I used to wake up at the ungodly hour of 5:45 a.m to prepare myself for crossing the border to get to the American Catholic school by 7:45 a.m every weekday. My mom would dial up the radio to get the traffic report and we hoped the border crossing from Mexico to California would have fewer than 150 cars per lane so that I can get to school in less than an hour.
This was my life as I was growing up. The first 13 years I lived in Tijuana, Mexico. Then we moved to San Diego, California. In total, we lived in 9 different houses since my dad likes novelty. We spoke Spanish at home but I studied in English.
I suspect this somewhat peripatetic lifestyle had an effect on me. I’ve become very curious about the world and want to explore a bit of everything. My upbringing has also instilled in me a strong sense of culture. I identify as Mexican-American and embrace both cultures, i.e., loving American football and World Cup soccer (rooting for Mexico), enjoying hamburgers and tacos, pursuing the American dream while maintaining a strong sense of familia.
Culture, of course, is just one facet of a person. Somehow I leaned toward the STEM field and went for a well-rounded Management Science & Engineering degree at Stanford, valuing breadth over depth.
After graduation I chose probably the most little-bit-of-everything job – tech consulting. Consulting was always about conducting myself as an expert in whatever the client asked for and figuring out how to be an expert in less than 2 weeks. I loved that style of learning on the fly and composing myself professionally. Everything felt interdisciplinary.
But after 5 years I decided to move to industry. As a consultant, at the end of the day, you’re only giving recommendations to the client. You never truly own a project end to end. Sometimes your recommendations are not even used.
Apps, Apps, Apps…
I came to Palo Alto Networks, and specifically, the IT Strategy team, because I was drawn to cybersecurity and I want to strategize! As a business analyst, you have to optimize how an organization is run, from the business processes to spend decisions. I lead our Application Rationalization charter, which is about enhancing our SaaS ecosystem. This involves managing new software requests, measuring current software usage and performance, looking for opportunities to consolidate and remove duplicate vendors, and ultimately, reducing cybersecurity attack fronts.
Folks in IT know me as that guy running around slacking and emailing domain experts about new application requests. My day usually includes checking on software renewal details, creating business cases for new software requests for approval, saying “no” in the kindest but most direct way possible, and other ad-hoc tasks typical of a business analyst. What brightens my day is when someone tells me upfront the quantifiable value of a tool such as saving 200 hours of manual work or reducing OPEX by $30K.
Tougher Stance on SaaS for Security
Over the last year, IT retired 27 applications. For us, security is always top of mind. Not too recently a vendor we used was hacked and we had to switch vendors. Any new application request needs a much stronger business justification and ROI given that we would take on a considerable amount of security risk.
Different strategies exist in how to handle an app ecosystem. Start-ups need to execute, so app proliferation is probably not in their vocabulary. Established or scaling companies such as Palo Alto Networks face a lot of complexity in their infrastructure, so they have to be careful about cyberattacks.
Does a company regulate only enterprise apps with a large user base and allow for shadow IT? Do companies install Mobile Device Managers (MDMs) and whitelist applications, thus, completely limiting an employee to download a free version of Grammarly for example? Some companies simply trust their employees to download anything but would have teams work on detecting egregious acts and fire offenders on the spot.
The questions I find myself most interested in are:
- If we shut down employees’ ability to seek out SaaS on their own, do we hamper productivity and innovation?
- If we allow anyone to download anything, will we be good stewards of the guidance we give our clients as a cybersecurity company?
The sweet spot is: We don’t want to hamper productivity nor increase cybersecurity attacks. Most companies want the best of both worlds and that is what we should strive for even if we feel the road to getting there is long and challenging.
A Sense of Family
Turning 30, work is important. But culture and community is just as important. For work to feel as inclusive as possible, one has to feel like they belong. Being connected to people who look like you or share your heritage help create a sense of family and confidence that you can be successful together. Studies have also shown that more employee diversity means better performance for companies.
Palo Alto Networks has Employee Network Groups (ENGs) to foster all kinds of communities for employees. As a member of the Latinx community, I’m one of the leaders for the “Juntos!” ENG. I’m proud of the work we have done, such as recruiting efforts with the Society of Hispanic Professional Engineers (SHPE) and setting up morning “Cafecitos” for employees to connect and have fun while sipping on some delicious coffee. I hope you’ll join me in celebrating Latinx Heritage Month, running from Sept. 15 to Oct. 15.
Learn How to Say ‘No’
This is one of the most important things you’ll need in any job. And I don’t mean telling your manager “no” because you don’t feel like doing something.
What I mean is sometimes you have to say “no” in order to prioritize or evaluate other options to do what’s best for the company. Things will fall into place a lot easier than you might expect and you will feel better in the long run. Being overwhelmed will cause burnout so take care of yourself.
Please don’t order the guacamole for an extra $5 on a food delivery app. Simply buy a ripe avocado, mash it up, add salt and lime, and it will taste 10x better than the extra acidic, tomato-heavy goo they call guacamole.