Dana Barnes, senior vice president of Palo Alto Networks’ Public Sector and 2021 Wash100 Award winner, recently spoke with ExecutiveBiz for the publication’s latest Executive Spotlight interview.
During the interview, Dana Barnes discussed the challenges of creating a productive culture, the impact that artificial intelligence and other emerging technologies are having on the federal workforce and training, necessary changes to our national security efforts and the latest news regarding zero-trust and cloud capabilities in the company’s IT modernization efforts.
“The workforce today is absolutely overwhelmed by data. Even our most skilled operators are challenged with the amount of data they must process. We have more data today than we ever had, but determining what is critical and what is noise is increasingly more difficult. The question is how do you keep pace with technological advancements and still focus on executing the mission?”
You can read the full Executive Spotlight with Dana Barnes below.
About Creating Company Culture/Workforce
ExecutiveBiz: As the company’s Public Sector SVP, how do you focus on creating a productive culture and environment that drives success in an extremely competitive market?
Dana Barnes: “I think whenever you take over an organization, the first thing you want to do is build a culture that is diverse and inclusive. Diversity is usually tied to gender and race. However, I also focus on attracting people with diverse backgrounds and experiences who have new ideas and different perspectives. The U.S. Public Sector is a diverse market that mirrors the makeup of our country. Our teams should reflect that diversity.
The objective is to have everyone feel included in our organization. I’ve been very lucky with Palo Alto Networks. I have enjoyed my transition to the company. We continue to bring in talent from different industries and it’s making a difference.
The other thing to do when you’re competing in this market is to focus on the education and development of your team. It’s absolutely critical to focus on development. Continuing education helps teams maintain a growth mindset, which is critical to continued success in the public sector.
In order to build a competitive organization in the public sector, advancement opportunities are another key component. Talented people want to go where they’re going to have an opportunity to develop and advance. Therefore, you have to build professional development programs in order to attract top talent.”
About Federal Workforce Training
ExecutiveBiz: With advanced capabilities becoming more complex and best practices becoming necessary to learn to be successful in the sector, what improvements need to be made in how we train the federal workforce to keep up with innovation in major tech such as data, AI and more?
Dana Barnes: “The federal government is highly trained. I think this can be overlooked at times because the government can move slowly and is a bureaucracy, but our civil servants are extremely good at what they do. The key thing to understand is that the workforce is well trained, but the size and scope of the government creates major challenges.
I think about my aunt who retired from the Department of Agriculture after 25 years. If she had access to the level of technology that we have today and what’s coming in the next 25 years, she would have made an even greater impact. She had a great career and was trained at the highest level, but many of the challenges she faced in government still exist today.
As the federal government continues its digital transformation journey, it is building consistent programs for training and development that will require agility and public-private partnerships as we go forward. The public-private partnerships are important because the challenge will be the pace of technological change.
With the government’s traditional methods of training, it’s harder to keep up with the pace of change today. You have to focus on the top priorities, the areas that are critical for the government to operate. You need to leverage new technology quickly and focus on the critical needs related to the mission.
For example, the workforce today is absolutely overwhelmed by data. Even our most skilled operators are challenged with the amount of data they must process. We have more data today than we ever had, but determining what is critical and what is noise is increasingly more difficult.
The question is how do you keep pace with technological advancements and still focus on executing the mission? The government must adapt not only its training programs but also its procurement system to adopt technology faster. As an industry, we need to let machines do things they are better suited for and realign skilled resources to focus on complex decision-making. Attackers are operating at machine speed, we need to do the same.”
About National Security Changes
ExecutiveBiz: You had a perfect metaphor about how the curved blades of a hockey stick changed the game. What do you see as some of the most significant and necessary changes that we need to make to our national security efforts to maintain our intelligence advantage and protect the nation against the latest cybersecurity threats?
Dana Barnes: “First, there’s been a heavy focus on acquisition systems to help ensure there’s no corruption in the system and tax dollars are being utilized correctly. The issue is that when the acquisition system was built, it was designed for large weapon systems, which worked very well in the 1960’s and 70’s, even into the 80’s.
Today, the pace of technological innovation is so fast that the acquisition system can’t keep up. Sometimes acquisitions can take two or three years before they are completed. By the time everything is completed, particularly in the cybersecurity world, the tech that was acquired may be obsolete or out-of-date.
We need to find new approaches to acquisitions that are faster while still ensuring fiscal responsibility. I know this is something that multiple administrations have been working on and we have made some strides, but we must continue to focus on this.
I believe another area is the certification space. The government has done a great job determining what certifications are required to ensure technology actually works and doesn’t create cyber vulnerabilities in our systems. However, the current certification processes can suffer from the same challenges of speed to completion. It can take too long to get technologies, cloud technologies in particular, certified. The government resources are limited to accommodate the multitudes of vendors and solutions available to them.
At Palo Alto Networks, we are committed to meeting the certification and compliance of the Federal government. To help enable innovation and support companies of all sizes achieve the required authorizations, it may be time for the government to take a look at FedRAMP in order to determine the areas where they can implement innovative cloud solutions more quickly. Low risk implementation areas may provide faster initial on-ramp for technologies and help get things moving more quickly.”
About Zero-Trust and Cloud IT Modernization
ExecutiveBiz: In your opinion, how should government agencies and other organizations best utilize Zero Trust and the latest cloud capabilities to address the most notable gaps in our network and security sectors as IT modernization continues to influence how we do business?
Dana Barnes: “It is very important to remember that the government is going through a massive technology transformation right now. From a cybersecurity perspective, it boils down to four foundational pillars.
The first pillar is integrated endpoint detection and response. EDR or XDR as we refer to it at Palo Alto Networks, which refers to automatic collection and correlation of data from multiple security products and sources to improve threat detection and provide an automated incident response capability.
Agencies will be able to correlate data across the enterprise and can automate their responses leveraging AI and machine learning. It is time for the Federal government to invest in and build integrated cyber defenses that unify endpoint, network, cloud, and analytic platforms.
At that point, the government can have hunt teams governmentwide to detect threats and vulnerabilities. Then, it ties together with information sharing. If agencies have an integrated endpoint detection and response capability and are sharing information captured across the government, they can be a lot more secure. That’s the first pillar we need to build.
The second pillar is Secure Government Cloud. All federal agencies are trying to figure out how to leverage cloud capabilities, but they are all at different stages in that process. There are a wide range of companies with cloud offerings. We are beginning to see that the current government infrastructure must be modernized to take advantage of some of these cloud capabilities.
From that perspective, it’s really exciting to see some of the things Palo Alto Networks has been doing to help the government leverage these new capabilities securely. Secure Government Cloud supports digital transformation by discovering, securing and monitoring assets in all cloud computing environments. We have been helping agencies do this with our Prisma Cloud platform.
The third is Internet Operations Management. The government needs to understand its attack surface and how “bad actors” see their environments from the outside in. Essentially, Internet Operations Management identifies and monitors the government’s internet-facing attack surface, while remediating vulnerable software running in the infrastructure. We acquired a company called Expanse. They are innovators in Internet Operations Management.
The fourth and final pillar is Zero Trust architecture. All you need to do is look at President Biden’s recent Executive Order on cybersecurity to understand the importance of Zero Trust. The Administration directly calls for the adoption of Zero Trust architectures. We agree with the Administration, organizations need to be able to verify who’s accessing data and ensure they are authorized to access that data. This is particularly important as more government workers are working remotely.
Zero Trust is more of an approach rather than a product. Zero Trust architectures should focus on enabling end-to-end least privilege. At its core, Zero Trust is about building resiliency and ensuring that our Federal customers can execute against their mission even during a cyber attack. During this time of remote work, this has become even more crucial to our Federal partners.
Many of our customers who are leveraging our technology have access to some of the foundational elements of Zero Trust already. They simply have to activate some of the key services we provide them like APP-ID and USER-ID. These technologies guide the security team through making contextual rules to enforce Zero Trust.”