Join our daily and weekly newsletter for the latest updates and exclusive content on industry-leading AI coverage. learn more
National Oilwell Varco (NOV) is implementing a drastic cybersecurity transformation under CIO Alex Philips, employing a Zero Trust architecture, strengthening identity defenses, and injecting AI into security operations. The journey is not complete, but the results are dramatic and are based on all accounts – 35 times lower than security eventsMillions have been saved by eliminating malware-related PC remapping and disposing of legacy “Appliance Hell” hardware.
VentureBeat recently sat (virtually) for this in-depth interview. zscalerZero Trust Platform, Proactive Identity Protection, and Generate Security Team AI “Co-workers”.
He also shares how Nov’s board engages in cyber risk in a global threat situation where 79% of attacks to gain initial access are malware-free and enemies can escape from the breaches in just 51 seconds.
Below is an excerpt from Phillips’ recent interview with Venture Beat.
VentureBeat: Alex, Nov became “All In” on Zero Trust a few years ago. What was the outstanding profit?
Alex Phillips: When we started, we were a model for traditional castles and moats that we hadn’t caught up with. We didn’t know what zero trust was. I knew that identity and conditional access were required at the core of everything. Our journey began with Zscaler’s identity-driven architecture for Zero Trust Exchange, which changed everything. Vision and protection coverage increased dramatically, while simultaneously experiencing a 35-fold reduction in the number of security incidents. Previously, our team had been chasing thousands of malware incidents. Now, that’s just a small part of it. Also, the resales of machines infected with approximately 100 malware units each month have now become virtually zero. It saved quite a lot of time and money. Because the solution is cloud-based, Appliance Health As I want to say, it’s gone.
With the Zero Trust approach, 27,500 November users and third parties provide policy-based access to thousands of internal applications without exposing these apps directly to the Internet.
After that, we were able to take some interim steps and recreate the network to take advantage of internet-based connectivity and expensive MPLs of legacy. “On average, we increased speeds by 10-20 times, reduced latency to important SaaS apps, and reduced costs by more than four times… annual savings [from network changes] It has already achieved more than $6.5 million,” Phillips notes the project.
VB: How did these major factors actually reduce security noise by shifting to zero trust?
Phillips: The big reason is that our internet traffic is currently passing through the Security Services Edge (SSE) with full SSL inspection, sandboxing and data loss prevention. Directly with Zscaler friends Microsoftwhich is why Office 365’s traffic is faster and safer. Users no longer try to bypass controls due to improved performance. Cloud Proxy has not been able to access spy on the data itself in November, and it finally got legal approval after being denied SSL inspection on on-plame equipment that it finally gained legal approval to decrypt SSL traffic. That means that malware hidden in the encrypted stream has begun to catch in front Press the endpoint. In short, we reduce the attack surface and good traffic flows freely. Less threats mean less alerts overall.
November CISO John McLeod agreed “Old network boundary models don’t work in a hybrid world.” And that we needed an identity-centric cloud security stack. By routing all enterprise traffic through the cloud security layer (even isolating high-risk web sessions through tools like Zscaler’s Zero Trust Browser), November dramatically reduces intrusion attempts. This comprehensive testing capability allowed NOVs to spot and stop previously slipping threats, reducing incident volume by 35 times.
VB: Was there any unexpected benefits to adopting zero trust that you didn’t expect in the beginning?
Alex PhillipsYes, users actually preferred cloud-based zero trust experiences over legacy VPN clients, so adoption was easy and gave them unprecedented agility for mobility, acquisitions, and even what’s called “black swan events.” For example, November was already in preparation at the time of Covid-19’s hit! If all 27,500 users need to work remotely, and if the IT system can handle it, they told the leadership team. My leadership was unclear and our company continued to move forward without missing the beat.
VB: Identity-based attacks are on the rise. We mentioned some incredible statistics on qualification theft. How does Nov enhance identity and access management?
Phillips:Attackers know that it is often easier to log in with stolen credentials than to drop malware. In fact, 79% of attacks to get early access in 2024 are malware-free, and according to recent threat reports, they rely on stolen qualifications, AI-driven phishing and deep-fark scams. One of the three cloud intrusions last year included valid credentials. We have strengthened our identity policy to make these tactics more challenging.
For example, we integrated the Zscaler platform. Octa For ID and conditional access checks. Our Conditional Access Policy confirms that you have a device Sentinelone Add additional posture checks to the antivirus agent running before granting access. There is also a significant limit to who can perform a password or MFA reset. No one can bypass authentication controls on its own. This separation of duties will prevent insiders or compromised accounts from simply turning off protection.
VB: mentioned finding gaps even after disabling user’s accounts. Can you explain it to me?
Phillips: Discovered and disabling the account of a compromised user, and discovered that the attacker’s session token might still be active. Resetting your password is not enough. To truly kick out an intruder, you must cancel the session token. We partner with startups to create near-real-time token deactivation solutions for the most commonly used resources. Essentially, you want to make your stolen tokens useless within seconds. Zero Trust architecture is useful as it provides a single chokepoint to cancel tokens globally, as everything is re-authenticated via a proxy or identity provider. This way, if an attacker grabs a VPN cookie or cloud session, it will not be able to move sideways, as it will kill that token quickly.
VB: How else do you secure your identity in November?
Phillips: Forces multifactor authentication (MFA) almost everywhere to monitor abnormal access patterns. Okta, Zscaler, and Sentinelone form identity-driven security perimeters where each login and device attitude is continuously verified. Even if someone steals a user’s password, they still face the risk of instant session cancellation if they think that device checks, MFA challenges, conditional access rules, and something is off. Resetting your password is no longer sufficient. You must stop moving horizontally to immediately cancel the session token. That philosophy underpins the identity threat defense strategy for November.
VB: He is also an early adopter of AI in cybersecurity. How do you utilize SOC’s AI and generative models?
Phillips: There is a relatively small security team for the global footprint, so you need to work smarter. One approach is to bring AI “co-workers” to a Security Operations Center (SOC). We have partnered with Sentinelone to begin using the AI Security Analyst Tool. This is AI that allows you to write and execute queries across the log at machine speed. This is a game changer, and analysts can ask questions in plain English and get answers in seconds. Instead of manually creating SQL queries, AI will suggest the next query or even suggest auto-generating the report.
We’ve seen success stories using AI assistants where threat hunting runs up to 80% faster. Microsoft’s own data shows that adding generated AI can reduce the average incident time by 30%. Beyond vendor tools, we are experimenting with internal AI bots for operational analysis. Openai A basic AI model that helps non-technical staff quickly query data. Of course, these AI solutions have data protection guardrails in place to prevent sensitive information from leaking.
VB: Cybersecurity is no longer an IT issue. How will you engage your board and executives in cyber risk in November?
Phillips: I made it a priority to bring the board of directors on the Cyber Journey. They don’t need deep technical features, but they need to understand our risk attitude. For example, we discussed both the benefits and risks early on when generative AI explodes. That education is useful when suggesting controls to prevent data leakage. It’s already consistent as to why it’s necessary.
The board now considers cybersecurity as a core business risk. They are explained about it not only once a year, but at every meeting. We performed tabletop exercises with them to show how the attack unfolds and turn the abstract threat into a concrete decision point. This gives you stronger top-down support.
My key is to constantly strengthen the reality of cyber risk. Even if millions of people invest in cybersecurity programs, the risk is not completely eliminated. Not that there’s an incident, but when.
VB: Based on the November Journey, are there any final advice for other CIOs and CISOs?
Phillips: First, recognize that security transformation and digital transformation are closely related. It was not possible to move to the cloud without zero trust or enable remote work effectively. The reduction in business costs helped fund security improvements. It was really “win, victory, victory.”
Second, we focus on the separation of obligations in identity and access. No one should be able to undermine your security controls – include him yourself too. Small processes such as requiring two people to change MFA for executives or highly privileged IT staff can interfere with malicious insiders, mistakes and attackers.
Finally, we accept AI carefully but proactively. AI is already the reality of attackers. A well-realized AI assistant can increase team defenses, but it requires managing the risk of data leaks or inaccurate models. Integrate the AI output with your team’s skills to create a “brain” that permeates your AI.
We know that threats continue to evolve, but with zero trust, strong identity security, and now AI is on our side, it gives us a chance to fight.
