The Futuriom Q&A: Shailesh Shukla

Aryaka HQ

By: R. Scott Raynovich


Shailesh Shukla is the CEO and Chair of the Board of Directors at Aryaka. Shukla is an industry legend, having worked his way up to the executive ranks after starting in the communications industry as a software engineer at Sprint in 1989. Through the years, he has worked at some of the most influential networking and communications companies in the world, including Juniper Networks, Cisco, and Google.

I first had the opportunity to meet Shukla at Redback Networks, a pioneering services router company that went public in 1999 during Shukla's tenure as VP of Strategy in the go-go days of the Internet boom (Redback was later acquired by Ericsson). After the Redback IPO, Shukla was in charge of strategy and M&A. Later, in the startup world, Shailesh helped raise $140M as the Chief Operating Officer at Instart Logic, a fast-growing startup ranked #1 startup to work for in America by Glassdoor and Business Insider.

Most recently, at Google, Shukla built a fast-growing multi-billion-dollar business in Cloud Networking, Security and Telecom as the VP/GM. In addition to Google, Shailesh was Vice President and General Manager of several multi-billion-dollar routing businesses at Cisco Systems. He has also helped in leadership roles at Neustar and Juniper Networks.

Before moving to the San Francisco Bay Area 22 years ago, Shailesh was a management consultant based in Boston at Mercer Management Consulting (now Oliver-Wyman) and Booz-Allen. As mentioned earlier, he started his career as a software engineer at Sprint Corporation in Kansas City.

Shailesh holds a Bachelor’s in Electrical Engineering from BITS Pilani, India, a Master’s in Electrical Engineering from the University of Kansas, and an MBA (SM) from Massachusetts Institute of Technology’s Sloan School of Management.

He has previously served on the boards of Openwave Mobility, Telica Systems, @Home Solutions, and Merlin Systems. Shailesh is a Charter Member of TiE and advises multiple startup companies.

I interviewed Shukla a month ago on a video conference. Now, let's dive into the Q&A!

Raynovich: Hello Shailesh. You had a pretty impressive career and job at Google, one of the most powerful tech companies in the world. What made you want to jump back in with a private company like Aryaka?

Shukla: Greetings Scott. Yes, I was the VP and GM for all things related to networking and network security at Google Cloud for several years, and I had a chance to grow that into a very fast-growing business. Google operates probably the largest infrastructure in the world as far as the network is concerned. As a team, we had the opportunity to launch something like 40-plus products in the market and the overall growth rate for my business was more than 70 percent per year.

So, it was a crazy growth business. Things were going really great, but as you know, life intervenes. In my case, what happened was, my dad got really sick due to complications from COVID. And my parents live in India, very far away. I had to essentially take 15 months off of work, which I had never done for 32 years. I went back to help them recover from the situation that they were in. I spent 80 percent of my time for 15 months in India. So it was tough, but really worthwhile, because then you realize what is really important in life.

So, you know, I'm just super grateful that I had the opportunity to serve them and it still continues, but now they are more stable. When I came back to Silicon Valley in September of last year, I was just in the process of coming on the board of Aryaka.

Raynovich: How did you initially get involved with Aryaka?

Shukla: They called me and said, we know about your situation—why don't you come in and help us as a member of the board? You can, in fact, be the chairman of the board and help us run the company two to three days a week.

I said, sure, this seemed like a really good idea because I had already transitioned to investing, advising, and being on boards. After four or five months, I said this is a pretty interesting company. We can make this really meaningful, it's positioned and poised at the intersection of networking, security, and observability.

When the board asked, can you come in as CEO, I jumped at the opportunity to take a company that was already driving the convergence. It had already reached this point where it was doing more than a hundred million dollars in annual recurring revenue across a customer base of 500-plus customers. The team has been in place for a long time.

Normally when you look at startups, you see people staying there for four years, maybe five or six years, but here a lot of the engineering team has been together for almost 10. Or in some cases, 12 to 13 years. Our SVP of engineering has been there for 13 years. So there's a really good culture.

I don't know if you realize, but data shows that 98 percent of startups don't get to $100 million in revenue. At Aryaka, we have already crossed the $100-million-dollar ARR barrier. So I decided to jump in.

Raynovich: That's a perfect lead into the next question, because as you said, Aryaka is at the intersection of many trends, SASE and networking-as-a-service, security, multicloud. Where are the biggest opportunities?

Shukla: That’s a really good question. The networking market is $100 billion+ and cybersecurity is $100 billion+, and they are both poised in the direction of convergence. As you know, SASE is a term that was coined back in 2019. SASE has become what I would call the North Star for most enterprises. The momentum is picking up very significantly for the trends that you articulated. Everything from hybrid cloud to multicloud environments to IoT and AI, right? All of these are driving convergence.

There are three trends I would say are really driving our business. The first two are hybrid and multicloud. Hybrid and multicloud are here to stay. In the beginning, all of us felt that public cloud would become the dominant way in which computing and storage and applications are done. In reality, due to everything from regulation to data governance and sovereignty, there will definitely be a need for private data centers. And a lot of applications are best run in a public cloud. So this notion of hybrid in the way that applications are delivered and deployed and consumed is going to be real.

The second trend is multicloud. There are multiple public clouds that are really good at one or other elements, so it's better for an enterprise to use multiple clouds, both to prevent lock-in as well as to utilize a given cloud player in what they do really well.

The third trend is another definitinon of hybrid deployments, which is important to understand. Not everything can be delivered and deployed efficiently if you have to backhaul everything into the point of presence. So there is another notion of hybrid that is here to stay, which is that some things are best done at the edge of the cloud, which is the point of presence (POP). And there are some things that are best done at the edge of the enterprise. Which is basically at the demarcation boundary between the enterprise and the network. That is, if you will, the edge of the enterprise. So you actually need a device. That device can be managed from anywhere, but you need something on-prem. Ideally, you want things in the cloud and you want both of those two working together so that there is a notion of kind of a unified common policy. Enforcement of that policy can be in the POP, especially for remote users, or on-prem at a branch office or a factory location. So we think of hybrid cloud, multicloud in terms of enforcement points.

The reality is that if you look at networking, it has been super complex for the last 25 years. But Aryaka was the initial innovator in removing all the underlying complexity of networking, making it available as a service.

Raynovich: So complexity is a trend, too.

Shukla: Yes, there are different locations, whether it's on prem, whether it's in the cloud, whether it's in transit, it's on the network and so on. And so what has happened is over time, the complexity in the security market has grown substantially, whether it's in terms of a lot of alerts that people are not able to process or look at, or individual technologies that don't talk to each other and share information.

So there's a lot of data, not enough insight. There are a lot of point solutions, not enough simplicity. It’s very difficult to manage all of these with different configuration mechanisms, different ways of observability. So the complexity is increasing a lot on a global level. Another trend is there is a very significant role of AI and analytics that is emerging in this converged world of networking and security. The attack surface areas are increasing, so there is a very significant role that analytics and, broadly speaking, AI can play in defending against those kind of attacks.

It is my view that the network ends up being the source of the truth, right?

So, if you have access to all of the data and information that's flowing on the network, you're able to utilize that [as an asset]. To drive everything from correlation to driving better insights to looking at different kinds of patterns that are emerging in the traffic flow, you may be able to actually increase the efficacy of the security layer on top.

Shukla hiking in the Grand Canyon.


Raynovich: Excellent. Good stuff. Since you started this job, you mentioned that when you started looking at Aryaka, it got you more excited. Can you go into some detail about what was exciting about Aryaka and the team?

Shukla: Yes, absolutely. First and foremost, it’s the customers. As I mentioned, we have more than 500 enterprise customers globally. Typically they rely on us for mission-critical and secure connectivity on a global level. Today we operate in a hundred-plus countries. We have relationships with two or three operators in each of those countries. We have a global private network infrastructure so that in many ways we help the enterprises bypass the public Internet on private infrastructure, so the vulnerabilities that I mentioned earlier actually get reduced quite a bit.

The attack surface reduces because we operate a zero-trust global wide area network. We know exactly what traffic is getting onto the network. All the way from where a user is or a branch office or a factory all the way to connect into a public cloud or their own data center. The entire thing is end-to-end, controlled and managed by Aryaka with the middle mile being private infrastructure.

Also, new customers are continuing to join the Aryaka family. As an example, we recently announced Cathay Pacific chose Aryaka for its global SASE deployment right across mission critical airline operations. There are many new large customers that we continue to win.

The second thing is the team. As I mentioned already, we have very high caliber folks that have been together for a long time, and I'm really pleased to say that. I, personally, have been focused on also bringing in really smart and capable new leaders to help us in areas where we have not spent that much time.

In marketing, where we had not invested a lot previously, we have managed to attract Ken [Ken Rutsky, Aryaka’s new CMO]. Similarly, Farzad Tari was probably one of the best cybersecurity and business development leaders in the industry. He has joined as SVP of corporate business. From NetApp and ThoughtSpot, Pam Holmberg has joined us as Chief People Officer.

The third thing is that if you look at the platform, the company has the right kind of technology and the right platform. What I really like about Aryaka is that if you look at the founding team, they built a platform for this convergence way back in 2009. So I feel really good about the company, the customers, the team, and the technology.

Raynovich: Yes. So that must have led you to your now-famous statement that you have set $1 billion in annual revenue as your target.

Shukla: Yes, I have stated that publicly. In a market as big as the converged networking and security market, it's possible. The SASE market is growing at something like 30-plus percent per year.

With the right kind of platform and technology that we have, and as I add to our go to market and routes to market, there's no reason to believe that our company cannot continue to drive and take share in this market in rapid fashion to become a very large, standalone, self-sustaining company over the next few years. The trends are basically coming to us so we can build a standalone big company.

Raynovich: That's cool. Do you have a time frame for this one billion?

Shukla: We will get there. I hate to put a specific year or number of years on it. Right now I'm focused on driving the growth in a very aggressive fashion.

Raynovich: Do you think you need to go public to achieve some of these goals? Or do you intend on keeping the company private?

Shukla: So my philosophy is build a great standalone company that can scale on its own. There are always situations in which you are attracted to somebody else because they provide either complimentary technology so that you can grow the market engine that you can plug into to drive growth faster. So that can drive you towards M&A, right? You can have the right team and technology that you can go standalone and be a standalone public company over a long period—be the consolidator, if you will.

I don't want to put any artificial constraints on our trajectory right now. Our goal is drive profitable growth, take existing customers and attach security services to them.

Raynovich: Right. In contrast, there's a competitor out there, Cato Networks, that makes a lot of noise about going for an IPO and growth. Do you consider them the biggest competitor, or is it somebody else?

Shukla: I think that if you look at it from a pure-play competition perspective, there are very few players doing converged networking, security, and unified SASE. I think many analysts only put three or four companies in that category, including Aryaka. I would say that right now because SASE is the North Star everybody in the industry from networking side, security side, or pure-play side, all want to take customers on that journey.

So, I wouldn't say that there's only one competitor in the marketplace to answer your question. There are many competitors. But the market is big enough for all of us to have segments in the market and be large, profitable companies in our own right. And we have some unique things.

Raynovich: Okay, give me an example.

Shukla: Okay. There are three things which Ayaka does which are fundamentally different from most, if not all, of the competitors. The first is we have a single-pass architecture that was built way back when the company was founded. That is the capability to open any flow of traffic once and deliver and deploy multiple network services as well as security services in that single pass. That’s very powerful. This can also be done on-prem. It’s a unified policy, distributed enforcement, and consistent enforcement. So, if you look at many players in the industry, either they were cobbled together with multiple acquisitions, in which case they cannot have a single-pass architecture. They’re either POP or on-prem oriented. They don't have the ability to do distributed enforcement in a consistent fashion on both the POP and on-prem.

Number two, unlike most players in this market, Aryaka has built a global infrastructure of privately owned network and privately owned POPs. That requires a lot more capital expense, but once you have it—and we have—it gives us a very secure and reliable infrastructure.

The third piece, which is largely unique, is we started off as a managed services company. We can manage and remove all the complexity of the underlying network. And as customers are on their journey to SASE, one of the things that we are really known for is this notion of flexible approach, that we will meet the customer wherever they are in their journey to SASE.

And that's why we call this Unified SASE-as-a-Service. It’s unified because it's truly that converged platform right across networking and security. It’s SASE, incorporating all the elements of SASE. It's as-a-service because that's what we pioneered for networking and now we are bringing it to converged networking and SASE so that you have a flexible consumption model.

Raynovich: Great. Well, that brings us to the punchline, you know. It’s the question at the end, which is, of course, AI. What does AI mean for Aryaka?

Shukla: Yeah, great question. AI is is a definitive trend of our generation and for many years. In our view, we have three fundamental pillars of AI. The first is the networking itself. AI requires you to have determinism around data transfer for AI applications on a global level. This includes the level of reliability and SLAs that are required for the level of optimization in the infrastructure. This is pillar number one in AI, which is making sure that there is a global network infrastructure with the right level of capability for a performant, highly reliable, secure AI-related data transfer.

The second pillar is security. We talked earlier about the new vulnerabilities. There is an incredible number of attacks that new AI-driven capabilities are targeting.

So, within the security world, we see three elements where Aryaka and AI can play. The first one is access control. Let us say that an enterprise has selected, for example, Gemini as its platform for AI. So, an extension of our CASB part of what we are going to do is to ensure that the right users are getting the right AI application.

Second is threat protection of all the AI assets that an enterprise is deploying. Whether it is infrastructure or applications. Right, so these are the AI assets, everything from preventing data poisoning to prompts. Prompt injection, just like SQL injection was an attack in the past, now prompt injection is an attack that is happening. So we are, for example, protecting supply-chain vulnerabilities for the AI world.

The third thing we have been hearing about is what is similar to DLP [data loss prevention] as a security measure. Now it's more like knowledge-loss prevention. There are a lot of individual enterprises that have specific data [being used for RAG, or Retrieval-Augmented Generation]. How do you make sure that your knowledge is not leaked outside?

The third big pillar in AI is observability. We are now seeing AI traffic in addition to regular traffic. We can have a much deeper insight based on the understanding of the traffic patterns, the anomalies, what use cases people are using it for, and driving a deeper understanding of the traffic and making that a part of our AI offering.

So we can become the enabler for the AI revolution. Not only do we help drive security in AI and AI for security, but we enable an enterprise to have the right access to the right AI assets and resources on a global basis.

Raynovich: Excellent, thank you Shailesh!