“Unconventional Journeys in Tech” —  Girl Geek X Elevate (Video + Transcript)

Panelists:
Shanea Leven / Director of Product / Cloudflare
Farnaz Ronaghi / CTO & Co-Founder / NovoEd
Rosie Sennett / Staff Sales Engineer / Splunk
Angie Chang / CEO & Founder / Girl Geek X

Transcript:

Angie Chang: Great. Well, we’re all here. Welcome back to Girl Geek X, Elevate. This is our afternoon session. We will be talking about our unconventional journeys in tech, since it seems like that seems to be more common than people realize. The diverse pathways we have found to our jobs, that we get lots of people coming up to us, and saying, “Wow, you’re doing a really good job. That’s a successful career.” We’re like, “Oh, okay.” And people are like, “How did you get there?” So, hopefully, we’ll be able to share some of these stories, and I’m gonna ask each of our panelists to talk about themselves and share their backgrounds and their journeys and tell us their personal stories.

Shanea Leven: Sure, I’d love to start. Hi, everybody. I feel like I’m echoing.

Angie Chang: I think you sound fine.

Shanea Leven: Okay. Okay, cool. Hi. I’m Shanea, I started actually, my career, as an analyst and I was really interested in getting into tech. I actually started a digital marketing agency, way back when. That worked really, really well. I taught myself to code, for a number of years. The thing about myself, is that after starting, doing the entrepreneur thing, I wanted to get into tech in Silicon Valley, and so I ended up taking a job at Google, as a Program Manager.

Shanea Leven: Along the way, I really wanted to get into Product Management, except that the prerequisite at this time was that you needed a computer science degree. For myself, having gone on a ton of journeys trying to figure out how to navigate the tech space, one of the big questions was, am I technical enough? Do I have enough technical skill?

Shanea Leven: In order to get that product management job, I had a few options in front of me, which was to either go to a bootcamp, trying to gain additional technical skill, or get a computer science degree, or possibly get a technical Masters degree, which I know a lot of people face. For me, I ended up going back to school to get a Computer Science Bachelor’s Degree, while working full time at Google.

Shanea Leven: After, I became a Product Manager. I proved myself to gain that technical skill. I went on to work at Ebay, as a Senior Product Manager. I went on to work as Head of Product, at a startup, and now I’m a Director of Product at Cloudflare.

Angie Chang: Awesome. Farnaz, I think you have kind of the opposite story, where you started with the CS degree, you want to share a little about your journey?

Farnaz Ronaghi: Yes, of course. Hello, everyone. Yes, I come from a very traditional computer science background, but I did not start by choosing computer science as a major. They way education works in Iran is that for free. I’m from Iran, from Tehran, education is for free. However, we go through a very detailed, competitive University entrance exam. I was an A+ student, and I was very arrogant. I picked my top major to be double E, and I told everyone else, “I don’t need to pick more, that’s it.”

Farnaz Ronaghi: That was the paper I submitted. But my Mom, out of just being so kind, and out of love, filled out a few more degrees for me, a few more preferences. Her preference, her first preference for me was computer engineering. So that is how I ended up in computer engineering. Yes, I had that training, I had that Bachelor’s degree. However, the training did not make me a software engineer. It did not make me fall in love with writing code, and it did not make me confident that I am gonna be someone who will stay in tech.

Farnaz Ronaghi: But that happened, I came to the US for a graduate degree, and started a company. I learned through fire, by just being on the job, and doing it myself.

Angie Chang: Rosie, why don’t you share your story? I think you are definitely someone who has picked up things along the way, and has a very scrappy attitude to learning.

Rosie Sennett: Yeah. I was a Theater major, a technical theater major and I actually started out building props and costumes on Broadway, and then I kind of got distracted by coding–this is gonna show my age–coding macros in WordPerfect when it was green screen and it caught me.

Rosie Sennett: So, one day, I opened up the New York Times, and there it said, “Seven months. Learn to be a programmer.” So I signed up at Baruch College, and learned COBOL, and assembler language, and I got my first job at Information Builders in New York, answering the phones in technical support. In fact, I answered the phone so often like that, I would do that at home.

Rosie Sennett: “Information Builders, technical support. How can I help you?” I climbed that support ladder, and while I was doing that, the internet was born. So, I taught myself how to make webpages and marketing noticed that I was kind of messing with the website, and they decided I should be over there, and I discovered what marketing was, and what sales was, technical sales, and ended up as a Sales Engineer. I was there for 13 years and then I decided to go back to entertainment.

Rosie Sennett: I went back to entertainment, and I went west, and stayed and did some film stuff for a while. Now, I decided it was time for insurance and a paycheck again. Floated my way back in, and the last six years, I’ve been at Splunk, happy as a clam, doing sales engineering.

Angie Chang: Quick question. I think Sales Engineer almost feels like an insider term in Silicon Valley. Can you explain a little, for some people who may not be so aware, what is sales engineering?

Rosie Sennett: Sure. A sales engineer is the technical person on the sales team. So, sales engineers are the jack of all trades, the technical person who gets to do…. Our technical knowledge is super, super wide and deep, and the last bit that we concentrated on with the last customer. So, you know the products of the company, usually a vendor, that you work with, and then other stuff that you adapt.

Rosie Sennett: So, we’re the most technical really, that there is, ’cause you have to know a little bit about everything, and be able to present, and talk, and interface, and translate for the sales people.

Angie Chang: Cool, cool. What drives you forward in your career over the years? Like, what has kept you … I don’t want to say leaning in, but like, engaged to pull the levers, to figure out where to go in your career.

Rosie Sennett: I would like to say it was determination and a laser-like attention span. But actually, it was sort of distraction and curiosity, honestly. Now, in my sort of elder years, I have some very clear direction, I think. I’m actually really inspired by the young women coming in, and I’m really inspired by all the amazing stuff that’s happening at Splunk. I really landed in the most amazing place. Very lucky and feel really privileged to be working with the people I’m working with, and working in the programs that we’re doing at Splunk. Hiring like crazy, by the way, so come take a look at all the stuff, and apply.

Rosie Sennett: But yeah, I mean, right now, mentoring and being mentored by my mentees. The most amazing thing. No direction until I found direction, by watching all the amazing people who are now coming into the industry, honestly.

Angie Chang: Shanea, what has driven you in your career, and your product?

Shanea Leven: Yeah. So, a few things has driven me. I think from my perspective, I love building products. I like being able to have a lot of ideas all the time, about almost everything. I’ve found that product management is a really great medium for me, personally, between being an entrepreneur and working at a company.

Shanea Leven: I still get a lot of those same feelings that I got when I was an entrepreneur, with a lot less risk. Another thing that drives me is that, at this point in my career, I feel this personal responsibility to help the folks coming up behind, like, the generation that’s in right now. Some of us have to take a stand and stay and push through, so that we can make change for everybody else. So, hopefully our daughters won’t struggle with some of the things that we struggled through. That’s incredibly motivating to me.

Angie Chang: Farnaz, how about you, what do you think has been really driving your career forward, and the challenges? I know once, on the prep call you mentioned motherhood as something that has really changed the way you look at your career and managing your career and life.

Farnaz Ronaghi: Yeah. Well, and moving forward, when I started writing code on my own, the joy of creation was what was pushing me forward. But it was getting a little bit crazy. I was becoming, not becoming, I was the engineer who was taking six shots of espresso per day, and is coding 7 AM to like, 2 AM, and only sleeps five hours, just doing that all the time.

Farnaz Ronaghi: But then, motherhood, yes, it happened and while I was pregnant, I used to talk to my team and say, “Well, it’s no different. It’s just a baby. We will deliver it, and move on to becoming the same person.” Just like that. But when baby arrived, I actually learned that time is limited, there are other priorities in life, and I started prioritizing my work better.

Farnaz Ronaghi: The impact was actually surprising. It helped me make better decisions, because then I was always writing code, or working on something. I always thought time is infinite. So, there is a lot of time to get back to things, or to not close the loop on something. Or to not discuss it for today, leave it for tomorrow.

Farnaz Ronaghi: When baby arrived, I had to be more on point, and I had to make harder decisions to pick one way versus another and to be actually more deliberate about what I learned, what I spent time on, what technology I explore, and what I don’t. It has been helpful in that way to give me depths in technologies that I need to have depth in and leave alone parts of the stack that are not necessarily in my expertise.

Angie Chang: Cool. I also have a question for the panel, which is, what is a challenge you’ve faced, and how did you fix that? Rosie?

Rosie Sennett: Do I look the most perplexed? What was a challenge I faced? That’s a long road.

Angie Chang: Okay, I have another way to put it. How have you learned from a career mistake that you thought was a mistake that has turned out to not be a mistake? I think one thing we hear a lot at Girl Geek dinners is, “How do I know I’m going on the right direction?”

Rosie Sennett: Mm-hmm (affirmative).

Angie Chang: Or Shanea, do you have-

Shanea Leven: Yeah. I fail all the time. I had this conversation recently, every time I start a new job, or every time I start a new thing, it always seems like right at the beginning, there’s always a setback. Always. It came up in conversation, because like, “Is it just me?” Am I constantly getting setbacks right when I feel like I’m taking two steps forward? I don’t think that that’s the case.

Shanea Leven: I had a couple of really big failures, at least I’ve categorized them in my mind as big failures. I took the risk, but ended up, after seeing it through, I kind of failed up and that’s perfectly fine. It’s okay to switch, it’s okay to change direction, it’s okay to move forward. Sometimes you don’t know until you try and completely failed.

Shanea Leven: When I was actually getting my CS degree, I tell this story a lot, which is, I basically cried almost every night. It was challenging. It was one of the hardest things that I’ve ever had to do. It challenged my identity to my core, and I couldn’t be happier that I did it. Every day it felt like the worst struggle ever. But it made me better.

Farnaz Ronaghi: Actually, to build up on that point, knowing what is gonna work and what isn’t gonna work is impossible. We never do. We have patterns that we have seen in life, we have interests and excitements. So, we just go with that, and we push and push and push. There may be a time that we realize, “Okay, this cause is not a cause that is worth pushing,” and sometimes we push and we push, you know, what essentially makes you stronger. You come out, out of fire, feeling like you are unbreakable, because you just did that.

Farnaz Ronaghi: Guess what? Just a few months after, something happens that feels like the worst event of your life, and if we don’t let ourselves feel that we have failed, if we don’t feel ourselves burned and emotionally challenged by something, we will never learn. We will never have any opportunities to grow, because we are always staying in our own comfort zone.

Farnaz Ronaghi: When it comes to computer engineering, and writing code, it’s just everywhere. It’s a very male dominated industry, and as a result of that, in many places, the culture may not be as positive as some of us like it to be. Or, it may not be the culture that we are used to engage with and that by itself used to be a big emotional burden on me. “If I don’t belong here, why am I pushing?” But at the same time, when you push, when you show up, you change the ones around you, and you actually find your own people. Not everyone is the same. You’ll find a group of people who are like you, and you work, and you have fun.

Shanea Leven: Mm-hmm (affirmative).

Angie Chang: That’s a good point.

Rosie Sennett: I saw not too long ago, a cartoon that had two pie charts. One was completely red, you know, a circle, and it is said, “Life ending disaster that it felt like,” another pie chart was a little slice, it said, “Actual problem,” and the white thing, it said, “The thing I will learn from.”

Rosie Sennett: I discovered in my 30s that I have ADD and what that manifests as is a bunch of blockers, things that will stop you from being able to complete tasks, or keep your attention in places. It’s considered a neuro-divergence, right? It’s things that require methodologies to complete tasks that other folks just do. Paying bills, getting through an exam focused, practicing piano. For me, I don’t necessarily look at things as failures, because hitting walls, or for a long time, getting really crappy grades, for me, was like, “Mm-hmm (affirmative), okay,” and I got used to it.

Rosie Sennett: I would think, “Okay, well, I have to figure out a way around this.” More than having something be a failure, it was like, “Okay, that’s what that is. Now I need a way around something.” Or it was a lesson learned that I hadn’t realized before. Sometimes it was a hurdle I didn’t notice was there, and I went … stumbled over. Having recognized that hurdle, once I knew what was going on, I would then find a way over it, the next time. Right? By like, putting a lot of pillows, you know, and padding it.

Angie Chang: That’s a great way to look at hurdles and failures as ways to tell, this is an opportunity to try something new and figure out a new pathway to what you want. I’m wondering, what is advice you would give your younger self? Like, any resources, or something you would have done differently? A way that you looked at your careers?

Rosie Sennett: Listen to your elders. You can learn from them. Yes. That is good advice.

Shanea Leven: I think one of the things that has really hit home for me in recent years is, “Dare boldly. Take bold steps,” and they are scary. It’s really, really scary to put yourself out there, but ask really bold questions and do bold things, because you can completely surprise yourself.

Angie Chang: Do you have any examples for that?

Shanea Leven: Yeah. A lot of times in tech, we get beaten down a little bit, right? I was just leaving Google, and I was convinced that I could not do product management. So, I decided to go on a confidence kick. I was like, “I’m gonna get my confidence back.” I used to be a very confident person. What happened?

Shanea Leven: One of the things that I read, in, I think, The Confidence Code, was asking bold questions. I went to a product management meetup with all of the female VPs of Facebook, and I stood up, announced like, “How are you guys helping,” I didn’t get into Facebook at the time, but, “how are you guys helping move Facebook forward, because if you guys couldn’t get through the process when you interviewed,” which is what they all talked about, “how are anyone else supposed to get through, today? Like, what are the steps that you’re actually taking?”

Shanea Leven: Before I did that, I had to stop myself, because I think I blacked out a little bit, I was so nervous. But absolutely, it was a starting point for getting my hand raised, getting a good question answered. It started a really great discussion. And then, after, I took another bold step, and I basically just walked up to Deb Liu, and said, “Can I interview for you, again?” And she said yes.

Shanea Leven: I went through the interview process and didn’t decide to go to Facebook, but that step of just asking her for, in front of hundreds of other people, and getting a yes, was my first big step into that, and to this day, I continue to kind of live by that. ‘Cause you never know what the other person’s gonna say, unless you ask.

Angie Chang: That was a terrific point. Is there more-

Rosie Sennett: What’s the worst that could happen? Right?

Shanea Leven: Yeah, yeah. Exactly.

Angie Chang: Does anyone have a story of the time they asked for more? I know this was kind of a theme through the day, we had some people-

Rosie Sennett: That was really cool. That was great, when Leyla that was talking about that. That was amazing. [crosstalk 00:23:08]

Angie Chang: I’m wondering if there’s a specific advice–

Shanea Leven: I ask for more all the time. I actually had a conversation with another fellow woman in product management this afternoon. When I started, I made a certain amount at Google, and I didn’t know, I had no idea what the context was for asking for more, and asking for my worth. I started working there a little bit, and I realized, I’m like, “I think I’m underpaid.”

Shanea Leven: I vowed that I would never ever do that again, because I felt like I had missed my opportunity. In my next role, and the next time that I was able to negotiate for salary, I asked for a lot more, and I got it. The next time, I asked for a lot more than that, and I got that. Because again, taking bold questions and just asking the right question and being prepared, you never, ever, ever know.

Shanea Leven: Sometimes, you ask bold questions, and bad stuff happens. But it’s again, what is, all of the things can be fixed with proper communication. All of the things, if you’re able to kind of dare to, you know, put yourself out there. Then things can be mitigated and things can be fixed. But yeah, and also, as a PM, it’s kind of a skill to keep asking for more, and more, and more, and more all the time.

Angie Chang: It’s a great work skill, definitely.

Rosie Sennett: Yeah, it’s true.

Shanea Leven: Yeah.

Angie Chang: I am curious more, it seems like, there’s different types of people that we meet, that attend Girl Geek X events, some of them are new grads, some of them are doing the mid-career bootcamp career change. Some of them are moms coming back. Is there specific advice, or is it the same advice you’d give them on how to come into tech, or like, people always ask us, “How do I get into tech?”

Angie Chang: It seems like, to me, tech has changed in how people view it over the last decade or two. It’s become a lot more intimidating. Have things really changed that much, and is there any advice you would give to people who are looking to change their job title, or come into a new role?

Rosie Sennett: I did not have a standard background, as we said, in a time when you needed one. I was a total unicorn, and it was spoken of lots of times. The guy who hired me held on to my letter and my resume, and walked around, ’cause he was a character, and if I could do that then … you know. In fact, I gave talks about it at the school I went to, ’cause it was weird, that I actually made it through, to them.

Rosie Sennett: Now, it’s not so weird. If it’s of interest to you, and I said this to lots and lots of women at Lesbians Who Tech, who came up to us last weekend, asking the same question. You know, “But I do this, can I do that?” You will not know, unless you boldly go forward, as Shanea said. You’ve gotta just push through. I mean, we live in a world now, where you can actually just teach yourself stuff, and teach yourself enough stuff to boldly say, “I know how to do this,” and as we learned today, it’s just women who think they need to know all of it, in order to say, “I know how to do that.” Yes, you can do that, by just saying, I know how to do that. Right?

Shanea Leven: Yeah.

Rosie Sennett: And then eventually, you will know how to do that.

Angie Chang: Anyone else have advice for any of these Girl Geek X community people?

Shanea Leven: I think that some advice is, if this is the goal, and you really want this goal, just be mentally prepared that there are probably gonna be some challenges. If I could go back, I would try to have a support system for not doing it on your own, and asking for help when you need it. I read in the book, really recently, Dare to Lead, by Brené Brown, to have like, written on a card, what actually really matters to you? Whose opinion about you actually matters? Because you might get a lot of things …

Shanea Leven: I switched careers several times, and I was doing product management work before I had the title of product manager, and it took me eight months to find a role as product manager, even though I was already doing the job. That one simple, tiny little thing was enough, that no one wanted to take a risk. I’ve heard that it could take a long time to get what you want. Or, being able to test, get data back and user test like, how you craft the story of your transitioning in. Just be patient with yourself and have the support system to vent if you need to, or test some things out, or role play, or just taking those baby steps.

Shanea Leven: But don’t compromise what your goal is, which is why the first part of it, this is your goal, stick to it. A lot of people sometimes think that it’s good to kind of weave around, and “I’m gonna take this job, ’cause it’ll lead to this job,” and sometimes it’s just better to just be a little bit patient and just get the job that you want. I learned that, where a lot of folks said, “Oh, you’re transitioning into product management, you should go take a step backwards and be a junior product manager, because you’ve actually never had the title.” I was like, “Absolutely not, I’m not gonna do that. That’s crazy.”

Shanea Leven: Like, there’s no way that I’m gonna do that, because I’ve already been doing it. There’s something that I’m not articulating, this is not the right company, or something like that, where giving yourself the leeway to try things and then I went from Program Manager straight to Senior Product Manager and I did just fine. It’s just all right, it’s fine. All good.

Angie Chang: I’m gonna move on to some questions from our audience. What types of roles have you seen former educators move into when they transition into tech, and similarly, what advice would you give educators who want to move into tech?

Rosie Sennett: Well, a direct one would be education at a vendor. That would be an easy slide, internal or external. It would be the straight up, “I can do that.” If you want to take your resume and say, “I know how to teach.” ‘Cause trainer education, internal and external, that would be the way in, “I want a job today,” way to go. But any kind of customer facing role is gonna be actually on that. If you can teach and interact, pick up whatever … I’ve been in vendors this whole time, that’s my thing. So, the shortest from point A to point B, to me, is gonna be right in-

Angie Chang: That froze, unfortunately.

Farnaz Ronaghi: Yeah, I actually, I agree with Rosie. For a teacher, there are a lot of tech companies that would have good … not customer support, customer success roles, professional services roles, program management roles that basically are, you are building programs on technology. So, they are very technology oriented, and you will learn a lot of technical things, as if you join us at NovoEd, you will learn. But your core skillset, which is teaching, is critical to being successful in that role.

Angie Chang: That’s good advice. I think when I talk to people who are looking for jobs, a lot of times, people are looking, but at the same big brands, at their roles. But also, there’s a lot of early stage and medium sized companies that we don’t necessarily think about. They can be found on AngelList, or just by browsing on the internet, you can find smaller companies that will take a chance on people with resumes that show more different experiences, work experiences, life experiences. I actually recommend that path, as well. Then, after a few jobs, or years, maybe you will be at that big famed company, with the brand name. But to maybe start, and thinking about the smaller companies, and joining those roles for experience.

Angie Chang: Let’s see, another question we have here is, Shanea, knowing what you know now, would you still do a computer science degree?

Shanea Leven: Yes. Absolutely. For me, I briefly mentioned that it was identity, it went right against who I thought I was, by getting this computer science degree. My options were, the bootcamp, I already have a Bachelor’s in Business, and the CS Bachelor’s degree. What I found was that I’d gone as far as I could, teaching myself to code. I had done literally every online class that I could possibly do.

Shanea Leven: The ironic thing is actually, I actually taught, created online coding training, which is the crazy thing. For me, there was a different problem, that I didn’t realize that I had had, until I went to get the computer science degree. Which was, I grew up in inner city Baltimore, and my school system, I did not realize, failed me. There was a lot of things that with getting a computer science degree, and the way it’s taught now, that they assumed that I knew, and I did not.

Shanea Leven: I needed to go back to school, and I also have a little bit of dyslexia. Who knew? Until I was reading programming documentation for a long time, so I absolutely needed the CS degree to fill a lot of the holes and really, to ground my foundation of the theory, in addition to the actual syntax of languages. I would probably do it again. I don’t think the job that I have now, that I could have gotten it, without having the CS degree, and not having a solid foundation in the theory.

Angie Chang: Thank you. So we have a question here about, was networking a big part of your career pivots, or successes? It seems like everyone talks about networking like that’s the only way, but people feel it’s dirty networking for professional reasons. Can anyone give some thoughts on networking? Or what’s the best way to get a job or promotion?

Shanea Leven: Networking was important for me. When I decided to take the role at Google, it was because I actually kind of stalked a recruiter. Like, a friendly stalking. I called all the time, I was like, “Oh, we have to be friends now,” and we’re still friends to this day, ten years later. But just building relationships with folks, the job that I have right now was actually through a referral from two conferences that I met this person at.

Shanea Leven: I know Angie through friends of friends, and so I think networking is important. You never know what kind of doors we can open for each other, what kind of opportunities, and the mistake that I made was trying to think that I could do everything alone, and you really can’t. It’s about building a community, as opposed to thinking about it as networking, like, I have to go and do this.

Shanea Leven: It’s about building a community and you being a part of a community, as well. ‘Cause we’re kind of all in this together, we’re all trying to move forward together.

Angie Chang: Definitely. Farnaz, have you found networking to be important in your career?

Farnaz Ronaghi: I know it is important, however, that’s why I’m staying quiet, because I cannot be the one recommending people to do networking, ’cause I am the worst at it. I’m actually the one who will sit behind her computer for as long as possible, the introverted of introverts. Don’t see me talking like this, we are behind a computer, just … we can’t see each other in person, and we’ll see. But I do agree that it is about–just going through the startup experience, founding a company, and six years into it, I actually even, I look back, and every single people that we raised money from, people who became our customers, those relationships that I basically had to build because of my work, for advancing the actual work that I was doing, not that I was at that–

Farnaz Ronaghi: They are the ones that I go back to for, “Oh, I want to look around, where should I look?” Or, I’m looking for a partner, I’m looking for an engineer, so it is very important to be able to build that network. However, many of us have challenges with the concept of going out and talking to what feels like strangers. I don’t have any medication to help with that. But I do recommend everyone to go out there and just practice it, because I was very, very introverted. Now, at least when I take tests, my extroversion is more than introversion. So, it changes and you start doing better.

Angie Chang: Rosie, do you have anything to say about networking?

Shanea Leven: I do. I think in general, it helps to have, it’s interesting, having sort of kind of bopped back and forth, I mean, over long periods of time, between the software industry and the film industry, building a network of people who, I guess, in essence, they are acquaintances. They’re people who you know from cocktail parties, in the film industry, or conferences in the tech industry, who you see at just these things, and you recognize them visually and you don’t necessarily have anything to give or take from them, but you see them and they’re familiar.

Shanea Leven: You do, one day, get to call them up and say, “Hey, do you know this person? I’m looking at their resume,” or, “Well, how’s it going over there?” You get to actually make that, pull that ticket. It’s a good thing to have. So far, it’s been where people say, “Hey, do you know this person? They seem to be connected to you, do you actually know them?” And I’ve helped people get jobs.

Angie Chang: Okay. All right. We’re gonna be wrapping this up, just, I think we’ll take one more question. I think we have a few more minutes. I think this one may be good for Farnaz. We have an attendee who’s found that it’s hard for former educators to move into edtech, as many of the roles require sales experience, or highly technical skills. Even hard to get PM and customer success roles, any advice?

Farnaz Ronaghi: Even customer success and PM roles?

Angie Chang: Yes.

Farnaz Ronaghi: Well, I think, first of all, try sending your resume my way, and then I think, my advice would be, it would be good to look for instructional design or product, or program management roles in smaller companies, in startups that are more willing to invest in people who may not have the track record of success, but who will be able to be there and put their heart and soul in owning the results. We actually do that, with people who are in our customer success and professional services team, they come right from being a teacher to being in a position of working with our customers directly and building programs for them.

Farnaz Ronaghi: It’s actually very interesting. Like, with a bit of onboarding, they do such amazing work. I have no doubt that it works. However, try smaller companies.

Angie Chang: Okay, one final question. This’ll be a fun one. What’s your advice for bouncing back when you do ask for more and it backfires? Like, what is your coping mechanism, self care, how do you get back up?

Farnaz Ronaghi: Well, I think, the thing is that first of all, I think when you want to ask for more, just ask it with data. Meaning, when you feel like you are underpaid, there are Glassdoor reviews that give you average salaries and top of the market, below of the market. There are job descriptions from all sorts of companies with salaries on them that you can use as a data point that, for example, you are underpaid.

Farnaz Ronaghi: Or if you are asking for resources, like just go with data that backs your story, and if you really have a point, but you get the push back, for no reason, what seems like no reason, I actually think in those situations it’s good to just get it out of your system, talking to friends, getting coaching and mentorship. If you actually reiterate the conversation with a mentor, with someone who has, not just a mentor, but someone who has asked for a salary change before, and you feel like you had the right, and you feel like they also agree with you, that your argument was good, your manager didn’t have anything good to say in response, I actually think that it is fair to not think of yourself as just a disposable resource that can be treated in any way.

Farnaz Ronaghi: Just go out there and interview and look for other jobs, and then bring them an offer. You know? Push as hard as you want to push, just as long as you are doing it logically, you have data, and you are sharing your experience with someone else, in the role.

Angie Chang: Does anyone else have last feedback for how to bounce back from a potential rejection?

Shanea Leven: I think Farnaz is totally right. Doing data, and having the conversation. I think that moving, or separating in your mind the emotion of the rejection from the actual negotiation, or the thing that you’re asking for, is something that I really struggled with. They’re two different things. Right? Like, maybe there’s a reason, maybe there isn’t a reason, or maybe there’s a reason that someone isn’t telling you. But that doesn’t necessarily mean that you shouldn’t deal with your emotion around it.

Shanea Leven: That could just be, for me, it’s talking to someone, it’s venting. It’s reminding myself that they didn’t reject me personally, but they rejected the thing that I proposed. Or, it’s maybe not … it’s a no right now, but not a no forever. Or, like Farnaz said, get another job. Just separating those things out is helpful.

Farnaz Ronaghi: You know, I have one more thing to add. You made such a good point. I personally, I find having cheerleaders in life, very, very helpful. I have one cheerleader. One best friend, who rarely tells me I’m wrong. So, whenever I’m going with my emotions high, so angry at the whole world, because of the unjustice that they just did to me, for whatever reason, he will tell me that I was right, that I’m smart, but I have to work on saying it better.

Farnaz Ronaghi: Or, “Why don’t we say it this way?” Like, I just empty the emotions somewhere, and we get to problem solving together. I think finding yourself a friend, a cheerleader would be very, very helpful to deal with the emotion, because it’s very hard not to feel the rejection. But you need to move on.

Rosie Sennett: Yeah, yeah. I think being really clear that your argument, if we take it out of the salary area, broaden it for a second. Being really clear that you know that whatever argument you’ve brought for this decision was delivered to the person you’re delivering it in a way that they can hear it. You’re gonna deliver it to that person, in a way they can understand. If it’s somebody who can understand an emotional argument, then go ahead and deliver that. But if it’s somebody who can not, do not deliver an emotional argument, because it will fall flat. If it’s someone who needs statistics, then show up with statistics. If it’s someone who rejects whatever it is outright, and you feel that you have presented it, you know that this is a logical argument and you’re being dismissed, then yeah, you have a bigger decision to make.

Rosie Sennett: If you’ve been waved off, that’s a whole ‘nother ball of wax. Don’t confuse that with your proposal being rejected. Two different things, really. I think that’s the clear thing, is that one thing is personal, one thing’s not and none of it, in the end, is really personal. As Shanea said, 90 percent of the time, that decision, especially if you’re an individual contributor asking for something that is directly affecting only you, you may have no idea how or why that decision was made, and it may never come to you. So, that information should never necessarily turn into us and them. It should never then go out and become announcement of us and them, that has to be processed, because that’ll mess with you, too. That was what I was thinking while everybody else was kind of talking.

Angie Chang: Okay.

Shanea Leven: I’d also read Crucial Conversations. It’s super helpful.

Rosie Sennett: Yes, yes. Very good, very, very good.

Shanea Leven: Very tactical of like, how to go about these things and some of the tactical things we’re talking about, splitting emotion and like, the actual execution of the conversation. Changed my whole life. I’d recommend starting there.

Rosie Sennett: Super cool.

Angie Chang: Thank you all for joining us today. I know it’s Friday. Thank you so much. We’re gonna be … just tweet at us ggxelevate and we are gonna be moving into our next session, so thank you so much for joining us. See you later.

Rosie Sennett: See you.

Farnaz Ronaghi: Thank you all, bye.

Rosie Sennett: Bye.

Girl Geek X Palo Alto Networks Lightning Talks (Video + Transcript)

Like what you see here? Our mission-aligned Girl Geek X partners are hiring!

Gretchen DeKnikker, Angie Chang

Girl Geek X team: Gretchen DeKnikker and Angie Chang share their excitement for Palo Alto Networks Girl Geek Dinner in Santa Clara, California. There was a photo booth for making girl geek flipbooks!

Speakers:
Varun Badhwar / SVP of Products and Engineering / Palo Alto Networks
Liane Hornsey / Chief People Officer / Palo Alto Networks
Nir Zuk / Founder & CTO / Palo Alto Networks
Citlalli Solano / Director, Engineering / Palo Alto Networks
Meghana Dwarakanath / Manager, SQA Engineering / Palo Alto Networks
Archana Muralidharan / Principal Risk Analyst / Palo Alto Networks
Paddy Narasimha Murthy / Senior Product Manager / Palo Alto Networks
Angie Chang / CEO & Founder / Girl Geek X
Gretchen DeKnikker / COO / Girl Geek X

Transcript of Palo Alto Networks Girl Geek Dinner – Lightning Talks:

Angie Chang: My name is Angie Chang, founder of Girl Geek X. I want to thank you all so much for coming out tonight to this beautiful… Thank you so much to the Palo Alto Networks for sponsoring. I’ve never been here and the campus is amazing. This space is beautiful. We’ve had so much fun meeting people here, checking out the demos, eating delicious food and drink. Now we’re really excited tonight to meet some of the people who work here, talking about their expertise.

Gretchen DeKnikker: Angie was going to tell you this part but I’m going to tell you. Okay, did you guys see all the cool stuff? There’s a photo booth here, over there and you can do that. Then you can make a little flip book where you move and then they’ll make you a little flip book on the spot.

Gretchen DeKnikker: There’s demos back there, which seem to be fabulously popular. Got the little cards. There are recruiters all over so if it seems awesome here, and it seems pretty awesome, the food’s awesome, everything’s awesome so far, right? Yes?

Audience: Yes.

Gretchen DeKnikker: Yes. Okay, so if you want to work here, they’re also hiring. Then you can work with some of these amazing women that you see here tonight. Girl Geek, we do these every week. Who’s their first time here?

Gretchen DeKnikker: Okay, cool. We’ve been doing these for about 10 years. We’ve done over 200 of them. We do them every week now up and down the Peninsula, in San Francisco. If this is fun, make sure you’re on the mailing list and come to the next ones.

Gretchen DeKnikker: We also got a podcast, we just got going. I think we’re on episode eight. What was it about? Tech stayers. Yes. Don’t leave. Tech stayers. But there’s ones on impostor syndrome and mentorship and career transitions and learning styles and just like, so check it out, it’s on all of your usual podcasting places, and then let us know if you like it or what we could do to improve it because we’re not podcasters, we have no idea what we’re doing. We’re just talking, like I am right now.

Gretchen DeKnikker: Without further ado, thank you guys so much for coming tonight and I don’t know who I’m turning this over to.

Varun Badhwar: I’ll take it.

Gretchen DeKnikker: Okay. Let’s welcome the man to the stage.

Varun Badhwar speaking

SVP of Products and Engineering Varun Badhwar warms up the crowd at Palo Alto Networks Girl Geek Dinner for talks on secure development, secure design, how security is just such a core part of development life cycles.

Varun Badhwar: Thank you. Privilege to be here. Good evening, everyone. Really an honor to have all of you here. My name is Varun Badhwar. Figured I’d just spend a few minutes sharing a little bit of my story. I’m six months or so new into Palo Alto Networks. Came in through an acquisition, actually. We recently, Palo Alto Networks acquired a company called RedLock. I was a founder CEO of that company. As a startup, one of the biggest things that makes you successful, brings the teams together is really the culture, right?

Varun Badhwar: A lot of people, there’s no product, there’s very little salary we can pay people, the office isn’t as nice as this, but ultimately we join companies for the people who are going to work with and really a grand vision of a problem we’re going to solve. That problem for us was securing the cloud. As you’re doing that and as you’re building… For those of you who are not familiar with cybersecurity, there’s normally in this industry, if you’re successful, you likely end up getting acquired by just potentially six or seven companies that can do that.

Varun Badhwar: For me, a lot of people have said, we were only three years into building RedLock, sort of how we ended up here? Why did we make that decision? Ultimately, Palo Alto Networks, for those of you not very familiar with the company, has always been at the very top of that list for us for a couple of reasons.

Varun Badhwar: One, is you’re going to hear from our founder, Nir and the team. Just incredible pace at which Palo Alto Networks has disrupted the market, has taken a leadership position, now is the largest pure play cybersecurity company in the planet.

Varun Badhwar: More importantly, all of that has been done with only 6,000 people in the company, right? Larger companies in security have 80, 100,000 people. For us, it’s been fantastic. You come in, you get the best of feeling like a startup operating really rapidly yet having a culture, and having values that are very startup like. Everything from empowerment for the teams, empowerment down to individuals working in this company to–

Varun Badhwar: I’ve just been fascinated with how important diversity has been to this company. Obviously this is one small commitment towards that. But as I can come in here and I’m asked to go work towards our annual conference, which is Ignite that’s happening next month. From the number of attendees, our customers that are coming and tracking diversity statistics there to how many speakers we’re bringing to the table, have these advanced diversity there, diversity in hiring. and diversity obviously is is about professional backgrounds–

Varun Badhwar: Maybe, heck, if you look at our CEO, he never worked in cybersecurity before this, he came from Google, right? He’s first timer in cybersecurity, so for those of you say, “This feels like too geeky of a space.” Not really. I think we really appreciate diversity. Whether you’re coming from a consumer background, enterprise background, you get race, ethnicities, values as well.

Varun Badhwar: I don’t want to take up too much time here. Just articulating a couple of things. One, phenomenal company. We’ve loved the last six months. My teams tell me we are working harder than we did at a startup and having a lot more fun. The fact that the values are so aligned to–what I think a lot of us love probably the companies we’ve worked for. The intersection of just cybersecurity, and specifically for my part, cloud is just so fascinating. It’s a cat and mouse game, security. You’re never done building products that work well. You’re always against forces that are from–Maybe Nir will touch on, it’s a good topic for him.

Varun Badhwar: There’s people that are putting more and more emphasis. Attackers are trying every which way to get into people’s environments. They just need to be right once, we need to be right every time with the products that we build, right? Really an amazing career opportunity. Again, want to thank you all for coming here. Hopefully, you’re going to learn a lot about secure development, secure design, how security is just such a core part of development life cycles. I will pass that over to Liane and Nir.

Liane Hornsey speaking

CPO Liane Hornsey talks about the the inclusion agenda at Palo Alto Networks Girl Geek Dinner.

Liane Hornsey: Hello, everybody. I am the Chief People Officer of Palo Alto Networks and honestly, I love moments like this, and I really love moments like this because I’m in the company of a lot of technical women. I always feel, oh gosh, they’re so much better than me. They’ve got all these skills I haven’t got. They know how to code, they know how to build product, they know how to make things happen, and I work in HR. But I also think and feel very, very humble when I’m with technical women, that it is also harder for women in technical jobs to come to work each and every day. It’s harder for them than it is for me.

Liane Hornsey: When I walk through this door, I walk into a function and I’m surrounded by other women. I am not surrounded just by people who are different to me. So I don’t carry that burden of being different as I walk through the door, in the same way as many of you do. Because you work as a minority in many of your teams. I’m doubly in awe, because you can do all these things and you have all these skills that I don’t have, and you have that additional, not burden, but that additional concern of being different.

Liane Hornsey: Now, I have only been at this company for seven months, a little like Varun, about the same time. I joined this company, honestly, not really knowing much about this company. But truly, I have come to love this company with all my heart. I really love this company, and I want to tell you why. Partly it’s this, I truly believe you have to work for a company that is doing good stuff.

Liane Hornsey: Every night I drive home and I turn on my radio and I feel just that little bit less safe. Every day I think about my children online, who are a bit bigger than your children. But I think of them online, and I think about their safety. Every day, particularly as a European, I think about the importance of cybersecurity. I know I am working for the good guys and I’ve got to tell you, that feels really very, very nice, but it’s not just about what we do. What I really love about this company is how we do it. When I first came here I met my team and the first thing they said to me is, “We don’t have D&I here. We don’t have diversity and inclusion.” I’m like, “Whoa, bit weird,” and they said, “No, we have inclusion and diversity.” Then I thought, yeah, yeah, that’s a bit of a fad. You’re just changing the words around.

Liane Hornsey: But I do want to impress something upon each and every one of you. Diversity and inclusion does not work. There is no point putting in more underrepresented minorities into companies that can’t change and make them feel welcome. There is no point pulling more women into technology, if you can’t make them feel like they can bring their whole selves to work each and every day.

Liane Hornsey: For me, it’s not the diversity agenda. It’s about the inclusion agenda, and that is what Palo Alto Networks is going to be known for. That is what we are going to do that is different and unique. I don’t believe there are companies in the valley that have solved the diversity and inclusion issue. We all know we’re spending a ton of money each and every year trying to encourage minorities, trying to encourage more women, trying to encourage difference and we’re failing. And we’re failing, I realize now, because we are doing it wrong.

Liane Hornsey: It’s about time we understand, each and every person in this room, even if we’re united largely in agenda, we are not the same. I am not the same as every other woman in this room. I am an individual. I am unique, and I am special as are each and every one of you, and that is what Palo Alto Networks is going to be about. It’s going to be about over the next couple of years, making sure that each and every individual that joins this company feels special, feels that they’re doing amazing blooming work, work that will change this world and work that will make everybody safe, and that we can all be whoever we want to be at work. I think if we crack that, we’ve done something pretty darn good.

Liane Hornsey: I’m not going to say much more to you. I am so glad that you’re here. I am so glad you can see everything, that’s wonderful. But I’m most glad for you that you can hear from our founder. In my career I have worked with a number of founders, and I’ve got to tell you, it is not always a joy. They can be a little unusual. This time it’s an absolute, an amazing joy, and I’d like to introduce Nir.

Nir Zuk speaking

Founder and CTO Nir Zuk talks about the past, present and future of cybersecurity at Palo Alto Networks Girl Geek Dinner.

Nir Zuk: Thank you, Liane. Thank you all for being here. I’m Nir, I started this mess about 14 years ago. We got funded about 13 and a half years ago. We’ve been selling products for about 12 years. Like Varun said, we are the largest cybersecurity vendor in the world today, we’re also the largest cybersecurity business in the world. Even businesses inside other large companies are smaller than us and these businesses have been around for 25, 30 years, sometimes even more than that.

Nir Zuk: How does a company that’s only been selling products for 13 years, becomes larger than companies like Cisco and Juniper and Semantic and other large cybersecurity vendors? Of course, it would through disruption, right? To disrupt the market, you completely change the market, and maybe I’ll say few words about disruption.

Nir Zuk: The first thing about disruption is that it’s a weird thing. It’s not like it’s… The way you disrupt the market is not by building a product and starting to sell it and then figuring out, wow, I disrupted the market. It’s actually the other way around. You find the market that’s ready for disruption. You find the reason why it’s ready for disruption and you address that, right?

Nir Zuk: If you think about it, some of the companies that you work with and a lot of the companies that have changed things like the taxi industry, and the hospitality industry, on the consumer side, and then companies that have changed the way we do HR and the way we do salesforce management and CRM and the way we do IT operations and so on, they were all going into markets that have been doing the same thing again and again and again and again for many, many years and found the reason to disrupt those markets, disrupted the markets, and have been successful at that. We’ve done the same thing.

Nir Zuk: The next question that I always get asked is, how do you make sure that nobody comes behind and disrupts you? It’s not easy. The thing about disruption is that when you face disruption as a large company, it’s very, very difficult to deal with that. It’s very difficult to deal with disruption because you have two pretty much bad options. The first option you have is to embrace the disruption, meaning to say, wow, this is very disruptive. Everything I’ve done so far is irrelevant. Let’s embrace the disruption. The challenge, especially as a large company, as a publicly traded company and so on, is that that really kills your business, and you have to start again. It’s not that you start from scratch, but it’s enough that your revenues go down 2, 3% and you’re done. Right?

Nir Zuk: Embracing disruption is hard because you have to start convincing the markets that you are disruptive and then you have to buy and sell them something new while they don’t buy your old thing. Then you can fight the disruption, but if the disruption is real and true, then you’re going to eventually end up staying behind, which is really what happens to our competitors when we started disrupting the market. They all fought the disruption, they all went through the five stages or first denial, right? Nobody needs it. Then we do it too, and then eventually it’s, okay, let’s go and find something else to do.

Nir Zuk: To make sure that we don’t get disrupted ourselves, the only logical way to do it is to disrupt ourselves. Keep looking why the market is ready for disruption and going and disrupting it at the risk of hurting your existing business, which we do. We keep doing that all the time and we don’t have time to talk about it right now and today, but we keep disrupting the market, we keep changing the market and changing the way the cybersecurity market works. I think that that’s the first thing that we’ve done.

Nir Zuk: The second thing that’s interesting about the cybersecurity market is that when we started, it was made of two types of companies. It was made of very large vendors. Again, I mentioned some names, Cisco and Symantec and there’s another company that they used to work for in the past called Checkpoint out of Israel, which is also a very large vendor in the industry. There’s McAfee and Juniper used to be a large vendor in the industry and there are a few others, and they all sell products that are very, very successful, but really aren’t doing anything to secure their customers. In fact, they all sell products that we call firewalls, you’ve probably heard about firewalls and everybody knows that you need the firewall, it’s just firewall is not going to make anyone secure.

Nir Zuk: Firewalls are not a security product, they are a hygiene product. Saying that the firewall is security products is like saying that soap is going to make you healthy. It’s a hygiene products, it’s not going to make you sick, but it’s not going to make you healthy. You’re not going to prevent some or the most important diseases. Right? That’s one set of companies.

Nir Zuk: The other set of companies that we saw when we started the company 14 years ago was the innovative companies, the companies that actually do something for their customers to stop the bad guys and to make the world safer, but those companies just never took off. There was this disconnect between the two when… and part of it is because it’s very hard for customers, especially very hard for organizations to tell what’s working and not working, what’s not working. Like how are you going to evaluate a cybersecurity product? They’re going to hire a bunch of hackers and pay them a lot of money and go create an attack against yourself and then see if the product… Nobody does that, right? Usually you get a script from the vendor and you followed the script, then guess what? It works, right?

Nir Zuk: When we started the company, we decided to be different. We decided that we’re going to build the product that is both going to be big, and is going to actually do something for our customers, and that’s part of our culture. There are other things in our culture that I think are very important. But I think… and I’ll talk about him in a second, but I think the most important thing in our culture, or about culture is that we strongly believe is that cultures create companies and not vice versa. Meaning it’s the culture that you have when you start a company, and if you work really hard and make sure it doesn’t change much, it’s the culture that you have over the years that’s great in your company versus your company creating a culture. Okay? If your culture is to be disruptive, then you’re going to be disruptive. If your culture is going to be, you’re going to invest in sales and marketing to convince the world that the products that you build that aren’t doing anything, actually do something, then that’s going to be your culture.

Nir Zuk: There are a few very important things that we created in the culture of the company that I think have brought us to where we are, and the largest vendor in the cybersecurity industry, and we’re also growing much faster than everyone else. There are areas where we’re by far the largest vendor, well, there are areas where we’re bigger than everybody else combined. Doing really well, and again, it’s our culture and it’s things like being disruptive. It’s things like we always… we don’t solve simple problems. Meaning, if there was something in cybersecurity that we think someone else is already doing well or we don’t know how to do better than them then we’re not going to do it.

Nir Zuk: Customers keep asking me, “Why aren’t you doing the… Distributed Denial of Service protection?” Whatever that means, right? Because I just don’t know how to do it better than others that are doing it today. They ask me, “Why aren’t you doing web application firewall?” I just don’t know how to do it better than others, so why would I do that? Okay? The things that we do here are things that we know how to do better, or we think at least we know how to do better than everyone else. That’s in our culture. Like when we make a decision whether to do something or not, that’s a very important criteria. Criteria, right? There are other important criteria. That’s one part of our culture.

Nir Zuk: The other part of our culture is to always do the right thing for the customer. Now, of course, every company that you work for will say that they are doing the right thing for the customer, but as an example that I used just a moment ago, if you invest in sales and marketing to convince your customers that the stuff that doesn’t work, doesn’t do much for your customers actually does, then that’s not your culture. Your culture is not to do the right thing for the customer and… For us to do the right thing for the customer, I think the way we think about it, the way we’re presenting this, we always do… we only do things that we can be proud of. Okay? I cannot be proud of selling a customer a product that doesn’t do what the customer thinks that the product does. So, we’re just not going to do that. We’re going to do the right things so that we are proud of what we do so that customers eventually will get the benefit of the products, and that’s very important for us.

Nir Zuk: Another area that’s very important for us is self-awareness, okay? Many companies just aren’t self-aware when it comes to the issues that they have. Whether in their structure or in their products or in whatever it is. We are very very self aware. I mean I’m not going to, of course, wash the dirty laundry here, but in meetings we always talk about the issues that we have. We always talk about competitive issues that we have, we always talk about organizational issues, we always talk about the different things that are going to make us not successful, or are making us not successful in some areas, and we’re very self aware of that and we fix it. We certainly don’t kill the messenger up, we promote the messenger here, and take care of that. Those are important things that just don’t exist in many companies. When you look back 14 years ago and we look at the set of companies that we compete against today, they just have a very, very different culture than we have today.

Nir Zuk: The last thing, which you’ve already heard, that’s important for us in the culture is diversity. Diversity is not just gender diversity, which is very important. I think among the first 25 employees of the company, about a quarter, 25th and a quarter were women. But it’s not just gender, it’s also underrepresented minorities. It’s also diversity as to where people come from in terms of the companies that they come from. We don’t just hire from two companies, we hire from as many different companies as possible, so we get as many different opinions as we can. When we think about diversity, we think about diversity across everything. It’s really an important part of our culture. Like if you walk around and you see the list of things that are in our culture, which are posted in various areas of our buildings, that’s one of them. Being diverse is very, very important for us. We just think that it makes us better and it makes us build better product for our customers. Okay?

Nir Zuk: Maybe the last thing I want to talk about is would… like Liane said, not too many people know about Palo Alto Networks, especially if you’re not in the enterprise space and not in cybersecurity space. You don’t know much about Palo Alto Networks other than maybe you every now and then you’ll hear about our financials or things like that. But if I look at the things that we’re proud of and the things that are somewhat unique to us, we are one of the large… we have one of the largest infrastructures in the world, or certainly building one of the largest infrastructures in the world. Cybersecurity is becoming more and more, and that’s something we’re driving, but it’s becoming more and more a data problem. The amount of data that you need to deal with in order to find the bad guys and stop them, it’s just unbelievably huge. We’re talking… I mean, if we today had to collect or are able to collect all the data that we need from our customers, we’re talking about several billions of events per second. Okay? This is the kind of infrastructure that we need to build. We’re talking about many, many, many, many exabytes of data in order to make our customers secure. I mean, I’m not saying we’re there yet, but that’s something that we need to build, and over the next few years we need to build.

Nir Zuk: Cybersecurity is becoming a data problem and we’re leading that. We’re very large infrastructure company.

Nir Zuk: One of the things that we’ve done, and one of the disruptions that we brought to the market is we have transformed the cybersecurity market from a market where you buy a lot of products. A typical organization and typical enterprise will have dozens and sometimes more than 100 different cybersecurity products that they deploy in their infrastructure. We transform that into a market that’s delivered via SaaS. Okay? That’s another thing that’s important about Palo Alto Networks, and yeah, there’s also the cybersecurity aspects. You’re going to be a cybersecurity expert to work at Palo Alto Networks. The number of people here that actually know cybersecurity, probably 200 or 300 of our employees, actually are cybersecurity experts. All the rest are data experts, and service delivery experts, and operations experts, and of course, that’s in the engineering department and we have many other organizations within the company. Okay? That’s what I had to say. I’ll stick around if you have some questions. We don’t have time for questions right now, and I guess next one is Citlalli. Thank you.

Citlalli Solano speaking

Director of Engineering Citlalli Solano talks about loving where she works because she identifies with Palo Alto Networks’ mission of securing “our digital way of life.” She is a proponent of the security-first mindset.

Citlalli Solano Leonce: Hello, everybody. My name is Citlalli Solano Leonce. I am a director of engineering here at Palo Alto Networks. I’m a software development and I really couldn’t be more proud of having you guys here tonight. A little bit about myself, so let me share a little bit of my story.

Citlalli Solano Leonce: I grew up in Mexico City, back in the day there were no cell phones, no tablets, no flat TV screens, no nothing, right? No, internet even, and I remember vividly how my mom would take me with her to the bank, right? The old big computers with black screens and green letters and characters going around. I always wonder what is happening behind? How could that person type something, and then some magic happens? Right? Fast forward a little bit. I got… that’s what I… got me to study computer science.

Citlalli Solano Leonce: Finally right out of college, my first job was at the central bank in Mexico. I finally, my dream come true. I was able to understand what was happening behind the scenes, but there was a slight difference back then, and is that I was not only understanding what was happening, but I was in the driver’s seat. Here I am, 21, 23 year old, building systems for my country.

Citlalli Solano Leonce: I was developing in C++ and my modules eventually ended up in the payment systems. Now people are able to transfer money from one bank to another immediately. I was paving the way for the digital transformation of my own country. That was… at that time probably, I didn’t realize that impact, but looking back it’s like, really I was a key player there.

Citlalli Solano Leonce: Fast forward a little more. Here I am standing in front of all of you in the middle of the Silicon Valley. A day in the life, you wake up, your phone plays a nice tune for you. With the internet of things, you can have your coffee machine make coffee for you, and then you wake up to the very nice smell of coffee beans. You can say, “Alexa play, what’s the weather today? What’s my stock options? You take your car, the car drives you wherever you want, right? Like that, so it’s amazing, right? All these transformation, I can’t believe I have been fortunate in life to live this revolution, right? But there’s another side to that. What is happening with all of that? Now, we all have our lives in the digital world. Raise up hands, how many of you do your banking online? Probably everybody, right? How many of you do video gaming or your kids do video gaming? Right? Now, even that is online.

Citlalli Solano Leonce: Some of us are doing… those DNA test, 23andMe, okay? Then we can share and, or maybe we’re cousins, we’re third cousins or whatever. Right? That’s amazing. But, where do you think all these data is going? Everything is hosted in the cloud, right? We are leaving our digital fingerprint over there, and it’s not only the data, these services themselves are deployed in the cloud. They’re either running in AWS, Azure, GCP. Who knows? right?

Citlalli Solano Leonce: Amazing. But we also have a big responsibility. Everything is interconnected. How do we prevent the bad guys from getting that? It’s not only just your little blog post, it’s now your financial information, it’s now your DNA information, right? Who knows what’s going to happen in a few years.

Citlalli Solano Leonce: Let’s look at how we are developing those various systems, and something that Nir was referring to, it’s not only about cybersecurity and cybersecurity professionals, right? We at Palo Alto Networks happen to make software that secures the enterprise. But security is responsibility of everybody. Who is building that 23andMe mobile app? Probably one of us. Right? Who is building those banking applications? One of us, right? What are we doing to prevent that from being vulnerable? It shouldn’t be an afterthought and in and out of the job of the InfoSec guys. Archana, here, who specializes in InfoSec, can tell you a lot more about the security practices, but that should start before.

Citlalli Solano Leonce: Looking at this SDLC, it’s something that’s probably very, very familiar to many of you. What do you think here is missing? Any ideas? We have the the planning, we have architecture and design, implementation, testing, deployment, maintaining, anything that is missing here?

Audience Member: Security.

Citlalli Solano Leonce: Security. Where do you think security should go? What circle are we missing? Where do you think that goes?

Audience Member: Everywhere.

Citlalli Solano Leonce: Everywhere? Yeah. Oh, you guys are too good for me. Yeah, spoiler alert. Yes, security is everywhere. It’s not, oh, QA should test for security, and Meghana can tell you a lot more about all our QA security practices. But this goes before, even as we are designing, Paddy here also will talk to you about product management, but it’s everybody’s responsibility.

Citlalli Solano Leonce: Circling back, we are living in this amazing world. We have all these services at our fingertips, right? Everybody’s now, now our kids, everybody is. But also we have a big responsibility. I personally love working here because I really identify with our mission of securing our digital way of life. I truly believe that. As the previous presenters were saying, it’s truly our responsibility and we are hoping for a better world one day after another. I’m hoping that tomorrow is going to be a little safer than today, so that the world that I leave to my kids and my legacy is much better than what I’m living right now. I invite you all to adopt security as your own, and let’s build that secure world together. Thank you very much.

Meghana Dwarakanath

SQA Engineering Manager Meghana Dwarakanath says, “We have to continuously rethink our role and what we need to do in our roles to be successful. This mindset is not only encouraged here at Palo Alto Networks, it is expected, and that is what I love the most about working here” at Palo Alto Networks Girl Geek Dinner.

Meghana Dwarakanath: Hello, everybody. My name is Meghana Dwarakanath. I’m the Software Quality Assurance Manager for public cloud security here at Palo Alto Networks. Now, I have been able to contribute across three different products here at Palo Alto Networks: WildFire, which is our malware protection as a service, Aperture, which is our data loss prevention as a service for SaaS applications, and now with public cloud security product RedLock. I’m sure you all know already all about it, with all the demos you’ve attended.

Meghana Dwarakanath: How did I get started? I like to tell people that I’ve worked my way up the networking stack. I started off on CDMA. Then IP, TCP, SUDP, finally landed in the cloud, and out of pure curiosity took a right turn into security. This is a story you’ll hear a lot more from people who are working here. Because, initially when you think security, or at least when I heard about security, the first thing that comes to your mind is some Mission Impossible scene. There’s lot of screens, hackers. But then working here I came to know it takes a lot of people from a lot of different backgrounds and expertise to come together and make a good security product. Now, if you take my team, for example, I have people from DevOps background. I have people from Dev background, of course QA background, security company experiences, non-security company experiences, and with all those different perspectives, we are able to build a much more secure and successful QA process, which is what I’m going to talk about today.

Meghana Dwarakanath: One of the axioms in security is, you’re only as strong as your weakest link. Now let me ask all of you something. What do you think is the weakest link in your companies? Maybe you don’t want to say it out loud. But the answer should be, nothing. We are all strong, we’re all doing good, and we agreed, right? Now, of course, when it comes to our production environments, we are very thoughtful about protecting them, and we should be. Because it has our customer data, it has our reputations, and it needs the protection. By the time we come to our QA environment, it kind of tapers a bit, right? Why? Because you’re thinking it’s QA.

Meghana Dwarakanath: We don’t have customer data in there, hopefully. It’s an afterthought, we really don’t think about it. But if you really think about the challenges we have and the kind of products we are testing today, we need to think about why we need to secure QA environments. Because when somebody gets to your QA environment, there are a lot more things they can get out of it, apart from customer data. For example, they can get an insight into your system internals. They can figure out how your systems and services are talking to each other and you’re literally helping them make a blueprint to attack your production environment. You have proprietary code, of course, that is running in your QA and staging environments, and so there’s a potential loss of intellectual property there.

Meghana Dwarakanath: Again, hopefully you don’t have customer data in your QA environments. I really hope you don’t, because here at Palo Alto Networks, the InfoSec team, Archana will tell you more, they’ll find out, come hunt you down, and take that data. Then, of course, if you’re the unfortunate victim of something like a bitcoin mining and that, you get a very massive bill at the end of the month, a very, very unpleasant surprise, right?

Meghana Dwarakanath: This is just your test environment. What is the other aspect of testing? Test automation, right? Anybody who is testing the SaaS service will tell you they test against production. Every time you release, you want to make sure that your production is doing okay. All the features are doing okay. So what do you do? You run your test automation against production, which means your test automation now has credentials that can access your production environment. You probably have privileged access because you want to see better what you’re testing, and now you’re co-located next to customer data, which is a very–potentially–a very unsafe mix.

Meghana Dwarakanath: How do you do the security? One of the ways we have been able to do this successfully here, is to consider test as yet another microservice that is running in your production. All those production microservices that you deploy, test is just another one of them. How do your microservices store credentials? That is exactly how you test automation will store credentials, the same SDLC process that Citlalli talked about, where security is not an afterthought. The same thing applies to your test automation code as well. You deploy monitoring for your test automation services just like you would do for your production services, and then whatever deployment automation you have, your IS automation code you have, you first test deployment into the same very architecture, and now you have all the added protections that your production microservices are getting.

Meghana Dwarakanath: There are a lot of fun new QA testing concepts, right? AB testing, blue-green testing. How do you test this global? With this, we are able to be in every single stack we deploy, test continuously, and get continuous feedback about our test and production environments.

Meghana Dwarakanath: Now we have the right people, we have the right mindset, we have the right intentions. We just want to ensure that our intentions have the right impact. What do we do? We just happen to have a set of world-class microservices at our disposal, so we don’t put our own environments, which means for example, all my test environment are monitored by RedLock, to see if we have any security vulnerabilities there so that I can immediately know about them and then I can make sure they’re secured, right? This is a win, win situation, of course, because we are in the same cycle of continuous feedback. We tell how the product is doing, the product is securing us.

Meghana Dwarakanath: Now, from this talk, I really want all of you to have two takeaways from this. One, of course, to really go and think about how your QA practices are, are they secure? And what needs to be done to make them secure. The second thing is to realize that we are in an ever changing landscape and there are different and new challenges, right? We have to continuously rethink our role and what we need to do in our roles to be successful. This mindset is not only encouraged here at Palo Alto Networks, it is expected, and that is what I love the most about working here. Thank you.

Archana Muralidharan speaking

Principal Technical Risk Analyst Archana Muralidharan reiterates that “security is not a one-time concept. It’s a continuous process” at Palo Alto Networks Girl Geek Dinner.

Archana Muralidharan: Good evening, everyone. I am Archana Muralidharan, I work as Principal, Technical Risk Management, here at Palo Alto Networks, InfoSec department, and the same function of a lot of people refer to now. I feel more responsible now to deliver what exactly we do put into product security here.

Archana Muralidharan: Before we get into the specifics of how we do stuff at Palo Alto Networks, let me share with you some fun facts about me. I was born and raised in Chennai, a city in southern part of India. Where the weather is really hot all through the year, 365 days a year. There are only three seasons, according to us, hot, hotter and hottest.

Archana Muralidharan: There is there are no cold seasons that are known to us. If you ever see me wearing a jacket when it’s 70 degrees outside, you know why it is. My childhood dream was to actually become, any guesses? Was a Bollywood singer. Honestly, I still learn Indian classical music just for the fact that I couldn’t become one. But destiny was something else, I completed my engineering and I ended up becoming a software engineer.

Archana Muralidharan: It was by accident, I would say that I got into information security, because I didn’t even know what it was like 12, 13 years ago when I started my career in InfoSec. After having been in InfoSec for so long, I really, really love the domain. It is so interesting because it throws a unique set of challenges and problems for us to solve. Now that we heard a lot of our leaders, Citlalli, Meghana, touching upon how important is security to be incorporated as part of SDLC, let me dive deep into that.

Archana Muralidharan: There are some debates here and there in terms of the actual estimates, but all research does confirm the cost and time involved to remediate the vulnerability, grows exponentially over the different phases of SDLC. That’s why it’s really important for us to start thinking about security, during the initial phases.

Archana Muralidharan: Especially when you’re delivering the cybersecurity product, we want to be doubly sure, triply sure, over cautious sometimes to ensure the way we develop [inaudible] makes us really secure, because we have commitment to protect the digital way of life.

Archana Muralidharan: Our approach here at Palo Alto Networks is to embed security as part of every phase of [inaudible] like how you just heard from a lot of the speakers who spoke previous to me. As part of requirements, we make it a point that we collect security requirements as an NFR, meaning non-functional requirements, in addition to the normal performance ahead of requirements. We ensure that they are understood, well documented so that we could potentially prevent a lot of vulnerabilities creeping down street.

Archana Muralidharan: As part of Design phase, being from InfoSec, worked very closely with the product architects to understand the architecture and review it from a security perspective to ensure… to look for all possible attacks, incorporate possible mitigations well in time to prevent design flaws that would otherwise result in vulnerabilities in the product.

Archana Muralidharan: As part of Build phase, we primarily do two activities. The first one being static code analysis where we look for vulnerabilities and remediate in the custom code what we developed, as part of product development. The second piece being, using this open source vulnerability assessment tools to figure out the vulnerabilities in the open source libraries and frameworks worth the use in our product. But it’s really important that we understand what we sign up for.

Archana Muralidharan: During Testing phase, we do something called as application integration testing to find vulnerability that we had missed as part of Build phase. For instance, when we do static code analysis during Build phase, the code doesn’t run, [inaudible] it is static. When more components are integrated, come together, there could be a possibility of more vulnerabilities, which we typically find, specifically targeting areas, some of the stack like versus logic errors, privilege escalation, which no static analysis tool can find as of today.

Archana Muralidharan: As part of Deployment we perform deployment architecture review. This is very similar to what we do as part of design phase. The only reason is because we are in the [inaudible]. We follow [inaudible] frameworks, we build stock so fast. There’s always a chance that they may miss the actual design, what was approved versus the actual design one gets to plan, finally may differ and you want to be really sure that the final architecture, what gets deployed is indeed what was approved.

Archana Muralidharan: Finally, I’m very sure all of us would be aware and agree that security is not a one-time concept. It’s a continuous process. We monitor… We scan our product environments for vulnerabilities in infrastructure, web application, API, SQA configuration, so forth and so on, and remediate those vulnerabilities well in time.

Archana Muralidharan: Aside from that, there could be a situation where a vulnerability is out in the market, but it’s not part of your scan cycle, so we don’t want such vulnerabilities to be executed and end up being in a breach situation. We use runtime application, self protection to detect those vulnerabilities and lock it from getting executed during run time. These are all the activities that precisely we do as part of software development life cycle. We take security really very serious.

Archana Muralidharan: Before [inaudible], I want to share, why do I love working for Palo Alto Networks? Trying to give a basic… I would like to share my personal story when I interviewed with Palo Alto Networks. Having been in consulting for 10 plus years, the very fact, the very idea that I’m going to work for a cybersecurity product company, really thrilled me, really excited me.

Archana Muralidharan: I applied for a job, I went for an interview, everything went well, and always we have this feeling that we could have done probably a little better. Any of you think like that? After any interview? I felt the same. But all well, I get a call from the hiring manager, did a very appreciative of all the great qualifications, what I have and I was super excited. I thought I was [inaudible] the job, but then there’s a slight twist to it. I did not get the job. Difference, I was not a right fit for that job. Instead, they offered me a totally different job, which in their opinion, they believe that’ll be a better fit for me. As you all are confused now, I was completely lost and confused, because never in my career of 15 plus years, there was ever a situation where something like this happen. It is always either a yes, or a no.

Archana Muralidharan: With a lot of confusion, I agreed. I accepted the offer. Glad that I made the decision, no regrets whatsoever after that. It has been a great learning experience here. The reason why I’m sharing this with you today is to reemphasize that teams here at Palo Alto Networks think very differently to solve the problem statement. That’s what makes this place unique and a great place to work. Thank you so much for your time.

Paddy Narasimha Murthy

Senior Product Manager Paddy Narasimha Murthy talks about PMs and Security PMs, and how PMs work at Palo Alto Networks Girl Geek Dinner.

Paddy Narasimha Murthy: Thank you, Archana. Hi, everyone. Glad to be here with all of you. I’m Paddy Narasimha Murthy. I’m a product manager on the Cortex team, an engineer turned product manager. That’s a very brief introduction about me and I’m here to talk about the perspective of PM-ing at Palo Alto Networks. What does that mean? You heard from a development manager’s perspective, QA, and InfoSec perspective, and now this is the PM perspective. But before I go into the details, I want to go over… what does a PM do, and then what does a Security PM do, and finally, why is it fun working here at Palo Alto Networks?

Paddy Narasimha Murthy: Many of you might’ve seen this image. This is a classic image where you see different perspectives for the exact same element, and here the element is elephant. What a PM does is basically intuit what a customer wants. Let me go over that with an example. Let’s say Customer A comes to you and they say, “I have certain data set and I want only the senior management to actually have access to that data set.” Okay, great. As a PM, you make an order for it and you say, “Okay, this is probably how I’m going to go build that feature.” But in the meanwhile, Customer B comes to you and says, “I have a data set, but I only want my support engineers to access that data set,” and you go, “Okay, that’s also great and I can build a feature for that.”

Paddy Narasimha Murthy: Imagine if you are a PM and you were to build a feature that satisfies that Customer A, and another feature that actually satisfies Customer B. Do you think that’s going to be sustainable? Because it’s very soon you are going to run into a situation where there’s going to be dozens of customers and probably even hundreds of customers asking for something very similar saying, different people need to have access to it. That is where you as a PM come into a picture and where you actually help draw this elephant. In this particular case, you could solve this problem by building something called a role-based access control, for example, where you can actually have a common solution that would satisfy with Customer A, Customer B, as well as thousands of customers who could have the same need in the future.

Paddy Narasimha Murthy: Role-based access control system, just a brief introduction is basically setting up rules, which are privileges, and those privileges tell you what users have access to and what they don’t have access to, and you can assign these privileges to users. That is one way of solving this problem. This is what a PM [inaudible] does.

Paddy Narasimha Murthy: The other important aspect is that PM also helps understand teams the big picture. For example, different teams when they are building different features, what they see is just a tiny part of it and probably an isolated view of that feature because they might only be integrating with one more team or in some cases just couple of more teams. They’re a very isolated view of the work. So a PM’s job is to step in and actually help draw the elephant where you tell teams that, “Hey, this is what we’re building and here is how your piece is going to fit in.” That’s the job of a PM.

Paddy Narasimha Murthy: That said, what does a Security PM do? A Security PM does all of what I mentioned, and a little more. The first factor is security actually takes time. It’s not a one or zero or, okay, let’s do this feature or let’s not do this feature. There’s a cost to it. As a PM, what you do is typically you try to figure out how to build a secure product. If building a secure product, let’s say, you can only… ship five features in a product instead of 10 features, then so be it, because that would actually make your product a lot more secure because you’re able to spend more time on security related features.

Paddy Narasimha Murthy: Next is it’s actually an investment. By that, what I mean is it pays in the future. Let me explain that with an example. Many of you might’ve heard two factor authentication. It is basically you put in your password as well as another form… another factor for authenticating yourself. We all know 2FA is important and many online services and companies and so many others online accounts offered 2FA. But how many of you go turn it on, or how many companies even go turn it on. Even though this is a new feature and explain it to the customers as to why this is important, it actually go ahead and build this feature and explain it to the customer as to why this is important, because this is going to prevent them from the ever evolving threat landscape, and pushing this feature out in the next 10 years or so is not really going to benefit our customers. That’s what you may have trade off.

Paddy Narasimha Murthy: Next is, it is ongoing. Let’s say as a PM you decide that your product is reasonably secure, so you put the secure stamp on it, you ship it out into the world, and that’s it, your job is done. No, it’s not. Because security is constantly ongoing and you have to evaluate, is your product continuing to secure the customers? Is there more to it? If I were to extend the 2FA example, what I would be doing for the ongoing aspect of it is to now figure out, maybe I should be offering multi-factor authentication and not just two-factor authentication, because that is how I am going to protect my customers from the ever evolving threat.

Paddy Narasimha Murthy: Moving onto why PM in Palo Alto Networks. Security up and down the stack. Because Palo Alto Networks, we have a wide suite of products that our different speakers alluded to earlier. We have firewalls, so ranging from the physical devices up to the cloud, we have a whole suite of security products. If you were to join as a PM or in any role, you would actually get to work across the stack of products.

Paddy Narasimha Murthy: Product-oriented engineering is another factor. Where we don’t just stack up products because some customer came and told us, “Hey this feature is cool and I would like to see this feature in my product.” That’s not how we go about it. Everything that we build here at Palo Alto Networks starts with a problem statement. PM sits down and write a very cohesive problem statement. We start our process on there, and with that problem statement would be good, we actually sit together with the PM teams and we go over that problem statement and we convince ourselves, is this the right thing to do? Is this the right problem that we would need to solve? Is this the right thing for our customers. We attack the problem from different perspectives to make sure that we’re actually going after a problem that really needs to be solved. That is another factor that I really like.

Paddy Narasimha Murthy: The last one here, everyone here wants to do the right thing. Palo Alto Networks is a pretty large organization. We have several different teams. If you think about it, different teams have their own ways of doing things. We have different priorities, and they have different incentives too. But in a lot of cases when we have to work together, there is going to be conflict. But it’s really easy to work together because everyone in the room really wants to do the right thing. That is the biggest reason why I really enjoy working here. With that, I’m done, so are all the speakers. Really want to thank every one of you for coming here and spending your evening with us. Thank you all, we’ll be hanging out here, so happy to answer any questions you have. Thank you once again.

Pictured: Citlalli Solano (Director of Engineering) at Palo Alto Networks Girl Geek Dinner 2019.


Our mission-aligned Girl Geek X partners are hiring!