Ex Palo Alto Networks CSO Rick Howard on Cybersecurity from First Principles

Apr 8, 2025

Rick Howard, former Chief Security Officer at Palo Alto Networks, shares his extensive insights on cybersecurity. He discusses the shift from corporate to startup perspectives and the essential themes for entrepreneurs and investors. Howard critiques traditional risk assessment methods and advocates for a dual approach in managing cybersecurity risks. He also highlights the transformative role of artificial intelligence and emphasizes the importance of curated cybersecurity literature, including key reads like 'The Phoenix Project,' for professionals in the field.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

INSIGHT

Probability as Uncertainty

Probability is a measure of uncertainty, not just counting marbles in an urn.
Superforecasters demonstrate accurate predictions on complex issues are possible.

ADVICE

Outside-In, Inside-Out

Use outside-in and inside-out risk assessments like superforecasters.
Start with industry averages (outside-in), then adjust based on specifics (inside-out).

ANECDOTE

Ransomware Probability

The probability of a ransomware attack is smaller than most CISOs think, around 10%.
However, consider industry specifics; finance has a higher risk than forestry.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Cybersecurity First Principles

Rick Howard

The Cuckoo’s Egg

Tracking a Spy Through the Maze of Computer Espionage

Clifford Stoll

In this book, Clifford Stoll recounts his unexpected adventure as a computer systems manager at the Lawrence Berkeley National Laboratory. A 75-cent accounting error leads him to discover an unauthorized user on the system, later identified as a hacker named 'Hunter' who was stealing sensitive military information. Stoll's one-man investigation involves a high-stakes game of deception, broken codes, satellites, and missile bases, eventually gaining the attention of the CIA. The book details the early days of cybersecurity, the challenges of persuading government agencies to cooperate, and the race against time to safeguard sensitive information from falling into the wrong hands.

The Phoenix project

Lambeth London Borough Council

In this novel, Gene Kim, Kevin Behr, and George Spafford tell the story of Bill, an IT manager at Parts Unlimited, who is tasked with turning around the company's failing IT department. The book delves into the challenges of IT management, the importance of DevOps practices, and how these practices can lead to significant improvements in efficiency, reliability, and customer satisfaction.

Superforecasting

The Art and Science of Prediction

Dan Gardner

Philip E. Tetlock

Santiago Foz (argentino)

In this book, Tetlock and Gardner present the results of the Good Judgment Project, a massive forecasting tournament that identified a small group of 'superforecasters' who are exceptionally good at predicting future events. The authors explain that good forecasting does not require powerful computers or arcane methods but involves gathering evidence from various sources, thinking probabilistically, working in teams, keeping score, and being willing to admit error and change course. The book uses stories of forecasting successes and failures, as well as interviews with high-level decision makers, to illustrate these principles and demonstrate how anyone can improve their forecasting abilities[3][4][5].