When we launched PAN-OS 8.0 on February 7 (watch replay), it was more than just the largest release in Palo Alto Networks history. It solidified our channel strategy to think beyond the point – beyond point products and beyond the initial customer pain point.
Success as a channel partner in the security market has evolved and is now about being a next-generation security innovator, an expert at enhancing an integrated and automated security platform that empowers innovation and delivers business gains.
This announcement underscores the market-changing differentiation of our Next-Generation Security Platform and inspires us to continue to evolve how we engage with and enable you, our partners, to think beyond the point and become next-generation security innovators.
In the simplest of terms, PAN-OS 8.0 delivers better performance, protection and prevention. With more than 70 advancements that significantly enhance our Next-Generation Security Platform, together we can deliver a new level of security performance from the endpoint, across the network and to the cloud.
This unprecedented level of innovation represents a massive opportunity and one we have been preparing you for months to capitalize on. Partners who embraced becoming next-generation security innovators early have the coveted first-mover advantage because they have already invested in:
Selling the Next-Generation Security Platform.
Being more self-sufficient in leading customer engagements.
Learning how to complement the platform by adding their own professional services.
Offering alternative purchasing options, such as a pay-as-you-grow managed services or pay-per-use cloud services.
We are far from done. We are redefining the security market, making the once impossible, possible. But, we can’t do it alone. We need you to join us on the journey to become next-generation security innovators.
There has never been a better time to be a Palo Alto Networks partner.
If you haven’t already, check out some of our new channel resources, including:
Step-by-step guide, helping our partner SEs take the training that will best enable their companies to evolve and become next-generation security innovators.
Senior IT Auditor, Fortune 500 global manufacturing organization:“I joined a Big 4 firm advisory practice out of college, did two years, and then moved over to IT Internal Audit a year ago. Information security is my next goal. When I look at information security job postings, they all seem more technical than my current skill set, which is heavily ITGC focused. What should I do to build skills that will be marketable to information security?”
IT Audit Director, large financial services company:“Can you please help us find a technical Senior IT Auditor with 3-5 years of experience who has application auditing skills at the level where they can do code review? Some programming skills would be very helpful. We also need mainframe, cyber security, cloud, IoT, and data analytics experience – from an audit project perspective. We need actual experience with IT operational audits – not just ITGC / SOX experience.”
CISO, global eCommerce company:“I’ve met a number of auditors lately (from audits that have hit us), that can’t understand why something is NOT a high risk. They are just following a check list and it is really frustrating. Maybe that is something you call “mind-set”? These auditors just want to go through the motions, without really understanding either technology and/or the risk it really represents.”
These comments are real. More importantly, they are BIG signals that point to the critical career directions for IT audit professionals in 2017:
Deeper technical skills;
More knowledge of the business, especially IT;
The move away from checklist thinking to a better understanding of risk.
IT audit functions are quickly becoming more focused on technical audits. There is a huge drive for value-added that can be gained from operational IT audits and advisory projects performed by IT internal auditors. Concurrently, information security, IT risk, and data analytics continue to grow, presenting more job opportunities for IT auditors—if they are adequately technical, and develop the thought process needed to join info sec and IT risk teams.
The CISO quoted above provided additional insight into the perspective that career-mobile IT audit professionals need to cultivate: “The advent of cloud computing and the concept of DevOps is challenging the controls that traditional IT auditors have grown comfortable with. For example, cloud represents a way to do infrastructure in a quick and non-structural way (think creating an entire data center by coding/scripting it), while DevOps breaks the segregation of duty model, which makes auditors uncomfortable. But what the auditor does not see is that DevOps is a way that we have developed to ensure we still have ‘control’ in an agile development cycle.”
Beyond mindset and a change in perspective, the problem for hiring managers and practitioners is that the on-the-job experience that many IT auditors have received is in the ITGC space. In the end, both sides of the equation depend on professionals gaining more technical skills.
For the IT auditors, staff through light manager, the task to immediately jump on is a skills gap assessment. What hot skills do you need to acquire to become more marketable internally and externally? If you are in IT internal audit, the annual plan is your guide. For a broader perspective, review professional journals and job descriptions; both will provide clues.
Next, create your road map to your next role. Are you looking to deepen your skills for a step-up promotion within your team, or are you looking to take your skills to an information security or IT risk team? Plot the timeline for skill attainment, which will come from a combination of hands-on work, internal/external training, post-grad coursework, or certification.
Todd Miller, who has led IT audit functions at two global Fortune 500 companies, suggests a 70-20-10 model: 70% on-the-job training; 20% mentoring; 10% formal classroom work.
Let’s start with on-the-job-training through project work.
Determine a technical area that interests you and is feasible within the scope of projects done within your department. Let’s say you want to become more fluent with networks and network security. Explain your plan to your manager and lobby to participate on the upcoming network audit.
Do your homework for the project so you can ramp up quickly and are able to build good rapport with the network team. Once you’ve done a project, and your skills and knowledge deepen, you might see if you can do a stint as a guest resource on a project for the network security team.
Ed Dudek, an IT audit manager at a Fortune 100 company who gained expertise in SAP by moving out of audit into an SAP team before moving back to audit, stresses the need for mentoring. To this end, you’ll want to foster dialogue with the network team members who you have now met on that technical audit you just completed. Get to know team members over lunch or coffee. Ask interesting questions and share what you have been reading, learning. Your goal is to demonstrate intelligence, intellectual curiosity and readiness to learn.
Through this interaction, you’ll be able to identify people on the team who are knowledgeable and might be good mentors. By the same token, various team members will get to know you, and may be receptive to being mentors. Mentoring relationships are developed step-by-step. It takes time.
The goal with mentoring is also to eventually build such trust and mutual respect that the mentor becomes a sponsor. A sponsor will talk up your skills and interest. Through mentors and sponsors, you have the chance to be tapped for an internal opening when it comes along.
At some point in the process, you will need to add coursework, training, or certification to the mix – the final 10% of the 70-20-10 plan. If your employer will pay for training, communicate your plan to your manager and get buy-in. If your company will not pay for the training you want, determine a cost-effective way to get it on your own. It is your career in the end, and investing in your skills is one of the smartest things you can do to create long-term career sustainability.
To cement the concept that a focused action plan for technical skill development really works, here’s the story shared by the head of IT audit and data analytics for a global airline. He explained that he had developed a passion for data analytics when he was a senior IT auditor at a company running SAP. He joined the local ACL users group, studied on his own, and got a data analytics certification. He was then recruited by another company that wanted to build out a new data analytics function within audit.
Once on board, he took post-grad courses in data analytics at a local university to gain additional skills in Structured Query Language (SQL) and Statistical Analysis System (SAS). The build-out of the data analytics program at his company was successful, and this was the stepping stone to a data analytics management role with a Big 4 firm. From there, he was recruited to lead the IT audit function by his current employer.
As a recruiter and career coach, I see similar career planning and skill attainment in the candidates who land the best jobs. Your career is your opportunity to direct a mission-critical project and bring it to fruition.
Technical skill development is the best thing you can do for your career this year and for the foreseeable future. No time like the present: Develop your 70-20-10 plan, and start executing!
Candor McGaw, President and Chief Recruiting Officer, Candor McGaw Inc.
The PC has long been the default choice for business computers, but perhaps not for much longer. The growth of Macs in the enterprise has been exponential in recent years, as illustrated by the infographic below.
For context on why Macs are growing in popularity in the workplace, look at some of the big-name companies embracing the platform. Once a sworn enemy of Macintosh, IBM has become a high-profile proponent of Macs for its own workforce. Cisco allows its employees to choose between iOS and Windows devices, and now has 35,000 Macs in use. At SAP, the company believes that “offering Mac is key for any modern enterprise.”
Mac usage lowers IT costs Simpler IT support for Macs and a high level of user self-service drive the bulk of this cost savings. IBM reports that just 3.5 percent of its Mac users currently call the help desk, compared to 25 percent of its PC users. Media company Buzzfeed maintains only a small IT staff for its thousands of employees–only 30-35 employees use Windows machines, while the rest operate on Macs.
User preference—not business value—still drives most Mac adoption IT cost savings aren’t the only thing driving Mac adoption among big names in business tech. Security and productivity are also driving Mac adoption. Deloitte says iOS is “the most secure platform for business” and states that “Apple’s products are essential to the modern workforce.” Cisco stated it believes Apple devices accelerate productivity. Basic user satisfaction is another important factor. IBM reports a 91 percent satisfaction rate among Mac users and says its pro-Mac policies help the company attract and retain top talent.
While IBM and others put total cost of ownership, security and productivity as top reasons for Mac adoption, a survey conducted by Code42 shows user preference continues to be the main reason that enterprises are embracing Macs today.
Top reasons for Mac adoption
1. Happier end users (37%)
2. Fewer help desk tickets (14%)
3. Better OS security (12%)
Top IT challenges are Macs’ top strengths Macs also offer advantages in areas that are typically sources of major challenges for IT. According to our survey, the most time-consuming tasks for IT are tech refresh and help desk tickets, followed by malware and ransomware. These are actually areas where Macs excel. Macs traditionally enable a much higher level of self-service, and Code42 enables user-driven tech refresh for Mac users (and PC users, too). This level of self-service produces the kind of IT cost savings IBM has seen with its dramatically reduced help desk tickets.
