Interesting Data Gigs # 21: Get a job inside the CyberSecurity industry and skyrocket your career - Part I

Cloudflare, Mandiant, CrowdStrike, SentinelOne and Palo Alto Networks are 5 great choices, but who will win this battle? Let's find out.

If you are not a subscriber of Interesting Data Gigs, join other 1870+ Data geeks (between LinkedIn and this newsletter) that receive it directly in their inbox each week — it’s free.

SPONSORED BY NOTION 

I'm using Notion to capture all ideas/resources and more great things for some digital products I’m creating. I genuinely love the power of Notion.

So, I partnered with the team to give you a great offer you can't refuse to start this year with an incredible pack of resources.

A group of men inside a big red room full of computers with Matrix-style screens. Created with DALL·E, an AI system by OpenAI

Hello Data geek and welcome to the new incredible 350 folks who subscribed to this newsletter in 2023.

First, I wanted to say Happy New Year 2023.

Unfortunately, this year started with a series of layoffs in many organizations in the tech industry:

I know this is highly complex news but stay with me here because perhaps this could be a unique opportunity for your next career move in 2023.

BTW: a significant positive outcome of this mess is that the Carbon Health team did something remarkable: they asked the tech community to share which companies were hiring in this market, and the response was simply overwhelming.

Bravo Eren Bali and team:

You can read in this link all companies hiring today.

Some names are Mercury, AllaraHealth, Flexpa (one of the companies which have shared great positions on our Job Board), HealthyGamer, AtroposHealth, and more.

So: if you are actively looking for a role, check out this list above.

Now, let’s concentrate on the CyberSecurity industry.

Your next role could be in CyberSecurity

Among some beers and a good piece of Cuban-style roasted pork, I was sharing some memories from the last year with a group of friends, and one of them asked a very interesting question:

I thought for a moment because I knew that one or two of them will actually listen to this and apply my advice, but my answer was a little surprising for some of them:

If I had to start applying for jobs today, I would focus not on a single company but on the top leaders in a particular industry: CyberSecurity.

But before continuing, let me clarify this as well: this industry is not excepted of layoffs as well.

Many security-focused organizations have downsized their workforce as well: to be exact 48 companies and 4093 professionals were part of these layoffs, according to the website layoffs.fyi.

Some of the best-known names were:

(writer of ) was one of the first ones to report the Lacework layoffs:

But let me make this clear as well:

  • Even with all these series of layoffs in the industry, I still believe that there is a significant opportunity to be part of it and skyrocket your career

  • I’m not saying that you shouldn’t apply for these companies that conducted layoffs, you just have to be more careful about it, and try to understand the financial health of each company you will apply for.

Why CyberSecurity? Let me try to expand on that

There are several reasons why I would choose CyberSecurity, but from my perspective, these 2 are the key.

1. Cybercrime operations are growing more than ever and are more sophisticated every time

Unfortunately, cybercriminals don’t rest and the services from companies like Cloudflare, Palo Alto Networks, Crowdstrike, SentinelOne, Mandiant (now part of Google Cloud after being acquired in 2022), and many others are in huge demand for all this.

Just look at this interesting image below from Surfshark:

Cyber attacks global increase by 125%

From here, cyber attacks globally increased by 125% through 2021, and increasing volumes of cyber attacks continued to threaten businesses and individuals in 2022.

Russia’s invasion of Ukraine has had a massive impact on the cyber threat landscape. Since the start of the war, Russian-based phishing attacks against email addresses of European and US-based businesses have increased 8-fold.

Nearly 3.6 million Russian internet users have also experienced breaches in the first quarter of 2022, an 11% increase quarter-on-quarter.

Source: AGG

Ransomware new vector attacks are just increasing and the predictions are not pretty 

It is estimated that the cost of ransomware will be over $42 billion by the end of 2024 and over $265 billion by 2031 [Source: Cybersecurity Ventures]

By 2025, the number of ransomware attacks will increase by 700%., and at least 75% of organizations will be targeted more than once by 2025. [Gartner]

By the end of 2025, 30% of countries will pass legislations to regulate payments, fines, and negotiations regarding ransomware. Less than 1% of states do so as of 2021. [Gartner]

I encourage you to read this interesting article from Yotam Gutnam (Director of Marketing at SentinelOne) team called The True Costs of Ransomware Attacks: 6 Factors to Consider.

And if you have followed some of the recent cyber attacks on well-known companies in 2022, you will understand that this trend only will grow with time.

Some of the most recent ones were:

2. CyberSecurity shortage of professionals is severe

There is a big shortage of Cybersecurity professionals globally.

According to a recent study by the (ISC)², The World’s Leading Cybersecurity Professional Organization shared that the industry needed at least 3.4 Million new cybersecurity professionals to cover the demand:

2022 is a highly formative year for the cybersecurity profession. Shaped and defined by geo-political and macroeconomic turbulence, the obstacles of the modern cybersecurity landscape have galvanized passion and persistence within its workforce - which continues to change and evolve with the world around it.

The global cybersecurity workforce is growing, but so is the gap in professionals needed to carry out its critical mission. 

We estimate the size of the global cybersecurity workforce at 4.7 million people – the highest we’ve ever recorded.

According to our research, however, the cybersecurity field is still critically in need of more professionals. To adequately protect cross-industrial enterprises from increasingly complex modern threats, organizations are trying to fill the worldwide gap of 3.4 million cybersecurity workers.

To fully contextualize the state of cybersecurity in 2022, we’ll analyze the field through multiple lenses.

When others see problems, we have to see this through other lenses: there is a big opportunity here to enter this industry and see your career skyrocket if you apply the right strategy.

These two big things could be your “door of entrance” to the industry.

Cloudflare, Mandiant, CrowdStrike, SentinelOne, and Palo Alto Networks are leaders in the industry, but which one to choose from them? Let’s get deeper here

Layoffs are not going to go away for a long time.

So: my advice to you is to analyze deeply your next opportunity, not only the potential growth of your future role but the financial health of the company you want to work for.

The questions were:

  1. Is the company profitable? Only 1 of them is profitable

  2. Is the company inserted in a growing or lagging industry? Growing Industry

  3. Has the company you are applying for made a layoff? None of them, but nobody is safe these days. Plan accordingly

  4. Has the role you are applying for an actual growth trajectory in this company? Let’s chat about how Data plays a key role in these organizations

  5. Which strategies/initiatives are the company taking to retain its employees? Idem

1. Profits, profits, profits

Let’s try to answer these questions here for Cloudflare, CrowdStrike, SentinelOne, and Palo Alto Networks using this table to see the financial health of these companies:

Sources for this table:

Of course: this table doesn’t count the whole story about these companies:

  • Cloudflare has an incredible asset on its global network with more than 275 cities, 95% of the population within ~50ms, 11,000 interconnects, 172 Tbps capacity, and its strategic China Network

  • CrowdStrike and SentinelOne are skyrocketing sales here, especially the second one. And don’t forget the big milestone from CrowdStrike of $2 Billion in ARR

  • Palo Alto Networks’ key strategy relies on a keyword: CONSOLIDATION. 

Nikesh Arora (Chairman and CEO of Palo Alto Networks) shared this in the last earnings call on November 17th, 2022:

At the center of our strategy is a need to drive more consolidation to get customers to a better security posture.

Towards that end, we continue to see large cross-platform buys and grew our millionaire customers at a steady clip.

Our customers have been on a journey with us.

Initial deals that give them comfort with our products and help us distinguish our abilities from our competition over time lead to customers seeing an opportunity to consolidate into one of our platforms.

As they get comfortable with either Strata, Prisma, or Cortex, we see them looking at further consolidation across multiple platforms from us. 

This strategy has allowed us to continue to transition our deal sizes with satisfied customers, and we expect this to continue.

In a recent conversation between Lisa Martin (Anchor and Tech TV and industry analyst theCUBE), David Vellante (Co-founder & CEO & CO-host of theCUBE), and Zeus Kerravala (Founder and Principal Analyst at ZK Research); they shared the same sentiment about consolidation:

Well it's not easy. I mean, people have been calling for the consolidation of security for decades, and they're the first company that's actually made it happen. Right? And I think this is, what we're seeing here is the culmination of this long-term strategy.

This company trying to build more of a platform. And they, you know, they came out as a firewall vendor. And I think it's safe to say they're more than firewalls today.

That's only about two-thirds of their revenue now. So down from 80% a few years ago.

And when I think of what Palo Alto has become, they're really a data company. 

Now, if you look at, you know, unit 42 in Cortex, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have. Right?

And bringing that together into one big data lake. And then they're able to use that too, to do faster threat notification, forensics, things like that and so I think the old model of security of creating signatures for known threats, it's safe to say it never really worked and it wasn't ever going to work.

You had too many day-zero exploits and things. The only way to fight security today is with an AI and ML-based analytics and they have, they're the gold standard.

You can enjoy the entire conversation below:

Now, in the case of Mandiant, we have to make an exception here because now it’s part of Google Cloud.

If we analyze the Google Cloud business itself is not profitable yet, reporting a net loss of $699 Million in the Alphabet Q3 2022 Results, but if you analyze the whole conglomerate, it generated $13,910 Million in Net Income and it reported Total cash, cash equivalents, and marketable securities of $116 Billion. Basically a cash cow.

Again: you have to be careful as well after the news from Alphabet:

I will write a second part of this series to focus only to analyze a role inside Mandiant.

Make sure to subscribe to stay tuned:

Quick note:

Apple is the only company from MAANG that has not done any layoffs yet, according to a recent article from CNBC:

Apple grew much more slowly during the pandemic. In fact, Apple’s hiring over the past few years has followed the same general trend since 2016.

As of September 2022, Apple had 164,000 employees, which includes both corporate employees as well as retail staff for its stores. But that was only a rise of 6.5% from the same period in 2021, amounting to real growth of 10,000 employees. Apple also hired judiciously in 2020, adding less than 7,000 employees in the year before September 2021.

4. Data is the central backbone of these companies

If you choose to apply for a Data-focused role, you will be in a very good position.

If you analyze all the core businesses behind these companies, everything is related to Data in one way or another.

So: if you are going to apply for a Data Engineering or a Data Analytics role, be prepared to be challenged here.

5. Employee retention???

The biggest asset that all these companies have is their people, especially after seeing the big shortage of well-prepared professionals in the CyberSecurity industry.

So, they are pushing a lot of initiatives to retain those incredible employees.

Palo Alto Networks

For example, Palo Alto Networks announced a new initiative called FLEXWORK in May 2020, a unique employee-centric program to bring more benefits and perks personalized for each employee.

These initiatives have allowed Palo Alto Networks to earn incredible recognition from their employees and the industry in general:

They are investing a lot of resources in their employees. So, I see this as a big positive thing for the company.

Another incredible initiative from Palo Alto Networks is the CyberSecurity Academy, where employees can upgrade their CyberSecurity skills as well. This is one of my favorite things about the company.

CrowdStrike

Now, in the case of CrowdStrike:

SentinelOne

SentinelOne has won several awards as well:

Cloudflare

In the case of Cloudflare, they are doing amazing stuff and strategies for employee retention and happiness.

If you analyze deeply Cloudflare’s culture, you will see that they care about a diverse workforce, not only about races, religions, skin color, and more but a diverse pack of knowledge as well.

According to Matthew Prince (CEO and co-founder of the company), you can see a person with a Ph.D. working side by side with a person who didn’t finish high school. Why?

Because the most important qualities for a Cloudflare employee are: Curiosity and Empathy

Actually, I encourage you to read the entire discussion he wrote on Twitter about why hiring well is the most important thing for Cloudflare, and how he chats with 25% of the candidates:

This number proves that they truly care about this.

And when I see people who left Cloudflare and have returned again to Cloudflare again some years later, this is a strong sign that they love the culture of innovation and empathy inside $NET.

In order to understand why they were in the Top 100 of the Most Loved Workplaces in 2022, they conducted several surveys to actually understand their employees better, and the answers are simply amazing.

One of my favorite ones is this one:

This says a lot about the management team of Cloudflare. They truly listen to their employees from the bottom to the top, and these days, that matters.

The big winner here? All of them

Why all of them?

Because these companies truly care about their employees, they are located in a very interesting industry with momentum today and according to Levels.fyi and Comparably: they pay very well:

  • The average estimated annual salary, including base and bonus, at Cloudflare, is $138,324, or $66 per hour, while the estimated median salary is $141,266, or $67 per hour

  • The average estimated annual salary, including base and bonus, at Palo Alto Networks is $147,968, or $71 per hour, while the estimated median salary is $154,819, or $74 per hour.

  • The average estimated annual salary, including base and bonus, at SentinelOne is $141,237, or $67 per hour, while the estimated median salary is $139,978, or $67 per hour

  • And the average estimated annual salary, including base and bonus, at CrowdStrike is $113,357, or $54 per hour, while the estimated median salary is $107,367, or $51 per hour.

And we analyze the average total compensation using Glassdoor’s data, which tells a very similar story.

And about the innovation department: all these companies are doing a remarkable job, with many of them building cutting-edge products for their very diverse group of customers.

So, selecting one of them to build a career is very challenging because they are truly amazing.

But I know you are waiting for my pick here and I will do it:

  1. Palo Alto Networks in the first place

  2. CrowdStrike in the second place

  3. Cloudflare in the third place

  4. Mandiant in the fourth place

  5. SentinelOne in the 5th place

Why Palo Alto Networks?

Again: this is my personal choice and it’s a matter of a combination of:

  • The good financial health of the company (it’s the only profitable company of this group)

  • I love their strategy to consolidate all Security solutions under one umbrella

  • They have an amazing culture in place as well

  • I have a deep respect for Nikesh Arora and I love how he has managed the company since he took the CEO job

When you read the earnings call of Q1 2023, you see that they care a lot about profitability and the consolidation of the market, and I love that:

Thank you, Clay. Good afternoon and thank you, everyone, for joining us for our earnings call.

As you can see, we had a solid first quarter where we showed balanced top-line growth and a demonstrable focus on profitability.

Early in the quarter, we saw some customer behavior changes and have adapted our operations to align with the changing market conditions.

On the top line, billings grew 27% year-over-year, while RPO grew 38%.

We have consistently maintained that cybersecurity is the most innovative sector of the technology industry.

Demonstrating progress on our transformation, we have shared how our new cloud-delivered and cloud-enabled offerings are contributing to our business via our NGS ARR. In that context, this quarter our NGS ARR hit a key milestone. It crossed the $2 billion mark and grew 67% year-over-year.

As the macroeconomic environment changes, we are accelerating our efforts to drive incremental operating leverage in our business.

Given that we're the largest independent cybersecurity business, we can meaningfully improve our margins over the next phase of our company's life cycle.

Our focus on profitability in the quarter drove operating income growth of 44% year-over-year with operating margins up 260 basis points during the same period.

We also generated over $1 billion in free cash flow in the quarter. For the second quarter in a row, we generated net income on a GAAP basis as we focus on GAAP profitability for the fiscal year.

At the center of our strategy is a need to drive more consolidation to get customers to a better security posture.

Towards that end, we continue to see large cross-platform buys and grew our millionaire customers at a steady clip.

Our customers have been on a journey with us. Initial deals that give them comfort with our products and help us distinguish our abilities from our competition over time lead to customers seeing an opportunity to consolidate into one of our platforms.

As they get comfortable with either Strata, Prisma, or Cortex, we see them looking at further consolidation across multiple platforms from us.

This strategy has allowed us to continue to transition our deal sizes with satisfied customers, and we expect this to continue. Consistent with that approach, we've had some marquee deals this quarter.

A US Federal Government agency chose our Cortex technology.

This transaction allows the total spend to grow into nine figures with additional years and customer options.

This selection highlights the unique capabilities and market leadership of our Xpanse technology, which was at the center of this transaction.

We received a purchase order for the first three years of the deal for over $60 million in Q1.

A large US utility signed a seven-figure deal for software firewalls, security subscription and Prisma Cloud. The customer has hundreds of appliance-based firewalls and chose our software firewalls because of our consistent architecture, and chose Prisma Cloud as standardized security across four public clouds.

A major European media company signed an eight-figure multiproduct deal replacing several incumbent network security vendors and consolidating on Palo Alto Networks, including our full line of cloud-delivered security subscriptions.

We closed a seven-figure deal with a US technology company spanning all three platforms. The customer did not have our physical firewalls in their environment but valued our consistency of software firewall deployment across on-premises and cloud, our unique Xpanse offering and the total cost of ownership benefits of consolidating on our platforms.

You can see evidence of our broader success with large customer commitments in our active millionaire customer count where we added over 230 year-over-year in the first quarter. We continue to innovate across our platforms and get recognized by the market for our abilities. This quarter saw us launch software composition analysis in Prisma Cloud, SaaS Security Posture Management in SASE, and just this week across our next generation firewalls.

Lastly, we announced general availability of XSIAM in Cortex. External recognition of our innovation is important to us as many customers rely on this third-party validation as a part of their evaluation process.

This quarter, we received leadership recognition in two new categories, adding Cloud Security Posture Management, or CSPM, and Cloud-Native Application Protection platform, or CNAP, to our list.

Palo Alto Networks’s M&A strategy

Another thing I love about Palo Alto Networks is its M&A strategy: picking leaders in their respective Security fields and integrating them in a very seamless way into Palo Alto Network’s offerings.

A good example of this strategy is the acquisition of Cider Security, an Application Security leader which helps its software supply chain from code to cloud, which it’s now integrated with Prisma Cloud.

Nikesh Arora shared this about this particular acquisition:

Cider Security’s capabilities will help Palo Alto Networks to consolidate even more its Security offering, by giving existing customers the ability to protect their code and infrastructure using a shift left security strategy.

I firmly believe that more and more companies will use this, so this could be the tip of the spear to win new accounts.

Why? The President’s Executive Order 14028 is a very strong reason to believe that, especially Section 4 of it:

Enhancing Software Supply Chain Security.

(a) The security of software used by the Federal Government is vital to the Federal Government's ability to perform its critical functions.

The development of commercial software often lacks transparency, sufficient focus on the ability of the software to resist attack, and adequate controls to prevent tampering by malicious actors.

There is a pressing need to implement more rigorous and predictable mechanisms for ensuring that products function securely, and as intended.

The security and integrity of “critical software”—software that performs functions critical to trust (such as affording or requiring elevated system privileges or direct access to networking and computing resources)—is a particular concern. Accordingly, the Federal Government must take action to rapidly improve the security and integrity of the software supply chain, with a priority on addressing critical software.

Palo Alto Network is ready to tackle those challenges because they are already working with federal agencies and with Prisma Cloud + Cider Security tools, they are investing in the right technologies and capabilities at the right time.

So, it’s time to see some ideas on how to get a role at Palo Alto Networks.

Let’s discuss a straightforward idea on how to approach this job application (THE REAL MEAT)

Idea 1. In order to be part of the industry, you have to keep yourself updated and fresh about the last cybercrime trends, attacks, breaches, and more

There are so many ways to do this, but my favorite resources to monitor the last cybersecurity news are:

And of course, many security research blogs from some of these companies are excellent as well.

Some of my favorite ones are:

Idea # 2: Try to apply the Shift Left Security strategy in your own organization and take some notes

Perhaps this could be your “door of entrance” for Palo Alto Networks. Chat with your colleagues and co-workers about this strategy to develop software today in your own organization with the tools you already have in place.

For example, you could use GitHub Secrets Scanning to accomplish this using this interesting post from the TELUS team, or perhaps you can start with these two series of posts from Alok Shukla from the ShiftLeft here:

With these guides, you could start implementing a Shift Left Security approach inside your team, test it and then present it to your organization or division.

By doing just that you could have a more practical way to enter Palo Alto Networks, and an even better story to tell.

Just analyze this: what is better here?

I’m Marcos Ortiz, a Data Engineer doing this and that at my company

or

I’m Marcos Ortiz, and I’m the one who encouraged my organization to take a Shift Left Security approach for our software development practices, and the results we obtained from this approach were:

Stats related to security bugs hunting or security holes decrease

Stats 2

etc

It’s a matter of perspective and experience.

Even if this was a Proof of Concept in your organization, it’s amazing to bring this story to your resume.

Time to get that role at Palo Alto Networks my friend.

Here are some of the most interesting roles I saw today (January 23rd, 2022):

One More Thing…

One last thing to note here: It seems Palo Alto Networks is using Google Cloud Platform for everything related to Data.

So: it’s a good idea to review some GCP based solutions for Security Analytics, especially if these ones involve services like Dataflow and BigQuery.

I let you with some of my favorite resources about these services:

Good luck with your application.

Other jobs in the Interesting Data Gigs Jobs Network

Just remember that you can be part of our Talent Collective here, and put your profile in front of dozens of companies actively hiring here.

And for companies out there actively hiring, we have 19 active candidates ready for interviews.

Interesting resources of the week

Final words

If you’re finding this newsletter valuable, consider sharing it with friends, or subscribing if you haven’t already.

Thanks for reading Interesting Data Gigs Weekly! Subscribe for free to receive new posts and support my work.

Thanks a lot for reading and I would love to hear your feedback about it in the Chat created for this post.

 

Join the conversation

or to participate.