Exploring Cybersecurity Innovations at RSAC 2025 with Jay Chaudhry of Zscaler
In this insightful session, Jay Chaudhry, founder and Chief Executive Officer of Zscaler, shares perspectives on evolving cybersecurity challenges at RSAC 2025. Hosted by analysts from theCUBE, this interview delves into the pressing issues faced by organizations today, such as the enduring threats of cyber breaches and inertia within large enterprises.
Chaudhry brings decades of cybersecurity expertise to the discussion, addressing critical questions about why investments in security do not always result in safer environments. This video explores the role of zero trust architecture in shaping a more secure digital ecosystem and how Zscaler plays a pivotal role in this transformation.
Chaudhry highlights the growing importance of adopting modern security architectures such as zero trust, emphasizing that legacy systems such as firewalls and virtual private networks are outdated. According to them, tackling these challenges requires a shift in mindset and infrastructure. The conversation also touches on Zscaler's strategic focus on data security and employing artificial intelligence to improve threat detection and prevention effectively.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Jay Chaudhry, Zscaler
Exploring Cybersecurity Innovations at RSAC 2025 with Jay Chaudhry of Zscaler
In this insightful session, Jay Chaudhry, founder and Chief Executive Officer of Zscaler, shares perspectives on evolving cybersecurity challenges at RSAC 2025. Hosted by analysts from theCUBE, this interview delves into the pressing issues faced by organizations today, such as the enduring threats of cyber breaches and inertia within large enterprises.
Chaudhry brings decades of cybersecurity expertise to the discussion, addressing critical questions about why investments in security do not always result in safer environments. This video explores the role of zero trust architecture in shaping a more secure digital ecosystem and how Zscaler plays a pivotal role in this transformation.
Chaudhry highlights the growing importance of adopting modern security architectures such as zero trust, emphasizing that legacy systems such as firewalls and virtual private networks are outdated. According to them, tackling these challenges requires a shift in mindset and infrastructure. The conversation also touches on Zscaler's strategic focus on data security and employing artificial intelligence to improve threat detection and prevention effectively.
Jay Chaudhry, founder and chief executive officer of Zscaler, joins theCUBE’s Dave Vellante and John Furrier at the RSAC 2025 Conference to examine why security investments don’t always translate to safer outcomes. The conversation centers on zero-trust architecture and what it takes to modernize cybersecurity at the enterprise level.
Chaudhry explains why legacy systems such as firewalls and VPNs are no longer effective in today’s threat landscape. He shares how Zscaler focuses on data protection and AI-driven threat detection to help organizations ad...Read more
exploreKeep Exploring
What is the biggest issue with cybersecurity technology being used by large enterprises?add
What challenges are large manufacturing companies facing when trying to implement new technology, particularly in terms of budget constraints and the difficulty of replacing existing technology?add
What is the foundational architectural change required for implementing zero trust security, according to the text provided?add
What are some areas that are relevant to Zscaler in terms of incorporating AI into their business strategy?add
What are the important aspects of AI in relation to zero trust and threat detection according to the text provided?add
What type of email attack was attempted on Zscaler employees and how was it detected and prevented?add
>> Hi, everybody. Welcome back to RSAC 2025. I'm Dave Vellante. John Furrier is here, and Jay Chaudhry, the founder and CEO of Zscaler is back for another RSA. Welcome back to theCUBE. Thanks so much for taking some time out of your busy schedule.
Jay Chaudhry
>> Thank you, Dave. I appreciate the opportunity. I always enjoy these conversations.
Dave Vellante
>> Well, one of our favorites, so I got to start with something that you get asked all the time. We're pouring money into cybersecurity. Why aren't we safer? Why can't we measure year to year that we're getting better? What's the reason?
Jay Chaudhry
>> Yeah. This question has been asked to me many times, especially the way this board member asked me from a very large bank. She said, "Jay, you're sitting in Silicon Valley running one of the largest cloud security company, working with Fortune 500 companies, who have all the money, expertise and access to technology. Yet I see so many of these companies getting breached. If that's happening to them, what hope do I have?"
I had to think for 30 seconds before I could really respond. But the real answer is, all those factors are true. The biggest issue is inertia. Large enterprises have lots of inertia. Hackers have no inertia. The technology we are still using for cybersecurity is largely around firewalls, and VPNs to build a castle and more architecture. That's 30 plus years old. Hackers have moved on. So zero trust architecture is the answer, it's helping customers adopting it, but not fast enough. Great zero trust architecture, most of these issues should go away.
Dave Vellante
>> Why is it that IT never, we call it GRS sometimes, getting rid of stuff, IT never gets rid of stuff? Why is that?
Jay Chaudhry
>> So, a couple of reasons. It's a funny question. One of the large manufacturing companies, CIO, talked to me. This was about two years ago. He said, "We are going through some tough financial situation. So, I'm tight on budget. What I'm finding is it's hard to buy new technology, but it's much, much harder to get rid of what I have. What's the answer?" Number one, things that get bought, the emotional ties, a lot of people's job, all the situations out there. And then the vendors come in and say, "This is so wonderful. I can bolt on zero trust on my firewall and the like." So, all those technology and non-technology factors play in. But as attacks are moving, things are changing. I mean, it's because of that change, Zscaler has grown at a very, very big pace. We are approaching $3 billion in ARR, and with 45% of Fortune 500 companies. So, a lot of companies are doing well. And there's still late adopters who'll come along.
Dave Vellante
>> They're buying the story, John.>> Jay, I want to ask you, because last time you were in the queue, a wide region conversation entrepreneurship and architecture. This year, zero trust continues to be front and center. But when we look at it, it's a journey. John Olsik, one of our analysts. So it's a journey. Okay. Not everyone, you have to get zero trust everywhere. And if I have tools sprawl and not everyone's on board, that's a problem. Can you scope that for us? Because no one debates zero trust, I mean, I think it's a total sense, but how do I actually get there? And what's your answer to that, because not everyone can get every tool up to date, and it takes one week link?
Jay Chaudhry
>> Right. So, you don't really take the current tools and update them to make zero trust. It's like saying, "I'm going to fix my DVD player and create Netflix." It never happens. Or I'm going to take my traditional internal combustion engine car and make it an electric car. Zero trust is in foundational architectural change. But customers for this journey can start with zero trust for users. No user is trusted. Even in their office, they're sitting on a guest network. User is the weakest link. Hence, making sure every user can access application only by going through a zero trust exchange is the number one thing they can do. Number two, your branches. Most attacks happen the following way. A user gets infected, she goes to the branch office, gets on a network, the malware moves laterally, and goes everywhere, infects everything. Imagine if each branch is like an internet cafe. Or maybe as an island. The attacks' radius is limited to the branch. So we call it zero trust branch. The third area needs to be the cloud workloads. Imagine if each cloud region is an island and you can only talk to certain things, workloads can only talk to certain workloads. Our customers are doing this journey in a very nice way. It's a great journey, but customers realize that you need to move away from legacy, castle and more architecture, new architecture.>> Yeah, and I think one of the things we see here, user is a big conversation. We've talked about networks, we love the network approach. Data security's hot, end-to-end workloads. So you got the network, zero trust network. You guys are doing great, congratulations on the success. Now I got data security. I got to see everything. So it reminds me of us of network monitoring, which was SolarWinds. So okay, how do I balance the data security in the network? Two great areas to watch.
Jay Chaudhry
>> So, we don't believe in network security. What is there to secure in a network? The packets are flowing and they're encrypted. The network security, the old approach that firewalls did, and it made sense, because your network was limited, your application are hanging on the network, users are connected to the same network. So you secured the network. Your network is everywhere, your applications are everywhere. So we want to treat network simply as the transport and plumbing. We need to secure data. Data is sitting with applications, data is sitting with servers, data is sitting databases. Or with endpoint. Now, we are the switchboard, the policy engine, who can access what. Now, when we start, we start, we have very well done program where we can say who can access what applications. Now, data often sits behind the application. That's the next stage. The first stage of data security is making sure only right people reach to applications. Then the next level is which data is connected to those applications. There's new things evolving. Zscaler is investing heavily to identify the type of data who has access to what. It's all for applications. It's being solved for data.>> And so your point about the antiquated technology, that's the network stuff. Network security has been around, hanging around, let the networks do their job.
Jay Chaudhry
>> Don't monitor the natural traffic. Traffic is encrypted. What are those monitors going to do? They can't see anything. We need to get away from that, save that money, and apply to better, simpler, newer technology.>> save that money.
Dave Vellante
>> So, the story of Zscaler is quite remarkable. You started the company in 2007, I think. The year after AWS announced.
Jay Chaudhry
>> Exactly.
Dave Vellante
>> Which is remarkable, because-
Jay Chaudhry
>> And iPhone.
Dave Vellante
>> Yes, iPhone same year, right.
Jay Chaudhry
>> Because I wanted to make, I was saying that if you're mobile and you've got cloud-based compute and storage, and you've got SaaS applications taking off, why should you have the fire? Where are you going to put firewalls and all? Let's flip the paradigm. Don't secure this castle and mode, everyone is untrusted, we are going to build this exchange.
Dave Vellante
>> So it was really visionary. But I'll say this, a lot of companies who started in that timeframe, like John, you remember well, the Hadoop world.>> I do.
Dave Vellante
>> Completely missed the cloud. And they said, "Okay, we're going to go on prem," and then the cloud came, and they got blown away. A lot of people missed the cloud.>> All those vendors that were selling firewalls missed the cloud.
Dave Vellante
>> So my question is, so you were cloud-native, and now we have AI coming in. And so you have the terms AI-native. And you guys are just talking about data. How is it that you're going to be able to cross that new chasm? Is it because of the data? And I wonder if you could talk about what your vision is for this next era, where you said the next wave is securing the data. And now you're a big company, you're a multi-billion dollar company. How do you stay nimble to compete with all these new startups that want to take you out?
Jay Chaudhry
>> So first of all, staying nimble. We actually have done startups within startups. Zscaler private access was started as a startup within Zscaler. Now, it's a very large business. Our Zscaler digital experience was done startup within a startup. So we still have the culture to be able to do those things. That's point one. Point two, yes, AI is big. It will be big. It's a bit overhyped right now, but it's going to get there. But AI won't be certain class. AI will be embedded in all kinds of areas. Now the question is, what are some of the areas that are relevant to Zscaler? We look at core competencies that are relevant to us, and we go after them. We don't jump around here, here, here. So in AI, the two things we think are very important: AI will never replace zero trust. Zero trust is an architecture. Somebody must sit in that traffic path to inspect who talks to who. It's like being the international airport. You need those controls. Now, AI can provide better intelligence and signals to check some of the anomalies to see, "Huh, this stolen credential actually should be blocked." So AI can compliment, AI can help. AI can also help with very high speed anomaly detection for bad things, or for data leakage out there. So we are embedding AI into all of our threat detection and data protection areas. So it makes our zero trust better. I like to say zero trust, when combined with AI, it becomes powerful. But the second area too, Zscaler is the largest cloud security out there. We handle over half a trillion, IHT for trillion transactions a day from around the globe. To give you a relative scalability. Even I didn't think of being able to do half a trillion transaction a day. No. Why do they matter? Because they have logs, half a trillion logs. They are private proprietary information to understand the behavior. Traffic is flowing, reconnaissance activities flowing through us. Being able to take that data and train our language models to detect things that couldn't be detected before. We have an exciting project. I'm personally very close to breach predictor. Imagine if I could predict a breach for my customers before it happens. That's the power of AI combined with the logs coming from our zero trust exchange.
Dave Vellante
>> And that comes from your data fabric, your Avalor acquisition, which you've said is critical to your future. That's okay, it's back to your data conversation.>> Well, yeah. First of all, the entrepreneurial story by the way, sometimes you have a pinch me moment. It's like, "Oh my god, we've got trillions of transactions. We're a big company. Billions of dollars from humble beginnings." I love the incubating, we've talked about it in theCUBE before. You're incubating starters within there. I mean, Steve Jobs has that famous line at the conference where it says, "We are the largest startup, no committees, everyone's in charge. They know who's in charge." Love that. The question I want to ask you is that you're talking about being AI native inside Zscaler to get a product competitive advantage for the customer, and both the business but benefit to the customer. We're seeing companies that do that do well, but there's a new thing we're seeing with say Google's of the world where they got deep mind. You're seeing research inside the company, not like applied R&D, like targeted AI research that's feeding directly into the product. You mentioned the product you're close to. Are you guys intentionally looking at that kind of research? Can you share your thoughts on what you guys are doing as a discipline? Because the speed of the game is so fast right now that you got to have your own internal research to make the product. So it's a product thing, not so much, "Let's go figure out a new market." What's your thoughts on this new research discipline? We're hearing other companies are looking at the same thing.
Jay Chaudhry
>> So, research is extremely important, but research only is good if you have access to some of the data out there. So, we have about 200 people who have been focused on security research. Know they got better tools with AI to be able to do far better research they could do. But remember, AI is only as good as the data. So the data, we are research scientists who are focused on it. But in addition to that, you need some other things. We have a startup within Zscaler. It basically has data scientists, it has security experts, and it essentially has AI experts. You combine all of them, and imagine being able to build a ChatGPT of security. We are in a position to do that.>> So you're doing it now.
Jay Chaudhry
>> We are working.>> This is your incubation product of the startups within the startup.
Jay Chaudhry
>> Absolutely, yes.
Dave Vellante
>> I got to ask you, so you don't like the term SASE, but you created the market. So, help me square that circle.
Jay Chaudhry
>> SASE, right? Whatever secure access service.
Dave Vellante
>> Some Gartner term.
Jay Chaudhry
>> Some Gartner term.>> I like it already.
Jay Chaudhry
>> What we want is zero trust architecture. The number one reason why brand similar attacks happen successfully is because they steal some credentials, user is the weakest link. Then they get on your network. Then they exploit the design feature of networking. What's a design feature? You get on the network, left turn, right->> Everywhere....
Jay Chaudhry
>> lateral movement. So SASE has something called SD-WAN. And SD-WAN is no different than any network that hasn't built over the last 35 years. And they all enable lateral movement. I've been asked by investors and many people, "Why do you buy an SD-WAN company or build SD-WAN?" I said, "Do you want me to enable lateral threat movement?" Not really. So we are all about zero trust. And SASE is SASE. I mean the SSE part of Sassy is pretty good. That's the switchboard part of it. What's not good for us is SD-WAN part. We want a zero trust branch. We want branch to be an island, not part of the mesh network.
Dave Vellante
>> And how does that, Jay, play into, sometimes the criticism on Zscaler is, "I'm worried about the blast radius," or latency. And I know you have techniques and technology to address that, but I wonder if you could discuss that.
Jay Chaudhry
>> Yeah, so before Zscaler that your traffic forms say 500 branches around the globe. We'll go through three hubs: one in Americas, one in EMEA, one in APJ. I'm sitting in 160 locations around the globe, that the distance to reach us to apply policy is much, much smaller. It's not a problem at all. Now, then the question ends up being, well, what if I'm sitting in headquarters and my data centers two milliseconds away? We can bring our exchange to your data center. All those options are available. I don't hear any complaints about latency from the customers. Rather the customer often say, "My experience got much, much better."
Dave Vellante
>> Interesting. So that's a competitive knockoff that customers don't see that...
Jay Chaudhry
>> Not at all. Not at all.>> One of the survey questions we were reporting on before we came into the show, Jay, was, I had a top 10 list, but the one that I want to ask you on is that social engineering is what everyone's afraid of. The users, again, back to your point. Talk about the importance of that piece, because AI's making that better too, right?
Jay Chaudhry
>> Easier.>> It's like a windfall. It's a tailwind for the adversary.
Jay Chaudhry
>> Big time.>> So, how are people implementing? What's your advice? How do you go in and knock that out of the park?
Jay Chaudhry
>> Yeah. So, there's no single silver bullet for it. We're talking social engineering. Somebody sent 30-some emails to Zscaler employees a few months ago. They came from our CFO. And the title was, "Additional Acquiry grant for you.">> I got my attention right there. More stock. Hey, doing good job.
Jay Chaudhry
>> Our people are pretty savvy. But three people clicked on it, 27 did not. Fortunately, our research team had already figured out, our zero trust exchange had protection built into it. But if they hadn't, then obviously it could cause some damage. So things will happen. You can never count on the fact that you can train people not to click on things.>> Did you get that email?
Jay Chaudhry
>> I got that email.>> Isn't already vested? "Hey, what is this? Because I do that, I couldn't be ."
Dave Vellante
>> I already got my stock. Thanks.>> Exactly.
Jay Chaudhry
>> So, what's needed is a bunch of things. That's why you don't depend on credentials. Second factor is important, but that's also being essentially shown. One big thing AI is helping that area is AI is good for figuring an anomalous behavior. We look for people doing things they're not supposed to do. A typical user is going to go and do X number of things. And as we are monitoring the activity, and this is where gen AI plays a big role, they can say, "This user is trying to poke into things they generally don't poke." Those become an important, we call this thing adaptive policy for C-scaling. Even if you're given the connection and access, we can actually automatically turn me into the connection when we see some kind of stuff powered by AI.>> I mean, that's where the data shines. You sit in a treasure trove of data. What are some of the cool things you work on? You mentioned that project that you're highly involved in. The advantage for the adversary is one thing, but now agility to move fast. Give us a taste of this. What are you working on that's cool? What do you see as opportunities? And for partners out there of Zscaler or customers, where can they vector in with you and connect that to that innovation?
Jay Chaudhry
>> So, from cyber point of view, if you look at holistically, zero trust segmentation is extremely important. That means don't tell people, "Get in the office, go wherever you need to go." In our world, people implement user-to-application segmentation. A group of users can only access these three applications, nothing more. Then they are implementing segmentation within a factory or a branch. My phone can't talk to this laptop, this laptop can't talk to this laptop. They can only talk to maybe a printer in the office, nobody else. That becomes important. Zero trust workload segmentation becomes important. This is one area. Then you move on towards AI. What can be done in AI? The easiest number one application that we built for securing a use of public AI was the following: employees are going to ChatGPT and Gemini. They submit source code and whatnot. We are like an international airport. All traffic to all public sites goes through us. We are able to tell our customers, "This is where your users are going." Then we could give them controls that says, "You can have a policy, developers can only go to these four AI services, nowhere else." Then you can put DLP control on it that says, "Developers can do this but they can't be submitting stuff like that." That was part one. A large number of our customers are already using it very happily. Then the next question came. How do I secure the use of private AI application I'm building in my data center or in my cloud? So for that, this application may be built for your employees, they may be built for your customers. Maybe it's a support ChatGPT, a support chat kind of stuff. For that, we are building LLM proxy. It's like a switchboard. We insert ourselves before they access these applications. So, we are able to inspect prompts. Analyze is good, bad, good response, or they're trying to do prompt injection on the thing. And when the response come, you're able to examine response, good response, bad response, all that stuff can be done.>> You're looking at data context.
Jay Chaudhry
>> That's right.>> As almost a network paradigm, I won't say network paradigm, but how it used to be network security. "Hey, watch the packets, do deep packet inspection." You're kind of just saying, "Let that be the transit," and your data layer, and contextually looking at the behavior and the context.
Jay Chaudhry
>> Exactly. Exactly.>> And that's different.
Jay Chaudhry
>> That's very different.
Dave Vellante
>> Oh, I mean, reach predictor because you have visibility on data. That's amazing.
Jay Chaudhry
>> Exactly.>> Here comes a prompt injection context poisoning.
Jay Chaudhry
>> Exactly.>> So you don't have to build an LLM app security layer, you just look at that switchboard piece.
Jay Chaudhry
>> I'm in the middle.I'm in the middle.>> And what about unified data controls? Because this is a hot topic this event. Data controls, super important. You mentioned some of those things. I'm assuming it's already built into the switchboard. Is there like a master brain in the Zscaler architecture?
Jay Chaudhry
>> So, unified data security is very important. 10 years ago all we worry was traditional DLP going from your data center or users to the cloud. That was important. But now data is everywhere. Sitting SaaS applications, not just in Salesforce, there are 30 applications connected to Salesforce through APIs. And those providers are generally private companies. Some are running out of funding, some don't even encrypt your data. You need to worry about that. Then data is sitting in cloud, in maybe Snowflake and wherever, and data is sitting on the endpoint. Customers do not want five vendors to provide five solutions. Why is that? First of all, creating a policy, managing a policy for one set is hard. Trying to deal with five vendors, it's almost impossible. So we started focusing on this. We have a full comprehensive solution that actually handles all channels, all type of traffic, and no matter where they are. We even integrate with vendors like Microsoft. They have offering a purview, which can do tags and classification. I can read those tags, and since I'm sitting in the data path to the internet, all good things leak to the internet.>> Things come from the internet.
Jay Chaudhry
>> And since we are the gateway.>> It's almost too simple. It's like, "It's not complex enough." Jay, go on. I can't buy it.
Dave Vellante
>> Jay Chaudhry, it's always so great, a pleasure to sit down with you a few times a year. Really appreciate your time. Know you're super busy, and can thank you enough very much.
Jay Chaudhry
>> Thank you. It's always fun.
Dave Vellante
>> Thank you very much. Terrific.
Jay Chaudhry
>> Thank you so much.
Dave Vellante
>> All right. And thank you for watching. This wraps up day three from theCUBE's coverage RSAC. Back tomorrow for more. Keep it right there, and we'll see you then.
Dave Vellante
Jay Chaudhry