John Davis
Federal Chief Security Officer
Palo Alto Networks
United States


Retired U.S. Army Major General John Davis is the Vice President and Federal Chief Security Officer for Palo Alto Networks, where he is responsible for expanding cybersecurity initiatives and global policy for the international public sector and assisting governments around the world to successfully prevent cyber breaches.

Prior to joining Palo Alto Networks, John served as the Senior Military Advisor for Cyber to the Under Secretary of Defense for Policy and served as the Acting Deputy Assistant Secretary of Defense for Cyber Policy. Prior to this assignment, he served in multiple leadership positions in special operations, cyber, and information operations. His military decorations include the Defense Superior Service Medal, Legion of Merit, and the Bronze Star Medal.

John earned a Master of Strategic Studies from the U.S. Army War College, Master of Military Art and Science from U.S. Army Command and General Staff College, and Bachelor of Science from U.S. Military Academy at West Point.


Imperatives for Cybersecurity Success in the Digital Age


John Davis, retired US Army Major General specializing in cybersecurity and current Vice President and Chief Security Officer- Federal at Palo Alto Networks, will provide a brief introduction of his career in the US Military. He will then talk about how a major security breach in 2008 sparked the creation of the US Cyber Command of which he oversaw.  He uses this as the backdrop reference point for his Cybersecurity Concept Model which contained 4 specific perspectives:
  1. Cyber Threat Trends
  2. Cybersecurity Policy and Strategy Adjustments for the Future
  3. Organisation and Architecture Structure Requirements for Success
  4. Effective Tactics, Techniques and Procedures (TTP)
In his presentation he provides a detailed description of the imperatives, which must take place in order to ensure a safe cyber environment. These include:
  1. Flipping the scales on:
    1. Threat: flip the imbalance of power from the Attacker to the Defender
    2. Policy and strategy: flip from an “open trust” to a “zero trust” model
    3. Organisation and architecture: flip decision forum from the tech community to the corporate leadership
    4. TTP: shift from a “win/lose” model where security comes at the expense of system performance to a “win/win” scenario where enhance security and system performance coexist

  2. Broadening focus to sharpen actions on:
    1. Threat: look beyond discrete events and focus on threat lifecycles
    2. Policy and strategy: expand visibility to look at everything by leveraging automation
    3. Organisation and architecture: shift from being everywhere to being at the right places
    4. TTP: shift from looking for threat signatures to seeking out threat attack indicators

  3. Changing the overall approach to:
    1. Threat: need to shift threat status from “unknown” to “known” quickly
    2. Policy and strategy: detection and response are important, but Insufficient without a “prevention first” mindset
    3. Organisation and architecture: move from point solutions to integrated platform with deep partnerships with many different technical partners
    4. TTP: move from manual to automated processes

  4. Working together on:
    1. Threat: move from government as the sole purview of cyber threat intelligence to more effective involvement from the private sector
    2. Policy and strategy: promote information sharing by changing from commercial commodity approach to information sharing as a public good
    3. Organisation and architecture: shift from operational silos to effective partnerships and a teamwork approach
    4. TTP: change from ad hoc to standardized information sharing procedures