you want them to run, and you're going to determine it every second, and you probably have guardrails and safeguards against actions that are taken post-precision AI, and they'll get very, very, very specific. Like, I'm pretty sure everything that Tesla does, all the gig petabytes of data they're collecting is focused on one thing,
Starting point is 00:44:48 is one thing called driving experience. Similarly for us, we're collecting 75 terabytes in our own, in our own instance at Palo Alto. We connect four petabytes a day across our customers, and we only focus on finding the anomalies to stop bad things from happen. So precisionary will come. Yeah, it's exactly how Tesla does it.
Starting point is 00:45:07 Like now if your Tesla disengages, it asks you, describe what just happened. So as a tester in FSD, full self-driving, you hold the button and you say, oh, you know, a bicycle went across the middle of the road. And then that is what, you know, they don't need people on the 280 driving perfectly. They need the instances where something weird happened. And that's by definition what you're doing, right? Yeah. But I think on the flip side, I think, you know, what we've been seeing, in the last one year with Open AI and this whole
Starting point is 00:45:36 generative AI, I think, I think this is going to be huge. This is going to be so big. It's going to transform how we do technology. Okay, so this is going to open up a big can of worms here, and I think this is the next jump-off point. I wanted to get into the 17 acquisitions and ask you how you did those, but we'll put that on the side for now, because this is, I think, a more important discussion,
Starting point is 00:45:53 which is this technology has captured people's consciousness for about a year. You've been out of for years. You've been out of for years. You've been out of for decades. It's obviously ready for prime time. And so when you look at running your organization, what are the gains like inside of the organization right now? And then what does this do for the core business that you have?
Starting point is 00:46:15 Because when you were talking about data, this to me seems like the greatest moat ever. Yes. Tesla has two million cars, I think, on the road that have the cameras in it. You can't buy a car without full self-driving on it. You can turn it on or off if you want to pay the $12,000 or whatever it is. but they have that data, I think even in the cars that are not on and they have the right to pull that data, you have all this data from where your customers collected. This becomes a compounding moat and advantage over time, does it not?
Starting point is 00:46:44 So let's separate. I think the data, just the case of Tesla and for us, is a precision AI opportunity. I think you cannot do precision AI if you don't control first-party data access, right? So the fact that he's got millions of cars, which are collecting the data the right way, it's not something you can replicate just because if you're GM or Ford. You don't have the data collection going on. You have the cars in the road.
Starting point is 00:47:04 Similarly, we have 62,000 customers with firewalls who have been analyzing their data for the last 17 years, and obviously in the last four years more so, we have customers with 14 million plus endpoints on various different technologies. So we're collecting first-party data and delivering AI outcomes. That's on the precision AI side,
Starting point is 00:47:21 and I think that's hard to beat if you haven't been doing it, if you haven't been collecting data. Many of our competitors haven't. I'd say there's probably, four out of 3,000 who have tons of data and cybersecurity
Starting point is 00:47:34 and that's going to be a sort of a race between those four and we think was still the largest and the most comprehensive route to them. So that's one side. I think that Generative AI side is a whole different followbacks. I think there's two if you abstracted, the two best things that Generative AI does for you is one, it is
Starting point is 00:47:51 phenomenal summarization. So take my last employer, right? If you did it search for what's the best restaurant in San Francisco, It'll give you 10 links, if you're lucky, maybe 20. Now it's your job to read through those 20 links to find out. And Parsons said, how many times did I see a reference to A, B, or C? And you could have mentally say, oh, okay, it looks like A is the right answer. Now, what opening eyes doing is reading all those 20 and saying,
Starting point is 00:48:15 based on everything I read, statistically, I think this one is the most mentioned, hence, it must be number one because it's associated with the word number one everywhere. So it's providing you phenomenal summarization capabilities. And two, it is based on all this training, able to talk to you in natural language. I think those are the two most interesting things that it does, if you abstract it. If you take that and say, what does that mean for me in my organization? One, there are many use cases in my organization where there are lots of documents where we don't have good summarization and good sort of answer extraction out. I could save hundreds of millions of dollars in every enterprise if I figured that out.
Starting point is 00:48:53 every it requires, like you said, requires us to do that Tesla thing, FSD thing, you know, click here and tell me what happened. I get 300,000 plus customer issues here. If every issue was recorded,
Starting point is 00:49:06 I'd figure out how the solution was created for that customer. Anytime those things reappear, I can fix that using some sort of generative via LLM under pinning that stuff. So that's kind of like logical. We'll see that explode across every enterprise in the world. I mean, incredible.
Starting point is 00:49:21 I mean, customer support. It's already happening. That's the perfect data set, customer support reps. And there's tons of enterprise use cases where this is going to be sort of brute force perspiration work where data cleaning will be required. You'll get efficiencies. I think the more profound impact is going to happen on product development. Now, if you think about product development, yes.
Starting point is 00:49:44 If you think about product development, we have spent our life and technology doing phenomenally good engineering work. Then we have these guys called product managers. What do they do? They take all that wonderful engineering work and say, how do I make it easier for the customer to consume? Let's design a UI for this. Yeah.
Starting point is 00:50:01 Right? Take the travel booking example. I'm pretty sure all of us are trained. We can go to any travel site. We know you want one-way round trip. You want to have multi-stop, single-stop. You want economy first, business. And you have to fill about 10 boxes and out pops a set of options for you to buy a ticket.
Starting point is 00:50:19 We're all trained now. We have been trained to interact. in doing those searches. Yes, but some product manager actually designed that UI. That was their job. They took engineering backend, built UI on front, and allowed us to interface. It's like learning a new language.
Starting point is 00:50:35 All of us can, all of us can envisage a scenario which says, find me a quick, inexpensive ticket from here to New York. I want to go this evening. I'll be back, you know, day after, and make sure it doesn't cost me more than $1,000. I can say that phrase. You can all imagine a generative AI LLM looking at through all the options and popping it out and saying, here, here's three options. Right.
Starting point is 00:50:57 And you say two. Yes. And it books it. So what did I do? What did I do? I just eliminated UI. Yeah. The UI chat window.
Starting point is 00:51:07 Yeah. But if you take that and abstract that to the hundreds of thousands of companies and apps that are out there, I think 50% UI vanishes in the next five to 10 years. Incredible. talking to a computer was like going to happen, Star Trek, etc. We were just going to talk to a computer and then the task would be accomplished. And then actually we're just on the cusp of that happening. But if you think about it, you know, people say, well, I don't know. So I say, well, when I worked at Google, there was this thing called a web page.
Starting point is 00:51:36 We used to all interact with the web page. This thing showed up called mobile. Right. And people are, oh, yeah, guess what? We're going to have to have a mobile presence. And I'll tell you, the first wave of mobile presence for most web-oriented companies was a diminished user experience. You couldn't do everything on the mobile phone that you could do on the web page. That was your primary interface. Then you saw this wave of companies called WhatsApp, Uber,
Starting point is 00:51:59 DoorDash. All these things are mobile only. There is no web interface. So I'm telling you in five to 10 years, we're going to have AI, generally AI, only UI with no mobile or web interface. If that could happen on mobile, it's going to happen with this. And that's going to be very interesting to watch how many companies get sort of obliterated. or possibly refactored because either all or half your UI has vanished. Yeah, I mean, I am an expert at finding restaurants, and I use Eater, and I use Yelp, and Google Local, and I was explaining to somebody how I find incredible places in Tokyo, and that I put them on on Google Map, and then I share them with friends, and they lose their minds, because I've done all
Starting point is 00:52:40 the work. And AI is clearly going to take that little proud process that I have of finding whatever the hip new places in Tokyo. are from a bunch of bookmarks and it's just going to be totally abstracted. Now, if you have a good data set like you're saying, then you could still be the winner or if you have the network. So it'd be quite nice to just take your watch out and ask for an Uber and it just knows where you are. It knows what your preconditions are and it just works. But right now, I wouldn't trust. I think Uber, you can do that. I think you can order
Starting point is 00:53:10 an Uber through Siri. I just don't trust it to do that. Yeah. Well, that's going to be a whole different debate. You said something very interesting in what you said. Like, you know, I'll do the jumping off point. You can tell me the answer. You said you can tell Siri to order an Uber. So is it going to be the Siri chatbot or the Uber chat part you're going to talk to? I have a feeling it's going to be the Uber one. I think it's going to have more knowledge.
Starting point is 00:53:34 Siri sucks. The question then becomes, are you going to talk to 40 chatputs? Wow. I mean, I think you're going to have to have a comp, maybe. Maybe they're, yeah, that's a really great question. You could have a DoorDash chatbot and Instagram. chatbot or Uber chatbot, a booking chatbot, a kayak chatbot, or pick your favorite. I think they're all being built right now.
Starting point is 00:53:55 And the four seasons chatbot because they'll want their own. So now you're basically taking the apps and exploded that into a series of chatbots. Yes. Right. Well, there could be a meta one. So I think Claude and some of these ones that people are building are supposed to be your chatbot that'll interface with the apps and the APIs that are out there. So the quote, we're going to have to have a whole new episode on that, Jason, because I don't know. I think this is a battle.
Starting point is 00:54:20 It's going to be a battle of APIs because it hasn't been done before. Today, most of your Spotify's, Instacard, DoorDash are not opening APIs for action. Because they know if they open an API for action, they've lost the customer interface. Yeah. I mean, that is the scariest thing to ever happen. I was talking to it somebody who owns hotels and he was just talking about the relationship with like the expedias of the world. Or Rupert Murdoch had this relationship with Steve Jobs where he's like, you can't subscribe to Wall Street Journal. I need the person's contact info.
Starting point is 00:54:50 And Steve Jobs told Murdoch, you don't need the contact info. And Murdoch looked at him and was like, yeah, I'm not putting my stuff on your iPad silliness if I don't get the person's name. And it's Steve's credit. He caved with, he caved with Rupert Murdoch and let him get the contact info. We'll be back there with the battle of chat boats. Yeah. And this is, I think, yeah, with the interfaces.
Starting point is 00:55:15 I see some people, like I think kayak and. Zillow made like little plug-ins already, but yeah, I don't think you want to abstract that similar. Let's take your Tokyo analogy, right? If you went to your favorite chat button, booked a ticket from next week to Tokyo,
Starting point is 00:55:33 somebody knows you're going to Tokyo next week. If your restaurant app knew that you're going to talk to you next week, it could recommend restaurants for you next week. But the question is who's going to have what data? Yeah, see, that's why I think the data provider wins. When you were saying it and you were like,
Starting point is 00:55:48 everybody has a chatbot. I'm like, there's a group of 30 people at Yelp right now building that chatbot. There are a group of 100 people at Amazon building that. Yeah. Yeah. And my view is that that's why, again, distribution becomes very interesting. If I am a phone, if I'm Apple, I still have some degree of influence on how all these things get shared with the customer, right?
Starting point is 00:56:11 Because there's got to be some semblance of control. There's got to be some control of data. in here because suddenly now you've got the same problem you had with, you know, five million apps taking your data and running away from a data privacy perspective. You've got five million chat boards. They're going to do worse things to it than the last set of app guys were doing. Interesting. If you think about it, right now, you can, when you talk to Siri, they built a plug into Spotify.
Starting point is 00:56:35 So you don't go to Apple Music. If you said you wanted to play a song, it would automatically go to Apple Music. Now you can tell it, hey, go to Spotify. And so I think that's going to be, it's very interesting that Apple could intercept all that information. They're going to just intercepted. I don't know
Starting point is 00:56:49 on a very microscopic way. I think I have some of a home automation app. And until about a few months
Starting point is 00:56:55 ago, it had I could play songs from Spotify and Sonos. Now it makes me go to those apps. It doesn't,
Starting point is 00:57:01 they've sort of restricted their API to take control back. It's going to be interesting to see what happens. It is if you
Starting point is 00:57:06 try to use Questron or savant, like many of us who have nice homes, they they come with this. It's the
Starting point is 00:57:14 worst interface on the planet. Yes. And then you're just rip it all out and you put in Sonas and Apple TV so you actually can use your products. Yes. It's where everybody eventually winds up.
Starting point is 00:57:24 Everybody I talked to is like, the savant remote control sits there, the $800 Savant Remote Control sits there, and then everybody immediately just picks up the Apple control and they're done. If it's only $800, you've got a great deal. Exactly. Having somebody come program, how to make your Netflix work is a really great experience at 400 an hour.
Starting point is 00:57:40 Let me ask you a question about your time at SoftBank. You got recruited to be, I guess, as I understood it, you tell me if I'm right or wrong, to be Mossa's right-hand man. And then eventually, maybe the era parent is, number one, was that reporting correct? And then number two, what was it like working with Masa? I know Mossa. I've had a couple meetings with him. He's kind of like a mad genius swing for the fences, Hail Mary throwing, visionary.
Starting point is 00:58:08 What was it like coming in there and experiencing Mossa at peak gamble? Like, Masa making peak bets. I mean, that must have been extraordinary. Yeah, so like, Masa and I, our sort of association began when he came to Google one day with a crazy idea saying, listen, I've been left at the altar. Yahoo and Microsoft have a deal to do this thing with Bing and Yahoo's getting out of the search business, but they kind of didn't focus in Japan. And I also have Yahoo, Japan, which uses the algorithm from Yahoo U.S. So would Google be willing to work with me on the algorithm in Japan? Like, wait a minute, how can that be possible?
Starting point is 00:58:49 And we're competing with each other in Japan. How do we do this? And to Ramosa's credit, and his crazy idea, he and I sat down and crafted away for us to have both be powered by Google Search, but to have separate ad auction so it would be not anti-competitive. So they have their own ad sales team. They had their own ad sales pricing. We had our own pricing. So the customer got good pricing and they got the best technology.
Starting point is 00:59:14 It was kind of unique because it was hard to construct. But we became friends then, and long thing led to another. He did come to the conclusion that he wanted to be to become his heir apparent when he turned 60. So he hired me when he was 58, and then, you know, he changes his mind at 60, and that's kind of, that's the story that's true. But in the meantime, those two years, I'll tell you, when I turned 40, I decided that from now and I'd look at people and see, what do they do something that I can't do? how can they do this in a way that I cannot do it and Massa has this amazing quality
Starting point is 00:59:46 where he's untainted What do they mean? Well, you know, we all get, look, from the time we're born we're constantly risk minimizing ourselves when our kids walk across the street we're like be careful, look left, look right when like, you know, don't do this and don't do that
Starting point is 01:00:03 what is happening? That's a constant process of risk minimization that happens you buy a house, you get married, your risk appetite continues to go down. Masa is a guy, I think, unique in his ability to have infinite capacity for risk. Every morning. Infinite capacity for risk. Wow.
Starting point is 01:00:20 Do I need to explain that? You look around it from an investor perspective. You watch what he does, and that explains it perfectly. Yeah. And the beautiful part is there is no reinforcement learning there. No. No. He's just going to keep doing it.
Starting point is 01:00:36 He'll end up on Zakslan every time. It doesn't matter. Yes. Yeah. He's going to swing for the fences. And you know what? It seems like it works out. It works out.
Starting point is 01:00:45 And I think the only thing, you know, when you do that, that's fine. But it kind of goes back to how you guys do investing. Like, you got to play in your weight class, right? If you're constantly investing a million dollars in a million companies, your math will work out. But he's starting doing one big one here and small ones here. The one big one can wipe you out and everywhere else, right? Yes. Risk of ruin is what we call that in gambling.
Starting point is 01:01:06 That's right. There we go. So I think that's where it may. may have gotten a little more complicated for him. But other than that, I think he's, he's got immense intellectual curiosity. He's got, at some level, he has immense humility. At some level, he has immense confidence.
Starting point is 01:01:23 And he has, as I said, an insatiable appetite for risk, and he works hard. So all those make for great ingredients. And sometimes, you know, I was, you know, the ying to his yang. Right. You could create some structure there, maybe some downside protection, thoughtfulness around how big is this bet? Does this bet need to be this big?
Starting point is 01:01:44 Yeah. There's an example out there on WeWork, which is written in the book, where I was not for investing in WeWorks multiple times, but then I left and he became a large investor in Reward. And what do you think his blind spot was there? I mean, all of us looked at it, including the early investors, like benchmark probably made more money than anybody off of WeWork because they sold their position. and maybe second only to Adam himself with his buyouts.
Starting point is 01:02:12 We all saw it and said, that is not a technology business. It's a real estate business. And what didn't he see? What was his blind spot there, you think? Look, Massa is, as I said, all those things, is also, and he falls in love with certain ideas and certain concepts. And, you know, he, and that also, that is where he gets his passion from, right?
Starting point is 01:02:36 he's an extremely passionate guy. He gets very excited about certain things. And he does a reasonably good analysis most often than not. And sometimes they work against it. So he can't pick anybody's one bad investment and go back and question him. At the end of the day, he's still made billions of dollars for himself and many other people out there. So I think the good swings come with the bad swings. Yeah.
Starting point is 01:02:59 I mean, there's a very famous phrase in China, no gamble, no future. And I think he's like, I think it's probably his operating system. I'm staying away from the word gamble because I know you guys like your poker, but, you know, I think Amasa's an investment. Placing bets. I mean, you are placing bets in venture is the nature. What did you take away from that?
Starting point is 01:03:21 What did you take away from the time there? Like that added to your game and then what did you sort of file away as, yeah, this is something I don't need to add to my game. Look, I think the risk appetite, the lack of the, the, the, the, the, the, the, the, then don't become complacent, constantly be looking at seeing what's around the next corner, this desire to constantly learn.
Starting point is 01:03:43 All these things are things I saw Massa do, and they have helped me at Palo Alto. Like, you know, we are constantly paranoid. We're constantly out there trying to figure out what's around the next corner. We're constantly looking at what's the next technology event that's happening in the industry. We talked about generative AI. I was on a plane to India.
Starting point is 01:04:00 When opening I came out, I logged in, I was supposed to make a graduation speech at my alma mater, which I did. I rewrote my entire speech on how this is going to be the next big thing that's going to happen and I literally called
Starting point is 01:04:12 the iPhone moment there. I think Jensen said the same thing, possibly a few hours or a few days later or the same time. I don't know. I've embraced it. We have hundreds of people
Starting point is 01:04:21 of Pall Alto working hard towards making that a reality. Now, if I haven't learned the lesson that you've got to embrace these technology trends as quickly as you can because these become inflection points. Those inflection points
Starting point is 01:04:32 allow you to distance yourself from competition. So you got to grab them and run with them as a lot as you can't. Yeah, and this is something Microsoft didn't do when it came to mobile, right? They just totally missed it. They whiffed and...
Starting point is 01:04:44 Zuck did it. Facebook did a phenomenal. I think Facebook was on the best bivots from the web world to the mobile world, and most people, even better than Google, I think. And he was a couple,
Starting point is 01:04:55 he stumbled a couple of times, right? The app didn't come out perfect and they built it with React. They had to take two or three swings at that bad. And then he realized it, and he's like, you know what, I'm buying Instagram,
Starting point is 01:05:04 what's that because this is the future. I mean, yeah. Let's close on M&A. You bought 17 companies. Yeah. What did you learn about M&A, proper way to do it,
Starting point is 01:05:13 and how to integrate those crazy pirates into a ship of 14,000 people. And let's be honest, people who are attracted to working at a big company are slightly different than the people who start companies. So how do you bring in 17 founders, probably more, because there might be two at each one of them? How do you bring in those founders?
Starting point is 01:05:31 And then you've got this executive team here that's cranking on this. aircraft carrier and now you got all these speed boats whipping around doing donuts and these are two different cultures yeah and how do you integrate it? So I think first and foremost
Starting point is 01:05:45 I think most people get M&A slightly wrong we have some principles one, the other was look for the best in the field I think number two and number three trade at a price for a reason so you always try and buy number one or two because the markets get really small after the first two or three players in enterprise
Starting point is 01:06:02 it's like just there's a long tail you want to be one or two so you always buy and you pay for what you buy so one we did that two I always tell my team they kicked our ass by having less resources working 80 hours a week
Starting point is 01:06:14 going to customers understanding the problem we were there at the customer we didn't understand the problem we didn't solve it so they will run that space for us we want so our people end up working for the founders
Starting point is 01:06:23 wow that's that's intense bro so we give them our people and our resources and we double down. So we didn't get it done. They did. We admit that they got it done and now they're in charge. They're now, yeah, they're not a shock call.
Starting point is 01:06:42 70% of my product organization is run by acquired founders, not by existing by lots of people. Well, that's a way to change the culture real quick, yeah. So that's the second rule. The third rule is, once we make a deal, we spend the time between term sheet and due diligence and DA on having a joint product and resource plan. I don't do, my lawyers do the diligence. I do the product and diligence plan. And I say, before you sign the definite agreement, this is what's going to happen. This is my house.
Starting point is 01:07:11 I'm going to decide what color I painted. But you see right here, it says yellow hair, blue hair, green here, you sit in this box. He sits in that box. He sits in that box. If you don't have agreement, we don't have a due deal. Right. So there's no surprises after the deal is closed. They know exactly what's going to get built, how it's going to get built, who's going to do what.
Starting point is 01:07:30 So we saw all of that beforehand. We know exactly what we're going to inherit, who's not going to work in the job. We map every individual to what's going to happen. Because with our first one, we realized it takes three months, once people have all the money, and people fight for a position, fight for role, fight for a strategy. We solve all of that way ahead of that. That is so brilliant.
Starting point is 01:07:48 You know, when I got acquired by AOL and John Miller bought the company, he said to me, what's important to you or whatever, and Jim Bankoff, and I said, well, we have this earn out. I got to keep my sales team because that's one of my things I'm good at. I'm good at sales. and I know what the customers want for blogs and for this kind of content. And he's like, well, we've got a really big sales team.
Starting point is 01:08:06 And I was like, yeah, I want to keep the sales team for as long as I haven't earned out. And then if you take the sales team away for me, the other big sales team can sell into it, but my guys still get the commission for processing it. So we pay double commission. And if Jim Back goes credit, they respected that. And I think that's what made the easy transaction for me as a founder
Starting point is 01:08:24 because you have founder regret. After you start your company, that founder regret's real. Yeah, Jason, I don't do earnouts. I don't do misaligned incentives, objectives. I align them. They all get model auto stock and they have only one incentive, double, triple the parlorato stock. We'll all make money. See, that's much better.
Starting point is 01:08:41 You don't get, and we pay up. It's fine. They always have a private company at the time, so they had to, you know, come up with a different incentive structure. But I like the approach because you do have this founder regret moment. Yeah. Yeah. And that could kill the company, kill the deal. All right.
Starting point is 01:08:57 Listen, this has been an amazing episode. of this week in startups. Thanks so much for coming on the program, Nakash. It's amazing. Will you come on again in a year and just catch us up on how this AI thing worked out? We booked you for one year from now? Sounds like a plan. I look forward to it.
Starting point is 01:09:13 All right. We'll see you all next time on this week in startups. Bye-bye.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.