Threat Vector by Palo Alto Networks

Security that slows people down is security that gets bypassed.

Birat Niraula leads security for Google Enterprise Network, where he oversees protection across on-premise, network infrastructure, enterprise, and cloud environments. In this episode of Threat Vector, host David Moulton explores a critical truth that most security leaders miss: the difference between friction that protects and friction that creates risk.

You'll learn:

- Why bad security UX isn't just annoying—it's a vulnerability that creates backdoors

- How to identify friction that protects (like MFA and jump hosts) versus friction that makes teams bypass controls

- Why DevOps teams inject backdoors into production when security slows them down too much

- How AI is becoming the new cloud rush—teams deploying models without understanding security risks

- The Chrome browser principle: best security is seamless security that users don't have to think about

- Why embedding security teams in design processes beats the "sledgehammer approach" of blanket policies

- How to use AI agents as security sidekicks to scale beyond what your team can manually review

Birat shares hard-won lessons from securing enterprises at massive scale—from building 24/7 SOCs to leading multi-cloud architecture at Goldman Sachs to now protecting Google's infrastructure. But this conversation isn't about his resume. It's about the fundamental tradeoffs security leaders face: velocity versus protection, automation versus human judgment, and when to embrace friction versus when friction becomes the enemy.

This episode is essential listening if you're: leading enterprise security programs, struggling with teams that route around your controls, managing DevOps or cloud security, implementing security that doesn't block business velocity, or trying to understand where AI security is heading.

Related Episodes:

- Securing the Modern Workforce

- Why Security Platformization Is the Future of Cyber Resilience

- Shifting Security Left

#Cloud #SecurityUX #DevSecOps

What separates organizations that truly excel at cybersecurity from those that just spend money on it?

In this episode of Threat Vector, host David Moulton sits down with Isaias Telhado, Senior Cybersecurity Customer Success Engineer at Palo Alto Networks, to explore what cybersecurity success actually looks like. With over 25 years in IT and security leadership across Nestlé, Zscaler, and now Palo Alto Networks, Isaiah has seen firsthand what transforms organizations from vulnerable and reactive to confident and resilient.

You'll learn:

- Why the "castle and moat" security model creates massive blind spots that leave you vulnerable from the inside

- The museum analogy that finally makes Zero Trust architecture click

- How AI is shifting security teams from reactive firefighting to strategic threat forecasting

- What "crypto agility" means and why quantum readiness matters today, not tomorrow

- The cultural shifts that separate mature security programs from expensive tool collections

Isaias shares a powerful case study of a major financial institution that transformed from a devastating data breach caused by misconfiguration to a proactive, cloud-native security posture. The outcome? Incidents dropped dramatically, and the security team's confidence soared—proving security can be a business driver, not a blocker.

Beyond technology, Isaiah reveals why collaboration across IT, legal, operations, and business leadership is essential—and why the best security awareness programs are bidirectional, not just pushing policies onto users. With insights on breaking down silos, measuring what matters, and avoiding common pitfalls that slow security maturity even in well-funded organizations, this conversation delivers practical wisdom for security leaders at any stage of their journey.

This episode is essential listening if you're: implementing Zero Trust architecture, managing cloud migration while maintaining security, breaking down organizational silos between security and business units, struggling to prove ROI on security investments, or preparing your organization for AI-powered threats and quantum computing risks.

Related Episodes:

- Why Security Platformization Is the Future of Cyber Resilience

- Securing the Modern Workforce

- Unlocking Cybersecurity ROI with Platformization

#ZeroTrust #CloudSecurity

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.

Can you trust your AI systems with your business, or are they just another attack surface waiting to be exploited?

Aaron Isaksen leads AI Research and Engineering at Palo Alto Networks, where he advances state-of-the-art AI in cybersecurity. In this episode of Threat Vector, host ⁠David Moulton⁠ sits down with ⁠Dr. Aaron Isaksen⁠ to explore why engineering excellence must precede ethical AI debates, how adversarial AI is reshaping cybersecurity, and what it actually takes to build AI systems resilient enough to operate in hostile environments.

You'll learn:

Why well-engineered AI must be the prerequisite before discussing AI ethics

How prompt injection attacks are becoming the "SQL injection of the AI era," and why they may never be fully solved

What defending the Black Hat USA NOC with AI-powered security taught about real-world AI resilience

How machine learning transforms attack surface management from manual inventory chaos to automated risk reduction

Why game development experience creates better cybersecurity AI researchers (and what curiosity has to do with it)

Before Palo Alto Networks, Aaron spent 15+ years building products across wildly different domains. From co-founding mobile gaming companies and funding independent game developers through Indie Fund, to leading ML engineering at ASAPP where his teams prototyped state-of-the-art neural networks for NLP. With a PhD from NYU (automated software design), a Master's from MIT (light field rendering), and a BS from UC Berkeley, Aaron brings a unique perspective: AI security isn't about philosophical debates. It's about rigorous engineering, continuous red teaming, and building systems that can withstand determined adversaries.

This episode is essential listening if you're: deploying AI in production systems, building security programs around generative AI tools, leading attack surface management initiatives, trying to separate AI security theater from actual resilience, or wondering whether your AI agents can operate safely on the open web. #AI

Related Episodes:

Identity: The Kill Switch for AI Agents

Securing AI in the Enterprise

Inside AI Runtime Defense

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.

Can AI agents be trusted when 80% of today's breaches start with compromised identities?

Carey Frey, Chief Security Officer at TELUS, joins Threat Vector host David Moulton to tackle the most overlooked security challenge in the AI revolution: identity. With 20+ years protecting everything from Canada's Communication Security Establishment to one of North America's largest telecommunications companies, Carey brings hard-won wisdom about why identity isn't just important—it's the foundation that determines whether agentic AI becomes a force multiplier or an attack surface disaster.

You'll learn:


Why 95% of organizations haven't thought about AI agent identity (and what happens when they deploy anyway)


The single data layer CISOs need to build before AI agents can operate safely at scale


How threat actors have already abandoned malware for something far simpler—and why AI makes it exponentially worse


What "delegated authority" means for AI agents and why Gmail's EA permissions model points the way forward


The maturity model that tells you if your identity foundation will crumble under agentic AI

Carey leads security programs protecting TELUS's global assets while delivering managed cybersecurity services to 450+ customers across Canada. As a member of the Security Innovation Network (SINet), he co-authored practitioner guidance defining what "AI-native identity fabric" actually means—and why solving identity before deploying agents isn't optional. His insights bridge 20 years of government intelligence work with real-world enterprise security at telecommunications scale.

Read Carey's work on identity and AI:


The AI Revolution: Identity Will Unleash Its Full Power


SINet Identity Working Group Strategic Guide

This episode is essential listening if you're: evaluating AI agent platforms, struggling with fragmented IAM systems across cloud and on-prem, implementing Zero Trust for non-human identities, or trying to understand why identity suddenly became the CISO's #1 priority after being the "third rail" for decades.

Related Episodes:


Transform Your SOC And Get Ahead Of The Threats


Securing AI in the Enterprise


How to Scale Responsible AI in the Enterprise

Join the conversation on our social media channels:


Website:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Threat Research:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Facebook:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


LinkedIn:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


YouTube:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@paloaltonetworks⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Twitter:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.

What does it take to lead the world's largest cybersecurity company through the AI revolution—without breaking things?

Nikesh Arora, Chairman and CEO of Palo Alto Networks, doesn't sugarcoat it: security always becomes an afterthought during innovation cycles. In this special 100th episode of Threat Vector, Nikesh sits down with host David Moulton to share how he transformed Palo Alto Networks from a $2.7B firewall company into the world's largest cybersecurity platform—and why the AI inflection point requires a completely different playbook.

You'll learn:

Why security inevitably lags innovation (and the psychology behind "Jerry-rigging production")

The three-part strategic framework that separates winners from losers during inflection points

How "deep laziness" drives first-principles thinking and better decision-making

Why enterprises will need 3-5x more data consumption to properly train AI

How Palo Alto Networks reduced mean time to detect from 4 days to 1 minute through architectural reinvention

What 11 pages of written business principles look like in practice

Before Palo Alto Networks, Nikesh served as President and COO at SoftBank and spent nearly a decade at Google as Chief Business Officer. He's seen consumer tech explosions, enterprise transformations, and now leads cybersecurity's response to AI—giving him a rare vantage point on how companies actually navigate technological shifts.

The conversation ranges from rapid-fire questions about cricket and family time to deep strategic thinking about looking around corners, normalizing pressure, and the radical bets required to transform a company. Nikesh shares how intent matters more than perfection, why automation will eventually require AI to execute on our behalf, and what he wants his legacy to be.

This episode is essential listening if you're: navigating AI adoption without clear playbooks, leading teams through uncertainty, trying to balance innovation velocity with security discipline, or building long-term strategy when the ground keeps shifting beneath you.

Related Episodes:


Why Security Platformization Is the Future of Cyber Resilience 


Securing the AI Frontier 

Transform Your SOC and Get Ahead of the Threats 

#Leadership #AI

Join the conversation on our social media channels:


Website:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Threat Research:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Facebook:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


LinkedIn:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


YouTube:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@paloaltonetworks⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠


Twitter:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.