nov cio combines AI and Zero’s trust to reduce threats by 35 times

National Oilwell Varco (November) under CIO Alex Philips is making a drastic cybersecurity transformation to embrace Zero Trust architecture, enhance identity defenses, and inject AI into security operations. The journey is not perfect, but the results from all accounts are dramatic. Millions of people will be saved by 35 times lower than security events, eliminating malware-related PC remapping, and disposing of legacy “Appliance Hell” hardware.

VentureBeat recently stopped (effectively) for this in-depth interview. Phillips detailed how they achieved these results with Zscaler’s Zero Trust Platform, offensive identity protection, and security team generation AI “co-workers.”

He also shares how Nov’s board engages in cyber risk in a global threat situation where 79% of attacks to gain initial access are malware-free and enemies can escape from the breaches in just 51 seconds.

Below is an excerpt from Phillips’ recent interview with Venture Beat.

VentureBeat: Alex, Nov became “All In” on Zero Trust a few years ago. What was the outstanding profit?

Alex Phillips: When we started, we were a model for traditional castles and moats that we hadn’t caught up with. We didn’t know what zero trust was. I knew that identity and conditional access were required at the core of everything. Our journey began with Zscaler’s identity-driven architecture for Zero Trust Exchange, which changed everything. Vision and protection coverage increased dramatically, while simultaneously experiencing a 35-fold reduction in the number of security incidents. Previously, our team had been chasing thousands of malware incidents. Now, that’s just a small part of it. Also, the resales of machines infected with approximately 100 malware units each month have now become virtually zero. It saved quite a lot of time and money. And, as I would say, appliance hell is gone, as the solution is cloud-based.

With the Zero Trust approach, 27,500 November users and third parties provide policy-based access to thousands of internal applications without exposing these apps directly to the Internet.

After that, we were able to take some interim steps and recreate the network to take advantage of internet-based connectivity and expensive MPLs of legacy. “On average, we increased our speeds by 10-20 times, reduced latency to critical SaaS apps, and reduced costs by more than four times. We’ve already lost over $6.5 million in annual savings (from network changes),” Phillips notes the project.

VB: How did these major factors actually reduce security noise by shifting to zero trust?

Phillips: The big reason is that our internet traffic is currently passing through the Security Services Edge (SSE) with full SSL inspection, sandboxing and data loss prevention. Zscaler peers directly with Microsoft, making Office 365 traffic faster and safer. Users stopped trying to bypass control due to improved performance. Cloud Proxy has not been able to access spy on the data itself in November, and it finally got legal approval after being denied SSL inspection on on-plame equipment that it finally gained legal approval to decrypt SSL traffic. That means that malware hidden in the encrypted stream has begun to catch in front Press the endpoint. In short, we reduce the attack surface and good traffic flows freely. Less threats mean less alerts overall.

November CISO John McLeod agreed “Old network boundary models don’t work in a hybrid world.” And that we needed an identity-centric cloud security stack. By routing all enterprise traffic through the cloud security layer (even isolating high-risk web sessions through tools like Zscaler’s Zero Trust Browser), November dramatically reduces intrusion attempts. This comprehensive testing capability allowed NOVs to spot and stop previously slipping threats, reducing incident volume by 35 times.

VB: Was there any unexpected benefits to adopting zero trust that you didn’t expect in the beginning?

Alex PhillipsYes, users actually preferred cloud-based zero trust experiences over legacy VPN clients, so adoption was easy and gave them unprecedented agility for mobility, acquisitions, and even what’s called “black swan events.” For example, November was already in preparation at the time of Covid-19’s hit! If all 27,500 users need to work remotely, and if the IT system can handle it, they told the leadership team. My leadership was unclear and our company continued to move forward without missing the beat.

VB: Identity-based attacks are on the rise. We mentioned some incredible statistics on qualification theft. How does Nov enhance identity and access management?

Phillips:Attackers know that it is often easier to log in with stolen credentials than to drop malware. In fact, 79% of attacks to get early access in 2024 are malware-free, and according to recent threat reports, they rely on stolen qualifications, AI-driven phishing and deep-fark scams. One of the three cloud intrusions last year included valid credentials. We have strengthened our identity policy to make these tactics more challenging.

For example, I integrated the Zscaler platform with OKTA for ID and conditional access checks. Our Conditional Access Policy ensures that Sentinelon Antivirus Agent runs before granting access and Sentinelon Antivirus Agent runs before adding additional posture checks. There is also a significant limit to who can perform a password or MFA reset. No one can bypass authentication controls on its own. This separation of duties will prevent insiders or compromised accounts from simply turning off protection.

VB: mentioned finding gaps even after disabling user’s accounts. Can you explain it to me?

Phillips: Discovered and disabling the account of a compromised user, and discovered that the attacker’s session token might still be active. Resetting your password is not enough. To truly kick out an intruder, you must cancel the session token. We partner with startups to create near-real-time token deactivation solutions for the most commonly used resources. Essentially, you want to make your stolen tokens useless within seconds. Zero Trust architecture is useful as it provides a single chokepoint to cancel tokens globally, as everything is re-authenticated via a proxy or identity provider. This way, if an attacker grabs a VPN cookie or cloud session, it will not be able to move sideways, as it will kill that token quickly.

VB: How else do you secure your identity in November?

Phillips: Forces multifactor authentication (MFA) almost everywhere to monitor abnormal access patterns. Okta, Zscaler, and Sentinelone form identity-driven security perimeters where each login and device attitude is continuously verified. Even if someone steals a user’s password, they still face the risk of instant session cancellation if they think that device checks, MFA challenges, conditional access rules, and something is off. Resetting your password is no longer sufficient. You must stop moving horizontally to immediately cancel the session token. That philosophy underpins the identity threat defense strategy for November.

VB: He is also an early adopter of AI in cybersecurity. How do you utilize SOC’s AI and generative models?

Phillips: There is a relatively small security team for the global footprint, so you need to work smarter. One approach is to bring AI “co-workers” to a Security Operations Center (SOC). We have partnered with Sentinelone to begin using the AI ​​Security Analyst Tool. This is AI that allows you to write and execute queries across the log at machine speed. This is a game changer, and analysts can ask questions in plain English and get answers in seconds. Instead of manually creating SQL queries, AI will suggest the next query or even suggest auto-generating the report.

We’ve seen success stories using AI assistants where threat hunting runs up to 80% faster. Microsoft’s own data shows that adding generated AI can reduce the average incident time by 30%. Beyond vendor tools, we are experimenting with internal AI bots for operational analysis to help non-technical staff quickly query data using OpenAI Foundational AI models. Of course, these AI solutions have data protection guardrails in place to prevent sensitive information from leaking.

VB: Cybersecurity is no longer an IT issue. How will you engage your board and executives in cyber risk in November?

Phillips: I made it a priority to bring the board of directors on the Cyber ​​Journey. They don’t need deep technical features, but they need to understand our risk attitude. For example, we discussed both the benefits and risks early on when generative AI explodes. That education is useful when suggesting controls to prevent data leakage. It’s already consistent as to why it’s necessary.

The board now considers cybersecurity as a core business risk. They are explained about it not only once a year, but at every meeting. We performed tabletop exercises with them to show how the attack unfolds and turn the abstract threat into a concrete decision point. This gives you stronger top-down support.

My key is to constantly strengthen the reality of cyber risk. Even if millions of people invest in cybersecurity programs, the risk is not completely eliminated. Not that there’s an incident, but when.

VB: Based on the November Journey, are there any final advice for other CIOs and CISOs?

Phillips: First, recognize that security transformation and digital transformation are closely related. It was not possible to move to the cloud without zero trust or enable remote work effectively. The reduction in business costs helped fund security improvements. It was really “win, victory, victory.”

Second, we focus on the separation of obligations in identity and access. No one should be able to undermine your security controls – include him yourself too. Small processes such as requiring two people to change MFA for executives or highly privileged IT staff can interfere with malicious insiders, mistakes and attackers.

Finally, we accept AI carefully but proactively. AI is already the reality of attackers. A well-realized AI assistant can increase team defenses, but it requires managing the risk of data leaks or inaccurate models. Integrate the AI ​​output with your team’s skills to create a “brain” that permeates your AI.

We know that threats continue to evolve, but with zero trust, strong identity security, and now AI is on our side, it gives us a chance to fight.